cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
432
Views
0
Helpful
3
Replies

Authenticate Switch with Cisco ACS with SSH instead of Telnet

taufeeq taufeeq
Level 1
Level 1

Dear All,

 

I want to authenticate the switches in DMZ zone(Behind Firewall) against AAA server. Config used under line vty is mentioned. Unfortunately our security colleagues are asking me to use SSH instead of telnet as its not secure. Please help me with the SSH config of ACS. Am I lacking the understandability of telnet & AAA ??? please clarify my doubt. 

line con 0
 session-timeout 5
 exec-timeout 5 0
 password 7 094F471A1A0A
 login authentication noauth
 transport preferred none
line vty 0 4
 session-timeout 5
 exec-timeout 5 0
 password 7 104D000A0618
 login authentication vty
 transport preferred telnet
 transport input telnet

 

Thanks in advance,

Taufeeq.

 

3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

Hi

if its just allowing ACS use ssh instead of telnet remove telnet from vty

no transport preferred telnet
no transport input telnet

change to transport input ssh & transport preferred ssh

You will need to have ssh enabled though aswell globally on the switch

ip ssh ver 2

ip domain-name x/x

ip ssh authentication-retries 3

ip ssh timeout 60

and generate your secure keys

crypto key generate rsa ----  use 1024 for ver2

 

check with show ip ssh

Hi,

 

There is no "transport input ssh & transport preferred ssh" commands. only 

   all    All protocols 

   none  No protocols
   telnet  TCP/IP Telnet protocol

are available. I am having  (C3750-IPBASE-M), Version 12.2(35)SE5, switch. Please assist.

Thanks in Advance.

 

Hi you need a K9 image for ssh for crypto , it will need to be upgraded to support ssh

Review Cisco Networking for a $25 gift card