Meraki

Community

SSH Access for Cisco Catalyst Switch

KennethFC
Conversationalist
‎Mar 3 2023 9:42 AM
‎Mar 3 2023 9:42 AM

SSH Access for Cisco Catalyst Switch

Hi,

 

I was just wondering if we onboarded our cisco catalyst switches to Meraki dashboard are we still able to access it thru SSH? Will it be still authenticate thru our ISE Radius? Given that the switch will be on Monitor only.

 

Thank you

Labels:
0 Kudos
8 Replies 8
KarstenI
Kind of a big deal
Kind of a big deal
‎Mar 3 2023 9:58 AM
‎Mar 3 2023 9:58 AM

With the actual monitor option, the way you manage the device will not change. If later the Management-option on the Dashboard comes available, all these ways go away and there will be no SSH or local GUI.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
KennethFC
Conversationalist
‎Mar 3 2023 10:03 AM
‎Mar 3 2023 10:03 AM

Hi,I was just finished onboarding our test switch now, and I can't connect thru SSH I am getting authorization failed. Would it be the added config override the previous SSH authentication config?

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Mar 4 2023 4:19 AM
‎Mar 4 2023 4:19 AM

This page has the config that will be pushed to your switch:
https://documentation.meraki.com/Cloud_Monitoring_for_Catalyst/Onboarding/Cloud_Monitoring_Detailed_...

 

If necessary try to connect to the switch with a console cable and try to see if you configured your method lists correctly.  Since the meraki tool does apply aaa method lists, make sure you have default method lists for your initial vty lines.  And of course a user of your own and the enable secret.

In response to GIdenJoe
KennethFC
Conversationalist
‎Mar 9 2023 8:16 AM
‎Mar 9 2023 8:16 AM

All of my previous config are still intact, but the thing is since meraki added additional aaa config it might been conflict with my existing and now i cant access the switch thru SSH. I was able to login thru the console using a local account, but i was authenticated thru ISE so im a bit confused how the aaa process now with meraki in it.

0 Kudos
redsector
Head in the Cloud
‎Mar 10 2023 8:19 AM
‎Mar 10 2023 8:19 AM

Works definitively with ssh when you chose the monitoring only option for the Meraki dashboard. Otherwise you weren´t able to do any changes on your switch. With the Meraki onboarding tool it´s an easy and guided way to put Catalysts (new Catalysts 9200...) into the Meraki dashboard.

Looks then like this:

Meraki Catalyst.jpg

Managing via ssh.

 

 

0 Kudos
matt-ca
Here to help
‎Nov 27 2023 6:28 AM
‎Nov 27 2023 6:28 AM

We've recently added our core switches into Meraki dashboard (monitor only) via the onbording tool and now can't ssh to them. The authentication is still seen and auth'd by ISE but we get % Authorization failed then disconnected.

0 Kudos
In response to matt-ca
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Dec 3 2023 9:45 AM
‎Dec 3 2023 9:45 AM

Hmm, you'll have to check if your method lists (specifically aaa authorization method lists are still matching).

So check if you still have

aaa authorization exec default group <ISE-group>

matt-ca
Here to help
‎Dec 11 2023 5:36 AM
‎Dec 11 2023 5:36 AM

yes that worked only just managed to check as in the office so could console on

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.