Configuration Guide
Page 6
Contents 5 C H A P T E R Configuring Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Managing Switch Stacks 5-1 Understanding Switch Stacks 5-1 Switch Stack...Connectivity to the Switch Stack Through an IP Address 5-16 Connectivity to the Switch Stack Through an SSH Session 5-16 Connectivity to the Switch Stack Through Console Ports 5-16 Connectivity to Specific Stack Members 5-17 Switch Stack...
Contents 5 C H A P T E R Configuring Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Managing Switch Stacks 5-1 Understanding Switch Stacks 5-1 Switch Stack...Connectivity to the Switch Stack Through an IP Address 5-16 Connectivity to the Switch Stack Through an SSH Session 5-16 Connectivity to the Switch Stack Through Console Ports 5-16 Connectivity to Specific Stack Members 5-17 Switch Stack...
Configuration Guide
Page 91
...-up to the console port, see the "Setting a Telnet Password for a Terminal Line" section on the management station. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 2-11 After you can use one Telnet user are reflected in all other Telnet sessions. You can access the...access, see the "Configuring the Switch for this type of these methods to establish a connection with the Telnet or SSH client, and the switch must have an enable secret password configured. The switch must first be configured for Secure Shell" section on page 9-6. For information about ...
...-up to the console port, see the "Setting a Telnet Password for a Terminal Line" section on the management station. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 2-11 After you can use one Telnet user are reflected in all other Telnet sessions. You can access the...access, see the "Configuring the Switch for this type of these methods to establish a connection with the Telnet or SSH client, and the switch must have an enable secret password configured. The switch must first be configured for Secure Shell" section on page 9-6. For information about ...
Configuration Guide
Page 216
... the user undergoes an additional authorization phase if authorization has been enabled on the TACACS+ daemon. • ERROR-An error occurred at...+ daemon to obtain a username prompt to show to 9-12 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 If an ACCEPT ... switch then contacts the TACACS+ daemon to obtain a password prompt. Controlling Switch Access with the daemon or in the form of these responses... is authenticated and service can access: • Telnet, Secure Shell (SSH), rlogin, or privileged EXEC services • Connection parameters, including the host...
... the user undergoes an additional authorization phase if authorization has been enabled on the TACACS+ daemon. • ERROR-An error occurred at...+ daemon to obtain a username prompt to show to 9-12 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 If an ACCEPT ... switch then contacts the TACACS+ daemon to obtain a password prompt. Controlling Switch Access with the daemon or in the form of these responses... is authenticated and service can access: • Telnet, Secure Shell (SSH), rlogin, or privileged EXEC services • Connection parameters, including the host...
Configuration Guide
Page 223
...enter the username and password, or access is denied. Chapter 9 Configuring Switch-Based Authentication Controlling Switch Access with RADIUS Figure 9-2 Remote PC Transitioning from RADIUS to TACACS+ Services R1 RADIUS... user is either not authenticated and is prompted to RADIUS authorization, if it is enabled. CHALLENGE PASSWORD-A response requests the user to the RADIUS server. 3. The username ...8226; Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts OL-8550-02 Catalyst 3750 Switch ...
...enter the username and password, or access is denied. Chapter 9 Configuring Switch-Based Authentication Controlling Switch Access with RADIUS Figure 9-2 Remote PC Transitioning from RADIUS to TACACS+ Services R1 RADIUS... user is either not authenticated and is prompted to RADIUS authorization, if it is enabled. CHALLENGE PASSWORD-A response requests the user to the RADIUS server. 3. The username ...8226; Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts OL-8550-02 Catalyst 3750 Switch ...
Configuration Guide
Page 244
... the crypto key zeroize rsa global configuration command. After the RSA key pair is deleted, the SSH server is required. This step is automatically disabled. 9-40 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 For more information, see the "Configuring the Switch for...the configuration file. Configure a host domain for local and remote authentication on the console. Enable the SSH server for your switch to enter a modulus length. Download the cryptographic software image from Cisco.com. Follow this release. 2. When you generate RSA keys, you are prompted to...
... the crypto key zeroize rsa global configuration command. After the RSA key pair is deleted, the SSH server is required. This step is automatically disabled. 9-40 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 For more information, see the "Configuring the Switch for...the configuration file. Configure a host domain for local and remote authentication on the console. Enable the SSH server for your switch to enter a modulus length. Download the cryptographic software image from Cisco.com. Follow this release. 2. When you generate RSA keys, you are prompted to...
Configuration Guide
Page 252
... transport, the router must enter the password when prompted. 9-48 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 Because SSH also relies on AAA authentication, and SCP relies further on SSH for its secure transport. Use the no ip http client secure-trustpoint...client trustpoint configuration. Note When using SCP, you must correctly configure SSH, authentication, and authorization on the switch. • Because SCP relies on AAA authorization, correct configuration is necessary. • Before enabling SCP, you cannot enter the password into the copy command. Configuring...
... transport, the router must enter the password when prompted. 9-48 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 Because SSH also relies on AAA authentication, and SCP relies further on SSH for its secure transport. Use the no ip http client secure-trustpoint...client trustpoint configuration. Note When using SCP, you must correctly configure SSH, authentication, and authorization on the switch. • Because SCP relies on AAA authorization, correct configuration is necessary. • Before enabling SCP, you cannot enter the password into the copy command. Configuring...
Configuration Guide
Page 915
...• Secure Shell (SSH) over an IPv6 transport • HTTP server access over IPv6 transport • DNS resolver for AAAA over IPv6" section in the Cisco IOS IPv6 Configuration Library... at system startup so that the switch CPU is not unnecessarily burdened while it is actively resolving. The switch supports stateless autoconfiguration to route an IPv6 packet. A link-local address enables...: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/sa_mgev6.htm OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 36-5
...• Secure Shell (SSH) over an IPv6 transport • HTTP server access over IPv6 transport • DNS resolver for AAAA over IPv6" section in the Cisco IOS IPv6 Configuration Library... at system startup so that the switch CPU is not unnecessarily burdened while it is actively resolving. The switch supports stateless autoconfiguration to route an IPv6 packet. A link-local address enables...: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/sa_mgev6.htm OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 36-5
Configuration Guide
Page 1159
...34-16 described 34-3 illustration 34-4 support for 1-6 cross-stack UplinkFast, STP described 20-5 disabling 20-16 enabling 20-16 fast-convergence events 20-7 Fast Uplink Transition Protocol 20-6 normal-convergence events 20-7 support for 1-6 cryptographic software image...SSH 9-37 SSL 9-42 switch stack considerations 5-2, 5-16, 9-38 customer edge devices 35-65 CWDM SFPs 1-26 D daylight saving time 7-13 dCEF in the switch stack 35-75 debugging enabling all system diagnostics 43-21 enabling for a specific feature 43-20 redirecting error message output 43-21 using commands 43-20 default commands 2-4 Catalyst...
...34-16 described 34-3 illustration 34-4 support for 1-6 cross-stack UplinkFast, STP described 20-5 disabling 20-16 enabling 20-16 fast-convergence events 20-7 Fast Uplink Transition Protocol 20-6 normal-convergence events 20-7 support for 1-6 cryptographic software image...SSH 9-37 SSL 9-42 switch stack considerations 5-2, 5-16, 9-38 customer edge devices 35-65 CWDM SFPs 1-26 D daylight saving time 7-13 dCEF in the switch stack 35-75 debugging enabling all system diagnostics 43-21 enabling for a specific feature 43-20 redirecting error message output 43-21 using commands 43-20 default commands 2-4 Catalyst...
Configuration Guide
Page 1193
... specific VLANs 28-16 removing destination (monitoring) ports 28-14 specifying monitored ports 28-12 with ingress traffic enabled 28-15 source ports 28-6 transmitted traffic 28-6 VLAN-based 28-7 spanning tree and native VLANs 13-19...69 OL-8550-02 SRR (continued) described 33-14 shaped mode 33-14 shared mode 33-14 support for 1-10 SSH configuring 9-39 cryptographic software image 9-37 described 1-6, 9-38 encryption methods 9-38 switch stack considerations 5-16, 9-38 user...-3 MAC address tables 7-21 MSTP 19-8 multicast routing 40-8 MVR 24-18 Catalyst 3750 Switch Software Configuration Guide IN-43
... specific VLANs 28-16 removing destination (monitoring) ports 28-14 specifying monitored ports 28-12 with ingress traffic enabled 28-15 source ports 28-6 transmitted traffic 28-6 VLAN-based 28-7 spanning tree and native VLANs 13-19...69 OL-8550-02 SRR (continued) described 33-14 shaped mode 33-14 shared mode 33-14 support for 1-10 SSH configuring 9-39 cryptographic software image 9-37 described 1-6, 9-38 encryption methods 9-38 switch stack considerations 5-16, 9-38 user...-3 MAC address tables 7-21 MSTP 19-8 multicast routing 40-8 MVR 24-18 Catalyst 3750 Switch Software Configuration Guide IN-43