Re: 3550 IP ex pert lab Appendix E

From: Larry Roberts (larryr@netbeam.net)
Date: Tue Sep 30 2003 - 20:39:38 GMT-3

• Next message: Brian McGahan: "RE: BGP Experts Required here."
• Previous message: Joe Biondino: "Re: Another DLSW+ Q"
• Maybe in reply to: ccie2be: "3550 IP ex pert lab Appendix E"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dt,

1. SSH is enabled by default once you generate your RSA keys. The command ip
ssh does not work by itself, it is used with two options:
authentication-retries and time-out.

2. The command transport input ssh disables all other forms of communication
on the vty lines and allows only SSH. By default, everything is allowed. The
requirement was to allow only ssh.

3. I believe the Catalyst 3550 does this on it's own. You can enter it like
this:

Router(config)# line vty 0 15
Router(config-line)# transport input ssh

And it will still show as two different ranges in the running config.

4. The Catalyst 3550 EMI image only supports 15 vty lines

HTH,
Larry Roberts
CCIE #7886 (R&S / Security)

----- Original Message -----
From: "ccie2be" <ccie2be@nyc.rr.com>
To: "Group Study" <ccielab@groupstudy.com>
Sent: Tuesday, September 30, 2003 4:16 PM
Subject: 3550 IP ex pert lab Appendix E

> Hi,
>
> Task 18 requires a secure connection to the switch and disallows Telnet.
>
> In the solution config, it has the following:
>
> line vty 0 4
> transport input ssh
>
> line vty 5 15
> transport input ssh
>
> Questions:
>
> 1) In the documentation** on SSH, it says that the global command, ip ssh,
is
> required to enable SSH, but I didn't see that command anywhere in the
solution
> config. Should that command be there?
>
> 2) There's nothing in the documentation that says to use the command,
> transport input ssh, under the virtual terminals. So, why is that in the
> solution config?
>
> 3) Is it necessary to enter split the vty lines into 2 ranges: vty 0 5
and
> vty 5 15 and enter the transport input ssh command twice? Could the
command
> line vty 0 15 have been entered instead? Why? or Why not?
>
> 4) Why is 15 used in the range vty 5 15?
>
> 5) Is there a link that explains this?
>
> **The 3550 documentation refers the reader to
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec
u
> r_c/fothersf/scfssh.htm
>
> for specific configuration instructions.
>
> Thanks in advance for any help that can be provided. dt
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***

• Next message: Brian McGahan: "RE: BGP Experts Required here."
• Previous message: Joe Biondino: "Re: Another DLSW+ Q"
• Maybe in reply to: ccie2be: "3550 IP ex pert lab Appendix E"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:40 GMT-3