Solved: No ssh option in cat4500

NInja Black · ‎06-14-2016

Hi,

Trying to enable SSH on Cisco 4500 switch but surprisingly I do not see SSH option anywhere. Below is the sh version output. Please assist.

Switch(config)#line vty 0 4
Switch(config-line)#tra
Switch(config-line)#transport i
Switch(config-line)#transport input ss
Switch(config-line)#transport input ss?
% Unrecognized command
Switch(config-line)#transport input ?
all All protocols
none No protocols
telnet TCP/IP Telnet protocol

Switch#
Switch#sh ver
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.06.04.E RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Fri 12-Feb-16 23:41 by prod_rel_team

Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: 15.0(1r)SG5
GSB-Switch uptime is 4 weeks, 5 days, 13 hours, 28 minutes
Uptime for this control processor is 4 weeks, 5 days, 13 hours, 30 minutes
System returned to ROM by reload
System image file is "bootflash:cat4500e-universal.SPA.03.06.04.E.152-2.E4.bin"
Jawa Revision 7, Snowtrooper Revision 0x0.0x1C

Last reload reason: Unknown Reason

License Information for 'WS-X45-SUP7-E'
License Level: ipbase Type: Permanent
Next reboot license Level: ipbase

cisco WS-C4506-E (MPC8572) processor (revision 10) with 2097152K bytes of physical memory.
Processor board ID FXS1739Q0LH
MPC8572 CPU at 1.5GHz, Supervisor 7
Last reset from Reload
8 Virtual Ethernet interfaces
408 Gigabit Ethernet interfaces
20 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102

Switch#

Mark Malone · ‎06-14-2016

Hi

you need an image with K9 in it this has no ability to do ssh ----cat4500e-universal.SPA.03.06.04.E.152-2.E4.bin"

You want something like cat4500e-universalk9.SPA.03.06.04.E.152-2.E4.tar

without K9 no crypto no ssh etc

EDIT ....cat4500e-universalk9.SPA.03.06.04.E.152-2.E4.bin

https://software.cisco.com/download/release.html?mdfid=284275053&softwareid=282046477&release=3.6.4E&flowid=37404

View solution in original post

Mark Malone · ‎06-14-2016

Hi

you need an image with K9 in it this has no ability to do ssh ----cat4500e-universal.SPA.03.06.04.E.152-2.E4.bin"

You want something like cat4500e-universalk9.SPA.03.06.04.E.152-2.E4.tar

without K9 no crypto no ssh etc

EDIT ....cat4500e-universalk9.SPA.03.06.04.E.152-2.E4.bin

https://software.cisco.com/download/release.html?mdfid=284275053&softwareid=282046477&release=3.6.4E&flowid=37404

NInja Black · ‎06-14-2016

Thanks Mark. I wasnt aware of this while upgrading the image. I did confirm with Cisco TAC about the most stable version to upgrade to but I guess I should have specificaly asked a SSH supported version.

Shouldn't all images support SSH by default?

Mark Malone · ‎06-14-2016

in short I suppose some countries are not allowed have the K9 as its U.S encryption there is a list of them , like North Korea and other nice countries :) , I presume that's why they still offer them on their website K9 free maybe there's another reason , I know back in the day not all kit supported K9 but surely I would think now everything can

The average daily Cisco user company would all be using some form of K9 for ssh or IPsec

Asurion NetworkOperations · ‎04-15-2020

Hi Mark.

I'm also experiencing the same issue.

S-01(config-line)#transport input ?
all All protocols
none No protocols
telnet TCP/IP Telnet protocol

Here's my System Image file "flash:c2960-lanbase-mz.122-25.SEE3/c2960-lanbase-mz.122-25.SEE3.bin"

is there any other solution for this aside from upgrading to k9 image file?

Thank you!