Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSH on a 2511?

Status
Not open for further replies.

atomsnine

MIS
Feb 4, 2010
5
US
Hey folks! After many months of absorbing the enormous amount of collective knowledge found on this site, I have finally come to a question I am having a hard time answering.

First off let me say THANK YOU to all the folks who spend their time contributing to TEK-TIPS. The majority of the threads I have been following and soaking in are Cisco related and therefore I would like to call out CiscoGuy33, burtsbees, lerdalt and maczen particularly for there advice, opinions and other valuable knowledge.

Some quick background - I have been working in the industry for some time now- cumulative experience about 6-8 years. Many different projects and technologies during this time. Lately, I have decided to focus my studies on Cisco technologies and certification as I was exposed early on and have always had an affinity for the network.

So I have gathered some gear, cables, a rack, books and other study materials and have been exploring and honing skills with the help of you all as well as Jeremy Cioara, Todd Lammle and The Bryant Advantage.

The question:

I would like to get SSH working on my 2511 and for the life of me, am stuck at finding which IOS I need in order to make this a reality. Google searches kick out 12.2T train as a starting point and Cisco itself has removed the 2500 series devices from the feature navigator - so I am stuck.

Why SSH? Well - I think I have the concept of deny by default built into me - and as such ALWAYS look for the secure way of doing something. No I don't have the the 2511 set up with a public IP on the Net, but that doesn't mean I wouldn't like to - hence SSH.

Below is a working config - The particular IOS I am running now is: c2500-c-l.123-22.bin


TIA for any insight you can lend.


~atomsnine


!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AS
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
ip subnet-zero
no ip domain lookup
ip domain name xxxxxxx.ssh
ip host R1 2001 100.1.1.1
ip host R2 2002 100.1.1.1
ip host R3 2003 100.1.1.1
ip host PIX 2005 100.1.1.1
ip host SW1 2006 100.1.1.1
ip host SW2 2007 100.1.1.1
ip host SW3 2008 100.1.1.1
!
!
!
!
!
interface Loopback0
ip address 100.1.1.1 255.255.255.255
!
interface Ethernet0
ip address 192.168.1.40 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip http server
ip classless
!
banner motd ^C
******************************

UNAUTHORIZED ACCESS PROHIBITED

******************************
^C
!
line con 0
exec-timeout 0 0
password 7 xxxxxxxxxxxxxxxxxxx
logging synchronous
login
line 1 16
no exec
transport input all
line aux 0
line vty 0 3
password 7 xxxxxxxxxxxxxxxxxxx
login
transport input telnet
line vty 4
password 7 xxxxxxxxxxxxxxxxxxx
logging synchronous
login
transport input telnet
!
end
 
2500's do not do ssh---the IOS must have "k9" in the image name (crypto services) or no ssh. The 2600's do. Also, the 2500's are pretty much phased out for certification training, but can be useful for routing protocols, acting as a frame relay switch, acting as a console access server, etc. But, you definitely need at least 1700's or 2600's, as certain images in 2610's for example, which have only 10Mbps interfaces (ethernet), would allow you to go full-duplex, which is necessary for vlan trunking (router on a stick, intervlan routing). You would also need a router that supports SDM, like a 2600XM (2621XM is preferable since it has 2 fast ethernet interfaces). If you get a 1700 series, don't waste your time with a 1720---it will not do intervlan routing (no encapsulation commands are available)---the 1721 does.

HTH

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Burt - Thanks for the heads up on 2500's not supporting SSH. Although not as easily, I can still remote in via VPN.

Gear =

3 x 2621XM / WIC-2T
3 x WS-C2950T-24
1 x PIX-515-R
1 x 2511
 
Just an FYI that you can do router on a stick on a 10mb interface. The only caveat is that the native vlan has to be 1. Also the 2500's are also good as backbone routers in your lab ie injecting routes into the domain.
 
Why would you say that on a 10MB interface the native vlan must be 1? You simply need to do full duplex on a 10MB link for intervlan routing. For the 2610/2611, you need IP Plus (is-mz in the code) for the "duplex full" command. This is not possible on the 2500 series routers. Read my post above.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top