Cisco Switching/Routing :: Catalyst 3750X Is Caching Tacacs Password?
May 17, 2012
the following information before:
Switch: WS-C3750X-48P (Stack with 2 Members)
IOS: 12.2(58)SE2
Lic: IPBASEK9
uptime: rebooted this night
[code]....
Since i added another Member to the Stack, i'm facing the following problem:When i login with my tacacs user account, i will not be asked for the password.The same thing is for the tacacs account of my colleague, after entering the username he is logged in.It seems for me, that the passwords are cached only for this Switch.
View 3 Replies
ADVERTISEMENT
Aug 8, 2012
the following information before:
Switch: WS-C3750X-48P (Stack with 2 Members)
IOS: 12.2(58)SE2
Lic: IPBASEK9
[Code]....
Since i added another Member to the Stack, i'm facing the following problem: When i login with my tacacs user account, i will not be asked for the password. The same thing is for the tacacs account of my colleague, after entering the username he is logged in. It seems for me, that the passwords are cached only for this Switch.
View 3 Replies
View Related
May 13, 2012
There is a requirement to configure tacacs and radius on catalyst 3750X (version 15.0) where two vrf exist.Is therer a solution to configure "tacacs-server,host x.x.x.x vrf yyy" ?? I know it is possible to configure under the "aaa group server radius xxx" the command "ip vrf forwarding yyy".Is there anything else for the tacacs-server and radius-server command?
View 2 Replies
View Related
Jan 27, 2013
I try to updgrade a stack of two 3750X-48PS to the IOS 15.0-2
Same commande has the twelves others stack I have upgrade lately
archive download-sw /overwrite tftp://x.x.x.x/c3750e-universalk9-tar.150-2.SE.tar
or
archive download-sw /overwrite usbflash0:/3750/c3750e-universalk9-tar.150-2.SE.tar (much faster!)
At the end I have this message :
extracting c3750e-universalk9-mz.150-2.SE/info (511 bytes)
extracting c3750e-universalk9-mz.150-2.SE/c3750e-universalk9-mz.150-2.SE.bin (19842267 bytes)
[Code].....
View 3 Replies
View Related
Mar 25, 2013
I have upgraded my Catalyst 3750X-switches to software-version 15.0(2)SE2, but I cannot upgrade the 10G servicemodule to the same version. I use the archive download-sw command to load the c3kx-sm10g-tar.150-2.SE2.tar. The file is loaded to the switch, but when the process starts to transfer the file to the module it fails with the following messages:
Error 2: Unable to transfer image to FRU Modul on switch 1Error: Failed to update FRU Module image
The modules is now running with in-compatible versions as shown below:
Switch# H/W Status (CPU/FPGA) CPU Link Version
-----------------------------------------------------------------
1 OK 77C/71C ver-mismatch 03.00.41
2 OK 73C/73C ver-mismatch 03.00.41
View 1 Replies
View Related
Nov 20, 2011
if I read the Datasheet of Catalyst 3750X-Series-Switches it is possible to connect a new X-Switch to an existing and old Catalyst 3750-Series Stack.What kind of requirements are needed? Only same IOS-Version in the hole Stack and if possible same Feature-Set? .... like in a normal NOT mixed Stack?
View 4 Replies
View Related
Apr 9, 2013
Is it possible to mix 1 and 10 Gigabit links on a 1/10Giga Network Module of the Cat3750X? I mean porte GE1/1/1 and GE1/1/2 used with SFP and port TE1/1/2 used with SFP+; that makes TE1/1/1 not available as GE1/1/3 and 1/1/4
View 7 Replies
View Related
Jan 31, 2012
I work at a hospital and we have 3750X-48P switches in stacks in various locations throughout the hospital. We have noticed that when an EKG machine is plugged into one of the ports on some of these switches and the EKG machines are set manually to 100/Full, the ports are no longer usable until the switch is restarted. The switch is configured for auto. If the EKG machine is set to auto, it will work and not cause problems. The link on the interface will show up/up and there will be output packets increasing. However, there will be no inputs on the link and the port is unusable. Unfortunately, even when the device is removed, the port becomes unusable for any device. Is there any way to fix this problem without rebooting the switch?
View 5 Replies
View Related
Apr 10, 2012
Assume I had Catalyst 3560X/3750X with 24 ports. The partnumber is WS-C3560X-24P-LI would like to how is the numbering defined if the switches have a C3KX-NM-10G installed with 4 SFP-GE-L.
View 1 Replies
View Related
Sep 5, 2012
our network is spread over 15 floors and each floor we have 5-6 switches. we are planning to purchase cat3750-x 24 ps poe with C3KX-NM-10G network modules. Each floor has two up links to the core switch with single mode fiber and other being the multimode.Suppose if we are purchasing 75 switches do we have to purchase 75 C3KX-NM-10 G modules.? or can we limit our purchase with 15 C3KX-NM-10G sothat two uplinks from each floor can be made? since network modules are optional cost factor is invovled. Or any issue with stacking ? the SFPs will be LR and LRM MODULES.looking for an answer ? whether the new usb type console cable comes bundled with cat350x or shall we have to order separately?
View 7 Replies
View Related
Nov 14, 2011
convergence time in case of stack master will be switched over to other switch.In my understating, when the stack master will be switched over to other switch based on election algorithm, convergence time will be less than 10 second.
I tried to calculate concersion time during fail over testing but convergence time was 21 second. I think it is too long...
Expected reasons
・I configured Rapid Spanning tree protocol between L3 and L3. (But RSTP's convergence time is 2~3 second..)
View 4 Replies
View Related
Jul 21, 2012
When quoting a Catalyst 3750X with PoE (WS-C3750X-48P-E) the Dynamic Configurator Tool allows to include as the secondary power supply option the Catalyst 3K-X 350W AC Secondary Power Supply (C3KX-PWR-350WAC/2), but the default included primary power supply is the Catalyst 3K-X 715W AC Power Supply (C3KX-PWR-715WAC). My questions are the following:
1. Will this combination of power supply work?
2. Will the C3KX-PWR-350WAC/2 be able to power up the switch if the primary power supply of 715W fails?
3. Will the PoE will be lost if the primary power supply fails and only the secondary power supply of 350W keeps working?
4. If this secondary power supply of 350W is not suitable for PoE, why it is available as a secondary power supply option in the Dynamic Configurator Tool for a PoE switch?
View 4 Replies
View Related
May 12, 2013
configuration of a Catalyst 3750X and Barracuda Web Filter using WCCP protocol.
We used various WCCP protocol settings, unable set to redirect traffic to the Web Filter.
This is the current configuration of 3750X:
ip routing
ip wccp 94 redirect-list 194 group-list 50
ip wccp 95 redirect-list 195 group-list 50
[Code]......
View 5 Replies
View Related
Apr 3, 2011
I'm trying to work out if I need to order the "IP services" image for a couple of C3750-X. I need to run OSPF on these switches, but find the IOS image requirements on Cisco contradict.
At the top of the data sheet it says: • Open Shortest Path First (OSPF) in IP Base image
On the product info page it says: IP Base: Enterprise Access Layer 3 Switching, including OSPF (Open Shortest Path First) for routed access
But in lots of other places it says you need 'IP services' for OSPF.
As the IP services IOS is quite a bit more expensive I would like to avoid buying it. What image do I need to run OSPF?
View 6 Replies
View Related
Feb 13, 2012
Need to clarify if ip sla icmp echo operation is supported in catalyst 3kx switches (ip services)? on the configuration guide, commands are available, but on the feature navigator, i can't find the feature, only ip sla video operation. i don't have a device to test on here.
View 2 Replies
View Related
Mar 17, 2013
I want to configure accesslists on my Catalyst 3750X-switches to protect different VLANs/networks. Any best-practices about inbound versus outbound accesslists? In my head it is more readable and easier to understand the config when accesslists are assigned outbound on the VLAN to protect instead of assigning them inbound on all possible source-VLANs. But of course, from a performance point-of-view it is better to use inbound access-lists to avoid un-necessary routing etc.
View 1 Replies
View Related
Aug 30, 2012
I have a customers Catalsyt 2950 switch come in for the configuration to be cleaned to factoy default, using the link below removed the customers banner and login information whitch worked
[URL]
When i restart the switch and enter Enable mode I'm prompted with the password which i used when following the link above,
I want to remove all passwords so when the switch is redeployed to the next site who ever the engineer is that is going to be reconfiguring the switch is able to access privlage mode with out the password promt.
View 2 Replies
View Related
Jun 7, 2012
I am not able to successfully accomplish the password reset function. This 2950 does not respond to the mode button held down at power up or to sending a briak. I have tried both several times and the switch continues to fully boot. [URL]
C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)Compiled Mon 22-Jul-02 17:18 by antoninoWS-C2950G-48-EI starting...Base ethernet MAC Address: 00:0b:fd:a1:4f:80Xmodem file system is available.Initializing
[Code].....
