Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
1
Replies

Can't complete SSH into closet switches from off-subnet

alex-featheringill
Level 1
Level 1

‎03-25-2025 09:02 AM

This is a weird one, to me at least, asked some other people internally and none of us have figured it out so far, so outsourcing to you wonderful folk. We have a series of switches that are all connected in an MDF, one core switch and two access switches, that are not accepting SSH from any devices that are not on-campus. There is a third access switch in a different closet, that does allow us to SSH. The access switch that does allow SSH is on the same subnet as the two that fail (10.53.59.x), and the core is on a different subnet (10.27.82.x) but is routable.

 

All devices can communicate, they can all ping successfully and the initial SSH connection is established - you will be greeted with the login prompt, then our banner message then the password prompt. After entering a password, the connection will die after a second or two. The switch configs are virtually identical, and I ran debug ssh on the core switch and could see TACACs authenticating the account successfully so it's not failing there either, however a second or two later it will pop an error showing Unexpected error 0x12 and terminates. 

My thought was that there is something on the firewall that is blocking the ssh traffic but I don't have access to check our firewalls personally. I ran it by our security team and they said they didn't see anything out of the ordinary. But at this point I'm not sure what we can do to fix this, and we need to be able to ssh in for our backups to work, so it's causing operational difficulties. Does anyone know what could lead to the behavior described and have any advice? Thank you.

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎03-25-2025 12:20 PM

Am I correct in assuming that this used to work, and now does not work? Have there been changes in config of network devices?

If we had some details to work with we might be able to give better advice. Ideally I would like to see the complete current running config of a switch with this behavior (with sensitive information Public IPs, passwords, etc obscured). If you do not want to provide complete config then at least post all of the config for the votes.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents