siggnation wrote: » Go to line vty 0 15 and try setting this: transport input ssh telnet Also, under global configuration mode, ip ssh version 2 is good. Prior to what I said above, please ensure you generated rsa keys to enable ssh: (config)#crypto key generate rsa --> hit enter and input 512 (512 is a good example, the higher the number, the stronger the key).
RouteMyPacket wrote: » Basics first, what are you pinging from (x.x.x.x?), attempting to connect to (x.x.x.x?). Can you ping the switch? Interesting config, so how about we debug this and see what we get. On the console debug ip ssh sh ip ssh Try to connect via SSH, what's the output? Also, since you chose SSH v2 then your RSA key needs to at least be 768 bits, so if you selected 512 as a previous user advised. Change that, typically go with no less than 1024
DCD wrote: » What are you using to SSH into the switch and what version of SSH are you using?
ecuadra wrote: » Remove existing vty line password, go to line vty 0 15 and do a no password do a show ip ssh and show ssh and let us know the full output of both commands try using the command prompt instead ssh -l username ip press enter and then input the password, make sure you can ping the switch first also what is the ip/mask of the laptop and the ip/mask of the switch
Dieg0M wrote: » Is there any filtering done between where you are pinging and the switch (ACL's/Firewalls) ?
RouteMyPacket wrote: » You need to start with the basics, it is the same process you will use throughout your career. I cannot stand people throwing out troubleshooting tips when the basics haven't been discovered. Remove passwords from vty lines, trying ssh -l, any filtering? Every single one of those are irrelevant until you can confirm L1 - L3 connectivity How do you have the network laid out? How many devices are there? What are their functions? What good is SSH and Passwords if you cannot even reach the device? So when I'm on my router 10.1.3.2 I can ping the switch which is 10.1.1.10. Ok, so you have a router and a switch, they are on two separate networks. I can already tell from your switch configuration that you want it to perform your inter-vlan routing, you have multiple SVI's configured. So what are you using the router for? WHAT ARE YOU TRYING TO ACCOMPLISH? If you want to implement a router on a stick, then you will trunk the switch to the router. Configure your L2 Vlans on the switch and assign access ports to whatever Vlan you want, in your case vlans 1 and 50 On the router you will create sub interfaces for each vlan, plug the trunk port on the switch into the router port On router: interface FastEthernet0/1.1 description VLAN 1 encapsulation dot1Q 1 ip address 10.1.1.254 255.255.255.0 interface FastEthernet0/1.50 description VLAN 50 encapsulation dot1Q 50 ip address 10.1.50.254 255.255.255.0 Say your "Management" Vlan is 1 so the switch gets IP that it already has, so leave that interface alone. Delete the 50 and 100 vlan interfaces Create your L2 VLANs on the switch vlan 50 name Data vlan 100 name BlaBla int f0/2 switchport host switchport access vlan 50 no shut int f0/3 switchport host no shut How are you handling DHCP? If you want, static the IP for a quick test. Connect your PC to one of those ports, can the PC reach it's default gateway? If you want the router to handle DHCP, thenc reate multiple pools ip dhcp pool VLAN1 network 10.1.1.0 255.255.255.0 domain-name abc.com default-router 10.1.1.254 dns-server 4.2.2.2 8.8.8.8 ip dhcp pool VLAN50 network 10.1.50.0 255.255.255.0 domain-name abc.com default-router 10.1.50.254 dns-server 4.2.2.2 8.8.8.8 ip dhcp excluded-address 10.1.1.254 ip dhcp excluded-address 10.1.50.254 Do we have connectivity now, BASIC connectivity? Can you ping from a PC connected to a switchport to it's default gateway?
JeanM wrote: » +1 on everything RouteMyPacket said. Start with the basics, clearly define your setup/config and then add more to it as you read how it works and what it is you are trying to do. Shotgun approach usually is a waste of time.
DCD wrote: » In your first post you said you could telnet to all the devices but it was unclear if the other 2 devices SSH connection was working. IF you can connect to those devices with ssh then it the switch. If you can't connect to both of those it maybe your client software is mis-configured. Since Telnet works that rules out the password and connectivity problems.
JeanM wrote: » So there you go, looks like you have connectivity issue and not SSH issue "HOWEVER, from my PC connected to 3550 switch, I get can't ping any of them or telnet any of them or SSH any of them." Is the 2651 running NAT behind the dlink or does the dlink have routes back to the 2651 networks? Post a diagram of the network, it's hard to tell what goes where.
Dieg0M wrote: » Ok, your first post was not clear at all. You meant you can telnet to the switch from the routers and switches but cant from your PC. From your router try: "ssh -l sagar 10.1.1.10". You might need to configure SSH on that router to be able to type that command or upgrade the IOS. For the PC issue, you should try and change your speed settings and make sure the port is in the up/up state. From the configs it seems like the only issue you have is connectivity between your PC and the switch.
JeanM wrote: » Ok first things first. What is the subnet on the local interface of your dlink router? is it 192.168.0.x ? If you are trying to get routing to work between the 10. and 192. then you need to think about how traffic would flow from your laptop to dlink and back.
JeanM wrote: » Does the dlink know anything about the 10. network? Meaning, does the dlink have a routing protocol to learn that there is also a 10.x network on the local side OR did you add a static route on the dlink router for it to know about the 10. network? OR are you going to run NAT instance between 10. lab network and 192. local lan network with internet connectivity?
