cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3786
Views
9
Helpful
8
Replies

SSH access to Cisco Switches

Kevin Melton
Level 2
Level 2

I have a consortium of 2950, 3500XL, and 3550 switches on my campus. I want to fundamentally eliminate the ability to telnet to these devices due to inherent security risks and configure SSH.

What do I need to do to configure SSH on these respective models?? Do I need to upgrade code?

Thanks in advance

8 Replies 8

thisisshanky
Level 11
Level 11

Check this link

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

PS: please remember to rate posts!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Hanky

I appreciate your response.

I had been to that link yesterday; it seems to only discuss the application of SSh to router; not switches.

I am using the software advisor,and I am only having success finding IOS versions supporting SSH for the 3550 switches, not for the 2950's or 3500XL's.

Do you have any other recommendations, or do I simply need to upgrade the switch hardware to support the proper IOS...

Sankar's link covers both routers and switches which run IOS. See further the link: http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a0080094314.shtml

In there, it is specifcally noted that 3500XL series does NOT support ssh.

The 2950 is supported with IOS 12.1(12c)EA1 and later.

Hope this helps. PLease rate helpful posts.

The link that was sent to me has this line as its first statement...

""This document gives step-by-step instructions to configure Secure Shell (SSH) Version 1 on Catalyst switches running Catalyst OS (CatOS). The version tested is cat6000-supk9.6-1-1c.bin.""

This does not help me configuring the IOS based 2950's... I have version 12.1(20)EA1a loaded on my boxes. This is later than 12.1(12.c)EA1... but you cannot perform any "crypto commands" in it...

Kevin,

My bad. on the link. Its the same steps you use on a router to configure SSH on a IOS based switch.

Can you paste a sh version. You may need an EI version (not SI) for enabling SSH on 2950. Check this matrix (table 1) for SSH support.

http://www.cisco.com/en/US/products/hw/switches/ps646/prod_bulletin09186a0080117169.html

Also try this link for enabling SSH on IOS. (This link is for routers, same should apply for IOS based switches)

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Sankar.

PS: please rate all posts!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Download the EI or SI image with Crypto feature. Crypto enables SSH v2 on the 2950.

For ex: 12.1.22(EA6)

Image ID : c2950-i6k2l2q4-mz.12.1-22.EA6

I will check on the 3524s here soon.

HTH

Sankar

PS: please remember to rate posts!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Marvin is correct!

3524 does not support SSH. Cisco stopped development of software updates for this switch. and this switch is EOL. Your best bet is to upgrade the switch to a 3560 or higher.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Thanks to both of you for your input. I have been able to install 12.1.22 to a test 2950 and now SSH is working.

I really appreciate the time you both spent on this. I am in a shop where nobody speaks IP or Cisco. You guys are basically my Industry peers, and I am grateful!

Have a great afternoon.