Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Not able to enable SSH on 3560

Hello,

         I have Cisco 3560E with software version of 12.2(37) SE. I am not getting options for configuring SSH.

        Please let me know what should i look at to solve the issue ?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Not able to enable SSH on 3560

Hello Pratik,

Oh, so your switch is 3560E, not the 3560 (there's a difference between those two).

Right, your current IOS is without crypto support. The latest IOS version supporting crypto operations for your switch is the 12.2(55)SE with the image name c3560e-universalk9-mz.122-55.SE.bin.

There are several ways to learn what is the current version of IOS for your device. One of them is visiting the Download Software page at http://www.cisco.com/cisco/web/download/index.html. Then proceed through the available selections to find your particular device and see the latest available IOS (or set of IOSes) for that device.

The second tool is the Cisco Feature Navigator tool available at http://cisco.com/go/fn. This tools lets you actually search among different IOSes depending on platform or required feature, or even compare two IOSes for their common and unique features.

Also you may be interested in reading the Release Notes for your switch that document changes, closed and open bugs, supported hardware and required upgrade procedures. You can find the Release Notes at http://www.cisco.com/en/US/products/ps7078/prod_release_notes_list.html.

Note that for the UNIVERSAL image, the image contains all available features that are offered for the 3560-E series, however, to unlock some of them, a license activation key will be required. It is possible that you already have the necessary features activated in which case they will remain active after an IOS upgrade. Nevertheless, I suggest reading more about the feature activation at http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_50_se/configuration/note/swactivn.html.

Best regards,

Peter

8 REPLIES
Cisco Employee

Re: Not able to enable SSH on 3560

Hello Pratik,

I assume you are missing the crypto and ip ssh commands in your global configuration mode. That would mean that your IOS image is lacking the crypto support. Have a look at the show version output:

Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(37)SE, RELEASE SOFTWARE (fc3)

Note the underlined letters in the above output. The K9 code means that your IOS image contains the crypto support. If the K9 is not shown (i.e. it says IPBASE-M or IPSERVICES-M only) then your IOS does not have the crypto feature set and you will need to upgrade it.

If you have option of upgrading your IOS, I would gladly recommend that because the 12.2(37) is quite outdated.

Best regards,

Peter

New Member

Re: Not able to enable SSH on 3560

Hi Peter,

            Thank you so much for the support.

            The show version command on switch shows C3560E-Universal-M, does that mean i don't have crypto support ? can you please let me knowt the latest IOS Version for 3560 or where can i find list of IOS for 3560 and their lifespan.

Thanks and Regards,

Pratik

Re: Not able to enable SSH on 3560

Cisco Employee

Re: Not able to enable SSH on 3560

Hello Pratik,

Oh, so your switch is 3560E, not the 3560 (there's a difference between those two).

Right, your current IOS is without crypto support. The latest IOS version supporting crypto operations for your switch is the 12.2(55)SE with the image name c3560e-universalk9-mz.122-55.SE.bin.

There are several ways to learn what is the current version of IOS for your device. One of them is visiting the Download Software page at http://www.cisco.com/cisco/web/download/index.html. Then proceed through the available selections to find your particular device and see the latest available IOS (or set of IOSes) for that device.

The second tool is the Cisco Feature Navigator tool available at http://cisco.com/go/fn. This tools lets you actually search among different IOSes depending on platform or required feature, or even compare two IOSes for their common and unique features.

Also you may be interested in reading the Release Notes for your switch that document changes, closed and open bugs, supported hardware and required upgrade procedures. You can find the Release Notes at http://www.cisco.com/en/US/products/ps7078/prod_release_notes_list.html.

Note that for the UNIVERSAL image, the image contains all available features that are offered for the 3560-E series, however, to unlock some of them, a license activation key will be required. It is possible that you already have the necessary features activated in which case they will remain active after an IOS upgrade. Nevertheless, I suggest reading more about the feature activation at http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_50_se/configuration/note/swactivn.html.

Best regards,

Peter

New Member

Re: Not able to enable SSH on 3560

Thank you peter for the well versed answer. I will do the research from my side and will go ahead for the upgrade.

Thank you once again for all the support.

noc
New Member

Re: Not able to enable SSH on 3560

I am having the same problem with my 3560. (NON E)

Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE, RELEASE SOFTWARE (fc2)

Switch(config)#crypto key generate rsa
The name for the keys will be: #######
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 768
% Generating 768 bit RSA keys, keys will be non-exportable...[OK]

Switch(config)#ip ssh
% Incomplete command.

authentication-retries  Specify number of authentication retries
  dscp                    IP DSCP value for SSH traffic
  logging                 Configure logging for SSH
  precedence              IP Precedence value for SSH traffic
  source-interface        Specify interface for source address in SSH connections
  time-out                Specify SSH time-out interval
  version                 Specify protocol version supported

New Member

Re: Not able to enable SSH on 3560

Hi Shaun,

         From now on please open a new thread for questions.. !!

         After generating key, configure number authentication retries and time-out through IP SSH command. Please note that these commands are not mandatory.

         Next step is to allows SSH on your VTY. Give the command on your VTY line "transport input all". Once you are sure that SSH is working properly remove command with "no transport input all" and give "transport input SSH" so it will block the telnet...!!

Regards,

Pratik Mavani

Purple

Re: Not able to enable SSH on 3560

   Post a show version and explain what commands you are using to try and configure SSH .    The show version has to show a imagename with a k9 in the middle of it .

27492
Views
1
Helpful
8
Replies
CreatePlease login to create content