Header Only - DO NOT REMOVE - Extreme Networks

Invalid IP configured in Enterasys VH-2402S


I have acquired an Enterasys VH-2402S switch. I am unable to communicate with it using console management port via puTTy (black screen/no response) or any other method. I had no idea of the IP configured in this switch. After some thought, since I acquired this switch from a network guy, who also did not know the IP, suggested I try a range of IPs in the 172.22.xx.xx range since it came from his company. Using AdvanceIP Scanner I was able to determine the configured IP address of the switch is 172.22.xx.255. Wow. This is an invalid IP I'm sure, and is preventing me access to it via CLI / ethernet cable. How do I gain access to this switch? I asked that network guy and just got a shrug and statement that I probably can't. It's almost like he knew it and wasn't bothering with it... Anyway, any ideas on how I can get access to this switch to change the IP to make the switch useful? Thnks!

28 replies

Userlevel 4
Hello Dale,

what is the console cable you are using, is it a crossover? What are the serial connection settings?
Asking just to make sure this is set up correctly and the console interface is still healthy.

Regards,
Tomasz
Understood. I was given the cable by the company that had the switch. It is a blue flat ribbon-like cable with writing: AWM Style / 20251 / E129757 / 60degree C / 150v / 26AWG / Lorom / CSA. They have sort of like ethernet ends (RJ45?). But these ends clip into COM port adapters. I have only one COM port on the PC (COM1). One end to that. The other end into the console management port in back of the switch. PuTTy settings I used were: serial / COM1 / 9600 / 8 data bits / 1 stop bit and XON/XOFF for flow control. I have also tried different baud rates and changed flow control to none as well. I am somewhat familiar with puTTy and know telnet pretty well. I have also configured ethernet adapter in an attempt to access the switch via browser using ethernet cable. But of course, this simply returns invalid_address_IP, even if I fool with the mask numbers. I even tried an SSH session a couple of times since I know what the IP is now in the switch but that doesn't work either. I have configured a network switch in the past so am some familiar with a serial session. But I think somehow this configured invalid IP is not allowing me to get into the switch. I really would like to use this switch if I can overcome this barrier. Thanks for checking this post! /dale
Userlevel 2
Why do you think a 172.22.XXX.255 address is an invalid address?
With regards to gaining access - what ports are open on the switch? Since telnet and ssh are common remote access programs, what's returned from nmap -p 22,23
?
Robert Cummins wrote:

Why do you think a 172.22.XXX.255 address is an invalid address?
With regards to gaining access - what ports are open on the switch? Since telnet and ssh are common remote access programs, what's returned from nmap -p 22,23

?

Robert, I installed nmap/zenmap. I admit I am not sure I did your suggested command line right. I used the zenmap GUI and also dropped down to the nmap command line via CMD. Anyway, some snips attached.



Userlevel 2
Robert Cummins wrote:

Why do you think a 172.22.XXX.255 address is an invalid address?
With regards to gaining access - what ports are open on the switch? Since telnet and ssh are common remote access programs, what's returned from nmap -p 22,23

?

Sorry, when I said [i] I should have said [i], you can use the IP_address or name of the device (if it's in DNS/resolved by name).

nmap can scan an entire network. The syntax for you would be nmap -p 22,23 172.22.34.0/23 Note, it will not scan the broadcast address of the network. That's why I suggested setting your network address to say 172.22.34.254/21. Don't worry about a gateway. Run nmap -p 22,23,80 172.22.32.0/21 and wait. you will scan for sshd, telnetd, and httpd from 172.22.32.1 - 172.22.63.255... IIRC; it's at least beyond 172.22.35.255 which is what you want. You want 172.22.35.255 to be a host address on the network.
Because of the Mask setting I was told from the network guy. 255.255.254.0. I confirmed the IP range they used 172.22.34.0/172.22.35.xxx. I don't know nmap but am checking it out now. Attached is how I determined the IP of the switch. Strangely it says the manufacture of the switch is Dell!

Userlevel 7
Dale wrote:

Because of the Mask setting I was told from the network guy. 255.255.254.0. I confirmed the IP range they used 172.22.34.0/172.22.35.xxx. I don't know nmap but am checking it out now. Attached is how I determined the IP of the switch. Strangely it says the manufacture of the switch is Dell!

I'm pretty sure that that is the MAC of the notebook that was used for the test.
.255 is the broadcast address in the /24 network
Userlevel 7
You'd run wireshark to capture packets from the swtich - If the switch has a default gw configured you should see his IP.

e.g. my switch has .151 and is looking for the default gw of .254

214 26.557654 ExtremeN_8b:d2:98 Broadcast ARP 60 Who has 172.25.25.254? Tell 172.25.25.151

But I still think the best way to access the switch is the console e.g. if the switch has no IP - right now we only assume there is one configured

Here the console port settings of the switch...
Configure the terminal to the following communication settings:
VT100 emulation, 19200 baud, no parity, 8 data bits, 1 stop bit, no
flow control, ASCII character set
Userlevel 7
Ron wrote:

You'd run wireshark to capture packets from the swtich - If the switch has a default gw configured you should see his IP.

e.g. my switch has .151 and is looking for the default gw of .254

214 26.557654 ExtremeN_8b:d2:98 Broadcast ARP 60 Who has 172.25.25.254? Tell 172.25.25.151

But I still think the best way to access the switch is the console e.g. if the switch has no IP - right now we only assume there is one configured

Here the console port settings of the switch...
Configure the terminal to the following communication settings:
VT100 emulation, 19200 baud, no parity, 8 data bits, 1 stop bit, no
flow control, ASCII character set

So it's 19200 baud instead of the 9600 that you've used before.
Ron wrote:

You'd run wireshark to capture packets from the swtich - If the switch has a default gw configured you should see his IP.

e.g. my switch has .151 and is looking for the default gw of .254

214 26.557654 ExtremeN_8b:d2:98 Broadcast ARP 60 Who has 172.25.25.254? Tell 172.25.25.151

But I still think the best way to access the switch is the console e.g. if the switch has no IP - right now we only assume there is one configured

Here the console port settings of the switch...
Configure the terminal to the following communication settings:
VT100 emulation, 19200 baud, no parity, 8 data bits, 1 stop bit, no
flow control, ASCII character set

Yes. I did try this baud rate. But I have tried so many things now, I think I need to start writing some stuff down... I will try again
Ron wrote:

You'd run wireshark to capture packets from the swtich - If the switch has a default gw configured you should see his IP.

e.g. my switch has .151 and is looking for the default gw of .254

214 26.557654 ExtremeN_8b:d2:98 Broadcast ARP 60 Who has 172.25.25.254? Tell 172.25.25.151

But I still think the best way to access the switch is the console e.g. if the switch has no IP - right now we only assume there is one configured

Here the console port settings of the switch...
Configure the terminal to the following communication settings:
VT100 emulation, 19200 baud, no parity, 8 data bits, 1 stop bit, no
flow control, ASCII character set

I redid this and still receive a black screen in putty with no response from the switch. I have also pressed enter a couple of times to see if that would bring up response. Nothing. It was suggested to me previously to unplug the switch while putty was still up and the serial cables attached and then plug the switch back in. Apparently sometimes this will bring a response in the console, but that does't do anything either; still a black screen in putty.
Userlevel 2
Ron wrote:

You'd run wireshark to capture packets from the swtich - If the switch has a default gw configured you should see his IP.

e.g. my switch has .151 and is looking for the default gw of .254

214 26.557654 ExtremeN_8b:d2:98 Broadcast ARP 60 Who has 172.25.25.254? Tell 172.25.25.151

But I still think the best way to access the switch is the console e.g. if the switch has no IP - right now we only assume there is one configured

Here the console port settings of the switch...
Configure the terminal to the following communication settings:
VT100 emulation, 19200 baud, no parity, 8 data bits, 1 stop bit, no
flow control, ASCII character set

You'll only see the switch/router if it sends out a packet. If this is an inband IP address of a switch, it will not send a packet out unless it is trying to reach a log host, time server, or some kind of authentication server. If it is a router, it will send out ARP requests if it has a packet for a system that should be on its network for which it does not have a MAC address in the ARP tables.
FWIW, I'd use nmap, scan a network and search for open, known ports of the device in question, i.e. if you suspect it is on 172.22.34.0/23 and the device supports http management, nmap -p 80 172.22.34.0/23 and wait for it to find the device. You can then target for additional services at the specific address.
Oh, I think you are right about the MAC and it doesn't match the MAC on the back of the switch. I can say that the PC in not currently connected to any network or internet, just standalone for this switch thing...
---just got nmap installed, will be looking at that now...
Userlevel 2
Yes, if the network is 172.22.34.0/23 then the broadcast is 172.22.35.255 and that's a problem as the switch is at the broadcast address of the network. Typical tools like ssh and telnet are not going to work w/ a broadcast address....but... you can fool them! If you're isolated here, set the net mask on your system to a /21 and pick an address in the 172.22.32.0/22 range (actually, you need to assign the address on the same network as the target system, based on what its network and mask are. You need this connection to be switched and not routed otherwise it won't work. I'd pick 172.22.35.254/21; the network needs to be large enough that 172.22.35.255 is not the broadcast address for the network; 172.22.32.0/22 has a broadcast 172.22.35.255; 172.22.32.0/21 has a broadcast of 172.22.63.255). You'll need to modify your network connection before using nmap as I don't think nmap works with a broadcast address; at least I've never tried it.
Robert Cummins wrote:

Yes, if the network is 172.22.34.0/23 then the broadcast is 172.22.35.255 and that's a problem as the switch is at the broadcast address of the network. Typical tools like ssh and telnet are not going to work w/ a broadcast address....but... you can fool them! If you're isolated here, set the net mask on your system to a /21 and pick an address in the 172.22.32.0/22 range (actually, you need to assign the address on the same network as the target system, based on what its network and mask are. You need this connection to be switched and not routed otherwise it won't work. I'd pick 172.22.35.254/21; the network needs to be large enough that 172.22.35.255 is not the broadcast address for the network; 172.22.32.0/22 has a broadcast 172.22.35.255; 172.22.32.0/21 has a broadcast of 172.22.63.255). You'll need to modify your network connection before using nmap as I don't think nmap works with a broadcast address; at least I've never tried it.

I'm going to print this out Robert. I think I follow it up to a point. I will give it a go and report back. Thanks!
Userlevel 2
Robert Cummins wrote:

Yes, if the network is 172.22.34.0/23 then the broadcast is 172.22.35.255 and that's a problem as the switch is at the broadcast address of the network. Typical tools like ssh and telnet are not going to work w/ a broadcast address....but... you can fool them! If you're isolated here, set the net mask on your system to a /21 and pick an address in the 172.22.32.0/22 range (actually, you need to assign the address on the same network as the target system, based on what its network and mask are. You need this connection to be switched and not routed otherwise it won't work. I'd pick 172.22.35.254/21; the network needs to be large enough that 172.22.35.255 is not the broadcast address for the network; 172.22.32.0/22 has a broadcast 172.22.35.255; 172.22.32.0/21 has a broadcast of 172.22.63.255). You'll need to modify your network connection before using nmap as I don't think nmap works with a broadcast address; at least I've never tried it.

I think I'm off on the broadcast for 172.22.32.0/21; it's 2^11 host IPs and the network changes every 2^3 or 8; so the next network is 172.22.40.0/21 and the broadcast would have been 39.255; apologies for the math mistake.

The idea is to make the target address on the same IP network as your device and not a broadcast address. If it is on the same IP network then the connection is switched instead of routed. Switches do not care about IP addresses, they only care about MAC addresses. I've used this technique many times to "recover" a machine w/ the wrong IP address for the VLAN to which it is attached though I've never had to try it with a broadcast address; most sane OSes will not allow you to assign a broadcast address to an interface.

If the switch thinks its address is the broadcast address it may not respond to the ARP request for 172.22.35.255; if that's the case you'll have to populate your ARP table with the IP address/MAC address of the switch and it still may not work but it's something to try.
Perhaps, there really is something wrong with the switch? The supposed configuration was 172.22.34.13 / 255.255.254.0 /172.22.34.9 (.9 being the gateway). After badgering the guy I got this from he says his only knowledge of the switch was the above recorded config he had in his files but he says it was misconfigured (he didn't know to what). When I mentioned the .255 I found thru AdvancedIP scanner, he said maybe... I'm not sure I'm getting straight answers from him, but regardless it would be useful to me if I could make this switch work. Thanks all for taking an interest in this problem. I'm going to try the wireshark thin now...
I'll be back with this more and respond with some results on 8/29. Thanks all. It really is appreciated! /dale
Userlevel 2
Did nmap find anything @ 172.22.34.13? If not, then that's not the address of the switch or the switch isn't supporting common access protocols like telnet, ssh, or http. You might also try https (443), though at this point you might want to find a way to reset the switch to some kind of factory default.
Robert Cummins wrote:

Did nmap find anything @ 172.22.34.13? If not, then that's not the address of the switch or the switch isn't supporting common access protocols like telnet, ssh, or http. You might also try https (443), though at this point you might want to find a way to reset the switch to some kind of factory default.

I'm just starting on this again today. Actually, I have searched high and low; googled, Binged, looked at manuals, etc to see if there was a way to reset to factory default. Since Enterasys is now Extreme Networks most web links point to it's website and knowledge base where I found nothing concerning resetting the switch. I would love to reset!
Robert Cummins wrote:

Did nmap find anything @ 172.22.34.13? If not, then that's not the address of the switch or the switch isn't supporting common access protocols like telnet, ssh, or http. You might also try https (443), though at this point you might want to find a way to reset the switch to some kind of factory default.

No nmap didn't find .13. Based on my previous info about this switch, I really do believe this thing is set at .255
I think I have now confirmed the switch IP Address as .255. Attached is nmap result and the way I configured the network adapter. With this result I tried an ethernet cable from PC to switch but it doesn't come up. Not sure where to go from here...


Userlevel 2
Are you connected directly to this switch? I agree that it appears the switch is @ 172.22.35.255. Unfortunately, you have likely set this up to be routed and not switched and this is why.
The switch has a netmask of /23 right? You believe it is 172.22.35.255/23; that makes the network 172.22.34.0 and the broadcast address 172.22.35.255. When the switch replies to your packets it needs to send them to 172.22.32.15, which is not in its IP network so it will send the packet to the router. Now, if the router manages the IP network that contains 172.22.32.15, it will forward the packet to the appropriate VLAN for delivery to your system, if it doesn't then it sends it on to another router based on its routing rules.
To have a chance here you need to:
  • plug into the switch directly
  • configure an IP address on the same IP network as the switch (we think it is 172.22.34.0/23; it could be 172.22.35.0/24). The best address to use is 172.22.35.254/21 - why? B/c this address will be on all networks as 172.22.35.255 sans 172.22.35.255/32 and it is the first network (172.22.32.0/21) where the address 172.22.35.255 is not the broadcast address for the network.
It's important here that the two devices be on the same VLAN and in the same IP network. In your setup above the switch is on the same IP network as your system *as viewed from your system* but your system is not on the same IP network *as viewed from the switch*

Make sense?
Robert Cummins wrote:

Are you connected directly to this switch? I agree that it appears the switch is @ 172.22.35.255. Unfortunately, you have likely set this up to be routed and not switched and this is why.
The switch has a netmask of /23 right? You believe it is 172.22.35.255/23; that makes the network 172.22.34.0 and the broadcast address 172.22.35.255. When the switch replies to your packets it needs to send them to 172.22.32.15, which is not in its IP network so it will send the packet to the router. Now, if the router manages the IP network that contains 172.22.32.15, it will forward the packet to the appropriate VLAN for delivery to your system, if it doesn't then it sends it on to another router based on its routing rules.
To have a chance here you need to:

  • plug into the switch directly
  • configure an IP address on the same IP network as the switch (we think it is 172.22.34.0/23; it could be 172.22.35.0/24). The best address to use is 172.22.35.254/21 - why? B/c this address will be on all networks as 172.22.35.255 sans 172.22.35.255/32 and it is the first network (172.22.32.0/21) where the address 172.22.35.255 is not the broadcast address for the network.
It's important here that the two devices be on the same VLAN and in the same IP network. In your setup above the switch is on the same IP network as your system *as viewed from your system* but your system is not on the same IP network *as viewed from the switch*

Make sense?

I need to digest this... It seems I may not be plugging in the right stuff. I'll keep plugging away. Thanks!

Oh, also to answer you specific question. I am currently plugged into the switch via serial and ethernet PC to Switch.
I have now ran wireshark and got these entries. I don't really know what it is telling me especially concerning the switch. I'm just looking for clues on how to get into this switch.

Reply