02-15-2021 06:16 AM
Bought a WS-C3560-24PS from Ebay and uploaded c3560-advipservicesk9-mz.122-46.SE.bin but I am missing the command "crypot isakmp"
I feel like the installed ISO supports crypto, If not what IOS does?
Verizon(config)#crypto isakmp policy 1
^
% Invalid input detected at '^' marker.
Verizon(config)#crypto ?
ca Certification authority
engine Crypto Engine Config Menu
key Long term key operations
pki Public Key components
Verizon(config)#do sho ver
Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 21-Aug-08 15:26 by nachen
Image text-base: 0x00003000, data-base: 0x01A00000
ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)
Verizon uptime is 13 minutes
System returned to ROM by power-on
System image file is "flash:/c3560-advipservicesk9-mz.122-46.SE.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco WS-C3560-24PS (PowerPC405) processor (revision P0) with 122880K/8184K bytes of memory.
Processor board ID CAT1049NJBF
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:1A:6D:B4:2E:00
Motherboard assembly number : 73-9673-09
Power supply part number : 341-0029-05
Motherboard serial number : CAT104958KM
Power supply serial number : DTH1046C4QJ
Model revision number : P0
Motherboard revision number : A0
Model number : WS-C3560-24PS-S
System serial number : CAT1049NJBF
Top Assembly Part Number : 800-25861-04
Top Assembly Revision Number : B0
Version ID : V06
CLEI Code Number : COM1X00ARC
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C3560-24PS 12.2(46)SE C3560-ADVIPSERVICESK9-M
Configuration register is 0xF
Thanks in advance,
Wan Whisperer
Solved! Go to Solution.
02-15-2021 06:34 AM
Hello @Wan_Whisperer ,
this is expected you can configure IPSec tunnels on routers not on switches like Cat 3560
The Cat3560 has no dedicated hardware for encryption / decryption so it should do it on SW on main CPU.
For this reason these features are not supported.
Look for an ISR router with an appropriate security image and license.
Hope to help
Giuseppe
02-15-2021 06:34 AM
Hello @Wan_Whisperer ,
this is expected you can configure IPSec tunnels on routers not on switches like Cat 3560
The Cat3560 has no dedicated hardware for encryption / decryption so it should do it on SW on main CPU.
For this reason these features are not supported.
Look for an ISR router with an appropriate security image and license.
Hope to help
Giuseppe
02-15-2021 06:42 AM - edited 02-15-2021 06:47 AM
Can you recommend a cheap ebay router that will support this?
This should work correct? Cisco 2851 ISR Router
I am only using this for my lab.
thanks!
Wan Whisperer
02-15-2021 08:39 AM
02-15-2021 09:04 AM
As far as platform goes the 2851 should be fine. Be sure that the software it is running has support for IPSEC. Some of the images such as IPBASE do not support IPSEC.
02-15-2021 06:42 AM
Hello,
on a side note, I think the encrytpion on this switch is for SSH only. The command 'crypto key generate' is probably supported ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide