Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12223
Views
5
Helpful
28
Replies

Cannot SSH into switch from PC

cloksin
Level 1
Level 1

‎02-20-2019 09:16 AM

I have a 4506 switch that I am having difficulties connecting to.  My end-user traffic is passing through just fine.  If I'm on another switch in my environment I can SSH into this switch.  I can ping the management IP from any other switch in my environment.  However, I cannot ping the switch from a PC nor can I SSH into the switch from a PC.  Any help would be appreciated.

 

Here is my sanitized running config

 

Building configuration...

Current configuration : 35899 bytes
!
! Last configuration change at 03:45:16 CST Wed Feb 20 2019 by <deleted for privacy>
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname <deleted for privacy>
!
boot-start-marker
boot system flash bootflash:cat4500e-entservicesk9-mz.152-1.E1.bin
boot-end-marker
!
vrf definition mgmtVrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 <deleted for privacy>
!
username <deleted for privacy> password 7 <deleted for privacy>
aaa new-model
!
aaa session-id common
clock timezone CST -6 0
clock summer-time CDT recurring
!
ip domain-name <deleted for privacy>
ip name-server <deleted for privacy>
ip name-server <deleted for privacy>
ip device tracking
ip dhcp excluded-address <deleted for privacy>
ip dhcp excluded-address <deleted for privacy>
!
ip dhcp pool <deleted for privacy>PCs
network <deleted for privacy>
default-router <deleted for privacy>
dns-server <deleted for privacy>
domain-name <deleted for privacy>
!
vtp domain null
vtp mode off
!
crypto pki trustpoint TP-self-signed-<deleted for privacy>
!
crypto pki certificate chain TP-self-signed-<deleted for privacy>
!
power redundancy-mode redundant
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 30
name MoreVoice
!
vlan 36
!
vlan 38
name Phones
!
vlan 43
name data43
!
vlan 54
!
vlan 60
name Network Devices
!
vlan 510
name Data1
!
vlan 511
name Data
!
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh version 2
!
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
shutdown
speed auto
duplex auto
!
interface TenGigabitEthernet1/1 ###This is the trunk port connecting back to my core switch
switchport mode trunk
!
<content removed for brevity>
!
interface Vlan1
no ip address
shutdown
!
interface Vlan36
no ip address
!
interface Vlan43
ip address <deleted for privacy>
shutdown
!
interface Vlan60
ip address <deleted for privacy> ###This is my management vlan
!
interface Vlan510
no ip address
!
interface Vlan511
no ip address
!
ip default-gateway <deleted for privacy>
ip http server
ip http secure-server
ip forward-protocol nd
!
snmp-server community <deleted for privacy>
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
logging synchronous
transport input telnet ssh
line vty 5 15
logging synchronous
transport input telnet ssh
!
ntp server 192.5.41.209
ntp server 198.30.92.2
end

 

 

1 person had this problem
Labels:
0 Helpful
28 Replies 28

cloksin
Level 1
Level 1
In response to Jaderson Pessoa

‎02-20-2019 11:19 AM

We'd like to try and reboot the switch, but it takes about 10 minutes to come back up, and this is a production switch.

0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to cloksin

‎02-20-2019 11:25 AM

Dear clocksin,

i found a command in your device: default-router <deleted for privacy>
Default router is correct?
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

cloksin
Level 1
Level 1
In response to Jaderson Pessoa

‎02-20-2019 11:56 AM

The default router is correct, and that setting is just for a DHCP pool, that shouldn't affect any connectivity, the PC I'm on isn't getting it's IP address from that pool.

0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to cloksin

‎02-20-2019 12:12 PM

if possible, could provide complete (without ommit information) output:
ON SWITCH
show running-confgi
show ip route

ON CORE
show running-config
show ip route

i still thinking about route, gateway or incorrect address.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

cloksin
Level 1
Level 1
In response to Jaderson Pessoa

‎02-20-2019 12:34 PM

Unfortunately I am not permitted to post a running config that has not been redacted.  I've had a second person on my end review the configs, as far as we can tell, it should be working.  This switch is not doing any routing, so it can't be a route issue.  The management vlan is used by hundreds of other devices in our network and we have no problem connecting to any of them.

0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to cloksin

‎02-20-2019 12:46 PM

i'm understand it. There is no way to help without information.

The baseline is:
from any other switch you can have access to this device. ( Are you sets the same subnet for them, dont you? )
from your pc that has other subnet you cant access just this device.
and from switch that has problem, you cant ping the own default-gateway.

1. ip address on this interface its wrong.
2. Route on this switch is wrong.
3. interface has other native vlan sets.
4. Default-gateway on switch its incorrectly.

I cant imagine other thing that can be the problem.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to cloksin

‎02-20-2019 11:25 AM

I think that reboot is not the solution...
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to cloksin

‎02-20-2019 11:34 AM - edited ‎02-20-2019 11:36 AM

The problem is related about:
route in your switch.
vlans allowed.
ip address with mask correctly in your switch.
ip default-gateway correctly.

 

Because you can establish connection through an other switch, i believe that switches has the same subnet. so, they arent need gateway to reach each other.

 

You aren't able to establish connection with this switch from an other network...  

 

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Steve.Brown11
Level 1
Level 1
In response to cloksin

‎05-21-2020 02:33 AM

Hey Clocksin, I'm having the same problem accessing a single switch via SSH from my PC......I can connect to all other switches OK and can even connect to the switch from another PC on the same vlan as my PC, just not from my PC!

Like you, I can SSH onto the switch from other switches. Issue seems to be from my PC this switch only. Have you tried connecting from another PC on the same vlan?

I'm thinking of rebooting the switch.....

 

0 Helpful

Steve.Brown11
Level 1
Level 1
In response to Steve.Brown11

‎05-21-2020 02:36 AM

Sorry Cloksin, misread the dates...did you manage to resolve this?
0 Helpful

luis_cordova
VIP Alumni
VIP Alumni
In response to Jaderson Pessoa

‎02-20-2019 11:46 AM

Hi @cloksin ,

 

3. If you have not already tried it, turn off the firewall of your PC, since sometimes it prevents the ping.

 

Regards

0 Helpful

cloksin
Level 1
Level 1
In response to luis_cordova

‎02-20-2019 11:58 AM

firewall is not on, and I can ping everything else in my network.

0 Helpful

Adam58669
Level 1
Level 1

‎08-16-2021 06:43 PM

Hi all, I know I'm responding to an old thread.

I had this problem today.

I resolved this by using the following:

ip defult-gateway XXX.XXX.XXX.XXX

no ip routing

I was then able to connect to the 4 distribution switches that were not accepting remote connection but would via core or access switches.

 

Thanks Adam from the Australian Desert

Richard Burts
Hall of Fame
Hall of Fame
In response to Adam58669

‎08-17-2021 10:48 AM

Thanks for sharing your experience with the community. +5 for explaining how you resolved your issue.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents