02-13-2006 01:05 PM - edited 03-03-2019 01:49 AM
I have a consortium of 2950, 3500XL, and 3550 switches on my campus. I want to fundamentally eliminate the ability to telnet to these devices due to inherent security risks and configure SSH.
What do I need to do to configure SSH on these respective models?? Do I need to upgrade code?
Thanks in advance
02-13-2006 01:24 PM
Check this link
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
PS: please remember to rate posts!
02-14-2006 11:00 AM
Hanky
I appreciate your response.
I had been to that link yesterday; it seems to only discuss the application of SSh to router; not switches.
I am using the software advisor,and I am only having success finding IOS versions supporting SSH for the 3550 switches, not for the 2950's or 3500XL's.
Do you have any other recommendations, or do I simply need to upgrade the switch hardware to support the proper IOS...
02-14-2006 11:17 AM
Sankar's link covers both routers and switches which run IOS. See further the link: http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a0080094314.shtml
In there, it is specifcally noted that 3500XL series does NOT support ssh.
The 2950 is supported with IOS 12.1(12c)EA1 and later.
Hope this helps. PLease rate helpful posts.
02-14-2006 11:31 AM
The link that was sent to me has this line as its first statement...
""This document gives step-by-step instructions to configure Secure Shell (SSH) Version 1 on Catalyst switches running Catalyst OS (CatOS). The version tested is cat6000-supk9.6-1-1c.bin.""
This does not help me configuring the IOS based 2950's... I have version 12.1(20)EA1a loaded on my boxes. This is later than 12.1(12.c)EA1... but you cannot perform any "crypto commands" in it...
02-14-2006 11:54 AM
Kevin,
My bad. on the link. Its the same steps you use on a router to configure SSH on a IOS based switch.
Can you paste a sh version. You may need an EI version (not SI) for enabling SSH on 2950. Check this matrix (table 1) for SSH support.
http://www.cisco.com/en/US/products/hw/switches/ps646/prod_bulletin09186a0080117169.html
Also try this link for enabling SSH on IOS. (This link is for routers, same should apply for IOS based switches)
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
Sankar.
PS: please rate all posts!
02-14-2006 11:22 AM
Download the EI or SI image with Crypto feature. Crypto enables SSH v2 on the 2950.
For ex: 12.1.22(EA6)
Image ID : c2950-i6k2l2q4-mz.12.1-22.EA6
I will check on the 3524s here soon.
HTH
Sankar
PS: please remember to rate posts!
02-14-2006 11:24 AM
Marvin is correct!
3524 does not support SSH. Cisco stopped development of software updates for this switch. and this switch is EOL. Your best bet is to upgrade the switch to a 3560 or higher.
02-14-2006 01:15 PM
Thanks to both of you for your input. I have been able to install 12.1.22 to a test 2950 and now SSH is working.
I really appreciate the time you both spent on this. I am in a shop where nobody speaks IP or Cisco. You guys are basically my Industry peers, and I am grateful!
Have a great afternoon.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide