Cisco :: 2960 / SSH Login Local In Root?

Feb 10, 2013

I have a very problematic situation here.I have configure on a Cisco 2960 the vty line in a wrong manner and now I am stock.To configure those vty to enable ssh I have typed :
 
line vty 0 4
login local
password xxxx
line vty 5 15
login local
password xxxx
exit
 
Problem, I work remotely (I was on telnet while doing this). I have no username configure as I thought that root user would work.Now when I issue an ssh to my switch, I always failed authentication.how I could recover access to my switch without being physically there ? I have write the config in memory, otherwise it would have been too easy.

View 5 Replies


ADVERTISEMENT

Cisco Wireless :: 1400 - Equipment Cannot Bridge To Other Root Or Not-root Mode

May 3, 2013

We have a problem with a Cisco 1400 Bridge.   This equipment can not bridge to the other root or not root mode. I can see a message "Interface Dot11Radio0 Radio transmit power out of range" and the MAC Address of Dot11Radio0 appears with 0000.0000.0000.I set the local power to 18 but the MAC Address is still in 0000.0000.0000.

View 1 Replies View Related

Cisco Wireless :: 1300 Bridges Root And Non Root Can Associate / Ping Each Other

Oct 18, 2011

i got the problem with 1300 bridges,root bridge with omni antenna and non root with sector antenna , it can associate and can pin each other , but whenever i try to browse several web pages its get timed out and radio was down.

View 5 Replies View Related

Cisco :: Working Configuration Between Two BR1310s In Root And Non-Root Mode

Jul 18, 2011

Any working configuration between two BR1310's in Root/Non-root mode? The documentation is vary vague and i can't find anything more secure than WEP. Is it possible to use WPA with radius authentication?

View 1 Replies View Related

Cisco :: 2960 / Login To Switch Via Ssh?

Aug 25, 2011

i have 2960 Catalyst with LANLITE. And i cannot set "transport input ssh", it allows only telnet. I'm wondering if cisco lanlite switches have ssh input in newer releases of IOS or there is no way to make ssh input on this switch?Here's show ver output (i removed all serial and part numbers):
 
S14#sh ver
Cisco IOS Software, C2960 Software (C2960-LANLITE-M), Version 12.2(37)EY, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 28-Jun-07 18:07 by antonino
Image text-base: 0x00003000, data-base: 0x00D00000

[code]....

View 2 Replies View Related

Difference Between Local Login And RDP

Oct 11, 2011

I have a weird issue I have never seen before and am trying to get some answers. I setup a laptop for one of our employees who works out in the field. We typically login to the machine while on the network with a domain account. This is so the password gets cached and they can login to the machine once they receive it. I sent a laptop to this one guy (who is rather tech savvy-so I know it is not user error) and he could not login to the laptop using his network credentials. I was able to get him on his home network using his router, and I RDP'ed into the machine. When I was remotely connected, I was able to login to the PC with no problem. However, after I disconnected, he tried to login also and it kept telling him that the domain was not available? It wasn't even an "invalid password or login" error.I ended up creating another local account on the machine so he could work, but I am stumped as to why he could not login locally, but I could using RDP.

View 4 Replies View Related

Cisco Switching/Routing :: 2960 How To Login To Ssh

Jan 6, 2012

we have a cisco 2960 48 port tcl switch port and i've enable ssh on my switch and now :

1) how can i login to ssh ? how should create username for ssh ?
2) how can i disable telnet ?
3) how can i change main (master) password?

View 7 Replies View Related

Cisco :: Using Local User Database As Login To C6500 IOS 12.2

Sep 11, 2012

We are wanting to use local database users to authenticate our SSH connections to our 6500 cores.
 
We have added the usernames and password into the 6500 using
 
username anameduser password astrongpassword or username anameduser secret astrongpassword
 
We where expecting the commands to be the same as other iOS devices example C3750 we would add.
 
Line vty 0 4  login local
 
And this would allow us to use the local user database to authenticate our ssh sessions.
 
The login local commands are not availbe on the 6500s and we have not found any documentation on how to impliment a local database for this purpose except in a CatOS 6500.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 2960 - Unable To Login To Enable Mode

Dec 30, 2012

I configured the below config in Routers it is working good , but when i do the same in SWITCH-2960 , i am getting a problem not able to login to enable mode ... i am getting the basic login only ....
 
Error msg :   % Error in Authentication.
  
Need to be configured at TAFE Network Devices: Code...

View 4 Replies View Related

Cisco AAA/Identity/Nac :: Can't Establish Local Login / Authorization On 6500

Feb 26, 2013

I have a need to allow a small group of users temporary level-15 access to several 6500 switches (running 12.2-33 SXJ2 code), but do not want to provide them with the enable secret password which is used on the rest of the network (over 1200 devices).  I tried to eliminate AAA using the "no aaa new-model" command, but was told I could not remove aaa while there were active sessions, and "login local" no longer appeared as an option for vty lines.  So, I created a local user database called "support" which I used to replace the "group" entry in the authentication and authorization sections of our AAA config and for login on vty 0 4. [The username is given a privilege level of 15 along with an individual password for authentication.  (ex. user name jsmith privilege 15 password 0 xxxxx)] I modified our AAA configuration to support local login, but was unable to establish "enable mode" (i.e. # prompt) with any account.  I can login locally, but only to a normal "user mode" (i.e. > prompt).Here is the current, unmodified and sanitized config for our AAA and line vty 0 4 sections. [code]

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Can't Login From Public And Local IP Anymore

Dec 15, 2011

We've a Cisco ASA 5505 connected directly to Verizon FiOS Circuit (ONT) box using Ethernet cable. As per the existing documention that I have, the previous configured this as a dedicated router to establish a seperate VPN connection our software provider. They assigned both Public Static and Local Static IP address. When I try to ping the public IP address, it says request time out; so the public IP address is no longer working.
 
When I ping the local IP address of 192.168.100.11, it responds. The SolarWind tool also shows Always UP signal. How can I login into this router either from remotely or locally to check the configuration, backup and do the fimrware upgrade?
 
I also tried to connect my laptop directly to the ASA 5505 router LAN port. After 3 minutes, I'm able to connect to Internet without any issues. However I don't know the IP address to use to login.

View 3 Replies View Related

Cisco WAN :: Catalyst 3560 / 2960 Remote Login With Secure Protocol

Jun 7, 2011

lets you catalyst 3560 & 2960 remote login with a secure protocol

View 4 Replies View Related

Cisco :: 4500 - Default User Name For Console Line Login Local?

Aug 22, 2011

I have a console access to a Cisco 4500 series router over Cisco access server, which has following "line con 0" configuration:

View 8 Replies View Related

Cisco Switching/Routing :: 3750 - Unable To Login With Local Account

Jun 11, 2013

We created some local account for this switch but we unable to login when the TACACS Server down.

3750 Switch
aaa group server tacacs+ ACS
server x.x.x.x
server x.x.x.x
ip vrf forwarding Mgmt
ip tacacs source-interface GigabitEthernet0

[code]....

View 2 Replies View Related

Cisco Switching/Routing :: Unable To Login To 2960 Via Console Through Terminal Server

Oct 23, 2012

I have a set-up with multiple C2960 and C3750 switches. All these devices are being managed remotely. So basically I login to C2901, which is used as a Terminal Server,  and reverse SSH to the console of each device. That's - I have assigned an IP to each port of the terminal server so that I can SSH directly to the desired device through via the mapped IP.
 
Now, recently I had to restart couple of switches - one C2960 and C3750. I initiated the reboot via console connection remotely. I could see the device logs for some time and then the logs stopped and there was no reaction from the console irrespective of any command I tried to enter.
 
I tried resetting the line on the terminal server, but that didn't work.
 
Now when I try to SSH the IP mapped to console of that particular device - i dont get any login prompt and there is no effect on device after giving any command. Although i can see the logs on the console session - but cant do anything.
 
I have a second way of connecting the device via inband- management, and checked the device config found it correct. It is same as other devices which are working correctly.
 
Both C3750 and C2960 are behaving exactly same - can see logs on console but see effect of even pressing enter - not getting login prompt as well.

View 4 Replies View Related

Cisco Wireless :: Associate Non-root Bridge Model 1310 To Root Bridge Model 1400?

Apr 24, 2012

Can I associate the non-root bridge model 1310 to the root bridge model 1400? Is there any problems on the configuration I need to be aware of?

View 7 Replies View Related

Cisco Switching/Routing :: 2960 / Local Subnet MAC Lock-down?

Feb 14, 2012

we have some devices on the network which cannot be secured and we need to isolate from the rest of the subnet.Our switches are Cisco 2960.Is it possible to via an ACL local a specifric port down to only allow traffic from specific MAC addresses?  I've had a go at this myself but not been able to make any progress.  The traffic type is TCP/IP.

View 10 Replies View Related

Cisco WAN :: Split Local And International Bandwidth On 3825 With 2960 Switch?

Jul 7, 2011

On my country, international bandwidth still expensive. I want to split local and international bandwidth and limit inbound and outbound bandwidth for each ip like this:
 
IP 10.100.10.11 can use 100Mbps local bandwidth, 1Mbps international bandwidth
 
IP 10.100.10.12 can use 100Mbps local bandwidth, 2Mbps international bandwidth
 
I want to use
 
Router 3825Switch 2960  
NB: I have online one internet line.
 
Was the above equipment can perform functions that I want or need any additional equipment? And Should i use 2 line to achieve my goal?

View 1 Replies View Related

Cisco Switching/Routing :: 2960 - Local Multicast Range Is Not Passing Between Sites

Jan 29, 2012

[URL]
 
We found out that only local multicast ip address range is not passing between the sites, any other range is passing, local range is 239.0.0.0 and above.
 
We have two different datacenters, the internal switch is 2960S (Stacked) with 1-10 vlans and the external switch is 3560E, the external switch is adding another tag (qinq, dot1q), vlan 611, and send the packets to metro line to the other site.
 
on the other site we have the same configuration.
 
internal switch from site A is configured with igmp querier and the internal switch port on site B connected to the external switch is configured as mrotuer port.
 
multicast and igmp is passig between the sites, but the local multicast range is not passing, igmp filterring is configured on all port but no profile is defined and no ports are filterred, on the external switch igmp snooping is disabled.

View 4 Replies View Related

Protocols / Routing :: Successful Login Redirects Back To Login Page After Satellite Upgrade?

Feb 10, 2012

I have a website account with fatcow. I created the website with Dreamweaver software and uploaded it to fatcow via port 21.My internet connection was via xplornet and I had no access problems. I upgraded to xplornet's new g4 system and now I can no longer access my account online or upload to my website.We have two computers. The first is a desktop system that has the dreamweaver software. The second is a laptop which connects wirelessly. We share the signal through a dlink router. The modem is a viasat Surfbeam 2 residential satellite modem.1. When I attempt to login to the fatcow control panel, the tab shows successfully authenticated and then re-directs me back to the login page. This happens on both the laptop and the desktop.

I have tried bypassing the router and the problem still exists.I took the laptop to the computer center and I can login to the account no problem.I used a free proxy server page on the internet and can login from my home system on my desktop no problem.I have completely turned off virus scan and firewalls. It doesn't work. I have tried IE7, Chrome, Firefox and they all have the same problem. The laptop runs IE8 and has the same problem.I can ping the page successfully. I can traceroute the page successfully. I can't nslooup any site at all. I get the domain not existant message.My ip and dns settings are the automatically find option.I have renewed ips and dumped the dns cache.Using alternate dns addresses doesn't rectify the problem. When I attempt to upload via dreamweaver, I connect but within seconds I get a Dreamweaver message that says "Connection to remote host has been lost. Click refresh to continue" and the log reads "FTP Error. Dreamweaver could not connect to server." I haven't taken my desktop anywhere to try to see if it works on a different network. I'm in a remote location (hence the satellite internet)and it is an hours drive to the nearest private internet connection and a 2 hour drive to the nearest public connection.

View 19 Replies View Related

Linksys Wireless Router :: WRT120N - Can't Accept Login Credentials When Login From IE10 Browser

May 9, 2013

 We have a Linksys WRT120N wireless router set up at one of our small offices. I noticed recently when trying to log in to the router to make some admin configurations that it will not accept the login credentials when trying to log in from IE10 browser. Works fine from Chrome, IE9, ect. logging in to a linksys router with IE10?

View 3 Replies View Related

Cisco :: CCNP - STP Root Port Election Example?

Jun 23, 2012

I am currently working on an example for a CCNP Spanning Tree Protocol example.I have some lectures on video and getting confused with an example they have provided. It has me baffled as I have compared it against numerous other websites, trawled forums and tried to get other examples to compare it against.Anyway, I have posted screenshots of the topology. They are as follows:

1) topology showing links so can assign costs (100mbps = STP cost 19, 1000mbps = STP cost 4)

2) topology show priority and MAC addresses (priority left at default so root bridge elected by lowest MAC address)

3) topology showing elected root ports **which I do not agree with for switches E & F**

4) topology showing subsequent blocked ports **which I do not agree with for switches D & F, even if I accepted the previous given root port election*** I understand for same cost paths to root bridge that lowest bridge ID wins. So here are my queries:

1) switch E has 2 equal cost paths to root bridge (A):

-via: E > D > A (4 + 19)
-via: E > C > A (4 + 19)

so I think pick the next hop switch with lower bridge ID. Switch C right? In this example it says pick port going to switch D. I am confused! Why pick port going toward switch D?

2) switch F has 2 equal cost paths to root bridge (A):

-via: F > C > A (4 + 19)
-via: F > D > A (4 + 19)

so I think pick the next hop switch with lower bridge ID. Switch C right? In this example it says pick port going to switch D. I am confused! Why pick port going toward switch? tell if the example in the diagram (topology 3) is wrong? If it is correct explain why?Now on to issue number 2...If I accept the root port election given in the topology, I go through the process of assigning designated ports and blocked ports.I understand for each link there is at least 1 designated port. If it is a redundant link, one side will be designated, one side blocked. The designated port will be on the side of the lowest bridge ID (priority + MAC address). So here are my queries:

1) there is a redundant link between switch C and switch F

-one side must be designated

-one side must be blocked

-pick the side with lowest bridge ID (priority + MAC address) for designated port

-switch C has same priority as switch F, so based off MAC address, switch C wins i.e. designated port on switch C side, blocked port switch F side.

-In this example it says port from switch C is blocked and port from switch F designated. I am confused! Why pick port going from switch F as designated?

2) there is a redundant link between switch D and switch C

-one side must be designated

-one side must be blocked

-pick the side with lowest bridge ID (priority + MAC address) for designated port

-switch C has same priority as switch D, so based off MAC address, switch C wins i.e. designated port on switch C side, blocked port switch D side.

-In this example it says port from switch C is blocked and port from switch D designated. I am confused! Why pick port going from switch D as designated?

View 1 Replies View Related

Cisco Wireless :: ACS 5.2 / Setting Up APs In Root Repeater?

Sep 16, 2012

I am trying to configure repeater mode on an AP, but the authentication is not working.It seems the authentication is seen as EAP-TLS on the ACS 5.2, but im trying to do LEAP.
 
Relevant config root AP:
 
!
dot11 ssid Auto3
   authentication open eap eap_methods
   authentication network-eap eap_methods1
   guest-mode
   infrastructure-ssid

[code].....

View 8 Replies View Related

Cisco :: C1921 Router - How To Tell AP To Get New Root CA Certification

Oct 20, 2011

I'm currently trying to set up a new infrasturcture with PEAP.
 
So, i've got redundant CA routers (c1921), an ACS server and 1262 AP's. Everything is working fine and as i want it to.Certificates are autoenrolled and so on, but if the CA root certificate expires, how to tell the AP to get the new root CA cert.
 
The root-certs are made by auto-rollover, and rolled on the CA router, but I got no change to get this root-cert on the AP.Is there a way to get them in an automated way, like rollover or enrollment?

View 3 Replies View Related

Adding A Second DC To The Forest Root Domain?

Feb 27, 2013

I have installed Windows Server 2008R2 on a virtual machine and have setup AD and a domain name called nuggetlab.com and is the first DC. I've created another VM and again installed Windows Server2008r2 and want to add a second DC to the forest root domain. When i run dcpromo and at the option 'Choose deployment conifiguration' wizard i select Existig forest >Add a domain controller to an existing domain > Next, the next screen appears and i type in the domain as nuggetlab.com but when i enter the credentials under 'Alternatate credentials' and enter the admin username and password, i receive an error saying that it cannot be contacted. When i press the details button i can see the description[CODE]

View 5 Replies View Related

Easiest Way To Root My Toshiba Thrive?

Mar 22, 2012

how can I root my Toshiba thrive 31.5.003 without messing anything up cuz I'm tablet eleterate an its brand new

View 1 Replies View Related

AAA/Identity/Nac :: ACS 5.1 Join To Root / Subdomain

May 5, 2011

is it possible to join the ACS 5.1 to a rootdomain (AD) with a subdomain and to authenticate against the subdomain? Or do I need different ACS' for the root and the subdomain?

View 2 Replies View Related

Cisco :: STP Root Port Role Election Criteria

Oct 16, 2012

I've not found much detail regarding election of a root port other than "The root port is the switch port with the lowest path cost to the root bridge" they also expand on this a bit more for the case below, (italics)." When there are two switch ports that have the same path cost to the root bridge and both are the lowest path costs on the switch, the switch needs to determine which switch port is the root port. The switch uses the customizable port priority value, or the lowest port ID if both port priority values are the same".They explain that on S2, F0/1 is root port because it's lower than F0/2 but don't go beyond this.My understanding is that the following order is true with regards to priority of criteria (in this case), am I right?:

1. Lowest cumulative path cost back to the root bridge
2. In case of tie, the device with lowest Bridge ID
3. In case of tie, the port with the lowest received priority #
4. In case of tie, the port with the lowest local ID #

So, shouldn't this demonstration factor in the BIDs of S3 and S4 before the port priority and IDs of S2 ? For instance, if the BID of S3 was lower than that of S4, wouldn't F0/2 on S2 become the root port? I'm hoping I'm correct in this? Also I've not actually seen these four bullets in any of my official material for STP which I thought was a bit odd. I wondering if anyone else who has seen this before, considered the bridge ID aspect.

View 9 Replies View Related

Cisco :: Spanning Tree Root Mac Address References

Apr 19, 2012

I am trying to confirm which of my cisco switch is the spanning-tree root. I know which I prefer to hold the spanning-tree and I ran the command spanning-tree vlan 1 root on this switch,I would now like to check that this command has worked and so I ran the command 'show spanning-tree root active' and received the detail below.To make sense of this and determine which port the mac address references (From this I take it that 00b0.d0f5.cf31 is the root, how can I determine which port this is).

View 15 Replies View Related

Cisco Firewall :: ASA5550 Doesn't Seem To Address Root

Feb 22, 2012

I have been getting overrun errors on 3 different ASA 5550 HA pairs with traffic rates less than 100Mbps total.  I was told by one TAC guy to split the traffic between the two slots so that traffic comes in one and exits the other to maximize throughput because the 5550 was designed to work that way.  Another TAC guy told me to enable ethernet flow control to alleviate the overrun errors because the traffic was bursty, but this doesn't seem to address the root cause of the problem to either.  TCP traffic is bursty by nature and has it own flow control mechanism.  I can't seem to find any detailed info on why traffic needs to be split for 100Mbps when the marketting throughput number is 1.2G.  Is this a design flaw or limitation?  Is there a way to alleviate overrun errors?

View 25 Replies View Related

Cisco Wireless :: 3502P Running As Mesh Root AP?

Apr 14, 2013

if the Cisco 3502p AP can run as a root mesh access point ?

View 4 Replies View Related

Cisco Application :: Root Password For ANM 4.2 Virtual Appliance

Sep 18, 2011

The upgrade process for ANM virtual appliance 4.2 involves doing a backup and restore as root user. I have looked through the documentation and have even reinstalled the virtual appliance to see if the install script gives away the root password for the OS but without luck.

How to set/find the root password?

View 2 Replies View Related

Cisco LAN :: 6509 / 2950 - Root Port / Cost

Dec 31, 2011

On a production 6509, I am seeing this:
 
RTR-01#sh spanning-tree int gi2/3 rootVLAN0001         0VLAN0010         0VLAN0011         0VLAN0012         0VLAN0013         0VLAN0014         0VLAN0015 [ code]....

Now I thought the command  "sh spanning-tree int gi2/3 root" showed cost to the root bridge.  So with everything being zero, its implied this the root, which it is but not for vlan 111 and actually all 1XX Vlans have a different root.  Why does vlan111 show its root as out int gi 2/3 but the root cost shows zero?
 
Issue is we have a issue where a 2950 is acting as root bridge for our wireless vlans, wrong....it should be the 6509, but before I change it over, was wondering about the root port/cost question.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved