Cisco Switching/Routing :: Cannot Login To 6500 Switches
Dec 16, 2012
We have two 6500 switches and I am unable to login to these switches anymore, but i was able to connect to them yesterday via Telnet. The strange part is that it happened for both switches at the same time.But now when i try to login, it gives me a message "password required, but none set". I can login to them via console.Is it because the 0 - 4 VTY connection are being used and there is no password set from VTY 5 to 15?The config has not changed.
SWITCH-1
line con 0
exec-timeout 0 0
password xxxxx
login
line vty 0 4
We are implementing NAC in our environment and unfortunately still some of our obsolete 6500 switches are running CATOS, the current (cat6000-sup2cvk9.8-6-4.bin) image does not support some of the commands related to NAC implementation. Therefore, I would like to urge you to provide me the 8.7 image which supports all the NAC related commands and will be easier to finish the long pending assignment.
We are in process of replacing the obselete hardware but that will take time.
My task is to upgrade a couple of 6500 series switches, 6513 with SUP720/MSFC3 (WS-SUP720) and Policy Feature Card 3 (WS-F6K-PFC3B) installed. How to upgrade those switches if in SSO redundancy mode with two SUPs installed?
I understand that it is good to connect to the MSFC3 via console and upgrade this first, is this correct?
I also have to upgrade some 6509 but I only can test it on one 6509-E, how to get everything up to date. [code]
some of the features of 6500 are enabled by default and woudn't appear in the "Show run". See the command below and how do I make sure whether these featues are enabled by default or not. Would it appear in the config if enabled?
ip verify unicast source reachable-via rx ip verify unicast source reachable-via any
storm-control broadcast level 70
what are the difference between the commands below and can they be enabled together.
spanning-tree guard root vs spanning-tree loopguard default vs spanning-tree guard loop
I am little confused about the location of FIB table and adjacency table in both cisco 6500 series and fixed ports switches .In case of 6500 series switches
"Central CEF mode:The CEF FIB and adjacency tables reside on the route processor,and the route processor performs the express forwarding. Use this CEF mode when line cards are not available for CEF switching, or when features are not compatible with distributed CEF."
If line cards do no support CEF, then FIB and adjacency tables are built and are located on route processor( control plane ). Data plane operations are implemented in software and route processor performs those operations.
Some Cisco switches actually use different hardware to control the different planes. For example, the Cisco Catalyst 6500 is a modular switch that uses the Multilayer Switch.Feature Card (MSFC) for control-plane operations, and the supervisor Policy Feature Card (PFC) for the data-plane operations.
Supervisor module has has MSFC and PFC. MSFC implements control plane operation where as PFC implements data plane operation.But the first paragraph says in Central cef mode, both data plane and control plane operations are implemented by route processor. [code]
Do these switches implement the Central mode cef in same way as mentioned above. i.e
"Central CEF mode:The CEF FIB and adjacency tables reside on the route processor and the route processor performs the express forwarding. Use this CEF mode whenline cards are not available for CEF switching, or when features are not compatible with distributed CEF."Or fixed ports switches such as 3750 implement data plane operation in hardware where FIB tabe and adjacency table are maintained on Data plane.
We are facing an issue with the NAM3.Version: 5.1(2-patch4)
we can not login using the GUI. when we try to login we are getting the following warning:
Initializing database. Please wait until initialization process finishes.(see attachment)
we have rebooted the NAM3 module but the issue is not solved. the NAM3 module is running on 6500 Series Switch.(Cisco Catalyst 6500 Series Network Analysis Module (NAM-3)
I have a need to allow a small group of users temporary level-15 access to several 6500 switches (running 12.2-33 SXJ2 code), but do not want to provide them with the enable secret password which is used on the rest of the network (over 1200 devices). I tried to eliminate AAA using the "no aaa new-model" command, but was told I could not remove aaa while there were active sessions, and "login local" no longer appeared as an option for vty lines. So, I created a local user database called "support" which I used to replace the "group" entry in the authentication and authorization sections of our AAA config and for login on vty 0 4. [The username is given a privilege level of 15 along with an individual password for authentication. (ex. user name jsmith privilege 15 password 0 xxxxx)] I modified our AAA configuration to support local login, but was unable to establish "enable mode" (i.e. # prompt) with any account. I can login locally, but only to a normal "user mode" (i.e. > prompt).Here is the current, unmodified and sanitized config for our AAA and line vty 0 4 sections. [code]
I have a website account with fatcow. I created the website with Dreamweaver software and uploaded it to fatcow via port 21.My internet connection was via xplornet and I had no access problems. I upgraded to xplornet's new g4 system and now I can no longer access my account online or upload to my website.We have two computers. The first is a desktop system that has the dreamweaver software. The second is a laptop which connects wirelessly. We share the signal through a dlink router. The modem is a viasat Surfbeam 2 residential satellite modem.1. When I attempt to login to the fatcow control panel, the tab shows successfully authenticated and then re-directs me back to the login page. This happens on both the laptop and the desktop.
I have tried bypassing the router and the problem still exists.I took the laptop to the computer center and I can login to the account no problem.I used a free proxy server page on the internet and can login from my home system on my desktop no problem.I have completely turned off virus scan and firewalls. It doesn't work. I have tried IE7, Chrome, Firefox and they all have the same problem. The laptop runs IE8 and has the same problem.I can ping the page successfully. I can traceroute the page successfully. I can't nslooup any site at all. I get the domain not existant message.My ip and dns settings are the automatically find option.I have renewed ips and dumped the dns cache.Using alternate dns addresses doesn't rectify the problem. When I attempt to upload via dreamweaver, I connect but within seconds I get a Dreamweaver message that says "Connection to remote host has been lost. Click refresh to continue" and the log reads "FTP Error. Dreamweaver could not connect to server." I haven't taken my desktop anywhere to try to see if it works on a different network. I'm in a remote location (hence the satellite internet)and it is an hours drive to the nearest private internet connection and a 2 hour drive to the nearest public connection.
I have just set up my Cisco 1941 router to my cable internet connection. I have access to everything, but I cant login successfully into Cisco CP.
I set up a new user with level 15 privileges and a secret password. I go to login via webbrowser and I put in my credentials, but I get rejected. I have tested the username and password via the CLI, and it works fine, I just cant seam to login to Cisco CP.
As per my understanding 6509 all slots are dual channel, so 9 slot * 40 per slot (20 g in and 20 g out) = 360 GB How cisco claim the 720 ?? What about the 6513 chassic switch fabric connection?
I am seeing a strange situation on my 6500 switch?By having snmp walk on '1.3.6.1.4.1.9.9.109.1.1.1.1.3' (== cpmCPUTotal5sec), I came to know that there are two processor and the cpu util for switching processor is gone to 88 % and some time creeps to 99 %.
snmpwalk -v2c -c "removes" sw6500 '1.3.6.1.4.1.9.9.109.1.1.1.1.3' SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.1 = Gauge32: 12 (--- this is for CPU of Router Processor ) SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.3 = Gauge32: 99 (--- this is for CPU of Switching Processor )
but when I do sh process cpu on the console, all looks normal as it shows cpu utilization of RP. why the value is so high on the switching processor ?
I can access to Cisco 3750 with SSH, but fail to login to web http with the same login.I am able to get the login prompt, the login error I get is "The server at level_15_access requires a username and password."Below is my switch config:username admin privilege 15 secret 5 $1$xsdfajiwuoeirlkajsd.
my ASA 5505 just woke up one day and didnt allow me to login to it with ASDM. i can console in though but telnet, ssh and asdm will not work. it just times out.
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
I'm looking to restrict Inter-VLAN routing through L3 switch (cisco 6500) and wanted to know best possible way to do it. I used VACL and achieved success to some extent, but my config is making clients take up to 5-6 mins to authenticate IP address from the DNS (bootps).My VACL config was as follows:
Subnet to restrict is 10.100.15.0 (VLAN 15) STEP 1: Created extended ACL to allow bootpc/bootps through DNS ip access-list extended EACL_DNS permit udp any eq bootps any permit udp any eq bootpc any
STEP 2: Created standard ACLs to allow only relevant subnet, server VLANs & some IPs from other subnets for printers/scanners etc.
ip access-list standard SACL_VLAN_15 permit 10.100.15.0 0.0.0.255 (the subnet I'm restricting) permit 10.100.50.0 0.0.0.255 (server VLANs) permit 10.100.25.45 0.0.0.0 (printer in another VLAN which has to have access in VLAN 15)
STEP 3: Created VLAN access list
vlan access-map VACL_15 10 match ip address EACL_DNS action forward vlan access-map VACL_15 20 match ip address SACL_15 action forward
STEP 4: Applying VLAN Access list on VLAN 15 vlan filter VACL_15 vlan-list 15 Though the above works, below is noted:
1. I'm still able to PING 10.100.15.2 (the switch virtual interface) from outside the subnet, which I don't intend to do so. Howeve all cients in the subnet have no connectivity from outside the VLAN 15.
2. As mentioned its taking quiet some time to negotiate with the DNS server at system boot time.
I used to "ip routing" command in order to enable inter-vlan routing, for example with 3750 cisco. I have a 6503 cisco with SUP720 MSFC3. I was able to create some vlans but I can not configure inter-vlan routing.
sw#conf t Enter configuration commands, one per line. End with CNTL/Z. swsur(config)#ip routing
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?hes, do we need to enable the "ip routing" command manually for intervlan routing?
I have recently aquired a Cisco SGE2000 switch and the first thing I did was update to the latest firmware and change password. Now I cant login? Neither my admin / admin dosent work nor the new user I have created. Is there any characters that this dosesnt support like backslashes or forward slashes for password? If not then what can I do to get access to the switch again?
I have my first 3560x running IOS 15.0(1)SE and noticed that I can no longer login to privilege mode even though my use account is setup with privilege 15. I have the exact same setup on 12.2 (53)SE2 and have no issue, so has something changed?
I am planning on having a contractor in to configure some new routers and would like for him to login using the local account on the routers while company personal continues to use radius is this possible.
I have a 3560-X switch and want to access it through GUI. what image I need to download and steps to use GUI(Just like ASDM for ASA 5500 series Firewall).
ive updated my catalyst 4948-10GE to version 15.0(2)SG1.Now it is not possible to login by ssh or telnet on this switch. the access is established over the mgmt-Interface and vrf.i get a ping reply but login is no more possible now.is there an new feature in this version for vrf or remotelogin that has to be configured? if neccessary i can paste the running-config here.
I have a customers Catalsyt 2950 switch come in for the configuration to be cleaned to factoy default, using the link below removed the customers banner and login information whitch worked
[URL]
When i restart the switch and enter Enable mode I'm prompted with the password which i used when following the link above,
I want to remove all passwords so when the switch is redeployed to the next site who ever the engineer is that is going to be reconfiguring the switch is able to access privlage mode with out the password promt.
I'm having trouble with a Cisco Catalyst 2950 Series Switch where by I'm following the procedure from Cisco's web site to remove the Banner and login information, url..
Each command is being accepted by the switch from following the information given within the help sheet above,the problem i have now is when i turn the power off then turn the switch back on I'm still getting the banner and login information even though i have follwed Cisco's help correctly.
Are there any best practices for preventative maintenance on Catalyst Chassis switches. Looking to build a PMI schedule for a customer. Or is there evidence not to perform it at all. Things like re-seating line cards, cleaning fan exhausts, etc.
I have a set-up with multiple C2960 and C3750 switches. All these devices are being managed remotely. So basically I login to C2901, which is used as a Terminal Server, and reverse SSH to the console of each device. That's - I have assigned an IP to each port of the terminal server so that I can SSH directly to the desired device through via the mapped IP.
Now, recently I had to restart couple of switches - one C2960 and C3750. I initiated the reboot via console connection remotely. I could see the device logs for some time and then the logs stopped and there was no reaction from the console irrespective of any command I tried to enter.
I tried resetting the line on the terminal server, but that didn't work.
Now when I try to SSH the IP mapped to console of that particular device - i dont get any login prompt and there is no effect on device after giving any command. Although i can see the logs on the console session - but cant do anything.
I have a second way of connecting the device via inband- management, and checked the device config found it correct. It is same as other devices which are working correctly.
Both C3750 and C2960 are behaving exactly same - can see logs on console but see effect of even pressing enter - not getting login prompt as well.
We have a cisco 2911 router configured with password for telnet login, but I always failed to login use telnet, does any one know any place need to be modify?
