cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
280
Views
5
Helpful
6
Replies

IPBASE SSH/Telnet

Monroetech
Beginner
Beginner

Hello Cisco Enthusiasts. 

I'm having issues with configuring a WS-C3650-12X48UQ 16.3.6 CAT3K_CAA-UNIVERSALK9

I can not connect via ssh or telnet via putty. I can telnet in through my switch But can't ping.... Any help is much appreciated.

x = omitted

hostname xxxxxxxxx
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$0v77$u0M5EUMqejrVATTG6ZwJK1
!
aaa new-model
!
!
aaa group server tacacs+ xxxxxxxx omitted
!
aaa authentication login default group xxxxxxx local
aaa authentication login xxxxxxx local
aaa authentication login console local
aaa authentication enable default group tacacs+ enable
!
!
!
!
!
!
aaa session-id common
clock timezone EDT -5 0
clock summer-time EDT recurring
switch 1 provision ws-c3650-12x48uq
!
!
!
!
!
!
!
ip domain name xx.xxxxxxxxx.xxx omitted
!
!
!
!
!
!
!
!
vtp domain NULL
vtp mode transparent
!
!
!
license boot level ipbasek9
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
username xxxxxxx password 0 xxxxxxxxxxx
!
redundancy
mode sso
!
!
vlan x
name xxxxxxxxxx
!
vlan xx
name xxxxxxxxxxx
!
vlan xx
name xxxxxxxxxxxx
!
vlan xx
name xxxxxxxxxx
!
vlan xxx
name xxxxxxxxxxxxxx
!
vlan xxx
name xxxxxxx
!
vlan xxx
name xxxxxxxxxxxxxxxx
!
vlan xxx
!
vlan xxx
name TenGig-Test-Vlan
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description mgmt-test
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
description xxxxxxxxxxxxxxxxx
switchport access vlan xxx
switchport mode access
!
interface GigabitEthernet1/0/2
description xxxxxxxxxxxxxxxxxxxx
switchport access vlan xxx
switchport mode access
!
interface GigabitEthernet1/0/3
description xxxxxxxxxxxxxxxxxx
switchport access vlan xxx
switchport mode access
!
interface GigabitEthernet1/0/4
description xxxxxxxxxxxxxx
switchport access vlan xxx
switchport mode access
!
interface GigabitEthernet1/0/5
description xxxxxxxxxxxxxx
switchport access vlan xxx
switchport mode access
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
switchport trunk allowed vlan x,xx
switchport mode trunk
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface TenGigabitEthernet1/0/37
description xxxxxxxxxxxxxxxxx
switchport access vlan xxx
switchport mode access
!
interface TenGigabitEthernet1/0/38
description xxxxxxxxxxxxxxxxxxx
switchport access vlan xxx
switchport mode access
!
interface TenGigabitEthernet1/0/39
description xxxxxxx (Block 2)
switchport access vlan xxx
switchport mode access
!
interface TenGigabitEthernet1/0/40
!
interface TenGigabitEthernet1/0/41
!
interface TenGigabitEthernet1/0/42
!
interface TenGigabitEthernet1/0/43
!
interface TenGigabitEthernet1/0/44
!
interface TenGigabitEthernet1/0/45
!
interface TenGigabitEthernet1/0/46
!
interface TenGigabitEthernet1/0/47
!
interface TenGigabitEthernet1/0/48
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
description Trunk to xxxxx
switchport trunk allowed vlan x,xxx,xxx
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
description management
ip address 10.1.1.30 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip sla enable reaction-alerts
logging trap notifications
logging facility syslog
logging host x.x.x.x
logging host x.x.x.x
!
snmp-server community xxxxxxxxx
snmp-server community xxxxxxxxxxx
snmp-server location xxxxxxxxxxxxxxxxxxxxxxxxx
tacacs-server directed-request
tacacs server xxxxxxxxxxxxxx Omitted
address ipv4 xx.x.x.xxx
key  xxxxxxxxxxxxxx
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
no vstack
!
line con 0
logging synchronous
history size 100
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password xxx
logging synchronous
history size 100
transport input all
line vty 5 15
exec-timeout 0 0
password xxx
logging synchronous
history size 100
transport input all
!
ntp server x.x.x.x  - Omitted
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end

1 Accepted Solution

Accepted Solutions

I can telnet into this switch from my switch but I can not ping it from my pc nor access this switch ssh/telnet via putty.

what is the my switch IP address ?

what IP you are not able to ping from where ?

as i mentioned i do not see default gateway config in your switch config (if that is outdated config, post the new updated config)

below is your manangment VLAN

interface Vlan2
description management
ip address 10.1.1.30 255.255.255.0

you should have default-gateway config 10.1.1.X

 

if you looking authentication TACACS and it fails and use local then below sample config :

aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
!
tacacs-server host 10.10.10.10 key 7 mykey
tacacs-server directed-request

- for ssh you have configured so follow the document i have suggested.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

6 Replies 6

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

check ssh config :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3e/consolidated_guide/configuration_guide/b_consolidated_3650_3se_cg/b_consolidated_3650_3se_cg_chapter_01000101.pdf

I can telnet in through my switch But can't ping.

is that mean via different switch are you able to login ? and not able to ping where ?

i have not see any config ip routing in place, so switch does not know how to route ?

if the switch need to act as Layer 3, then use ip route x.x.x.x or if switch is Layer 2 then default gateway config ?

is that authenticaiton using local account or radius or external user source ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sorry for any confusion. All of the "x's" is data that I've omitted. We're wanting this to act like a layer 2 switch only. I have the default gateway setup. Authentication is local and tacacs. I can access the switch from another switch using telnet but I can't ping nor access this switch ssh or telnet using putty. Any help is appreciated.

let me repost my reply - since you not given inputs what we asked :

I can telnet in through my switch But can't ping.

is that mean via different switch are you able to login ? and not able to ping where ?

i have not see any config ip routing in place, so switch does not know how to route ?

if the switch need to act as Layer 3, then use ip route x.x.x.x or if switch is Layer 2 then default gateway config ?

is that authenticaiton using local account or radius or external user source ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sorry, I thought I answered this.

Default gateway is setup - Layer 2 only

Authentication - local and tacacs

I can telnet into this switch from my switch but I can not ping it from my pc nor access this switch ssh/telnet via putty.

 

I can telnet into this switch from my switch but I can not ping it from my pc nor access this switch ssh/telnet via putty.

what is the my switch IP address ?

what IP you are not able to ping from where ?

as i mentioned i do not see default gateway config in your switch config (if that is outdated config, post the new updated config)

below is your manangment VLAN

interface Vlan2
description management
ip address 10.1.1.30 255.255.255.0

you should have default-gateway config 10.1.1.X

 

if you looking authentication TACACS and it fails and use local then below sample config :

aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
!
tacacs-server host 10.10.10.10 key 7 mykey
tacacs-server directed-request

- for ssh you have configured so follow the document i have suggested.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

You are correct. After double checking, I skipped default gateway! 

Thank you!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers