I`m new in a company and have to set up a new switch. I decided to help myself witch "show run" output from other, already functional switches. There`s one thing (section) I`m struggling witch, the output is as this:
crypto pki trustpoint TP-self-signed-323175841
Could PLEASE anybody explain a step-by-step commands to get this output? Are these lines generated as a result of other commands entered or you gotta enter exactly those commands? And, what does the number mean? Do I get it somewhere or is it generated?
Thank you very much in advance.
These will be generated for you once you configure the switch with SSH
First lets find out if your IOS has SSH capability
can post the output of
Thank you very much for your reply.
I`m not connected to the switch right now, but I know i does support the ssh capability as we have another about 20 switches of this exact model - WS-C2960X-24PS-L, which is a pretty new cisco model.
You`re mentioning that these will be generated once I configure SSH. Could you please give me step-by-step instructions? As far as I know the ssh configuration consists of "crypto key generate rsa" command, which, however doesn`t result in the "show run" output indicated in my first question.
I`m adding some (I hope helpful) parts of the "show version" command:
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2)EX3, RELEASE SOFTWARE (fc1)
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.0(2r)EX, RELEASE SOFTWARE (fc1)
cisco WS-C2960X-24PS-L (APM86XXX) processor (revision A0) with 524288K bytes of memory.
For SSH to work you need keys (as you mentioned already), domain name configured and hostname.
Configure that - test if SSH works and I think that you will notice self signed and generated certificate on that new switch.
Do you mean only following commands?:
ip domain-name .............
crypto key generate rsa
I know that it`s the way of how to configure ssh, however I need to get the exactly same output (different number of course) as the output I`m showing in my first email.
I`ve tried it only with these commands in GNS3 router, however didn`t get the mentioning output in sho run.
I`ve just tested it on Cisco 2950 switch. To my surpise the output was there without me putting it there. However, to test it, I entered:
no crypto pki trustpoint TP-self-signed-(number) after which it was gone. When trying to put it back, i typed commands you suggested:
(hostname, ip domain-name) and crypto key generate rsa (commands for SSH to work).
But didn`t manage to get it back to my "sho run" output. What am I doing wrong? What am I missing?
Thank you a lot for the key for that,
Anybody has any idea how to get the required output in "sho run"? Please, I need to finish the setting up till the end of the week.
Thank you a lot Dragan,
"ip http secure-server" - that`s what i was missing. I saw this command on internet a lot when searching but didn`t thought that`d be the last piece I need. I just didn`t see the "relationship".
Can you do "crypto key rsa zeroize" command also (beside removing trustpoint as you already do). Then create rsa keys again. Then try adding "ip http secure-server" - i think it will generate self signed certificate to use with https on switch.
BTW these self signed certificates are part of newer IOSes because cisco now prepare them for you for using with for ie SSH etc...