Solved

How to configure SSH access to Cisco 2960 and 3560 switches?

Posted on 2009-06-30
8
20,524 Views
Last Modified: 2016-09-22
There are quite a big number of the above switch types in my company. I'm thinking restrict the access to SSH ONLY. Alternatively, some may allow SSH and telnet access. How to do?
0
Comment
Question by:Balack
8 Comments
 
LVL 23

Accepted Solution

by:
that1guy15 earned 125 total points
ID: 24743552
0
 
LVL 2

Assisted Solution

by:infoseccons
infoseccons earned 125 total points
ID: 24743560
I guess you could set up your switches to allow ssh access by default and, for the ones that need it, create a seperate configuration that allows telnet access also.
See this excellent guide on the Cisco web site to read up on how to enable/disable telnet access and/or ssh access: http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_44_se/configuration/guide/swauthen.html

0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 125 total points
ID: 24744205

ip domain-name xxxx.com
crypto key generate rsa ! you'll be prompted for the key length
ip ssh version 2
line vty 0 4
 login local
 transport input ssh

Open in new window

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24746392
If you don't upgrade the switchs software you not able to use this feature! If yuu want the SSH, use Crypto image!
I advise you must use to protect the remote access access-list on the vty:

access-list 1 permit x.x.x.x y.y.y.y  ----> where you want to access
access-list 1 deny   any

line vty 0 4
 transport input ssh
  access-class 1 in
end
0
 

Author Comment

by:Balack
ID: 24751322
What is the minimal requirements on IOS version? My co-worker try to key in "crypto key generate rsa", and being prompted "invalid command".

For your info, he tried on switches with 12.1(32) and 12.0(5.3).
0
 

Author Comment

by:Balack
ID: 24751325
BTW, what is latest version I can upgrade to the above switches?
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 125 total points
ID: 24751730
Hi Balack,

You must upgrade the switches, if you want to enable SSH!
If you a registered user, you able to download directly from cco!

The legal procedure is: you buy the new sofware from your service integrator, or cisco partner, and after you upgrade the switches!
 The latast version: LAN LITE W/O CRYPTO c2960-lanlite-mz.122-50.SE2.bin Release Date: 19/May/2009 Size: 6564.96 KB  (6722515 bytes) Minimum Memory: DRAM:64 MB  Flash:32 MB    LAN LITE W/O CRYPTO WITH WEB BASED DEV MGR c2960-lanlite-tar.122-50.SE2.tar Release Date: 19/May/2009 Size: 10220.00 KB  (10465280 bytes) Minimum Memory: DRAM:64 MB  Flash:32 MB   IP BASE W/O CRYPTO c3560-ipbase-mz.122-50.SE1.bin Release Date: 14/Apr/2009 Size: 9027.33 KB  (9243981 bytes) Minimum Memory: DRAM:128 MB  Flash:16 MB    IP BASE W/O CRYPTO WITH WEB BASED DEV MGR c3560-ipbase-tar.122-50.SE1.tar Release Date: 14/Apr/2009 Size: 11750.00 KB  (12032000 bytes) Minimum Memory: DRAM:128 MB  Flash:16 MB
 
0
 

Expert Comment

by:Ravi Kant
ID: 41810498
Hi

I am not able to generate crypto keys on Cisco 2960. This shows "% Unrecognized command".
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question