04-18-2021 12:27 AM - edited 04-19-2021 05:30 AM
Hello
We recently bought a 3750G-24TS-S (refurbished) switch and got into trouble to set the SSH on it. The problem arises when the configuration is finished. Everything is working properly and, before exiting the Express Setup, I connected to the switch using SSH and logged in successfully with the password I had entered in configuration. After adding the following few lines to the configuration, I lost the local connection and only had SSH permission from VLAN 99 over port 24:
sw-1(config)#int gi 1/0/24
sw-1(config-if)#switchport mode access
sw-1(config-if)#switchport access vlan 99
So I connected to the address 192.168.1.139 with the Putty program, and I logged in by entering the username password, I entered the "wr" or "copy running-config startup-config" command and closed the Putty SSH session, but unfortunately the next time I wanted to connect with the Putty SSH, it showed me "Access Denied" message after entering username and password however I can ping(CMD) and even reach the switch by putty but It looks like my switch is on the Alzheimer's username password.
* PC is connected to switch with a CAT6 cable.
* PC is connected to port 24 and IP has been defined statically : 192.168.1.114 /24 - Gateway : 192.168.1.139
* A TP-link home router modem is connected to the switch (192.168.1.1 /24).
* CMD Ping and Putty "Access Denied" is attached to this post.
I will put run command's output before and after the config and the configuration command I had entered :
run before config :
Current configuration : 1734 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
ip subnet-zero
!
ip dhcp pool 10.0.0.0
network 10.0.0.0 255.255.255.0
lease 0 0 10
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0 secondary
ip address 10.0.0.3 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
line vty 0 4
privilege level 15
no login
line vty 5 15
privilege level 15
no login
!
end
Configuration commands :
> conf t
switch(config)# hostname sw-1
sw-1(config)# ip domain-name test.com
sw-1(config)# crypto key generate rsa
2048
sw-1(config)# username test privilege 15 secret 1234
sw-1(config)# line vty 0 15
sw-1(config-line)# login local
sw-1(config-line)# transport input ssh
sw-1(config)# access-list 1 permit 192.168.1.0 0.0.0.255
sw-1(config)# line vty 0 15
sw-1(config-line)# access-class 1 in
sw-1(config)#ip ssh version 2
sw-1(config)#vlan 99
sw-1(config-vlan)#name MGT
sw-1(config)#int vlan 99
sw-1(config-if)#ip address 192.168.1.139 255.255.255.0
sw-1(config-if)#no shut
------"run after config" part is placed before entering 3 following lines, because the switch will be cut off-------
sw-1(config)#int gi 1/0/24
sw-1(config-if)#switchport mode access
sw-1(config-if)#switchport access vlan 99
run after config :
Current configuration : 2026 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sw-1
!
boot-start-marker
boot-end-marker
!
!
username test privilege 15 secret 5 $1$MPpr$p2Wx3zamweRVpBK6aaNHz/
no aaa new-model
switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
ip subnet-zero
ip domain-name test.com
!
ip dhcp pool 10.0.0.0
network 10.0.0.0 255.255.255.0
lease 0 0 10
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0 secondary
ip address 10.0.0.3 255.255.255.0
!
interface Vlan99
ip address 192.168.1.139 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
line con 0
line vty 0 4
access-class 1 in
privilege level 15
login local
transport input ssh
line vty 5 15
access-class 1 in
privilege level 15
login local
transport input ssh
!
end
Solved! Go to Solution.
04-19-2021 10:33 AM
Thanks for the update. Glad to know that you found and fixed the problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide