cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1779
Views
6
Helpful
13
Replies

SSH issue

Mohd Nasir
Level 1
Level 1

I have ios XR router in my network and configured MPLS L3 vpn on P,PE routers. Now i want to take remote access of PE, P router thru ssh over CE router. SSH server V2 enabled on all P,PE and CE routers but unable to do ssh . While all routers are rechable .

Is it possible or not ? Please suggest

13 Replies 13

what ip you use to access PE,P ?

loopback ip on which vrf configured

show route vrf <VRF of LO> 
are you see the LO in PE VRF 
are you see the LO in CE RIB ?
I think you need to redistribute connect to iBGP

configuration on PE

interface Loopback10
description ## VRF A ##
vrf A
ipv4 address 10.200.1.50 255.255.255.255
!

 

router bgp 65000
bgp router-id 10.200.1.1
address-family ipv4 unicast

vrf A
rd 10:10
address-family ipv4 unicast
redistribute connected

 

did you config route-target export/import for the VRF ?

yes i configured 

vrf A
address-family ipv4 unicast
import route-target
2:2
!
export route-target
2:2
!

Harold Ritter
Level 12
Level 12

Hi @Mohd Nasir ,

Make sure you use the source-interface configured with lo10 when you ssh to the CE.

ssh vrf A <CE loopback IP address> username xxxx source-interface lo10

Regards, 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Sir,

i able to do access CE from PE but not vice versa . Means i want to access PE from CE

Thanks for the additional information @Mohd Nasir .

You need to enable ssh for the VRF on the PE/P?

ssh server vrf A

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thanks Sir for support, i will do same coniguration on P and PE and then will check.

After enable ssh server vrf A, geeting this prompt and not able to ssh from PE-CE and vice versa

 

RP/0/RP0/CPU0:May 8 06:53:22.143 UTC: ssh_syslog_proxy[1198]: %SECURITY-SSHD_SYSLOG_PRX-3-ERR_GENERAL : ssh_csm[13681]: Permission denied, please

@Harold Ritter  mention the interest point 
CE-interface-PE 
please use 

ssh <CE loopback IP address> username xxxx source-interface <interface connect CE to PE>
NOTE:- if you run VRF in CE to connect to PE add vrf to command above 

After enable ssh server vrf A, geting this prompt and not able to do ssh from PE-CE and vice versa

 

RP/0/RP0/CPU0:May 8 06:53:22.143 UTC: ssh_syslog_proxy[1198]: %SECURITY-SSHD_SYSLOG_PRX-3-ERR_GENERAL : ssh_csm[13681]: Permission denied, please