Solved

SSH to CISCO SWITCH

Posted on 2012-04-04
5
512 Views
Last Modified: 2012-08-14
I need to connect (SSH) to a REMOTE SWITCH with no config on it. After connecting I need to do the full config of the SW. With the help of non IT person, who can console it to SW and input some basic conf so that I can SSH to the remote sw. I make this config, could anyone have a look and see if this works, as this is the first time I am doing this. Should I be able to SSH to the NEw Sw with this config?

I have a existing network at the location, router and sw. In this case I need to connect New SW to the OLD SW.

Router > OLD SW>NEW SW
-----------------------------------------------------------------------------

interface GigabitEthernet0/1 (Goes to the trunk port of OLD SW)
 switchport mode trunk
 speed 100
 duplex full
!
!
interface Vlan111   (Managment VLAN)
 ip address x.x.x.x 255.255.255.0
 no ip route-cache

ip default-gateway x.x.x.x

--------------

For config the SSH


ip domain-name test.net

line vty 0 4
 login
 transport input ssh

and need to generate key with command:

crypto key generate rsa 1024

--------------------------------------------------------------------------------
0
Comment
Question by:tech1guy
5 Comments
 
LVL 10

Expert Comment

by:mat1458
ID: 37809685
It almost works. Without any passwords you get a message "Password required, but none set".

vtp mode transparent
vlan 111
interface GigabitEthernet0/1 (Goes to the trunk port of OLD SW)
 switchport mode trunk
 speed 100
 duplex full
interface Vlan111   (Managment VLAN)
 ip address x.x.x.x 255.255.255.0
 no ip route-cache
ip default-gateway x.x.x.x
!
hostname <yourhostname>
ip domain-name test.net
crypto key generate rsa general-keys modulus 1024

enable secret <somesecret>
line vty 0 4
 login
 transport input ssh
 password <somepassword>
0
 
LVL 14

Assisted Solution

by:Otto_N
Otto_N earned 100 total points
ID: 37810334
As far as I know, SSH requires both a username and a password, so include something like

username cisco password <somepassword>

You8 should then be able to SSH to the device using the "cisco" username.
0
 
LVL 4

Accepted Solution

by:
dcj21 earned 400 total points
ID: 37810641
Here's Cisco web page on setting up SSH
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

After adding the IP address info, The minimum for ssh is to use

aaa-new model                 < ---- Use this or add "login local" under the VTYs
username cisco password 0 cisco
ip domain-name test.example.com
crypto key generate rsa


The Cisco page says the "transport input ssh" is not needed unless you want to only allow ssh.
0
 

Author Comment

by:tech1guy
ID: 37811959
Thanks for your reply guys, but in the network we are using TACACS server to auth. My question if I attach the switch to the network with no config and then add the upper part (with no username/password), would I be able to ssh to the sw with with credentials on the TACACS server?
0
 
LVL 4

Assisted Solution

by:dcj21
dcj21 earned 400 total points
ID: 37812623
No - you have to add the TACACS server information

You should still have a local username in case access to the TACACS server is down.


You should add the following to the above:

aaa authentication login default tacacs+ local
tacacs-server host 10.6.101.101   <-- Change to your server's IP addr
tacacs-server key cisco    <-- must match your server's key or password
line con 0
login authentication default
line vty 0 4
login authentication default
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now