Switching

Expand all | Collapse all

SSH and telnet issue

Jump to Best Answer
  • 1.  SSH and telnet issue

    Posted 11-02-2018 00:49

    Hello Junos

     

    we are using Ex9208 as core and Ex3400 as TOR's, the weird issue is I can't SSH from my laptop to the other TOR SW's SSH only works with the TOR that im connecting to or shh to the Core and then I can SSH to the other TOR's from the Core but not directly from my Laptop. yet not from TOR to another i have to ssh to ex9208 first the to the other TOR. it dosen't say an error message or anything its just stay blank like it waiting to get response and it never comes although telnet work from TOR to another but when i use my root and password it says its incorrect. why is that?

     

    I used to work with  Cisco and when configuring SSH i usually make Domain name ans specify SSH V2 etc. and the admin user will work for both SSH and telnet

     

    is it different here in Juniper do i missing something? as i only enabled SSH under system services that all.

     

    thanks in advance

     



  • 2.  RE: SSH and telnet issue

     
    Posted 11-02-2018 07:20

    Couple of questions:

     

    1.  Can we assume the connections from EX9200 to each EX3400s are pure L2, but that to get between EX3400 to another EX3400 requires some L3 at the EX9200?

     

    2.  If you SSH from EX9200 to EX3400, can you then create an SSH session from EX3400 back to EX9200?

     



  • 3.  RE: SSH and telnet issue

    Posted 11-02-2018 08:53

    yes its L2 ae trunk and yes i can ssh back to the core. whats your thoughts?



  • 4.  RE: SSH and telnet issue
    Best Answer

     
    Posted 11-02-2018 09:09

    I assume all IPs are in same subnet then, yes?  If yes, I suggest you contact TAC -:(



  • 5.  RE: SSH and telnet issue

    Posted 11-02-2018 09:47

    yes same subnet same vlan, i just thought there is somthing fancy to do with SSH in juniper

     

    and i will, thanks for your help 🙂



  • 6.  RE: SSH and telnet issue

     
    Posted 11-02-2018 16:24

    Is there  a protect firewall filter applied to the mgmt interface on the switches?

     

    Look at the interface configuration that has the ip address you are doing the ssh to as the target.  If there is an input filter applied on the interface this can be resricting what ip addresses are allowed to make connections and thus only allowing ssh from the core.

     



  • 7.  RE: SSH and telnet issue

    Posted 11-03-2018 02:37

    hello Spuluka

     

    I'm not using the Mgmt interface, i just created a new vlan named it Mgmt with irb adress and ae interface as trunk this is the way i used to do with Cisco.

    and i didnt apply any kind of filters unless EX Switches has it by default.

     

    here is ae config from TOR sw

    interfaces {
        ge-0/0/0 {
            ether-options {
                802.3ad ae10;
            }
        }                                   
        ge-0/0/1 {
            ether-options {
                802.3ad ae10;
            }
        }

    ae10 {
            aggregated-ether-options {
                lacp {
                    active;
                }
            }
            unit 0 {
                family ethernet-switching {
                    interface-mode trunk;   
                    vlan {
                        members all;
                    }
                }
            }
        }
        irb {
            unit 0 {
                family inet {
                    dhcp {
                        vendor-id Juniper-ex3400-24t;
                    }
                }
            }
            unit 11 {
                family inet {
                    address 10.10.3.11/24;

    ----------------------------------------------------

     

    and every TOR sw is connected to Core

     



  • 8.  RE: SSH and telnet issue

     
    Posted 11-03-2018 07:02

    What are the return routes on the TOR switches?

    For the subnet on the laptop that cannot connect where will the TOR send the reply packet

     



  • 9.  RE: SSH and telnet issue

    Posted 11-03-2018 10:58

    my laptop in the same subnet same vlan, so i didnt make any default routes in TOR