Category Archives: Cisco IOS

ASA/Pix – Enable SSH via CLI

Enabling SSH via CLI is faster and easier than navigating Cisco’s ASDM. This assumes that you already have a local user account created, then use the three steps below to quickly get it done:

1) Specify that the ASA use a local account to authenticate SSH connections

aaa authentication ssh console LOCAL

 

2) Generate a 2048 bit RSA key pair for the firewall

ASA
crypto key generate rsa modulus 2048
wr mem

PIX
ca generate rsa key 2048
ca save all

 

3) Specify the hosts or networks allowed to connect to each interface.

ssh 192.168.1.0 255.255.255.0 inside
ssh 4.4.4.4 255.255.255.255 outside

Configuring Cisco 2960X-48TS-L FlexStack

NOTE: All switches intended for the stack must be on the same version of IOS code. If your switch is revisions behind what is current, I recommend updating them as your first step. Easier to do it now while you have the chance, than once it’s in production.

1. Remove module covers on rear panel before powering on. Insert FlexStack modules into the respective slots and tighten the securing screws. Cable stack as follows:

2 Switches
switch1/stack1 > switch2/stack1
switch1/stack2 > switch2/stack2

2. Attach console cable to switch1, open up a terminal window, and plug in the switch power to switch1 only. You can watch it run through it’s boot sequence. At first boot, it will attempt to run through the basic configuration which is fine. I typically select:

Hostname:  sw-customer-01
Enable Secret:  ************
Enable Password:  ************ (must be different than secret)
Virtual Terminal Password (aka Telnet):  ************ (I typically remove this later, using SSH only)
Configure SNMP Management Network?  No
Enter interface name used to connect to the management network from the above interface summary:  FastEthernet (I typically use the mgmt port on the front, use whichever port you prefer)
Assign an IP/Subnet Mask
Enable as a cluster command switch?  No
Select Option 2 to save create config

 

3. Check to make sure the Flex-Stack Module is registering in switch1. Run the following command:

sw-customer-01# show switch stack-ports
      Switch # Port 1  Port 2 
      -------- ------  ------ 
         1      Down    Down

^^Showing ‘Down’ is ok, it is still registering that the module is installed in switch1.^^

 

4. Power on switch2. Wait a few minutes until the switch is fully booted. You can keep your console cable connected to switch1 this entire time. Periodically re-running the command from step 4. Once switch2 is fully booted, your output should read:

sw-customer-01# show switch stack-ports    
      Switch # Port 1  Port 2    
      -------- ------  -----      
         1       Ok     Ok      
         2       Ok     Ok

^^This confirms both switches and both stack module ports on each switch is functioning properly^^

 

sw-customer-01# show switch stack-ring    
      Stack Ring Speed        : 20GB    
      Stack Ring Configuration: Full    
      StackRing Protocol      : FlexStack

^^This confirms the speed of our backplane, the redundancy of our cabling and the method in which we have stacked the switches^^

 

sw-customer-01# sh ip int b
Interface
 vlan1
 FastEthernet
 GigabitEthernet1/0/1
 GigabitEthernet1/0/2
 =====through=====
 GigabitEthernet2/0/47
 GigabitEthernet2/0/48

^^The output of this command should show you that both switches and all 96 ports are manageable from a single master switch location. The master switch is signaled by the greet ‘MAST’ light on the front. There should only be one master per stack.^^

5. Grab a beer.

 

BENEFITS OF STACKING

Throughput – Dramatically increased, taking advantage of that aggregate 20GB backplane stack connection.

Expandability – Run out of ports? Hot add a new switch to the FlexStack at any time, and it should be automatically detected and bundled with the others. Remember, same IOS code and you can only stack a total of 4 switches together.

Management – Gotta love a single point of management for all of your switches. One IP address to access and manage everything in the stack.