This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSH from VSP to another device

SSH from VSP to another device

bfaltys
Contributor II

‎11-05-2021 09:19 AM

We have a switch that someone put in the field, but we cannot reach it. I added a layer 3 vlan interface on the VSP on site & can ping it. Is it possible to SSH from the VSP? I can see the other switch via LLDP & there is also an ISIS adjacency. I'm wondering if the gateway isn't configured.
0 Kudos
6 REPLIES 6

Ludovico_Steven
Extreme Employee

‎11-09-2021 12:27 PM

If your VSP has an IP address (say on GRT) on the same VLAN where the ERS is located, but you only have a mgmt CLIP on the VSP and the ERS does not have any valid return route to reach that VSP CLIP, then that might be your problem.
What you can do, is to create a "mgmt vlan" interface on that very same VSP VLAN; and when you configure the mgmt vlan IP address on that mgmt VLAN interface, you must/can configure the very same IP address that VLAN already has configured on GRT (hence in the VSP config, the same IP address appears configured twice, once under "interface vlan X" and once again under "mgmt vlan X"). Now you should be able to hit the ERS with SSH from the VSP.
0 Kudos

bfaltys
Contributor II

‎11-08-2021 11:03 AM

After digging a bit more, I think we need to look at the gateway on the ERS. If SSH from the VSP uses the mgmt IP as the source and if the ERS doesn't have a gateway or the gateway is wrong, it obviously wouldn't know how to get back to the VSP's mgmt IP. If I could SSH with the vlan interface as the source, I might be able to get to it.
0 Kudos

bfaltys
Contributor II

‎11-08-2021 08:45 AM

If I can reach the other switch via GRT, how can the mgmt IP not reach it? I have a layer 3 interface on the local switch so there is a connected route to that network. Though, this is across an SPBM link...not sure how that plays into this, but I would think it doesn't matter as the overlay is essentially transparent. I do have a mgmt CLIP configured.
0 Kudos

Ludovico_Steven
Extreme Employee

‎11-06-2021 04:27 PM

If your VSP is on 8.2 or later, then SSH client/server only operates on the segmented management interfaces (mgmt context).
You are pinging in the grt context; try pinging in the mgmt context with "ping 10.1.1.254 mgmt".
You can see your management interfaces with "show mgmt interface" & "show mgmt ip". Maybe you don't have any..
You can have one on a VLAN and/or a CLIP.
0 Kudos
GTM-P2G8KFN