We have one Cisco 2960 Catalyst switch.Rule Title: The administrator will ensure passwords are not viewable when displaying the configuration. Right now my user passwords are visible in plaintext. I tried #username <admin> password 7 - but everything I try there is an error I also tried #username <admin> secret but it says I can't have both a secret and password for a single account.
View 1 RepliesI typed such commands:Code:
View 3 Replies View RelatedI've installed Cisco ACS 5.3. After I created several internal users (defined password and enabled password), Identiy Groups, Access Polices, Network Devices and AAA Clients (e.g. Cisco 1841) for Radius and configured my Router like this:
...
aaa authentication login VTY group radius local-case
aaa authentication enable default group radius enable
....
Now I'm able to login successful using my internal User. But if I try to use enable to enter the enable level I'll receive the message "% Error in authentication." when I use the defined enable password.
In the ACS logging I'll can see that "$enab15$" is missing. If I setup a user name "$enab15" I can login to enable level, but what have I to do, to use the custom enable passwords?
Step 1.2 - 1.5 is requiered for both (Radius and Tacacs). Then you have to switch to 2.1-2.7 for Radius or 3.1 - 3.7 for Tacacs authentication.
I'm just wondering, is it possible to find out or recover the passwords for users and pre-shared key for tunnel-group? The VPN connection was confiigured on ASA5505 before me, but no login details were left.
View 3 Replies View RelatedI'm troubleshooting an issue with a new site-to-site vpn setup between 1800 series routers. The tunnel is up but not encrypting traffic on one router, when IP CEF is disabled traffic is encrypted and decrypted!
View 1 Replies View RelatedI've been troubleshooting this issue and was hoping to get some more feed back and maybe point out an error if I'm not seeing it. I recently setup a remote access VPN on Cisco ASA 5505. Everything appeared to work at first and the IPsec client connect. However if you look at the packets being encrypted an decrypted on the Client side only the encrypted counter is incrementing and the decrypted stays at 0. The opposite is true on the ASA side the decrypted continures to increment and the encrypted stays at zero. My first thought was maybe a mis configured NAT 0 statement or not defining the correct Split tunnel ACL but I have verified that. The asa version 8.2(5), I'll also list a packet-tracer I did from an inside host to VPN IP. [code]
View 1 Replies View Relatedim trying to configure IpSEC over Gre tunnel, but the traffic pass unencrypted, i cant find why this is happening. Here are the confg of the two routers (1841)
OFICINA#sh run br
Building configuration...
Current configuration : 1281 bytes
!
version 12.4
service timestamps debug datetime msec
[Code].....
We have quite a few 3560 & 2960 on our edge network - what I have been looking at was to access switches via web-interface i.e. web-browser. Only problem with this is it always gives you access on privilige level 15 which is not ideal as not all who we decide to give access to these switches will be admin and allowed to configure these swicthes - In the 3560/2960 data-sheet states:
"Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on the switch console and two levels on the Web-based management interface provide the ability to give different levels of configuration capabilities to different administrators"
Where as there is no mention of how to configure these two levels of Web-based management in the configuration guide.
802.1x is working properly, 802.1x port is up,but;when I do a remote desktop to machine that is 802.1x authenticated by an user(Wired), first, login to pc successfuly then(3 minutes) is switch port down..
Debug radius authentication
Debug aaa authentication
Does not appear in the log only message port is down
Equipment;
Cisco 2960, Cisco ACS 4.2 ,MS Active Directory Authentication
Client:windows xp, windows 7
Cisco 2960 Port Config
switchport mode access
dot1x pae authenticator
dot1x port-control auto
spanning-tree portfast
spanning-tree guard loop
i have 2960 Catalyst with LANLITE. And i cannot set "transport input ssh", it allows only telnet. I'm wondering if cisco lanlite switches have ssh input in newer releases of IOS or there is no way to make ssh input on this switch?Here's show ver output (i removed all serial and part numbers):
S14#sh ver
Cisco IOS Software, C2960 Software (C2960-LANLITE-M), Version 12.2(37)EY, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 28-Jun-07 18:07 by antonino
Image text-base: 0x00003000, data-base: 0x00D00000
[code]....
i would like to know how to set the following on cisco ws-c2960-24 ttl:
1. SSH CLI
2.PORT SECURITY REMOVAL: Limits MAC@per port with no shutdown
3.Set port to protect
4.Set RSTP
5. Finally how do i set up TFTP Server from windows server 2008
I have a cisco catalyst 2060 poe switch, exitsting flas is flash:/c2960-lanbasek9-mz.122-50.SE5/c2960-lanbasek9-mz.122-50.SE5.bin
I downloaded latest flash (c2960-lanbasek9-mz.150-1.SE.bin) and updated the new flas through telnet while reunning tftp server. and tftp server is given the message sent 2960-lanbsek9-mz,SE.bin to (10.10.10.1), 11847957 bytes
after reload the system i login telnet and saw the verson still it is showing old verson, then how can i comform flash is up-dated or not...
DETAILS
my tftp server ip is: 10.10.10.10
switch ip is: 10.10.10.1
i have a switch 2960 24TC-L with c2960-lanbasek9-mz.150-1.SE.bin and SSH v1 enabled.When i try to enable SSH v2 the swith tell me that i have to create a crypto key rsa. I generated the crypto key rsa with 1024 bits and when i try to enable the SSH v2 i receive the same message.
View 10 Replies View Relatedhow to shutdown the cisco switch 2960.......
View 5 Replies View Relatedhow to set up SNMPv3 on a Cisco Catalyst 2960-S switch in order to manage it with Cisco Prime NCS?
View 1 Replies View RelatedI have a question you do do remote access ssh and telnet remotly to a 2960 switch?
View 6 Replies View RelatedI replaced an access switch 3750 with a switch 2960. Basically I just copy the whole config of the 3750 to 2960.
The 3750 use AAA, Crypto pki trustpoint TP-self-signed and radius-server host etc.
Now I can only telnet to 2960 but not SSH to it.
I'm trying to configure Catalyst 2960 series 8 port switch in my office. I have just plugged in switch and started and then put Ethernet cable (which is coming from the wall port (LAN) into CONSOLE (switch). and connected my laptop's ethernet cable to switch's 1x por
View 16 Replies View Relatedwe are using 2960 cisco switch asn we are trying to configure port security.we are able to configure MAC base port security, but unbale to configure IP base port security.can any one guide us can do IP base port security like MAC port security. if not which switch will support IP and Mac base port security.
View 6 Replies View RelatedI'm having trouble setting up SSH on my new Switch.
no aaa new-model
aaa authentication login default local
ip domain-name king.local
[Code].....
I would like to be able to use Vlan 10 192.168.155.1 for SSH remote management.
I have 1 internet router 2960 and 2 No's ASA firewalls,The issue is Suppose if ASA-1 fails the failover will happen on ASA-2 but The issue is i dont have a layer 2 Switch in between the ASA's and Internet router, i have to manually shift the cable from ASA-1 to ASA-2,what sort of configuration i can do on 2960 router interfaces to support failover from ASA-1 to ASA-2, I have enough interface on 2960 router to occupy ASA-2. These all 3 devices should be in 1 Subnet.
View 11 Replies View RelatedI have a statck of 4 2960s switches, with POE powered access points on 2 of them. All of the access points appear to be functioning normally. For some reason, on 3 interfaces connected to access points, I get the following when issuing show interfaces status:
Gi3/0/9 connected: T 7 a-full a-1000 10/100/1000BaseTX
^
My question is regarding the "T" in the status field. I can't find any documentation on this.
I have CISCO 2960 switch at my LAN. How to configure its IP address from console or hyper terminal ?
View 11 Replies View RelatedI am trying to configure a new 2960 POE switch, but seem to me the int fa0 is layer 3 interface. Is any way we can convert it to a switchport, so we can connect it to other switch in trunk mode?
View 1 Replies View Relatedi try to implement layer 2 qos in 2960. when i complete to configure the switch, i want to test the qos.PC1 conect to switch port 1,PC2 conect to switch port 2 . PC1 is source teminal. i use skydata.exe and FTP for the test.
when use the skydata ,the PC2 speed can reach 10mbps.when use the FTP , the PC2 only can reach 1.2mbps. why?
I can use Putty to SSH into my new switch (Directly connected to my laptop with ethernet cable), but I cant log into my switch.
Sent username "admin"
admin@192.168.251.1's password:
Access denied
It doesnt like my password, but I have only set 1 password (king) on this switch. I've configured 3 other switches with SSH and had no problem. Been trouble shooting for awhile and It'd be great if I could have a 2nd set of eyes take a peek, Also, my running config is attached.
I am setting up a new 2960-S switch and none of the recommended username and passwords combinations work. I have tried CIsco Cisco, <blank> cisco and various other permutations.
I have tried to reset the switch to factory defaults and it still doesn't work. The switch is currently connected to a 3560G and has been assigned an IP. If I try to access it from Network assistant it shows as unmanaged and I get prompted for a username and password.The switch is connected to another new 2960-S via a FlowStack module.
I have a 48 port 2960 switch with 2 10/100 ports ( fa0/46-47) setup in an etherchannel with a 2950 48 port switch. I am getting total output drops on port fa0/47. [code]
View 2 Replies View RelatedAbout 4 months ago or so I had what I though was a firewall problem, tuned out to be two bad switches or so I thought. I replaced the switches with 3 com switches and everything seemed fine. Until Monday, my network was down again I though because I had a patch cable plugged into the same switch because when I took that patch cable out of the picture and reboot the switches everything seemed good. Then Tuesday I installed a new Cisco 2960 to relieve some of the stress on a switch. Then I plugged in another 2960 and started checking out the network assistant and monitoring tools but every time I clicked refresh or just clicked on the newer of the two 2960s the network connection would bounce? Now today the switch that had been in production the 3com just started to bounce its connection on and off ? I had to plug everything into the new 2960 and unplug the 2nd 2960 to keep the network stable, well its only been about a half an hour.
Are the switch trying to sync speeds with each other?
i have one sonicwall NSA 240. it is directly connected to ISP and other interface connected with cisco Layer 2 switch. my que. is that. how to access that sitch remotely ??
sonicwall 1st interface connected with ISP (pubilc IP) and 2nd interface connected with cisco switch with private IP bocz there NAT configuration. i m able to access sonicwall and i m getting ping up to sonicwall bt i cann't able to ping cisco switch.. i think some i need a some missing in sonicwall configution like telnet or VPN
Im trying to Connect a 2960-S Catalyst Switch to a 3560 Catalyst Switch. It worth pointing out im newish to switching although i know some commands and what they do This is my first time connecting 2 switches together.They are connected via a crossover cable and have green lights flashing on the connected ports When i run "show CDP neighbours it sees the new switch Unable to ping new switch...just timesout Here is the the interface on the 3650
GigabitEthernet0/40 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 001b.532f.8428 (bia 001b.532f.8428)
Description: Uplink to Switch 2
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
[code]....
I have a PIX 535 connected through OFC to Cisco 2960 Switch.
PIX end - G0 (SC type Connector) - Switch End - Gi1/0/28 (LC type connector)
When I am pinging from either side, I am getting packet drops. CRC error is increasing at PIX interface.
Speed settings, tried with
auto - auto
auto - nonegotiate
nonegotiate - auto
nonegotiate - nonegotiate
But no improvements. When its connected with SC - SC connector, its working fine.
Switch also working fine when connected LC - LC.Switch OS is 15.x version.
Cisco PIX Security Appliance Software Version 7.0(4) <system>
Device Manager Version 5.0(4) Cisco PIX Security Appliance Software Version 7.0(4) <system>Device Manager Version 5.0(4)
I need to know the 172cisco 1 router support to IPv6 & it support to IPv6 then which IOS is required for it.Also I need to know the cisco 2960 switch is support to IPv6?
View 3 Replies View Related