SSH Access for Cisco Catalyst Switch

KennethFC
Conversationalist

SSH Access for Cisco Catalyst Switch

Hi,

 

I was just wondering if we onboarded our cisco catalyst switches to Meraki dashboard are we still able to access it thru SSH? Will it be still authenticate thru our ISE Radius? Given that the switch will be on Monitor only.

 

Thank you

8 Replies 8
KarstenI
Kind of a big deal
Kind of a big deal

With the actual monitor option, the way you manage the device will not change. If later the Management-option on the Dashboard comes available, all these ways go away and there will be no SSH or local GUI.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
KennethFC
Conversationalist

Hi,I was just finished onboarding our test switch now, and I can't connect thru SSH I am getting authorization failed. Would it be the added config override the previous SSH authentication config?

GIdenJoe
Kind of a big deal
Kind of a big deal

This page has the config that will be pushed to your switch:
https://documentation.meraki.com/Cloud_Monitoring_for_Catalyst/Onboarding/Cloud_Monitoring_Detailed_...

 

If necessary try to connect to the switch with a console cable and try to see if you configured your method lists correctly.  Since the meraki tool does apply aaa method lists, make sure you have default method lists for your initial vty lines.  And of course a user of your own and the enable secret.

KennethFC
Conversationalist

All of my previous config are still intact, but the thing is since meraki added additional aaa config it might been conflict with my existing and now i cant access the switch thru SSH. I was able to login thru the console using a local account, but i was authenticated thru ISE so im a bit confused how the aaa process now with meraki in it.

redsector
Head in the Cloud

Works definitively with ssh when you chose the monitoring only option for the Meraki dashboard. Otherwise you weren´t able to do any changes on your switch. With the Meraki onboarding tool it´s an easy and guided way to put Catalysts (new Catalysts 9200...) into the Meraki dashboard.

Looks then like this:

Meraki Catalyst.jpg

Managing via ssh.

 

 

matt-ca
Here to help

We've recently added our core switches into Meraki dashboard (monitor only) via the onbording tool and now can't ssh to them. The authentication is still seen and auth'd by ISE but we get % Authorization failed then disconnected.

GIdenJoe
Kind of a big deal
Kind of a big deal

Hmm, you'll have to check if your method lists (specifically aaa authorization method lists are still matching).

So check if you still have

aaa authorization exec default group <ISE-group>

matt-ca
Here to help

yes that worked only just managed to check as in the office so could console on

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels