09-04-2013 02:31 AM - edited 03-07-2019 03:17 PM
cat4500e-universalk9.SPA.03.04.01.SG.151-2.SG1.bin installs on cisco 4500E with SUP7-E, the license level is enterservice, but can't find and use "crypto key generat rsa " to enable ssh in CLI. Who can resolve it? thinks!!!
Solved! Go to Solution.
09-04-2013 02:55 AM
Dear Yang ,
Could you please paste extract of following command from your device ?? . I suspect your switch is running on base license without K9 image .
show version
show bootflash
show bootvar
HTH
Santhosh Saravanan
09-04-2013 07:21 PM
You have both k9 (supports crypto, including ssh) and non-k9 (no ssh support) images in bootflash. Your running version is NOT the k9 version. If it was, your "show version" output would start like this:
#show ver
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
...and include the paragraph about cryptographic features:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Additionally you have config-register 0x2101 = boot into bootstrap (rommon). You would normally use 0x2102 = boot into image specified in boot variable.
09-04-2013 02:55 AM
Dear Yang ,
Could you please paste extract of following command from your device ?? . I suspect your switch is running on base license without K9 image .
show version
show bootflash
show bootvar
HTH
Santhosh Saravanan
09-04-2013 03:46 AM
Try
set crypto key rsa 1024
09-04-2013 10:08 AM
Follow this link. Do you have the AAA new model command and your passwords and or tacacs set ?
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#diagram
09-04-2013 06:25 PM
Switch#sh version
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 05-Dec-12 05:58 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2010, 2012 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: 15.0(1r)SG5
Switch uptime is 24 minutes
Uptime for this control processor is 26 minutes
System returned to ROM by reload
Running default software
Jawa Revision 7, Snowtrooper Revision 0x0.0x1C
Last reload reason: Admin reload CLI
License Information for 'WS-X45-SUP7-E'
License Level: entservices Type: Evaluation
Next reboot license Level: entservices
cisco WS-C4510R+E (MPC8572) processor (revision 10) with 2097152K/20480K bytes of memory.
Processor board ID FXS1716Q0UM
MPC8572 CPU at 1.5GHz, Supervisor 7
Last reset from Reload
1 Virtual Ethernet interface
276 Gigabit Ethernet interfaces
14 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
Configuration register is 0x2101
Directory of bootflash:/
73762 -rw- 119576292 Jul 27 2013 20:04:41 +00:00 cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin
73763 -rw- 125216116 Sep 4 2013 00:16:48 +00:00 cat4500e-universalk9.SPA.03.04.01.SG.151-2.SG1.bin
831541248 bytes total (586387456 bytes free)
Switch#sh redundancy
Redundant System Information :
------------------------------
Available system uptime = 24 minutes
Switchovers system experienced = 0
Standby failures = 0
Last switchover reason = none
Hardware Mode = Duplex
Configured Redundancy Mode = Stateful Switchover
Operating Redundancy Mode = Stateful Switchover
Maintenance Mode = Disabled
Communications = Up
Current Processor Information :
------------------------------
Active Location = slot 5
Current Software state = ACTIVE
Uptime in current state = 23 minutes
Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 05-Dec-12 05:58 by prod_r
BOOT = bootflash:cat4500e-universalk9.SPA.03.04.01.SG.151-2.SG1.bin,12;
Configuration register = 0x2101
Peer Processor Information :
------------------------------
Standby Location = slot 6
Current Software state = STANDBY HOT
Uptime in current state = 21 minutes
Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 05-Dec-12 05:58 by prod_
BOOT = bootflash:cat4500e-universalk9.SPA.03.04.01.SG.151-2.SG1.bin,12;
Configuration register = 0x2101
09-04-2013 07:21 PM
You have both k9 (supports crypto, including ssh) and non-k9 (no ssh support) images in bootflash. Your running version is NOT the k9 version. If it was, your "show version" output would start like this:
#show ver
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
...and include the paragraph about cryptographic features:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Additionally you have config-register 0x2101 = boot into bootstrap (rommon). You would normally use 0x2102 = boot into image specified in boot variable.
09-04-2013 11:12 PM
thank you very mach!!! your solution is right.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide