Cryptographic IOS versions on Catalyst Switches

1. Where can one find the differences between Catalyst switch IOS with cryptographic features and without cryptographic features?
2. In order to access Cat switches over SSH and HTTPS, do we require Cryptographic versions of the Cat IOS?
3. What does "k9" stands for in IOS names? e.g. "3560-ipservicesk9"
Thanks

Hi
Answer to Q1 :
Best plase to compare the Catos and IOS is
www.cisco.com/go/fn
there you can search by ios names or platforms or features and compare images.
Answer to Q2 :
Yes you need Cryptographic version
Answer to Q3 :
K9 stand for Cryptographic version if you have ipservicesk9 you can do SSH in the feature navigator if you search the ios without K9 you will find this :
IP SERVICES W/O Crypto
that means this catos does not support Cryptographic.
Best Regards Bahman Mozaffari.
Please Rate if Helpful.

Similar Messages

  • Best IOS version for 3750 switch

    I have just received 2 3750 switches, but both have a different IOS version.
    One has -> IOS version 12.1(19)EA1d
    and the other has -> IOS version 12.2(25)SEB2.
    I just want to use the switches as Gb collectors for a serverfarm seperatly (so no stack configuration) with a redundant uplink to my distribution layer.
    Can someone advise my which IOS is the best for my network?
    Thanx, Marty

    Switch 1:
    Cisco Internetwork Operating System Software
    IOS (tm) C3750 Software (C3750-I5-M), Version 12.1(19)EA1d, RELEASE SOFTWARE (fc1)
    Copyright (c) 1986-2004 by cisco Systems, Inc.
    Compiled Mon 05-Apr-04 22:06 by antonino
    Image text-base: 0x00003000, data-base: 0x009206D8
    ROM: Bootstrap program is C3750 boot loader
    BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.1(14r)EA1a, RELEASE SOFTWARE (fc1)
    2224-3750-037000137 uptime is 23 hours, 52 minutes
    System returned to ROM by power-on
    System restarted at 09:02:42 GMT Thu Aug 11 2005
    System image file is "flash:c3750-i5-mz.121-19.EA1d/c3750-i5-mz.121-19.EA1d.bin"
    cisco WS-C3750G-24TS (PowerPC405) processor (revision H0) with 118776K/12288K bytes of memory.
    Processor board ID CAT0904X00B
    Last reset from power-on
    Bridging software.
    1 Virtual Ethernet/IEEE 802.3 interface(s)
    28 Gigabit Ethernet/IEEE 802.3 interface(s)
    The password-recovery mechanism is enabled.
    512K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address : 00:13:1A:65:50:00
    Motherboard assembly number : 73-7058-12
    Power supply part number : 341-0045-01
    Motherboard serial number : CAT090400A0
    Power supply serial number : LIT09020266
    Model revision number : H0
    Motherboard revision number : A0
    Model number : WS-C3750G-24TS-E
    System serial number : CAT0904X00B
    Hardware Board Revision Number : 0x09
    Switch Ports Model SW Version SW Image
    * 1 28 WS-C3750G-24TS 12.1(19)EA1d C3750-I5-M
    Configuration register is 0xF
    Switch 2:
    Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEB2, RELEASE SOFTWARE (fc1)
    Copyright (c) 1986-2005 by Cisco Systems, Inc.
    Compiled Wed 08-Jun-05 01:19 by yenanh
    ROM: Bootstrap program is C3750 boot loader
    BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.1(14r)EA1a, RELEASE SOFTWARE (fc1)
    2224-3750-037000138 uptime is 59 minutes
    System returned to ROM by power-on
    System image file is "flash:c3750-ipservices-mz.122-25.SEB2/c3750-ipservices-mz.122-25.SEB2.bin"
    cisco WS-C3750G-24TS (PowerPC405) processor (revision L0) with 118784K/12280K bytes of memory.
    Processor board ID CAT0925Z0WZ
    Last reset from power-on
    1 Virtual Ethernet interface
    28 Gigabit Ethernet interfaces
    The password-recovery mechanism is enabled.
    512K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address : 00:14:A8:71:CA:00
    Motherboard assembly number : 73-7058-13
    Power supply part number : 341-0045-01
    Motherboard serial number : CAT09251J90
    Power supply serial number : PHI09220165
    Model revision number : L0
    Motherboard revision number : A0
    Model number : WS-C3750G-24TS-E
    System serial number : CAT0925Z0WZ
    Hardware Board Revision Number : 0x09
    Switch Ports Model SW Version SW Image
    * 1 28 WS-C3750G-24TS 12.2(25)SEB2 C3750-IPSERVICES-M
    Configuration register is 0xF

  • How do I show the running IOS-XE for 4500X switches other than using show version way?

    I am trying to find a way to show the current IOS version running in a 4500X. The show version indicates software running default and other commands like show bootvar only indicates what I have configured. Is there other way? Is it related to configuration register?
    Thanks
    GIL

    I don't understand what you are trying to do.  
    The "sh hardware" (old command) or the "sh version" will tell you the IOS version of the switch.  The version is found in the first line output.  If you want to be pedantic, the same set of command(s) will show you the bootvariable statement as well as the location where the IOS file is located.  

  • Last version Cisco Catalyst 2960-24PC-L Switch (bugs study)

    Hi team,
          I need know, what´s  the last IOS version to Cisco Catalyst 2960-24PC-L Switch and understand the bug study about these versions?
    How make a bug study?
    If you have any information, please let me know.
    Regards,
    Yerko.

    Latest release as of January 14th is 15.0.2-SE5 (Release Nov 6, 2013)
    There aren't any public utilities in the Cisco website that provides you with a bug study.
    We have a bug tracker https://tools.cisco.com/bugsearch/?referring_site=popular but it will be extremely time consuming to identify each bugs and if you are affected.
    If you are a Cisco Advanced customer with optimization services in your contract, this deliverable can be done for you at no cost.

  • 802.1X Switch IOS version

                       Hi,
    I' have realy big layer two access network made of etherogenius Cisco switch with different IOS version and train.
    My customer bought ISE (ADVANCED AND BASE LICENSE).
    As far I read on DS it is seem that if you have Minimum IOS release 12.2(52) SE you are able to perform COA, reading  DS with more attention I notice that cisco raccomend IOS versione 12.2(55)SE3 why ? does it means COA does not work with 12.2(52)SE ?
    But more important :
    I need a minimum IOS release to perform 802.1x on my  wired network ?

    Carlo,
    Here is the guide that states 12.2(52)SE but the foot note states that for 802.1x authentication you need 12.2(55)SE.
    http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html#wp55038
    After checking the release notes this solution falls under the Cisco Trustsec which is supported on 12.2(55)SE, there are several features released in 12.2(55)SE such has vlan assignment in multi-auth mode that makes it much easier for Cisco help generate initial configs for their customers.
    Here are the release notes:
    http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/release/notes/OL23054.html#wp1047679
    Thanks,
    Tarik admani

  • Is it same IOS version for Switch & Router?

    Hi,
    Is it same IOS version for Switch & Router?
    Regards,
    Samuel

    Sam,
    The Latest Version depends upon the Switching platform.
    For example:
    On 2900XL Platform - 12.0(5)WC15
    On 2950 - 12.1(22)EA8
    On 3500XL Platform - 12.0(5)WC15
    On 3550 - 12.2(25)SEE2
    It would be better if you specify the switch platform that you have questions about, so we could point you in the right direction.
    I hope it helps.
    Regards,
    Arul

  • Catalyst 2960s Stacking with different IOS versions

                       Hello Forum Team;
    When adding a new switch with older ios version to an existing stack (flexstack) does the new switch will be able to join the stack?
    Thanks in advanced!

    Hi,
    In a stack/flexstack all the switches should have exact same IOS version, otherwise there will be a version mismatch on the stack and the new switch will not be able to join the stack.
    The following Document contains more info:
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/white_paper_c11-578928.html
    Thanks
    Ankur
    "Please rate the post if found useful"

  • Standard Catalyst switch vs. Enhanced routing version

    I have question regarding the Cisco catalyst switches with the enhanced routing option.
    As I understand it to do layer 3 routing between vlans on a standard catalyst switch IOS requires me to configure a port on the switch with 802.1Q, plug that port into a seprate router and configure the router's port (also configured with 802.1Q) as a 'router on a stick' for each vlan i need to route. Then any additional switches I want to add to the network I would simply trunk them back to the switch that has the router plugged in so i could have inter-vlan routing. Does this sound correct?
    Now if I used a switch with the enhanced layer-3 IOS (A WS-C3560G-24TS-E for example) would i be able to remove the extra router from the design? would the packet routing go at the speed of the back-pane of the enhanced switch, rather than the wire-speed of the connection to a external router? I would also be able to get a gigabit SFP for each of my additional switches (3500XL's) and plug them into a trunked port on the 3560 thus giving a full gigabit trunk to each access layer switch.
    Or would a router on a stick be a fine solution for inter-vlan routing? There will be a need for a integrated services router in the future to act as our CME for this site, so we will be purchasing a router anyways.

    Hi Friend,
    If you have layer 3 switch with standard image then also you will be able to configure intervlan routing on layer 3 switch.
    Enhance image on layer 3 switch will let you configure routing protocols like ospf, bgp and enhance qos features whih is not possible with standard images.
    But just for intervlan routing any layer 3 switch like 3550,3560 will let you achieve inter vlan routing without using external router.
    Have a look at this link for intervlan routing on layer 3 switch like 350/3560 switches
    http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml
    HTH, if yes please rate the post.
    Ankur

  • 802.1X with Guest vlan support IOS version ???

    I don't know, Whitch IOS version support 802.1X with Guest vlan to Catalyst 2950 and 3550 switch
    please reply to my question.

    Tkank for your help.
    Also, Cisco web is explained , except for Catalyst 2950 Standard Image (SI) in IOS 12.1(22)EA3
    but I can't understand, My site is using catalyst 2950 SI to 802.1X and guest vlan in IOS image 12.1(22)EA3
    ex) TW_14F_A_C2950_32.8#sh ver
    Cisco Internetwork Operating System Software
    IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA3, RELEASE SOFTWARE (fc1)
    Running Standard Image
    24 FastEthernet/IEEE 802.3 interface(s)
    Model number: WS-C2950-24
    please, reply for my question

  • Which IOS for Catalys 6500 switch?

    Hi,
    I have a Catalyst 6509 switch, which has "cat6000-supk8.8-2-1.bin" CatOS running. I would like to install an IOS in this switch. Can anyone let me know which IOS version is compatible with this switch? Below is the switch information. Thanks!
    Don
    Console> (enable) sho version
    WS-C6509 Software, Version NmpSW: 8.2(1)
    Copyright (c) 1995-2003 by Cisco Systems
    NMP S/W compiled on Dec  2 2003, 18:03:16
    System Bootstrap Version: 5.3(2)
    System Boot Image File is 'bootflash:cat6000-supk8.8-2-1.bin'
    System Configuration register is 0x2
    Hardware Version: 2.0  Model: WS-C6509  Serial #: SCA050300SJ
    PS1  Module: WS-CAC-1300W    Serial #: ACP05030847
    PS2  Module: WS-CAC-1300W    Serial #: SON04221203
    Mod Port Model               Serial #    Versions
    1   2    WS-X6K-SUP1A-2GE    SAL0826ASHR Hw : 7.5
                                             Fw : 5.3(2)
                                             Fw1: 5.4(2)
                                             Sw : 8.2(1)
                                             Sw1: 8.2(1)
             WS-X6K-SUP1A-2GE    SAL0826ASHR Hw : 7.5
                                             Sw :
    2   48   WS-X6348-RJ-45      SAD043105S1 Hw : 1.1
                                             Fw : 5.3(1)
                                             Sw : 8.2(1)
    3   48   WS-X6348-RJ-45      SAD04150GXL Hw : 1.4
                                             Fw : 5.4(2)
                                             Sw : 8.2(1)
    4   48   WS-X6348-RJ-45      SAD04290U51 Hw : 1.1
                                             Fw : 5.3(1)
                                             Sw : 8.2(1)
    5   48   WS-X6348-RJ-45      SAL044831AT Hw : 2.3
                                             Fw : 5.4(2)
                                             Sw : 8.2(1)
    6   48   WS-X6348-RJ-45      SAL04461QAJ Hw : 1.4
                                             Fw : 5.4(2)
                                             Sw : 8.2(1)
    7   48   WS-X6248-RJ-45      SAD04260HBN Hw : 1.2
                                             Fw : 5.1(1)CSX
                                             Sw : 8.2(1)
    8   48   WS-X6348-RJ-45      SAD04290TXY Hw : 1.1
                                             Fw : 5.3(1)
                                             Sw : 8.2(1)
    9   48   WS-X6348-RJ-45      SAL05031G0E Hw : 1.9
                                             Fw : 5.4(2)
                                             Sw : 8.2(1)
    15  1    WS-F6K-MSFC2        SAL0826AQDR Hw : 2.6
                                             Fw : 12.1(13)E14
                                             Sw : 12.1(13)E14

