Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2196
Views
1
Helpful
25
Replies

Cisco 9300 switch doesn't connect via SSH

Rick001
Level 1
Level 1

‎03-27-2024 07:07 AM

I have a couple of switches that are trunked via a LAN cable from another switch. I noticed that these switches sometimes have a hard time to SSH into. I get the error: "Connection timed out". After a while and a few tries I can connect just fine. I checked the logs (sh log) and don't really see anything helpful.

I have the following set an all the switches:

aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
aaa session-id common

line vty 0 4
access-class VTY-ACL in vrf-also
exec-timeout 9 59
logging synchronous
transport input ssh
transport output ssh
line vty 5 15
access-class VTY-ACL in vrf-also
exec-timeout 9 59
logging synchronous
no exec
transport input none
transport output none
line vty 16 31
exec-timeout 9 59
no exec
transport input none
transport output none

The switches are up with no interruption. I can console in fine.

Labels:
0 Helpful
25 Replies 25

MHM Cisco World
VIP
VIP
In response to Rick001

‎05-09-2024 09:46 AM

So there is tcp i.e. there is connection

You mention that you try connect from SW and it work 

Can you check 

Show tcp breif 

In both case check the IP and port 

MHM

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎05-09-2024 02:38 PM

Could you post the output of the command show arp on the switch?

HTH

Rick
0 Helpful

Rick001
Level 1
Level 1
In response to Richard Burts

‎05-10-2024 09:09 AM

So I have 4 switches with this issue. The "sh arp" command is showing all these switches' IPs and MAC (I believe cause I ping the other problem switches from it) with it's own IP Age being "-". The other device I see in the list is the Core Switch. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Rick001

‎05-05-2024 08:32 AM 

I've noticed that if from another switch I ping the IP of the switch I'm trying to SSH into

in this case you not able to SSH from device, but another device you able to SSH in that means SSH working.

when the device not able to SSH - at the time are you able to ping ?

I've also noticed that it happens to switches which are trunked to other 9300 switches via CAT 6 cabling

can you explain more - how is your network connected, when you failing to connect to other switch daisy chained and you still able to connect to main switch right ?

what IP address VLAN these switches you were able to connect ? what is the device IP from you not able to connect ?

when you remove ACL are you able to connect all the time ?

your ACL seem to be odd some  of the mask you used . can you post the switch interface config and routing table from the switch you having issue  and STP information.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Rick001
Level 1
Level 1
In response to balaji.bandi

‎05-08-2024 09:59 AM

It is very inconsistent. Most of the times I can't SSH directly to the switch. I noticed that if I ping the switch from any other switch in the network, I can immediately access it. I can SSH into the switches without problems within any other switch.

Th problem switches just so happen to be daisy chained.

 

Its a bit hard to reproduce, cause once I get in, I can exit and reenter fine. I have to wait a few hours until I can't SSH again to test again.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Rick001

‎05-08-2024 02:29 PM

When the problem is happening and you are not able to SSH, are you able to ping the switch? Can we eliminate IP connectivity issues?

HTH

Rick
0 Helpful

Rick001
Level 1
Level 1
In response to Richard Burts

‎05-08-2024 03:29 PM

That's the strange thing. If I want to connect, I just try to ping from another switch and it then connects. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Rick001

‎05-09-2024 11:09 PM 

Th problem switches just so happen to be daisy chained.

when you have issue of the switch, are you able to SSH to parent switch or even parent switch not able to SSH ?

what VAN you use for Management ?

how does your STP configured ? who is root in the Daisy chain ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Rick001
Level 1
Level 1
In response to balaji.bandi

‎05-10-2024 09:53 AM

@balaji.bandi wrote:

 

Th problem switches just so happen to be daisy chained.

 

when you have issue of the switch, are you able to SSH to parent switch or even parent switch not able to SSH ?

what VAN you use for Management ?

how does your STP configured ? who is root in the Daisy chain ?

 

Only having issues with the child switches.

I have the Management VLAN 99 on all of the switches.

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Rick001

‎05-12-2024 05:37 AM

when you have issue of the switch, are you able to SSH to parent switch or even parent switch not able to SSH ?

how does your STP configured ? who is root in the Daisy chain ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Rick001
Level 1
Level 1
In response to balaji.bandi

‎05-16-2024 05:25 AM - edited ‎05-16-2024 08:22 AM

I don't have any issues with the parent switches, only the child.

I only see the trunk interfaces as root.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card