I'm on a Cisco 2955 switch and need to get ssh working which I have done on another 2955 (but don't have near me), what am I doing wrong?
2955-02-PJ-CamdT.LU#sh run Building configuration...
Current configuration : 4061 bytes!version 12.1no service padservice timestamps debug datetime msec [code]....
I'm trying to allow 2 users to access as 2955 switch.
-admin privilege 15
-eousers privilege 2
When they both log in they just get to the user exec mode, how can I get them to go to their respective modes? [code]
I have installed Cisco 2955 Switch which already have x.x.x.x EA12 IOS and I copied x.x.x.x.EA13 into the flash: with intention to have EA13 enabled for IOS. I set the Global config for boot system by 'boot system (no falsh)x.x.EA13;x.x.EA12' but then also no luck and was showing EA12 in 'sh ver'. I then deleted the EA12 IOS and set the 'boot system flash:x.x.EA13'. I also had varified IOS EA13 by 'verify flash:IOS Filename', it verified the IOS.
But when I reloaded my switch, I'm unable to login and its in 'switch:' prompt (ROMmon mode - I believe). I then tried for flash_init, load_helper, dir flash: (showing me EA13 there) and finally boot flash:IOS Image file but no good news here... Output like this
Error loading "flash:IOS Image File EA13" Interrupt within 5 seconds to abort boot process. Error loading "flash:c2950-i6q4l2-mz.121-12c.EA1.bin"Interrupt within 5 seconds to abort boot process.
My guessing is that the IOS is corrupted (but its not showing me Error loading Image blabla...) I'm trying with EA14 of 4MB and I have 3 MB free spare and decided to remove EA13 first then through XModem try to upload EA14.
Any useful way and recommend me deleting EA13 and upgrading EA14... Also option to set boot image with having two IOS at the same time for permanent use.
I have found that the Catalyst 2955 series switches do not use an external MODE button for getting a switch into the switch: prompt, but they use a break sequence like routers do to get into Rommon state URL
So I was wondering if there is a similar mecanism that applies to other kind of Catalyst switches, like 2960, 3560 or 3750.
I'm been telnetting onto a 2955 and then upgraded the IOS and enabled ssh version 2 and then issues a "write", when I came back the exec-timeout had been issued and I was logged out of the router and now it is asking for a username and password and not just a password liek it did before enabling ssh. I havent yet put a username and password on yet, just the telnet.What would the username be if I havent set one?
View 12 Replies View RelatedI'm about to configure radius on a 2960 and 2955 switch as I have been testing this on a 1841 router and to my dismay I can't see the options to configure radius, do these L2 switches not supoprt radius?
edit - apoligies I forgot the "aaa new-model" all ok now
Although when I added:
radius-server host 10.1.1.1 auth-port 1645 acct-port 1646 key 123456789
radius-server host 10.1.1.2 auth-port 1645 acct-port 1646 key 123456789
radius-server vsa send accountingradius-server vsa send authentication
I got this:
Warning: This CLI will be deprecated soon. Please move to radius server <name> CLI.
And what woudl the above look like if I configured it that way?
I can't seem to send config changes to our syslog server on a 2950, I'm fine with 2960's and 3750's. The Cisco 2955 is using the latest IOS c2955-i6k2l2q4-mz.121-22.EA14.bin.
Here is what I have added:
logging buffered 64000 debugging
logging console informational
logging monitor informational
[Code].....
The only sylog message I get is "Configured from console by username on vty0 (10.1.1.35)
I come across to use the Catalyst Switch 2955 and it has two Relay Connector with one Major (MAJ) and one Minor (MIN) as below picture.There is command line to trigger these two Relay Connectors. As below command to set the Relay Connector to minor for monitoring the power supply: alarm facility power-supply relay minor
1. My questions are when there is power-supply faulty, the Minor Relay Connctor (right picture) will be short-circuited, right?
2. If we connector the two ports (ports 4 & 5 at the left picture) with a normal cable to drive an Alram Bell (in short-circuiled or closed loop situation), do we need an external power supply to the Alram Bell? Or there will be power supply from Catalyst 2955 to the Alram Bell as well?
I am having an issue with this device after setting the ip address and rebooting. I have tried renaming the config.text file without success. I have also tried the steps mentioned here: [URL]
View 1 Replies View RelatedI need to only allow 5 Mac Addresses on a range of ports on a 2955 switch. If I do the following it only changes the first port in the range:
interface range fastEthernet 0/5 - 10
no spanning-tree portfastswitchport port-securityswitchport port-security maximum 5switchport port-security violation restrictswitchport port-security mac-address 00:1D:24:25:F7:AA
[Code].....
One of my clients is using Cisco catalyst 2955 industrial switch.I am doing the configuration for them and come across one setting of FCS Error Hysterasis Threshold. I know FCS is Frame Check Sequence.
I do not understand is what is the meaning the setting of Hysteresis in term of percentage stand for what purpose?For example, the default is 10 percent. If I set the value to be lower 5% and what is the impact on that? Is this more stringent than default of 10% or less stringent than default of 10%?
I have a Cisco SG 300-20 as the core switch, layer 3. It is 192.168.4.6 on VLAN1 and 192.168.5.1 for VLAN2 (VOIP). All the ports are set in trunk mode. DHCP relay is setup on this switch.
The phones connected into a layer 2, Catalyst 2960-S switch. All ports are set in trunk mode. Default gateway on it is set to 192.168.5.1.
DHCP for both VLANs is provided by a Windows Server 2008 R2 server (the relay IP 192.168.4.15).
There is also an ASA 5510 in the mix which is 192.168.4.1. It has a route added to it for the 192.168.5.0 network to go to the SG 300 (192.168.5.1).
Just the two switches can ping each other on the 192.168.5.x network when I "add vlan 2" to the trunk port that is connected between the SG 300 and the 2960. The phones don't get DHCP on the 2960 switch. And I cannot ping 192.168.5.x from the ASA or anything else on the 192.168.4.x network.
After a bit of reading on intra-vlan routing for the SG 300 switch, I am thinking the SG 300 has to be the "center" of things so I need to make it 192.168.4.1 to be the gateway for both VLANs and change the ASA to 192.168.4.2 for VLAN1, etc. And I really can't do asymmetric routing with this switch.
I am having a switch 3750G (WS-C3750G-24TS-S) running a software version (c3750-ipservicesk9-mz.122-55.SE6.bin) and using the PBR with IP SLA.While, i am applying it on interface, it says not supported....
route-map TO-CAS-E0 permit 10
match ip address 125
set ip next-hop verify-availability 10.116.199.200 10 track 100 (if i change this command to set ip next-hop 10.116.199.200, it works)
!
WAN-L3-3750SW01(config-route-map)#interface GigabitEthernet1/0/11
[code].....
VLAN MAC address filter does not seem to be working on my 4900 switch. However the same config works fine when tested on my 3750 & 3560 switches.
Since user from different VLANs requires to be blocked, Unicast MAC address filter will not be feasible solution. VACL did not work on my 4506 switch too. K
Below is the config done on 4900 switch
mac access-list extended ABCpermit host 0003.0de9.d5ea anyexit
!
vlan access-map drop-mac 10
[Code]......
I have configured cisco 6509 to do nating and its not working. Static nat is perfectly working fine below is the config.
View 6 Replies View RelatedI have a Catalyst 3750 switch configured in a network. I would like an additional 3750 switch as a "hot" standby. A 2nd 3750 switch was purchased, and the same configuration was entered in to the new switch, so I have 2 switches with the exact same configuration.
When I move the connections to the new switch, I have a few VLANs that do not come up. One VLAN does come up and work normally. The VLANs in question show down, protocol down, and a show ip route reveals routes to the networks on these VLANs are not there When I put everything back on the original switch, everything works normally.
Why would the new switch not work with the exact same configuration?
In change network topology, we are going to assign PC's Gateway as Switch (3750X) IP Address rather than server IP Address. Currently we have configured all Sytems's Gateway is Internet Server IP Address which we are going to replace with Switch IP as Gateway.Issue is while connecting specific application like team viewer in which application tried to send keepalive message to the live server and in case of switch/router IP as gateway. Connection doesn't established. However it is working fine when Internet Server IP treated as gateway.
View 1 Replies View RelatedI only want SSH to be allowed when accessing this switch, but telnet is still allowed, why? Whe authenticate via radius.version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname 3750!boot-start-markerboot-end-marker!logging buffered 64000logging console informationallogging monitor informationalenable secret 5 $1$1K$!username admin privilege 15 secret 5 $1$Bs$cLHusername users view priv3 secret 5 $1$Jfnviwp!!aaa new-model!!aaa authentication login default group radius localaaa authentication enable default lineaaa authorization consoleaaa authorization exec default group radius local !!!aaa session-id commonclock timezone GMT 0clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-12ssystem mtu routing 1500udld aggressiveno ip domain-lookupip domain-name CB!!login on-failure loglogin on-success log!!crypto pki trustpoint TP-self-signed-3817403392enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-3817403392revocation-check nonersakeypair TP-self-signed-3817403392!!crypto pki certificate chain TP-self-signed-3817403392certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33383137 34303333 3932301E 170D3132 30343133 31303539 33395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38313734 30333339 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C31D AE6DD8B5 56245317 AD96F4F4 727385D4 97A5B138 488A215E 4294FC40 1C5B2F26 2B75E1CF E562F240 118F2F50 0CFF2449 16EC66EA 2D489F5F F36BFD05 ACCC79CA DDDA984D 4CB7AB DD95A5E0 9274A225 3F5A3634 DEBF1A2A 416E2189 B35B4473 C7D5EE2C E3D41675 A86F31CD.
View 3 Replies View RelatedWe have a 3750X VTP Server and the rest of the switches are clients.
Due to cabling issues, we have a switch (Switch F) that we can't connect directly to the 3750X so we have it connected through another switch. Everything is set to VTP client with the correct domain and password but this not-directly-connected switch isn't receiving any VTP VLANs.
Anything I need to do on Switch D so that Switch F can receive the VTP updates?
I am trying to limit traffic inbound to 10Mbps on a gig interface 0/48 set to 100/full. So I downloaded some big files over this link and I'm able to see 30- 40Mbps or more. You can see from the show int - rate-limit command that parameters are never showing exceented so nothing has been dropped. [code]
View 3 Replies View Relatedi'm trying to enable command authorization for ssh as well as console access to a Nexus 7010 box (version 5.0). Following is the config:
aaa group server tacacs+ ACS5-1
server 10.12.19.11
server 10.12.19.12
source-interface loopback0
snmp-server enable traps aaa server-state-change
aaa authentication login default group ACS5-1 local
[code]....
As you can see, the default group configuration ACS5-1 for authenticatoin has applied to both defaults and console. But the command authorization does not appear to be applied to the console. As a result, when i login from the console and get authenticated, the command authorization does not trigger and i can run commands I'm not supposed to. In the configuration, I do not see "aaa authorization console" option unlike we have in IOS.
a switch port is shutdown, but when i use NO SHUTDOWN command it is working and shows administratively down. like this command does not affect on it. i should enable this port? what can i do btw, port is not in errdisable and portfast is enabled.
View 3 Replies View RelatedIn change network topology, we are going to assign PC's Gateway as Switch (3750X) IP Address rather than server IP Address. Currently we have configured all Sytems's Gateway is Internet Server IP Address which we are going to replace with Switch IP as Gateway. [code]
Issue is while connecting specific application like team viewer in which application tried to send keep alive message to the live server and in case of switch/router IP as gateway. Connection doesn't established. However it is working fine when Internet Server IP treated as gateway.
I just added a X6704 card to our 6513 switch, and it is not working correctly. We are running 12.2(33)SXI5. [code]
View 5 Replies View RelatedI had a strange issue with one of my customer..Cisco WS-C3750X-48P Access switch was not reachable and after reload it started working.I would like to know the root cause of the issue. There were no logs and no errors in interfaces.Even Cpu utilization was not high. We have enabled arp inspection and dhcp snooping in the switch..Hope this will not make any issue..Also we have dot1x enabled on port..
View 5 Replies View RelatedI have configured a SVI in my 4500 ( Sup 7-E 10GE,,,,,,and,,,,,cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin) switch and it is showing Down Down, because there were no active switch port in the vlan, I added one switch port to this vlan but this port also in the down state, so i added the SWITCH PORT AUTO STATE EXCLUDE command under this port, even after this also the SVI never came up, So i added one systen to the port so both the switch port and the SVI came up...So why SWITCH PORT AUTO STATE EXCLUDE command have no effect in this model of the switch..
View 4 Replies View RelatedWhere can I find a sample working configuration of (HP rebadged) 3120 Blade Switch?
I have the Cisco 6500 end configured as follows:
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,300,304,310,320,560-562,600,740,770,950
switchport mode trunk
load-interval 30
[code]....
I will be connecting 9/5 and 9/6 to Cisco 3120G (HP rebadged) Blade Switch in c-Class Enclosure tomorrow.It would be nice to have a rough sample configuration of the above 3120G switch.
I need 10gigbit uplink for this switch. What are the other devices that i need order along with this device.And what is the diff between X2-10GB-LR= and CVR-X2-SFP.if i take CVR-X2-SFP, in future how can i upgrade from one gig to 10 gig?for current use i need 10gig support required. so what are all the other devices that i need to order.Fiber multimode and distance 15Mt only.
View 2 Replies View Relatedi have an issue to connect a trunk between cisco switch and extreme switch i have many vlans that i want to cross via a link between cisco 3750 switch and a Extreme Alpine 3800 switch
View 12 Replies View Relatedwhat is the use of no switch port command in L3 switch?
View 7 Replies View RelatedI have two 3750-X configured to be a stack and I am planning to re-rack these somewhere else. What I would like to know is what are the effects of having the master switch itself lose power? Does it immediately just make the member take over master (there should be no election since there are only 2 switches??) and there would be no loss of connectivity?
View 1 Replies View RelatedI have a Catalyst 4006 switch in production and a spare switch of same model. I have to quickly copy the configuration from production switch to spare switch (both L2 and L3 configurations) How do I do that?
View 6 Replies View RelatedI am using a cisco 3750 in my network as a gateway, and above it I use a squid machine for caching my internet. My network is like this:
Basically I have two VLANs on my network which are VLAN10 and VLAN100, VLAN10 is the cooperate network of my office. VLAN100 is the management VLAN which i use for the switches. I keep the squid as well the client in VLAN10.
squid (192.168.1.50)---->cisco 3750(192.168.1.123)---->Distribution Switch(cisco 2960)---->client PC (192.168.1.5)
I have done nating on squid and internet is working pretty fine when I use the client gateway as the squid, but when I use the cisco 3750 as my gateway after adding route maps for forwarding the internet traffic coming to the cisco 3750 to squid it disconnects me from internet as well I cannot even reach the switches from the corporate network. These are the only Lines I used for the routing:
!
route-map proxy-redirect permit 10
match ip address 110
[Code]......