Wired Intelligent Edge

 View Only
  • 1.  SSH to MGMT port

    Posted Jan 17, 2024 03:30 PM

    My problem is that I cannot SSH to the MGMT interface.

    I am using EVE-NG (latest version, VM is fully up to date).  I have a CX 10.12 Simulator attached with Interface 1/1/1 and mgmt.   

    Running config of switch

    hostname SPINE2
    ssh server vrf default
    ssh server vrf mgmt
    vlan 1
    interface mgmt
        no shutdown
        ip dhcp
    interface 1/1/1
        no shutdown
        no routing                                                 
        vlan access 1
    interface vlan 1
        ip address 192.168.32.122/24
    ip route 0.0.0.0/0 192.168.32.1
    https-server vrf mgmt

    config of mgmt interterface 

    SPINE2# show int mgmt
      Address Mode: dhcp
      Admin State: up
      Link State: up
      Mac Address: 50:00:00:04:00:00
      IPv4 address/subnet-mask: 192.168.32.95/24
      Default gateway IPv4: 192.168.32.1
      Primary Nameserver: 192.168.32.250

    I am successfully able to SSH to the VLAN1 access port, but I cannot SSH to the mgmt port.   

    When I test if port 22 is open on each interface, I can prove that 1/1/1 is listening (via vlan1).

    However mgmt is not listening on tcp/22 (ICMP is successful though). 

     

    SSH is enabled on the mgmt VRF (as shown in the config), and there is not any ACLs on the SSH sessions. 

    Any ideas?



  • 2.  RE: SSH to MGMT port

    Posted Jan 17, 2024 04:31 PM

    I don't understand your setup.

    • Seems like your test is done from your PC to ArubaCX1.
    • I see only your PC (HomeNET) connected to ArubaCX1 1/1/1, why i don't see HomeNET connected to ArubaCX1 mgmt?
    • ArubaCX10-12 seem irrelevant here.


    ------------------------------
    Marcel Koedijk | MVP Expert 2023 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------



  • 3.  RE: SSH to MGMT port
    Best Answer

    Posted Jan 18, 2024 01:45 AM

    If you would like to access switches via mgmt port from outside the emulated environment, then connect them to management network.

    Best, Gorazd



    ------------------------------
    Gorazd Kikelj
    MVP Expert 2023
    ------------------------------



  • 4.  RE: SSH to MGMT port

    Posted Jan 18, 2024 03:19 AM

    Thank you.  I didn't realise I could have more than one thing attached to the Management bridge, that's why I was using ArubaCX1 as an aggregate to SSH to ArubaCX10-12.  It is weird though why I couldn't hop through that to the mgmt port, but I could SSH to VLAN1 via port 1/1/1. 

    I've made that change and I can now SSH to my mgmt port.  

    Thanks again. 




  • 5.  RE: SSH to MGMT port

    Posted Jan 18, 2024 03:25 AM
    Edited by GorazdKikelj Jan 18, 2024 03:30 AM

    Hi Tom.

    You could also use intermediate switch but you need to route traffic accordingly. More work to do. It is easier just to connect mgmt ports to Management network.

    Best, Gorazd



    ------------------------------
    Gorazd Kikelj
    MVP Expert 2023
    ------------------------------