Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cant SSH into my new Catalyst 2960 Switch.

Hi,

I'm having trouble setting up SSH on my new Switch.

no aaa new-model

aaa authentication login default local

ip domain-name king.local

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

line vty 0 4

transport input ssh

line vty 5 15

transport input ssh

Vlan 10 : 192.168.155.1

Vlan 200 : 192.168.251.1

Vlan 300 : 192.168.252.1

I would like to be able to use Vlan 10 192.168.155.1 for SSH remote management. What am I doing wrong? Thank!

4 ACCEPTED SOLUTIONS

Accepted Solutions
Community Member

Cant SSH into my new Catalyst 2960 Switch.

If you are trying to ssh direct to your laptop you need to make sure you have run the crypto to create the cert and also configure the ip default-gateway for the ip address of your laptop.  Since the 2960's are only layer 2 the default gateway is necessary in the future if you ever want to manage this from a routed network.  The fact that sshv1 or 2 is not running makes me lean toward the fact you haven't run

crypto key gen rsa

the create a 1024 key its a little more secure

Also, make sure you create a username

username admin priv 15 pass admin

I would use priv 15 just to make sure you alleviate any issues caused from using a differnent priv level.

** If crypto doesn't work, the license you have does not allow crypto and you will be forced to use telnet**

Hall of Fame Super Gold

Cant SSH into my new Catalyst 2960 Switch.

Can you please post the output to the command "sh version".  Your could be running an IOS-level without Crypto support.

VIP Purple

Cant SSH into my new Catalyst 2960 Switch.

Hi ,

This version will also work:12.2(50)SE4.

try this.

enable secret 5 daddwedwqewqDSDS//&%
!
username xyz privilege 15 secret 5 §"$§"$R§R$RFRRF

no ip domain-lookup
ip domain-name xyzutz.com
crypto key generate rsa


ip ssh version 2


line con 0
exec-timeout 2 30
login local
line vty 0 4
login local
length 0
line vty 5 15
login local

I tried this in my switch 2960 with 122.50SE4 and it worked perfectly.

Regards

please rate if it helps.

Community Member

Re: Cant SSH into my new Catalyst 2960 Switch.

Nick,

      Excuse me if this comes off as a silly question... but can you ping 192.168.155.1? I'm looking at the config you just posted and I see default-gateway of 10.1.2.25 (your machine as you said) and I see the vlan 10 interface with 192.168.155.1, but how does the switch know how to get to 10.1.2.25, it looks to have no possible route off the 192.168.155.1 network.

I would try giving your machine an IP of something in the 192.168.155.0/24 range (call it 192.168.155.100 for giggles) then make sure the port you're plugged into on that switch is configured for vlan 10.

Switch(config)# interface Fa0/15

Switch(config-if)# switchport access vlan 10

Sorry if I'm over simplifying the problem.

13 REPLIES
Community Member

Re: Cant SSH into my new Catalyst 2960 Switch.

I have debug ip ssh enabled, and when I try and SSH to 192.168.155.1 from Putty nothing shows up in the debug.

2960-S#show ssh

%No SSHv1 server connections running.

%No SSHv2 server connections running.

Community Member

I am having the same issue..

I am having the same issue...any resolution?

Community Member

Yes, please read the "Correct

Yes, please read the "Correct Answer" posts. 

Make sure you can ping your device - My issue was related to bad IP addressing on interface, not so much SSH related. 

 

-Nick Chenault

Purple

Cant SSH into my new Catalyst 2960 Switch.

  Where are you trying to SSH from ?   Normally a 2960 is a L2 switch .  You have to have a specific level of code and routing turned on in order to  for it to route .  If L3 routing is not on this box then verify your trunk to the L3 device is setup correctly and the correct vlans are allowed across the trunk .  I believe you have to AAA new model enabled also , currently it shows "no aaa new model".

Community Member

Cant SSH into my new Catalyst 2960 Switch.

Currently this switch is not plugged into anything. I have a ethernet cord running from one of the ports to my laptop.

I enabled 'aaa new-model'. I just want to use vlan 10 for a management port. The vlan 200/300 are used for 2 diff subnets for devices that will be connected. I have tried both of the suggestions and still no luck.

2960-S#show ssh

%No SSHv1 server connections running.

%No SSHv2 server connections running.

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan10

ip address 192.168.155.1 255.255.255.0

no ip route-cache

!

interface Vlan200

ip address 192.168.251.1 255.255.255.0

no ip route-cache

!

interface Vlan300

ip address 192.168.252.1 255.255.255.0

no ip route-cache

Community Member

Cant SSH into my new Catalyst 2960 Switch.

If you are trying to ssh direct to your laptop you need to make sure you have run the crypto to create the cert and also configure the ip default-gateway for the ip address of your laptop.  Since the 2960's are only layer 2 the default gateway is necessary in the future if you ever want to manage this from a routed network.  The fact that sshv1 or 2 is not running makes me lean toward the fact you haven't run

crypto key gen rsa

the create a 1024 key its a little more secure

Also, make sure you create a username

username admin priv 15 pass admin

I would use priv 15 just to make sure you alleviate any issues caused from using a differnent priv level.

** If crypto doesn't work, the license you have does not allow crypto and you will be forced to use telnet**

Hall of Fame Super Gold

Cant SSH into my new Catalyst 2960 Switch.

Can you please post the output to the command "sh version".  Your could be running an IOS-level without Crypto support.

Purple

Cant SSH into my new Catalyst 2960 Switch.

  I believe it has to be like 12.2.55  in order to route also .

VIP Purple

Cant SSH into my new Catalyst 2960 Switch.

Hi ,

This version will also work:12.2(50)SE4.

try this.

enable secret 5 daddwedwqewqDSDS//&%
!
username xyz privilege 15 secret 5 §"$§"$R§R$RFRRF

no ip domain-lookup
ip domain-name xyzutz.com
crypto key generate rsa


ip ssh version 2


line con 0
exec-timeout 2 30
login local
line vty 0 4
login local
length 0
line vty 5 15
login local

I tried this in my switch 2960 with 122.50SE4 and it worked perfectly.

Regards

please rate if it helps.

Community Member

Re: Cant SSH into my new Catalyst 2960 Switch.

Thank you ALL for your replies, I have tried everyones suggestions and configs but still no luck. I have attached my config so everyone can see exactly what im working with. I have zeroized my Crypto key and re enabled it using 1024 (which was already 1024 before zeroized).

Currently I'm connected with an ethernet cord from FA0/15 to my Laptop. I set the default gateway of the switch to 10.1.2.25 which is my IP address of the laptop. I'm trying to SSH to 192.168.155.1 with Putty.

Community Member

Re: Cant SSH into my new Catalyst 2960 Switch.

Nick,

      Excuse me if this comes off as a silly question... but can you ping 192.168.155.1? I'm looking at the config you just posted and I see default-gateway of 10.1.2.25 (your machine as you said) and I see the vlan 10 interface with 192.168.155.1, but how does the switch know how to get to 10.1.2.25, it looks to have no possible route off the 192.168.155.1 network.

I would try giving your machine an IP of something in the 192.168.155.0/24 range (call it 192.168.155.100 for giggles) then make sure the port you're plugged into on that switch is configured for vlan 10.

Switch(config)# interface Fa0/15

Switch(config-if)# switchport access vlan 10

Sorry if I'm over simplifying the problem.

Community Member

Re: Cant SSH into my new Catalyst 2960 Switch.

SOLVED:

Went ahead and erased my config and started fresh. I believe the issue was that I didnt have the right Vlan assigned to the port I was connected to. Anyways, its working perfect now. Thanks for EVERYONES help. Have a good weekend!!!

Community Member

Re: Cant SSH into my new Catalyst 2960 Switch.

Great to here you got it working! Have a great rest of the weekend!

7500
Views
3
Helpful
13
Replies
CreatePlease to create content