Folks:

I have several 3560G switches which have recently been upgraded to 12.2.58.....

prior, they were running 12.2.20, and ACLs were in place. No changes have been made to the config (they still have ACLs in place) or to the client I am trying to access them from via SSH.

Client is on the ACL, in other words.

I upgraded and although I can ping the switches from the machine I am trying to SSH to them from, and the nodes behind them work just fine (we can access web, logins, everything from the workstations behind the switches), I can not reach some of the switches via SSH.

Any thoughts? One or two of the switches I changed the names on, weeks ago. First thought was perhaps that had invalidated the RSA certificate on the switches. However, I've been able to access these same switches since the name change, right up till I upgraded IOS.

I am not getting SSH timeout, I am getting "connection refused" in putty. Same error I would get in event of an ACL issue (ie: trying to access from a host not on the ACL allow list).

Something I need to look into is the possibility of too many users on SSH into the device, by way of hung sessions. However, one ofthe switches in question was power-cycled after reload, so I doubt that's the issue.

OK this makes NO sense- since I have other, identical-case switches that didn't require this.. :shrugs:

I resolved this be rekeying the switch.

I bumped in to a similar issue with that code, but telnet was also broken, and you couldn't log in through the console.

_________________
http://networking.ventrefamily.com

god, I'd be screwed if not for the console working..

luckily, Telnet is forbidden in this enclave

Try regenerating your crypto key. Something like:
crypto key gen rsa usa mod 1024
should do the trick.

Yep, that's what I did