10-25-2016
08:07 PM
- last edited on
03-25-2019
01:21 PM
by
ciscomoderator
I can PING and HTTPS into my APIC but can't SSH ???
Does anyone know why this might be the case ?
Solved! Go to Solution.
10-25-2016 10:28 PM
Thanks
T.
10-25-2016 10:28 PM
Thanks
T.
10-25-2016 11:14 PM
Thanks Tom, I went in to this GUI area and SSH was already enabled but didn't work.
So I enabled SSH via WEB and even the Telnet option, submitted and tried SSH via web...worked.
So then out of curiosity I tried SSH again and that worked too.
Thanks.
When you get a chance, can you please email me: kevin.sherwood@dsto.defence.gov.au
10-26-2016 06:24 AM
There is a known issue:
CSCva22593 [APIC commPol] Custom mgmt access policy ignored after upgrade
A fabric has "Custom" management access policies configured and applied to a particular POD for the block of nodes in each POD. The policies, policy groups, and profiles are created and deployed to each node in the fabric. The Custom policies are tested and working as expected. The "default" mgmt policy disables all protocols except HTTPS. The default "Profile" is deleted so that it can not be used for the default policy (which cannot be deleted). The Custom mgmt access policies configuration continue to work as expected until an "upgrade" is performed in the fabric. After an upgrade, the APIC creates a "default" profile and uses the "default" policy instead of the Configured "Configured" Policies & Profiles. The APIC should not use the default policy since it is not applied to ALL or a specific range of nodes. Since the APIC creates a "default" profile after upgrade and applies to all nodes and overrides "Custom" policies. This should not happen. The workaround is to change any item in the Custom Policy and submit. At this time, the Custom policy is deployed and works as expected until the next upgrade.
you may be running into this.
T.
11-03-2016 04:23 AM
I was always just using the default access policy.
Now I can SSH directly to my only APIC but not to any other switch...is this normal ?
12-06-2016 12:18 PM
Hello,
Have you configured the following?
- static out-of-band node management addresses for each APIC node
- a pool for the out-of-band node management addresses for a range of nodes
- an OOB contract for the node management out-of-band EPG
- an external network instance profile for the OOB management network
This all can be done under the management tenant.
Hope this helps.
Regards,
Michael G.
Thank you for participating in the Cisco Support Forum for ACI! If you have other questions related to this post, please let us know. If this response answers your questions, please mark this post "answered" and assign a rating to the response(s) provided. This will help notify other viewers that your question(s) is answered and this helps us provide better responses for this and future questions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide