Cisco Switching/Routing :: Radius Server Command Missing From Global Configuration Mode 4510R
Feb 22, 2013
I came across an interesting issue and thought I would see if anyone else has encountered it before contacting TAC.I have two Cisco Catalyst WS-4510R-E switches with a single Supervisor V module in each chassis. Both Sup cards are now running 12.2(54) SG1; ipbasek9 firmware; yes, I plan to move both switches to 15 code but that's another story. Anyways, prior to the upgrade the one switch was running 12.2 (33) code; I suspect the code was never upgraded; running ipbase non - K9 code. The other switch was running 12.2(44) with K9 prior to upgrade to 12.2(54).
I have two Cisco Catalyst WS-4510R-E switches with a single Supervisor V module in each chassis. Both Sup cards are now running 12.2(54) SG1; ipbasek9 firmware; yes, I plan to move both switches to 15 code but that's another story. Anyways, prior to the upgrade the one switch was running 12.2 (33) code; I suspect the code was never upgraded; running ipbase non - K9 code. The other switch was running 12.2(44) with K9 prior to upgrade to 12.2(54). With the background set, one switch reports the following:SwitchA (config)#r?radius-server redundancy regexp represourc rmon route-map router.
ES20+ QoS. As I understand for these cards QoS is MQC; i.e. similar to that of normal WAN cards
1- If i have 7600 with ES+ card only then I dont need to configure global command "mls qos" and the concept of trust boundries "mls qos trust dscp" will not exist , correct ?
2- For below output, why "show mls qos queuing" is giving an O/P similar to that of WS-X6xxx LAN modules.Also why it is WRR when scheduling is not configured.I expected that command will not work with this module as it is similar to WAN modules.
Opening a connection to integrated AP801 wireless device for performing wireless configuration tasks, the connection is established OK, authentication is passed OK using credentials from main configuration file, gaining level 15 privileges with enable command, but after that... no way to enter "Global Configuration mode" because there are no "configure" family commands present!!! Simply can't say "Conf t" because there is no such command!
I bought a Cisco Wireless AIR-CAP2602i-E-K9 and have some practice on Cisco routers, but can not log in "Global Configuration Mode", not existe the command "Configure". How active configuration?
First time I have create SVI interface on C6500 and enable trunk on interface that connected to SW2960 and SW2960 assigned access vlan 100 on port connected to Notebook. Then I tried to ping from Notebook to C6500 on SVI100 which work fine.
Second time I tried to enable MST on C6500 and after that everything still working and I can ping from Notebook to SVI100 on C6500.
Third time I tried on turn on dot1ad in global configuration mode and from now I can't ping from Notebook to C6500.
Forth time I tried to disable dot1ad from global configuration by "no dot1ad" command and then I can ping.
My intention is I would like to do EVC which require dot1ad in global configuration but I stuck in third step and don't know what's does it mean for this command and how I can resolve this issue?
Information on C6500 IOS Software (s2t54-ADVENTERPRISEK9-M), Version 15.0(1)SY1 Processor SUP-2T Linecard WS-X6824-SFP
I recently rebuilt the configuration of our Cat6500 multilayer device for use as a user stack. The device is funtioning as it should be, but I am unable to set SSH using the 'crypto key generate rsa' command. The crytop command isn't avaiable at all, which suggests a firmware issue.
I have configured a hostname and Ip domain-name and the image is the only one available.
The show version output is listed below. show verCisco Internetwork Operating System SoftwareIOS (tm) s72033_rp Software (s72033_rp-IPSERVICES_WAN-VM), Version 12.2(18)SXF12, RELEASE SOFTWARE (fc2)Technical Support: [URL] Copyright (c) 1986-2007
I need to create a Cisco VPN Client connection: I am following the cisco vpn client link and I don't have the command crypto isakmep client configuration group XXXXX
[URL]
This is what I get: crypto isakmp client configuration ? address-pool Set network address for client
This is my show version, if there is an IOS that will work:
Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IK9S-M), Version 12.2(17a), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2003 by cisco Systems, Inc.
I am using radius authentication on C4507R+E with supervisor card 6L-E and IOS 15.0.2(SG1). It works perfectly but all radius messages appear in the console. Radius is very verbose, I can't use console because of the significant number of messages and I am worried about switches performances. I add that all debug commands are disabled.
I am looking to replace the active supervisor (S720-10G) on our 6509E running in SSO mode. The new module already has the same IOs version as the standby supervisor.Once I have swapped the module how do I know that the config has sync'd correctly other than checking the logs? Is it a case of looking at the "Redundancy Mode (Operational)" state and ensuring is says SSO?Also, is there a command that will force a config-sync if it is running in a mode other than SSO?
I have Cisco 2960 switches deployed in my environment along with radius server authentication. Now i need to assign some roles to particular users (shutdown port, description) so what i need to do for this task so not all users have same privileges.
We faced with problem after upgrade ASR from 12(2) 33 XNE2. I know that this is an old XE release but our Radius deny authization from ASR with more new XE version. Here is our radius attribute configuretion:
! radius-server attribute 44 include-in-access-req radius-server attribute nas-port format d radius-server host x.x.x.x auth-port 1812 acct-port 1813 non-standard
[Code]....
How can I add in my configuration that ASR send necesserry NAS-Port-Type - VPDN
I couldn't found out any info ((( for radius-server attribute 61 extended
I tried to authenticate and authorized Nokia/checkpoint Nortel/AD3 and Nortel 5510 platform using an 4.1 for windows ACS. the ACCESS-REQUEST is well processed bi the radius server wich send ACCESS-ACCEPT to the AAA Client (ie NORTEL or NOKIA), but i'have got privilege access denied on the Client side. RADIUS IETF Dictionnary is used for every device. all others Cisco Devices authenticate and are well authorized.
I am currently trying to get eap-tls user certificate based wireless authentication working. The mismatch of guides im trying to follow has me coming up trumps with success so far.
My steps for radius:- (i think this part ive actually got ok) [URL]
Steps for the wireless profile on a win 7 client:- this has me confused all over the place [URL]
My 1130 Config:-
[code] Current configuration : 3805 bytes ! ! Last configuration change at 11:57:56 UTC Fri Jan 25 2013 by apd
I am wondering if it has its own DHCP router and if theres a command to enable it?Also Random side question. it hands out ip addresses to other devices (the 2950 im using infront of a router) but when I hook up another switch to this switch it doesnt initialize the port or try to connect? why.
I have a couple of ACS 5.2 configured as active and backup and I am doing dot 1x authentication using these servers . I have configured the switch with the bellow configuration.
I notice that NAT is not possible Cisco Catalyst 4500e series. Is there any other ways to configure NAT? Currently we have 2x Catalyst 6509 and we're migrating to the 4510e and there's NAT in the 6509s. I was thinking of re-using the 6509s and connect to the 2 new 4510e in a meshed trunking layout with MST (Layer 2) and OSPF/EIGRP (Layer 3) protocols turned on.
I am trying to figure out the Flexible Net-flow on Cat 4510R+E Switch running IOS-XE code. My Neflow flow software is manageengine 7.X. I am able to see the netflow interfaces but the traffic itself is not displayed. On the Switch I can see the netflow exporter statistics counter being incremented thereby confirming as being exported.
I have been working with the 871 router and configuring it for work at home users. Now we are purchasing and using the 881's instead. I noticed that after write erasing the router, I need to run the command in the global config "license boot module c880-data level advipservices" just have eigrp.However when I type show license, I get the following:
Index 1 Feature: advipservices Period left: 8 weeks 3 days Period Used: 2 hours 55 minutes License Type: EvalRightToUse
[URL]
There is more but I left it out. However it shows that the advipservices license has only 8 weeks and 3 days left.What is this? I thought that when I buy a brand new router, I should get everything, including IOS licenses. So I would like to know is this a new licensing scheme and how does it get register and how do I get it so that the advipservices license is permanent?
We have a new building, and I told the cable company run OM3 cable from second floor to 1st FL data closet because we have 4510R SupV-10G at each floor.However, the cable company ran a regular fiber cable instead of OM3 mistakenly. My questions, can I still use OM3 patch cable?? Second questions, can I still have the 10Gig performance??
I have a two Cisco 4510R each with two sup V-10GE redundant. The code on these sup modules are 12.2(31r)SG3. I need some assistance in getting this setup worked out. I have all four of the 10GE populated with appropriate optics. I setup a link from one 4510R to the other using these interfaces. From the documentation I found I had to use Tengi1/1 and Tengi2/2 as the redundant pair. I plugged the up link into these ports. The Tengi1/1 (active supervisor) links up and works fine. But when I look at the ports port Tengi2/2 it isn't showing link or active. Now port 2/1 (nothing plugged into it) is showing as active.
Now is the redundancy supposed to be 1/1 and 2/1? If so, the switch is in production, when I move the connection over from 2/2 to 2/1 will it cause a outage? The reason for this is I now have a system with a 10G port and would like to utilize one of the other 10G ports. Is that possible? Or does it have to be a lag/redundant up link to work (say to another switch)?
I'm working on deploying a new 4510R+E for our organization. This is my first experience with a modular switch. I'm trying to enable SSO, however in the redundancy configuration mode, the sso command is not available. Is SSO only available with certain software images / licensing levels? [code]
I am trying to configure a 3500XL switch (and I know its old). I get to the int fa 0/1 line and thats where it all stops working.
switch#(config-if)#switch port mode access switch#copy run start or switch#(config-if)#switch port mode access switch#sh run int fa 0/1
It will show the configuration for port fa 0/1 as if I hadn't entered the "switch port mode access" command. Or any other command for that matter. Why the switch is not holding configuration and seemingly loses it as soon as you exit out of each interface?
We have cisco 4510R+E switch with IOS-XE Software Version 03.01.01.SG RELEASE SOFTWARE (fc1).Our this switch is having two core & one core is always going to about 90% to 98% cpu utilization while other core is showing normal (about 5% to 10%),we check with-This switch is gateway of our LAN.
We have recently purchased Catalyst 4510R-E with two PoE line cards. When we connected Cisco Wireless APs to Cat4510 PoE ports it did not come up. These WAPs are working fine on other Cisco switch with PoE ports so there is no issue with WAP. We have received two CAT4510 and on both two slots are populated with PoE line cards and on both switches WAPs are not coming up. PC/desktops are working fine on these ports.Is there any configuration required on Cat4510 to enable PoE feature.