Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
754
Views
0
Helpful
2
Replies

Unable to SSH or HTTPS in to SVI.

mediaworksnz
Level 1
Level 1

‎09-12-2019 08:42 PM - edited ‎09-14-2019 12:59 PM

please delete this post.

Labels:
0 Helpful
2 Replies 2

Meheretab Mengistu
Level 7
Level 7

‎09-12-2019 10:10 PM

Hi,
It looks like you have an ACL issue for the return traffic. I believe you can successfully PING the device as of now. In order to be able to SSH and/or HTTPS to the device, you need to add an ACL entry from 10.99.7.0/24 to the source VLAN.


ip access-list extended Restrict_wifi_mgt
permit icmp 10.99.7.0 0.0.0.255 any
permit ip 10.99.7.0 0.0.0.255 host 10.99.0.50
permit ip 10.99.7.0 0.0.0.255 host 10.99.0.10
permit ip 10.99.7.0 0.0.0.255 host 10.99.130.10
permit ip 10.99.7.0 0.0.0.255 host 10.5.1.93
permit ip 10.99.7.0 0.0.0.255 host 10.21.130.31
permit ip 10.99.7.0 0.0.0.255 host 10.5.1.34
permit ip 10.99.7.0 0.0.0.255 X.X.X.X x.x.x.x
deny ip 10.99.7.0 0.0.0.255 any
permit ip any any

 

HTH,

Meheretab

HTH,
Meheretab
0 Helpful

paul driver
VIP
VIP

‎09-13-2019 03:26 AM

Hello

@mediaworksnz wrote:

Hello, I have a device within VLAN 99 that I am trying to connect to via SSH or HTTPS (my router is a Cisco 1921).

I can do this successfully if I connect my laptop to an 'access vlan 99' port on the connecting switch, however from any other VLAN I cannot connect (even if I set the router's 'ssh source-interface vlan' to 99).

 

I do have an access-list on VLAN 99 but the direction is 'INBOUND' so should not affect traffic coming in to VLAN 99 from other VLANs. Can anyone see what is causing the problem ?


interface GigabitEthernet0/0
description LAN Switch
no ip address

interface GigabitEthernet0/0.10
description Data
encapsulation dot1Q 10
ip address 10.21.7.1 255.255.255.0


interface GigabitEthernet0/0.99
description WiFi
encapsulation dot1Q 99
ip address 10.99.7.1 255.255.255.0
ip access-group Restrict_wifi_mgt in

You dont have an active vlan 1 subnet  specified on your router  I can only see vlan10-99 ?

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card