Thank you for your reply.

No, there are no ACL.s applied for management access

Hello,

I think problem may be related to the differences between encryption and/or MAC algorithm. The switch may not negotiate what the server proposes. Do you have available the command "sh ip ssh"?? 

3650_24# sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 30 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits

Take a look a tell us.

Hi,

Here is the ouput from the sh ip ssh command on the Cisco 2960x

ukgbpedensw1#sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits

Could you please add the Nexus output for this command. In this way we can see if this is the problem

Hello

Is it possible the Nk3 is negating this access for the server?
Can you post the config of the switch.

Hi,  

Attached is the config on the Nexus,  I've had to sanatize it for security, so a few vlaues have ben replaced with <removed> (descriptions, passwords etc)

Thanks

You told us that the switch can ping the server. Can you confirm that the server can ping the switch? 

When you attempt ssh from the server to the switch are there any log messages generated on the switch that reflect this?

It is nice to see the config of the nexus. Paul requested the config of the 2960 and seeing it might be quite helpful.

HTH

Rick

Apologies, I read his message as needing to see the Nexus config......anyway 2960x config attached.

The switch cannot ping the server.  I said the switch pings from the server

Server --> switch (pings)

Switch --> Server (doesnt ping)

Its not the firewall on there server, as this is allowing ping and the Nexus is able to ping the server fine.

There are no SSH related logs on the switch

Thank you for your help.

Having read the post from Paul again it does seem that perhaps he was asking for the Nexus switch config. I guess I interpreted it differently because I wanted to see the config from the 2960. So thank you for posting the config. Would you also post the output of show ip interface brief from the 2960? Also please post the output of show ip route from the 2960.

It is interesting that ping from the server to switch does work but ping from switch to server does not work. Since the switch has multiple IP addresses can you tell us which switch address you use when ping from server to switch? And can you tell us when attempting SSH to the switch are you using the same IP address that is used for the successful ping? Could you post output of traceroute from server to switch and traceroute from switch to server?

HTH

Rick

Please find the output from the various command you wanted to see.

I am attempting to ping the 192.168.1.2 address and SSH to the same.

Thanks

Thank you for the additional information. I am interested in the fact that when the 2960 attempts to traceroute that the first probe does not receive a response. The first probe packet should go to 192.168.1.1 and should receive a response. But it does not. I looked through the config of the nexus and do not see anything on the interface that would impact sending a response. Can the 2960 ping 192.168.1.1?

Would you post the output of show arp (or perhaps show ip arp)? And would you post the output of show cdp neighbor?

HTH

Rick

Many thanks for your help so far.

Attached is the additional output you have asked for.

Kind Regards

Matt

Matt

Thank you for the additional information. Would you run debug for ssh on the 2960, attempt ssh from the server, and post the output?

HTH

Rick