A few more questions...I am using the following two commands. SSH to the switches IP address of 10.1.100.203 does not work without the ip route command below, but works with or without the second ip source-interface command. Is the second command needed if all I'm using VLAN 1 for is SSH? Also, is the ip route command correct for my application? Is the ip route 0.0.0.0/0 10.1.100.1 command in ArubaOS-cx the eqivalent of the ip default-address 10.1.100.1 command in ArubaOS?
Original Message:
Sent: Jul 22, 2021 12:57 PM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
The original issue was me not being able to SSH into the switch using the IP address assigned to VLAN 1. Interface 1/1/1 is my uplink port. I originally had the native VLAN set to 1 on 1/1/1 as well as trunked for VLAN 1, 50, and 51. Having 1/1/1 trunked for VLAN 1 and the Native VLAN 1 was preventing me from being able to SSH or WebUI to the switch. As soon as I set the native VLAN to 99 on 1/1/1, I was able to access the switch via the VLAN 1 IP address.
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 22, 2021 12:10 PM
From: Davide Poletto
Subject: SSH access to a 6200f over VLAN 1
Hi Wayne! I lost myself reading this thread...isn't this VLAN 99 a new entry?
For me the meaning embedded into your statement "It was the native VLAN being set to 1 and me also trying to SSH to a VLAN 1 address" is totally correct and/or reasonable.
I mean: excluding routing features you can count on, if you're on a host connected and addressed into a VLAN 1's Access port of a Switch (so VLAN 1 is clearly Up because you're Up) and you're trying to login into the SSH server service bound to the Switch IP Address exactly on that very VLAN 1 (provided that SSH service was running on default VRF as you wrote), where is/was the issue?
------------------------------
Davide Poletto
Original Message:
Sent: Jul 22, 2021 09:43 AM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
I finally figured it out. It was the native VLAN being set to 1 and me also trying to SSH to a VLAN 1 address. I change the native VLAN to 99 and then added VLAN 1 back as a trunk on my 1/1/1 uplink port. I can now SSH and WebUI to my switch!
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 22, 2021 05:22 AM
From: Stanislav Naydenov
Subject: SSH access to a 6200f over VLAN 1
Hi Wayne,
Could you please show us your port configuration on the 8212's side to the 6200 switch?
As we don't have it, we can only guessing how the config looks like and that is why I will advise you to give a shot with tagging the native vlan under the interface context on the 6200 switch (port 1/1/1, command "vlan trunk native <VLAN-ID> tag") and to use your initial configuration:
interface 1/1/1
no shutdown
vlan trunk native 1 tag
vlan trunk allowed 1,50-51
As long as the status of vlan1 is down/up you are not going to be able to reach the 6200 switch over vlan1 ("show ip int brief" command). It seems that there are no active ports members of that vlan1. For the uplink (port 1/1/1) you have native VLAN 1, but this vlan is not allowed over the trunk link (actually it should be presented under "vlan trunk allowed VLANS" list as you are going to use it for ssh) – with the current config vlan1 is not allowed on port 1/1/1 (only some control plane protocols are passing over the native vlan, when the native vlan is not allowed over the trunk). No other active ports (up status) are members of vlan1, that is why vlan1 has "down" as a status.
------------------------------
Stanislav Naydenov
Original Message:
Sent: Jul 21, 2021 09:18 AM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
Any other ideas about my inability to SSH to my switch? Is the way I have the IP route command correct? There's got to be a way to do this, right?
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 19, 2021 06:45 PM
From: Laurent Tygreat
Subject: SSH access to a 6200f over VLAN 1
Look at your ipv4 address .. you got this by a DHCP probably.
But why do you have two gateway.. don't know, mix of static and DHCP config maybe ?
You should use .254 as gateway instead of .1 😃
------------------------------
Laurent from Brest / France
Network Engineer
Original Message:
Sent: Jul 19, 2021 05:52 PM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
When i do an ipconfig on my laptop that's plugged into 1/1/18 on the 6200f i get a default gateway of 10.1.100.1 and 10.1.51.1. Why is that?
Ethernet adapter Ethernet 2:
Connection-specific DNS Suffix . : ajc.angelina.edu
Link-local IPv6 Address . . . . . : fe80::c549:8b7f:5082:c16a%9
IPv4 Address. . . . . . . . . . . : 10.1.51.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.100.1
10.1.51.1
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 19, 2021 05:11 PM
From: Laurent Tygreat
Subject: SSH access to a 6200f over VLAN 1
Ok so your switch works and you have an issue somewhere else between the switch and the router. If all ports are UP/UP you should take a look on the switch where you plug your 6200F if the mac address of the 6200F is here or not and same thing on the router.
------------------------------
Laurent from Brest / France
Network Engineer
Original Message:
Sent: Jul 19, 2021 04:34 PM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
I plugged the laptop into 1/1/1 and gave it an IP of 10.1.100.1/24 and I was able to ping the 10.1.100.217 VLAN 1 IP.
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 19, 2021 04:19 PM
From: Laurent Tygreat
Subject: SSH access to a 6200f over VLAN 1
Ok ..
Have you tried to plug directly a computer to interface 1/1/1 and give to your computer the IP 10.100.1.1/24 ?
After that try to ping your switch.
If not working, take a look at the switch logs : show logging -r
------------------------------
Laurent from Brest / France
Network Engineer
Original Message:
Sent: Jul 19, 2021 03:48 PM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
I have the switch firmware updated but nothing changed. Here is my current config:
HH-SECURITY(config)# sho run
Current configuration:
!
!Version ArubaOS-CX ML.10.07.0010
!export-password: default
hostname HH-SECURITY
user admin group administrators password ciphertext AQBapcpPi8K7T84gnvzcXx0iyeb3u//8WG4BF+7xGuYDSmMiYgAAAJWPd+FU1XCRlgNAFf3o6ZtkIhmSwcWViKKO0BYQp89uMxWsZGWARKUvnC6gOvEi0hNBhJsYiPyza5CjDrjPoz5C95wzXM5qiCoijjP1sIs7V19zzmyf8A5vDK2Hh037fc0g
!
ssh server vrf default
no ssh server vrf mgmt
vsf member 1
type jl725a
vlan 1
vlan 35
name MIS
vlan 50
name ACPOPO
vlan 51
name ACCESS
spanning-tree
interface mgmt
shutdown
ip dhcp
interface 1/1/1
no shutdown
vlan trunk native 1
vlan trunk allowed 1,35,50-51
interface 1/1/2
no shutdown
vlan access 35
interface 1/1/3
no shutdown
vlan access 50
interface 1/1/4
no shutdown
vlan access 50
interface 1/1/5
no shutdown
vlan access 50
interface 1/1/6
no shutdown
vlan access 50
interface 1/1/7
no shutdown
vlan access 50
interface 1/1/8
no shutdown
vlan access 50
interface 1/1/9
no shutdown
vlan access 50
interface 1/1/10
no shutdown
vlan access 50
interface 1/1/11
no shutdown
vlan access 51
interface 1/1/12
no shutdown
vlan access 51
interface 1/1/13
no shutdown
vlan access 51
interface 1/1/14
no shutdown
vlan access 51
interface 1/1/15
no shutdown
vlan access 51
interface 1/1/16
no shutdown
vlan access 51
interface 1/1/17
no shutdown
vlan access 51
interface 1/1/18
no shutdown
vlan access 51
interface 1/1/19
no shutdown
vlan access 51
interface 1/1/20
no shutdown
vlan access 51
interface 1/1/21
no shutdown
vlan access 51
interface 1/1/22
no shutdown
vlan access 51
interface 1/1/23
no shutdown
vlan access 51
interface 1/1/24
no shutdown
vlan access 51
interface 1/1/25
no shutdown
vlan trunk native 1
vlan trunk allowed 1,50-51
interface 1/1/26
no shutdown
vlan trunk native 1
vlan trunk allowed 1,50-51
interface 1/1/27
no shutdown
vlan trunk native 1
vlan trunk allowed 1,50-51
interface 1/1/28
no shutdown
vlan trunk native 1
vlan trunk allowed 1,50-51
interface vlan 1
! ip dhcp is ignored when static ip is configured
ip address 10.1.100.217/24
ip dhcp
interface vlan 50
ip route 0.0.0.0/0 10.1.100.1
!
ip source-interface all interface vlan1
https-server vrf default
no https-server vrf mgmt
HH-SECURITY(config)#
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 16, 2021 03:38 AM
From: Laurent Tygreat
Subject: SSH access to a 6200f over VLAN 1
I don't think it's possible via serial console. But you can use an USB key :
# show usb
# copy usb:/firmware.swi secondary
# boot system secondary
------------------------------
Laurent from Brest / France
Network Engineer
Original Message:
Sent: Jul 15, 2021 04:11 PM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
only way I can get into the switch is serial console. Tried to tftp the file from my laptop that is plugged into the switch (and the laptop I'm consoled in with) but the copy tftp command cannot see the tftp laptops IP. Can you do firmware updates via serial console on the 6200?
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 15, 2021 11:40 AM
From: Laurent Tygreat
Subject: SSH access to a 6200f over VLAN 1
You can try to update the switch :
https://asp.arubanetworks.com/downloads/software/RmlsZTpjNTRkMmRlOC1jZmM5LTExZWItYTJkNC1hZmZhYWFjMTk3NDE%3D
------------------------------
Laurent from Brest / France
Network Engineer
Original Message:
Sent: Jul 15, 2021 11:04 AM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
Yes, port 1/1/1 is connected to the router which is an HP 8212. Like I said before, the access ports are functioning fine. I have a laptop plugged into 1/1/14 and it is pulling a 10.1.51.x IP from my DHCP server like it should and has internet (using it right now for this).
I have an HP 2920 switch by the 6200f switch. I set it up the same way (VLAN 1 tagged on port 1). I set the default VLAN 1 IP to 10.1.100.217 with a gateway of 10.1.100.1. I can telnet to it and ping it from across network fine.
HH-SECURITY# sho ver
-----------------------------------------------------------------------------
ArubaOS-CX
(c) Copyright 2017-2020 Hewlett Packard Enterprise Development LP
-----------------------------------------------------------------------------
Version : ML.10.05.0021
Build Date : 2020-10-29 10:51:49 PDT
Build ID : ArubaOS-CX:ML.10.05.0021:ef0fef7f4b9d:202010291659
Build SHA : ef0fef7f4b9d2732c70bed9fa25589c665319634
Active Image : primary
Service OS Version : ML.01.07.0001
BIOS Version : FL.01.0003
HH-SECURITY#
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 15, 2021 10:04 AM
From: Laurent Tygreat
Subject: SSH access to a 6200f over VLAN 1
It should work ..
Port 1/1/1 is direcly connected to the router ? Which brand the router is ?
What is your software on the 6200 ?
------------------------------
Laurent from Brest / France
Network Engineer
Original Message:
Sent: Jul 15, 2021 09:38 AM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
HH-SECURITY# sho int brief
--------------------------------------------------------------------------------------------------------------
Port Native Mode Type Enabled Status Reason Speed Description
VLAN (Mb/s)
--------------------------------------------------------------------------------------------------------------
1/1/1 1 trunk 1GbT yes up 1000 --
1/1/2 50 access 1GbT yes down Waiting for link -- --
1/1/3 50 access 1GbT yes down Waiting for link -- --
1/1/4 50 access 1GbT yes down Waiting for link -- --
1/1/5 50 access 1GbT yes down Waiting for link -- --
1/1/6 50 access 1GbT yes down Waiting for link -- --
1/1/7 50 access 1GbT yes down Waiting for link -- --
1/1/8 50 access 1GbT yes down Waiting for link -- --
1/1/9 50 access 1GbT yes down Waiting for link -- --
1/1/10 50 access 1GbT yes down Waiting for link -- --
1/1/11 51 access 1GbT yes down Waiting for link -- --
1/1/12 51 access 1GbT yes down Waiting for link -- --
1/1/13 51 access 1GbT yes down Waiting for link -- --
1/1/14 51 access 1GbT yes up 1000 --
1/1/15 51 access 1GbT yes down Waiting for link -- --
1/1/16 51 access 1GbT yes down Waiting for link -- --
1/1/17 51 access 1GbT yes down Waiting for link -- --
1/1/18 51 access 1GbT yes down Waiting for link -- --
1/1/19 51 access 1GbT yes down Waiting for link -- --
1/1/20 51 access 1GbT yes down Waiting for link -- --
1/1/21 51 access 1GbT yes down Waiting for link -- --
1/1/22 51 access 1GbT yes down Waiting for link -- --
1/1/23 51 access 1GbT yes down Waiting for link -- --
1/1/24 51 access 1GbT yes down Waiting for link -- --
1/1/25 1 trunk -- yes down No XCVR installed -- --
1/1/26 1 trunk -- yes down No XCVR installed -- --
1/1/27 1 trunk -- yes down No XCVR installed -- --
1/1/28 1 trunk -- yes down No XCVR installed -- --
vlan1 -- -- yes up -- --
vlan50 -- -- yes up -- --
HH-SECURITY#
HH-SECURITY# sho ip route
Displaying ipv4 routes selected for forwarding
'[x/y]' denotes [distance/metric]
0.0.0.0/0, vrf default
via 10.1.100.1, [1/0], static
10.1.100.0/24, vrf default
via vlan1, [0/0], connected
10.1.100.217/32, vrf default
via vlan1, [0/0], local
HH-SECURITY#
HH-SECURITY# ping 10.1.100.217
PING 10.1.100.217 (10.1.100.217) 100(128) bytes of data.
108 bytes from 10.1.100.217: icmp_seq=1 ttl=64 time=0.045 ms
108 bytes from 10.1.100.217: icmp_seq=2 ttl=64 time=0.046 ms
108 bytes from 10.1.100.217: icmp_seq=3 ttl=64 time=0.048 ms
108 bytes from 10.1.100.217: icmp_seq=4 ttl=64 time=0.050 ms
108 bytes from 10.1.100.217: icmp_seq=5 ttl=64 time=0.062 ms
--- 10.1.100.217 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4097ms
rtt min/avg/max/mdev = 0.045/0.050/0.062/0.007 ms
HH-SECURITY#
HH-SECURITY# ping 10.1.100.1 vrf default
PING 10.1.100.1 (10.1.100.1) 100(128) bytes of data.
From 10.1.100.217 icmp_seq=1 Destination Host Unreachable
From 10.1.100.217 icmp_seq=2 Destination Host Unreachable
From 10.1.100.217 icmp_seq=3 Destination Host Unreachable
--- 10.1.100.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4099ms
HH-SECURITY#
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 14, 2021 03:56 AM
From: Laurent Tygreat
Subject: SSH access to a 6200f over VLAN 1
Ok, now send us :
show int brief
show ip route
ping 10.1.100.217
ping 10.1.100.1 vrf default
------------------------------
Laurent from Brest / France
Network Engineer
Original Message:
Sent: Jul 13, 2021 07:06 PM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
HH-SECURITY# show ip int brief
Interface IP Address Interface Status
link/admin
vlan1 10.1.100.217/24 up/up
vlan50 No Address up/up
HH-SECURITY# ping 10.1.100.1
PING 10.1.100.1 (10.1.100.1) 100(128) bytes of data.
From 10.1.100.217 icmp_seq=1 Destination Host Unreachable
From 10.1.100.217 icmp_seq=2 Destination Host Unreachable
--- 10.1.100.1 ping statistics ---
5 packets transmitted, 0 received, +2 errors, 100% packet loss, time 4079ms
HH-SECURITY#
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 13, 2021 05:47 PM
From: Laurent Tygreat
Subject: SSH access to a 6200f over VLAN 1
Please send us result of :
show ip int brief
ping 10.1.100.1
------------------------------
Laurent from Brest / France
Network Engineer
Original Message:
Sent: Jul 13, 2021 04:00 PM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
Could you elaborate, please? I am still unable to access the switch via SSH or WebUI.
Here is my current config with the changes I've made:
Current configuration:
!
!Version ArubaOS-CX ML.10.05.0021
!export-password: default
hostname HH-SECURITY
user admin group administrators password ciphertext AQBapcpPi8K7T84gnvzcXx0iyeb3u//8WG4BF+7xGuYDSmMiYgAAAJWPd+FU1XCRlgNAFf3o6ZtkIhmSwcWViKKO0BYQp89uMxWsZGWARKUvnC6gOvEi0hNBhJsYiPyza5CjDrjPoz5C95wzXM5qiCoijjP1sIs7V19zzmyf8A5vDK2Hh037fc0g
!
ssh server vrf default
no ssh server vrf mgmt
vsf member 1
type jl725a
vlan 1,50-51
spanning-tree
interface mgmt
shutdown
ip dhcp
interface 1/1/1
no shutdown
vlan trunk native 1
vlan trunk allowed 1,50-51
interface 1/1/2
no shutdown
vlan access 50
interface 1/1/3
no shutdown
vlan access 50
interface 1/1/4
no shutdown
vlan access 50
interface 1/1/5
no shutdown
vlan access 50
interface 1/1/6
no shutdown
vlan access 50
interface 1/1/7
no shutdown
vlan access 50
interface 1/1/8
no shutdown
vlan access 50
interface 1/1/9
no shutdown
vlan access 50
interface 1/1/10
no shutdown
vlan access 50
interface 1/1/11
no shutdown
vlan access 51
interface 1/1/12
no shutdown
vlan access 51
interface 1/1/13
no shutdown
vlan access 51
interface 1/1/14
no shutdown
vlan access 51
interface 1/1/15
no shutdown
vlan access 51
interface 1/1/16
no shutdown
vlan access 51
interface 1/1/17
no shutdown
vlan access 51
interface 1/1/18
no shutdown
vlan access 51
interface 1/1/19
no shutdown
vlan access 51
interface 1/1/20
no shutdown
vlan access 51
interface 1/1/21
no shutdown
vlan access 51
interface 1/1/22
no shutdown
vlan access 51
interface 1/1/23
no shutdown
vlan access 51
interface 1/1/24
no shutdown
vlan access 51
interface 1/1/25
no shutdown
vlan trunk native 1
vlan trunk allowed 1,50-51
interface 1/1/26
no shutdown
vlan trunk native 1
vlan trunk allowed 1,50-51
interface 1/1/27
no shutdown
vlan trunk native 1
vlan trunk allowed 1,50-51
interface 1/1/28
no shutdown
vlan trunk native 1
vlan trunk allowed 1,50-51
interface vlan 1
! ip dhcp is ignored when static ip is configured
ip address 10.1.100.217/24
ip dhcp
ip route 0.0.0.0/0 10.1.100.1
!
ip source-interface all interface vlan1
https-server vrf default
no https-server vrf mgmt
HH-SECURITY#
------------------------------
Wayne DuBose
Original Message:
Sent: Jul 08, 2021 01:10 AM
From: Frank Anstoetz
Subject: SSH access to a 6200f over VLAN 1
switch(config)# ssh server vrf default
Best regards,
Frank.
------------------------------
Frank Anstoetz
Aruba Edge Professional, HPE MASE, CCIE em. #14807
Ingentive Networks GmbH
Duesseldorf, Germany
Original Message:
Sent: Jul 07, 2021 07:13 PM
From: Wayne DuBose
Subject: SSH access to a 6200f over VLAN 1
I just purchased some 6200f switches that will be used as standalone switches. I purchased them thinking they'd configure similar to the 2930f switches, which I have as my current access switches. I have all my commander 2930f access switches configured with a static IP address on default VLAN 1 of 10.1.100.X and then the switch has a default gateway of 10.1.100.1, which is the address of my router. This allows me to telnet and SSH to any of my switch stacks.
I cannot figure out how to set up the 6200f to give me the same functionality. I currently have three VLANs on the test 6200f switch (1, 50, 51) with an IP address assigned to VLAN 1 (10.1.100.217/24). Input is to port 1, which is trunked for VLAN 1, 50, and 51. All the other ports are access ports for VLAN 50 or 51. When I plug my laptop into one of the VLAN 50 or 51 access ports, they pull the correct IP address from my DHCP server and get internet connectivity. I just cannot SSH to it from elsewhere on the network. I tried to enter a default gateway to the 6200f switch like on the 2930f, but that appears to not be a CLI option under config. I currently have the mngmt interface disabled. I originally had it enabled and configured with an IP of 10.1.100.217/24 and a default gateway of 10.1.100.1, but I could not SSH to the switch using it set up that way either.
Do I have to use the management interface on the 6200f or is there a way to set it up similar to all of my 2930f stacks?
------------------------------
Wayne DuBose
------------------------------