Leaflet
108
OL-11615-01
Console> set ip permit 172.18.124.0 255.255.255.0
172.18.124.0 with mask 255.255.255.0 added to IP permit list.
!--- Step 3: Turn SSH on.
Console> (enable) set ip permit enable ssh
SSH permit list enabled.
For more information about SSH configuration on Catalyst OS, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/confg
_gd/connect.htm#wp1023537
SSH in Cisco IOS
The following steps are required to enable SSH support on a Catalyst switch running Cisco IOS:
Step 1 Configure a hostname and DNS domain for the router.
Step 2 Generate an RSA key pair.
Step 3 Configure time-out and number of authentication retries.
Step 4 Limit VTYs to SSH only (this is not mandatory, but we recommend it).
Note SSH requires an IPSec (DES or 3DES) encryption IOS software image.
The following example shows how SSH can be configured on an IOS router:
!--- Step 1: Configure a hostname and domain name.
Router(config)# hostname router
Router(config)# ip domain-name nyc.cisco.com
!--- Step 2: Generate an RSA key pair for your router, which automatically enables SSH.
Router(config)# cry key generate rsa
!--- Step 3: Configure time-out and number of authentication retries.
Router(config)# ip ssh time-out 60
Router(config)# ip ssh authentication-retries 2
!--- Step 4: Configure VTYs to only accept SSH.
Router(config)# line vty 0 4
Router(config-line)# transport input ssh
For more information about SSH configuration on IOS routers, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec
_c/part25/ch10/index.htm
SNMP Access
Simple Network Management Protocol (SNMP) is the most popular network management protocol, and
as such is widely supported in the networking industry. There are three versions of SNMP: version 1, the
oldest one but still frequently supported, version 2c, the most commonly deployed, and version 3, an
IETF standard that provides enhanced security.