Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1545
Views
0
Helpful
4
Replies

Cisco Nexus 3000 ssh access

silverdragan
Level 1
Level 1

‎04-16-2015 07:37 PM - edited ‎03-07-2019 11:35 PM

I have a Cisco  Nexus 3172T in a small environment running System version: 6.0(2)U3(1). I am using a vlan as management access, i.e. vlan100 is on every device and is using for snmp/ssh access. On the same switch I have one non-switchport (routed) port (eth1/6 in this case) connecting to a remote datacenter. I am able to SNMP poll and ping the vlan100 interface on the switch from everywhere, and I am able to SSH login while I am connected on any of the VLANs that are known to the switch. My problem comes when trying to access (SSH) the switch from the remote datacenter location (SNMP/Ping also works from the remote location). The only way to SSH access the switch from the remote location is only if I SSH in on the routed port (i.e. eth 1/6).

I am not using the dedicated management port on the switch (nor I have any plans in the future). I am also running very plain config, a few switchports, one routed port, and the default control-plane policy (which is only policy pps). There are the ACLs on the VTY.

Am I running into a known bug or is there some configuration requirement to allow this ?

 

 

thanks

dragan

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-16-2015 07:50 PM

Are you sure there is no access-list blocking SSH from the remote subnets?

If you can ping a device is vlan 100 from remote subnets, that usually means you can access it via SSH as well, if there is no access-list blocking it.

HTH

0 Helpful

silverdragan
Level 1
Level 1
In response to Reza Sharifi

‎04-17-2015 08:24 AM

There are no ACLs at all.

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to silverdragan

‎04-18-2015 01:04 AM

Its not in a VRF or anything like that is it?

 

Also have you tried setting the ssh source interface to be vlan 100.

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/security/6x/b_Cisco_n3k_Security_Config_6x/b_Cisco_n3k_Security_Config_6x_chapter_0110.html#task_4AFC76AF5CD04C728EF30CB15EAE2655

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

silverdragan
Level 1
Level 1
In response to Bilal Nawaz

‎04-18-2015 02:01 PM

There are no VRFs, and the ssh feature is not available on the version I am running.

 

 

 

0 Helpful
Customers Also Viewed These Support Documents