I have issue with 2950 switch dot1x config is not working , but on 2960 its working fine .Below are the configs from both switches and a debug dot1x all snap, what may be the issue with 2950 switch ...
on 2950======>
aaa new-modelaaa authentication dot1x default group radiusaaa authorization network default group radius
[Code].....
I configured dot1x port-authentication on a 3750. The switch sends out a request to the radius server. The radius server sends a answer-packet to the switch udp port 21645 but it seems the switch discards the packet or something like that. The radius server gets the answer "Destination unreachable, Port Unreachable"
View 8 Replies View RelatedI am seeing the following behavior when computers move from one switch to another with dot1x ONLY when there is a 'stupid' switch in between.
computer -------- 'stupid' switch ------- 2960
dot1x is working fine but when the computer is disconnected, the port still shows the authentication session id so when the computer connects to another port or switch, authentication succeeds but traffic doesn't pass. While I'm almost certain that the culprit is the 'stupid' switch that doesn't clear the session id, I have already tried another one and the problem remains so I'm actually just asking for a confirmation that all these 'stupid' switches present this behavior and if there is a workaround in this case.
I am trying to configure 802.1x RADIUS Authentication on cisco 2950-24TT-L Switch. I am using following set of command as given below
Switch# configure t
Switch(config)# aaa new-model
Switch(config)# aaa authentication dotx default group redius
Switch(config)# dot1x system-auth-control
Switch(config)# inter fasteth 0/1
Switch(config)#dot1x port-control atuo
I am facing problem dot1x command is not working on interface.
I am trying to test the gigabit ports on a Cisco 2950 switch. 1000Base-SX. I have the internet or dhcp server connected to port 24 on the first switch and my pc hooked up to the (any) port on the second switch. Both switchs are connected with a fiberoptic cable with MTRJ connectors on either side.
Now when I use gi0/2 on both switchs all works fine. I get a dhcp address from the router on the other end of the first switch. but when ever I include gi0/1 on either end of the fiber optic cable neither of the ports will initialize (neither of the leds above the ports light up). I have deleted all the config files before booting up the switchs so they should have a default blank configuration.
When looking at the Http web page for the switch I dont see any issues with the port. what can I do to make sure these ports are working or can be configured?
I will not be able to post back any more information about the switch until next tuesday. Im off till then.
I have network consists of more then 20 cisco 2950/2960/3700 switches. I have configured port security in my switches. initially when i configured on my switches it worked fine....even for copule of months it worked fine. but suddenly it start creating issues and now i am not able to implement port security on switches. the configuration is same but there is no effect now. Same switches were fine but now even having same configuration it is not working. please see the configuration: [code]
View 5 Replies View Relatedi am facing a strange issue on cisco 2950 .IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA9, RELEASE SOFTWARE (fc1) suddenly my phone stopped working for DTMF tone, i mean when i dial a conference bridge lets say 6565 and then it ask for conference bridge code lets say 12345, it doesnt recognize the code and says code is invalid, SIP Proxy is Asterisk in this case.Currently my cisco switch port is configured for dual data + voice vlan, where DTMF dont work, sample config below [code]
View 2 Replies View RelatedI have 3750 switch (WS-C3750G-24TS-S1U) with IP Services version
Switch Ports Model SW Version SW Image------ ----- ----- ---------- ----------* 1 28 WS-C3750G-24TS-1U 12.2(46)SE C3750-IPSERVICESK9-M
on the switch, I have configured aaa new-modelaaa authentication dot1x default group radius dot1x system-auth-control but i am not able to implement the command under interface
Switch(config)#int gigabitEthernet 1/0/20Switch(config-if)#do?down-when-looped
dot1x commands are not available under the interface config. Is the IOS version is compatible with dot1x?
I want to setup the ACS 5.1 for dot1x-Port authentication. I want to make a machine authentication against an AD-Domain and I got the following error Message:24435 Machine Groups retrieval from Active Directory succeeded
View 13 Replies View RelatedWe're having an issue with the command "cts dot1x" when applied to an uplink interface.It basically kils the connection with this command is applied. Once you remove it, everything is back to normal, the platform is a cisco 3750x.
View 5 Replies View Relatedwe're having an issue with the command "cts dot1x" when applied to an uplink interface. It basically kils the connection with this command is applied. Once you remove it, everything is back to normal, the platform is a cisco 3750x.
View 0 Replies View RelatedI have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
Is there a way to get more messages out of a 2950 set to syslog? I've turned every logging option I can find to DEBUG, but all I get in my syslog are LinkUp/Down messages and "Configured from console by console". I'd love to see more information such as configuration changes, or even someone attempting to set up DTP on a switchport set to access mode.
