These are notes of a recent project to access a Cisco Switch at an anonymous client site.
1. The Management VLAN was set to 10, while the main Data VLAN was set to 11. When the old Cisco Firewall was replaced with a different Firewall, some of the VLANs went away. Mainly, VLAN 10 (Mgt) was removed, so we were not able to get to the switches via their Mgt IP. So we needed to change the Management IP To VLAN 11 (Data) via the Console Port & PuTTY (COM3 9600).
int vlan 10
no ip address
no ip default-gateway
Now we can add the new information:
int vlan 11
ip address 10.37.10.60 255.255.255.0
description ** Management **
ip default-gateway 10.37.10.1
Testing from a remote workstation on VLAN 11 using Telnet now allows access to the Switch. Telnet 10.37.10.60
2. Now we needed to change some of the Interfaces, as again, there were some VLANs removed (not re-connected) with the new Firewall.
sh vlan – This command allows us to see which Interfaces (ports) are connected to which VLANs
sh int – Gives us a detail view of the VLANs and Ports
sh run – Shows us the VLAN config and Interface details
sh ip int brief – Shows us if any ports have been shutdown administratively
sh mac-address-table – Show us the mac addresses of devices connected to the various Interfaces
We had several Wireless Access Points that had trunk setups, so we changed the Interfaces (ports) to a standard PC and Phone setup.
default int g1/0/23
description ** New PC AND PHONE CONNECTION **
switchport access vlan 11
switchport voice vlan 2
srr-queu bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
mis qos trust cos
auto qos trust
spanning-tree bpduguard enable
Again, these are just our summary notes for some changes. This article is not meant to serve as a Cisco tutorial or configuration instruction.