I was testing on 802.1x function on Catalyst 2950. the funtion itself work fine with my radius. but after I have setup the aaa new-model, I have no access to my switch!everytime I telnet it prompt me username, but I didn't create any user!!
how to recover to the origianl status, just prompt to input password but not username needed, and with 802.1x enable ofcause. [code]
i am having 2950 switch. Now i login through telnet but as per the company standard i have to login through ssh. Is there any possible to enable the SSH in 2950. Any IOS supporting this operation.
flash:/c2950-i6q4l2-mz.121-19.EA1c.bin
I have several older 2950's running on my network. This one in particular became of interest to me because I couldn't set up SSH on it or enable any QoS features on it, so I did some research. What I found was there are basically 2 versions of the IOS, c2950-i6q4l2 or c2950-i6k2l2q4. I also read that the c2950-i6q4l2 IOS versions (like the one in the switch I am referring to) have both the SI and EI feature sets integrated, but the one that gets enabled is entirely dependent upon the switch model you are running it on. Did I understand this correctly? Does the IOS check the hardware on the switch and then decide with feature set to use? If so, what is prohibiting the EI feature set from being enabled on this switch? Is there a way to force the EI feature set to be enabled since it is integrated in this image?
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA12, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 07-Jul-08 23:39 by amvarma
Image text-base: 0x80010000, data-base: 0x80570000
[code]....
I am looking into the possibility of using private vlan's for some dmz implementations however I do have what may be some very rudimentary questions. It seems straightforward how to configure the primary/secondary vlan configuration as well as associating them. However in my case I would be looking to configure the PVLAN on a 6500-vss platform acting as the router while all of the hosts which I would desire to have in the isolated vlan would be spread out across a number of older Cisco switches which only support "protected port" setup or Procurve switches all of which I do not have budget to replace with something newer. So in my scenario I would have a 6500 connected by trunk to multiple switches which only support a protected port setup such as a Procurve (top of rack) or a Cisco 2950. As the Procurve or 2950 would not support Private VLAN setup, do I then just configure the secondary vlan to be allowed across the trunk from the 6500, configure that vlan on the Procurve or 2950 (as vtp will not foward the info for the secondary vlan) and assign that vlan to the host port as well as setting it as a protected port and this will communicate just fine across the trunk to the router as well as stopping the protected port in top of rack switch 1 from being able to communicate to a protected port in top of rack 2,3,etc? If the above scenario is what needs to be done, do I just use a regular trunk or do I have to use a PVLAN trunk?
View 2 Replies View RelatedWe currently have a client that uses the IPSec VPN Client to remote in to their PIX 501. When they connect, it secures communication and immediately connects/minimizes and the tunnel-group name/password is sufficient so no prompt for a username/password from a local/radius database.
When setting this up on a newly purchased ASA, a username/password is prompted every time they try to connect. Is there a way to eliminate this feature or a command in the tunnel-group or group policy so that a username/password is not required after the connection profile establishes the VPN? It is ASA 8.4.
I have a ASA 5520 which is intended to use as a VPN for clients using PDA, I think the PDA is a very old product that the VPN only support CHAP/ MS- CHAP, but seems it cannot connect the VPN, it will prompt "invalid username and password" (but in fact the username and password is valid when using PAP), below is the log i captured from the ASDM when the PDA is connecting the VPN. when i tried to connect it in windows PC, I also have the same issue if the VPN setting is using MS-CHAP, if I choose PAP, it can connect with no problem. But the PDA has no option of PAP. [code]
View 0 Replies View RelatedI forgot my username/password on my router but I cant reset because this is my family router
View 2 Replies View Relatedi have come across this solution to dual internet connections, c2950-i6k2l2q4-mz.121-22.EA14.bin is the IOS and the router is a 2950 Dual Wan model. I don't know alot about this stuff I'll admit, but it is on the default configuration with IP 192.168.27.7 255.255.255.0, gateway at 192.168.27.8. The hostname below is something I don't know exactly what it means but my guess is its the line at the command prompt with the name.
It has VLAN1 with fa0/1-24, gi0/1 - 2.
This is the script but I don't know why its not taking the commands as at ip sla monitor 1 I get invalid command error. What do the ! mean are they comments and not entered?
Suppose I have a 3 member stack of 3750x switches. Members a, b and c.I have all 3 members stacked with all 3 *data* stacking cables in a daisy-chain topology. The 50 cm data stacking cable from switch a (on the very top) to switch c (on the very bottom) just barely reached.Of course, that means the 30 cm *power* stacking cable didn't reach between a & c. Right now, the power stacking cable goes from a to b, and then another cable from b to c. Leaving me with a useless extra 30 cm power stacking cable.
