取消
显示结果 
搜索替代 
您的意思是: 
cancel
17221
查看次数
20
有帮助
17
回复

思科2960二层交换机无法SSH远程登陆问题

lover520
Level 1
Level 1
大家好,想请问大家一个问题。思科2960二层交换机无法SSH远程登陆是什么原因呢?怎么去一步步的去排查呢?三层核心是正常可以SSH登陆的,2960也做了SSH配置,但一直无法SSH远程连接,排查不出什么原因
17 条回复17

yangwang38276
Level 1
Level 1
全局没有配置生成树,试试这条命令
crypto key generate rsa general-keys modulus 1024

huihuxu735715
Spotlight
Spotlight
配置贴出来看看

YilinChen
Spotlight
Spotlight
1、二层交换机想要远程登陆,前提是二层交换机有管理VLAN 配置IP地址,且设置了默认路由(ip default gateway);路由不可达,自然不能登陆;
2、如果在路由可达情况下,考虑SSH功能是否开启,本地RSA是否存在,以及SSH相对应的版本设置方面的问题;
3、如果说是能提示登陆,只是账号密码报错,要考虑的是认证模式和账号密码权限设置问题;

Rockyw
Spotlight
Spotlight
登录不了提示什么样的错误?楼主提供的线索太少,不好判断问题所在。
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rockyw | If it solves your problem, please mark as answer. Thanks !

fortune
VIP Alumni
VIP Alumni
从你电脑可以到这台交换机的IP吧,是否配置了默认路由
看看是否有做IP限制
29交换机的SSH 配置贴出来看看

lover520
Level 1
Level 1
yangwang38276 发表于 2021-3-10 10:23
全局没有配置生成树,试试这条命令
crypto key generate rsa general-keys modulus 1024

您好。生成树命令已经配置了,但是学习不到管理vlan10

lover520
Level 1
Level 1
YilinChen 发表于 2021-3-10 19:16
1、二层交换机想要远程登陆,前提是二层交换机有管理VLAN 配置IP地址,且设置了默认路由(ip default gatew ...

您好。
配置了管理vlan,以及给管理vlan配置了管理IP,并设置了默认路由,但是路由不可达,不知道是什么原因?
ssh 功能是开启的,本地rsa是存在的

lover520
Level 1
Level 1
YilinChen 发表于 2021-3-10 19:16
1、二层交换机想要远程登陆,前提是二层交换机有管理VLAN 配置IP地址,且设置了默认路由(ip default gatew ...

sh span sum 命令学习不到管理vlan

lover520
Level 1
Level 1
yangwang38276 发表于 2021-3-10 10:23
全局没有配置生成树,试试这条命令
crypto key generate rsa general-keys modulus 1024

crypto key zeroize rsa
crypto key generate rsa modulus 2048
sh ip ssh

lover520
Level 1
Level 1
vsop5207 发表于 2021-3-12 16:52
从你电脑可以到这台交换机的IP吧,是否配置了默认路由
看看是否有做IP限制

crypto key generate rsa
ip ssh version 2
ip ssh time-out 60
ip ssh authentication-retries 2
line vty 0 4
login local
transport input ssh
line vty 5 15
transport input none

lover520
Level 1
Level 1
Rocky 发表于 2021-3-11 22:26
登录不了提示什么样的错误?楼主提供的线索太少,不好判断问题所在。

管理vlan配了,默认路由也配了,ssh也配了,但是sh span sum 学习不到管理vlan

lover520
Level 1
Level 1
huihuxu735715 发表于 2021-3-10 15:37
配置贴出来看看

BHP_2F_WS-G2960-48TS-S-04#sh run
Building configuration...
Current configuration : 4986 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname BHP_2F_WS-G2960-48TS-S-04
!
boot-start-marker
boot-end-marker
!
enable password 7 13271F02343F0E6B0B670F213A3703
!
username bhpadmin password 7 00261B163B6801472F626B5C060C15
!
!
no aaa new-model
switch 1 provision ws-c2960s-48ts-l
!
!
ip domain-name rtp.cisco.com
!
!
crypto pki trustpoint TP-self-signed-3347664256
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3347664256
revocation-check none
rsakeypair TP-self-signed-3347664256
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 4
!
interface GigabitEthernet1/0/2
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 4
!
interface GigabitEthernet1/0/4
switchport access vlan 4
!
interface GigabitEthernet1/0/5
switchport access vlan 4
!
interface GigabitEthernet1/0/6
switchport access vlan 4
!
interface GigabitEthernet1/0/7
switchport access vlan 4
!
interface GigabitEthernet1/0/8
switchport access vlan 4
!
interface GigabitEthernet1/0/9
switchport access vlan 4
!
interface GigabitEthernet1/0/10
switchport access vlan 4
!
interface GigabitEthernet1/0/11
switchport access vlan 4
!
interface GigabitEthernet1/0/12
switchport access vlan 4
!
interface GigabitEthernet1/0/13
switchport access vlan 4
!
interface GigabitEthernet1/0/14
switchport access vlan 4
!
interface GigabitEthernet1/0/15
switchport access vlan 4
!
interface GigabitEthernet1/0/16
switchport access vlan 4
!
interface GigabitEthernet1/0/17
switchport access vlan 4
!
interface GigabitEthernet1/0/18
switchport access vlan 4
!
interface GigabitEthernet1/0/19
switchport access vlan 4
!
interface GigabitEthernet1/0/20
switchport access vlan 4
!
interface GigabitEthernet1/0/21
switchport access vlan 4
!
interface GigabitEthernet1/0/22
switchport access vlan 4
!
interface GigabitEthernet1/0/23
switchport access vlan 4
!
interface GigabitEthernet1/0/24
switchport access vlan 4
!
interface GigabitEthernet1/0/25
switchport access vlan 4
!
interface GigabitEthernet1/0/26
switchport access vlan 4
!
interface GigabitEthernet1/0/27
switchport access vlan 4
!
interface GigabitEthernet1/0/28
switchport access vlan 4
!
interface GigabitEthernet1/0/29
switchport access vlan 4
!
interface GigabitEthernet1/0/30
switchport access vlan 4
!
interface GigabitEthernet1/0/31
switchport access vlan 4
!
interface GigabitEthernet1/0/32
switchport access vlan 4
!
interface GigabitEthernet1/0/33
switchport access vlan 4
!
interface GigabitEthernet1/0/34
switchport access vlan 4
!
interface GigabitEthernet1/0/35
switchport access vlan 4
!
interface GigabitEthernet1/0/36
switchport access vlan 4
!
interface GigabitEthernet1/0/37
switchport access vlan 4
!
interface GigabitEthernet1/0/38
switchport access vlan 4
!
interface GigabitEthernet1/0/39
switchport access vlan 4
!
interface GigabitEthernet1/0/40
switchport access vlan 4
!
interface GigabitEthernet1/0/41
switchport access vlan 4
!
interface GigabitEthernet1/0/42
switchport access vlan 4
!
interface GigabitEthernet1/0/43
switchport access vlan 4
!
interface GigabitEthernet1/0/44
switchport access vlan 4
!
interface GigabitEthernet1/0/45
switchport access vlan 4
!
interface GigabitEthernet1/0/46
switchport access vlan 4
!
interface GigabitEthernet1/0/47
switchport trunk native vlan 25
switchport mode trunk
ip dhcp snooping trust
!
interface GigabitEthernet1/0/48
switchport mode trunk
ip dhcp snooping trust
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
ip address dhcp
!
interface Vlan10
ip address 10.3.10.23 255.255.255.0
!
ip default-gateway 10.3.10.1
ip http server
ip http secure-server
banner motd ^C
*********************************************************************************************
* *
* This is a private computer network. Unauthorized access is prohibited *
* *
* All activity monitored and logged *
* *
**********************************************************************************************
^C
!
line con 0
password 7 06240731737D03582554351903113A
logging synchronous
login
line vty 0 4
password 7 06240731737D03582554351903113A
login local
transport input ssh
line vty 5 15
login
transport input none
!
end

lover520
Level 1
Level 1
vsop5207 发表于 2021-3-12 16:52
从你电脑可以到这台交换机的IP吧,是否配置了默认路由
看看是否有做IP限制

BHP_2F_WS-G2960-48TS-S-04#sh run
Building configuration...
Current configuration : 4986 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname BHP_2F_WS-G2960-48TS-S-04
!
boot-start-marker
boot-end-marker
!
enable password 7 13271F02343F0E6B0B670F213A3703
!
username bhpadmin password 7 00261B163B6801472F626B5C060C15
!
!
no aaa new-model
switch 1 provision ws-c2960s-48ts-l
!
!
ip domain-name rtp.cisco.com
!
!
crypto pki trustpoint TP-self-signed-3347664256
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3347664256
revocation-check none
rsakeypair TP-self-signed-3347664256
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 4
!
interface GigabitEthernet1/0/2
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 4
!
interface GigabitEthernet1/0/4
switchport access vlan 4
!
interface GigabitEthernet1/0/5
switchport access vlan 4
!
interface GigabitEthernet1/0/6
switchport access vlan 4
!
interface GigabitEthernet1/0/7
switchport access vlan 4
!
interface GigabitEthernet1/0/8
switchport access vlan 4
!
interface GigabitEthernet1/0/9
switchport access vlan 4
!
interface GigabitEthernet1/0/10
switchport access vlan 4
!
interface GigabitEthernet1/0/11
switchport access vlan 4
!
interface GigabitEthernet1/0/12
switchport access vlan 4
!
interface GigabitEthernet1/0/13
switchport access vlan 4
!
interface GigabitEthernet1/0/14
switchport access vlan 4
!
interface GigabitEthernet1/0/15
switchport access vlan 4
!
interface GigabitEthernet1/0/16
switchport access vlan 4
!
interface GigabitEthernet1/0/17
switchport access vlan 4
!
interface GigabitEthernet1/0/18
switchport access vlan 4
!
interface GigabitEthernet1/0/19
switchport access vlan 4
!
interface GigabitEthernet1/0/20
switchport access vlan 4
!
interface GigabitEthernet1/0/21
switchport access vlan 4
!
interface GigabitEthernet1/0/22
switchport access vlan 4
!
interface GigabitEthernet1/0/23
switchport access vlan 4
!
interface GigabitEthernet1/0/24
switchport access vlan 4
!
interface GigabitEthernet1/0/25
switchport access vlan 4
!
interface GigabitEthernet1/0/26
switchport access vlan 4
!
interface GigabitEthernet1/0/27
switchport access vlan 4
!
interface GigabitEthernet1/0/28
switchport access vlan 4
!
interface GigabitEthernet1/0/29
switchport access vlan 4
!
interface GigabitEthernet1/0/30
switchport access vlan 4
!
interface GigabitEthernet1/0/31
switchport access vlan 4
!
interface GigabitEthernet1/0/32
switchport access vlan 4
!
interface GigabitEthernet1/0/33
switchport access vlan 4
!
interface GigabitEthernet1/0/34
switchport access vlan 4
!
interface GigabitEthernet1/0/35
switchport access vlan 4
!
interface GigabitEthernet1/0/36
switchport access vlan 4
!
interface GigabitEthernet1/0/37
switchport access vlan 4
!
interface GigabitEthernet1/0/38
switchport access vlan 4
!
interface GigabitEthernet1/0/39
switchport access vlan 4
!
interface GigabitEthernet1/0/40
switchport access vlan 4
!
interface GigabitEthernet1/0/41
switchport access vlan 4
!
interface GigabitEthernet1/0/42
switchport access vlan 4
!
interface GigabitEthernet1/0/43
switchport access vlan 4
!
interface GigabitEthernet1/0/44
switchport access vlan 4
!
interface GigabitEthernet1/0/45
switchport access vlan 4
!
interface GigabitEthernet1/0/46
switchport access vlan 4
!
interface GigabitEthernet1/0/47
switchport trunk native vlan 25
switchport mode trunk
ip dhcp snooping trust
!
interface GigabitEthernet1/0/48
switchport mode trunk
ip dhcp snooping trust
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
ip address dhcp
!
interface Vlan10
ip address 10.3.10.23 255.255.255.0
!
ip default-gateway 10.3.10.1
ip http server
ip http secure-server
banner motd ^C
*********************************************************************************************
* *
* This is a private computer network. Unauthorized access is prohibited *
* *
* All activity monitored and logged *
* *
**********************************************************************************************
^C
!
line con 0
password 7 06240731737D03582554351903113A
logging synchronous
login
line vty 0 4
password 7 06240731737D03582554351903113A
login local
transport input ssh
line vty 5 15
login
transport input none
!
end

YilinChen
Spotlight
Spotlight
lover520 发表于 2021-3-18 14:39
BHP_2F_WS-G2960-48TS-S-04#sh run
Building configuration...

FastEthernet0 口可用带外管理,目前没配IP;
int vlan 10是有了,确认int vlan 10 处于UP状态;
show int trunk 检查vlan10有没有透;
上联口如果是G1/0/48的话,默认思科充许所有VLAN通过,那就是要检查上行的交换机设备有没有放通VLAN10,先把网关PING通。
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接