This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VSP5520 SSH/Mgmt

VSP5520 SSH/Mgmt

Go to solution
bfaltys
Contributor II

‎08-24-2021 02:36 PM

I’m trying to test one of our new VSP5520s. I had been under the impression that VOSS is VOSS regardless of which switch, but maybe I was wrong. I have configured a loopback with an IP and SPBM/ISIS. I have an adjacency and I can ping the switch via that loopback. However, I cannot SSH to the switch and pings from the switch only work if I specify the loopback as the source. We also have new VSP4900 and VSP7400 that didn’t require anything special to be able to SSH to the loopback IP. Pings from those models also didn’t require me to specify a source. What am I missing? SSHD is enabled. I see a route to the subnet I’m SSHing from. I’m guessing this has something to do with the mgmt VRF or something along those lines, but I’ve not been able to sort it out.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
bfaltys
Contributor II

‎08-26-2021 02:13 PM

Success. It was the RADIUS attribute. Here are screenshots of NPS.

ca62521bcc4543949d387fe9553a990e_8806b98a-bea7-49c2-af2c-b58e7a5b194e.png
ca62521bcc4543949d387fe9553a990e_fe9f2c2c-e48e-4367-8216-1d510a506e62.png

 

View solution in original post

0 Kudos
14 REPLIES 14

Go to solution
bfaltys
Contributor II

‎08-25-2021 01:19 PM

I have things mostly working with this newer method, but SSH isn’t working. I get prompted for credentials and the NPS server shows event 6272 so it should work, but the 5520 displays a message for invalid username/password. These credentials work on other devices so that rules out the server.

 

**UPDATE**

Wireshark capture shows access-request and access-accept so I am at a loss as to why the switch says invalid username or password.

0 Kudos

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎08-24-2021 03:23 PM

bfaltys,

This IP (CLIP/OoB/mgmt) is to be used for management purposes only (Web/SSH/SNMP/TELNET).

You need another CLIP for service purposes (routing, tunnels, etc).

For the ping, you can use “ping a.b.c.d mgmt” if your mgmt interface is in the same VRF as what you want to reach.

Mig

0 Kudos

Go to solution
bfaltys
Contributor II

‎08-24-2021 03:11 PM

It looks like this is really separated. As in I cannot use this IP as the source/destination for any tunnel and cannot enable OSPF so it can be advertised.

0 Kudos

Go to solution
Roger_Lapuh
Extreme Employee

‎08-24-2021 02:43 PM

We have introduced a new segmented management stack with Release 8.2 which provides a set of benefits. So management of the systems has changed, this includes all VOSS switches which support 8.2 and onwards. I suggest you review the documentation for the Segmented Management Stack.

 

Roger

0 Kudos
GTM-P2G8KFN