Still not able to telnet/ssh to switch

March 18, 2011 at 07:28:16
Specs: Windows XP
I can telnet to switch from checkpoint firewall access port and from switch directly. I can ping/traceroute successfully to the switch. Access-lists 14 & 15 are allowing the traffic I want. The router on the other side of the FW has 2 static routes and a default static route set up.
Here is some of the config from my switch:

service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption

hostname xxxxx
enable secret xxxxxx
username xxxxxxxx password xxxxxxx

ip domain-name xx.xx.net

aaa new-model
aaa authentication login default local enable line none
aaa authentication dot1x default group radius
aaa session-id common

dot1x system-auth-control

vlan 387

interface FastEthernet0/1
description Reserved for Up-Link to Un-Encrypted Firewall Port
switchport access vlan 387
switchport mode access
no logging event link-status
no snmp trap link-status
int range fa0/2 - 12
switchport access vlan 378
switchport mode access
switchport port-security
switchport port-security mac address xxxx.xxxx.xxxx
no logging event link-status
no snmp trap link-status
storm-control broadcast level 10.00
storm-control unicast level 90.00
storm-control action trap
spanning-tree portfast

interface range fa0/13 - 24
description User Port - DOT1X Enabled
switchport access vlan 387
switchport mode access
no logging event link-status
no snmp trap link-status
authentication port-control auto
no snmp trap link-status dot1x pae authenticator
storm-control broadcast level 10.00
storm-control unicast level 90.00
storm-control action trap
spanning-tree portfast

interface Vlan387
ip address 10.x.x.x 255.255.255.224
no ip redirects


ip default-gateway 10.x.x.x
ip classless
no ip http server
ip http authentication aaa
ip http port 1741
ip http access-class 15
no ip http secure-server


line vty 0 4
access-class 14 in
password 0 xxxxxxxxx
login authentication default
exec-timeout 5 0
transport input telnet ssh
transport output telnet ssh


Not sure of checkpoint firewall config....

I have run wireshark when trying to telnet and I get no syn-ack back from remote switch. Just 3 consecutive syn attempts.

I have some switches I can connect to and they go right through the 3 way TCP handshake and I cannot find any differences in the configs between the successful connections and the unsuccessful connections.


thank again for any help


See More: Still not able to telnet/ssh to switch

Report •


#1
March 18, 2011 at 08:31:36
This device is configured with SSH. Are you using a client that supports SSH like PuTTY or something?

http://www.cisco.com/en/US/tech/tk5...


Report •
Related Solutions


Ask Question