Showing results for 
Search instead for 
Did you mean: 

Change cipher in switch


Hi We have switch CISCO2921/K9. I am going to add commands as below. but do not know why it cannot be added into. Is this switch version issue or something else? There is " ^ " error under client and server when adding the command Thank you

ip ssh client algorithm encryption aes256-ctr aes192-ctr aes128-ctr
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

8 Replies 8

do you config RSA key and domain ?

double check these steps



where is the '^' error ? What do you get after:

Router(config)#ip ssh client algorithm encryption ?


Thanks for your reply. Please see the below


and i also added command " crypto key generate rsa" and domain already exists


ip ssh <<- this first 
ip ssh client algorithm
ip ssh server algorithm 


a1(config)#ip ssh
% Incomplete command.

a1(config)#ip ssh client
a1(config)#ip ssh client ?
% Unrecognized command

Is this what you mean? thanks


"""If your SSH configuration commands are rejected as illegal commands, you have not successfully generated an RSA key pair for your router. Make sure that you have specified a hostname and domain. Then use the crypto key generate rsacommand to generate an RSA key pair and enable the SSH server."""


can you post the output of:

sh ver

sh run


I can post version, but not running. and i will check ssh again. thanks

config)#do show ver
NJ4050V2911A01(config)#do show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2)
Technical Support:
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 20-Jun-13 13:06 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

NJ4050V2911A01 uptime is 16 weeks, 5 days, 10 hours, 54 minutes
System returned to ROM by power-on
System restarted at 06:06:24 UTC Sun Apr 3 2022
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: power-on

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to

Cisco CISCO2921/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FTX
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

Device# PID SN
*0 CISCO2921/K9 F

Technology Package License Information for Module:'c2900'

Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc None None None
data None None None

Configuration register is 0x2102

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: