Wired Intelligent Edge (Campus Switching and Routing)

Reply
Contributor II

ArubaOS only allows single SSH connection

I configured an Aruba switch 3810 for AAA (Tacacs) with Clearpass but having 2 issues:

 

- Switch is not allowing concurrent SSH conections, only the first connection works then everyone else gets "Connection refused"

 

- How to disable the "username" prompt when entering "enable" mode? i am able to do this for Cisco switches but not for Aruba OS. I only want to ask user/password on initial conection then once enter enable mode only ask for password to match the previously entered username.

 

Thanks,

 

AP

Super Contributor II

Re: ArubaOS only allows single SSH connection

For the double login issue you need to set the following command.

 

aaa authentication login privilege-mode

 

ArubaOS isn't restricting SSH to one session.


Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
MVP Expert

Re: ArubaOS only allows single SSH connection


@andresp wrote:

I configured an Aruba switch 3810 for AAA (Tacacs) with Clearpass but having 2 issues:

 

- Switch is not allowing concurrent SSH conections, only the first connection works then everyone else gets "Connection refused"

 

 


What do you have on the log ?

you don't have configure session limit ?




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
Highlighted
Contributor II

Re: ArubaOS only allows single SSH connection

I get "Connection closed" when trying to ssh when a user is already conected we get "Connection closed" refused from the switch,it doesnt even make it to CPPM......

 

3810M-73-249# sho ip ssh


SSH Enabled : Yes Secure Copy Enabled : No
TCP Port Number : 22 Timeout (sec) : 120
Rekey Enabled : No Rekey Time (min) : 60
Rekey Volume (KB) : 1048576
Host Key Type : RSA Host Key/Curve Size : 1024

Ciphers : aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,
aes192-cbc,aes128-ctr,aes128-cbc,3des-cbc
MACs : hmac-sha1-96,hmac-md5,hmac-sha1,hmac-md5-96

Ses Type | Source IP Port
--- -------- + ---------------------------------------------- -----
1 console |
2 ssh | 10.2.203.100 63166
3 inactive |
4 inactive |
5 inactive |
6 inactive |
7 inactive |

 

 

 

MVP Expert

Re: ArubaOS only allows single SSH connection

What firmware release ?

 

Do you are using TACACS or RADIUS ?




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
Contributor II

Re: ArubaOS only allows single SSH connection

Tacacs

 

Switch Boot ROM Version: KB.16.01.0008

 

CPPM v 6.7.9

MVP Expert

Re: ArubaOS only allows single SSH connection

what show version say ?




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
Contributor II

Re: ArubaOS only allows single SSH connection

3810M-73-249# show version


Image stamp: /ws/swbuildm/rel_ukiah_qaoff/code/build/bom(swbuildm_rel_ukiah_qaoff_rel_ukiah)
Jul 21 2017 14:42:33
KB.16.04.0008
442
Boot Image: Primary

Boot ROM Version: KB.16.01.0008
Active Boot ROM: Primary

MVP Expert

Re: ArubaOS only allows single SSH connection

May be a good idea to upgrade




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
MVP Expert

Re: ArubaOS only allows single SSH connection

Greetings!

 

First, check the number of maximum concurrent sessions currently configured on the switch using the command show console:

 

switch# show console 

 Console/Serial Link

  Active Console : Serial

  USB Console Input Enabled [Yes] : Yes
  Inbound Telnet Enabled [Yes] : Yes
  Web Agent Enabled [Yes] : No 

  Terminal Type [VT100] : VT100   
  Screen Refresh Interval (sec) [3] : 3 
  Displayed Events [All] : All     
  Baud Rate [speed-sense] : speed-sense
  Flow Control [XON/XOFF] : XON/XOFF
  Global Session Idle Timeout (sec) [0] : 0   
  Serial/USB Console Idle Timeout (sec) [not set/900] : not set
  Current Session Idle Timeout (sec) : 0   
  Maximum Concurrent Sessions Allowed [7] : 7   
  Maximum Concurrent Sessions Allowed Per User [7] : 7   

If you need to change these values, use the commands console max-sessions and console max-user-sessions from the configuration context.

 

If this does not appear to be causing the issue, I would recommend upgrading the switch to the latest software release (KB.16.08.0003), if possible, and seeing if the issue persists. If it does, I would recommend opening a TAC case (if you haven't already) for a formal investigation.



Matt Fern
Technical Marketing Engineer, Wired Intelligent Edge

Aruba, a Hewlett Packard Enterprise company

8000 FOOTHILLS BLVD  |  ROSEVILLE, CA 95747
T: 916.540.1759  |  E: mfern@hpe.com   |   Matt @ Twitter
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: