I have faced a problem regarding AAA line:
aaa authorization exec default group tacacs+ local
if i add this line in my cisco 4948 switch running on 122-46.SG.. The next time i telnet to the switch i get an automatic restart of the switch and all configs are lost.
IOS used:
cat4500-ipbase-mz.122-46.SG.bin
WS-C4948-10GE
I am trying to enable IP SLA on a Cisco 4948 switch (running 'cat4500-ipbasek9-mz.122-46.SG.bin') to test CiscoWorks IPM using this swtich as a source device. But I can't run the command "ip sla monitor" on this switch. It just has "ip sla responder". Is it possible to configura IP SLA on this source switch? Or can I do it only on routers?
View 6 Replies View Relatedi have a requirement to enable pbr in vrf interface of a 4948 switch. but as i browse the internet, it is quite impossible to do that. is there any alternative way / feature to get the same result as pbr does? which is to reroute the specific vrf traffic to another interface based on source and destination ip address?
View 1 Replies View Relatedhow to configure QoS on Cisco 4948. I have three VLans in my network. First is video traffic second is the voice traffic and third is the data traffic . I need to set the priority in QoS in the following way
i.e. Video traffic - 1st pref
Voice traffic - 2nd pref
Data traffic - 3rd pref
how to configure for this requirement.
i have several Cisco 4948 in my network infrastucture, the issue that i´m having with them is when i try to view the ssh log appears something like this.. Aug 11 15:43:13 GT: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 192.168.2.5 (tty = 1) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
The ip address is correct but the username is in blank i checked on other equipments (2960 access switches and 7200 series router) and they show the username field correctly...
The IOS version im using is (cat4500-ENTSERVICESK9-M), Version 12.2(50)SG1, RELEASE SOFTWARE (fc2)
The ssh configuration is as follows..
ip ssh time-out 60
ip ssh source-interface Loopback1
ip ssh logging events
[Code]....
I just picked up some second hand 4948 switches and wanted to install the embeded managment software. I can't find it anywhere in the downloads section?
is there a better FREE solution for managing these? I tried config profesional, but it only shows the routing config. There seems to be so many options.
our 6509 is configured as NTP master. Our 4948 is configured as NTP client.on each of these switches we have configured a management VRF.The problem is that 4948 can not synchronize its clock with NTP master. Both switches are directly connected.show cdp neighbor on 4948 switch:
6K5 Fas 1 138 R S I WS-C6509- Gig 2/2/43
interface config on 6509:
interface GigabitEthernet2/2/43
description *** Mgmt Switch Externe 1 ***
switchport
switchport access vlan 1900
switchport mode access
wrr-queue cos-map 1 1 1
[code]....
debugs on 6509 do not show any packets received or sent to 4948.
I cannot boot IOS, when i reload this switch it go to ROMMON. I try to uploand IOS but it still has problem. i think i may wrong some point during i did uploand.
This is problem
Switch#sh bootvar
BOOT variable = cat4500-entservicesk9-mz.150-2.SG3.bin,1;bootflash:cat4500-entservicesk9-mz.150-2.SG3.bin,1;bootflash:cat4500-entservicesk9-
[Code].....
I'm trying to apply the following policy route in my switch 4948, but it suddenly crash. Is anything wrong in my commands? The switch is rebooting with an error:
System returned to ROM by abort at PC 0x0
My commands are:
access-lists 7 permit 10.140.22.0 0.0.0.255
access-list 177 permit ip 10.140.22.0 0.0.0.255 100.220.24.0 0.0.0.255
access-list 177 permit ip 10.140.22.0 0.0.0.255 100.216.36.0 0.0.0.255
access-list 177 permit ip 10.140.22.0 0.0.0.255 100.216.38.0 0.0.0.255
[Code]......
My cisco 4948 switch is generating the below error,how do i troubleshoot this error.
*Mar 13 00:09:33.451: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 14 times)Packet received with invalid source MAC addre ss (00:00:00:00:00:00) on port Gi1/37 in vlan 1Gi1/37- to this port another 2950 switch is connected by trunk link.and to this switch end host is connected i.e.thin client
I am unable to input the command "ip flow-cache timeout active 1" to my cisco 2960 and 4948 switches. But i am able to do so in my cisco 6500 series switch. Hence how do i enable netflow on both 2960 and 4948 devices?My 2960 and 4948 are L3 switches. What commands or additional hardware module are required.
View 4 Replies View RelatedI understand that most of the cisco switches does not have a battery-supported system clock. The better solution is to setup the NTP server and let the rest of the switches to synchnorise the clock with it. How about cisco switch 4948? Does it have a battery-supported system clock?If the cisco switch 4948 is the NTP master, how I am going to make sure that the clock will not be reset after reload?
View 3 Replies View RelatedCreate a port channel out of interface 3 and 4 of ASAConfigure 2 sub-interfaces in those Po interface (my inside vlan and the dmz)At the 4948, configure a trunked port channel out of a single interface (funny ), then do the same in the second 4948Connect ASA port 3 to the 1st 4948's single-interfaced port channel, ASA port 4 connects the same on the 2nd 4948.
View 4 Replies View RelatedMAC Support: 16000
Backplane: 18Gbps
Forward: 28Gbps
VLAN's: 4000 (q-in-q support)
Jumbo Frame Supported
Supported 8000 static routing
!Supporting Stack!
Cisco 4948 supporting stackable? which product do you recommend to these criteria?
I have a named aggregate policer configured on a 4948 switch running IOS 12.2(53)SG2 but can't seem to be able to monitor it using SNMP as I can't locate the OIDs (using OIDView) - I'm okay with CB and PB QoS.
View 1 Replies View RelatedI am replacing a 7204 router with a 4948 and am having trouble trying to replicate the config for the qnq Layer3 interface.A bit of background - I am a service provider where I have an interconnect with the carrier, who pass off WAN links to me as a standard VLAN Ids. Some of these VLANs however I can do QnQ.
This works fine - but I can get the second-dot1q 50 command working properly
I am updating the iOS for a 4948 the bootflash is empty so all i can get into is the rommon. There is no option for x-modem. How can I put the iOS onto this device? [code]
View 2 Replies View RelatedWe had to transport one of our 4948 10 GE to another Data Centre and when we got it there and tried to power up its System Status LED was red and we cannot even get console to the device.
We can try to see if the switch is completely dead and needs replacing or is there something we can do to get it back up and running again?
So I've got an odd issue here, have an older 4948 that I'm trying to setup on our management vlan so i can manage it from another host connect to the switch. I can't figure out why its not working. Below is the config
vlan is 64 and all the trunk and access ports that are on vlan 64 are working just fine. Just can't hit the switch from a machine on the 64 vlan.
!
interface Vlan1
no ip address
[Code].....
We purchased two new 4948 with two 10GE uplink ports and upgraded the devices to run IOS 15. My 6506 is running Sup 720 with s77233-adventerprisek0_wan-mz.122-33.SXI9. Currently we have 4948's connected to the same 6506's with no problems. Today I tried to add the new switches with new IOS and it caused of of my 6506 core switches to failover. I can't explain why because it was close to start of business and couldn't do much troubleshooting.
Currently we have four 4948 (running IOS 12.2(14) switches running Layer2 connecting dually to each of the two 6506 cores via 10GE fiber uplinks. I tried to add two more to the scenario, again running layer2 and dual-honing them to each of te 6506 switches. there are two 6506 core switches and they run HSRP and spanning tree is manually set to give priority to even vlans on one 6506 and odds on the other 6506. Also the new switches I tried to add did had rootguard applied as well as the uplinks.
We have to get this working and have no test environment to work with. We need to do this late this evening after close of business.
On another note, I have had problems upgrading some of my older 4948's to IOS 15. I followed Cisco's suggestion and upgraded the EPROM first and then the IOS upgrade took on three of the switches that were ordered rather recently. The four that were ordered in one batch will not take the upgrade even following Cisco's instruction and lots of other tricks. Nothing works. Having problems with IOS 15, in general?
I am planning to upgrade Cisco 4948 IOS upgrade. We have few with older code( 12.2(25)EWA7), when issue sh version shows as Catalyst 4000 L3 Switch Software. while newer version of the switch show as Catalyst 4500 L3 switch.
1 Is this/(sh ver output) just because of the Older code ?
My 2 question is according to release note : [URL]
You need to upgrade your ROMMON before the IOS . 2 What is the approximate time it take to do this ROMMON upgrade ?
I have 4948E module switch at customer site and below is the show version output. Image on the switch is not supporting 'AUTO QoS' as i need to enable Auto Qos on it to prioritize Voice traffic. Which image supports Auto QoS feature . Image should have L3 functionality also i mean it should support Routing protocols. I tried to enable auto QoS using by configuring "QoS' globally but no luck...with existing image.
{ URL}
ROM: 12.2(44r)SG9
Hobgoblin Revision 20, Fortooine Revision 1.22
Switch up time is 12 hours, 1 minute
System returned to ROM by reload
[ code]...
Configuration register is 0x2012
Switch#sh boot flash:
-#- --length-- -----date/time------ path
1 25793234 May 31 2011 15:20:20 cat4500e-entservicesk9-mz.122-54.SG.bin
2 25005209 Mar 08 2013 09:53:18 cat4500e-entservices-mz.122-54.SG1.bin
70033408 bytes available (58249216 bytes used)
In our company we are using Ciscoworks LMS3.0.( DFM 3.0.1, RME 4.1.1.) In DFM, every day at 8:00 PM we receive alarm authorization failure on Core switch ( source is cisco works server IP).
View 6 Replies View RelatedAny good and simple resource to learn Authorization in CLI. I read small docs but, I did not grasp it at all.
View 1 Replies View RelatedI'm connecting the two devices above and I need an LC to SC fiber cable. It should be pretty simple but I've seen two different types of LC/SC cables - one is 8.3/125 and one is 62.5/125. I believe the 62.5 is an older cable type but when looking at the detail sheets for each of the SFPs I see that both of these support a 62.5 or 50 micron core size.
View 2 Replies View RelatedI've got very basic problem but I cannot find the solution... I am sitting on the Cisco 4948E switch. And, I wanted to allow to guys who have not enable password to issue command sh running-config.I used the the following command to do that:SW4948E(config)#privilege exec level 1 show running-config.
View 3 Replies View RelatedCurrently, I have a Cisco 4948 in office that connects to a remote site via BGP. From what I am seeing, when connecting a new device to this switchport (we connect devices to this switch for a multicast VLAN that is set up), the BGP link fails after roughly 20-30 seconds. The switchport is not tagged with a VLAN, or any other config. Just a plain old port. This outage continues until the port is added to the mutlicast VLAN.
View 1 Replies View RelatedI would just like to confirm if it is possible to create a 2x10G etherchannel on a 4948.
View 4 Replies View RelatedWe want to implement multicast on our network. We are going to use for online teaching purpose. I am very new at Multicast and not have much idea about it. We are not running any routing protocol in our network, only static route. The multicast server is located at One of our office and it is connected with L2 (Cisco 2960) switch, L2 switch is connected to L3 switch(Cisco 4948). L3(Cisco 4948) and Core Switch(Cisco 6509) with FWSM are connected with E-3 link with tunnel. Router 1 and Router 2 are connected with P2P ILL links which are terminated at serial interface. The Multicast Server IP is 192.168.2.131/25. The scenario of our network are mentioned below:
Multicast Server--->(L2 Switch)--->(L3 Switch)--->(Core Switch)--->(FWSM)--->(Router 1)---->(Router 2)--->(L2 Switch)--->(Multicast Client)
We have created a seprate vlan (i.e. vlan 102, interface IP is 192.168.2.129/25) for multicast at L3 switch, enable multicast routing, defined rp-address(i.e. 192.168.2.129/25), enable sparse-dense mode at multicast vlan as well as at some other vlan also for testing purpose and joined multicast group (i.e. Multicast IP is 224.3.3.5). At core switch we have also enabled multicast routing, defined rp-address (i.e. 19.268.2.129/25), enable sparse-dense mode at user vlan and inside vlan of FWSM and joined multicast group at user vlan and inside vlan. At FWSM we have enabled multicast routing, defined rp-address(192.168.2.129), doesn’t find any option to enable sparse-dense mode and joined Multicast group at inside vlan and router 1 vlan. At Router 1, we have configured the same thing. We have configured mroute at all the devices. We are able to ping from end to end. We are testing multicast by Multicast IP checker tool (provided by vendor). Multicast is working fine at L2 switch, L3 switch and Core Switch, but not from Router 1. Ping is reachable from Router 1. After doing mtrace at Router 1, the following output has come:
Router 1 (Mtrace with destination address 192.168.2.131)
mtrace 172.21.15.2 192.168.2.131 224.3.3.5
Type escape sequence to abort.
Mtrace from 172.21.254.50 to 192.168.2.131 via group 224.3.3.5
From source (?) to destination (?)
[Code] .....
If , we do mtrace from gateway IP address(i.e. 192.168.2.129) as destination address then mtrace is getting completed, but if mtrace is done from Mutlicast server IP address(192.168.2.131) as destination address, then mtrace is not getting completed.
We have connected one laptop at Router 1 vlan to test Multicast. The host, which is connected to Router 1 vlan is able to send multicast packet to other host and other host at different vlan are receiving it , but it’s unable to receive multicast packet send by other host of different vlan.
Do I need to enable igmp snooping at L2 switch, L3 switch and Core Switch ? I am not able to understand or can't figure out where i have configured wrong.
upgrade IOS in cisco 4948 switch, I do not have admin right and network access
View 22 Replies View RelatedFor the command "monitor session 1 source" in Cat4900 (e.g. 4948), how many source interfaces can be supported per monitor session?
View 1 Replies View RelatedI am trying to setup the management vrf on the 4948 10GE so that my TACACS requests will use that vrf for out-of-band purposes. The vrf is working properly because I can ping the TACACS server using the vrf but the logins do not work. I see this error in the tacacs debug:
TPLUS(00000016)/0: Connect Error No route to host
Looking at the release notes, it states that my version (12.2.54 SG1) does support vrf aware tacacs but the documentation seems to be a bit off because i do not get a server private command option as stated in the configuration doc after configuring a tacacs server group:
[URL]
Here is my config:
ip vrf mgmtVrf
rd X:X
!
interface FastEthernet1
ip vrf forwarding mgmtVrf
ip address x.x.x.x
[code]....
I'm trying to set a VPN connection to a router using group authorization with the ACS 5.2 but cannot make it work. I configured everything based on the procedure used for ACS 4.2. I created a user that corresponds to the group name, used the password cisco and used all the requiered Cisco AV pairs in an authorization profile. (Based on document: [URL]
While testing with ACS 4.2 this works fine, I can see that the ACS returns the group attibutes correctly (here is a debug output)
Apr 9 16:16:59.256: RADIUS: Received from id 1645/22 192.168.1.212:1645, Access-Accept, len 203Apr 9 16:16:59.256: RADIUS: authenticator 02 07 F5 E6 46 78 73 CA - 46 6D 47 90 FE 92 38 9AApr 9 16:16:59.256: RADIUS: Vendor, Cisco [26] 30 Apr 9
[Code].....
