ssh and telnet access

  • 1
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
Hi Guys

I am trying to setup telnet and ssh access on my extreme swicthes i ahve already tried the suggested solutions but they do not seem to help

here is my configuration

X440G2-48p-10G4.1 # sh configuration
#
# Module devmgr configuration.
#
configure snmp sysContact "support@extremenetworks.com, +1 888 257 3000"
configure sys-recovery-level switch reset

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-52
configure vr VR-Default add ports 1-52
configure vlan default delete ports 1-52
create vlan "ACCESS_CONTROL"
configure vlan ACCESS_CONTROL description "ACCESS_CONTROL"
configure vlan ACCESS_CONTROL tag 122
create vlan "LAN-GUEST"
configure vlan LAN-GUEST tag 103
create vlan "LAN-LIVEDMZ"
configure vlan LAN-LIVEDMZ tag 100
create vlan "LAN-MANAGEMENT"
configure vlan LAN-MANAGEMENT tag 900
create vlan "LAN-MANAGEMENT-901"
configure vlan LAN-MANAGEMENT-901 tag 901
create vlan "LAN-SERVERS"
configure vlan LAN-SERVERS description "LAN-SERVERS VLAN"
configure vlan LAN-SERVERS tag 106
create vlan "LAN-WIRELESSAPS"
configure vlan LAN-WIRELESSAPS tag 108
create vlan "LAN-WIRELESSMOBILE"
configure vlan LAN-WIRELESSMOBILE tag 112
create vlan "LAN-WIRELESSPCS"
configure vlan LAN-WIRELESSPCS tag 109
create vlan "LAN-WORKSTATIONS"
configure vlan LAN-WORKSTATIONS description "WORKSTATIONS"
configure vlan LAN-WORKSTATIONS tag 105
create vlan "VOIP"
configure vlan VOIP description "Telephone VLAN"
configure vlan VOIP tag 104
create vlan "WIFI_AP"
configure vlan WIFI_AP tag 20
configure vlan LAN-MANAGEMENT-901 add ports 51 tagged 
configure vlan LAN-SERVERS add ports 51 tagged 
configure vlan LAN-SERVERS add ports 40 untagged 
configure vlan LAN-WORKSTATIONS add ports 51 tagged 
configure vlan LAN-WORKSTATIONS add ports 1-39,41-48 untagged 
configure vlan VOIP add ports 1-39,41-52 tagged 
configure vlan LAN-MANAGEMENT-901 ipaddress 10.248.111.15 255.255.255.0
enable ipforwarding vlan LAN-MANAGEMENT-901

#
# Module mcmgr configuration.
#

#
# Module fdb configuration.
#

#
# Module rtmgr configuration.
#

#
# Module policy configuration.
#

#
# Module aaa configuration.
#

#
# Module acl configuration.
#




#
# Module bfd configuration.
#

#
# Module cfgmgr configuration.
#

#
# Module dosprotect configuration.
#

#
# Module dot1ag configuration.
#

#
# Module eaps configuration.
#

#
# Module edp configuration.
#

#
# Module elrp configuration.
#

#
# Module ems configuration.
#

#
# Module epm configuration.
#

#
# Module erps configuration.
#

#
# Module esrp configuration.
#

#
# Module ethoam configuration.
#

#
# Module etmon configuration.
#

#
# Module exsshd configuration.
#
enable ssh2


#
# Module hal configuration.
#

#
# Module idMgr configuration.
#

#
# Module ipSecurity configuration.
#

#
# Module ipfix configuration.
#

#
# Module lldp configuration.
#

#
# Module mrp configuration.
#

#
# Module msdp configuration.
#

#
# Module netLogin configuration.
#

#
# Module netTools configuration.
#

#
# Module ntp configuration.
#

#
# Module poe configuration.
#

#
# Module rip configuration.
#

#
# Module ripng configuration.
#

#
# Module snmpMaster configuration.
#
disable snmp access

#
# Module stp configuration.
#

#
# Module techSupport configuration.
#
enable tech-support collector

#
# Module telnetd configuration.
#

#
# Module tftpd configuration.
#

#
# Module thttpd configuration.
#

#
# Module twamp configuration.
#

#
# Module vmt configuration.
#

#
# Module vsm configuration.
#
X440G2-48p-10G4.2 # sh management
CLI idle timeout                 : Enabled (20 minutes)
CLI max number of login attempts : 3
CLI max number of sessions       : 8
CLI paging                       : Enabled (this session only)
CLI space-completion             : Disabled (this session only)
CLI configuration logging        : Disabled
CLI password prompting only      : Disabled
CLI RADIUS cmd authorize tokens  : 2
CLI scripting                    : Disabled (this session only)
CLI scripting error mode         : Ignore-Error (this session only)
CLI persistent mode              : Persistent (this session only)
CLI prompting                    : Enabled (this session only)
CLI screen size                  : 24 Lines 80 Columns (this session only)
CLI refresh                      : Enabled
Telnet access                    : Enabled (tcp port 23 vr all)
                                 : Access Profile : not set
SSH access                       : Enabled (Key valid, tcp port 22 vr all)
                                 : Secure-Mode    : Off
                                 : Access Profile : not set
SSH2 idle time                   : 60 minutes
Web access                       : Enabled (tcp port 80)
                                 : Access Profile : not set
Total Read Only Communities     : 1
Total Read Write Communities     : 1
RMON                             : Disabled
SNMP access                      : Disabled
                                 : Access Profile : not set
SNMP Compatibility Options       :
    GETBULK Reply Too Big Action : Too Big Error
    IP Fragmentation             : Disallow
SNMP Notifications               : Enabled
SNMP Notification Receivers  : None
SNMP stats:    InPkts 0       OutPkts   0       Errors 0       AuthErrors 0
        Gets   0       GetNexts  0       Sets   0       Drops      0      
SNMP traps:    Sent   0       AuthTraps Enabled
SNMP inform:    Sent   0       Retries   0       Failed 0

Thank you in advance
Photo of Lutha

Lutha

  • 184 Points 100 badge 2x thumb
  • flabbagsted

Posted 2 years ago

  • 1
  • 1
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,744 Points 10k badge 2x thumb
Hello Lutha,

Can you ping the switch IP? If not it looks you need you need a default route for the switch.
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,628 Points 10k badge 2x thumb
Are you able to ping the switch? Telnet and SSH both look to be setup correctly.

The one thing that stands out to me is that there is no default route on the switch. Are you trying to reach the switch from within the 10.248.111.0/24 subnet? If not, you will need a default gateway on the switch, so it can get back to you.
Photo of Bastian Sprotte

Bastian Sprotte, Employee

  • 1,700 Points 1k badge 2x thumb
the commands  " show iparp " "show fdb"

might also help. this will show you if you have any ARP infos in the vlan you expect the IP communication. Also check if you not have an duplicate IP setup. that might cause the same results.

an default route looks like that:
configure iproute add default 10.248.111.254

regards
-
Photo of Lutha

Lutha

  • 184 Points 100 badge 2x thumb
Hi Guys thanks for the solutions i discovered that the switch is daisy chained to another switch as well as there isnt a default route... i will discuss this with my team so we can properly manage the switch thanks again