Enabling SSH

ftamiru0 · ‎03-15-2023

Hello everyone.

I have a 92348GC-X Layer 3 switch. and I'm trying to configure ssh and telenet. but i can't login after i configure it. if anyone who raise same problem , please let me know how to configure it.

marce1000 · ‎03-15-2023

- FYI : https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_chapter_01000.html

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MHM Cisco World · ‎03-15-2023

SSH need domain and RSA key
telnet is not need that,
are you config username/password ?
can I see your config ??

Richard Burts · ‎03-15-2023

The original post gives a very general description of the issue but very little detail to help us understand the problem. It would be helpful if we could see the current running config (with disguise of any sensitive information like Public IP). If you do not want to provide the running conf then please start with the config of the vty. Also please post the output of show ip ssh.

HTH

Rick

ftamiru0 · ‎03-16-2023

Let me Attach my running config.

ftamiru0 · ‎03-16-2023

crypto key param rsa label CSW2-ADD1-10-N9K modulus 512
spanning-tree mode mst
system default switchport
system jumbomtu 9000
ip access-list copp-system-acl-eigrp
10 permit eigrp any 224.0.0.10/32
ipv6 access-list copp-system-acl-eigrp6
10 permit eigrp any ff02::a/128
ip access-list copp-system-acl-icmp
10 permit icmp any any
ip access-list copp-system-acl-igmp
10 permit igmp any any
ip access-list copp-system-acl-ntp
10 permit udp any any eq ntp
20 permit udp any eq ntp any
ip access-list copp-system-acl-pimreg
10 permit pim any any
ip access-list copp-system-acl-ping
10 permit icmp any any echo
20 permit icmp any any echo-reply
ip access-list copp-system-acl-routingproto1
10 permit tcp any gt 1024 any eq bgp
20 permit tcp any eq bgp any gt 1024
30 permit udp any 224.0.0.0/24 eq rip
40 permit tcp any gt 1024 any eq 639
50 permit tcp any eq 639 any gt 1024
70 permit ospf any any
80 permit ospf any 224.0.0.5/32
90 permit ospf any 224.0.0.6/32
ip access-list copp-system-acl-routingproto2
10 permit udp any 224.0.0.0/24 eq 1985
20 permit 112 any 224.0.0.0/24
ip access-list copp-system-acl-snmp
10 permit udp any any eq snmp
20 permit udp any any eq snmptrap
ip access-list copp-system-acl-ssh
10 permit tcp any any eq 22
20 permit tcp any eq 22 any
ip access-list copp-system-acl-stftp
10 permit udp any any eq tftp
20 permit udp any any eq 1758
30 permit udp any eq tftp any
40 permit udp any eq 1758 any
50 permit tcp any any eq 115
60 permit tcp any eq 115 any
ip access-list copp-system-acl-tacacsradius
20 permit tcp any eq tacacs any
30 permit udp any any eq 1812
40 permit udp any any eq 1813
50 permit udp any any eq 1645
60 permit udp any any eq 1646
70 permit udp any eq 1812 any
80 permit udp any eq 1813 any
90 permit udp any eq 1645 any
100 permit udp any eq 1646 any
ip access-list copp-system-acl-telnet
10 permit tcp any any eq telnet
20 permit tcp any any eq 107
30 permit tcp any eq telnet any
40 permit tcp any eq 107 any
ipv6 access-list copp-system-acl-v6routingProto2
10 permit udp any ff02::66/128 eq 2029
20 permit udp any ff02::fb/128 eq 5353
ipv6 access-list copp-system-acl-v6routingproto1
10 permit 89 any ff02::5/128
20 permit 89 any ff02::6/128
30 permit udp any ff02::9/128 eq 521
ip access-list copp-system-dhcp-relay
10 permit udp any eq bootps any eq bootps
ip access-list snmp
10 remark - Allow ONLY management subnet
20 permit ip 192.168.1.0/24 any
30 permit ip 10.9.11.0/24 any
ip access-list ssh
10 remark - Allow management subnet
20 remark - Allow IT subnet
30 permit ip 192.168.1.0/24 any
40 permit ip 10.20.65.0/24 any
class-map type qos match-all copp-s-ipmcmiss
class-map type control-plane match-any copp-icmp
match access-group name copp-system-acl-icmp
class-map type control-plane match-any copp-ntp
match access-group name copp-system-acl-ntp
class-map type control-plane match-any copp-s-arp
class-map type control-plane match-any copp-s-bfd
class-map type control-plane match-any copp-s-bpdu
class-map type control-plane match-any copp-s-dai
class-map type control-plane match-any copp-s-default
class-map type control-plane match-any copp-s-dhcpreq
class-map type control-plane match-any copp-s-dhcpresp
match access-group name copp-system-dhcp-relay
class-map type control-plane match-any copp-s-dpss
class-map type control-plane match-any copp-s-eigrp
match access-group name copp-system-acl-eigrp
match access-group name copp-system-acl-eigrp6
class-map type control-plane match-any copp-s-glean
class-map type control-plane match-any copp-s-igmp
match access-group name copp-system-acl-igmp
class-map type control-plane match-any copp-s-ipmcmiss
class-map type control-plane match-any copp-s-l2switched