    Glad to help, Don! Just came across the following site that offered a working combo. Might need to doublecheck the code's compatibility with the two types of line cards you have though:
    http://inetpro.org/wiki/Simple_Hybrid_To_Native_6500_Conversion
    IOS for sup1a
    c6sup12-jk2s-mz.121-27b.E1.bin
    Boot image on the MSFC2
    c6msfc2-boot-mz.121-27b.E4.bin

  • The difference between VTP server and transparent mode on Catalyst Switch.

    Hello 
    I have a question about the difference between VTP server mode and VTP transparent mode on general catalyst switch.
    Basically VTP server mode can create and modify VLAN configuration but  actually there is not any VLAN configuration through running-config, is it true?  When I checked it on Cat3550, certainly there is not VLAN configuration on VTP server mode. But VTP transparent can create VLAN and configuration but does not synchronize with other switch VLAN status. I appreciate any related information and reason of the VTP server mode specification, thank you very much.
    [VTP Transparent mode]
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Transparent
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *omit
    vlan 99
     name TEST-VLAN
    [VTP Server mode]
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Server
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *no VLAN like above configuration on VTP transparent mode.
    Best Regards,
    Masanobu Hiyoshi

    Hi mhiyoshi,
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Transparent
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *omit
    vlan 99
     name TEST-VLAN
    The above out put indicates that Vlan is created and then mode changed to transparent. i.e why revision no is 0.
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Server
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *no VLAN like above configuration on VTP transparent mode.
    This indicates that vlan never created in server mode nor learnt from another switch as revision no is 0

  • Dacl on ACS 5.1 and Catalyst switch 3560

    Dear all
    I have ACS 5.1 and Catalyst switch 3560 with version 12.2(53)SE. I configure a dacl on the ACS and I use it on authorization profile.
    This authrization profile is used on access policy.
    I tried the authentication but it doesn't work. I checked the ACS logs and I found that the user is authenicated successfuly but the dacl gives this error (The Access-Request for the requested dACL is missing a cisco-av-pair attribute with the value aaa:event=acl-download. The request is rejected)
    Steps:
    11001  Received RADIUS Access-Request
    11017  RADIUS created a new session
    11025  The Access-Request for the requested dACL is missing a cisco-av-pair attribute with the value aaa:event=acl-download. The request is rejected
    11003  Returned RADIUS Access-Reject
    DACL:
    deny ip host 1.2.3.4 1.2.3.0 0.0.0.255 log
    permit ip any any log
    Thanks on advance,

    Dear Tiago
    I applied the command "radius-server vsa send". Now I can see the dacl is applied but I can't see it on the switch and even the authentication is succueeded ont the ACS logs but it give me unauthoized on the switchport. You can see the logs( started with the username acstest and the access-list is applied but it doesn't work and you can see theat it goes for mab after eap timed out). I hope you can help on this issue.
    Dec 13,10 10:29:00.513 AM
    00-23-AE-7A-58-A6
    00-23-AE-7A-58-A6
    Default Network Access
    Lookup
    Dot1x-3560-Switch
    1.2.3.4
    FastEthernet0/5
    TESTACS
    22056 Subject not found in the applicable identity store(s).
    Dec 13,10 10:28:29.186 AM
    #ACSACL#-IP-Guest-4cfcc14d
    Dot1x-3560-Switch
    1.2.3.4
    TESTACS
    Dec 13,10 10:28:28.726 AM
    acstest
    00-23-AE-7A-58-A6
    Default Network Access
    PEAP (EAP-MSCHAPv2)
    Dot1x-3560-Switch
    1.2.3.4
    FastEthernet0/5
    TESTACS
    Thanks,

  • IOS Versions and Specs

    Hi everyone,
    I am preparing for my CCNA, while I am working GNS3 or the real routers or switches some commands are not applied. I did some researches online and found it is the IOS versions that I am using. so can any one give me a brief description for the IOS versions and specs, and which lab routers and switches have full version in general. something else which routers and switches are best to build up a home lab to practice hands-on lab at home
    TNX

    Hi everyone,
    I  am preparing for my CCNA, while I am working GNS3 or the real routers  or switches some commands are not applied. I did some researches online  and found it is the IOS versions that I am using. so can any one give me  a brief description for the IOS versions and specs, and which lab  routers and switches have full version in general. something else which  routers and switches are best to build up a home lab to practice  hands-on lab at home
    TNX
    Hello,
    GNS3 simulator is good for practice and traoubleshooting the real time senario, try to use ios for 3800,3700 or 2600 series switch with NME module for switching practice but with limited functionlity.
    Hope it Helps
    Regards
    Ganeshh Iyer
    Rate if it Helps ...

  • Is there a minimum IOS version for windows radius 2012R2

    Hello,
    We use a windows server 2008R2 and NPS for radius authentication of our 887,881 and 891 routers, ASA V8.4, and 3750 switches.
    We are thinking about migrate our radius to windows 2012R2, wich is a new version of NPS.
    do you know if there is a minimum IOS version required for NPS on 2012R2 Windows ?
    Thanks

    Hi,
    Yes NPS will work with Window Server 2012R2 and for the minimum server certificate requirement
    check the below link.
    http://msdn.microsoft.com/en-us/library/cc731363.aspx

  • Can MPLS aware Netflow ver. 9 be enabled on the catalyst switches 6500

    HI, I'm working for KOREA TELECOM, and currently providing MPLS VPN.
    We're planning to provide our customer with traffic report using NetFlow..
    I read some documents which reads Netflow ver.9 can be enabled on Cisco GSR 12000 Series, but no mention about catalyst switches. So, I ' m curious about that Netflow ver 9 can be activated on catalyst 6500 series.. because the point where switch is located already have mpls encapsulated packet ( mpls vpn packet).
    Thank you , in advance.

    NetFlow is now integral to Cisco 6500. A configuration we recommend is as below:
    mls netflow     // This enables NetFlow on the Supervisor.
    mls nde sender version 7
    mls aging long 64  // This breaks up long-lived flows into (roughly) one-minute segments.
    mls aging normal 32  // This ensures that flows that have finished are exported in a timely manner.
    mls flow ip interface-full
    mls nde interface
    The  next two commands will help to enable NetFlow data export for  bridged  traffic which is optional. You can specify the list of VLANs  here to  enable bridged traffic.
    ip flow ingress layer2-switched vlan
    ip flow export layer2-switched vlan
    Apart from this, NetFlow has to be enabled on the MSFC using the below commands.
    ip flow egress       // This command has to be executed on all the L3/VLAN interfaces.
    ip flow-export destination {hostname|ip_address} 9996  // The hostname or IP address of the flow server
    ip flow-export source {interface} // The interface through which NetFlow packets are exported. eg: Loopback0
    ip flow-export version 9
    ip flow-cache timeout active 1
    snmp-server ifindex persist
    The new Cisco Flexible NetFlow actually allows for export of MPLS specific information (I believe it is stack lables) in addition to information on IP Address, port, etc. But you will need a tool that can support these additional fields. Otherwise you can view IP, port, protocol, etc related information from MPLS links.
    Regards,
    Don Thomas Jacob
    ManageEngine NetFlow Analyzer

Maybe you are looking for

  • Does anyone know how to keep all songs in the same album when they say featuring someone?

    Each time I load a CD onto Itunes that has an artist who features another artist on that particular song, it puts it in my library as a separate CD even though it will have the same album listed.  For instance Lady Gaga's song just dance features Col

  • In CORR where we can enter the rework quantity

    Hi , In CORR collective confirmation , where i can give the rework quantity , How the rework quantity maintain in the Corr transaction. Second question  :-   is there any reservation number for rework order ? Regards satish

  • Includes in function module

    hiya , do INCLUDES in the function module all shud be in the same function group?? what iam doing is ..copied the sap standard function module  but when iam executing it says <function module cannot be found  in the same group> is it something to do

  • Has anyone actually used tethering please?

    I have the unlimited data plan and the Sierra Wireless card ($60 a month unlimited) I could save $45 a month using tethering ($20 for the tethering, $25 2gig plan, but not unlimited anymore). Has anyone used tethering? Main thing I want to know - can

  • Why is Mail is spamming?

    I'm not sure when it all began, but I received something that has made my ip get blacklisted and all of my email from Mail to be sent to my client's SPAM folder. I'm assuming that this was some type of Trojan Horse. I'm not blaming Mac Mail for this