07-21-2015 12:17 AM - edited 03-08-2019 01:02 AM
Dear All,
I want to authenticate the switches in DMZ zone(Behind Firewall) against AAA server. Config used under line vty is mentioned. Unfortunately our security colleagues are asking me to use SSH instead of telnet as its not secure. Please help me with the SSH config of ACS. Am I lacking the understandability of telnet & AAA ??? please clarify my doubt.
line con 0
session-timeout 5
exec-timeout 5 0
password 7 094F471A1A0A
login authentication noauth
transport preferred none
line vty 0 4
session-timeout 5
exec-timeout 5 0
password 7 104D000A0618
login authentication vty
transport preferred telnet
transport input telnet
Thanks in advance,
Taufeeq.
07-21-2015 02:30 AM
Hi
if its just allowing ACS use ssh instead of telnet remove telnet from vty
no transport preferred telnet
no transport input telnet
change to transport input ssh & transport preferred ssh
You will need to have ssh enabled though aswell globally on the switch
ip ssh ver 2
ip domain-name x/x
ip ssh authentication-retries 3
ip ssh timeout 60
and generate your secure keys
crypto key generate rsa ---- use 1024 for ver2
check with show ip ssh
07-21-2015 03:37 AM
Hi,
There is no "transport input ssh & transport preferred ssh" commands. only
all All protocols
none No protocols
telnet TCP/IP Telnet protocol
are available. I am having (C3750-IPBASE-M), Version 12.2(35)SE5, switch. Please assist.
Thanks in Advance.
07-21-2015 03:47 AM
Hi you need a K9 image for ssh for crypto , it will need to be upgraded to support ssh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide