EasyManuals Logo

Cisco CATALYST 2960 User Manual

Cisco CATALYST 2960
980 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #257 background imageLoading...
Page #257 background image
9-43
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 9 Configuring Switch-Based Authentication
Configuring the Switch for Secure Shell
SSH supports the Data Encryption Standard (DES) encryption algorithm, the Triple DES (3DES)
encryption algorithm, and password-based user authentication.
SSH also supports these user authentication methods:
TACACS+ (for more information, see the “Controlling Switch Access with TACACS+” section on
page 9-10)
RADIUS (for more information, see the “Controlling Switch Access with RADIUS” section on
page 9-17)
Local authentication and authorization (for more information, see the “Configuring the Switch for
Local Authentication and Authorization” section on page 9-41)
Note The switch does not support IP Security (IPSec).
Limitations
These limitations apply to SSH:
The switch supports Rivest, Shamir, and Adelman (RSA) authentication.
SSH supports only the execution-shell application.
The SSH server and the SSH client are supported only on DES (56-bit) and 3DES (168-bit) data
encryption software.
The switch supports the Advanced Encryption Standard (AES) encryption algorithm with a 128-bit
key, 192-bit key, or 256-bit key. However, symmetric cipher AES to encrypt the keys is not
supported.
Configuring SSH
This section has this configuration information:
Configuration Guidelines, page 9-43
Setting Up the Switch to Run SSH, page 9-44 (required)
Configuring the SSH Server, page 9-45 (required only if you are configuring the switch as an SSH
server)
Configuration Guidelines
Follow these guidelines when configuring the switch as an SSH server or SSH client:
An RSA key pair generated by a SSHv1 server can be used by an SSHv2 server, and the reverse.
If the SSH server is running on a stack master and the stack master fails, the new stack master uses
the RSA key pair generated by the previous stack master.
If you get CLI error messages after entering the crypto key generate rsa global configuration
command, an RSA key pair has not been generated. Reconfigure the hostname and domain, and then
enter the crypto key generate rsa command. For more information, see the “Setting Up the Switch
to Run SSH” section on page 9-44.
When generating the RSA key pair, the message No host name specified might appear. If it does,
you must configure a hostname by using the hostname global configuration command.

Table of Contents

Other manuals for Cisco CATALYST 2960

Preview: Command Reference Guide
Command Reference Guide800 pages
Preview: Command Reference
Command Reference714 pages
Preview: Hardware Installation Guide
Hardware Installation Guide108 pages
Preview: Getting Started Guide
Getting Started Guide24 pages
Preview: Installation
Installation26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco CATALYST 2960 and is the answer not in the manual?

Cisco CATALYST 2960 Specifications

General IconGeneral
ManageableYes
StackingNo
ModelCatalyst 2960 Series Switches
Power over Ethernet (PoE)Available on some models (IEEE 802.3af)
VLANs255 active VLANs
FeaturesQoS
Operating Temperature32 to 113°F (0 to 45°C)
Relative Humidity10% to 85% non-condensing
Power ConsumptionVaries by model (30W to 400W)

Related product manuals