No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Users Cannot Remotely Log In to the CE6810 Through the VPN Instance Interface

Publication Date:  2019-04-12 Views:  26 Downloads:  0
Issue Description

To separate services from management routes, the management interface of the CE6810 is added to a VPN instance and the default routing information of the VPN instance is added.

After the SSH service for the VTY is globally enabled, users can remotely log in to the CE6810 through the management interface.

After an ACL is invoked in the VTY, users cannot remotely log in to the CE6810.

Alarm Information

The following information is displayed when you remotely log in to the switch using the XSHELL.

<G06_YiDong_QinQ_CE6810>
Info: The max number of VTY users is 5, and the number of current VTY users on line is 1.
Socket error Event: 32 Error: 10053.
Connection closing...Socket close.

Connection closed by foreign host.

Disconnected from remote host(192.168.200.5:22) at 09:25:25

Handling Process

1.       Ping the management interface address of the CE6810 from the user terminal. The ping operation succeeds.

2.       Remove the ACL from the VTY and log in to the switch remotely. The login succeeds.

3.       Check whether the ACL permits the client address. The check result indicates that the ACL permits the client address.

4.       Run the dis acl all command. The command output indicates that no data packet is matched.

Root Cause

To apply an ACL to a VPN instance, you need to add VPN instance parameters when creating an ACL.

Solution

Add VPN instance parameters to the ACL.

acl name Permit_RemoteAccess_SouceIP advance
 rule 5 permit ip vpn-instance ManageNet source 172.16.1.251 0
 rule 10 permit ip vpn-instance ManageNet source 172.20.1.211 0
 rule 15 permit ip vpn-instance ManageNet source 172.20.1.242 0

Suggestions

VPN instance parameters need to be added to many services when they are sent through a VPN instance interface.

END