网络工程 - 思科 4948 可以 ping 出，但没有连接入站 - 吾爱随笔录

我怀疑这里有 n00b 问题...我收到了一个使用过的 Cisco 4948（不是“E”或“F”）交换机，我正在尝试将其配置为 SSH 管理访问。我可以从交换机 ping 通到我为其配置了“Vlan1”的同一子网的本地节点，但无法 ping 交换机。我有另一个连接到 gig1/1 的哑集线器，我可以看到来自交换机的 802.1d 数据包，所以我假设我的问题是配置问题。没有 ping，SSH 只是在连接尝试时超时。

Vlan1 配置如下：

switch1>sh int vlan1
Vlan1 is up, line protocol is up
  Hardware is Ethernet SVI, address is 001e.f7ad.66bf (bia 001e.f7ad.66bf)
  Internet address is 10.147.123.2/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
  L3 in Switched: ucast: 239 pkt, 19252 bytes - mcast: 0 pkt, 0 bytes
  L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
     409 packets input, 62554 bytes, 0 no buffer
     Received 170 broadcasts (22 IP multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     96 packets output, 6558 bytes, 0 underruns
     0 output errors, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

Gig1/1 像这样：

switch1> sh int gig1/1
GigabitEthernet1/1 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet Port, address is 001e.f7ad.6680 (bia 001e.f7ad.6)
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000-TX
  input flow-control is on, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     574140 packets input, 46267278 bytes, 0 no buffer
     Received 573846 broadcasts (70850 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     141011 packets output, 10520046 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
switch1>sh ip int gig1/1
GigabitEthernet1/1 is up, line protocol is up
  Inbound  access list is 1
  Outgoing access list is 1
switch1>sh access-lists 1
Standard IP access list 1
    10 permit any (1525 matches)

我显然遗漏了一些基本的东西，但是我能找到的所有方法都告诉你像我一样运行命令，一切都刚刚开始工作。

我的sh term命令有以下几行：

Allowed input transports are none.
Allowed output transports are telnet ssh.

...在我看来，这让 ssh 工作起来很可疑。

谢谢你的帮助:)

编辑：完整配置：

switch1#sh run
Building configuration...

Current configuration : 2677 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname switch1
!
boot-start-marker
boot-end-marker
!
enable password {password}
!
username admin password 0 {password}
no aaa new-model
clock timezone CDT -6
ip subnet-zero
ip domain-name home.gan
ip name-server 10.1.1.20
!
ip ssh time-out 90
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/1
 switchport mode access
 ip access-group 1 in
 ip access-group 1 out
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface GigabitEthernet1/5
!
interface GigabitEthernet1/6
!
interface GigabitEthernet1/7
!
interface GigabitEthernet1/8
!
interface GigabitEthernet1/9
!
interface GigabitEthernet1/10
!
interface GigabitEthernet1/11
!
interface GigabitEthernet1/12
!
interface GigabitEthernet1/13
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
!
interface GigabitEthernet1/16
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/19
!
interface GigabitEthernet1/20
!
interface GigabitEthernet1/21
!
interface GigabitEthernet1/22
!
interface GigabitEthernet1/23
!
interface GigabitEthernet1/24
!
interface GigabitEthernet1/25
!
interface GigabitEthernet1/26
!
interface GigabitEthernet1/27
!
interface GigabitEthernet1/28
!
interface GigabitEthernet1/29
!
interface GigabitEthernet1/30
!
interface GigabitEthernet1/31
!
interface GigabitEthernet1/32
!
interface GigabitEthernet1/33
!
interface GigabitEthernet1/34
!
interface GigabitEthernet1/35
!
interface GigabitEthernet1/36
!
interface GigabitEthernet1/37
!
interface GigabitEthernet1/38
!
interface GigabitEthernet1/39
!
interface GigabitEthernet1/40
!
interface GigabitEthernet1/41
!
interface GigabitEthernet1/42
!
interface GigabitEthernet1/43
!
interface GigabitEthernet1/44
!
interface GigabitEthernet1/45
!
interface GigabitEthernet1/46
!
interface GigabitEthernet1/47
!
interface GigabitEthernet1/48
!
interface Vlan1
 ip address 10.1.2.2 255.255.255.0
!
ip default-gateway 10.1.2.1
ip http server
!
!
!
ip access-list standard SSH-ACCESS
 permit 10.1.2.0 0.0.0.255
 permit 10.1.5.0 0.0.0.255
 permit 10.1.9.0 0.0.0.255
 permit 10.1.12.0 0.0.0.255
access-list 1 permit any
access-list 102 permit icmp any any echo-reply
!
!
!
line con 0
 stopbits 1
line vty 0 4
 access-class SSH-ACCESS in
 exec-timeout 2880 0
 password {password}
 logging synchronous
 login
 length 0
 transport input ssh
line vty 5 15
 password {password}
 login
!
!
end

SSH 密钥已经生成。

编辑2

switch1#sh spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     001e.f7ad.6680
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     001e.f7ad.6680
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/1            Desg FWD 4         128.1    P2p