Re: 93108tc-fx advice

Fredriguez · ‎11-27-2020

Coming from the old school of stacking 2900 35xx, I am really starstruck by the Nexis line and the new learnings I must do. No traditional stacking, I read why they think is best. Attempted to do a username <> privilege <> password <> command and command stopped responding after username. So What am I to do and learn to properly configure ssh and a user?

I have 2 NX switches connected to my new Nutanix appliance. The goal is to configure the switch for remote access, so I may then go home and finish remotely. I also have a stacked 9300 serving as layer 2 I guess you can say, Suggestions? Help, please?

Think 48u rack

1 nx switch

1 nutanix block

1 9300

1 firewall

Reza Sharifi · ‎11-27-2020

After enabling SSH on the Nexus, you just need to add a username and password. Something like this:

username test password 5 <password> role network-admin

If you connecting to the Nexus from the outside of your network and using private IP, you need to configure NAT on your routers or firewalls.

HTH

Fredriguez · ‎11-28-2020

Thanks Reza...

When you say enable ssh, you mean running

feature ssh command

It obtained an IP via DHCP from the firewall, so then I should then be able to use that IP to connect to via ssh, correct?

balaji.bandi · ‎11-28-2020

yes but you need to generate SSH key before you can connect.

switch# configure terminal

switch(config)# feature ssh

switch(config)# ssh key rsa 2048

switch(config)# exit

switch# show ssh key

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Fredriguez · ‎11-28-2020

Thanks for the expansion of knowledge.

I presume then I would need to do the following to further secure

line vty 0 15

login local

transport input ssh

transport output ssh

balaji.bandi · ‎11-28-2020

yes for the VTY Lines for incoming and outgoing (if you want to use this device to ssh to other devices) ssh connection.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

balaji.bandi · ‎11-28-2020

If you thinking make like stacking for redundancy you need to deploy vPC for high availability.

you can look vPC deployment :

https://www.balajibandi.com/?s=vpc&paged=2

in related to user :

username admin password 5 XXXXXXXXXXXXX role vdc-admin ( net-admin) - based on requirement

if you want other users to only do some commands you can do below :

role name username
rule 3 permit command show running-config
rule 2 permit command show *
rule 1 deny read-write

I also have a stacked 9300 - is this CAT 9300 ?

suggest to make a small network diagram for reference and you also understand what layer where servers and internet conneted.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Fredriguez · ‎11-28-2020

Yes 2 24 port C9300-24T-A

Reza Sharifi · ‎11-28-2020

All you should need is to enable SSH, configure the SSH encryption key create a username and password as I indicated in the other post.

On the Nexus series, there is no vty line config needed.

HTH

Fredriguez · ‎11-29-2020

Trying to make the correlation, but it seemed then I plugged in the console cable, it has made all ports light amber?

When I try to ping my firewall gateway 10.5.5.254, I receive no route to the host error

The IP assigned to the Nexus switch is 10.5.5.9 by the firewall.

I have a hostname configured

no default gateway or IPs on any interface/vlan