Solved: No SSH on C9200-48P Gigabit0/0 (Mgmt)

anton.vanruitenbeek@fokker.com · ‎03-24-2020

Hello,

I've a new 9200 switch and want to add SSH to the Management interface.
Normaly I use SVI, but for this I want to use the Mgmt interface.
SSH is enabled, key generated.

Gateway for Mgmt-vrf is correct, I can ping the switch on the Mgmt interface.

An ACL is created for the line vty 0-15 that allows only SSH from several servers.

When I connect by using SSH to this port I get the message 'Connection Refused'

Is there an implecit ACL somewhere for this interface ? Or vrf ?
Or do I modify the port Gi0/0 that SSH may come from this interface ?

Thanks in advanced.
AvR

anton.vanruitenbeek@fokker.com · ‎03-24-2020

I found the following things:

- set the ACL including 'vrfname Mgmt-vrf'

and I got some issues with the terminalemulator whe are using.

I found also the option 'access-class <ACLNAME> in vrf-also', but when using this I get the message over al the vty lines '% Access-class <ACLNAME> is not configured'

Very odd.

So I have standing now:

line vty 0 4
access-class <ACLNAME> in vrfname Mgmt-vrf
exec-timeout 15 0
length 0
transport input ssh

View solution in original post

anton.vanruitenbeek@fokker.com · ‎03-24-2020

I found the following things:

- set the ACL including 'vrfname Mgmt-vrf'

and I got some issues with the terminalemulator whe are using.

I found also the option 'access-class <ACLNAME> in vrf-also', but when using this I get the message over al the vty lines '% Access-class <ACLNAME> is not configured'

Very odd.

So I have standing now:

line vty 0 4
access-class <ACLNAME> in vrfname Mgmt-vrf
exec-timeout 15 0
length 0
transport input ssh

AlexTsch · ‎10-20-2022

SSH is enabled by default on these machines. everything works also without ACL.

you need to add a user of level 15 and specify the local db in line via the console

username super privelege 15 secret youpassword

line vty 0 4
login local
transport input ssh