Hi All,
We have WS-C3560X-24T-L with IOS version 15.2(1)E1. This device was subjected to vulnerability assessment.
Findings:
1.) SSH Server CBC Mode Ciphers & SSH Weak MAC Algorithms Enabled
Recommendations:
1.1.) Disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption
1.2.)Disable MD5 and 96-bit MAC algorithms.
I looked into some documentations/forums and found the commands for the recommendations
1.1) ip ssh server algorithm encryption aes256-ctr
1.2.)ip ssh server algorithm mac hmac-sha1
The problem is the commands are not supported on the IOS version (15.2(1)E1) of the 3560X.
Can you help me out if this 15.2.4E2 version can fix the issue. We are going to upgrade the FW of the box but just to be sure (because the box is in production) we want to it test on the lab environment, unfortunately we don't have a spare 3560X to be used.