查看ssh部分配置是没问题的
#
ssh server enable
ssh server acl 2000
#
line vty 0 4
authentication-mode scheme
user-role level-15
user-role network-operator
protocol inbound ssh
#
local-user user1 class manage
password hash $h$6$XCde1wGLLzpkniQR$LIpnYeJaa9VkNMEAAitOBkLQuzIMQ7jTT89hnoWua82pVZj2scF013gD8TVqlvZER859xOvg2NmY6f3y//7pYA==
service-type ssh
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user user2 class manage
password hash $h$6$HymlGTWmUgZ+fx6a$xPc/RIAe4SPRQDZupw2egE9t5wtb8N/SQVIi2yWOqM1QdMoZC2s208NBCcHuW/Ol09StwnaZfiCtuk9S6G0y/w==
service-type ssh
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
acl number 2000
rule 0 permit source 10.40.71.0 0.0.0.255
rule 5 permit source 172.16.1.0 0.0.0.255
rule 10 permit source 172.29.1.0 0.0.0.255
rule 15 permit source 172.31.5.1 0
rule 20 permit source 172.31.0.0 0.0.0.255
rule 25 permit source 10.40.79.0 0.0.0.255
rule 100 deny
#
ip route-static 10.0.0.0 8 172.31.X.X
ip route-static 10.40.70.0 23 172.31.X.X
ip route-static 10.40.72.0 21 172.31.X.X
ip route-static 172.16.0.0 12 172.31.X.X
ip route-static vpn-instance manage 0.0.0.0 0 172.31.X.X
但是查看所有配置发现有配置vpn实例且在管理口下应用了该vpn实例,登陆失败的原因已找到,是因为在管理口下引用了vpn实例但是在acl 2000中没有添加。
#
ip vpn-instance manage
description for-network-manage
#
interface M-GigabitEthernet1/0/0/0
ip binding vpn-instance manage
ip address 172.31.X.X 255.255.255.0