Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SSH to CISCO SWITCH

Posted on 2012-04-04
5
Medium Priority
?
517 Views
Last Modified: 2012-08-14
I need to connect (SSH) to a REMOTE SWITCH with no config on it. After connecting I need to do the full config of the SW. With the help of non IT person, who can console it to SW and input some basic conf so that I can SSH to the remote sw. I make this config, could anyone have a look and see if this works, as this is the first time I am doing this. Should I be able to SSH to the NEw Sw with this config?

I have a existing network at the location, router and sw. In this case I need to connect New SW to the OLD SW.

Router > OLD SW>NEW SW
-----------------------------------------------------------------------------

interface GigabitEthernet0/1 (Goes to the trunk port of OLD SW)
 switchport mode trunk
 speed 100
 duplex full
!
!
interface Vlan111   (Managment VLAN)
 ip address x.x.x.x 255.255.255.0
 no ip route-cache

ip default-gateway x.x.x.x

--------------

For config the SSH


ip domain-name test.net

line vty 0 4
 login
 transport input ssh

and need to generate key with command:

crypto key generate rsa 1024

--------------------------------------------------------------------------------
0
Comment
Question by:tech1guy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 10

Expert Comment

by:mat1458
ID: 37809685
It almost works. Without any passwords you get a message "Password required, but none set".

vtp mode transparent
vlan 111
interface GigabitEthernet0/1 (Goes to the trunk port of OLD SW)
 switchport mode trunk
 speed 100
 duplex full
interface Vlan111   (Managment VLAN)
 ip address x.x.x.x 255.255.255.0
 no ip route-cache
ip default-gateway x.x.x.x
!
hostname <yourhostname>
ip domain-name test.net
crypto key generate rsa general-keys modulus 1024

enable secret <somesecret>
line vty 0 4
 login
 transport input ssh
 password <somepassword>
0
 
LVL 14

Assisted Solution

by:Otto_N
Otto_N earned 400 total points
ID: 37810334
As far as I know, SSH requires both a username and a password, so include something like

username cisco password <somepassword>

You8 should then be able to SSH to the device using the "cisco" username.
0
 
LVL 4

Accepted Solution

by:
dcj21 earned 1600 total points
ID: 37810641
Here's Cisco web page on setting up SSH
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

After adding the IP address info, The minimum for ssh is to use

aaa-new model                 < ---- Use this or add "login local" under the VTYs
username cisco password 0 cisco
ip domain-name test.example.com
crypto key generate rsa


The Cisco page says the "transport input ssh" is not needed unless you want to only allow ssh.
0
 

Author Comment

by:tech1guy
ID: 37811959
Thanks for your reply guys, but in the network we are using TACACS server to auth. My question if I attach the switch to the network with no config and then add the upper part (with no username/password), would I be able to ssh to the sw with with credentials on the TACACS server?
0
 
LVL 4

Assisted Solution

by:dcj21
dcj21 earned 1600 total points
ID: 37812623
No - you have to add the TACACS server information

You should still have a local username in case access to the TACACS server is down.


You should add the following to the above:

aaa authentication login default tacacs+ local
tacacs-server host 10.6.101.101   <-- Change to your server's IP addr
tacacs-server key cisco    <-- must match your server's key or password
line con 0
login authentication default
line vty 0 4
login authentication default
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question