A Cisco 3560V2 was bought to complete a project at my company. I noticed the IPBase IOS Image was installed. I was unable to configure RADIUS. I upgraded the IOS to the Latest Release of the IPServices IOS Image. I still dont have the capabilities of configuring RADIUS.
View 4 Repliesgetting radius to work on a 2950G switch with an older IOS of 12.1(22)EA1. I have radius setup on a windows 2k8 box and all of my other switches 2960's and above have no issues. I am unable to input the nas-identifier of 32 into the config using - radius-server 32 attribute 32 include-in-access-req format %h as well as the aaa session-id common commands. Doing a debug radius says that the radius server is not defined.
View 5 Replies View RelatedI have a switch 3560v2 with an IOS 12.2(50) SE1.All the lights ON and console error message below:POST: inline power post failed for port 0 up to port 15.Then, the system hanged and all lights (indicator) ON.
View 5 Replies View RelatedI am trying to configure 802.1x RADIUS Authentication on cisco 2950-24TT-L Switch. I am using following set of command as given below
Switch# configure t
Switch(config)# aaa new-model
Switch(config)# aaa authentication dotx default group redius
Switch(config)# dot1x system-auth-control
Switch(config)# inter fasteth 0/1
Switch(config)#dot1x port-control atuo
I am facing problem dot1x command is not working on interface.
We are using mac authentication, it is working fine on all of the other 3560's except this new one.
Mac address shows up completely different (very long hex, doesnt even look like a mac address) on ACS compared to what its showing on the switch in the mac address table.
Im stumped, config matches every other 3560 in the building, has something changed in the v2 software compared to the older 3560's ?
I went to configure RADIUS on my 3750X with IOS 15, and lo and behold it is not where it used to be. Did it get moved somewhere else that I can't seem to find very easily?
View 2 Replies View RelatedI'm about to configure radius on a 2960 and 2955 switch as I have been testing this on a 1841 router and to my dismay I can't see the options to configure radius, do these L2 switches not supoprt radius?
edit - apoligies I forgot the "aaa new-model" all ok now
Although when I added:
radius-server host 10.1.1.1 auth-port 1645 acct-port 1646 key 123456789
radius-server host 10.1.1.2 auth-port 1645 acct-port 1646 key 123456789
radius-server vsa send accountingradius-server vsa send authentication
I got this:
Warning: This CLI will be deprecated soon. Please move to radius server <name> CLI.
And what woudl the above look like if I configured it that way?
I currenly have a cisco AP1142N configured to work with our radius server (It was already configured when I took over the network). I order two additional access points for building coverage on multiple floors. Currently, I uploaded the config of the orginal access point to the new device and I can access the device via web and the ssid is being broadcasted. I then added in the access point into IAS with the radius secret key to our Radius server. When I go to connec to the new access point w/ domain credentials I am not able to establish a connection. I am not very familiar with CISCO products. I followed a video to get the access point up and running w/ an IP from CLI so I could access the web interface and upload the edited config.txt file. Are there any issues with setting up multiple access points w/ a single windows radius (IAS) server?
View 7 Replies View RelatedI am facing issue with nexus 7010 login authentication by radius server. I have two nexus 7010, one of them is working perfectly. Other taking long time to authenticate. If i use local database to login it works perfectly. It works fine also if i login from console using radius for authentication.
View 1 Replies View RelatedI have Cisco 2960 switches deployed in my environment along with radius server authentication. Now i need to assign some roles to particular users (shutdown port, description) so what i need to do for this task so not all users have same privileges.
View 1 Replies View RelatedMy configuration:
radius-server host 10.138.44.57 auth-port 1645 acct-port 1646 key 7 ******
!
aaa new-model
!
aaa authentication dot1x default group radius local
[code]....
We faced with problem after upgrade ASR from 12(2) 33 XNE2. I know that this is an old XE release but our Radius deny authization from ASR with more new XE version. Here is our radius attribute configuretion:
!
radius-server attribute 44 include-in-access-req
radius-server attribute nas-port format d
radius-server host x.x.x.x auth-port 1812 acct-port 1813 non-standard
[Code]....
How can I add in my configuration that ASR send necesserry NAS-Port-Type - VPDN
I couldn't found out any info ((( for radius-server attribute 61 extended
I'm using a radius server to authenticate ssh when connecting to my company's switches (a 3560 + several 2960s).
Everywhere I've looked claims that using the line 'transport input ssh' in my switch config should disable telnet access and allow ssh only. But after changing 'transport input ssh telnet' to 'transport input ssh' I can still connect to all of the switches from telnet. I can't block telnet with ACLs either because my company uses a telnet based terminal client to do most of their work.
I don't have much experience with radius. How do I stop telnet connections when using radius to authenticate?
I´ve a little problem with the aaa authentication over RADIUS with a Cisco 3560G-48PS - IOS 12.2(58)SE2. When I try to log in to the Switch per Telnet, it didn`t works and my windows domain account is locked. Here the aaa config:
aaa new-model
aaa authentication login default local group radius
aaa authorization config-commands
[Code].....
I am using radius authentication on C4507R+E with supervisor card 6L-E and IOS 15.0.2(SG1). It works perfectly but all radius messages appear in the console. Radius is very verbose, I can't use console because of the significant number of messages and I am worried about switches performances. I add that all debug commands are disabled.
View 1 Replies View RelatedI have an issue with Cisco 3560V2-24-PS which it indicates not supported in DFM. I can see the device working properly when I do snmpwalk and snmv3 test and device credential test. In fact I can see chassis view of this device.
IP Address = 10.10.1.60
DNS Name = DISTRI_SW02
Device Status = Unknown
Device Type = N/A
Aliases = N/A
Containments = N/A
But in LMS 3.2 supported device it indicates as supported. Current version of the switch is 12.2(58)SE2 which is higher than the minimum requirement 12.2(50)SE1. I tried to downgrade/upgrade IOS and still no luck.
As per information in the creent DFM (see below), it is supposedly supported 59.1.3.6.1.4.1.9.1.1023Cisco Catalyst 3750V2-24PS SwitchDFMDeviceUpdates19.0 Below is the current version of the LMS modules;
Products Installed Showing 1-9 of 9 records Product Name Version With Patch Level Installed Date 1.Campus Manager5.2.110 Oct 2012, 13:11:57 GMT+08:002.CiscoView6.1.910 Oct 2012, 11:27:52 GMT+08:003.CiscoWorks Assistant1.2.010 Oct 2012, 11:27:52 GMT+08:004.CiscoWorks Common Services3.3.010 Oct 2012, 11:27:52 GMT+08:005.Device Fault Manager3.2.010 Oct 2012, 11:27:52 GMT+08:006.Integration Utility1.9.010 Oct 2012, 11:27:53 GMT+08:007.Internetwork Performance Monitor4.2.010 Oct 2012, 11:27:53 GMT+08:008.LMS Portal1.2.010 Oct 2012, 11:27:53 GMT+08:009.Resource Manager Essentials4.3.110 Oct 2012, 13:17:50 GMT+08:00
Also my current device update.Showing 1-9 of 9 records Product Name Device Type Count 1.Campus Manager02.CiscoWorks Common Services03.CiscoView7614.CiscoWorks Assistant05.Device Fault Manager9366.Internetwork Performance Monitor07.LMS Portal08.Integration Utility09.Resource Manager Essentials812 I already downloaded all the patches online and all device updates were also updated.
I came across an interesting issue and thought I would see if anyone else has encountered it before contacting TAC.I have two Cisco Catalyst WS-4510R-E switches with a single Supervisor V module in each chassis. Both Sup cards are now running 12.2(54) SG1; ipbasek9 firmware; yes, I plan to move both switches to 15 code but that's another story. Anyways, prior to the upgrade the one switch was running 12.2 (33) code; I suspect the code was never upgraded; running ipbase non - K9 code. The other switch was running 12.2(44) with K9 prior to upgrade to 12.2(54).
View 2 Replies View RelatedI have two Cisco Catalyst WS-4510R-E switches with a single Supervisor V module in each chassis. Both Sup cards are now running 12.2(54) SG1; ipbasek9 firmware; yes, I plan to move both switches to 15 code but that's another story. Anyways, prior to the upgrade the one switch was running 12.2 (33) code; I suspect the code was never upgraded; running ipbase non - K9 code. The other switch was running 12.2(44) with K9 prior to upgrade to 12.2(54). With the background set, one switch reports the following:SwitchA (config)#r?radius-server redundancy regexp represourc rmon route-map router.
View 4 Replies View RelatedI need 10gigbit uplink for this switch. What are the other devices that i need order along with this device.And what is the diff between X2-10GB-LR= and CVR-X2-SFP.if i take CVR-X2-SFP, in future how can i upgrade from one gig to 10 gig?for current use i need 10gig support required. so what are all the other devices that i need to order.Fiber multimode and distance 15Mt only.
View 2 Replies View Relatedi have an issue to connect a trunk between cisco switch and extreme switch i have many vlans that i want to cross via a link between cisco 3750 switch and a Extreme Alpine 3800 switch
View 12 Replies View Relatedwhat is the use of no switch port command in L3 switch?
View 7 Replies View RelatedI have two 3750-X configured to be a stack and I am planning to re-rack these somewhere else. What I would like to know is what are the effects of having the master switch itself lose power? Does it immediately just make the member take over master (there should be no election since there are only 2 switches??) and there would be no loss of connectivity?
View 1 Replies View RelatedI just procured Cisco 3560V2- 48PS-S i would like to know how to set it up from scratch:
1. configuring passwords: enable and privilege
2. Creat Vlan , such that systems connected to the Vlan can connect to internet.
3. enable routing protocols
4. How do i use the switch as a default gateway for the systems on the vlan
5. how do i make sure the desktops connected to the switch are browsing the internet.
l have some problems when l try to access to the switch by telnet or ssh, by the console port , the switch show me the next message:l need restart the switch in order to access it again.
View 5 Replies View RelatedI have a Catalyst 4006 switch in production and a spare switch of same model. I have to quickly copy the configuration from production switch to spare switch (both L2 and L3 configurations) How do I do that?
View 6 Replies View RelatedI am having issue consoling into Cisco 3560V2 using console cable attached to USB to serial adapter.using putty.when i try to login on the putty i only see black screen.
View 5 Replies View RelatedI can authenticate between our MDS 9216i switch and RSA radius server but my role does not come across. The logged in user is a network-operator not admin. In the AV Pair i have defined shell:role*network-admin but it doesnt seem to come across
View 4 Replies View RelatedI have a 3750 switch stack running version 12.2(53)SE2 IPBASEK9-M. I have dot1x configured on the switch and have a Windows 7 PC connected with 802.1x configured on the interface. I see the EAPoL start message from the PC, but I don't see any RADIUS packets from the switch to the RADIUS server. I have a simple dot1x config just to try to get it working prior to adding additional features such as guest-vlan...
Config and debug file attached.
I don't know if the ip dhcp snooping and arp inspection configuration is causing an issue with this or not. I see the EAPoL packet received on the switch as seen in the debug attachment, but I still never see the RADIUS packet. I did set both to trust on the interface but still the same outcome. I can't disable it since it is a production switch with a test interface.
'm able to setup my 3750e switch to login through a radius server with my company user id and password but would like to be able to set it up that when I log in it drops me on the enable prompt. Right now I have to type >en.Then the enable password.
View 1 Replies View RelatedI have a question about ACS RADIUS authentication with Alteon 3408 L4 Switch.
I configured a ACS 4.2.1(build 15 patch 4) software for windows on Windows Server 2008 Server STD.TACACS authentication with CISCO product was successfully passed.but RADIUS (IETF) authentication with NORTEL 3408 Switch was failed. ACS Authentication Failure Code was a " ACS password invalid "
I read the post that RADIUS VSA is needed in my environment.but i can not search any sample Nortel VSA dictionary configuration. Need Notel specific VSA configuration.
I am configuring TACACS Authentication on Cisco 3550 switch .It has Version 12.2(25)SEA IOS image. A strange thing is happening, whenver I am enabling AAA new-model on this switch, and then after enabling I see ruuning-config . It shows me this
tacacs-server host x.x.x.x
tacacs-server host x.x.x.x
no tacacs-server directed-request
tacacs-server key 7 xxxxxx
radius-server source-ports 1645-1646
* included here to hide the specific information I dint specified any RADIUS server , why it is showing me radius-server source-ports 1645-1646 after enabling AAA New-Model As soon as i give "no aaa new-model", this parameter also vanishes. I think this is the only reason I am not able to do tacacs authentication.
The last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net.
My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20
I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2)my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to go out to the internet. I think it has to do with the routes. [code]