12-03-2018 01:54 AM - edited 03-08-2019 04:44 PM
I'm having an issue accessing a Cisco 2960x remotely via SSH. Basic Architecture is as follows
Server --> Nexus 3K --> 2960x
I can SSH from the server to 3K, and then SSH from Nexus to 2960x, but cannot directly SSH to the 2960x from server. The 2960x pings from the server fine.
Any help would be appriciated, thanks.
Solved! Go to Solution.
12-06-2018 08:21 AM
Matt
I had been looking at this as some sort of problem using the default gateway of the 2960. I just realized that if the server address is 192.168.2.140 that the 2960 would regard this as a local connection in vlan 2002. So the 2960 should arp for the server address. But the server address does not show up in the output of show arp that you posted. Would you make another attempt to access the server from the 2960 and then immediately do show arp on the 2960 and post the output?
HTH
Rick
12-10-2018 01:32 AM
12-10-2018 08:11 AM
Matt
Thank you for the output of show arp. It is very interesting and quite puzzling. It does show that the server does respond to arp. But apparently does not respond to ping. What happens if you attempt to access from the server to the switch using the switch address in vlan 2002 rather than using the address in vlan 2001 (ping and/or ssh)?
HTH
Rick
12-10-2018 08:32 AM
Rick,
So this is interesting......when trying to ping vlan 2002 (192.168.2.2) from the server I get Destination host unreachable, and obvously its doesn't connect via SSH.
Regards
Matt
12-10-2018 08:46 AM
Matt
Yes interesting is one way of describing it. Would you try the ping from the server to 192.168.2.2 again and then immediately show the arp table from the server (arp -a or whatever command it might be if your server is not windows). It is looking to me like there is successful communication at layer 2 but something is interfering with communication at layer 3.
HTH
Rick
12-11-2018 01:16 AM - edited 12-11-2018 01:17 AM
12-11-2018 04:12 AM
So I think I have fixed the issue
I've walked into this environment and have been trying to get this to work. I've realised there is no actual business reason to have the SVI's or the secondary address on VLAN 2001 and therefore removed them. Now when trying SSH to 192.168.1.2 it works.
I now also get a clean packet capture in wireshark without the TCP retranmissions.
I havent got my head around theory, but there must have been differnet source MAC's or IP's being used for traffic.......or something along those line.......anyway, for the time being it seems to be working.
Thank you for all your help
Regards
Matt
12-11-2018 06:09 AM
Matt
I am not clear how or why removing the SVI fixed the problem. But I am relieved to know that you now have the problem resolved. This has been a very interesting discussion. Congratulations on finding the solution to your own problem. So +5 to you.
HTH
Rick
12-10-2018 08:18 AM
Could you tell us what error you are getting, when you are trying to do the SSH?
12-11-2018 01:28 AM
Hi,
Putty just returns a "Network error: Connection timed out message"
Regards
Matt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide