Table of Contents
Advertisement
Set the Crypto key:
1.
(global) crypto key generate rsa
Before you can configure SSH, you must enable the switch to generate a key for
encoding the data. The crypto key rsa command generates that key. For IOS you are
prompted for a value. The greater the length, the stronger the encryption. The rec-
ommended modulus is 1024 or greater.
Enable SSH:
2.
(global) ip ssh
Verification
To verify configuration of SSH, use the following commands:
show ip ssh
show ip permit
Feature Example
This example shows the configuration that enables any device to access the switch using
SSH. The RSA modulus for the switch will be set to 1024.
An example configuration follows:
Switch(config)# crypto key generate rsa
Enter modulus:1024
Switch(config)# ip ssh
Switch(config)# end
Switch(config)# copy running-config startup-config
11-8: 802.1X Port Authentication
On most switches, ports are enabled by default, and anyone who can plug into the
■
port gains access to the network.
Port security using MAC addresses can control which devices can access a network
■
on a given port but must be reconfigured if a device is moved.
■
802.1X provides a standard method for authorizing ports using client certificates or
usernames.
802.1X uses a RADIUS server to provide authorization of a port for use.
■
Until an 802.1X port is authorized, it cannot be used to pass user traffic.
■
In 802.1X, the switch acts as a proxy between the client and the server to pass au-
■
thentication information.
Chapter 11: Controlling Traffic and Switch Access 185
Hide quick links:
Advertisement
Table of Contents
