Solved: SSH issues for WS-C3750g-24ps-s

dstriplin1 · ‎03-22-2019

Hi All,

Hoping for someone to put a second set of eyes on my config and let me know what I'm overlooking. I have no doubt it is a simple fix, but I cannot seem to figure it out. I do have a K9 image and I believe I have done things correctly, but I am learning. Here is the dump of my sh ver as well as running config....

Thank you in advance for the help!!!!!

-Dave

isco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 21-Jul-11 01:53 by prod_rel_team

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Lab3750 uptime is 23 hours, 12 minutes
System returned to ROM by power-on
System image file is "flash:/c3750-ipservicesk9-mz.122-58.SE2.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3750G-24PS (PowerPC405) processor (revision H0) with 131072K bytes of memory.
Processor board ID FOC1405W6R4
Last reset from power-on
4 Virtual Ethernet interfaces
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 30:37:A6:CA:C7:80
Motherboard assembly number : 73-10217-08
Power supply part number : 341-0108-04
Motherboard serial number : FOC14060W8F
Power supply serial number : DCA1351A25X
Model revision number : H0
Motherboard revision number : C0
Model number : WS-C3750G-24PS-S
System serial number : FOC1405W6R4
Top Assembly Part Number : 800-26855-02
Top Assembly Revision Number : E0
Version ID : V06
CLEI Code Number : COMXD00ARA
Hardware Board Revision Number : 0x09

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 28 WS-C3750G-24PS 12.2(58)SE2 C3750-IPSERVICESK9-M

Lab3750#sh run
Building configuration...

Current configuration : 4727 bytes
!
! Last configuration change at 23:08:11 UTC Mon Mar 1 1993
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Lab3750
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$A5RQ$KP/aAfje7QmxPi7C0tR9H/
enable password 7 047A071607206E5C080F0A4E
!
no aaa new-model
switch 1 provision ws-c3750g-24ps
system mtu routing 1500
ip domain-name [redacted]
!
!
ip dhcp pool DBSPOOL
domain-name davidstriplin.com
default-router 10.0.1.1
dns-server 10.0.1.1
!
!
!
!
crypto pki trustpoint TP-self-signed-2798307200
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2798307200
revocation-check none
rsakeypair TP-self-signed-2798307200
!
!
crypto pki certificate chain TP-self-signed-2798307200
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373938 33303732 3030301E 170D3933 30333031 30303032
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37393833
30373230 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C8DA 005AC4E4 663055B0 3AE38035 D357D2D5 0DF75B02 E695B5BD 12DDADA1
03A519BB 84AE54E9 7DDEB085 5658EEC9 3E53380E F92061F5 42EA8EE3 C8E13BAE
8FC878DE E18A77B6 23AA22DC A1A363CD F7799DDA E454B2D7 A3CE472B E81ADE5D
BC213581 17D44351 8A8D92D5 934905CC 262E1856 AA5191FB 1B97B6FE 17925941
9E570203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06537769 74636830 1F060355 1D230418 30168014 B33A51B4
92450EC4 EEF526D9 38A11D26 DEED0D4B 301D0603 551D0E04 160414B3 3A51B492
450EC4EE F526D938 A11D26DE ED0D4B30 0D06092A 864886F7 0D010104 05000381
81004002 8D950017 023B5CDD 9AC1BD20 9DBAFD19 CB656178 D7E9B48E 76B76C5D
B34364C8 8A1F742C 101BF25D 0DE34790 11A64AF8 19BC00BB 9AB41CCE CEFAF530
F7185348 019F6F75 48E942C5 C133D011 F81DAECA 1E79AD9C C631543E EBBB08AA
97043CFD D535ECEA 0D81D16F 513B75E4 1953AF1D ED10AFA2 EDBA0298 6725DEBF 5142
quit
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
interface GigabitEthernet1/0/1
speed 1000
duplex full
ip verify source
!
interface GigabitEthernet1/0/2
speed 1000
duplex full
!
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 90
speed 1000
duplex full
ip verify source
!
interface GigabitEthernet1/0/4
speed 1000
duplex full
!
interface GigabitEthernet1/0/5
speed 1000
duplex full
!
interface GigabitEthernet1/0/6
speed 1000
duplex full
!
interface GigabitEthernet1/0/7
speed 1000
duplex full
!
interface GigabitEthernet1/0/8
speed 1000
duplex full
!
interface GigabitEthernet1/0/9
speed 1000
duplex full
!
interface GigabitEthernet1/0/10
speed 1000
duplex full
!
interface GigabitEthernet1/0/11
speed 1000
duplex full
!
interface GigabitEthernet1/0/12
speed 1000
duplex full
!
interface GigabitEthernet1/0/13
speed 1000
duplex full
!
interface GigabitEthernet1/0/14
speed 1000
duplex full
!
interface GigabitEthernet1/0/15
speed 1000
duplex full
!
interface GigabitEthernet1/0/16
speed 1000
duplex full
!
interface GigabitEthernet1/0/17
speed 1000
duplex full
!
interface GigabitEthernet1/0/18
speed 1000
duplex full
!
interface GigabitEthernet1/0/19
speed 1000
duplex full
!
interface GigabitEthernet1/0/20
speed 1000
duplex full
!
interface GigabitEthernet1/0/21
speed 1000
duplex full
!
interface GigabitEthernet1/0/22
speed 1000
duplex full
!
interface GigabitEthernet1/0/23
speed 1000
duplex full
!
interface GigabitEthernet1/0/24
speed 1000
duplex full
!
interface GigabitEthernet1/0/25
switchport trunk allowed vlan 50
speed 1000
duplex full
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
!
interface Vlan50
ip address 172.16.1.1 255.255.255.0
!
interface Vlan90
ip address 10.0.1.170 255.255.255.0
spanning-tree link-type point-to-point
!
interface Vlan100
no ip address
!
ip default-gateway 10.0.1.170
ip http server
ip http secure-server
!
!
!
logging esm config
!
!
banner motd ^C
**************************************************************
AUTHORIZED ACCESS ONLY
**************************************************************
^C
!
line con 0
exec-timeout 30 0
password 7 01320A14530A241D205A4150
logging synchronous
login
line vty 0 4
exec-timeout 30 0
password 7 01320A14530A241D205A4150
logging synchronous
login
line vty 5 15
login

balaji.bandi · ‎03-23-2019

But your config "is connected to Gig1/0/25"

interface GigabitEthernet1/0/25
switchport trunk allowed vlan 50
speed 1000
duplex full

Vlan50 is up, line protocol is down
Internet address is 172.16.1.1/24 <<- what is this IP address

Lets change the config as below : to fix the issue, assuming that Router side also trunk configured.

interface GigabitEthernet1/0/25
switchport trunk allowed vlan 50,90 ( not sure what is your router side config, if possisble post that config

test and advise

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

dstriplin1 · ‎03-23-2019

Ok! So I can ping it and Putty and SecureCRT will establish and SSH session so thank you so so much!!!!!

The last thing I will bother you about is that it seems there is a username and password established and I cannot remember it. It is most likely a quick one that I did while trying different commands and I have no clue what it is. How can I clear out any usernames associated with the interfaces as well as the vlans and setup a new one. I'm familiar with how to create a username and password, but not to see the usernames assocaited with an interface or how to clear one out. Any suggestions?

Once again, I very much appreciate your help!!!!!

View solution in original post

dstriplin1 · ‎03-23-2019

Nevermind...I realized I didn't have login local enabled. Good to go and thank you again for your help!

View solution in original post

luis_cordova · ‎03-22-2019

Hi @dstriplin1 ,

Try with:

line vty 0 4

transport input ssh

Regards

dstriplin1 · ‎03-22-2019

Thanks for the input, but that did not work. Anything else you can think of? Pulling my hair out here!

luis_cordova · ‎03-22-2019

Hi @dstriplin1 ,

In addition to doing what is indicated by @Leo Laohoo , try with this:

line vty 0 4

transport input ssh

login local

Now you mention it, the IP configured in the interface vlan 90 is the same that the gateway.

Make sure to change the IP of the interface vlan 90, for example by the 10.0.1.171

Also you must make sure to have ping ti that IP.

I also do not see a created user.

Try creating one:

username test secret test123

Regards

dstriplin1 · ‎03-22-2019

Luis,

Thanks for helping....

I did update the ip of the vlan int but it hasn't seemed to help. I also tried doing a ping from my computer on the LAN and I'm getting no response....not sure what could cause that.

My computer (connected via ethernet to gig1/0/2) ip address is 10.0.1.22 so it should at least ping I would think.

Thanks again for the help!

luis_cordova · ‎03-22-2019

Hi @dstriplin1 ,

In this case, you must associate vlan 90 with the interface to which the pc is connected.

interface GigabitEthernet1/0/2

switchport mode access

switchport access vlan 90

Also you must ensure that the PC has the IP gateway configured in the vlan 90 interface

Regards

dstriplin1 · ‎03-22-2019

I created a user under line vty 0 4 with username test password test123 as suggested, but I'm still not getting anything. What is bothering me is that I cannot ping the address from my computer. I know I've got something messed up but starting to think tunnel vision is making it worse.

Any other suggestions you might have I'm happy to try.

Thanks again!

luis_cordova · ‎03-22-2019

Hi @dstriplin1 ,

The user should not be created in the VTY lines, but in the global configuration mode.

Regards

dstriplin1 · ‎03-22-2019

I did try that as well after you suggested it, but also no luck.....

luis_cordova · ‎03-22-2019

Hi @dstriplin1 ,

After all the changes you have made, you can re-attach your current settings.

Regards

dstriplin1 · ‎03-22-2019

Luis,

Here you go. Thanks again for all of your help!

Lab3750#sh run
Building configuration...

Current configuration : 4839 bytes
!
! Last configuration change at 00:24:29 UTC Tue Mar 2 1993
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Lab3750
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$A5RQ$KP/aAfje7QmxPi7C0tR9H/
enable password 7 047A071607206E5C080F0A4E
!
username test secret 5 $1$yrMB$fD0hH/WVQXrW9l5Gjfatz.
no aaa new-model
switch 1 provision ws-c3750g-24ps
system mtu routing 1500
ip domain-name davidstriplin.com
!
!
ip dhcp pool DBSPOOL
domain-name davidstriplin.com
default-router 10.0.1.1
dns-server 10.0.1.1
!
!
!
!
crypto pki trustpoint TP-self-signed-2798307200
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2798307200
revocation-check none
rsakeypair TP-self-signed-2798307200
!
!
crypto pki certificate chain TP-self-signed-2798307200
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373938 33303732 3030301E 170D3933 30333031 30303032
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37393833
30373230 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C8DA 005AC4E4 663055B0 3AE38035 D357D2D5 0DF75B02 E695B5BD 12DDADA1
03A519BB 84AE54E9 7DDEB085 5658EEC9 3E53380E F92061F5 42EA8EE3 C8E13BAE
8FC878DE E18A77B6 23AA22DC A1A363CD F7799DDA E454B2D7 A3CE472B E81ADE5D
BC213581 17D44351 8A8D92D5 934905CC 262E1856 AA5191FB 1B97B6FE 17925941
9E570203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06537769 74636830 1F060355 1D230418 30168014 B33A51B4
92450EC4 EEF526D9 38A11D26 DEED0D4B 301D0603 551D0E04 160414B3 3A51B492
450EC4EE F526D938 A11D26DE ED0D4B30 0D06092A 864886F7 0D010104 05000381
81004002 8D950017 023B5CDD 9AC1BD20 9DBAFD19 CB656178 D7E9B48E 76B76C5D
B34364C8 8A1F742C 101BF25D 0DE34790 11A64AF8 19BC00BB 9AB41CCE CEFAF530
F7185348 019F6F75 48E942C5 C133D011 F81DAECA 1E79AD9C C631543E EBBB08AA
97043CFD D535ECEA 0D81D16F 513B75E4 1953AF1D ED10AFA2 EDBA0298 6725DEBF 5142
quit
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
!
!
!
interface GigabitEthernet1/0/1
speed 1000
duplex full
ip verify source
!
interface GigabitEthernet1/0/2
speed 1000
duplex full
!
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 90
speed 1000
duplex full
ip verify source
!
interface GigabitEthernet1/0/4
speed 1000
duplex full
!
interface GigabitEthernet1/0/5
speed 1000
duplex full
!
interface GigabitEthernet1/0/6
speed 1000
duplex full
!
interface GigabitEthernet1/0/7
speed 1000
duplex full
!
interface GigabitEthernet1/0/8
speed 1000
duplex full
!
interface GigabitEthernet1/0/9
speed 1000
duplex full
!
interface GigabitEthernet1/0/10
speed 1000
duplex full
!
interface GigabitEthernet1/0/11
speed 1000
duplex full
!
interface GigabitEthernet1/0/12
speed 1000
duplex full
!
interface GigabitEthernet1/0/13
speed 1000
duplex full
!
interface GigabitEthernet1/0/14
speed 1000
duplex full
!
interface GigabitEthernet1/0/15
speed 1000
duplex full
!
interface GigabitEthernet1/0/16
speed 1000
duplex full
!
interface GigabitEthernet1/0/17
speed 1000
duplex full
!
interface GigabitEthernet1/0/18
speed 1000
duplex full
!
interface GigabitEthernet1/0/19
speed 1000
duplex full
!
interface GigabitEthernet1/0/20
speed 1000
duplex full
!
interface GigabitEthernet1/0/21
speed 1000
duplex full
!
interface GigabitEthernet1/0/22
speed 1000
duplex full
!
interface GigabitEthernet1/0/23
speed 1000
duplex full
!
interface GigabitEthernet1/0/24
speed 1000
duplex full
!
interface GigabitEthernet1/0/25
switchport trunk allowed vlan 50
speed 1000
duplex full
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
!
interface Vlan50
ip address 172.16.1.1 255.255.255.0
!
interface Vlan90
ip address 10.0.1.171 255.255.255.0
spanning-tree link-type point-to-point
!
interface Vlan100
no ip address
!
ip default-gateway 10.0.1.170
ip http server
ip http secure-server
!
!
!
logging esm config
!
!
banner motd ^C
**************************************************************
AUTHORIZED ACCESS ONLY
**************************************************************
^C
!
line con 0
exec-timeout 30 0
password 7 01320A14530A241D205A4150
logging synchronous
line vty 0 4
exec-timeout 30 0
password 7 01320A14530A241D205A4150
logging synchronous
login local
transport input ssh
line vty 5 15
login
transport input ssh
!
end

luis_cordova · ‎03-22-2019

Hi @dstriplin1

Try with this:

interface GigabitEthernet1/0/2

switchport mode access

switchport access vlan 90

interface Vlan90

no spanning-tree link-type point-to-point

line vty 0 4
no password
no logging synchronous

And remeber try with ping first

No connectivity, no ssh

Regards

dstriplin1 · ‎03-22-2019

Ok, so one last ditch effort. I noticed on my show run command that the http server and http secure-server was not enabled. I ran the following commands to enable...could that be the issue?

Lab3750(config)#ip http server
Lab3750(config)#ip http secure
Lab3750(config)#ip http secure-ser
Lab3750(config)#ip http secure-server

!

luis_cordova · ‎03-22-2019

Hi @dstriplin1 ,

About this command, check this link:

https://community.cisco.com/t5/switching/may-i-disable-quot-ip-http-secure-server-quot-if-i-have-ssh/td-p/3224506

Regards

Leo Laohoo · ‎03-22-2019

Try this:

conf t
 crypto key generate rsa modulus <360-4096>
 ip ssh ver 2
 line vty 0 15
  transport input ssh
 end