Monday, October 7, 2013

SSH across management Interface in our new Cisco ASR 1004.

 Trying to configure persistent SSH across management Interface in our new Cisco ASR 1004 platforms. Well, It seems to work fine, however when we try ssh to management interface:

1. TACACS+ authentication doesn´t work. Only local authentication (usernames configured in local) works with persistent SSH. Taking a view to ASR 1004 user guide, aaa is not supported over management interface configured for persistent SSH. Ok, it´s clear for me.

2. SSH session is stuck waiting for free TTY line, but only I´m trying to access to it ¿¿??. I only get into router emulation using persistent SSH, in diag mode pressing Ctrl+C or Ctrl+Shift+6, but you know in diag mode we won´t obtain full line vty capabilities. Anybody knows why don´t we obtain TTY line access using persistent SSH?

This is our config:

transport-map type persistent ssh sshmg
rsa keypair-name
transport interface GigabitEthernet0
banner wait "*** WAITING FOR VTY LINE - CBR4***"
banner diagnostic "***DIAGNOSTIC MODE - CUBR4***"
connection wait allow interruptble
transport type persistent ssh input sshmg

Below link has the details for the SSH handling

You MUST use local authentication to work with Persistant SSH.

