Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1766
Views
0
Helpful
1
Replies

Unable to SSH to L2 switch

MichaelJohnson23319
Level 1
Level 1

‎12-28-2020 11:46 AM

Hi,

Problem I am having is I am unable to ssh to a L2 switch from my workstations. 

 

I have workstations attached to a L3 switch which is connected to a ASA. This switch hosts the management network(10.20.20.0/24 are servers and 10.20.98.0/24 are workstations)

I have another L3 switch connected to the ASA hosting the test network (10.20.21.0/24 for servers).

I then have a L2 switch connected to both the ASA and management switch.  L2 is handling some internal traffic set up in a network of 10.20.60.0/24.

I am able to ping the L2 switch from my workstations but I am unable to ping the workstations form the L2 switch.

L2 switch can ping both ASA and mgmt L3 switch.

I am also able to ssh from my mgmt's L3 switch to the L2 switch.

I want to be able to ssh from my workstations to the L2 switch.

 

Vlan60 is on all devices except the test network L3 switch.  L2 switch is 10.20.60.4, ASA is 10.20.60.2, and MGMT L3 switch is 10.20.60.1

 

SSH is configured on the L2 switch as I said I can ssh from MGMT switch to the L2 switch.

When I try ssh from a workstation the connection times out, it is not refused.

I'll attach the L2 switch config and L3 MGMT switch config.  They are directly connected from port 3 on L2 switch to port 21 on MGMT switch.  MGMT also sends .60 traffic to ASA on port 22.

 

Thanks for your assistance. 

 

Labels:
Preview file
7 KB
Preview file
9 KB
0 Helpful
1 Reply 1

paul driver
VIP
VIP

‎12-28-2020 12:10 PM - edited ‎12-28-2020 12:13 PM

Hello
Why do you need a L2 switch performing ip routing when its supposed to be a host siwtch - the only L3 address that switch requires is an svi address in the mgt vlan and a default gateway towards its L3 subnet or the rtr/l3 device perfroming the inter-vlan routing, And the only reason the switch will  require a default-gateway is for remote hosts not on the mgt vlan to be able to reach it.


On the switch- Disable ip routing, give it an D/G and you should be able then to reach it remotely via ssh providing you have also enabled ssh and created a local rsa key for it.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents