12-10-2022 10:54 PM
Dear All,
My switch stopped working for some time, I got the below error in log, we are using SSH protocol, and we don't have VLAN200 in our LAN network, any idea? Is it attack or normal IP misconfigure by someone? The only way allowed to SSH this switch is from Core switch only.
Dec 4 00:02:35.095: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 192.168.200.40
12-10-2022 11:13 PM - edited 12-10-2022 11:14 PM
- What is the switch model ?
M.
12-11-2022 12:22 AM
It's 2960 cisco switch
Version 15.2(7)E3
12-11-2022 12:38 AM
- Similar to this bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsu27706 , probably related to resource exhaustion , you may need to reboot the device when a windows for that is available.
M.
12-11-2022 01:05 AM
Hello,
it (obviously) looks like 192.168.200.40 is trying to SSH into your switch. If that IP address is not in your network, somebody (or some automated program) might be trying to gain access. It could also be a spoofed IP address. Are your users able to configure their own IP addresses, and/or connect random devices to random switchports ? What kind of security do you have configured (e.g. port security, 802.1x authentication) ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide