cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1067
Views
45
Helpful
24
Replies
Highlighted
Beginner

Unable to SSH direcetly to 2960x

I'm having an issue accessing a Cisco 2960x remotely via SSH.  Basic Architecture is as follows

 

Server --> Nexus 3K --> 2960x

 

I can SSH from the server to 3K, and then SSH from Nexus to 2960x, but cannot directly SSH to the 2960x from server.  The 2960x pings from the server fine.

 

Any help would be appriciated, thanks.

 

 

24 REPLIES 24
Highlighted

Matt

 

I had been looking at this as some sort of problem using the default gateway of the 2960. I just realized that if the server address is 192.168.2.140 that the 2960 would regard this as a local connection in vlan 2002. So the 2960 should arp for the server address. But the server address does not show up in the output of show arp that you posted. Would you make another attempt to access the server from the 2960 and then immediately do show arp on the 2960 and post the output?

 

HTH

 

Rick

HTH

Rick
Highlighted

Hi,

 

Thank you for your help, please see the output of the show arp attached.

 

Regards

Matt

Highlighted

Matt

 

Thank you for the output of show arp. It is very interesting and quite puzzling. It does show that the server does respond to arp. But apparently does not respond to ping. What happens if you attempt to access from the server to the switch using the switch address in vlan 2002 rather than using the address in vlan 2001 (ping and/or ssh)?

 

HTH

 

Rick

HTH

Rick
Highlighted

Rick,

 

So this is interesting......when trying to ping vlan 2002 (192.168.2.2) from the server I get Destination host unreachable, and obvously its doesn't connect via SSH.

 

Regards

Matt

Highlighted

Matt

 

Yes interesting is one way of describing it. Would you try the ping from the server to 192.168.2.2 again and then immediately show the arp table from the server (arp -a or whatever command it might be if your server is not windows). It is looking to me like there is successful communication at layer 2 but something is interfering with communication at layer 3.

 

HTH

 

Rick

HTH

Rick
Highlighted

Rick,

 

As always, please find requested output attached.

Ive included sh arp and arp -a from both switch and server

 

Regards

Matt

 

 

Highlighted

So I think I have fixed the issue

 

I've walked into this environment and have been trying to get this to work.  I've realised there is no actual business reason to have the SVI's or the secondary address on VLAN 2001 and therefore removed them.  Now when trying SSH to 192.168.1.2 it works.

 

I now also get a clean packet capture in wireshark without the TCP retranmissions.

 

I havent got my head around theory, but there must have been differnet source MAC's or IP's being used for traffic.......or something along those line.......anyway, for the time being it seems to be working.

 

Thank you for all your help

 

Regards

Matt

 

View solution in original post

Highlighted

Matt

 

I am not clear how or why removing the SVI fixed the problem. But I am relieved to know that you now have the problem resolved. This has been a very interesting discussion. Congratulations on finding the solution to your own problem. So +5 to you.

 

HTH

 

Rick

HTH

Rick
Highlighted

Could you tell us what error you are getting, when you are trying to do the SSH?

Highlighted

Hi,

 

Putty just returns a "Network error: Connection timed out message"

 

Regards

Matt

Content for Community-Ad