May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

  • 1
  • 1
  • Question
  • Updated 5 months ago
  • Answered
Hello, team!

I've configured IPs for MGMT-ports of all my Exteme switches and connected them to dedicated 2960. Ping works fine but I am unable to connect to the switches with SSH or telnet.
 
Is it possible?

Thanks!
Photo of Ilya Semenov

Ilya Semenov

  • 4,384 Points 4k badge 2x thumb

Posted 1 year ago

  • 1
  • 1
Photo of Ron Huygens

Ron Huygens, Employee

  • 2,878 Points 2k badge 2x thumb
Hi Ilya,

I assume that you have enabled ssh/telnet and there is no access-list applied on the telnet application?
Photo of Ilya Semenov

Ilya Semenov

  • 4,384 Points 4k badge 2x thumb
Hello, Ron!

Thanks for your reply. I am not sure about the telnet, but ssh was enabled. How can I check whether there are any access-lists applied to "telnet application"? It sound a bit strange for me...
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi, you can check that through the "show management" command already requested by Ronald.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,130 Points 20k badge 2x thumb
Is the ping source and the switch mgmt IP in the same subnet  - please post the CLI output for "show management".
Photo of Ilya Semenov

Ilya Semenov

  • 4,384 Points 4k badge 2x thumb
Hi,Ronald!

I will post the output in several hours, thank you...
Photo of Ilya Semenov

Ilya Semenov

  • 4,384 Points 4k badge 2x thumb
Hello, Ron!

Here it is - "show management" output. How can I check what is "mgt" access-profile?




Many thanks to you!
Photo of Ron Huygens

Ron Huygens, Employee

  • 2,878 Points 2k badge 2x thumb
Hi Ilya,

So there is a policy file called mgt.pol. That probably prevent you of logging in.
With "vi mgt.pol" you can see the content.
with "configure telnet access-profile none" you can remove the access profile.

 
Photo of Vellachery, Sumeesh

Vellachery, Sumeesh, Employee

  • 3,268 Points 3k badge 2x thumb
Ilya,

As Ron pointed out to remove the access profile configured for telnet. In the similiar way, remove the access profile configured for SSH

 "configure ssh2 access-profile none".
Photo of Ilya Semenov

Ilya Semenov

  • 4,384 Points 4k badge 2x thumb
Thank you very much, gentlemen!

I've added required prefixes to access-profile file and not it works.
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Photo of Yusuf Kabbara

Yusuf Kabbara

  • 524 Points 500 badge 2x thumb
Hello Henrique,

Does the same reference applies for telnet as well as SSH?
Is "Controlssh" refer to a name or has a function!?

Thanks
Yusuf