05-03-2023 09:59 AM
I have ios XR router in my network and configured MPLS L3 vpn on P,PE routers. Now i want to take remote access of PE, P router thru ssh over CE router. SSH server V2 enabled on all P,PE and CE routers but unable to do ssh . While all routers are rechable .
Is it possible or not ? Please suggest
05-03-2023 10:08 AM
what ip you use to access PE,P ?
05-03-2023 10:13 AM
loopback ip on which vrf configured
05-03-2023 10:31 AM
show route vrf <VRF of LO>
are you see the LO in PE VRF
are you see the LO in CE RIB ?
I think you need to redistribute connect to iBGP
05-03-2023 10:41 AM
configuration on PE
interface Loopback10
description ## VRF A ##
vrf A
ipv4 address 10.200.1.50 255.255.255.255
!
router bgp 65000
bgp router-id 10.200.1.1
address-family ipv4 unicast
vrf A
rd 10:10
address-family ipv4 unicast
redistribute connected
05-03-2023 10:56 AM - edited 05-03-2023 10:56 AM
did you config route-target export/import for the VRF ?
05-03-2023 11:06 AM
yes i configured
vrf A
address-family ipv4 unicast
import route-target
2:2
!
export route-target
2:2
!
05-03-2023 10:52 AM - edited 05-03-2023 10:55 AM
Hi @Mohd Nasir ,
Make sure you use the source-interface configured with lo10 when you ssh to the CE.
ssh vrf A <CE loopback IP address> username xxxx source-interface lo10
Regards,
05-03-2023 11:05 AM
Sir,
i able to do access CE from PE but not vice versa . Means i want to access PE from CE
05-03-2023 11:13 AM
Thanks for the additional information @Mohd Nasir .
You need to enable ssh for the VRF on the PE/P?
ssh server vrf A
Regards,
05-03-2023 11:18 AM
Thanks Sir for support, i will do same coniguration on P and PE and then will check.
05-07-2023 11:58 PM
After enable ssh server vrf A, geeting this prompt and not able to ssh from PE-CE and vice versa
RP/0/RP0/CPU0:May 8 06:53:22.143 UTC: ssh_syslog_proxy[1198]: %SECURITY-SSHD_SYSLOG_PRX-3-ERR_GENERAL : ssh_csm[13681]: Permission denied, please
05-03-2023 11:15 AM
@Harold Ritter mention the interest point
CE-interface-PE
please use
ssh <CE loopback IP address> username xxxx source-interface <interface connect CE to PE>
NOTE:- if you run VRF in CE to connect to PE add vrf to command above
05-08-2023 12:03 AM
After enable ssh server vrf A, geting this prompt and not able to do ssh from PE-CE and vice versa
RP/0/RP0/CPU0:May 8 06:53:22.143 UTC: ssh_syslog_proxy[1198]: %SECURITY-SSHD_SYSLOG_PRX-3-ERR_GENERAL : ssh_csm[13681]: Permission denied, please
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide