cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3934
Views
0
Helpful
4
Replies

ssh problem from router to switch

hamzashahid
Level 1
Level 1

hi this is hamza shahid 

 

i'm trying to make ssh session between router and switch , i have setup ssh in switch and trying to take remote through ssh to router , the problem is when ever i try this shows an error which says connection refused by host 

 

what did i config i have mentioned all configuration and also wording for clearance

 

i firstly make vlan 2 in VTP server switch then i went to client switch and entered this command which is switchport access vlan 2 in ether-channel config ports which was also using trunking mode 

 then i went to router to make sub interface for inter vlan i assign ip there statically and added that network to ospf routing protocol now i can  ping 192.168.10.2 but i am not able to make ssh session to this ip as i have mentioned error above  kindly review that for more clearification kindly review my all running configuration 

 

this is my router configuration::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

 

Current configuration : 2980 bytes

!

version 15.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

service password-encryption

!

hostname central#router

!

!

!

enable password 7 08264542294B5445

!

!

!

ip dhcp pool VLAN10

network 10.0.0.0 255.255.255.0

default-router 10.0.0.1

ip dhcp pool VLAN11

network 10.0.1.0 255.255.255.0

default-router 10.0.1.1

ip dhcp pool VLAN12

network 10.0.2.0 255.255.255.0

default-router 10.0.2.1

ip dhcp pool VLAN14servers

network 10.0.3.0 255.255.255.248

default-router 10.0.3.1

ip dhcp pool VLAN-APs

network 10.1.0.0 255.255.0.0

default-router 10.1.0.1

ip dhcp pool VLAN#13

network 10.0.4.0 255.255.255.0

default-router 10.0.4.1

ip dhcp pool WAN

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

ip dhcp pool VLAN-15

network 10.0.5.0 255.255.255.0

default-router 10.0.5.1

!

!

!

no ip cef

no ipv6 cef

!

!

!

username gil password 7 08264542294B5445

!

!

!

!

!

!

!

!

ip domain-name gil.com.pk

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0/0

no ip address

duplex full

speed 1000

!

interface GigabitEthernet0/0/0.2

encapsulation dot1Q 2

no ip address

!

interface GigabitEthernet0/0/0.10

encapsulation dot1Q 10

ip address 10.0.0.1 255.255.255.0

!

interface GigabitEthernet0/0/0.11

encapsulation dot1Q 11

ip address 10.0.1.1 255.255.255.0

!

interface GigabitEthernet0/0/0.12

encapsulation dot1Q 12

ip address 10.0.2.1 255.255.255.0

!

interface GigabitEthernet0/0/0.13

encapsulation dot1Q 13

ip address 10.0.4.1 255.255.255.0

!

interface GigabitEthernet0/0/0.14

encapsulation dot1Q 14

ip address 10.0.3.1 255.255.255.248

!

interface GigabitEthernet0/0/0.15

encapsulation dot1Q 15

ip address 10.0.5.1 255.255.255.0

!

interface GigabitEthernet0/0/0.16

encapsulation dot1Q 16

ip address 10.1.0.1 255.255.0.0

ip access-group 100 in

!

interface GigabitEthernet0/0/1

ip address 192.168.10.1 255.255.255.0

ip access-group 101 out

duplex full

speed 100

!

interface Vlan1

no ip address

shutdown

!

router ospf 2

log-adjacency-changes

network 10.0.0.0 0.0.0.255 area 2

network 10.0.1.0 0.0.0.255 area 2

network 10.0.2.0 0.0.0.255 area 2

network 10.0.3.0 0.0.0.255 area 2

network 10.0.4.0 0.0.0.255 area 2

network 10.1.0.0 0.0.255.255 area 2

network 10.0.5.0 0.0.0.255 area 2

network 192.168.10.0 0.0.0.7 area 2

!

ip classless

!

ip flow-export version 9

!

!

access-list 100 permit ip 10.1.0.0 0.0.255.255 192.168.10.0 0.0.0.255

access-list 100 deny ip 10.1.0.0 0.0.255.255 any

access-list 100 permit ip any any

access-list 101 permit ip 10.0.5.0 0.0.0.255 host 192.168.10.2

access-list 101 deny ip 10.0.5.0 0.0.0.255 any

access-list 101 permit ip any any

!

!

!

!

!

line con 0

password 7 08264542294B5445

login local

!

line aux 0

password 7 08264542294B5445

login local

!

line vty 0 4

password 7 08264542294B5445

login local

transport input ssh

line vty 5 14

login local

transport input ssh

line vty 15

password 7 08264542294B5445

login local

transport input ssh

!

!

!

end

 

this is my VTP server switch config::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

 

Current configuration : 2361 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname central#switch

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface Port-channel1

!

interface Port-channel2

!

interface Port-channel4

!

interface FastEthernet0/1

switchport access vlan 14

switchport mode access

duplex full

speed 100

!

interface FastEthernet0/2

switchport access vlan 14

switchport mode access

duplex full

speed 100

!

interface FastEthernet0/3

switchport access vlan 14

switchport mode access

duplex full

speed 100

!

interface FastEthernet0/4

duplex full

speed 100

!

interface FastEthernet0/5

switchport access vlan 14

switchport mode access

duplex full

speed 100

!

interface FastEthernet0/6

switchport access vlan 16

switchport mode access

duplex full

speed 100

!

interface FastEthernet0/7

duplex full

speed 100

!

interface FastEthernet0/8

duplex full

speed 100

!

interface FastEthernet0/9

duplex full

speed 100

!

interface FastEthernet0/10

duplex full

speed 100

!

interface FastEthernet0/11

duplex full

speed 100

!

interface FastEthernet0/12

duplex full

speed 100

!

interface FastEthernet0/13

duplex full

speed 100

!

interface FastEthernet0/14

duplex full

speed 100

!

interface FastEthernet0/15

duplex full

speed 100

channel-group 4 mode desirable

!

interface FastEthernet0/16

duplex full

speed 100

channel-group 4 mode desirable

!

interface FastEthernet0/17

duplex full

speed 100

channel-group 1 mode desirable

!

interface FastEthernet0/18

duplex full

speed 100

channel-group 1 mode desirable

!

interface FastEthernet0/19

duplex full

speed 100

channel-group 1 mode desirable

!

interface FastEthernet0/20

duplex full

speed 100

channel-group 1 mode desirable

!

interface FastEthernet0/21

duplex full

speed 100

channel-group 2 mode desirable

!

interface FastEthernet0/22

duplex full

speed 100

channel-group 2 mode desirable

!

interface FastEthernet0/23

duplex full

speed 100

channel-group 2 mode desirable

!

interface FastEthernet0/24

duplex full

speed 100

channel-group 2 mode desirable

!

interface GigabitEthernet0/1

switchport mode trunk

duplex full

speed 1000

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

!

!

!

line con 0

!

line vty 0 4

login

line vty 5 15

login

!

!

!

end

 

 

and (VTP client switch)  finally config or that switch in which i want to make ssh session::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

 

Current configuration : 2361 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname central#switch

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface Port-channel1

!

interface Port-channel2

!

interface Port-channel4

!

interface FastEthernet0/1

switchport access vlan 14

switchport mode access

duplex full

speed 100

!

interface FastEthernet0/2

switchport access vlan 14

switchport mode access

duplex full

speed 100

!

interface FastEthernet0/3

switchport access vlan 14

switchport mode access

duplex full

speed 100

!

interface FastEthernet0/4

duplex full

speed 100

!

interface FastEthernet0/5

switchport access vlan 14

switchport mode access

duplex full

speed 100

!

interface FastEthernet0/6

switchport access vlan 16

switchport mode access

duplex full

speed 100

!

interface FastEthernet0/7

duplex full

speed 100

!

interface FastEthernet0/8

duplex full

speed 100

!

interface FastEthernet0/9

duplex full

speed 100

!

interface FastEthernet0/10

duplex full

speed 100

!

interface FastEthernet0/11

duplex full

speed 100

!

interface FastEthernet0/12

duplex full

speed 100

!

interface FastEthernet0/13

duplex full

speed 100

!

interface FastEthernet0/14

duplex full

speed 100

!

interface FastEthernet0/15

duplex full

speed 100

channel-group 4 mode desirable

!

interface FastEthernet0/16

duplex full

speed 100

channel-group 4 mode desirable

!

interface FastEthernet0/17

duplex full

speed 100

channel-group 1 mode desirable

!

interface FastEthernet0/18

duplex full

speed 100

channel-group 1 mode desirable

!

interface FastEthernet0/19

duplex full

speed 100

channel-group 1 mode desirable

!

interface FastEthernet0/20

duplex full

speed 100

channel-group 1 mode desirable

!

interface FastEthernet0/21

duplex full

speed 100

channel-group 2 mode desirable

!

interface FastEthernet0/22

duplex full

speed 100

channel-group 2 mode desirable

!

interface FastEthernet0/23

duplex full

speed 100

channel-group 2 mode desirable

!

interface FastEthernet0/24

duplex full

speed 100

channel-group 2 mode desirable

!

interface GigabitEthernet0/1

switchport mode trunk

duplex full

speed 1000

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

!

!

!

line con 0

!

line vty 0 4

login

line vty 5 15

login

!

!

!

end

 

hope u understand that all

 

Best Regards:

HAMZA SHAHID

 

1 Accepted Solution

Accepted Solutions

it is solved now thanks for guidance what did i do is here u can see

 

i went to central router and then made gig0/0/0.20 and added vlan 20 with ip adddress of 192.168.20.1 255.255.255.0 

and then went to vtp server switch made vlan 20 there and also made int vlan 20 with ip adddress of 192.168.20.2 255.255.255.0 in reomte switch and configure all ssh configurations there which worked now 

 

u may close this thread now as solved thread

 

Best Regards

HAMZA SHAHID

 

View solution in original post

4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni
Hi
have you turned on ssh in the device your trying to access ?

ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface x
ip ssh version 2
ip domain-name ineedssh.com


line vty 0 4
transport input ssh

then also enable crypto and you must have a K9 image on the device for SSH

(config)#crypto key generate rsa
hit return type 2048 and hit return again it wil generate keys

The run show ip ssh to see if the keys are there and ssh is fully enabled

#sh ip ssh
SSH Enabled - version 2.0



thanku for reply 

yes its enabled and now it is saying connection refused by host although it is able to ping 192.168.10.2 which is at interface vlan 2 in remote switch through any network

 

this command is not showing in packet tracer which is ip ssh source-interface 

 

where am i making mistake in configurations kindly help me to figure it out.

 

Best Regards:

HAMZA SHAHID

 

 

ok so your trying to ssh out this interface below yes the far end of 192.168.10.1 is that correct from the hostname central#router ? is ssh enabled to on the router your trying to ssh too 192.168.10.2 router ?

remove the access-list as a test and retry but first confirm the router your trying to ssh to has it enabled

interface GigabitEthernet0/0/1
ip address 192.168.10.1 255.255.255.0
ip access-group 101 out
duplex full
speed 100

it is solved now thanks for guidance what did i do is here u can see

 

i went to central router and then made gig0/0/0.20 and added vlan 20 with ip adddress of 192.168.20.1 255.255.255.0 

and then went to vtp server switch made vlan 20 there and also made int vlan 20 with ip adddress of 192.168.20.2 255.255.255.0 in reomte switch and configure all ssh configurations there which worked now 

 

u may close this thread now as solved thread

 

Best Regards

HAMZA SHAHID

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: