Cant SSH/SCP from my C3750X switch to remote or local SSH/SCP Server.

robert_dantes · ‎03-21-2019

Hello All,

I basically need to copy and image out from our switch. the switch has the Mgmt-intf VRF and Fa0 is assigned to that VRF and that is where the management IP is configured.

We can ssh to the switch in question. but for some reason the switch cant SSH to anything.

I have already configured "ip ssh source-interface Fa0", its not able to SSH to any other equipment, even on the same subnet.

Example core Switch is source 10.1.1.1 can ssh to the switch 10.1.1.9, but sourcing from the 10.1.1.9 switch i cant ssh to 10.1.1.1 or any other device on the same subnet.

Remote work station example, 172.1.1.1 can ssh to the switch 10.1.1.9. - i have a scp server setup on my workstation, but switch cant connect it says "% Destination unreachable; gateway or host down"

to clarify further the reason we would like to download the image from this switch, is we ran out of ports and we are going to be shipping additional switch to add to the stack. this switch is on another continent and we would like to load the same image and pre provision the switch before we ship the additional switch to a far away continent to join the stack.

image on the switch stack is c3750e-universalk9-mz.122-58.SE2.bin and its not available for download on cisco anymore, and we know its full of bugs but we have not encountered any issue so far, and we would like to make this as no impact as possible, which a firmware upgrade on the stack will do. so we don't consider upgrading the firmware on that stack anytime soon.

Jaderson Pessoa · ‎03-21-2019

Hello,

There is a default-gateway/route configured on this device? (switch)

Jaderson Pessoa
*** Rate All Helpful Responses ***

robert_dantes · ‎03-21-2019

Yes the default gateway is configured on the switch

ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.1.1.1

balaji.bandi · ‎03-21-2019

Can you post the configuration show run, also ping from this device to destination IP 172.x.x.x paste the output of ping results?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

robert_dantes · ‎03-22-2019

Thank you, we got away by configuring a tftp server close to the switch and pulled the image that way. initially tftp was hanging midway when we transfer the file back state side directly from the switch. That is why we thought a TCP way of transfer would be better.

As for our need we consider this resolved. anyway the pertinent information are as below.

Ping and traceroute are successful to my desktop. one thing to consider, SSH to a device on the same 10.1.1.0/24 subnet fails, we cant SSH from this switch.

SW01#sh run vrf Mgmt-intf
Building configuration...

Current configuration : 308 bytes
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
!
interface FastEthernet0
description MGMT
vrf forwarding Mgmt-intf
ip address 10.1.1.1 255.255.255.0
no ip route-cache cef
no ip route-cache
!
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.1.1.1
end

SW01#sh run | i source
ip tftp source-interface FastEthernet0
ip ssh source-interface FastEthernet0

SW01#sh run | i ssh
ip ssh source-interface FastEthernet0
ip ssh version 2
transport input ssh
transport input ssh

SW01#ssh 10.1.1.1
% Destination unreachable; gateway or host down

SW01#

SW01#ping vrf Mgmt-intf 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms

paul driver · ‎03-23-2019

Hello

@robert_dantes wrote:

We can ssh to the switch in question. but for some reason the switch cant SSH to anything

Line vty x x
transport output ssh

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul