Crypto Key needed for 2nd switch?

J G
J G used Ask the Experts™
on
I am going to trunk 2 cisco 2960s via cat 5.  I already copied the config from switch 1 to switch 2.  trunks and ports are setup.

My question is, the crypto key on switch 2 now looks a little different that switch 1 (since I copied I thought it should be the same?)  The first few lines are the same, but then it changes.  Is this ok?  Do I need to generate another crypto key for the second switch?  Or since the first switch already has a crypto key, do I even need another one?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Generate a new crypto key on the 2nd switch.

crypto key generate rsa modulus xxx

The crypto key is needed for you to SSH into the switch.
J G

Author

Commented:
I generated a crypto Key -512

Do I need to creak a pki trust point/certificate (like the other swtich)?
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Is the switch reporting to a certificate authority? If not, then no.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

SouljaSr.Net.Eng
Top Expert 2011

Commented:
You also would want to do at least 1024 for the crypto key
J G

Author

Commented:
I originally pasted in the crypto key from the switch I copied the config from.  When I pasted it into the config the key changed about half way thru.  can I leave this key?
SouljaSr.Net.Eng
Top Expert 2011

Commented:
No need to paste in the key. You would just generate a new key.
J G

Author

Commented:
I want to generate the pki trust point/certificate so the new switch is setup like the other swtich.  How can I do this?  Can I paste the key from the other switch (it changes about half way thru after I paste)?  Will this be adequate?
J G

Author

Commented:
How do I know if the first switch is reporting to a Certificate Authority?  If the first switch is, does the 2nd switch that is trunked to it need to report to a CA as well?
Sr.Net.Eng
Top Expert 2011
Commented:
If the PKI cert is self-signed it's not reporting to a CA. It's most likely generated from ip http secure-server command.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial