This may be a ridiculous question, however I will ask anyway...
On the Cisco 3850 series platform is it possible to manage the device via another interface than the GigE interface on the back? In other words, is it possible to set up the switch to accept SSH traffic through a public facing IP on one of the TenGig ports? More specifically, a interface configured for MPLS.
For the record, this solution is only temporary.
EDIT: Sorry, I meant 3850, not 9300. I've got a couple of projects going and mixed the 2 platforms up.
Thank you for the quick reply, though your response did not answer any of my questions...
SSH is configured, however the MPLS interface responds to ping but does not respond to SSH traffic. Is there something I need to put on that interface in order to get it to reply? Possibly an access list, or is it even possible to change the back plane to allow a different interface to be used for management instead of Gig0/0?
I've searched quite a bit on this topic and have not found much.
You can SSH from any port that is accessible via IP. That should include MPLS.
Here's the minimum you should do:
1) Configure an ip domain-name
2) Generate crypto keys
3) Have an IP address on the switch that is accessible from where you're trying to SSH
4) Configure for "line vty" that the transport input and output are ssh
the port on the back is by default tied to the Mgmt-vrf virtual router
as such it will only pass traffic for routes reachable through this vrf.
vrf forwarding Mgmt-vrf
this doc is for asr100, but technique also goes for any other Mgmt-vrf
any other vlan interface with an ip-address is useable for ssh access (unless limited by access-list)
As a start in investigating this issue would the original poster give us the output of show ip interface brief from the 3850, identify which of the addresses is the one they are attempting to reach, and give us output of show ip ssh from the 3850?