cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
933
Views
15
Helpful
5
Replies

WS-C3560-24PS | crypto isakmp command missing | C3560-ADVIPSERVICESK9-M

Wan_Whisperer
Level 1
Level 1

Bought a WS-C3560-24PS from Ebay and uploaded c3560-advipservicesk9-mz.122-46.SE.bin but I am missing the command "crypot isakmp"  

 

I feel like the installed ISO supports crypto, If not what IOS does? 

 

Verizon(config)#crypto isakmp policy 1
^
% Invalid input detected at '^' marker.

 

 

Verizon(config)#crypto ?
ca Certification authority
engine Crypto Engine Config Menu
key Long term key operations
pki Public Key components

 

 

Verizon(config)#do sho ver
Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 21-Aug-08 15:26 by nachen
Image text-base: 0x00003000, data-base: 0x01A00000

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)

Verizon uptime is 13 minutes
System returned to ROM by power-on
System image file is "flash:/c3560-advipservicesk9-mz.122-46.SE.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3560-24PS (PowerPC405) processor (revision P0) with 122880K/8184K bytes of memory.
Processor board ID CAT1049NJBF
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:1A:6D:B4:2E:00
Motherboard assembly number : 73-9673-09
Power supply part number : 341-0029-05
Motherboard serial number : CAT104958KM
Power supply serial number : DTH1046C4QJ
Model revision number : P0
Motherboard revision number : A0
Model number : WS-C3560-24PS-S
System serial number : CAT1049NJBF
Top Assembly Part Number : 800-25861-04
Top Assembly Revision Number : B0
Version ID : V06
CLEI Code Number : COM1X00ARC
Hardware Board Revision Number : 0x01


Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C3560-24PS 12.2(46)SE C3560-ADVIPSERVICESK9-M


Configuration register is 0xF

 

Thanks in advance,

Wan Whisperer

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @Wan_Whisperer ,

this is expected you can configure IPSec tunnels on routers not on switches like Cat 3560

 

The Cat3560 has no dedicated hardware for encryption / decryption so it should do it on SW on main CPU.

For this reason these features are not supported.

 

Look for an ISR router with an appropriate security image and license.

 

Hope to help

Giuseppe

 

View solution in original post

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @Wan_Whisperer ,

this is expected you can configure IPSec tunnels on routers not on switches like Cat 3560

 

The Cat3560 has no dedicated hardware for encryption / decryption so it should do it on SW on main CPU.

For this reason these features are not supported.

 

Look for an ISR router with an appropriate security image and license.

 

Hope to help

Giuseppe

 

Can you recommend a cheap ebay router that will support this?

 

This should work correct?   Cisco 2851 ISR Router

 

I am only using this for my lab.

 

 

thanks!

Wan Whisperer 

Hello @Wan_Whisperer ,

 

>> Cisco 2851 ISR Router

it should be fine

 

Hope to help

Giuseppe

 

As far as platform goes the 2851 should be fine. Be sure that the software it is running has support for IPSEC. Some of the images such as IPBASE do not support IPSEC.

HTH

Rick

Hello,

 

on a side note, I think the encrytpion on this switch is for SSH only. The command 'crypto key generate' is probably supported ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco