Hi Reza,

Thank you very much for your reply.

I`m not connected to the switch right now, but I know i does support the ssh capability as we have another about 20 switches of this exact model - WS-C2960X-24PS-L, which is a pretty new cisco model.

You`re mentioning that these will be generated once I configure SSH. Could you please give me step-by-step instructions? As far as I know the ssh configuration consists of "crypto key generate rsa" command, which, however doesn`t result in the "show run" output indicated in my first question.

I`m adding some (I hope helpful) parts of the "show version" command:

Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2)EX3, RELEASE SOFTWARE (fc1)

BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.0(2r)EX, RELEASE SOFTWARE (fc1)

cisco WS-C2960X-24PS-L (APM86XXX) processor (revision A0) with 524288K bytes of memory.

For SSH to work you need keys (as you mentioned already), domain name configured and hostname.

Configure that - test if SSH works and I think that you will notice self signed and generated certificate on that new switch.

BR,
Dragan

Hi Dragan,

Do you mean only following commands?:

hostname .......

ip domain-name .............

crypto key generate rsa

I know that it`s the way of how to configure ssh, however I need to get the exactly same output (different number of course) as the output I`m showing in my first email.

I`ve tried it only with these commands in GNS3 router, however didn`t get the mentioning output in sho run.

Thank you,

Radim

GNS router maybe doesn't have appropriate IOS on it...try on real hardware.

BR,

Dragan

Dragan,

I`ve just tested it on Cisco 2950 switch. To my surpise the output was there without me putting it there. However, to test it, I entered:

no crypto pki trustpoint TP-self-signed-(number) after which it was gone. When trying to put it back, i typed commands you suggested:

(hostname, ip domain-name) and crypto key generate rsa (commands for SSH to work).

But didn`t manage to get it back to my "sho run" output. What am I doing wrong? What am I missing?

Thank you a lot for the key for that,

Radim

Anybody has any idea how to get the required output in "sho run"? Please, I need to finish the setting up till the end of the week.

Thank you,

Radim

Thank you a lot Dragan,

"ip http secure-server" - that`s what i was missing. I saw this command on internet a lot when searching but didn`t thought that`d be the last piece I need. I just didn`t see the "relationship".

Thanks again,

Radim

Can you do "crypto key rsa zeroize" command also (beside removing trustpoint as you already do). Then create rsa keys again. Then try adding "ip http secure-server" - i think it will generate self signed certificate to use with https on switch.

BTW these self signed certificates are part of newer IOSes because cisco now prepare them for you for using with for ie SSH etc...

BR,

Dragan