Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
952
Views
0
Helpful
2
Replies

Connection Refused SSH WS-C2960S-48FPS-L

Go to solution
MichaelStillwater96406
Level 1
Level 1

‎03-09-2021 08:31 AM

I'm very new to Cisco and this is my first configuring of one of their switches.  No matter what I do I'm unable to ssh into this switch.


Building configuration...

Current configuration : 4458 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myswitch
!
boot-start-marker
boot-end-marker
!
enable secret 5 ********
!
username testuser privilege 15 secret 5 ********************
!
!
no aaa new-model
switch 1 provision ws-c2960s-48fps-l
!
!
ip domain-name mydomain.com
!
!
crypto pki trustpoint TP-self-signed-2432171264
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2432171264
revocation-check none
rsakeypair TP-self-signed-2432171264
!
!
crypto pki certificate chain TP-self-signed-2432171264
certificate self-signed 01
***key was here redacted**


quit
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
ip address 10.0.0.220 255.255.255.0
!
ip default-gateway 10.0.0.1
ip http server
ip http secure-server
!
ip access-list standard TELNET-ACCESS
permit 10.0.0.110
!
line con 0
password *********
login
line vty 0 4
access-class TELNET-ACCESS in
exec-timeout 5 0
password *********
login local
transport input all
line vty 5 15
access-class TELNET-ACCESS in
password ******
login
transport input ssh
!
end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-09-2021 08:36 AM

the high level you have access-list - only allowed IP 10.0.0.110  (are you using this IP to test ?)

 

if you have console access - remove ACL and test it.

 

line vty 0 4
no access-class TELNET-ACCESS in
line vty 5 15
no access-class TELNET-ACCESS in

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-09-2021 08:36 AM

the high level you have access-list - only allowed IP 10.0.0.110  (are you using this IP to test ?)

 

if you have console access - remove ACL and test it.

 

line vty 0 4
no access-class TELNET-ACCESS in
line vty 5 15
no access-class TELNET-ACCESS in

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Scott Leport
Level 7
Level 7

‎03-09-2021 09:34 AM

Hi there,

 

Best you check with your colleagues before removing that ACL as access to your equipment may be locked down to that host only.

But otherwise, I agree that's the issue. Either remove the ACL from VTY lines if permitted to do so or gain management access to your switch via this host only.

0 Helpful
Customers Also Viewed These Support Documents