SSH to CISCO SWITCH

I need to connect (SSH) to a REMOTE SWITCH with no config on it. After connecting I need to do the full config of the SW. With the help of non IT person, who can console it to SW and input some basic conf so that I can SSH to the remote sw. I make this config, could anyone have a look and see if this works, as this is the first time I am doing this. Should I be able to SSH to the NEw Sw with this config?

I have a existing network at the location, router and sw. In this case I need to connect New SW to the OLD SW.

Router > OLD SW>NEW SW
-----------------------------------------------------------------------------

interface GigabitEthernet0/1 (Goes to the trunk port of OLD SW)
 switchport mode trunk
 speed 100
 duplex full
!
!
interface Vlan111   (Managment VLAN)
 ip address x.x.x.x 255.255.255.0
 no ip route-cache

ip default-gateway x.x.x.x

--------------

For config the SSH


ip domain-name test.net

line vty 0 4
 login
 transport input ssh

and need to generate key with command:

crypto key generate rsa 1024

--------------------------------------------------------------------------------
tech1guyAsked:
Who is Participating?
 
dcj21Connect With a Mentor Commented:
Here's Cisco web page on setting up SSH
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

After adding the IP address info, The minimum for ssh is to use

aaa-new model                 < ---- Use this or add "login local" under the VTYs
username cisco password 0 cisco
ip domain-name test.example.com
crypto key generate rsa


The Cisco page says the "transport input ssh" is not needed unless you want to only allow ssh.
0
 
mat1458Commented:
It almost works. Without any passwords you get a message "Password required, but none set".

vtp mode transparent
vlan 111
interface GigabitEthernet0/1 (Goes to the trunk port of OLD SW)
 switchport mode trunk
 speed 100
 duplex full
interface Vlan111   (Managment VLAN)
 ip address x.x.x.x 255.255.255.0
 no ip route-cache
ip default-gateway x.x.x.x
!
hostname <yourhostname>
ip domain-name test.net
crypto key generate rsa general-keys modulus 1024

enable secret <somesecret>
line vty 0 4
 login
 transport input ssh
 password <somepassword>
0
 
Otto_NConnect With a Mentor Commented:
As far as I know, SSH requires both a username and a password, so include something like

username cisco password <somepassword>

You8 should then be able to SSH to the device using the "cisco" username.
0
 
tech1guyAuthor Commented:
Thanks for your reply guys, but in the network we are using TACACS server to auth. My question if I attach the switch to the network with no config and then add the upper part (with no username/password), would I be able to ssh to the sw with with credentials on the TACACS server?
0
 
dcj21Connect With a Mentor Commented:
No - you have to add the TACACS server information

You should still have a local username in case access to the TACACS server is down.


You should add the following to the above:

aaa authentication login default tacacs+ local
tacacs-server host 10.6.101.101   <-- Change to your server's IP addr
tacacs-server key cisco    <-- must match your server's key or password
line con 0
login authentication default
line vty 0 4
login authentication default
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.