View 2 Replies View RelatedOne of my wi-fi site having 2nos cisco 2950 switchs. in that network some D-link unmanageble swithes also there and access points also connected to cisco switchs and D-link switchs.after one or two days i am not able to connect the wi-fi, then i need to restart the access point then only wi-fi is working fine.I upgraded the latest ios also.I connected some access points to the cisco switch ports, those ports are showing crc error messages like below. [code]
View 18 Replies View RelatedI have a server windows 2008 that I would like to have a nic teaming configuration, the server has two nics, each nic is connected to a different switch. One is connected to cisco 2960 and the other is connected to cisco 2950. I have read here in forums about nic teaming but using the same switch. I have not found using different switch. Is this possible?
View 1 Replies View Related2950 switch has a IOS on flash , but i would like to set the swith like...
1. switch IOS to be loaded from TFTP server .if it fails
2. Loaded from local flash IOS1 , if it fails
3. IOS loaded from local flash IOS2.
does 2950 switch support this feature.
I have a problem with an etherchannel between a cisco 2950 and a couple of catalyst 4506. The cisco 2950 is connect via an etherchannel to the catalyst 4506A. The channel consist of two port on both side and is in trunk mode, encapsulation dot1q.Now i have the necessity to connect the 2950 to the other catalyst, 4506B. So, i copy the same configuration on the 4506B, but when I unplug the two rj45 cables from the catalyst 4506A to plug them in the 4506B the etherchannel doesn't go up in any way.
View 8 Replies View RelatedI have a cisco catalyst 2950 switch (flash:c2950-i6q4l2-mz.121-22.EA1b.bin), in remote location with public IP,how to upgrade ios remotely, by that time running configuration will go?how much down time is required and ?
View 7 Replies View RelatedI have 10 2950 switches on my network that support only 64 vlans on each one. I actualy have requrement to cleate around 100 vlans acros them, can I switch off vtp and create required vlans manualy? I will have more or less following set up:
router
|
2950 - vlan 1,2,3,4,5,6,7,8,9,10
[Code].....
c2950-i6q4l2-mz.121-22.EA10a.bin is the image name of the 2950 switch i have in my office. what is the meaning of " i6q4l2 "? I saw some IOS like IP base, adv-security. but i didn't see anything like this before.
View 2 Replies View RelatedWhat are the security issues in connecting a notebook to a console of the 2950 switch? Can virus or Trojan enter into a switch during configuration session? If the answer is yes, what precautions must I take to prevent such case?
View 2 Replies View Relatedi am having 2950 switch. Now i login through telnet but as per the company standard i have to login through ssh. Is there any possible to enable the SSH in 2950. Any IOS supporting this operation.
flash:/c2950-i6q4l2-mz.121-19.EA1c.bin
After setting up the domain name I try to use the crypto key and it is no where to be located. Below is some of the information I copied from TeraTerm
Switch-1(config)#ip domain-name justin.lab.comSwitch-1(config)#crySwitch-1(config)#cry?% Unrecognized commandSwitch-1(config)#crypto key ?% Unrecognized commandSwitch-1(config)#crypto key ^% Invalid input detected at '^' marker.
Switch-1(config)#?Configure commands: aaa
I configured rate limit on cisco 2960 switch sexuss fully, but i could not configure in cisco 2950 (verson 12.1 (22).To confiure the same on 2950
View 4 Replies View RelatedI am experiencing high cpu utilization in my 29501 switch. see the copied sh process cpu output.
CPU utilization for five seconds: 99%/95%; one minute: 89%; five minutes: 37%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 0 2 0 0.00% 0.00% 0.00% 0 Chunk Manager
[Code].....
Stumped again with my Catalyst 2950. Everything is working perfectly with wan/dhcp/router on fa 0/1 with all ports assigned to vlan1. All devices plugged in connect to the router correctly with ip's being assigned via dhcp.Instead of hooking up by console port I want to be able to SSH or telnet in to the switch using any port while still maintaining the above functionallity. Is it possible to assign a dhcp assigned ip address to vlan 2 and have vlan1 and 2 bridged? Or is there a better way of doing this ?
View 3 Replies View Related spam up the boards with the same basic CCNA level stuff, but I have a couple of questions about ios differences, limitations, and references. I have the following three switches. One appears to be considerably dated in regard to software version. My confusion/ignorance stems from managing VTP settings.
2924XL 12.0 5 WC8
2950 12.1 22 EA6
2950 12.1 22 EA6
When I set either 2950 switch as the VTP server, and the other as a client, the client inherits the server settings as expected. However the 2924 requires that I go into the vlan database from priv exec and manually set vtp client. That's pretty similar to setting any switch to client mode. The problem I am observing is that after setting the 2924 to client, it still doesn't inherit vtp version settings or pruning settings. I still have to manually configure those. Additionally, if I copy run start the 2924 after making these manual settings, and then reload the switch, all the settings are lost and it defaults back to server mode with all features disabled. From my searches, it looks like vlan information is stored in vlan.dat, but all the documentation I've found is on 12.1 ios which doesn't appear to use vlan database for vtp setup, meaning it might still be an issue, but not one I'm focused on at the moment.
Is the vlan database dumped at reload? I've read vlan.dat is stored in nvram and should be saved after a copy run start, but that is not the case for me.I have since set the 2924 as the server, manually configured the server from vlan database, executed copy run start, and reloaded the switch. Oddly, my manual settings saved from the reload, meaning I only lose settings when the switch is in client mode.Am I missing additional necessary client commands to save the config, or is this just a limitation of either the 2924XL or the 12.0 ios?On a related but completed out of scope topic, without a cisco service contract, how am I supposed to make heads or tails of all the different versions of ios, along with the letter-based features and what-not? I can't even find my 2924 in the list of platforms when searching for ios upgrades.
I have a above said switch at my remote office (600KM) which is connected with L2 Point to Point leased line. Both the ends I have Cisco 3950 catalyst switches with Vlans configured at both the ends. Now, for obvious reasons I should remove the other end 3950 switch and replace with Cisco 2950 switch. The other end 3950 is having 4 Vlans configured on 4 ports. Now my requirement is, I should configure 3 Vlans (one for P2P, one for 10 Desktops and one for to bring traffic from other network).
View 1 Replies View Relatedi'm trying to type the command (config)#spanning-tree mode rapid-pvst on my Cisco 2950, but (config)#spanning-tree mode ? only shows me one option - pvst. I've checked the Cisco support page which suggests my version of IOS should support rapid-pvst.
Switch_1#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)
I cannot seem to correct a duplex mismatch issue.I have a Cisco 2950 switch connected to a Cisco 2621 router. I am running a per-interface Vlan. I have two fastethernet ports and one NM-1E card installed on the router. One fastethernet port is connected to my gateway router, the second fastethernet port is connected to my switch for one Vlan. The NM-1E Ethernet card is being used for the second Vlan which consists of nine IP cameras. Though the cameras on the Vlan are working fine.Now, the NM-1E card is set to half-duplex. I know that I should be using a fastethernet module like a 1FE 2W or a 2FE 2W card, (which I have,) but the router does not recogonize either one of these cards when they are installed, and yes, they have been confirmed as good cards.
Using Router-on-a-Stick configuration is out due to the bandwidth contention besides the fact that the router I am using it on will not handle this due to the flash being an older version.I have forced the switchport to half duplex, setting the speed to 10. I was getting fewer error messages at first, but they soon increased back to the frequency that they began with.I have set the switchport to duplex auto, but this failed to resolve the issue.Obviously, I cannot force the switchport into duplex full since the NM-1E interface is set to half duplex. Can the NM-1E card be configured to full duplex? I can't seem to find any documentation showing where it can be forced to full duplex mode.Could nine IP cameras just be too much for both the router and switch to handle?
I have a 4503 switch (in L2 mode) running 12.1 hooked into a C2950 running 12.1, using regular 4 pair Cat5e cables to connect between them. The 4503 has Gigabit port 2/1 trunking to the 2950's Fa port 0/13.
When I set the duplex mode to DUPLEX FULL and SPEED to SPEED 100 on both switches (for their trunk ports) the link fails, and my 4503 loses connectivity (since it gets it from the 2950).
Here is my config from the switches (per description):
The 4503:
interface GigabitEthernet2/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,100-140
[Code].....
Note, this is the only mode that works (which seems to work fine, but I get TERRIBLE throughput for anything that goes over the 2950.
I own the Cisco switch,2950-24.When power on,it says Crash fault with information showed below: [code] Then I search google.com and found the resolution of upgrating IOS.I push mode button before power.Then I access into the CLI.I checked the files in the flash: and got these. [code]
View 8 Replies View RelatedI have cisco 2950 catalyst switch, verson IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(20)EA1a, RELEASE SOFTWARE (fc1)
So. for one of my port (FE 0/3) i need to put the bandwith limit 512 kbps, how to configure the above same.
Note:- I configured the below but no effect
1. interface FastEthernet0/3description * CONT TO B-CENTER *switchport access vlan 10switchport mode accessbandwidth 1024speed 10
2. and there is no srr bandwidth limit option for 2950, but the same is working for 2960.
