10-01-2013 01:11 PM - edited 03-07-2019 03:47 PM
I have a WS-C4506-E that is running cat4500e-universalk9.SPA.03.03.01.SG.151-1.SG1.bin when setting up aaa I start with the follwing command
"crypto key generate rsa general-keys modulus 1024" I let this run and then I add in the rest of the aaa commands as well as Tacacs and ssh.
I have a new WS-C4500X-32 running cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin
I am not able to run any crypto commands. It does not recognize them. Is there a new or different command I need to invoke to generate the crypto key ?
Solved! Go to Solution.
10-01-2013 03:59 PM
Mike
The k9 in the filename of the image that you are running (cat4500e-universalk9.SPA.03.03.01.SG.151-1.SG1.bin) indicates that it should support generating the crypto key and enabling SSH. I have not used that version of code so I can not tell you exactly what the command would be. But I would ask if you do
crypto ?
what options does it show. If it does not show something that relates to RSA crypto key then I suggest that you use the question mark in global config mode and look for some command that relates to crypto or RSA keys.
HTH
Rick
10-01-2013 03:59 PM
Mike
The k9 in the filename of the image that you are running (cat4500e-universalk9.SPA.03.03.01.SG.151-1.SG1.bin) indicates that it should support generating the crypto key and enabling SSH. I have not used that version of code so I can not tell you exactly what the command would be. But I would ask if you do
crypto ?
what options does it show. If it does not show something that relates to RSA crypto key then I suggest that you use the question mark in global config mode and look for some command that relates to crypto or RSA keys.
HTH
Rick
10-02-2013 11:24 AM
Richard, and all others.
Thank You for your responses. It turned out that both the non K9 version and the K9 version were both in bootflash:.
The config register was set to Ox2101, so when it was reloaded it found the first IOS in Bootflash: which was the non k9 version and loaded it. I deleted the non K9 version from bootflash: and relaoded and it found the only IOS in bootflash: and loaded it. There are now crypto commands available.
10-02-2013 11:31 AM
Mike
Thanks for posting back to the forum and letting us know that you have solved the issue. It makes a lot of sense if flash contained a non k9 version as first image and a k9 version as the second image. I am glad that it is now working as you expect. Perhaps you can now mark this question as answered so that other readers will know that it is solved.
HTH
Rick
10-01-2013 04:15 PM
Can you provide a sh ver output? Are you sure this is the actual software version running on the switch? Maybe an upgrade didn't work properly and it fell back to a different version when it was rebooted?
It certainly sounds like you aren't running k9.
10-01-2013 05:55 PM
We certainly need the "show version" output.
Please check this out:
Secure Shell Version 2 Support
In case you are running IOS XE this should help you.
HTH.
10-01-2013 06:24 PM
If you cant run security commands that means you dont have the security license installed.
You can try activating the trial license.
I cant remember the exact command on top of my head. It starts with "license boot"under config global config mode. Just check using IOS CLI context help.
Please rate replies and mark question as "answered" if applicable.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide