Solved

SSH to CISCO SWITCH

Posted on 2012-04-04
5
514 Views
Last Modified: 2012-08-14
I need to connect (SSH) to a REMOTE SWITCH with no config on it. After connecting I need to do the full config of the SW. With the help of non IT person, who can console it to SW and input some basic conf so that I can SSH to the remote sw. I make this config, could anyone have a look and see if this works, as this is the first time I am doing this. Should I be able to SSH to the NEw Sw with this config?

I have a existing network at the location, router and sw. In this case I need to connect New SW to the OLD SW.

Router > OLD SW>NEW SW
-----------------------------------------------------------------------------

interface GigabitEthernet0/1 (Goes to the trunk port of OLD SW)
 switchport mode trunk
 speed 100
 duplex full
!
!
interface Vlan111   (Managment VLAN)
 ip address x.x.x.x 255.255.255.0
 no ip route-cache

ip default-gateway x.x.x.x

--------------

For config the SSH


ip domain-name test.net

line vty 0 4
 login
 transport input ssh

and need to generate key with command:

crypto key generate rsa 1024

--------------------------------------------------------------------------------
0
Comment
Question by:tech1guy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 10

Expert Comment

by:mat1458
ID: 37809685
It almost works. Without any passwords you get a message "Password required, but none set".

vtp mode transparent
vlan 111
interface GigabitEthernet0/1 (Goes to the trunk port of OLD SW)
 switchport mode trunk
 speed 100
 duplex full
interface Vlan111   (Managment VLAN)
 ip address x.x.x.x 255.255.255.0
 no ip route-cache
ip default-gateway x.x.x.x
!
hostname <yourhostname>
ip domain-name test.net
crypto key generate rsa general-keys modulus 1024

enable secret <somesecret>
line vty 0 4
 login
 transport input ssh
 password <somepassword>
0
 
LVL 14

Assisted Solution

by:Otto_N
Otto_N earned 100 total points
ID: 37810334
As far as I know, SSH requires both a username and a password, so include something like

username cisco password <somepassword>

You8 should then be able to SSH to the device using the "cisco" username.
0
 
LVL 4

Accepted Solution

by:
dcj21 earned 400 total points
ID: 37810641
Here's Cisco web page on setting up SSH
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

After adding the IP address info, The minimum for ssh is to use

aaa-new model                 < ---- Use this or add "login local" under the VTYs
username cisco password 0 cisco
ip domain-name test.example.com
crypto key generate rsa


The Cisco page says the "transport input ssh" is not needed unless you want to only allow ssh.
0
 

Author Comment

by:tech1guy
ID: 37811959
Thanks for your reply guys, but in the network we are using TACACS server to auth. My question if I attach the switch to the network with no config and then add the upper part (with no username/password), would I be able to ssh to the sw with with credentials on the TACACS server?
0
 
LVL 4

Assisted Solution

by:dcj21
dcj21 earned 400 total points
ID: 37812623
No - you have to add the TACACS server information

You should still have a local username in case access to the TACACS server is down.


You should add the following to the above:

aaa authentication login default tacacs+ local
tacacs-server host 10.6.101.101   <-- Change to your server's IP addr
tacacs-server key cisco    <-- must match your server's key or password
line con 0
login authentication default
line vty 0 4
login authentication default
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How can I measure the quality of my Internet access? 2 91
Node.js 11 82
Networking Monitoring Tools 10 108
ICT security firms and audit/assurance offerings 3 39
So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
Is your computer hacked? learn how to detect and delete malware in your PC
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question