class-map type control-plane match-any copp-s-l3destmiss
class-map type control-plane match-any copp-s-l3mtufail
class-map type control-plane match-any copp-s-l3slowpath
class-map type control-plane match-any copp-s-pimautorp
class-map type control-plane match-any copp-s-pimreg
match access-group name copp-system-acl-pimreg
class-map type control-plane match-any copp-s-ping
match access-group name copp-system-acl-ping
class-map type control-plane match-any copp-s-ptp
class-map type control-plane match-any copp-s-routingProto1
match access-group name copp-system-acl-routingproto1
match access-group name copp-system-acl-v6routingproto1
class-map type control-plane match-any copp-s-routingProto2
match access-group name copp-system-acl-routingproto2
class-map type control-plane match-any copp-s-selfIp
class-map type control-plane match-any copp-s-ttl1
class-map type control-plane match-any copp-s-v6routingProto2
match access-group name copp-system-acl-v6routingProto2
class-map type control-plane match-any copp-s-vxlan
class-map type control-plane match-any copp-snmp
match access-group name copp-system-acl-snmp
class-map type control-plane match-any copp-ssh
match access-group name copp-system-acl-ssh
class-map type control-plane match-any copp-stftp
match access-group name copp-system-acl-stftp
class-map type control-plane match-any copp-tacacsradius
match access-group name copp-system-acl-tacacsradius
class-map type control-plane match-any copp-telnet
match access-group name copp-system-acl-telnet
policy-map type control-plane copp-system-policy
class copp-s-selfIp
police cir 500 bps bc 32000 bytes conform transmit violate drop
class copp-s-default
police cir 400 bps bc 32000 bytes conform transmit violate drop
class copp-s-l2switched
police cir 200 bps bc 32000 bytes conform transmit violate drop
class copp-s-ping
police cir 100 bps bc 32000 bytes conform transmit violate drop
class copp-s-l3destmiss
police cir 100 bps bc 32000 bytes conform transmit violate drop
class copp-s-glean
police cir 500 bps bc 32000 bytes conform transmit violate drop
class copp-s-l3mtufail
police cir 100 bps bc 32000 bytes conform transmit violate drop
class copp-s-ttl1
police cir 100 bps bc 32000 bytes conform transmit violate drop
class copp-s-ipmcmiss
police cir 400 bps bc 32000 bytes conform transmit violate drop
class copp-s-l3slowpath
police cir 100 bps bc 32000 bytes conform transmit violate drop
class copp-s-dhcpreq
police cir 300 bps bc 32000 bytes conform transmit violate drop
class copp-s-dhcpresp
police cir 300 bps bc 32000 bytes conform transmit violate drop
class copp-s-dai
police cir 300 bps bc 32000 bytes conform transmit violate drop
class copp-s-igmp
police cir 400 bps bc 32000 bytes conform transmit violate drop
class copp-s-routingProto2
police cir 1300 bps bc 32000 bytes conform transmit violate drop
class copp-s-v6routingProto2
police cir 1300 bps bc 32000 bytes conform transmit violate drop
class copp-s-eigrp
police cir 200 bps bc 32000 bytes conform transmit violate drop
class copp-s-pimreg
police cir 200 bps bc 32000 bytes conform transmit violate drop
class copp-s-pimautorp
police cir 200 bps bc 32000 bytes conform transmit violate drop
class copp-s-routingProto1
police cir 1000 bps bc 32000 bytes conform transmit violate drop
class copp-s-arp
police cir 200 bps bc 32000 bytes conform transmit violate drop
class copp-s-ptp
police cir 1000 bps bc 32000 bytes conform transmit violate drop
class copp-s-vxlan
police cir 1000 bps bc 32000 bytes conform transmit violate drop
class copp-s-bfd
police cir 350 bps bc 32000 bytes conform transmit violate drop
class copp-s-bpdu
police cir 12000 bps bc 32000 bytes conform transmit violate drop
class copp-icmp
police cir 200 bps bc 32000 bytes conform transmit violate drop
class copp-ssh
police cir 500 bps bc 32000 bytes conform transmit violate drop
class copp-snmp
police cir 500 bps bc 32000 bytes conform transmit violate drop
class copp-tacacsradius
police cir 400 bps bc 32000 bytes conform transmit violate drop
control-plane

Richard Burts · ‎03-16-2023

What you have posted is only part of the config, and not the part that we need at the moment. If you do not post the complete config then please post the config beginning at line vty. Also please post the output of show ip ssh.

Also can you confirm that neither ssh nor telnet are successful? If you attempt access do you get any kind of response?

And can you confirm that you do have ip access? Can you ping the address that you are attempting ssh or telnet to?

HTH

Rick

ftamiru0 · ‎03-17-2023

let me make it clear, I'm trying to configure SSH and Telnet with CoPP and PPS. but on this model (92348GC-X) PPS not working to apply ACL. it have bps instead. so how could I configure PPS on this model?