Header Only - DO NOT REMOVE - Extreme Networks

May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?


Userlevel 4
Hello, team!

I've configured IPs for MGMT-ports of all my Exteme switches and connected them to dedicated 2960. Ping works fine but I am unable to connect to the switches with SSH or telnet.

Is it possible?

Thanks!

11 replies

Userlevel 5
Hi Ilya,

I assume that you have enabled ssh/telnet and there is no access-list applied on the telnet application?
Userlevel 4
Ron Huygens wrote:

Hi Ilya,

I assume that you have enabled ssh/telnet and there is no access-list applied on the telnet application?

Hello, Ron!

Thanks for your reply. I am not sure about the telnet, but ssh was enabled. How can I check whether there are any access-lists applied to "telnet application"? It sound a bit strange for me...
Userlevel 6
Ron Huygens wrote:

Hi Ilya,

I assume that you have enabled ssh/telnet and there is no access-list applied on the telnet application?

Hi, you can check that through the "show management" command already requested by Ronald.
Userlevel 7
Is the ping source and the switch mgmt IP in the same subnet - please post the CLI output for "show management".
Userlevel 4
Ron wrote:

Is the ping source and the switch mgmt IP in the same subnet - please post the CLI output for "show management".

Hi,Ronald!

I will post the output in several hours, thank you...
Userlevel 4
Ron wrote:

Is the ping source and the switch mgmt IP in the same subnet - please post the CLI output for "show management".

Hello, Ron!

Here it is - "show management" output. How can I check what is "mgt" access-profile?



Many thanks to you!
Userlevel 5
Ron wrote:

Is the ping source and the switch mgmt IP in the same subnet - please post the CLI output for "show management".

Hi Ilya,

So there is a policy file called mgt.pol. That probably prevent you of logging in.
With "vi mgt.pol" you can see the content.
with "configure telnet access-profile none" you can remove the access profile.
Userlevel 5
Ron wrote:

Is the ping source and the switch mgmt IP in the same subnet - please post the CLI output for "show management".

Ilya,

As Ron pointed out to remove the access profile configured for telnet. In the similiar way, remove the access profile configured for SSH

"configure ssh2 access-profile none".
Userlevel 4
Thank you very much, gentlemen!

I've added required prefixes to access-profile file and not it works.
Userlevel 6
For further reference, please see the article below:

https://gtacknowledge.extremenetworks.com/articles/How_To/Create-an-ACL-on-an-XOS-switch-for-SSH2-se...
Hello Henrique,

Does the same reference applies for telnet as well as SSH?
Is "Controlssh" refer to a name or has a function!?

Thanks
Yusuf

Reply