Solved: C3750G-24PS-S to upgrade or not to IOS v15

phillh1974 · ‎08-24-2020

Hi All.

After setting up a 3750G for SSH access I've been getting the below warning.

"the first key-exchange algorithm supported by the server is deffie-helman-group1-sha1 which is below the configured warning threshold..."

I upgraded to the recommended IOS of 12.2(55)SE12 which is documented for WS-C3750-24PS V02 so that I could run SSH Version 2, I still get the above warning.

After a little research it seems that I should be running the latest IOS of 15.0(2)SE11.

My switch is a WS-C3750G-24PS-S V05 with 32Mb flash, should I consider upgrading to v15.0? I can't find the Cisco literature for this exact model to confirm the required flash memory requirements for IOS v15.0.

Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE12, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Thu 28-Sep-17 02:29 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02D00000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Mario uptime is 1 day, 0 minutes
System returned to ROM by power-on
System image file is "flash:c3750-ipbasek9-mz.122-55.SE12.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3750G-24PS (PowerPC405) processor (revision F0) with 131072K bytes of memory.
Processor board ID FOC1301Z0RJ
Last reset from power-on
3 Virtual Ethernet interfaces
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:24:98:00:E7:00
Motherboard assembly number     : 73-10217-07
Power supply part number        : 341-0108-03
Motherboard serial number       : FOC12527HS8
Power supply serial number      : AZS123017UW
Model revision number           : F0
Motherboard revision number     : C0
Model number                    : WS-C3750G-24PS-S
System serial number            : FOC1301Z0RJ
Top Assembly Part Number        : 800-26855-01
Top Assembly Revision Number    : E0
Version ID                      : V05
CLEI Code Number                : CNMWR00ARC
Hardware Board Revision Number  : 0x09


Switch Ports Model              SW Version            SW Image                 
------ ----- -----              ----------            ----------               
*    1 28    WS-C3750G-24PS     12.2(55)SE12          C3750-IPBASEK9-M         


Configuration register is 0xF
 --More--         
Mario#dir
Directory of flash:/

    2  -rwx         736   Mar 1 1993 00:03:30 +00:00  vlan.dat
    4  -rwx    12111413   Mar 2 1993 00:28:39 +00:00  c3750-ipbasek9-mz.122-55.SE12.bin
    5  -rwx        2072   Mar 1 1993 03:29:59 +00:00  multiple-fs
    6  -rwx        1928   Mar 1 1993 03:29:59 +00:00  private-config.text
    7  -rwx        3844   Mar 1 1993 03:29:59 +00:00  config.text

32514048 bytes total (20391424 bytes free)
Mario#sh ssh
%No SSHv1 server connections running.
Connection Version Mode Encryption  Hmac State               Username
0          2.0     IN   aes256-cbc  hmac-sha1    Session started       admin
0          2.0     OUT  aes256-cbc  hmac-sha1    Session started       admin
Mario#

Thanks for any advise.

Phill

balaji.bandi · ‎08-24-2020

I would suggest reading the release notes of 15.X carefully, all the models of 3750 are not supported.

Note Not all Catalyst 3750 and 3560 switches can run this release. These models are not supported in Cisco IOS Release 12.2(58)SE1 and later: WS-C3560-24TS, WS-C3560-24PS. WS-C3560-48PS, WS-C3560-48TS, WS-C3750-24PS, WS-C3750-24TS, WS-C3750-48PS, WS-C3750-48TS, WS-3750G-24T, WS-C3750G-12S, WS-C3750G-24TS, WS-C3750G-16TD. For ongoing maintenance rebuilds for these models, use Cisco IOS Release 12.2(55)SE and later (SE1, SE2, and so on).

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/release/notes/OL25301.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Reza Sharifi · ‎08-24-2020

Hi Phill,

Unfortunately, the 3750 series switches are very old. They have been EOL/EOS for a long time now and Cisco does not provide any software releases for this platform anymore. The latest IOS on Cisco site is "c3750-ipbasek9-mz.122-55.SE12.bin" that goes back to 2017 and that is what you already have installed.

HTH

Joseph W. Doherty · ‎08-24-2020

If you can "see" https://software.cisco.com/download/home/282526572/type/280805680/release/15.0.2-SE11, it lists all variants needing 128 MB RAM and 32 MB flash. (I recall all 3750G models come with 32 MB flash.)

PS:

BTW, jumping from 12.2(55), likely a ROM flash upgrade will be included. If there is, expect installation to take much longer.

balaji.bandi · ‎08-24-2020

I would suggest reading the release notes of 15.X carefully, all the models of 3750 are not supported.

Note Not all Catalyst 3750 and 3560 switches can run this release. These models are not supported in Cisco IOS Release 12.2(58)SE1 and later: WS-C3560-24TS, WS-C3560-24PS. WS-C3560-48PS, WS-C3560-48TS, WS-C3750-24PS, WS-C3750-24TS, WS-C3750-48PS, WS-C3750-48TS, WS-3750G-24T, WS-C3750G-12S, WS-C3750G-24TS, WS-C3750G-16TD. For ongoing maintenance rebuilds for these models, use Cisco IOS Release 12.2(55)SE and later (SE1, SE2, and so on).

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/release/notes/OL25301.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty · ‎08-25-2020

Balaji makes a great suggestion, i.e. read release notes!

My earlier posting may have implied any 32 flash 3750 would run this release, but I only answered the OP question about flash requirements for v15.x

From what Balaji has posted, it appears the WS-C3750-24PS, your switch (?) isn't supported.

Considering (I believe), the older 3750s are past support, one interesting question would be, whether even if your 3750 is on the release note's not supported list, whether it means the IOS will not run at all, run with known problems, or just Cisco didn't want to support the older 3750s on v15.x. I.e. you might consider trying the 15.x release on your 3750, but besides the possibility of it not booting it, or having issues running it, don't overlook the possibility you might turn 3750 into boat anchor.

phillh1974 · ‎08-25-2020

Hi guys.

Thank you for your replies, apologies for late response.

A boat anchor is not what I'm looking for 😁

The thing that spooked me most, should the boot loader also update I would have no regression path.

Although the C3750G-24PS-S isn't specifically listed the TS-S is, as much as I would like to familiarise myself with the v15 command set it's too risky, I'll stick with the recommended v12.

Thanks again guys for your advise

Phill