Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3340
Views
5
Helpful
4
Replies

SSH connection refused when interface is in a VRF

Go to solution
ThomasD86
Level 1
Level 1

‎08-19-2023 01:47 AM - last edited on ‎08-20-2023 11:30 PM by Community Manager

Hi,

I am working with a very simple topology made up by two routers: A running XR and B running XE. Routers A and B are directly connected using the

172.16.0.0/31

network.


IP ending in .0 is configured on Router A, IP ending in .1 is configured on B. I can SSH from Router A to B just fine, but trying to SSH from router B into router A doesn't work and I get a message that the remote host refused the connection.

As soon as I remove the VRF configuration under the interface on router A though, router B can SSH into it. So it got me wondering whether is normal behavior for a router to refuse connections made to an interface belonging to a VRF but couldn't find any documentation about this. 

Can anyone weigh in on this?

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP
In response to ThomasD86

‎08-19-2023 03:10 AM

Hello @ThomasD86 

On Router A, IOS xr, add

ssh server v2
ssh server vrf SSHTEST
Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-19-2023 02:06 AM

You mean to say both the router configured VRF or only 1 Router in VRF other not in VRF ?

If the Interface belong to VRF, you also need to have source of interface VRF and also routing in place to reach.

For good understand you running LAB, just enable DEBUG so you will see what is happening when the packet arrive to the router.

Also good to post the config you have in the Router - also config should be VRF aware all the time (when you having VRF)

below example guide you :

https://www.cisco.com/c/en/us/support/docs/ip/telnet/200718-Configure-Telnet-SSH-Access-to-Device-wi.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
ThomasD86
Level 1
Level 1
In response to balaji.bandi

‎08-19-2023 02:16 AM - last edited on ‎08-20-2023 11:32 PM by Community Manager

Hi Balaji,

yes only Router A interface is in the VRF:

 

 

interface BVI3
 vrf SSHTEST
 ipv4 address 172.16.0.1 255.255.255.248

 

 

 On router B:

 

 

interface BDI3
 ip address 172.16.0.2 255.255.255.248

 

 

 What I see is this, from router A:

ssh vrf SSHTEST 172.16.0.2

works fine

from router B:

ssh 172.16.0.1

connection refused by remote host

If I remove the vrf from the interface on router A, SSH works

Go to solution
M02@rt37
VIP
VIP
In response to ThomasD86

‎08-19-2023 03:10 AM

Hello @ThomasD86 

On Router A, IOS xr, add

ssh server v2
ssh server vrf SSHTEST
Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
ThomasD86
Level 1
Level 1
In response to M02@rt37

‎08-19-2023 03:14 AM

Hi M02@rt37,

this worked perfectly


Regards

Customers Also Viewed These Support Documents