My question is, can switch "a" receive power from switch "c" through switch "b"? Is this just a big electrical "bus"? What if the power supply in switch "b" is removed?Just wondering if there is a need for me to get a longer power stacking cable (one of the 150 cm power stacking cables).
I need to configure these qos settings in a C2960S. [code]How I calculate the buffer allocation needed? [code]
View 4 Replies View RelatedOur sister site had a new building and the network it was supposed to resemble the network on this site with link redundancy as far as the edge switches.After 6 months asking for the password to the equipment I finaly got it and started to plan the deployment of some phones, I got a little confused as to the layout of what had been done as CDP was not showing what I had expected.
I then used CNA to map out the site.We have 1 main server room (at the top of the picture with the two 4507 cores and a number of fixed config 1U switches)And 3 further wiring rooms at other points in the building with fixed config 1U switches.
(And a wan link to this site)In my opinion the design as it stands is significantly flawed in redundacny with multiple points of failure, and its efficiency is very poor.
Recieved this unit from an individual who has very little knowledge (like myself) with the 800 series.
I'm having issues just getting into this device, when I power it on and console into the unit i am presented with an "Access Verification" prompt that requires credentials that I do not have/know.
At some point (not sure how) I managed to get to a "yourname#" prompt at which point I configured using this document here and created a username and password and some other basic settings, I saved the config and did a reload and it takes me right back to that "Access Verification" prompt.
Sould I be using the CCPE to gain access to this device instead? Is there a way to recover that "Access Verification" username and pass? How did I ever get to that "yourname#" prompt?
One of my clients is using Cisco catalyst 2955 industrial switch.I am doing the configuration for them and come across one setting of FCS Error Hysterasis Threshold. I know FCS is Frame Check Sequence.
I do not understand is what is the meaning the setting of Hysteresis in term of percentage stand for what purpose?For example, the default is 10 percent. If I set the value to be lower 5% and what is the impact on that? Is this more stringent than default of 10% or less stringent than default of 10%?
i have a strange problem in my campus network.im trying to run port security on my access switches which they are 3550 with ios c3550-ipservicesk9-mz.122-52.SE when i run the port security with Sticky option, even i put 1000 mac address for just learning on the port but when i issue the switchport port-security command every pc connected to that port loses its connection with network UNTIL i enable dhcp snooping!!! all my client are getting they ip address from DHCP server but strange thing is that how on earth i have to enable DHCP snooping to port security work properly? also when i check the configuration under the interface when dhcp snooping is not yet enabled switch doesnt add any mac address under the interface so no one can work until i enable snooping and then switch adds mac addresses under the interface configuration.is this Bug on this version of IOS?[code]
View 4 Replies View RelatedI recently configured a cisco 3750 switch for a stand alone network here at work, and on all our other switches and routers we use ACS to access everything. This switch being a stand alone I dont have that option.
So being like that I have to create everyone in the shop a username and password. Is there a way to prompt the user to change their password on their first login like you would with windows or such?
I have found that the Catalyst 2955 series switches do not use an external MODE button for getting a switch into the switch: prompt, but they use a break sequence like routers do to get into Rommon state URL
So I was wondering if there is a similar mecanism that applies to other kind of Catalyst switches, like 2960, 3560 or 3750.
I have a problem for config switch sge2000. I can not console mode to get the prompt to type commands
View 1 Replies View RelatedI am configuring some quotes for a customer whom I will be building a wireless network for. The wireless network will support about 60 AP's, as well as some other wired drops. The customer is working with a wireless vendor for the AP's, but I will be able to sell the switches for the network.
I want to ensure that he is pushing Gig and POE on each copper port for the AP's, since they will be "N" capable. I have selected several 3560 models which are in 24 port models, and I also think i have a requirement which mandates a 48 port in another location. What I have not been able to find in the Enterprise switch line is an 8 port which supports IOS and POE.
That being said, and since I am also "Select" certified, I went out to the SMB site, and did find that there were two models in the Small Business 300 line (models SG300-10P and SG300-10MP) which seem to support Gig ports as well as POE. I looked over the specs for each one of the two respective models, and I was not able to find what the difference between each of these two are. In other words, the specs, line by line, were identical.
I have a 5010 that simply won't load any system image. Loads the kickstart image just fine, but once at the Switch(boot)# prompt just give me garbage when I enter "load bootflash:n5000-uk9.5.1.3.N2.1b.bin Restarting system.
Loader Version pr-1.3
loader> dirbootflash: lost+found n5000-uk9-kickstart.5.2.1.N1.1b.bin n5000-uk9.5.2.1.N1.1b.bin n5000-uk9-kickstart.5.1.3.N2.1b.bin n5000-uk9.5.1.3.N2.1b.bin
[Code]....
Currently we have cisco 4503 switch in one of our location without redundancy which servers below,
300 user (desktop & ip phones)
5 vlans
15 access switches are connected
one L3 connectivity.
Actually i want to understand is it really necessary to have 4503 or we can go for 4900 series as we are planning to have redundancy in distribution segment.
Which is the best L3 switch in the above scenario and how to measure the overall performance of the current 4503 switch...
I have a power conncet 6224 with routing enabled with several VLANs setup.VLAN Database: 6,8,10,90-254VLAN 6 is our management vlan10 is for our core network services (DNS, Domain, Exchange etc)90-254 are isolated vlans.What I need to accomplish is to prevent vlans 90-254 from communicating with each other and only allow communication to VLAN 10 and the internet. All internet firewall work will be handled by our Sonicwall. [code]
View 1 Replies View Relatedi'd like to know if there's a routed switch lower than 3750x? also 2960s? but have equal functionality like switchport mode access, trunking, spanning-tree, etherchannel, etc.
View 2 Replies View RelatedI am testing BPDU filter with 3560 model switch so I've looped 2 interfaces in that switch by configuring STP BPDU filter on interface levels and also connected one desktop in other interface on same vlan of looped interfaces with bpdufilter config. I am facing is both the looped interfaces are having heavy traffic due to this my switch CPU utilization also reached high. How to sort out this issue like why my switch interfaces traffic & CPU utilization went high even when I am using BPDU filter at interface level? As well as correct my BPDU configuration If I configured wrong. I thought it is a good practice and enabled this conf in some of my working environment but due to some loop my entire network went down?
View 6 Replies View RelatedWe have two catalyst 3560 switches running c3560-ipbasek9-mz.122-58.SE2.bin They are connected using etherchannel using gi 0/21 - 24 interfaces.
on 3560-1 switch, there isn't any ip-default gateway or ip route configured. It only have 1 interface vlan configured.
on 3560-2 switch, there is ip default gateway configured along with 1 interface vlan.
What i dont understand here is that, i can reach out to other subnets from 3560-1 switch in which the routing is not enabled?
I have aaa new model configured on a number of isr's(1800, 1900, 2900, 3800 etc). When i have aaa configured, the telnet logins use that authentication and not the password in the line vty portion. Is this by design. would disabling aaa enable both telnet and aaa authentications, essentially making it a dual login.
View 3 Replies View RelatedShould I install any special license to enable vrf within Nexus 7000 VDC? I observed that vrf routing instance is not enabled in the VDC.
View 2 Replies View RelatedWe have just received a new 3750X-12S-S to put onto our existing network but I am having a few issues getting this switch working correctly. For this post, the permenant license is not activating/applying, switch boot up gives the following errors:
*Mar 1 00:00:05.377: Read env variable - LICENSE_BOOT_LEVEL =
*Mar 1 00:00:05.972: %IOS_LICENSE_IMAGE_APPLICATION-3-FAILED: Image application receive image level as NULL.
[Code]....
From my understanding these switches come with the ipbase license as default, and the other switch I received (3750X-24P-S) has this license loaded with no issues.
I have Cisco ME3400 series switch .Unable to login as i have no user name and password. I want to set the swirch to factory default but not found any nub to press.
View 2 Replies View RelatedI am stuck at a very early stage in the configuration of 3560x switch. It seemed very unusual and that is the reason, I configured basic config for line con 0 with login local. And then I had just put "enable secret xxxxxx."
Now I simply logged out and when i tried logging in, it is asking for a username. Now the thing is that I had not programmed any username. I tried using just "." followed by my secret password, but it did not work.
Is there a way to get more messages out of a 2950 set to syslog? I've turned every logging option I can find to DEBUG, but all I get in my syslog are LinkUp/Down messages and "Configured from console by console". I'd love to see more information such as configuration changes, or even someone attempting to set up DTP on a switchport set to access mode.
View 2 Replies View RelatedOne of my wi-fi site having 2nos cisco 2950 switchs. in that network some D-link unmanageble swithes also there and access points also connected to cisco switchs and D-link switchs.after one or two days i am not able to connect the wi-fi, then i need to restart the access point then only wi-fi is working fine.I upgraded the latest ios also.I connected some access points to the cisco switch ports, those ports are showing crc error messages like below. [code]
View 18 Replies View RelatedI have a server windows 2008 that I would like to have a nic teaming configuration, the server has two nics, each nic is connected to a different switch. One is connected to cisco 2960 and the other is connected to cisco 2950. I have read here in forums about nic teaming but using the same switch. I have not found using different switch. Is this possible?
View 1 Replies View Related2950 switch has a IOS on flash , but i would like to set the swith like...
1. switch IOS to be loaded from TFTP server .if it fails
2. Loaded from local flash IOS1 , if it fails
3. IOS loaded from local flash IOS2.
does 2950 switch support this feature.