Solved

How to configure SSH access to Cisco 2960 and 3560 switches?

Posted on 2009-06-30
8
19,989 Views
Last Modified: 2016-09-22
There are quite a big number of the above switch types in my company. I'm thinking restrict the access to SSH ONLY. Alternatively, some may allow SSH and telnet access. How to do?
0
Comment
Question by:Balack
8 Comments
 
LVL 23

Accepted Solution

by:
that1guy15 earned 125 total points
ID: 24743552
0
 
LVL 2

Assisted Solution

by:infoseccons
infoseccons earned 125 total points
ID: 24743560
I guess you could set up your switches to allow ssh access by default and, for the ones that need it, create a seperate configuration that allows telnet access also.
See this excellent guide on the Cisco web site to read up on how to enable/disable telnet access and/or ssh access: http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_44_se/configuration/guide/swauthen.html

0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 125 total points
ID: 24744205

ip domain-name xxxx.com

crypto key generate rsa ! you'll be prompted for the key length

ip ssh version 2

line vty 0 4

 login local

 transport input ssh

Open in new window

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24746392
If you don't upgrade the switchs software you not able to use this feature! If yuu want the SSH, use Crypto image!
I advise you must use to protect the remote access access-list on the vty:

access-list 1 permit x.x.x.x y.y.y.y  ----> where you want to access
access-list 1 deny   any

line vty 0 4
 transport input ssh
  access-class 1 in
end
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:Balack
ID: 24751322
What is the minimal requirements on IOS version? My co-worker try to key in "crypto key generate rsa", and being prompted "invalid command".

For your info, he tried on switches with 12.1(32) and 12.0(5.3).
0
 

Author Comment

by:Balack
ID: 24751325
BTW, what is latest version I can upgrade to the above switches?
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 125 total points
ID: 24751730
Hi Balack,

You must upgrade the switches, if you want to enable SSH!
If you a registered user, you able to download directly from cco!

The legal procedure is: you buy the new sofware from your service integrator, or cisco partner, and after you upgrade the switches!
 The latast version: LAN LITE W/O CRYPTO c2960-lanlite-mz.122-50.SE2.bin Release Date: 19/May/2009 Size: 6564.96 KB  (6722515 bytes) Minimum Memory: DRAM:64 MB  Flash:32 MB    LAN LITE W/O CRYPTO WITH WEB BASED DEV MGR c2960-lanlite-tar.122-50.SE2.tar Release Date: 19/May/2009 Size: 10220.00 KB  (10465280 bytes) Minimum Memory: DRAM:64 MB  Flash:32 MB   IP BASE W/O CRYPTO c3560-ipbase-mz.122-50.SE1.bin Release Date: 14/Apr/2009 Size: 9027.33 KB  (9243981 bytes) Minimum Memory: DRAM:128 MB  Flash:16 MB    IP BASE W/O CRYPTO WITH WEB BASED DEV MGR c3560-ipbase-tar.122-50.SE1.tar Release Date: 14/Apr/2009 Size: 11750.00 KB  (12032000 bytes) Minimum Memory: DRAM:128 MB  Flash:16 MB
 
0
 

Expert Comment

by:Ravi Kant
ID: 41810498
Hi

I am not able to generate crypto keys on Cisco 2960. This shows "% Unrecognized command".
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now