Cannot telnet to loopback/vlan interface on N2000 (N2048) switch.

Question

I had a N2048 switch connected to our network with an IP address on a vlan with a static default route. I made the following changes to the switch and the switch was no longer available to telnet \ ssh \https. * Added loopback address 10.250.8.105/32 to the loopback0 interface* Added RIPv2 routing to transmit the loopback interface's address* RIPv2 from network delivers the route 0.0.0.0/0 to the switch. After the changes:* Cannot use telnet \ ssh \ https to contact the switch from routed networks* Can use networks that are directly connected to the switch to connect.* AAA no longer works* Switch is pingable via the loopback and the vlan interface* SNMP (UDP) works fine with the switch* Syslog based logging still work from the router I have other N-Series (N3048 and N2048) that is showing the same issues and I have some that actually work fine (all the working are N3000). This the first N2000 that I have converted to RIP It feels like the system is not using the routing table or that the TCP connection is not completing due to some stateful connection checking out differing interfaces. Routing Table:Default Gateway is 10.8.0.20R *0.0.0.0/0 [120/2] via 10.8.0.20, Vl100S 0.0.0.0/0 [250/0] via 10.8.0.10, Vl100C *10.8.0.0/24 [0/1] directly connected, Vl100C *10.250.8.105/32 [0/1] directly connected, Lo0 Switch Configuration:* Version 6.1.1.7 !Current Configuration:!System Description 'Dell Networking N2048, 6.1.1.7, Linux 3.6.5-601418a5'!System Software Version 6.1.1.7!configurevlan 100name '100_INF_Network-OSPF'exitvlan 101name '101_INF_Network-Static'exit <<< >>>> vlan 888name 'test'exitvlan 100-104,106-107,120-122,130-131,200-201,203,215-216,300,307-309,320-322vlan 500-504vlan 888exitsnmp-server location 'IDF2 White Stack'snmp-server contact 'Jeff Madrazo'hostname 'netcalswtds06'slot 1/0 5 ! Dell Networking N2048slot 2/0 9 ! Dell Networking N2048Pslot 3/0 9 ! Dell Networking N2048Psntp server 10.40.50.20sntp server 10.40.50.21 priority 2clock summer-time recurring USAclock timezone -8 minutes 0stackmember 1 8 ! N2048member 2 9 ! N2048Pmember 3 9 ! N2048Pexitip domain-name 'XXXXXXX.net'ip name-server '10.40.50.20'logging 10.40.50.51exitboot auto-copy-swip access-list CONNECTED_RIPpermit ip 10.250.0.0 0.0.255.255 anyexitip routingip route 0.0.0.0 0.0.0.0 10.8.0.10 250router ripredistribute connecteddistribute-list CONNECTED_RIP out connectedexitinterface vlan 1ip address dhcpexitinterface vlan 100ip address 10.8.0.105 255.255.255.0ip ripip rip receive version rip2exitinterface vlan 101exitinterface vlan 300exitno passwords min-lengthusername 'admin' password XXXXXXXXXXXXXXXXXXXXXXXXXXX privilege 15 encryptedaaa authentication login 'Management' radius localaaa authentication login 'Console' localaaa authentication enable 'Management' noneaaa authentication enable 'Console' noneaaa authorization exec 'Management' radius localaaa authorization exec 'Console' localradius-server source-ip 10.250.8.105radius-server host auth 10.40.50.20name 'Default-RADIUS-Server'deadtime 1key 'XXXXXX'exitline consolelogin authentication Consoleenable authentication Consoleauthorization exec Consoleexitline telnetlogin authentication Managementenable authentication Managementauthorization exec Managementexitline sshlogin authentication Managementenable authentication Managementexit!interface Gi1/0/1description 'IDF2_White_Placeholder'spanning-tree portfastswitchport access vlan 300exit<<<< >>>> interface Gi3/0/48 description 'IDF2_White_Placeholder' spanning-tree portfast switchport access vlan 300 exit ! interface loopback 0 ip address 10.250.8.105 255.255.255.255 exit snmp-server engineid local 800002a203f8b1564ba500 snmp-server community 'XXXXXXXXX' ro exit

DELL-Josh Cr · Answer

Hi,

If you create a static route for the loopback instead of rip does it work? Is there a firmware version difference between the switches where it works and the ones where it doesn’t? Are you able to access the web gui via the loopback?

Try updating the firmware to the latest version. There were some fixes to loopback interface behavior and switches not responding to telnet or ssh. http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=N8K2G&fileId=3461947867&osCode=NAA&productCode=networking-n2000-series&languageCode=EN&categoryId=NI

Henry Bennett · Answer

Thanks for the reply.

The web gui , ssh and telnet all behave the same.

When RIP is removed from the switch and just a default route (floating static) is placed on the switch, both telnet to the loopback and to the vlan interface works. The upstream router has a route to point the loopback to the vlan interface.

The issue with ping working and telnet not working was due to a stateful firewall being the default gateway and the routed path being asynchronous. When an internal router was used for the default gateway work the system works.

Once the default gateway was removed and the RIP command were reissued to the vlan interfaces and the rip routes confirmed in the routing table the issue came back.

We are filtering the routes advertised via RIP due to the number of router that the N2000 can handle. We would like only advertise the 10.0.0.0/8 router to point back to the internal routers.

With the testing below the issue seems to be that telnet \ ssh \ https services will not honor the 10.0.0.0/8 route on the switch. When a /16 route to the client is inserted the system works. The added /16 route is the same destination of the 10.0.0.0/8 route. If the route was added with RIP or static did not matter. With the prior configuration the 0.0.0.0/0 was not honored either.

Some additional tests were performed to see were the routes break, different netmasks were tested. The routes were inserted as static routes. The route was the only non-connected route in the routing table.

route/mask - result

10.40.0.0/16 - Works

10.40.0.0/15 - Works

10.40.0.0/14 - Works

10.40.0.0/13 - Works

10.32.0.0/12 - Works

10.32.0.0/11 - Works

10.0.0.0/10 - Broken

10.0.0.0/9 - Broken

10.0.0.0/8 - Broken

==== Tests ====

More testing was performed:

> Client - 10.40.50.51

* Test1: Removed the distribute command to enable full routing table.

* Result - Telnet works (loopback and vlan interface)

* Test2: Used distribute command to allow 10.0.0.0/8 network

* Result: Telnet does not work and ping does not work (loopback and vlan interface)

----Routing Tables----

No default gateway is configured.

R *10.0.0.0/8 [120/2] via 10.8.0.10, Vl100

R *10.0.0.0/16 [120/2] via 10.8.0.10, Vl100

C *10.8.0.0/24 [0/1] directly connected, Vl100

C *10.250.8.105/32 [0/1] directly connected, Lo0

----Traceroute from switch to client----

Traceroute to 10.40.50.51 ,30 hops max 0 byte packets:

Hop Count = 1 Last TTL = 1 Test attempt = 1 Test Success = 0

--------------------------------------------------

* Test3: Used IP ROUTE command add 10.40.0.0/16 -> 10.8.0.10 route. (same dest as 10.0.0.0/8)

* Result: Telnet Works and Ping works (loopback and vlan interface)

----Routing Table----

R *10.0.0.0/8 [120/2] via 10.8.0.10, Vl100

R *10.0.0.0/16 [120/2] via 10.8.0.10, Vl100

C *10.8.0.0/24 [0/1] directly connected, Vl100

S *10.40.0.0/16 [1/0] via 10.8.0.10, Vl100

C *10.250.8.105/32 [0/1] directly connected, Lo0

----Traceroute from switch to client----

1 10.8.0.10 167 ms 167 ms 167 ms

2 [obfuscated] 3640 ms 3640 ms 3640 ms

3 [obfuscated] 1828 ms 1828 ms 1828 ms

4 [obfuscated] 1845 ms 1845 ms 1845 ms

5 10.40.1.1 16 ms 1016 ms 16 ms

6 10.40.50.51 858 ms 858 ms 858 ms

--------------------------------------------------

*Test4: Used RIP distribute to allow the add the route (same dest as 10.0.0.0/8)

*Result: Telnet works and RIP works (loopback and vlan interface)

----Routing Table----

R *10.0.0.0/8 [120/2] via 10.8.0.10, Vl100

R *10.0.0.0/16 [120/2] via 10.8.0.10, Vl100

C *10.8.0.0/24 [0/1] directly connected, Vl100

R *10.40.0.0/16 [120/2] via 10.8.0.10, Vl100

C *10.250.8.105/32 [0/1] directly connected, Lo0

----Traceroute from Switch to Client ----

1 10.8.0.10 167 ms 167 ms 167 ms

2 [obfuscated] 3640 ms 3640 ms 3640 ms

3 [obfuscated] 1828 ms 1828 ms 1828 ms

4 [obfuscated] 1845 ms 1845 ms 1845 ms

5 10.40.1.1 16 ms 16 ms 16 ms

6 10.40.50.51 858 ms 858 ms 858 ms

--------------------------------------------------

Networking General

Was this post helpful?