Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
5863
Views
10
Helpful
10
Replies

2960 X SSH network communication access

Go to solution
martin.young@roquette.com
Level 1
Level 1

‎01-08-2018 12:32 AM - edited ‎03-08-2019 01:20 PM

Hi I could do with a little guidance please.

 

I am setting up a Cisco switch network for the first time. Having completed a 2 day course 2 months ago I am now the "expert" on site.

 

I have a network of 6 switches; 2 root, 4 edge, in a mesh configuration.

 

When accessing via Telnet all is well, and I can access any switch from any port, change configuration etc. but now I have invoked SSH I am unable to access any other switch except the one I am physically connected to: "connection refused by remote host" although I can still ping.

 

Any pointers please?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-08-2018 12:52 AM

Hi
is there ssh setup on those switches for you to access them?

ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface xxxx
ip ssh version 2


line vty 0 4
access-class x in
exec-timeout 30 0
transport input ssh

Then conf t
crypto key generate rsa
type 1024 hit return

That will setup the switch for ssh access , telnet is on by default

View solution in original post

10 Replies 10

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-08-2018 12:52 AM

Hi
is there ssh setup on those switches for you to access them?

ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface xxxx
ip ssh version 2


line vty 0 4
access-class x in
exec-timeout 30 0
transport input ssh

Then conf t
crypto key generate rsa
type 1024 hit return

That will setup the switch for ssh access , telnet is on by default

Go to solution
martin.young@roquette.com
Level 1
Level 1
In response to Mark Malone

‎01-08-2018 01:54 AM

Hi Mark

I can access each individual switch using SSH when connected directly (at an edge port) but not over the network.

 

What does this code set?

ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface xxxx

 

and this?

access-class x in

 

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to martin.young@roquette.com

‎01-08-2018 02:04 AM

There optional commands for ssh , a timeout so it locks out if not in use , source interface that ssh can come form and the amount of retires before it terminates the connection , the access-class is your vty port should always have an access-list on it for security or else anyone can attempt to access your switch from there machine

I can access each individual switch using SSH when connected directly (at an edge port) but not over the network.
are your default gateways in place on the switches ? is the machine you coming form on the same subnet as the switch mgmt. ip ?
0 Helpful

Go to solution
martin.young@roquette.com
Level 1
Level 1
In response to Mark Malone

‎01-08-2018 02:09 AM

Thanks Mark
I have no default gateway on the switches.

What do you mean by the switch management IP?
The laptop I am using is on the subnet as the switches.
0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to martin.young@roquette.com

‎01-08-2018 02:18 AM

ok is there a router in place or any l3 device or is this purely l2 switches network ? if there is l3 device in place switches should have a df gateway

http://www.ciscopress.com/articles/article.asp?p=2181836&seqNum=4

What do you mean by the switch management IP?
The ip address you are trying to ssh too on the switch , that is pingable across the network from your machine yes if its on same subnet ?
if so then there is something up with the switches ssh config your trying to connect too if you cant connect to it but can ping it ok or maybe something blocking it , can you post the show ip ssh off it
0 Helpful

Go to solution
martin.young@roquette.com
Level 1
Level 1
In response to Mark Malone

‎01-08-2018 02:41 AM

Thanks for your time and input Mark.

I have embarrassingly discovered that typing SSH before the IP address connects successfully.............

 

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to martin.young@roquette.com

‎01-08-2018 02:42 AM

:) no probs least its working
0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-08-2018 01:11 AM

Hello

 

Have you enable ssh correctly / do you have any access-list negating ssh access?
ip domain-name  xxxx.com
crypto key generate rsa general-keys  ( specify the key size)
ip ssh version 2

 

line vty x x
transport input ssh

res
Paul

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
martin.young@roquette.com
Level 1
Level 1
In response to paul driver

‎01-08-2018 01:51 AM

Thanks Paul

Do I need "general keys" here?: crypto key generate rsa general-keys 

I have generated keys but without that part.

0 Helpful

Go to solution
martin.young@roquette.com
Level 1
Level 1

‎01-08-2018 01:59 AM

A little more info............

I have 2 vlans in use, default 1 and vlan 36. All edge ports are assigned on vlan 36.

Could my problem be that I have not set remote span-vlan ?

 

 

0 Helpful
Top