2960G - ID And Endpoint From Cisco Switch
Aug 13, 2012
We have a switch in our IT office, Cisco 2960G. It plugs into the wall and goes to the server room and connects somewhere. This weekend we redid almost the whole server room and now this switch can connect to the rest of the network. The uplink has a link light but can get anything.
I have rebooted the switch, used scanning on our other switches to try and find the MAC of the switch but for the life of me I cant see it. Is there a command I can run from the command line of the switch to see where its pointing?
View 11 Replies
ADVERTISEMENT
Apr 4, 2012
I'm pondering this new client's topology. He has: (internet) >> router >> switch >> Windows server with a VPN enabled.
Right now I access his network remotely by just RDP directly into the server with a public IP address.Now doesn't this mean that I'm already sailing through his router and switch? Doesn't that mean that all (broadcast, routing, etc) communication hitting this IP is sucking CPU cycles and bandwidth on his router, switch, and server? Wouldn't it be best if he had his VPN endpoint set on his gateway?
View 1 Replies
View Related
Oct 23, 2011
I have used all the ports on my 24 port 2960G and need to extend it with another 2960G. These switches do not have trunk ports so what is the best way to stack them and have all 5 vlans on both switches.Can I just use a port Channel trunk etherchannel ?
View 7 Replies
View Related
Jan 26, 2013
I have routing enabled, can build a static route, and go back and see it (sh ip route), but I don't know how to get the route right. I have one host (Host A) on Vlan 20 w/192.168.20.2/24 dg 192.168.20.11 (the vlan ip) and (Host B) on Vlan 30 w/192.168.30.2/24 dg 192.168.30.11 (the vlan ip). I can't ping them from any host man. I can ping the Vlans but not the host.
View 19 Replies
View Related
Jun 26, 2012
I have a few 24-port Cisco 2960G Switches (model WS-C2960G-24TC-L) that I upgraded to IOS Release 15.0(1)SE2 using the web interface. I am now trying to upgrade those switches with the new release, 15.0(1)SE3, however I seem unable to do it, I have tried this on two switches so far, both have been upgraded to SE2 just a couple months ago or so, and both of them will not accept the SE3 upgrade, basically, I can select the tar file in the web browser and click "Upgrade" but when I do the status never changes from "Loading the tar file to the switch". I have tried multiple times from multiple computers using many different web browsers, including IE6 which is listed as supported. I have let it go for as long as 1.5 hours but to no avail.I also had a few idential switches here that had never been upgarded to SE2, I have had no problems loading SE3 onto them using the same method so it would seem that the tar file I have downloaded is valid.
View 5 Replies
View Related
Jun 4, 2012
In our premises i want to configure cisco 2960G 24 port switch using hyper terminal commands.
View 1 Replies
View Related
Jun 11, 2013
I recently changed jobs and at the new location we are primarily running Catalyst 2960G series switches with the exception of one 3750. All of the switches are setup in a cluster with the 3750 being the cluster master. My question is what is the benefit of switch clustering? The entire network seems to be a bit over engineered for the our needs and I am hoping to scale it back a bit. For example, the the network was setup with VOIP QoS when there were no plans to even use VOIP. Also what procedures would I want to follow to disable the cluster to avoid any major outages? Assuming there is no real need for a cluster.
View 1 Replies
View Related
Jun 7, 2012
I'm trying to decide what switch to use as a core for 500 users. I'm currently looking at either 2 x 3750X stacks or 2 x 4500s with dual SUPs and PSUs, both options will provide the number of switchports required without the need for additonal access layer swiches. Which switch option is best to go for here? All of our services will be located in our data centre which will be connected using 2 1000Mbps MPLS circuits. I wont need any advanced L3 features and we are not likley to scale over 450 users. Also is it ok to use the dual switch stacks or chassis to provide the collapsed core/access layer or is it best to have a dedicated core (using one of the above options with less switchports) and having a dedicated accesss layer using 2960Gs for example. Our structured cabling terminates in a single comms room so we wont need to distribute switches throughout the office.
View 3 Replies
View Related
Oct 23, 2012
i had made a software upgarde on the switch 2960G series have no any passwords, when I fished the upgrade process after rebooting the device i found it need a UserPw to access device manager. i tried to use the default PW "cisco" but it dosen't work too.. after that i tried the password recovery process to rest the PW, but noway, but now i have addition problem, when i try the cmd orders "flash_init , load_helper , dir flash" to beginning the password recovery process it shows the following:
The system has been interrupted prior to initializing theflash filesystem. The following commands will initializethe flash filesystem, and finish loading the operatingsystem software:
flash_init boot
switch: flash_initInitializing Flash...flashfs[0]: 554 files, 19 directoriesflashfs[0]: 0 orphaned files, 0 orphaned directoriesflashfs[0]: Total bytes: 32514048flashfs[0]: Bytes used: 15540224flashfs[0]: Bytes available: 16973824flashfs[0]: flashfs fsck took 10 seconds....done Initializing Flash.
switch: load_helperUnknown cmd: load_helper
switch: load_helperUnknown cmd: load_helper
switch: load_helperUnknown cmd: load_helper
[code]....
After that the problem updated
because I tried to install the IOS by Xmodem to reload the missing flash file.After finsh the TAR file loading and reboot the switch.......the LEDs of mode and Giga ports are lighted amber and not blinking, i tried many times to follow the steps to connect the switch by the emulator and consol cable by holding mode button and connecting the power cable at same time the device does not work, the switch now still not blinking, now i try to read and understand how can i remove the corrupted files and install a new IOS for this switch?What shall i do.
View 1 Replies
View Related
Jun 20, 2012
I have a Cisco 2960G switch and one of the ports was configured with srr-queue bandwidth limit 90 - I need to remove this bandwidth limiting from this interface. [code]
View 2 Replies
View Related
Dec 5, 2011
I have a requirement to monitor downstream data feed from a remote site and feed it to multiple destination devices for recording. The source data will be fed into a port on a Cisco 2960G switch then, using the monitor function, be forwarded to multiple interfaces. This works fine for normal Etherent II traffic. We tried a test using a device that generates IEEE 802.3 Raw packets ('type' field is used as a 'length' field) but found that while the traffic appeared to be accepted by the input port with no errors it was not forwarded to the destination ports, even when using the monitor function. I did try the 'encapsulation replicate' feature with no luck. It does not forward these packets even if I set all the ports into a common VLAN and let the switch just perform a normal switch function (non monitor).
if it is possible to get the IEEE 802.3 raw packets to pass through the switch and if it is, how to or what I need to do to make it work?
View 13 Replies
View Related
May 21, 2012
I have established dual-rlans on different segments.I have a 2960g switch. I created vl2 (management) and vl3 (data).I connected rlan1 (port4) to vl2 and rlan2 (port3) to vl3.My laptop receives a dhcp address on vl3 and the switch (in dhcp mode) receives it's proper address on vl2.Unfortunately a MAC is assigned to each vl and to the management interface. Thats 3 out of the 2 sets of 4.
So a managed switch is NOT the desired device to have on the back side of an OEAP600.In any case doing a show mac address-table revealed that all the vl2 MAC addresses were duplicated on vl3.To the tune of 216 addresses. 108 in each vlan. Which is a close match to the current host counts for each segment 98 + 18.Obviously this application is not what was envisioned by the OEAP team during work-up.The goal of 4 host devices on the rlan is proving difficult to achieve.The client wants 2 pc's and 2 digi-port servers.
View 1 Replies
View Related
Jul 4, 2012
I am unable to access a series of switches connected together through a management vlan. I receive the message "The server xx.xx.xx.xx at level_15_access requires a username and password." Entering the username and password fails and the same username and password message returns. I am able to ssh into the switch with the username and password that fails trying to access the switch with the browser.
How can I check the username and password for access with the browser?
I am trying to monitor switch performance. Is there a good way to monitor switch performance with the command line interface?
View 2 Replies
View Related
Feb 11, 2013
I just got a Cisco 2960G 24-port gigabit switch so that our HP servers can have a Gigabit connection to the network. I moved 2 servers to it (HP Proliant DL380's) but they don't actually seem to be able to achieve even close to 1000Gbps. I ran same some LAN bandwidth tests and it was showing only around 200-300 Mbps between all of them. I also ran a network stress test utility, LAN Tornado, and it was showing packet loss as high as 60% when on gigabit, and only .07% when on 100Mbps.
-Both the NIC's and the switch ports are set to 1000/Full
-Currently using Cat5e cabling no more than 25Ft in length (I know Cat6 would be better but Cat5e is supposed to support Gigabit)
-All servers are on the same VLAN
Here are the port statistics when running just a stress test @ 10Mbps that had a 45% packet loss. What's odd though is when I set the servers and switches to 100Mbps, I get less than 1% packet loss.
GigabitEthernet1/0/16 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 203a.07ff.7e90 (bia 203a.07ff.7e90)
MTU 9000 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
[Code].....
View 2 Replies
View Related
Dec 26, 2011
I have a new customer that I installed an ASA 5505 to replace a Linksys VPN router. They have a main office with a static IP address, 3 branch offices with static IP addresses and 2 branches that are doing DHCP from the ISP for their router address. I have no problem getting the static VPNs up and running. My problem is with the VPN connections that are doing DHCP. I can go in and determine what IP they are currently using and setup a connection and it works fine. The problem is of course when their IP address from the ISP changes, which seems to happen at least daily. What is the proper way to setup a connection that is using DHCP? Also, can you setup multiple connections this way? Currently the 2 locations have different passwords setup in their routers.
View 1 Replies
View Related
Nov 2, 2012
In my organization we have 2 sites. These 2 sites have ASA 5520s, and the l2l between each ASA. The interface that is forming the VPN tunnel is on the ASA, NATed on the router. These ASAs sit behind the router, which are then connected to the ISPs. Recently, we had to change the ISP that we were creating the tunnel on, from Comcast to Sprint on our remote site. I re NATed the interface, and the l2l tunnel came back up after editing the tunnel-group, crypto maps, and reapplying the crypto map to the interface. However, our remote access VPN no longer works on the ASA that we changed the IP on. The other side was never changed, and still works fine. When I tried using debug cry isa and debug cry ip sec on the firewall, nothing shows when we attempt to connect. We are using IPsec over TCP. On the ASDM log, it says: Deny TCP (no connection) from xx.xx.xx.xx/49907 to xx.xx.xx.xx/10000 flags RST on interface WAN.
The VPN worked fine before, could it be an ACL thing? All we changed was the IP so that's what I'm inclined to believe, but on the router none of the interfaces have an ACL that's applied to them. It can't be on the ASA, because I believe we have the option to ignore the ACL enabled, but I might be incorrect about this. I'm new at ASA/VPNs in general.
I would upload the configs, but is there a pertinent output that would work, or just a general sh run?
View 3 Replies
View Related
Aug 2, 2011
trying to TS a VPN device that is behind an ASA basic set up is IOS VPN<firewall/nat<internet>ASA/nat>IOS VPN
I do not have a lot of insight into the other side of the connection, although the tech on the other side claims all is good. so to the point.
Is the asa capable of allowing this tunnel to work? The configs and debug follow.
1.1.1.1 = my public ip
2.2.2.2 = peer public ip
The asa -
[Code]......
View 2 Replies
View Related
Mar 18, 2011
Our ISP gave us a /30 for our external connection (with one IP being their side, and the other our firewall's outside int) and they then route a /28 down to us to give us 14 public IP addresses. Usually we use static NATs to give internal servers a public IP, and it works fine.
However, now I need to setup another VPN device with a public IP from our /28 pool. How the heck do I nat that? Should I give it's external int a private IP, and then NAT it at the first firewall? The 2nd firewall will be a VPN end point, and I'm afraid the NAT will break that.
View 9 Replies
View Related
Oct 31, 2011
Cisco 2651xm router
IOS: c2600-ipvoicek9-mz.124-15.T7.bin
Can a 2651XM router be configured as a PPTP VPN endpoint (client)? I ask because I want to connect this router to a professional vpn (privacy) service such as proxpn or mullvad or similar. If it can't, any vpn privacy services that cater for cisco-based vpn connection?
View 0 Replies
View Related
Apr 16, 2013
We have about 160 users setup using the Anyconnect client connecting to a ASA 5510. We are using split tunneling and also using the Websense endpoint client. Every now and again after installing the endpoint client we are unable to connect the AnyConnect. It asks for credentials waits for a while and then fails with the error "AnyConnect was not able to establish a connection to the specified secure gateway.Please try again later."
If we uninstall the endpoint client it works again and normally after reinstall it fails again ( I know). Eventually it just works and then its fine.
We have logged a call with websense and sent packet traces of working and none working . Then only thing they came back with is if we filtered the non working trace with port 80 you could see a few RST,ACK coming from the ASA to the client so they blamed the Cisco components.
View 1 Replies
View Related
Nov 16, 2011
I have a Snapgear 560U VPN Gateway at the main office with VPN connections to several branch offices also using Snapgear 560U. Those are no longer manufactured though, so I bought a Cisco WRVS4400N for our new office. The main office has a fixed IP but the branch office ha a dynamic one. On the Snapgear's it is very clear where I need to enter the Mandatory endpoint name on the dynamic side of the tunnel, but I can't find anything on this on the Cisco WRVS4400N. So where do I enter this information so that I can make a VPN connection between the Snapgear & Cisco boxes?
View 1 Replies
View Related
Apr 2, 2012
With firmware 1.2.0.9 - can the RV110W be used as a VPN endpoint? The VPN capabilities have been expanded in this version - but from the docs this isn't quite clear to me.
View 3 Replies
View Related
Feb 12, 2011
My network is set up in the following way..
DSL-320B | Linksys E3000 192.168.0.0/24 Subnet A Static Route 192.168.1.0 255.255.255.0 192.168.0.100 | Wan Port 192.168.0.100 DIR-655 | DIR-655 192.168.1.0/24 Subnet B
I am unable to browse by IP any machines on Subnet B from Subnet A and suspect this is due to the NAT and the Endpoint filtering within the DIR-655.
View 2 Replies
View Related
Nov 10, 2012
I purchased the RV180 to replace a dead Linksys BEFVP41 to connect a home office to HQ. The Linksys was configured with three IPSEC tunnels to connect to three different subnets all through the main HQ gateway. Note that each tunnel is independent with its own pre-shared key. I can configure the same tunnels on the RV180, and each one works correctly, but I can only get one to run at a time. I have to disable the other two. Enabling a second tunnel results in the No phase2 handle found error. I could not use the Basic VPN setup as it complains that the remote endpoint is already in use. I had to use the Advanced VPN Setup to create the IKE and IPSEC policies. In a different discussion [URL]
View 3 Replies
View Related
Mar 29, 2012
I have an ipsec tunnel IP is changing from mythical 200.200.200.182 to 200.200.200.254. Is it possible to change the .182 ip in below config via the CLI to .254 and have the site-to-site vpn continue to work? [code]
View 1 Replies
View Related
Apr 30, 2012
I try to connect a Router as an Endpoint (Because I just want to use a SERVICE from it).Well, the issue is this: I have a SW L3 that have too much VLANS, It is routing traffic and it provides internet connection. VLAN 182 has been created at this point and in this SW L3 has configured an interface vlan 182 with an IP 10.0.82.1/28.
