08-15-2010 02:05 AM - edited 03-06-2019 12:29 PM
Hello,
I have Cisco 3560E with software version of 12.2(37) SE. I am not getting options for configuring SSH.
Please let me know what should i look at to solve the issue ?
Solved! Go to Solution.
08-15-2010 04:18 AM
Hello Pratik,
Oh, so your switch is 3560E, not the 3560 (there's a difference between those two).
Right, your current IOS is without crypto support. The latest IOS version supporting crypto operations for your switch is the 12.2(55)SE with the image name c3560e-universalk9-mz.122-55.SE.bin.
There are several ways to learn what is the current version of IOS for your device. One of them is visiting the Download Software page at http://www.cisco.com/cisco/web/download/index.html. Then proceed through the available selections to find your particular device and see the latest available IOS (or set of IOSes) for that device.
The second tool is the Cisco Feature Navigator tool available at http://cisco.com/go/fn. This tools lets you actually search among different IOSes depending on platform or required feature, or even compare two IOSes for their common and unique features.
Also you may be interested in reading the Release Notes for your switch that document changes, closed and open bugs, supported hardware and required upgrade procedures. You can find the Release Notes at http://www.cisco.com/en/US/products/ps7078/prod_release_notes_list.html.
Note that for the UNIVERSAL image, the image contains all available features that are offered for the 3560-E series, however, to unlock some of them, a license activation key will be required. It is possible that you already have the necessary features activated in which case they will remain active after an IOS upgrade. Nevertheless, I suggest reading more about the feature activation at http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_50_se/configuration/note/swactivn.html.
Best regards,
Peter
08-15-2010 02:38 AM
Hello Pratik,
I assume you are missing the crypto and ip ssh commands in your global configuration mode. That would mean that your IOS image is lacking the crypto support. Have a look at the show version output:
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(37)SE, RELEASE SOFTWARE (fc3)
Note the underlined letters in the above output. The K9 code means that your IOS image contains the crypto support. If the K9 is not shown (i.e. it says IPBASE-M or IPSERVICES-M only) then your IOS does not have the crypto feature set and you will need to upgrade it.
If you have option of upgrading your IOS, I would gladly recommend that because the 12.2(37) is quite outdated.
Best regards,
Peter
08-15-2010 03:46 AM
Hi Peter,
Thank you so much for the support.
The show version command on switch shows C3560E-Universal-M, does that mean i don't have crypto support ? can you please let me knowt the latest IOS Version for 3560 or where can i find list of IOS for 3560 and their lifespan.
Thanks and Regards,
Pratik
08-15-2010 03:57 AM
c3560-ipbasek9-mz.122-55.SE.bin is the latest release for 3560
HTH
Hitesh Vinzoda
Pls rate useful posts
10-06-2022 08:15 AM
Your link is broken
10-07-2022 10:15 PM
You are looking at a post from 12 years ago. It is not surprising that the link does not work now. Go to the software download page on the Cisco web site and look for 3560.
08-15-2010 04:18 AM
Hello Pratik,
Oh, so your switch is 3560E, not the 3560 (there's a difference between those two).
Right, your current IOS is without crypto support. The latest IOS version supporting crypto operations for your switch is the 12.2(55)SE with the image name c3560e-universalk9-mz.122-55.SE.bin.
There are several ways to learn what is the current version of IOS for your device. One of them is visiting the Download Software page at http://www.cisco.com/cisco/web/download/index.html. Then proceed through the available selections to find your particular device and see the latest available IOS (or set of IOSes) for that device.
The second tool is the Cisco Feature Navigator tool available at http://cisco.com/go/fn. This tools lets you actually search among different IOSes depending on platform or required feature, or even compare two IOSes for their common and unique features.
Also you may be interested in reading the Release Notes for your switch that document changes, closed and open bugs, supported hardware and required upgrade procedures. You can find the Release Notes at http://www.cisco.com/en/US/products/ps7078/prod_release_notes_list.html.
Note that for the UNIVERSAL image, the image contains all available features that are offered for the 3560-E series, however, to unlock some of them, a license activation key will be required. It is possible that you already have the necessary features activated in which case they will remain active after an IOS upgrade. Nevertheless, I suggest reading more about the feature activation at http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_50_se/configuration/note/swactivn.html.
Best regards,
Peter
08-15-2010 05:38 AM
Thank you peter for the well versed answer. I will do the research from my side and will go ahead for the upgrade.
Thank you once again for all the support.
10-04-2010 04:15 PM
I am having the same problem with my 3560. (NON E)
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE, RELEASE SOFTWARE (fc2)
Switch(config)#crypto key generate rsa
The name for the keys will be: #######
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 768
% Generating 768 bit RSA keys, keys will be non-exportable...[OK]
Switch(config)#ip ssh
% Incomplete command.
authentication-retries Specify number of authentication retries
dscp IP DSCP value for SSH traffic
logging Configure logging for SSH
precedence IP Precedence value for SSH traffic
source-interface Specify interface for source address in SSH connections
time-out Specify SSH time-out interval
version Specify protocol version supported
10-04-2010 08:44 PM
Hi Shaun,
From now on please open a new thread for questions.. !!
After generating key, configure number authentication retries and time-out through IP SSH command. Please note that these commands are not mandatory.
Next step is to allows SSH on your VTY. Give the command on your VTY line "transport input all". Once you are sure that SSH is working properly remove command with "no transport input all" and give "transport input SSH" so it will block the telnet...!!
Regards,
Pratik Mavani
12-18-2017 06:17 AM
For me its showing SSH enable version 2
And every configuration done but SSH not happening from server side please give me any solution for this kind of issue
01-07-2011 10:57 AM
Post a show version and explain what commands you are using to try and configure SSH . The show version has to show a imagename with a k9 in the middle of it .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide