Hello,
Im am currently testing the new features of IOS 12.2 55 SE1 called "Smart Install".
I got it working even though it still has many issues but that's probably because it is a very new functionality.
Anyways, we are using it currently in a lab-environment to test the "zero-touch" replacement of defective Switches. In that case the Director of the SI Network knows what config the defective Switch has saved last.
It then uses that exact config to deploy to the replaced switch as a startup config.
For Security Reasons we have the command "transport input ssh" on all lines enabled. (Makes sense if you want to shut out telnet).
Now, when the new Switch receives the IOS Update (which is also delievered in Smart Install) and therefore reboots, it now uses our startup config.
With the above mentioned command "transport input ssh" on the lines, we have no way of connecting to the newly replaced switch.
"Crypto keys cannot be generated on startup" is the message I see on the Serial-Console output.
Has anyone got an idea how we could work around this?
Is there a way to tell a switch he has to generate an rsa certificate to enable ssh without "touching" it?
I know that with the command "transport input all" this issue would not be an issue, but that is not an option for a possible productive Release. Since we are using a config of a switch that was running productively, the running config cannot allow telnet to be used..
I have asked Google, used this forum's search functionality and found nothing. I am absolutely sure though, that this is an issue many Cisco Users have to work with, so I was suprised not to find anything.
Details of our lab:
Director Switch: C3560 with IOS 12.2 55 SE1
Client Switch (to be replaced): C2960 IOS 12.2 55 SE1
Both have the crypto-image installed.
