Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1333
Views
5
Helpful
4
Replies

Enabling ssh with a startup config on C2960 and C3560CG Switches

renemerki1
Level 1
Level 1

‎02-18-2016 12:04 AM - edited ‎03-08-2019 04:37 AM

Hello,

Im am currently testing the new features of IOS 150-2.SE5 with SmartInstall

Is there a way to bring the IP SSH Key in the backup-config that after restoring the SSH Key is in the Switch ?

I've seen a "kron" in a forum but it was not working for my System: 

kron occurrence crypto_key in 2 oneshot
policy-list crypto_key
!
kron policy-list crypto_key
cli event manager run crypto_key
!
event manager applet crypto_key
event none sync yes
action 1 cli command "enable"
action 2 cli command "config t"
action 3 cli command "crypto key generate rsa modulus 2048"
action 4 cli command "exit"
action 5 cli command "write mem"
action 6 cli command "end"
!

I've tried without action.... nothing worked for me.

Box I want to store/restore

WS-C2960CG-8TC-L -> c2960c405ex-universalk9-mz.150-2.SE5

WS-C3560CG-8PC-S -> c3560c405ex-universalk9-mz.150-2.SE5

many thanks for your help

kind regards

René

Labels:
0 Helpful
4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-18-2016 12:14 AM

Just put the command "crypto key generate rsa modulus 2048" into the configuration template and it should be fine.  

This is how I've done my SmartInstall.

0 Helpful

renemerki1
Level 1
Level 1
In response to Leo Laohoo

‎02-18-2016 12:23 AM

Hi leo

i am not using a config template, it is the file from backup. I use smart install for a replacement solution in a running network.

the switches perform an backup with a kron job every sunday night.. And if one fails the customer can replace the switch by himself and it get the own config back on the switch,.

so i will not use a config template

kind regards

 rene

0 Helpful

renemerki1
Level 1
Level 1
In response to renemerki1

‎03-18-2016 12:15 AM

Hi all,

I got now the solution from TAC:

I'm using WS-C2960CG-8TC-L andWS-C3560CG-8PC-S Switches

CONFIG: 

VSTACK-DIRECTOR
conf t
no vstack script flash:post_install.txt
!
vstack group custom NR32 connectivity
no script flash:post_install.txt
--> Be sure you've deleted all pre-installed txt files.
!
tclsh
puts [open "flash:GENERATE_RSA_KEYS.tcl" w+] {
ios_config "crypto key generate rsa modulus 2048 general-keys"
}
tclquit
!
VS-Director#show flash: | i tcl
61 65 Mar 09 2016 06:05:06.0000000000 +00:00 GENERATE_RSA_KEYS.tcl
conf t
tftp-server flash:GENERATE_RSA_KEYS.tcl
end
no scripting tcl init flash:config.text
!


CLIENT
!
kron policy-list EXECUTE_SCRIPT
cli tclsh tftp://10.162.78.26/GENERATE_RSA_KEYS.tcl
!
kron occurrence UPON_BOOTUP in 00:01 oneshot
policy-list EXECUTE_SCRIPT
!
no scripting tcl init flash:config.text
GOE-AC-nr32-1#show crypto key mypubkey rsa
% Key pair was generated at: 03:29:32 MEST Mar 30 2011
Key name: GOE-AC-nr32-1.novelis.biz
Key type: RSA KEYS
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
9F020301 0001
% Key pair was generated at: 03:29:35 MEST Mar 30 2011
Key name: GOE-AC-nr32-1.novelis.biz.server
Key type: RSA KEYS
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00A8E571 F2146ADB

!

It was working perfect.

kind regards

René

Glenn Martin
Cisco Employee
Cisco Employee

‎02-19-2016 05:35 PM

Moving post to the appropriate forum. for faster response, please ensure you create the post in the correct forum.

Thanks

Glenn

SMB Community Manager

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card