Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7444
Views
5
Helpful
6
Replies

3560 12.2(50)SE SSH Feature

Go to solution
Carlos Aguinaldo
Level 1
Level 1

‎02-10-2015 04:44 PM - edited ‎03-07-2019 10:35 PM

Hi team.

I've checked the feature navigator and it says that this code supports both SSH v1 and v2 but it seems that it doesn't.

SW11(config)#do sh ver | i IOS
Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
SW11(config)#crypto ?
% Unrecognized command
SW11(config)#ip ssh ?
% Unrecognized command

Does anybody know any alternative method for enabling SSH for this specific code? I'd like to exhaust my resources first before deciding to upgrade the IOS. I'm also googling as we speak.

Thanks,

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jose Solano
Level 4
Level 4

‎02-10-2015 05:07 PM

Hi Carlos,

 

This is because the image you have is not a crypto image, it needs to say K9 right next to the feature set, see below:

 C3560E Software (C3560E-IPBASEK9-M)

c3560-ipbasek9-mz.122-50.SE5.bin

This will be a crypto image and will allow you SSH:

C3560E-24TD-S(config)#crypto ?
  call         Configure Crypto Call Admission Control
  dynamic-map  Specify a dynamic crypto map template
  engine       Enter a crypto engine configurable menu
  gdoi         Configure GDOI policy
  identity     Enter a crypto identity list
  ikev2        Configure IKEv2 Options
  ipsec        Configure IPSEC policy
  isakmp       Configure ISAKMP policy
  key          Long term key operations
  keyring      Key ring commands
  logging      logging messages
  map          Enter a crypto map
  mib          Configure Crypto-related MIB Parameters
  pki          Public Key components
  xauth        X-Auth parameters


C3560E-24TD-S(config)#ip ssh ?
  authentication-retries  Specify number of authentication retries
  break-string            break-string
  dh                      Diffie-Hellman
  dscp                    IP DSCP value for SSH traffic
  logging                 Configure logging for SSH
  maxstartups             Maximum concurrent sessions allowed
  port                    Starting (or only) Port number to listen on
  precedence              IP Precedence value for SSH traffic
  pubkey-chain            pubkey-chain
  rsa                     Configure RSA keypair name for SSH
  source-interface        Specify interface for source address in SSH
                          connections
  stricthostkeycheck      Enable SSH Server Authentication
  time-out                Specify SSH time-out interval
  version                 Specify protocol version to be supported

 

https://software.cisco.com/download/release.html?mdfid=279666159&softwareid=280805680&os=&release=12.2.55-SE9&relind=AVAILABLE&rellifecycle=&reltype=latest&i=!pp

Hope this helps.

View solution in original post

Go to solution
campbech1
Level 1
Level 1

‎02-10-2015 05:08 PM

Carlos,

If you do a "sh version" you will find you probably have the c3560-ipbase-mz.122-50.SE5.bin version and not the c3560-ipbasek9-mz.122-50.SE5.bin version. You have to have the K9 version to have crypto enabled and have SSH enabled.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jose Solano
Level 4
Level 4

‎02-10-2015 05:07 PM

Hi Carlos,

 

This is because the image you have is not a crypto image, it needs to say K9 right next to the feature set, see below:

 C3560E Software (C3560E-IPBASEK9-M)

c3560-ipbasek9-mz.122-50.SE5.bin

This will be a crypto image and will allow you SSH:

C3560E-24TD-S(config)#crypto ?
  call         Configure Crypto Call Admission Control
  dynamic-map  Specify a dynamic crypto map template
  engine       Enter a crypto engine configurable menu
  gdoi         Configure GDOI policy
  identity     Enter a crypto identity list
  ikev2        Configure IKEv2 Options
  ipsec        Configure IPSEC policy
  isakmp       Configure ISAKMP policy
  key          Long term key operations
  keyring      Key ring commands
  logging      logging messages
  map          Enter a crypto map
  mib          Configure Crypto-related MIB Parameters
  pki          Public Key components
  xauth        X-Auth parameters


C3560E-24TD-S(config)#ip ssh ?
  authentication-retries  Specify number of authentication retries
  break-string            break-string
  dh                      Diffie-Hellman
  dscp                    IP DSCP value for SSH traffic
  logging                 Configure logging for SSH
  maxstartups             Maximum concurrent sessions allowed
  port                    Starting (or only) Port number to listen on
  precedence              IP Precedence value for SSH traffic
  pubkey-chain            pubkey-chain
  rsa                     Configure RSA keypair name for SSH
  source-interface        Specify interface for source address in SSH
                          connections
  stricthostkeycheck      Enable SSH Server Authentication
  time-out                Specify SSH time-out interval
  version                 Specify protocol version to be supported

 

https://software.cisco.com/download/release.html?mdfid=279666159&softwareid=280805680&os=&release=12.2.55-SE9&relind=AVAILABLE&rellifecycle=&reltype=latest&i=!pp

Hope this helps.

Go to solution
Carlos Aguinaldo
Level 1
Level 1
In response to Jose Solano

‎02-10-2015 06:49 PM

Thanks all.

0 Helpful

Go to solution
Carlos Aguinaldo
Level 1
Level 1
In response to Jose Solano

‎02-10-2015 07:56 PM

Hi Jose and all.

 

I have another query. The same switch can't authenticate via TACACS+ though it can reach the server. Does this have something to do with the switch not being crypto-capable?

0 Helpful

Go to solution
Jose Solano
Level 4
Level 4
In response to Carlos Aguinaldo

‎02-12-2015 10:45 AM

Hi Carlos,

 

Yes, you will need a crypto image to be able to use TACACS.

 

Regards,

0 Helpful

Go to solution
jacklabou
Level 1
Level 1
In response to Jose Solano

‎08-13-2015 08:35 AM

a little late but...

not true. here's a 2960 running 12.2(50)SE lanbase-mz with tacacs.

 

Preview file
95 KB
0 Helpful

Go to solution
campbech1
Level 1
Level 1

‎02-10-2015 05:08 PM

Carlos,

If you do a "sh version" you will find you probably have the c3560-ipbase-mz.122-50.SE5.bin version and not the c3560-ipbasek9-mz.122-50.SE5.bin version. You have to have the K9 version to have crypto enabled and have SSH enabled.

0 Helpful
Customers Also Viewed These Support Documents