Cisco Switching/Routing :: 6500 - How To Set Up SSH In CatOS And Disable Telnet
May 27, 2013I am trying to Disable Telnet and enable SSH in CatOS for 6500 .
View 12 RepliesI am trying to Disable Telnet and enable SSH in CatOS for 6500 .
View 12 RepliesWe are implementing NAC in our environment and unfortunately still some of our obsolete 6500 switches are running CATOS, the current (cat6000-sup2cvk9.8-6-4.bin) image does not support some of the commands related to NAC implementation. Therefore, I would like to urge you to provide me the 8.7 image which supports all the NAC related commands and will be easier to finish the long pending assignment.
We are in process of replacing the obselete hardware but that will take time.
So, 8.7 K9 CATOS image required.
I have a question. I have a 6500 with two supervosrs and they both have CATOS. One of them failed and I need to replace. As long as the hardware is the same does the CATOS have to be indentical or can this be different.
View 4 Replies View Relatedhow to convert configuration catos on 6500 to IOS image.
View 3 Replies View Related#sh run | inc user
!
username USER0 secret 5 $1$passwordusername USER1 privilege 15 secret 5 $1$passwordusername USER2 privilege 15 secret 5 $1$password
!
#sh run | inc aaa
!
aaa new-modelaaa authentication login local_authen localaaa authentication login radius_authen group radius localaaa authorization consoleaaa authorization exec local_author localaaa authorization exec radius_author group radius localaaa session-id common
!
#sh run | begin line vty
!
line vty 0 4access-class 3 inexec-timeout 15 0authorization exec radius_authorlogging synchronouslogin authentication radius_authentransport input sshline vty 5 15!sh verCisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
the intent of the above is that management connections will only be accepted via SSH, and all of those will be authenticated via RADIUS, unless it's down, then it will use the local username/pw combinations, most of which are given Privledge level 15. Telnet should never work.SSH works as expected (authenticates via RADIUS), but the problem is that Telnet also works, will ONLY use the local database (never RADIUS), and, for some reason, leaves the users at Privledge level 1, instead of the configured 15.Essentially, it seems that at every point I have told it to do something that isn't the default with regards to telnet, it ignores me.Prior to a recent IOS upgrade, the switch didn't support SSH, so the previous config was Telnet with RADIUS, and that worked fine.
I have a pair of OLD Cat6500's running CatOS:
WS-C6509 Software, Version NmpSW: 7.6(16)
Copyright (c) 1995-2005 by Cisco Systems
NMP S/W compiled on Dec 22 2005, 16:37:19
System Bootstrap Version: 7.1(1)
System Boot Image File is 'bootflash:cat6000-sup2k8.7-6-16.bin'
System Configuration register is 0x2
I know these are no longer supported, but I have to ready them for migration. Recently a problem began with these switches. What happens is that when I telnet to them, I cannot authenitcate via TACACS. This works fine for all our other IOS equipment, just not for these 2 switches. The error is:" % Error in authentication" and then I get kicked back to the login prompt.
The odd thing is that when I connect to the switch via the console port, I can authenticate fine with TACACS.
CMS> /c 14
[Code].....
I have a new 6513 with 2 sup32's with IOS. This chassis will replace a working 6513 with 2 sup2's with CatOS.I need to pull the running config from the CatOS chassis and make it work on the IOS chassis. i can do this manually but was wondering if there are any trade secrets on doing this.
View 3 Replies View RelatedI have a client who is changing their management IP scheme as a bridge to replacing equipment and much of the old equipment (Catalyst 4000) is running CatOS and I am a bit weak in CatOS. The existing Management IP is setup as follows:
set interface sc0 1 192.168.252.209/255.255.255.0 192.168.252.255
set ip route 0.0.0.0/0.0.0.0 192.168.252.1
What we want to change this to is as follows:
set interface sc0 110 192.168.197.209/255.255.255.0 192.168.197.255
set ip route 0.0.0.0/0.0.0.0 192.168.197.1
The devices are spreadout over a large area and visiting each device is almost out of the question due to a time deadline I was wondering if I run this set of commands will this allow me to keep a remote session (SSH) running until the change is complete?
set ip route 192.168.197.0/255.255.255.0 192.168.197.1
set interface sc0 110 192.168.197.209/255.255.255.0 192.168.197.255
set ip route 0.0.0.0/0.0.0.0 192.168.197.1
I have to upgrade two Cisco Catalyst 6509E from Catos to IOS. I would want to know the requirements hardware or software for upgrading. Which are the recommended images I must download? From cat6000-sup32pfc3k9.8-4-5 to the latest stable version of IOS, is it recomended to pass to another previously version before?
I have viewed the following links,[URL]but, it doesn`t mention anything about that. The image below is the result of the "show version" command of one of our Cisco Catalyst.
WS-C6509-E Software, Version NmpSW: 8.4(5)
Copyright (c) 1995-2005 by Cisco Systems
NMP S/W compiled on Aug 3 2005, 13:13:36
[code]....
I need to convert configuration from CatOS on 4006 to IOS on 4510. I am unable to find the conversion tool.
View 5 Replies View RelatedI am trying to find a command for dhcp snooping rate-limiting on a CatOS. The PFC card is PFC. PFC3B is said to support that command. But there seems no this command.
-6k> (enable) sh ver
WS-C6509-E Software, Version NmpSW: 8.4(5)
Copyright (c) 1995-2005 by Cisco Systems
NMP S/W compiled on Aug 3 2005, 13:26:46
[Code] ......
Up time is 1183 days, 1 hour, 41 minutes
I have a new 6513 with 2 sup32's with IOS. This chassis will replace a working 6513 with 2 sup2's with CatOS.I would like to convert my CatOS running configs to IOS, and I know there used to be a tool for this.
I have searched around and found many broken links to an old Cisco tool to convert my former configs, is there any way to get this tool today? I have tried over 20 links and not been able to find a working one yet.
I need to replace a faulty fan unit on the catos WS-6509 switch. this Catos switch does not support show inventory so any other catos commands which will show me this part id?
View 2 Replies View RelatedI'm trying to configure an LACP channel trunk between a CatOS C6000 and a Dell PowerConnect.
I use mode active in both sides and it works great.
But, when I connect a Catalyst 3750X to the Dell PowerConnect the channel between C6000 and PWC shutdown:
2013 May 16 09:08:20 CEST +02:00 %SPANTREE-2-CHNMISCFG: STP loop - channel 5/19-20 is disabled in vlan/instance 20
2013 May 16 09:08:20 CEST +02:00 %SPANTREE-2-CHNMISCFG2: BPDU source mac addresses: 00-04-6d-43-a4-e2, 70-ca-9b-27-46-99
I am trying to find the serial number on the CLI that matches the serial number sticker on the back of a WS-C2948G-GE-TX switch that runs CatOS. I am running code cat4000-k9.8-3-2-GLX.bin. I have 4 different switches and all the stickers have a serial that starts with JPE.. and both "show version" and "show sprom 1" and "show sprom 2" gives me a completely different serial number that starts wtih JAE... All of these serial numbers I get from the CLI match with each other. The command "show sprom chassis" says "Feature not supported."
Is it possible to find the serial number that matches the sticker from the CLI on a 2948G? Why does Cisco make this so confusing?
How do we disable the telnet to ACS appliance 4.2 1113 SE
View 4 Replies View RelatedI am using a Cisco 2801 Router and currently have Telnet enabled on all interfaces. How do I change that so it is enabled from all inside networks, but not on the outside interface?
View 12 Replies View Relateddisable telnet for ACS 1120 Appliance version 5.0.0.21 .is there anway to do it , not able to login via telnet and ssh it says wrong credentials but webgui is working fine with same user and password.
View 1 Replies View RelatedI want to disable the telnet option/feature on ASA 5510
i tried no telnet alone it wont work as i didnt configured any telnet at all.
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies View RelatedI am position to migrate from CatOS 6509 switch to native IOS 6509 switch. long time ago, there was some site to convert automatically based on copy and paste onto the tool, but i can not find.
Does anybody know how to convert CatOS configuration to Native IOS configuration ? It is not IOS change, but it is configuration convert.
I have aaa new model configured on a number of isr's(1800, 1900, 2900, 3800 etc). When i have aaa configured, the telnet logins use that authentication and not the password in the line vty portion. Is this by design. would disabling aaa enable both telnet and aaa authentications, essentially making it a dual login.
View 3 Replies View RelatedI want to learn that,on cisco switch (2950,3600,6500 series) IpV6 default open? İf It comes open on default,how to disable?
View 19 Replies View RelatedI have set up a newly switch, cisco 3570C. Its in v15 and the only configuration i did is:
-set up interface ip add. 10.132.16.111
-set up telnet
I am able to telnet within LAN environment. I cant ping or telnet the switch in a WAN enviornment. Is there any setting i should confgure on the switch?
I have a Cisco 2960-S Switch, It is connected to a jack in the building to check the settings, Interface VLAN 1 has an ip, there is a default gateway, Any host connected to switch can access the network resources. But the problem is that I have to use Serial Cable to configure it. I cant ping or telnet into it from any other device. PC's are on different subnets/VLANS.
Basically this switch is connected to a port in a different switch, Do i have to make a trunk?
I have a new 877 that I am using for internet traffic for 3-4 internet only devices.I also have a clean network that i want to insure no cross contamination. However I plan on rolling this out to many sites, but for management I was hoping to set up a reverse telnet to the console port from our one of my clean switches. which should allow me to keep the units seperated and allow me to manage changes etc remotely. Unfortunatly there is no Aux port on the clean switch (3560). Is there still a way to acheive this? can i configure one of the ethernet ports to connect to the console of the 877?
View 2 Replies View RelatedWe have several routers that can only be accessed on telnet port 6066 (vice 23). I have no global exec privilege so I can not provide config.So my question is: how do you configure the router to accept port 6066 for telnet and deny port 23?
View 4 Replies View RelatedI only want SSH to be allowed when accessing this switch, but telnet is still allowed, why? Whe authenticate via radius.version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname 3750!boot-start-markerboot-end-marker!logging buffered 64000logging console informationallogging monitor informationalenable secret 5 $1$1K$!username admin privilege 15 secret 5 $1$Bs$cLHusername users view priv3 secret 5 $1$Jfnviwp!!aaa new-model!!aaa authentication login default group radius localaaa authentication enable default lineaaa authorization consoleaaa authorization exec default group radius local !!!aaa session-id commonclock timezone GMT 0clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-12ssystem mtu routing 1500udld aggressiveno ip domain-lookupip domain-name CB!!login on-failure loglogin on-success log!!crypto pki trustpoint TP-self-signed-3817403392enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-3817403392revocation-check nonersakeypair TP-self-signed-3817403392!!crypto pki certificate chain TP-self-signed-3817403392certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33383137 34303333 3932301E 170D3132 30343133 31303539 33395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38313734 30333339 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C31D AE6DD8B5 56245317 AD96F4F4 727385D4 97A5B138 488A215E 4294FC40 1C5B2F26 2B75E1CF E562F240 118F2F50 0CFF2449 16EC66EA 2D489F5F F36BFD05 ACCC79CA DDDA984D 4CB7AB DD95A5E0 9274A225 3F5A3634 DEBF1A2A 416E2189 B35B4473 C7D5EE2C E3D41675 A86F31CD.
View 3 Replies View RelatedI am having issues with 'telnet' on port 2821 to a range of servers connecting through vlan interface from my core switch 6513 running s72033_rp-DVIPSERVICESK9_WAN-VM) version 12.2(33)SXH7, RELEASE SOFTWARE (fc3). The telnet on port 1556 and 13724 is ok.
View 1 Replies View RelatedI have 2 switches. 2960 and 3750. I have trunk on both ports of the switch. there are couple of vlans and ports are assigned to those vlans. examples are management, voice and data. int vlan 1 has ip there is default gateway the hosts are able to connect to the internet when connected to the switch.
View 5 Replies View RelatedI can't to connect on my switch (WS-C2950G-48-EI) with Telnet or HTTP.When to connect with console, i have a error [code]
View 4 Replies View RelatedI have a catalyst 3550 and will be using it to run my cisco 7940 and 7960 ip phones with POE. When I plug the phones into the switch they power up just fine but the phones will not dial out as they have little x's by the line. I have also tried going through the set up of the 3550 but get stuck in one place. When I go to the 10.0.0.0, the screen will not allow me to enter the telnet page or allow me to enter any information. In the manual it shows a pic of what the screen should look like when I go to 10.0.0.1, but I am getting an entirely different page.
What I need to do to get everything set up correctly?
We have a cisco 2911 router configured with password for telnet login, but I always failed to login use telnet, does any one know any place need to be modify?
View 6 Replies View Related