Cisco Switching/Routing :: C3560 / Can't Disable Telnet For Vty Lines
Oct 24, 2012
#sh run | inc user
!
username USER0 secret 5 $1$passwordusername USER1 privilege 15 secret 5 $1$passwordusername USER2 privilege 15 secret 5 $1$password
!
#sh run | inc aaa
!
aaa new-modelaaa authentication login local_authen localaaa authentication login radius_authen group radius localaaa authorization consoleaaa authorization exec local_author localaaa authorization exec radius_author group radius localaaa session-id common
!
#sh run | begin line vty
!
line vty 0 4access-class 3 inexec-timeout 15 0authorization exec radius_authorlogging synchronouslogin authentication radius_authentransport input sshline vty 5 15!sh verCisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
the intent of the above is that management connections will only be accepted via SSH, and all of those will be authenticated via RADIUS, unless it's down, then it will use the local username/pw combinations, most of which are given Privledge level 15. Telnet should never work.SSH works as expected (authenticates via RADIUS), but the problem is that Telnet also works, will ONLY use the local database (never RADIUS), and, for some reason, leaves the users at Privledge level 1, instead of the configured 15.Essentially, it seems that at every point I have told it to do something that isn't the default with regards to telnet, it ignores me.Prior to a recent IOS upgrade, the switch didn't support SSH, so the previous config was Telnet with RADIUS, and that worked fine.
View 10 Replies
ADVERTISEMENT
Oct 11, 2012
We have a Cisco switch in each office and every now and then the port that has the D-Link Wireless AP (DAP-1522) connected to it goes to err-disable state. Actually sometimes even a regular port that has a cisco phone connected may also go to err-disable state (less often). So I have to telnet into the switch and issue shut and no shut command on that interface to get it back to life, then it works for a few days or weeks until it happens again. Any suitable configuraiton for that interface, that would prevent that from happening or a workaround ?
Here's the info:
Model: cisco WS-C3560-24PS and cisco WS-C3560-48PS
Image:c3560-ipbase-mz.122-35.SE5.bin
This is the log from one switch:
31w5d: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
31w5d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 74e2.f592.f7f2 on port FastEthernet0/2.
31w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
And from another, which is almost the same:
5d10h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/3, putting Fa0/3 in err-disable state
5d10h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8a2.5e31.2cf6 on port FastEthernet0/3.
5d10h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
5d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
Here's the configuration of fe interfaces (they are all alike):
interface FastEthernet0/2
description Voice & Data Combo Port
switchport access vlan 11
switchport mode access
switchport voice vlan 15
[code]....
View 3 Replies
View Related
May 27, 2013
I am trying to Disable Telnet and enable SSH in CatOS for 6500 .
View 12 Replies
View Related
Oct 8, 2012
I have got my ccna voice lab configured and is up and running, my switch is configured with 2 differents Vlans (Data & Voice) and the fa 0/1 is configured as trunk port connecting to the CME router. I can telnet or ssh to all the devices on the network but only the switch in not accepting the request the only message I am getting is "request timeout".
View 12 Replies
View Related
Oct 24, 2012
I have a 3560-8PC in which the mgt vlan randomly (twice in one day or 2 weeks later) goes into the down state and will return w/o any interventaion 15-20 minutes later. Int G0/1 is the uplink to a 3750. I dont think its a layer1 issue at this time since i have seen it work just fine for over 2 weeks and drop again. I don't see any errors on the 3750 either.
WS-C3560-8PC 15.0(2)SE C3560-IPBASEK9-M
LOG:
----------------------------------------
.Oct 20 19:34:37.533 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changeds tate to up
[Code].....
View 5 Replies
View Related
Nov 23, 2012
I have C3560 switches in my work environment. I want configure ssh on that switch but the IOS what they have 'c3560e-universal-mz.122-58.SE2' not support. As per advised I was triying to upgrade 'c3560e-universalk9-mz.122-58.SE2" for all my access switches.
I successfully upgraded for two switches.
I have two problems now
01. I upgraded the IOS successfully one Switch but the Poe is not working. What is the reason ?
02. After upgrade the IOS, the out put is as follows
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C3560E-24PD 12.2(35)SE5 C3560E-UNIVERSAL-M
Cisco#sh boot sys
[Code].....
View 4 Replies
View Related
Oct 24, 2011
My current setup.
Layout:
Line01 Line02
| |
Cisco 2951 Cisco 2951
---------------------
|
Cisco 3750G - Server #1 & #2 for domain controller, sharepoint, etc
|
---------------------
| |
Cisco 2960 Cisco 2960
| | | | | | | ... | | | | |
workstation #1, #2, .... #70
And I would like to ask some opinion on the best configuration for the above layout:
1. Configuration #1 - Using load sharing and automatic failover So I want to ask whether there's any link/url that provides details/guides on how to setup the load sharing and failover?
2. Configuration #2 - Workstations 1 - 35 will be routed through Line01 gateway and workstations 36 - 70 will be routed through Line02 As for this configuration, it's done now. However, I want to know whether there's any software (preferred web based application which allows me to change the gateway from line #1 to line #2 for all 70 computers instead of having to go to each workstation to update the gateway).
View 1 Replies
View Related
Aug 12, 2010
How do we disable the telnet to ACS appliance 4.2 1113 SE
View 4 Replies
View Related
Jun 14, 2011
I am using a Cisco 2801 Router and currently have Telnet enabled on all interfaces. How do I change that so it is enabled from all inside networks, but not on the outside interface?
View 12 Replies
View Related
Nov 21, 2012
I am in a doubt if the 3560-12-PC-S supports OSPF. Datasheet says we need IP Services image. But 3560-12PC doesn’t have the option with IP Services. Then I havigate to [URL] how?
So, any clues whether or not this box can run OSPF?
View 1 Replies
View Related
Feb 5, 2012
I have a weird situation with some switches.
Switch .55 can ssh into Switch .57 but cannot ssh into Switch .56.
Switch 56 can ssh into Switch 55 and ssh into Switch 57
Switch 57 can ssh into Switch 55 and ssh into Switch 56
The software on .56 is:
C3560 Software (C3560-IPBASEK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
I noticed on .56, when I do a show ip ssh I get: SSH Enabled - version 1.5. It doesn't say version 1.99 like the others even when I configure version 2. Is this a bug I am running into?
View 9 Replies
View Related
Aug 22, 2012
I have the requirement to provide a Cisco Router with 3 x ADSL lines (768k) to increase the internet speed.PPP multilink is not supported from the ISP.
Is it possbile to distribute the traffic between this three ADSL lines?How can I configure this?
I have the following hardware configuration:
1 x CISCO1921-SEC/K9
2 x EHWIC-VA-DSL-B
The third ADSL line is connected over an ADSL modem at one fixed Router Gigabit interface.
View 0 Replies
View Related
Feb 17, 2012
What is the purpose of these default configuration lines? What do they mean? I can't find an explanation of them anywhere. I believe some are written to the config when FCoE is enabled..
I would like to know exactly what they are doing.
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
[Code].....
View 5 Replies
View Related
Feb 5, 2012
disable telnet for ACS 1120 Appliance version 5.0.0.21 .is there anway to do it , not able to login via telnet and ssh it says wrong credentials but webgui is working fine with same user and password.
View 1 Replies
View Related
Dec 12, 2012
I want to disable the telnet option/feature on ASA 5510
i tried no telnet alone it wont work as i didnt configured any telnet at all.
View 1 Replies
View Related
Feb 27, 2013
how to configure SLA monitorin for Dual Path default route in Layer 3 switches, like C3560?
View 2 Replies
View Related
Jun 17, 2012
Had a switch die over the weekend, a c3560, per our normal procedure I pulled the hardware put a very basic config on it(vlans, portchannel, uplink ports, ip of management vlan, con and vty security, snmp, enable secret, and hostname). Then I use solarwinds orion to upload a copy of the old config to bring the switch back to the same state as the one that failed. Its a system that has worked for us 3 or 4 times in the past. But this time when the base config was on the box it couldnt ping across the network.I have tried clearing the arp cache and the dynamic mac tables, i verified the routing tables and even removed the 10.1.185.128/27 route and re-added it, saw the routing update go across to the other 65k, tried bouncing the edge switch(i cant bounce the 65k's), took down the po between the edge and 65k.
View 2 Replies
View Related
Sep 4, 2012
I have a c3560 switch that has two gig fiber modules in it. I need to uplink fiber to one of these at 100mb. This is because this port will be rate limited to 20mb and 10 percent is the lowest you can go with the rate limiting command. Is there a 100mb fiber module i can insert in the 3560
View 1 Replies
View Related
Nov 24, 2012
We are seeing output drops on a C3560 switchport, this port does not have QoS enabled -- application does not need special qos treatment, as long as packets are not droppd, so I suppose all traffic will share the same queue? then how should I read the output of "show platform port-asic stats drop" which indicates that it is queue 3 weight 2 drop? I am wondering what is the best way to fix this? enable mls QoS and increase queue 3 bandwidth share on this interface or just increase the output queue depth?
switch#sh mls qos interface gi0/1
GigabitEthernet0/1
QoS is disabled. When QoS is enabled, following settings will be applied
trust state: not trusted
[Code]......
View 8 Replies
View Related
Mar 4, 2012
I am having an issue with VoiP phones giving me an insufficient bandwidth message. I have three remote locations connected to our main building using 2 Mb point to point ethernet solutions through TWC. Each remote location has a Cisco WS-C3560-24PS running IOS C3560-IPBASE-M, version 12.2(25) and have the cable modems plugged into port 1 on them. The remote buildings are labeled 192.168.101.xxx, 192.168.102.xxx, and 192.168.103.xxx. There are 14-16 VoiP phones in each remote building. The main building being in the subnet of 192.168.100.xxx. I have the 3560s connecting to a single port on a 2801 in the main building, all using the subnet of 192.168.253.xxx The phone server sits in our network at 192.168.100.203. I have created the ACLs, class maps, and policy maps on all of the equipment.
For the remote buildings I have the following:
ACL
===========
Extended IP access list VOIP
permit tcp any host 192.168.100.203 dscp ef
permit tcp any host 192.168.100.203 eq 5566
[Code]....
I have put a hub in to capture traffic via Wireshark to see if DSCP flags are being appropriately marked and I do see that all VoiP packets are getting marked with as EF. However, I have been receiving phone calls from people in the remote buildings stating that their phones will cut out, flash Insufficient Bandwidth on the LCD displays and then the call will cut back in. I am wondering if the 2801 is not applying QoS with the rate-limits in mind since it is set to 100 Mb, or is it an issue with trying to take 3 remote locations and bring them down into 1 port on the 2801?
View 6 Replies
View Related
Jul 23, 2012
Can a C3560-24PS switch with 32 MB flash be loaded with IOS 15? Will it be able to execute the code and function properly?
View 2 Replies
View Related
Feb 16, 2011
I have two layer 3 switches C3560 and C3750 Cisco switches with ios version "ipservices-mz.122-35.SE5".Now with the current ios version, these layer 3 switches are not supporting object group.so my question is , do i need to upgrade the ios, for this feature, if yes, which version ?
View 7 Replies
View Related
Jun 28, 2012
I need to configure the C3560-24TS, QoS control by IP or subnet.i tried to study books and videos many times but still feel i am not well known about QOs...
View 1 Replies
View Related
Oct 7, 2012
I just trying to setup a dhcp server in my catalyst 3560 switch for a nortel ip phones. I show you mmy configuration:
VOICE VLAN: 3
DATA VLAN: 1
S1:10.2.110.200
port:4100
Nortel IP Phones: IP 2002 (Firmware Version 0604D9H) & IP 1110 (Firmware Version 0623C7)
Switch Configuration:
aaa new-model!aaa session-id commonip subnet-zeroip routing!ip dhcp pool datos network 10.2.100.0 255.255.255.0 default-router 10.2.100.1 lease 0 2!ip dhcp pool voice network 10.2.110.0 255.255.255.0 default-router 10.2.110.200 option 191 ascii "VLAN-A:3" option 128 ascii "Nortel-i2004-A,10.2.100.200:4100,1,5." lease 0 2!!!!no file verify autospanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy
[Code]...
View 2 Replies
View Related
Feb 19, 2013
I have a C3560-24P PoE switch, running on a very small network with nothing special about the endpoints or the configuration (5 laptops connecting via 1 wireless AP, 1 firewall uplink, a networked printer and one conference room phone using PoE. That's it.) I actually have inline power turned off on all the non-PoE device ports.
We are encountering a very strangle anomaly where if a client attempts to send a print job through the switch, to the network printer, the printer makes a noise as it if's begun to initialize and then the switch immediately goes into a reboot. Also the reboot appears to immediately drain all he batter power from the UPS unit that it's connected to. The unit is an APC SmartUPS 750 (500W, 750VA) and when the switch reboots the load on the UPS jumps to well above 100% until the switch appears to 'level out'. Is that kind of power draw normal when rebooting a C3560?
Switch details:
IOS version: c3560-ipbasek9-mz.150-2.SE1
128MB Memory
512K nvram
Model Revision: F0
View 3 Replies
View Related
Oct 27, 2011
I can´t configure speed in a giga port on WS-C3560-24PS-S switch(config-if)#speed ? no negotiate Do not negotiate speed
do you know if the port support speed 100??
because I need to connect with 2955C-12 switch in one port: 100BASE-FX (Multimode Fiber) uplinks, this port its only 100mbps?
and the switch C3750G-12S-E can I configure the ports on 100mbps?
View 4 Replies
View Related
Sep 9, 2010
I'm having some weird issues with our 3560 that's connected to an MPLS line. The speed of the port plugged into the providers equipment is 100Mb, but we're only allocated 10Mb of bandwidth from them, I tried to police our traffic out of the port using srr-queue bandwidth limit 10, however when I do that I get some really weird bandwidth results.
Using iperf I've run bandwidth tests with srr-queue bandwidth limit enabled and with it disabled, when it's disabled I get the full 10Mb as expected, however once I enable it I'm lucky to get 5Mb, and while the test is running connectivity between sites is almost useless (which is not the case if I disabled bandwidth limit). Is there anything special I should be doing when I have this enabled? I also have priority-queue out enabled with only one dscp marking placed in queue 1, with very little traffic hitting that queue, but regardless of what I do I can't get the expected bandwidth with the bandwidth limit command, even if I place my iperf traffic in that priority queue.
View 3 Replies
View Related
Jan 3, 2013
I need to replace an older 3560 with a new 2960-S and am wondering if the SX SFPs I already have will be compatible with the 2960-S. [code] I cannot find any way to get the part numbers of the SFPs.
View 7 Replies
View Related
Nov 16, 2011
My clients switch is running out of Spanning-Tree instances (c3560 only supports 128 instances). I know that running RSTP with VSTP can mitigate this that all instances over 128 will be handeled by RSTP, but before I implement this are there any other thoughts out there on how to mitigate this. Would MSTP be able to handle more STP instances or MISTP perhaps?
View 3 Replies
View Related
Sep 11, 2011
I have a c3560 that on Port 1 I can not get any device to talk to the DHCP server.Previously there was a client connected to this port however over the weekend he stated he lost connectivity.
In my troubleshooting I have connected that client to another port and now he is good to go...I connected my laptop and tried to connect to the network however I could not.I checked the logs and did not see anything that lead me to think it was having problems.
Is there another way to shut this down and hopefully start it back up without having to restart the entire switch?
View 4 Replies
View Related
Mar 1, 2012
I have aaa new model configured on a number of isr's(1800, 1900, 2900, 3800 etc). When i have aaa configured, the telnet logins use that authentication and not the password in the line vty portion. Is this by design. would disabling aaa enable both telnet and aaa authentications, essentially making it a dual login.
View 3 Replies
View Related
Apr 14, 2013
We have two switches of the same model (WS-C3560-48PS-S) that are not providing PoE. I'm trying to remotely determine what the cause of the issue is.
Here is some output.
Hostname#show power inlineAvailable:0.0(w) Used:0.0(w) Remaining:0.0(w)
Interface Admin Oper Power Device Class Max (Watts)--------- ------ ---------- ------- ------------------- ----- ----Fa0/1 auto off 0.0 n/a n/a 15.4Fa0/2 auto off 0.0 n/a n/a 15.4Fa0/3 auto off 0.0 n/a n/a 15.4Fa0/4 auto off 0.0 n/a n/a 15.4Fa0/5 auto off 0.0 n/a n/a 15.4Fa0/6 auto off 0.0 n/a n/a 15.4Fa0/7 auto off 0.0 n/a n/a 15.4Fa0/8 auto off 0.0 n/a n/a 15.4Fa0/9 auto off 0.0 n/a n/a 15.4Fa0/10 auto off 0.0 n/a n/a 15.4(code)
View 1 Replies
View Related
Mar 4, 2012
I have set up a newly switch, cisco 3570C. Its in v15 and the only configuration i did is:
-set up interface ip add. 10.132.16.111
-set up telnet
I am able to telnet within LAN environment. I cant ping or telnet the switch in a WAN enviornment. Is there any setting i should confgure on the switch?
View 12 Replies
View Related