08-19-2009 10:48 AM - edited 03-06-2019 07:19 AM
Hello,
I just purchased 3 2960Gs and I am wondering I grabbed the latest IOS I could find but SSH is not working. The list of available IOS has w/o crypto and lanbase. I grabbed the right one no? I mean w/o means without right??
Sh version
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 22-Jul-09 07:03 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01200000
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
cab2sw2-2fl-2960g uptime is 41 minutes
System returned to ROM by power-on
System image file is "flash:/c2960-lanbase-mz.122-50.SE3.bin"
cisco WS-C2960G-48TC-L (PowerPC405) processor (revision E0) with 65536K bytes of memory.
Processor board ID FOC1315Z3CH
Last reset from power-on
1 Virtual Ethernet interface
48 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:24:F7:AB:CA:80
Motherboard assembly number : 73-10300-08
Power supply part number : 341-0098-02
Motherboard serial number : FOC13153A4M
Power supply serial number : DCA1314926D
Model revision number : E0
Motherboard revision number : A0
Model number : WS-C2960G-48TC-L
System serial number : FOC1315Z3CH
Top Assembly Part Number : 800-27071-03
Top Assembly Revision Number : A0
Version ID : V03
CLEI Code Number : COM4A10BRC
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 48 WS-C2960G-48TC-L 12.2(50)SE3 C2960-LANBASE-M
Solved! Go to Solution.
08-19-2009 10:50 AM
You need this image c2960-lanbasek9-mz.122-50.SE3.bin
08-19-2009 02:51 PM
c2960-lanbasek9-mz.122-50.SE3.bin has a k9 as i mentionned earlier. make sure your image filename has a k9 if you want SSH feature.
08-19-2009 10:48 AM
You grabbed an image that does NOT have crypto. You need a crypto image for SSH to work.
w/o means without.
The image filename, when it's crypto will have a k9 in it.
08-19-2009 10:50 AM
You need this image c2960-lanbasek9-mz.122-50.SE3.bin
08-19-2009 12:36 PM
OK I got the w/o image but I didnt get the k9 one.
Many thanks
08-19-2009 02:51 PM
c2960-lanbasek9-mz.122-50.SE3.bin has a k9 as i mentionned earlier. make sure your image filename has a k9 if you want SSH feature.
08-20-2009 04:33 AM
Hi again. I have the version for ssh installed on the switch but when I get into the line interfaces to try and say only ssh for connecting I dont have that choice:
transport ?
output Define which protocols to use for outgoing connections
preferred Specify the preferred protocol to use
I should see the input option there right wich I would follow by ssh.
What is up?
Here is my sh version just to be sure:
cab2sw2-2fl-2960g#sh ver
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 22-Jul-09 07:03 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01400000
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
cab2sw2-2fl-2960g uptime is 14 minutes
System returned to ROM by power-on
System image file is "flash:/c2960-lanbasek9-mz.122-50.SE3.bin"
08-20-2009 05:47 AM
That's very odd.
I found a 2960 with an older image around here and it has the 'transport input' available. This image is not even a SSH image.
(config-line)#transport ?
input Define which protocols to use when connecting to the terminal
server
output Define which protocols to use for outgoing connections
preferred Specify the preferred protocol to use
sh ver | i IOS
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)
I wonder if 12.2(50)SE3 is introducing this behavior. Can you try 12.2(44)SE6 with K9 support?
__
Edison.
08-20-2009 06:33 AM
Hi Edison,
Thanks for your post. Here is the output you asked for:
cab2sw2-2fl-2960g#sh ver | i IOS
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, REL EASE SOFTWARE (fc1)
It sure is odd.
08-20-2009 07:13 AM
c2960-lanbasek9-mz.122-25.SEE2.bin
I just tested this image and it works.
Have you configured a domain-name?
Have you created the crypto key?
cry key gen rsa gen mod 1024
You need the both of above in your config first.
08-20-2009 09:24 AM
Yes I created the keys:
cab2sw2-2fl-2960g#sh ip ssh
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 3
This is getting really wierd now....
And yes the domain name and host name were configured
08-20-2009 09:24 AM
Can't say I have ever seen that if the image is a K9 image thats loaded on any switch . So it doesn't take the transport inpuit command if you do the following?
conf t
line vty 0 15
transport input ssh
08-20-2009 09:40 AM
I got it!!
This what I did:
Recreated the keys and forced the use of version 2 and that did it ....
By default using a 1024 bit key size had me using version 1.99 of ssh
In global config mode I issued a
ip ssh version 2
command and that did it.
I now have the ability to do
transport input ssh
on my vty lines ...
Hurray!!!
08-20-2009 09:57 AM
sounds like a bug , have never had an issue using a 1024 bit key and the transport command.
08-20-2009 10:25 AM
Weird.
Transport input command was available on non-k9 images without any hostname and ssh enabled.
__
Edison.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: