So we moved a branch office to new space. I added two new Cisco SG300-52 switches to boost the number of data connections, they are connected to a pair of older Adtran 1335 POE switches which are reserved for VOIP phones.
I can ping devices hooked up to the SG300's; but I cannot ping/telnet/SSH to the switches except from inside that office LAN. Also noticed that our APC UPS network cards cannot send SNMP data back to a PRTG monitoring machine in main LAN. Other than that, networking is up and active for all devices.
The branch office is connected via Comcast fiber link at 100MB. Nothing changed on HQ side, same switches and Ciena gear. Comcast brought a new Ciena switch to branch office with same programming. Everything is routed through a pair of Cisco 1921 routers on each side of the fiber link.
Each individual LAN subnet works and I can access gear in branch office from HQ side. Except for the SG300 switches, cannot ping them or remote to them to grab configs using TelnetScriptingTool.
My Google-Fu has not come across anything like this regarding the SG300's. They are set up same way as HQ side (where we have three of them providing data connections to whole office). They are in L3 mode with super-basic configs thrown on them.
================== CHI-SW003#show running-config config-file-header CHI-SW003 v1.3.0.62 / R750_NIK_1_3_647_260 CLI v1.0 set system mode router file SSD indicator encrypted @ ssd-control-start ssd config ssd file passphrase control unrestricted no ssd file integrity control ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 ! vlan database vlan 2,80,85,90 exit voice vlan oui-table add 0001e3 Siemens_AG_phone________ voice vlan oui-table add 00036b Cisco_phone_____________ voice vlan oui-table add 00096e Avaya___________________ voice vlan oui-table add 000fe2 H3C_Aolynk______________ voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone voice vlan oui-table add 00d01e Pingtel_phone___________ voice vlan oui-table add 00e075 Polycom/Veritel_phone___ voice vlan oui-table add 00e0bb 3Com_phone______________ bonjour interface range vlan 1 hostname CHI-SW003 no passwords complexity enable username <user01> password encrypted <pass01> privilege 15 username <user02> password encrypted <pass02> privilege 15 ip ssh server snmp-server location Chicago clock timezone CST -5 clock source sntp ip telnet server ! interface vlan 1 ip address 172.16.32.44 255.255.255.0 no ip address dhcp ! interface vlan 2 name Voice ! interface vlan 80 name WiFi ! interface vlan 85 name "Guest WiFi" ! interface vlan 90 name Smartphones ! exit CHI-SW003# ================== So we have
HQ Adtran --> Cisco 1921 --> CienaHQ --> Comcast Fiber --> CienaBranch --> Cisco 1921 --> Adtran 1335 --> SG300
And the reverse is true for branch office - can see/use/ping gear behind the SG300; cannot ping the SG300's in HQ from Branch office.
I'm stumped - if the routing in the 1921's was wrong we'd have no connection. Setup could have been out of whack since 2016 when the HQ office SG300's were installed; frankly I never needed to telnet to them from Branch office. I'd like to be able to contact these switches from either side of the fiber link, and also get SNMP traffic flowing without crazy issues from the APC network cards in branch office.
Ideas?
No comments:
Post a Comment