Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
6
Replies

Cisco 3850 Catalyst Switch Questions On Management Access

FunkyTrunk11
Level 1
Level 1

‎12-18-2018 06:47 PM - edited ‎03-08-2019 04:51 PM

This may be a ridiculous question, however I will ask anyway...

On the Cisco 3850 series platform is it possible to manage the device via another interface than the GigE interface on the back? In other words, is it possible to set up the  switch to accept SSH traffic through a public facing IP on one of the TenGig ports? More specifically, a interface configured for MPLS.

For the record, this solution is only temporary.

 

EDIT: Sorry, I meant 3850, not 9300. I've got a couple of projects going and mixed the 2 platforms up.

Labels:
0 Helpful
6 Replies 6

FunkyTrunk11
Level 1
Level 1
In response to luis_cordova

‎12-18-2018 08:15 PM - edited ‎12-18-2018 09:08 PM

Thank you for the quick reply, though your response did not answer any of my questions...

SSH is configured, however the MPLS interface responds to ping but does not respond to SSH traffic. Is there something I need to put on that interface in order to get it to reply? Possibly an access list, or is it even possible to change the back plane to allow a different interface to be used for management instead of Gig0/0? 

I've searched quite a bit on this topic and have not found much.

0 Helpful

FunkyTrunk11
Level 1
Level 1
In response to FunkyTrunk11

‎12-18-2018 08:19 PM - edited ‎12-18-2018 09:09 PM

I should also add that when running debugs for ssh, I get zero logs when attempting to log in...

0 Helpful

Nadav
Level 7
Level 7
In response to FunkyTrunk11

‎12-18-2018 09:20 PM - edited ‎12-18-2018 09:24 PM

You can SSH from any port that is accessible via IP. That should include MPLS.

Here's the minimum you should do:

 

1) Configure an ip domain-name

2) Generate crypto keys

3) Have an IP address on the switch that is accessible from where you're trying to SSH

4) Configure for "line vty" that the transport input and output are ssh

 

0 Helpful

pieterh
VIP
VIP
In response to Nadav

‎12-19-2018 07:26 AM - edited ‎12-19-2018 07:30 AM

the port on the back is by default tied to the Mgmt-vrf  virtual router 

as such it will only pass traffic for routes reachable through this vrf.

interface GigabitEthernet0/0
 description management
 vrf forwarding Mgmt-vrf

this doc is for asr100, but technique also goes for any other Mgmt-vrf

Chapter: Using the Management Ethernet Interface

 

any other vlan interface with an ip-address is useable for ssh access (unless limited by access-list)

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to pieterh

‎12-19-2018 09:39 AM

As a start in investigating this issue would the original poster give us the output of show ip interface brief from the 3850, identify which of the addresses is the one they are attempting to reach, and give us output of show ip ssh from the 3850?

 

HTH

 

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card