To this Switch L3 is connected another switch L2 with an interface vlan 182 with an IP 10.0.82.2/28. Finally I have the last switch with the same features of configuration just that this has an IP 10.0.82.3/28. In this last switch is connected the router in the Gi1/0/24 as Switch port access, this port belongs to VLAN 182. At the router, the port is gi0/0 and it has an IP 10.0.82.4/28 and is UP.
The Switch where the router is connected is reachable from this router but not by the other switches. Router can reach all the network but not in the reverse way.Router has configured an ip default gateway 10.0.82.1.
View 2 Replies
View Related
May 17, 2012
we have installed nac for our customer and it works fine ,but the customer want the change the version of kaspersky antivirus from 6 to 8 end point security ,when we have try this the nac agent does not find the antivrus on the the workstation . i want to know if this version of kasoersky (end point security ) is supported by nac ,if no is ther a solution to make it works with the NAC .
View 3 Replies
View Related
Aug 30, 2011
I want to use the endpoint assessment / prelogin policies to apply only for anyconnect. Are there any ways to configure this?
I do not want the Secure Desktop to popup during webvpn.
View 0 Replies
View Related
Jul 23, 2012
I'm Connecting an endpoint to the switchport, the End client is a printer (Samsung ML-2850)Weird thing is after connect, the end point success got IP from DHCP server, but somehow cannot ping to it. For switching there's no concern, even I try with ohter PC connect to this switchport and it's PIGN'able. Only problem this printer cannot reach.
I able to see the MAC address entry of the printer at my ASA firewall, rule wise at this moment i just enable the rule as permit any any, no restriction at all.
View 1 Replies
View Related
Jul 10, 2011
I would like to know how to configure my DIR-600s firewall UDP Endpoint Filtering. I ve read some guides and I ve got to configure this to Endpoint Independent in order to play League of Legends. The problem is that I can see the option Firewall & DMZ but then I don't see the UDP or TCP Endpoint Filtering options.
View 1 Replies
View Related
May 13, 2012
In an enviroment with WCS and a WLC5508 with 40 AP's (WAPs are either 1262's and 1252's), I have noticed that the bulk of users are infact operating on 802.11g although most operating notebooks are running 802.11n capable NICs (including my own laptops NIC - but yet when I connect I connect at 54Mbps.). Only a small portion of registered clients are using 802.11n. All my WAPs have both radios enabled?My question is how does a client notebook select a "prefered" band of 802.11n. I know in some cases the wireless NICs themselves have an option to select the "Prefered Band", but there are many notebooks out there that dont have this option. What would make a client connect at 802.11n over 802.11g? Who makes that call ?
View 4 Replies
View Related
Apr 4, 2013
Environment :AP 2602, WLC 5508 V7.4, ISE 1.1.2, Prime Infras 1.2
For a specific SSID, we use MAC address as 1 of the conditions to authorize access only for the company-owned mobiles (smartphones and tablets), the other condition being, for the mobile, to present a valid AD user/password;this way, the so-called BYODs are rejected since this is the rule within this company ;The difficulty with this approach is the fact that there is no way in ISE Identities Endpoints nor Groups to associate a user-friendly name to the MAC address of the mobiles, which makes very tedious some actions such as a search in the ISE authentication Log based on the MAC address value itself;the question is just to know if it is planned to add a new field in Identities Endpoints definition that would allow to associate a user-friendly name to a MAC address, for future ISE versions,
View 1 Replies
View Related
Mar 12, 2013
While user's connecting through AnyConnect, AnyConnect doesn`t check endpoint attributes. I've configured checking process of "notepad.exe", but it doesn`t work. There is no checking process of "notepad.exe" in output debug dab trace (see attach).
ASA 5520 ver 8.4(1)
AnyConnect 3.1.02040
HostScan 3.1.02043
CSD 3.6.6234
View 16 Replies
View Related
