Specifications

ManualsBrandsCisco ManualsComputer equipment2955T 12 - Catalyst Switch

211

212

213

214

215

216

217

218

219

220

9-32

Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide

78-11380-07

Chapter 9 Configuring Switch-Based Authentication

Configuring the Switch for Secure Shell

Note For complete syntax and usage information for the commands used in this section, refer to the “Secure

Shell Commands” section in the Cisco IOS Security Command Reference for Release 12.2.

Understanding SSH

SSH is a protocol that provides a secure, remote connection to a device. There are two versions of SSH:

SSH version 1 and SSH version 2. This software release only supports SSH version 1.

SSH provides more security for remote connections than Telnet by providing strong encryption when a

device is authenticated. The SSH feature has an SSH server and an SSH integrated client. SSH supports

these user authentication methods:

• TACACS+ (for more information, see the “Controlling Switch Access with TACACS+” section on

page 9-9)

• RADIUS (for more information, see the “Controlling Switch Access with RADIUS” section on

page 9-17)

• Local authentication and authorization (for more information, see the “Configuring the Switch for

Local Authentication and Authorization” section on page 9-30)

For more information about SSH, refer to the “Configuring Secure Shell” section in the Cisco IOS

Security Configuration Guide for Release 12.2.

Note The SSH feature in this software release does not support IP Security (IPSec).

Cryptographic Software Image Guidelines

The SSH feature uses a large amount of switch memory, which limits the number of VLANs, trunk ports,

and cluster members that you can configure on the switch. Before you download the cryptographic

software image, your switch configuration must meet these conditions:

• The number of trunk ports multiplied by the number of VLANs on the switch must be less than or

equal to 128. These are examples of switch configurations that meet this condition:

–

If the switch has 2 trunk ports, it can have up to 64 VLANs.

–

If the switch has 32 VLANs, it can have up to 4 trunk ports.

• If your switch is a cluster command switch, it can only support up to eight cluster members.

To obtain authorization to use this feature and to download the cryptographic software files, select

Catalyst 2950 Strong Cryptographic (3DES) Software in the Software Download Web Site on

Cisco.com. For more information about downloading this software, refer to the release notes for this

release.

Configuring SSH

Before configuring SSH, download the cryptographic software image from Cisco.com. For more

information, refer to the release notes for this release.

For information about configuring SSH and displaying SSH settings, refer to the “Configuring Secure

Shell” section in the Cisco IOS Security Configuration Guide for Release 12.2.