Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

SSH connection not working on C9300 switch

Level 1
Level 1



I can't connect remotely on the management VLAN on a C9300 switch (IOS version 16.9.5), and I really can't understand because it's the only device on this site with this issue...

When I try to SSH the device, I have a "connection refused by remote host" straight away. I can ping the switch just fine from the outside, I even tested to SSH from a device in the same location and the problem is the same, so this is not a routing issue.

The SSH config is OK, I have created an RSA key, the switch has a domain-name and "ip ssh version 2" is configured.


We are using only local user/passwords to connect, so this is not a RADIUS or TACACS issue as there are none configured. Also, there are no ACLs applied on the VTYs.


As it just wouldn't work with our standard AAA template, I have someone sent on site to login via console, and remove every AAA config and just follow this Cisco doc for the most stripped down local AAA config

So now, my aaa config is:


aaa new-model


aaa authentication login default local

aaa authorization exec default local

aaa authorization network default local


aaa session-id common


And my VTY config has been stripped down as well, now it's only:

line vty 0 4

 transport input all

 transport input all

=> one thing that's bothering me, I tried to configure "login authentication default" in the line config, the command was accepted without any error message, but it doesn't show when I do a show run.


The tech on site didn't have much time, so I couldn't have him run debugs and send me the captures.

Does anyone have any idea about what's going on? This is pretty frustrating, as the issue looks so simple, but I just can't understand why/where something so basic is failing.


Thank you,


Who Me Too'd this topic