Solved

SSH to CISCO SWITCH

Posted on 2012-04-04
5
509 Views
Last Modified: 2012-08-14
I need to connect (SSH) to a REMOTE SWITCH with no config on it. After connecting I need to do the full config of the SW. With the help of non IT person, who can console it to SW and input some basic conf so that I can SSH to the remote sw. I make this config, could anyone have a look and see if this works, as this is the first time I am doing this. Should I be able to SSH to the NEw Sw with this config?

I have a existing network at the location, router and sw. In this case I need to connect New SW to the OLD SW.

Router > OLD SW>NEW SW
-----------------------------------------------------------------------------

interface GigabitEthernet0/1 (Goes to the trunk port of OLD SW)
 switchport mode trunk
 speed 100
 duplex full
!
!
interface Vlan111   (Managment VLAN)
 ip address x.x.x.x 255.255.255.0
 no ip route-cache

ip default-gateway x.x.x.x

--------------

For config the SSH


ip domain-name test.net

line vty 0 4
 login
 transport input ssh

and need to generate key with command:

crypto key generate rsa 1024

--------------------------------------------------------------------------------
0
Comment
Question by:tech1guy
5 Comments
 
LVL 10

Expert Comment

by:mat1458
Comment Utility
It almost works. Without any passwords you get a message "Password required, but none set".

vtp mode transparent
vlan 111
interface GigabitEthernet0/1 (Goes to the trunk port of OLD SW)
 switchport mode trunk
 speed 100
 duplex full
interface Vlan111   (Managment VLAN)
 ip address x.x.x.x 255.255.255.0
 no ip route-cache
ip default-gateway x.x.x.x
!
hostname <yourhostname>
ip domain-name test.net
crypto key generate rsa general-keys modulus 1024

enable secret <somesecret>
line vty 0 4
 login
 transport input ssh
 password <somepassword>
0
 
LVL 14

Assisted Solution

by:Otto_N
Otto_N earned 100 total points
Comment Utility
As far as I know, SSH requires both a username and a password, so include something like

username cisco password <somepassword>

You8 should then be able to SSH to the device using the "cisco" username.
0
 
LVL 4

Accepted Solution

by:
dcj21 earned 400 total points
Comment Utility
Here's Cisco web page on setting up SSH
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

After adding the IP address info, The minimum for ssh is to use

aaa-new model                 < ---- Use this or add "login local" under the VTYs
username cisco password 0 cisco
ip domain-name test.example.com
crypto key generate rsa


The Cisco page says the "transport input ssh" is not needed unless you want to only allow ssh.
0
 

Author Comment

by:tech1guy
Comment Utility
Thanks for your reply guys, but in the network we are using TACACS server to auth. My question if I attach the switch to the network with no config and then add the upper part (with no username/password), would I be able to ssh to the sw with with credentials on the TACACS server?
0
 
LVL 4

Assisted Solution

by:dcj21
dcj21 earned 400 total points
Comment Utility
No - you have to add the TACACS server information

You should still have a local username in case access to the TACACS server is down.


You should add the following to the above:

aaa authentication login default tacacs+ local
tacacs-server host 10.6.101.101   <-- Change to your server's IP addr
tacacs-server key cisco    <-- must match your server's key or password
line con 0
login authentication default
line vty 0 4
login authentication default
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now