Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
971
Views
0
Helpful
1
Replies

C2960X Switch Weak MAC Algorithms

test52
Level 1
Level 1

‎05-07-2024 01:07 AM

We performed vulnerability scan on our C2960X switches and found the following message:

Checks the supported MAC algorithms (client-to-server and
  server-to-client) of the remote SSH server.

  Currently weak MAC algorithms are defined as the following:
  - MD5 based algorithms

  - 96-bit based algorithms

  - none algorithm

We saw that the output of MAC Algorithms in "show ip ssh" is hmac-sha1, hmac-sha1-96.

Is there firmware versions that support hmac-sha2 for C2960X switch? If not, should we remove hmac-sha1-96 from the list of MAC algorithms by the command "ip ssh server algorithm mac hmac-sha1"? Our current firmware version is 15.0(2a)EX5, model is WS-C2960X-24TS-L.

Labels:
Preview file
82 KB
0 Helpful
1 Reply 1

DanielP211
VIP Alumni
VIP Alumni

‎05-07-2024 01:23 AM

Hello!

I would definatly upgrade to the recommended version 15.2.7E9. Your version is very old. I cheched the version 15.2.7(E7) which I have and the supported algorithms for MAC are:
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96

BR

****Kindly rate all useful posts*****
0 Helpful
Customers Also Viewed These Support Documents