Solved: Re: C4500E SSH problem

Steveosh72 · ‎07-26-2019

Running into a proble, we just purchased some 4500E switches with 2 supervisors.

I can not get SSh working to allow connection so we can SSH in to do programming.

i have given it an

IP address..

assigned the domain

aaa new model

crypto key generate rsa

added vtp (it gets all the correct vlan info )

program the vty lines.

but it times out when trying to connect.

is there something special that i have to do for the 4500e ????

Steveosh72 · ‎08-23-2019

i figured it out.

aaa new-model
!
!
aaa group server radius RADIUS_AUTH
server 172.20.253.222 auth-port 1812 acct-port 1813
!
aaa authentication login networkaccess group radius local enable
aaa authorization exec default group RADIUS_AUTH local if-authenticated
aaa authorization exec RADIUS_AUTH local if-authenticated

!
radius server RADIUS_AUTH
key 7 7DXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5C

View solution in original post

Reza Sharifi · ‎07-26-2019

Can you post the output of "sh ver"

In order to use SSH, you need an IOS with "k9" in the ios name.

example:

CAT3K_CAA-UNIVERSALK9-M

HTH

Steveosh72 · ‎07-26-2019

thank you. i will look into upgrading

Steveosh72 · ‎07-29-2019

darn.. so here is the boot image

System image file is "bootflash:cat4500es8-universalk9.SPA.03.06.03.E.152-2.E3.bin"

but i can NOT get it to allow to remote in using SSH.

any thoughts?

Mark Malone · ‎07-29-2019

Hi
please post output of -- show ip ssh
and confirm there is no acl on the VTY port when testing remote connection and also confirm the VTY port has transport input ssh under it

Steveosh72 · ‎07-29-2019

Sorry i am new to this model number

sh ssh
%No SSHv2 server connections running.
%No SSHv1 server connections running.

so here is the VTY

line vty 0 4
access-class 99 in
exec-timeout 0 0
password 7 071B24404D080D
login authentication networkaccess
length 0
transport input ssh
line vty 5 10
access-class 99 in
exec-timeout 0 0
password 7 071B24404D080D
login authentication networkaccess
length 0
transport input ssh
line vty 11 15
access-class 99 in
exec-timeout 0 0
password 7 071B24404D080D
login authentication networkaccess
length 0

Steveosh72 · ‎07-29-2019

since this is a new piece of equipmwent, i do not want it to manage all SSH to the switches that are currently on site.

I just want to be able to connect to this 4500 so my boss can start to program it

Mark Malone · ‎07-29-2019

hi so the command needed is --- show IP ssh

And the PC your trying to SSH from , is it allowed in this ACL 99 ?
---access-class 99 in

if not you wont be able to SSH to the switch , you can remove it temporarily to check but put it back on after ----

line vty 0 15
no access-class 99 in

Steveosh72 · ‎07-29-2019

hi there

yes i see in the access list 99 the ip address of my laptop thats trying to connect...

but i did remove it from line vtp 0 15 and still no luck.

i gave it a host name

so i gave it an IP address (vlan 1)

ip domain-name

I added it to vtp (got all vlans and info)

i ran crypto key generate rsa

am i missing something

Steveosh72 · ‎07-29-2019

anyone HELP please :)

Reza Sharifi · ‎07-29-2019

Hi,

Follow this document to configure SSH and verify it is configured correctly.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-7-0E/wireless/configuration-guide/b_37e_4500sup8e_cg/configuring_secure_shell__ssh_.pdf

HTH

Steveosh72 · ‎08-23-2019

i figured it out.

aaa new-model
!
!
aaa group server radius RADIUS_AUTH
server 172.20.253.222 auth-port 1812 acct-port 1813
!
aaa authentication login networkaccess group radius local enable
aaa authorization exec default group RADIUS_AUTH local if-authenticated
aaa authorization exec RADIUS_AUTH local if-authenticated

!
radius server RADIUS_AUTH
key 7 7DXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5C

Mark Malone · ‎07-30-2019

doesn't sound like your missing anything but need to see the output of the command show ip ssh to at least confirm its working right on the switch and the key is set correctly

are you seeing anything in logs regarding you trying to connect to the switch by ssh ? make sure your local pc firewall software is off too that can block outgoing ssh connections too