Cryptographic Software Image Guidelines; Setting Up The Switch To Run Ssh - Cisco Catalyst 2950 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (544 pages)
Table of Contents
Advertisement
Chapter 8
Configuring Switch-Based Authentication
Cryptographic Software Image Guidelines
These guidelines apply only to non-LRE Catalyst 2950 and 2940 switches:
The SSH feature uses a large amount of switch memory, which limits the number of VLANs, trunk ports,
and cluster members that you can configure on the switch. Before you download the cryptographic
software image, your switch configuration must meet these conditions:
•
•
Setting Up the Switch to Run SSH
Follow these steps to set up your switch to run SSH:
1.
2.
3.
4.
Beginning in privileged EXEC mode, follow these steps to configure a host name and an IP domain name
and to generate an RSA key pair. This procedure is required if you are configuring the switch as an SSH
server.
Command
Step 1
configure terminal
Step 2
hostname hostname
Step 3
ip domain-name domain_name
Step 4
crypto key generate rsa
Step 5
end
Step 6
show ip ssh
or
show ssh
Step 7
copy running-config startup-config
78-11380-12
The number of trunk ports multiplied by the number of VLANs on the switch must be less than or
equal to 128. These are examples of switch configurations that meet this condition:
If the switch has 2 trunk ports, it can have up to 64 VLANs.
–
If the switch has 32 VLANs, it can have up to 4 trunk ports.
–
If your switch is a cluster command switch, it can only support up to eight cluster members.
Download the cryptographic software image from Cisco.com. This step is required. For more
information, see the release notes for this release.
Configure a host name and IP domain name for the switch. Follow this procedure only if you are
configuring the switch as an SSH server.
Generate an RSA key pair for the switch, which automatically enables SSH. Follow this procedure
only if you are configuring the switch as an SSH server.
Configure user authentication for local or remote access. This step is required. For more
information, see the
"Configuring the Switch for Local Authentication and Authorization" section
on page
8-32.
Purpose
Enter global configuration mode.
Configure a host name for your switch.
Configure a host domain for your switch.
Enable the SSH server for local and remote authentication on the switch
and generate an RSA key pair.
We recommend that a minimum modulus size of 1024 bits.
When you generate RSA keys, you are prompted to enter a modulus
length. A longer modulus length might be more secure, but it takes longer
to generate and to use.
Return to privileged EXEC mode.
Show the version and configuration information for your SSH server.
Show the status of the SSH server on the switch.
(Optional) Save your entries in the configuration file.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
Configuring the Switch for Secure Shell
8-35
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
