Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
841
Views
4
Helpful
11
Replies

c9300 ssh problem

Go to solution
rajaram855
Level 1
Level 1

‎11-04-2024 10:00 PM

Hi,

I have recently recovered my cisco c9300 username and password. 

after the recovery i can't login to the ssh of the siwtch. 

below configuration on the switch

line con 0
exec-timeout 15 0
password 123456
login local
stopbits 1
line vty 0 4
password 12345
login local
transport input ssh
line vty 5 31
login
transport input ssh
!

rajaram855_0-1730786376199.png

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Torbjørn
VIP
VIP
In response to rajaram855

‎11-05-2024 03:02 AM

Then you just specify a local one, it does not need to be registered in public DNS. I usually use "lab.local" in my lab setup.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

View solution in original post

Go to solution
Flavio Miranda
VIP
VIP
In response to rajaram855

‎11-05-2024 03:16 AM - edited ‎11-05-2024 03:17 AM

Use a fake domain that will be fine.

ip domain-name mycompany.local

Configure this line also

aaa authentication login default local

 aaa authorization exec local

  aaa authorization network local

View solution in original post

11 Replies 11

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎11-04-2024 11:20 PM

 

  - You will need other configuring actions too , to get SSH going : https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-8/configuration_guide/sec/b_168_sec_9300_cg/configuring_secure_shell__ssh.pdf

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
rajaram855
Level 1
Level 1
In response to marce1000

‎11-05-2024 02:29 AM

i understand the ssh configuration but i need to know what exacty to do. to access ssh for that switch.

Current configuration : 13620 bytes
!
! Last configuration change at 04:39:02 UTC Tue Nov 5 2024 by admin
!
version 17.6
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform punt-keepalive disable-kernel-core
!
hostname CoreSW
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable password cisco
 
!
no aaa new-model
 
switch 1 provision c9300-24t
switch 2 provision c9300-24t
!
!
!
!
!
!
!
!
 
login on-success log
!
!
!
!
!
!
   
  
   
  
 
 
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!
crypto pki trustpoint TP-self-signed-2537218682
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2537218682
 revocation-check none
 rsakeypair TP-self-signed-2537218682
!
!
  
   
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
   
 
 
 
  
 
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
  D697DF7F 28
        quit
crypto pki certificate chain TP-self-signed-2537218682
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32353337 32313836 3832301E 170D3232 31323133 30353236
  30325A17 0D333231 32313230 35323630 325A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35333732
  31383638 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
  0A028201 0100EDF2 5ACFF39D 501BA5DD DBF2F937 7F83CE39 F6ED6777 48A5F6F4
  E0D9D782 AA9EA2FD E0F076EB E984DE13 3AA82C98 C5B247D9 1A6F1C3A C306995E
  4CC37AB5 C0EBA69D F8684D23 B2A68A03 C48AC8CF E5298FD8 7077D62E 10242BB3
  1F1FD605 35566C9D 64F997D4 F22133DC 92280E81 B78C883A A81BE9F4 81C1F455
  CE102F68 9CAD2B08 B2D86C84 A9F427E0 20D48EBC 80313647 ACDB6141 D0CFC052
  B36F2365 C0C2A6D4 3FB56793 EC5D6392 CD75D424 F422380C 0B692F6C C4063689
  9D0C0A26 85D62E8E 23E9D4BD A27274F1 B4D5066D 79297D8B A872DE61 976C64A4
  78991428 FFB2F436 C48C8791 22063479 EAFA829F 8F650A84 40938F89 3706A3D1
  2BEBA064 F7BB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
  301F0603 551D2304 18301680 14CCAD32 C61857F8 2C24DC03 F268C011 60BDE88D
  73301D06 03551D0E 04160414 CCAD32C6 1857F82C 24DC03F2 68C01160 BDE88D73
  300D0609 2A864886 F70D0101 05050003 82010100 B46DB015 42DCB3D9 3AD29A3D
  E8E3F725 46529BB7 01FF9F3B 83CE4C21 22EE1AB9 8EDABC66 82B70912 AD1C819F
  2C379232 30B59170 F2D0D86F 51233814 2E06F114 C71C4EAD 9D78DE48 336D9240
  5CCEAF9E 2056A0B7 0AE0726D CC0438C5 C6E71C27 B90EE0CA 7929A49D B0E27F69
  83F9645A 1C933F13 370AD611 C9CCA85D 146129D4 797144BA C6A892EB F7CB2CED
  A32644FA 6909485F FD910D94 BA9D808E 0B303CF9 7ED2A207 48833194 C8CF9164
  2263CE8F E71DAD4B BFEBD3F5 390752CF 86CC288A 06A93220 3485003A 933118C0
  1333EC40 5E3E714F D6CC1CB5 C47D3B8C FABBCFBB 53AE7BC2 8FC80395 B2B6A057
  9B788F00 98CB0639 F61A3EDB 6D6CF90D 0499911E
        quit
!
license boot level network-essentials addon dna-essentials
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
memory free low-watermark processor 132227
!
username admin password 0 admin
!
redundancy
 mode sso
!
!
!
!
!
!
transceiver type all
 monitoring
no cdp run
!
!
class-map match-any system-cpp-police-ewlc-control
  description EWLC Control
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any system-cpp-default
  description EWLC Data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
  description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
  description High Rate Applications
class-map match-any system-cpp-police-multicast
  description MCAST Data
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual OOB
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
  description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
  description DHCP snooping
class-map match-any system-cpp-police-ios-routing
  description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
  description System Critical and Gold Pkt
class-map match-any system-cpp-police-ios-feature
  description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 switchport mode trunk
!
interface Port-channel2
 switchport mode trunk
!
interface Port-channel3
 switchport mode trunk
!
interface Port-channel4
 switchport mode trunk
!
interface Port-channel5
 switchport mode trunk
!
interface Port-channel6
 switchport mode trunk
!
interface Port-channel7
 switchport mode trunk
!
interface Port-channel8
 switchport mode trunk
!
interface Port-channel9
 switchport mode trunk
!
interface Port-channel10
 switchport mode trunk
!
interface Port-channel11
 switchport mode trunk
!
interface Port-channel12
 switchport mode trunk
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet1/0/1
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/2
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/3
 shutdown
   
!
interface GigabitEthernet1/0/4
 switchport mode trunk
 channel-group 11 mode active
!
interface GigabitEthernet1/0/5
 switchport mode trunk
 channel-group 12 mode active
!
interface GigabitEthernet1/0/6
 shutdown
   
!
interface GigabitEthernet1/0/7
 shutdown
   
!
interface GigabitEthernet1/0/8
 shutdown
   
!
interface GigabitEthernet1/0/9
 shutdown
   
!
interface GigabitEthernet1/0/10
 shutdown
   
!
interface GigabitEthernet1/0/11
 shutdown
   
!
interface GigabitEthernet1/0/12
 shutdown
   
!
interface GigabitEthernet1/0/13
 shutdown
   
!
interface GigabitEthernet1/0/14
 shutdown
   
!
interface GigabitEthernet1/0/15
 shutdown
   
!
interface GigabitEthernet1/0/16
 shutdown
   
!
interface GigabitEthernet1/0/17
 shutdown
   
!
interface GigabitEthernet1/0/18
 shutdown
   
!
interface GigabitEthernet1/0/19
 shutdown
   
!
interface GigabitEthernet1/0/20
 shutdown
   
!
interface GigabitEthernet1/0/21
 shutdown
   
!
interface GigabitEthernet1/0/22
 shutdown
   
!
interface GigabitEthernet1/0/23
 switchport access vlan 60
 switchport mode access
!
interface GigabitEthernet1/0/24
 switchport access vlan 60
 switchport mode access
!
 interface GigabitEthernet1/1/1
 shutdown
!
interface GigabitEthernet1/1/2
 shutdown
!
interface GigabitEthernet1/1/3
 shutdown
!
interface GigabitEthernet1/1/4
 shutdown
!
interface TenGigabitEthernet1/1/1
 switchport mode trunk
 channel-group 1 mode active
!
interface TenGigabitEthernet1/1/2
 switchport mode trunk
 channel-group 2 mode active
!
interface TenGigabitEthernet1/1/3
 switchport mode trunk
 channel-group 3 mode active
!
interface TenGigabitEthernet1/1/4
 switchport mode trunk
 channel-group 4 mode active
!
interface TenGigabitEthernet1/1/5
 switchport mode trunk
 channel-group 6 mode active
!
interface TenGigabitEthernet1/1/6
 switchport mode trunk
 channel-group 7 mode active
!
interface TenGigabitEthernet1/1/7
 switchport mode trunk
 channel-group 8 mode active
!
interface TenGigabitEthernet1/1/8
 switchport mode trunk
 channel-group 9 mode active
!
interface FortyGigabitEthernet1/1/1
 shutdown
!
interface FortyGigabitEthernet1/1/2
 shutdown
!
interface TwentyFiveGigE1/1/1
 shutdown
!
interface TwentyFiveGigE1/1/2
 shutdown
!
interface AppGigabitEthernet1/0/1
!
interface GigabitEthernet2/0/1
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet2/0/2
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet2/0/3
 shutdown
   
!
interface GigabitEthernet2/0/4
 switchport mode trunk
 channel-group 11 mode active
!
interface GigabitEthernet2/0/5
 switchport mode trunk
 channel-group 12 mode active
!
interface GigabitEthernet2/0/6
 shutdown
   
!
interface GigabitEthernet2/0/7
 shutdown
   
!
interface GigabitEthernet2/0/8
 shutdown
   
!
interface GigabitEthernet2/0/9
 shutdown
   
!
interface GigabitEthernet2/0/10
 shutdown
   
!
interface GigabitEthernet2/0/11
 shutdown
   
!
interface GigabitEthernet2/0/12
 shutdown
   
!
interface GigabitEthernet2/0/13
 shutdown
   
!
interface GigabitEthernet2/0/14
 shutdown
   
!
interface GigabitEthernet2/0/15
 shutdown
   
!
interface GigabitEthernet2/0/16
 shutdown
   
!
interface GigabitEthernet2/0/17
 shutdown
   
!
interface GigabitEthernet2/0/18
 shutdown
   
!
interface GigabitEthernet2/0/19
 shutdown
   
!
interface GigabitEthernet2/0/20
 shutdown
   
!
interface GigabitEthernet2/0/21
 shutdown
   
!
interface GigabitEthernet2/0/22
 shutdown
   
!
interface GigabitEthernet2/0/23
 switchport access vlan 60
 switchport mode access
!
interface GigabitEthernet2/0/24
 switchport access vlan 60
  
  switchport mode access
!
interface GigabitEthernet2/1/1
 shutdown
!
interface GigabitEthernet2/1/2
 shutdown
!
interface GigabitEthernet2/1/3
 shutdown
!
interface GigabitEthernet2/1/4
 shutdown
!
interface TenGigabitEthernet2/1/1
 switchport mode trunk
 channel-group 1 mode active
!
interface TenGigabitEthernet2/1/2
 switchport mode trunk
 channel-group 2 mode active
!
interface TenGigabitEthernet2/1/3
 switchport mode trunk
 channel-group 3 mode active
!
interface TenGigabitEthernet2/1/4
 switchport mode trunk
 channel-group 5 mode active
!
interface TenGigabitEthernet2/1/5
 switchport mode trunk
 channel-group 6 mode active
!
interface TenGigabitEthernet2/1/6
 switchport mode trunk
 channel-group 7 mode active
!
interface TenGigabitEthernet2/1/7
 switchport mode trunk
 channel-group 8 mode active
!
interface TenGigabitEthernet2/1/8
 switchport mode trunk
 channel-group 9 mode active
!
interface FortyGigabitEthernet2/1/1
 shutdown
!
interface FortyGigabitEthernet2/1/2
 shutdown
!
interface TwentyFiveGigE2/1/1
 shutdown
!
interface TwentyFiveGigE2/1/2
 shutdown
!
interface AppGigabitEthernet2/0/1
!
interface Vlan1
 no ip address
 
!
interface Vlan10
 
 ip address 10.xxx.xx.xx 255.255.255.0
!
ip default-gateway 10.xxx.xx.x
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip dns server
ip ssh version 2
!
!
!
!
control-plane
 service-policy input system-cpp-policy
!
!
line con 0
 exec-timeout 15 0
 password 12345
 login local
 stopbits 1
line vty 0 4
 password 12345
 login local
 transport input ssh
line vty 5 31
 login
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
!
!
!
!
!
!
end
0 Helpful

Go to solution
Torbjørn
VIP
VIP
In response to rajaram855

‎11-05-2024 02:58 AM

You need to add "ip domain name {your domain}" to your configuration and run "crypto key gen rsa mod 4096" in global exec mode.

You also don't need to have "password" defined under the VTY. To be able to run any command you will need to specify privilege level for your user like so "username admin privilege 15 secret admin"

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

Go to solution
Flavio Miranda
VIP
VIP

‎11-05-2024 01:10 AM

@rajaram855 

 Share the switch config. Only the vty config is not enough

 

 

0 Helpful

Go to solution
rajaram855
Level 1
Level 1
In response to Flavio Miranda

‎11-05-2024 02:27 AM

 
Current configuration : 13620 bytes
!
! Last configuration change at 04:39:02 UTC Tue Nov 5 2024 by admin
!
version 17.6
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform punt-keepalive disable-kernel-core
!
hostname CoreSW
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable password cisco
 
!
no aaa new-model
 
switch 1 provision c9300-24t
switch 2 provision c9300-24t
!
!
!
!
!
!
!
!
 
login on-success log
!
!
!
!
!
!
   
  
   
  
 
 
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!
crypto pki trustpoint TP-self-signed-2537218682
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2537218682
 revocation-check none
 rsakeypair TP-self-signed-2537218682
!
!
  
   
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
   
 
 
 
  
 
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
  D697DF7F 28
        quit
crypto pki certificate chain TP-self-signed-2537218682
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32353337 32313836 3832301E 170D3232 31323133 30353236
  30325A17 0D333231 32313230 35323630 325A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35333732
  31383638 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
  0A028201 0100EDF2 5ACFF39D 501BA5DD DBF2F937 7F83CE39 F6ED6777 48A5F6F4
  E0D9D782 AA9EA2FD E0F076EB E984DE13 3AA82C98 C5B247D9 1A6F1C3A C306995E
  4CC37AB5 C0EBA69D F8684D23 B2A68A03 C48AC8CF E5298FD8 7077D62E 10242BB3
  1F1FD605 35566C9D 64F997D4 F22133DC 92280E81 B78C883A A81BE9F4 81C1F455
  CE102F68 9CAD2B08 B2D86C84 A9F427E0 20D48EBC 80313647 ACDB6141 D0CFC052
  B36F2365 C0C2A6D4 3FB56793 EC5D6392 CD75D424 F422380C 0B692F6C C4063689
  9D0C0A26 85D62E8E 23E9D4BD A27274F1 B4D5066D 79297D8B A872DE61 976C64A4
  78991428 FFB2F436 C48C8791 22063479 EAFA829F 8F650A84 40938F89 3706A3D1
  2BEBA064 F7BB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
  301F0603 551D2304 18301680 14CCAD32 C61857F8 2C24DC03 F268C011 60BDE88D
  73301D06 03551D0E 04160414 CCAD32C6 1857F82C 24DC03F2 68C01160 BDE88D73
  300D0609 2A864886 F70D0101 05050003 82010100 B46DB015 42DCB3D9 3AD29A3D
  E8E3F725 46529BB7 01FF9F3B 83CE4C21 22EE1AB9 8EDABC66 82B70912 AD1C819F
  2C379232 30B59170 F2D0D86F 51233814 2E06F114 C71C4EAD 9D78DE48 336D9240
  5CCEAF9E 2056A0B7 0AE0726D CC0438C5 C6E71C27 B90EE0CA 7929A49D B0E27F69
  83F9645A 1C933F13 370AD611 C9CCA85D 146129D4 797144BA C6A892EB F7CB2CED
  A32644FA 6909485F FD910D94 BA9D808E 0B303CF9 7ED2A207 48833194 C8CF9164
  2263CE8F E71DAD4B BFEBD3F5 390752CF 86CC288A 06A93220 3485003A 933118C0
  1333EC40 5E3E714F D6CC1CB5 C47D3B8C FABBCFBB 53AE7BC2 8FC80395 B2B6A057
  9B788F00 98CB0639 F61A3EDB 6D6CF90D 0499911E
        quit
!
license boot level network-essentials addon dna-essentials
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
memory free low-watermark processor 132227
!
username admin password 0 admin
!
redundancy
 mode sso
!
!
!
!
!
!
transceiver type all
 monitoring
no cdp run
!
!
class-map match-any system-cpp-police-ewlc-control
  description EWLC Control
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any system-cpp-default
  description EWLC Data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
  description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
  description High Rate Applications
class-map match-any system-cpp-police-multicast
  description MCAST Data
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual OOB
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
  description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
  description DHCP snooping
class-map match-any system-cpp-police-ios-routing
  description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
  description System Critical and Gold Pkt
class-map match-any system-cpp-police-ios-feature
  description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 switchport mode trunk
!
interface Port-channel2
 switchport mode trunk
!
interface Port-channel3
 switchport mode trunk
!
interface Port-channel4
 switchport mode trunk
!
interface Port-channel5
 switchport mode trunk
!
interface Port-channel6
 switchport mode trunk
!
interface Port-channel7
 switchport mode trunk
!
interface Port-channel8
 switchport mode trunk
!
interface Port-channel9
 switchport mode trunk
!
interface Port-channel10
 switchport mode trunk
!
interface Port-channel11
 switchport mode trunk
!
interface Port-channel12
 switchport mode trunk
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet1/0/1
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/2
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/3
 shutdown
   
!
interface GigabitEthernet1/0/4
 switchport mode trunk
 channel-group 11 mode active
!
interface GigabitEthernet1/0/5
 switchport mode trunk
 channel-group 12 mode active
!
interface GigabitEthernet1/0/6
 shutdown
   
!
interface GigabitEthernet1/0/7
 shutdown
   
!
interface GigabitEthernet1/0/8
 shutdown
   
!
interface GigabitEthernet1/0/9
 shutdown
   
!
interface GigabitEthernet1/0/10
 shutdown
   
!
interface GigabitEthernet1/0/11
 shutdown
   
!
interface GigabitEthernet1/0/12
 shutdown
   
!
interface GigabitEthernet1/0/13
 shutdown
   
!
interface GigabitEthernet1/0/14
 shutdown
   
!
interface GigabitEthernet1/0/15
 shutdown
   
!
interface GigabitEthernet1/0/16
 shutdown
   
!
interface GigabitEthernet1/0/17
 shutdown
   
!
interface GigabitEthernet1/0/18
 shutdown
   
!
interface GigabitEthernet1/0/19
 shutdown
   
!
interface GigabitEthernet1/0/20
 shutdown
   
!
interface GigabitEthernet1/0/21
 shutdown
   
!
interface GigabitEthernet1/0/22
 shutdown
   
!
interface GigabitEthernet1/0/23
 switchport access vlan 60
 switchport mode access
!
interface GigabitEthernet1/0/24
 switchport access vlan 60
 switchport mode access
!
 interface GigabitEthernet1/1/1
 shutdown
!
interface GigabitEthernet1/1/2
 shutdown
!
interface GigabitEthernet1/1/3
 shutdown
!
interface GigabitEthernet1/1/4
 shutdown
!
interface TenGigabitEthernet1/1/1
 switchport mode trunk
 channel-group 1 mode active
!
interface TenGigabitEthernet1/1/2
 switchport mode trunk
 channel-group 2 mode active
!
interface TenGigabitEthernet1/1/3
 switchport mode trunk
 channel-group 3 mode active
!
interface TenGigabitEthernet1/1/4
 switchport mode trunk
 channel-group 4 mode active
!
interface TenGigabitEthernet1/1/5
 switchport mode trunk
 channel-group 6 mode active
!
interface TenGigabitEthernet1/1/6
 switchport mode trunk
 channel-group 7 mode active
!
interface TenGigabitEthernet1/1/7
 switchport mode trunk
 channel-group 8 mode active
!
interface TenGigabitEthernet1/1/8
 switchport mode trunk
 channel-group 9 mode active
!
interface FortyGigabitEthernet1/1/1
 shutdown
!
interface FortyGigabitEthernet1/1/2
 shutdown
!
interface TwentyFiveGigE1/1/1
 shutdown
!
interface TwentyFiveGigE1/1/2
 shutdown
!
interface AppGigabitEthernet1/0/1
!
interface GigabitEthernet2/0/1
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet2/0/2
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet2/0/3
 shutdown
   
!
interface GigabitEthernet2/0/4
 switchport mode trunk
 channel-group 11 mode active
!
interface GigabitEthernet2/0/5
 switchport mode trunk
 channel-group 12 mode active
!
interface GigabitEthernet2/0/6
 shutdown
   
!
interface GigabitEthernet2/0/7
 shutdown
   
!
interface GigabitEthernet2/0/8
 shutdown
   
!
interface GigabitEthernet2/0/9
 shutdown
   
!
interface GigabitEthernet2/0/10
 shutdown
   
!
interface GigabitEthernet2/0/11
 shutdown
   
!
interface GigabitEthernet2/0/12
 shutdown
   
!
interface GigabitEthernet2/0/13
 shutdown
   
!
interface GigabitEthernet2/0/14
 shutdown
   
!
interface GigabitEthernet2/0/15
 shutdown
   
!
interface GigabitEthernet2/0/16
 shutdown
   
!
interface GigabitEthernet2/0/17
 shutdown
   
!
interface GigabitEthernet2/0/18
 shutdown
   
!
interface GigabitEthernet2/0/19
 shutdown
   
!
interface GigabitEthernet2/0/20
 shutdown
   
!
interface GigabitEthernet2/0/21
 shutdown
   
!
interface GigabitEthernet2/0/22
 shutdown
   
!
interface GigabitEthernet2/0/23
 switchport access vlan 60
 switchport mode access
!
interface GigabitEthernet2/0/24
 switchport access vlan 60
  
  switchport mode access
!
interface GigabitEthernet2/1/1
 shutdown
!
interface GigabitEthernet2/1/2
 shutdown
!
interface GigabitEthernet2/1/3
 shutdown
!
interface GigabitEthernet2/1/4
 shutdown
!
interface TenGigabitEthernet2/1/1
 switchport mode trunk
 channel-group 1 mode active
!
interface TenGigabitEthernet2/1/2
 switchport mode trunk
 channel-group 2 mode active
!
interface TenGigabitEthernet2/1/3
 switchport mode trunk
 channel-group 3 mode active
!
interface TenGigabitEthernet2/1/4
 switchport mode trunk
 channel-group 5 mode active
!
interface TenGigabitEthernet2/1/5
 switchport mode trunk
 channel-group 6 mode active
!
interface TenGigabitEthernet2/1/6
 switchport mode trunk
 channel-group 7 mode active
!
interface TenGigabitEthernet2/1/7
 switchport mode trunk
 channel-group 8 mode active
!
interface TenGigabitEthernet2/1/8
 switchport mode trunk
 channel-group 9 mode active
!
interface FortyGigabitEthernet2/1/1
 shutdown
!
interface FortyGigabitEthernet2/1/2
 shutdown
!
interface TwentyFiveGigE2/1/1
 shutdown
!
interface TwentyFiveGigE2/1/2
 shutdown
!
interface AppGigabitEthernet2/0/1
!
interface Vlan1
 no ip address
 
!
interface Vlan10
 
 ip address 10.xxx.xx.xx 255.255.255.0
!
ip default-gateway 10.xxx.xx.x
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip dns server
ip ssh version 2
!
!
!
!
control-plane
 service-policy input system-cpp-policy
!
!
line con 0
 exec-timeout 15 0
 password 12345
 login local
 stopbits 1
line vty 0 4
 password 12345
 login local
 transport input ssh
line vty 5 31
 login
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
!
!
!
!
!
!
end
0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to rajaram855

‎11-05-2024 02:39 AM

@rajaram855 

 You need to change this

!
no aaa new-model

!

To

!

aaa new-model

Then, run

crypto key generate rsa

Use the 2048 key size

Let me know once you done If we need anything else

0 Helpful

Go to solution
rajaram855
Level 1
Level 1
In response to Flavio Miranda

‎11-05-2024 03:00 AM

#crypto key generate rsa
% Please define a domain-name first.

#

0 Helpful

Go to solution
rajaram855
Level 1
Level 1

‎11-05-2024 03:00 AM

we don't have any domain

 

0 Helpful

Go to solution
Torbjørn
VIP
VIP
In response to rajaram855

‎11-05-2024 03:02 AM

Then you just specify a local one, it does not need to be registered in public DNS. I usually use "lab.local" in my lab setup.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

Go to solution
Flavio Miranda
VIP
VIP
In response to rajaram855

‎11-05-2024 03:16 AM - edited ‎11-05-2024 03:17 AM

Use a fake domain that will be fine.

ip domain-name mycompany.local

Configure this line also

aaa authentication login default local

 aaa authorization exec local

  aaa authorization network local

Go to solution
rajaram855
Level 1
Level 1

‎11-06-2024 08:27 PM

It's worked Thanks a lot 

0 Helpful
Customers Also Viewed These Support Documents