View 2 Replies
View Related
Feb 23, 2012
have a Switch I bought off a guy at work. Just to get into the Switching world of Cisco. He doesnt know the password on it and i cant reset the switch. I would like to mess around with it more but it doesnt load the flash or helper. It just sits there and holds. I have tried the password recovery and everything. Trust me, everything is correct, but it wont work for me. I cant load a new image to it because I dont have access to a server to get it from.
Base ethernet MAC Address: 00:0a:8a:94:58:c0Xmodem file system is available.
The system has been interrupted prior to initializing theflash filesystem. The following commands will initializethe flash filesystem, and finish loading the operatingsystem software:
flash_init load_helper boot
switch: flash_initInitializing Flash...flashfs[0]: 3 files, 1 directoriesflashfs[0]: 0 orphaned files, 0 orphaned directoriesflashfs[0]: Total bytes: 3612672flashfs[0]: Bytes used: 1815040flashfs[0]: Bytes available: 1797632flashfs[0]: flashfs fsck took 3 seconds....done Initializing Flash.Boot Sector Filesystem (bs:) installed, fsid: 3Parameter Block Filesystem (pb:) installed, fsid: 4û
View 2 Replies
View Related
Nov 5, 2012
Im trying to access the switch to reset the password to factory defaults (please see switch output Astrix has removed customer identifying information for security purposes.) Each time I reboot the switch and try and access the password recover mode this same output below starts and im still not able to access the recovery area of the switch
cisco WS-C3560G-48PS (PowerPC405) processor (revision F0) with 122880K/8184K bytes of memory.
Processor board ID FOC1133Y28Q
[Code].....
View 3 Replies
View Related
Nov 5, 2012
Im trying to access the switch to reset the password to factory defaults (please see switch output Astrix has removed customer identifying information for security purposes.) Each time I reboot the switch and try and access the password recover mode this same output below starts and im still not able to access the recovery area of the switch
cisco WS-C3560G-48PS (PowerPC405) processor (revision F0) with 122880K/8184K bytes of memory.
Processor board ID FOC1133Y28Q
Last reset from power-on
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
[code]....
View 1 Replies
View Related
Jul 25, 2011
We have a Catalyst 3750 switch that failed over to local login after the Tacacs authentication stopped working. I went through the configuration settings and everything appears to be identical to another switch in this same building.
View 4 Replies
View Related
Jun 10, 2013
We think we have configured the ACE and Tacacs properly as we auth, but are not able to enter into configuration mode.
ACE-4710 A4(2.3)
View 1 Replies
View Related
Feb 17, 2012
All ip's and any identifying numbers have been change to protect.
I have a 6500 series switch that for some reason will not authenticate to the tacacs server. When you try, you get a password authentication failure. However, it will let you use the configured username and secret to log in thru ssh. And the enable secret to get into privileged mode. Tacacs key is correct, btw.we will call the server vlan 300 and the admin vlan 400.the tacacs source interface is in vlan 400 and the tacacs server is in vlan 300.
I can ping the tacacs server via the switch, but when i use the source cmd with the ip address of the admin interface vlan, ping will not work. I changed the tactics source interface to vlan 300 (the server vlan) and authentication with the tacacs server works fine. ip routing is turned on. There are entries for both the server vlan subnet and the ad-min vlan subnet in the routing table. There are only standard access-lists, and none of them are blocking packets from getting to the tacacs server via the admin vlan.
I could just leave the source interface on the int vlan for the servers, but I would like to find out why this isn't working. I have 1 other 6500 switch on a different network that is configured exactly the same (except for ip's, keys, and vlans) and am not having any issues with that LAN. I also have 6 other 3700 switches on the network that Im having an issue with, and none of them are having issues with authentication.
View 1 Replies
View Related
Oct 8, 2012
I have a little problem. My customer is using TACP-PLUS ALPHA (F4.0.3.alpha.v9). Well, the same user than have access to another Cisco equipment, with user test1 by sample, can configure anything in the equipment. But in the nexus 5000, el command "show user-account" indicate just the "network-operator" role. Well, I patch this situation with the next commands:
aaa authorization config-commands default group TACSERVER local
aaa authorization commands default group TACSERVER local
Well, when I do a telnet into the nexus, I can shut the interfaces, config and anything. But, when I ingress by console, I can not to configure the interfaces.I understand that the Nexus 5000 the Tacacs configuration is global for VTY and Console (different in the Cisco equipment Routers by sample).
View 1 Replies
View Related
Dec 12, 2011
I am working for an Air Force client and am adding a handful of 5548s into their network. My question is how Tacacs+ is configured. My hands are tied in regards to testing in an operational environment so I want to ensure the configs are correct prior to deployment/maintenance window and avoid any remote issues.
I have read the "Cisco Press - TACACS+" config guide and it was somewhat vague in regards to operational deployment.
My basic NX-OS configs are as follows:
- feature tacacs+- tacacs-server key 7 "002A52xxxxxxxxxxxxxxxx8"- tacacs-server host 128.xx.xx.xx timeout 10- tacacs-server host 128.xx.xx.xx timeout 10- tacacs-server directed-request
When I try to set the following command string, aaa authentication login default group tacacs+ local, the NX-OS asks me the input a "server group name". There are no server groups configured. Do I need them? Can I get by without configuring a group name because the client probably will not.
The Cisco IOS devices are configured with normal aaa authentication/authorization parameters. Also, do the VTY ports default to sshv2 and the correct tacacs+ parameters with the "transport input ssh" command (not available)?
View 3 Replies
View Related
Feb 12, 2013
We have CISCO ASR 1002 router on our DC, I want to enable TACACS on this router.what is the usage of key, we need a separate key for every device? or. [code]
View 9 Replies
View Related
Oct 13, 2011
I am trying configure tacacs authentication for http in Cisco 2960 with IOS 15.0.1.SE. [code] But the device is not authenticating. It ask the credentials (user and pass) but not authenticates.
View 7 Replies
View Related
Feb 24, 2013
i have a question about multiple TACACS Groups. I want to archive the following:
A Cisco 888 is managed by me and a Provider Support Team. Since we both want to access our own TACACS Server, i want to create two TACACS Groups. Is it possible to me, to bind a Tacacs Group to one Interface, and the second TACACS Group to another ? Means that our stuff is connecting to the LAN Interface FastEthernet0 that is applied to the SVI in V LAN 1.
The service technicians from the Provider are connecting to the external Interface or through a possible Lo. (another IP). I do not want to mix our 2 TACACS+ Server and theirs together in one Group. So have anybody tried this before ?
View 8 Replies
View Related
Dec 10, 2012
I have Nexus 7K installations in 2 locations. Both of them have multiple VDCs. In default VDC there are continous tacacs error message though tacacs is not configured. The requests are from various public IPs where thsi VDC is not exposed to Internet at all. What would be t he cause of it?
%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user root from 195.2.219.2
2012 Dec 11 16:25:28 IDC-FBDTB-AMR2-CN7K-01 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user nagios from 67.78.206.226
- sshd[25797]
2012 Dec 11 16:25:34 IDC-FBDTB-AMR2-CN7K-01 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user nagios from 67.78.206.226
- sshd[25799]
[code]....
View 1 Replies
View Related
Jul 10, 2012
I have been experimenting with acs 4.2 and a cisco asa 5510. I have managed to authenticate the ASA users with my tacacs server. The user "test" is authenticated with the tacacs server, and can log in. But the enable password is wrong, because i dont know where to place it in the tacacs server.
Now my question is, where do i set my enable password when authenticatig with tacacs+. And for this i mean in the acs 4.2, i know how to do it on the asa.
View 4 Replies
View Related
Apr 18, 2013
I have a pair of OLD Cat6500's running CatOS:
WS-C6509 Software, Version NmpSW: 7.6(16)
Copyright (c) 1995-2005 by Cisco Systems
NMP S/W compiled on Dec 22 2005, 16:37:19
System Bootstrap Version: 7.1(1)
System Boot Image File is 'bootflash:cat6000-sup2k8.7-6-16.bin'
System Configuration register is 0x2
I know these are no longer supported, but I have to ready them for migration. Recently a problem began with these switches. What happens is that when I telnet to them, I cannot authenitcate via TACACS. This works fine for all our other IOS equipment, just not for these 2 switches. The error is:" % Error in authentication" and then I get kicked back to the login prompt.
The odd thing is that when I connect to the switch via the console port, I can authenticate fine with TACACS.
CMS> /c 14
[Code].....
View 2 Replies
View Related
Jul 26, 2012
I am trying to migrate an ACS 4.1.1(24) using the migraton tool to ACS 5.2. The tool is working OK. It migrates the users, groups, NDG, etc. and the reports are showing no errors.
The problem is with the Enable password of the users. The users in the ACS 4 have the TACACS+ Enable Password configured, but after the migration it appears empty in the ACS 5.
View 3 Replies
View Related
