Cisco cannot login? Currently i cannot login to the two of my cisco 3560 with the password that i usually used to login. and it is strength to me that its Configuration register is 0xF.
[BEGIN] 10/4/2011 10:22:57 AMshoTC-NGN-C3560-1>show verTC-NGN-C3560-1>show version Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Thu 19-Jul-07 18:15 by nachenImage text-base: 0x00003000, data-base: 0x01300000
ROM: Bootstrap program is C3560 boot loaderBOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)
TC-NGN-C3560-1 uptime is 50 weeks, 6 days, 9 hours, 34 minutesSystem returned to ROM by power-onSystem image file is "flash:c3560-ipservices-mz.122-35.SE5/c3560-ipservices-mz.122-35.SE5.bin"
I'm trying to configure ASA 5550 t8.4 so, that ssh and https access users would authenticate themselves vs Radius (or LDAP) server and they would be directly logged in with privilege mode 15.
I have Windows 2008 NTP acting as RADIUS server. And the network policy is: Service-Type - Login, Vendor-Specific - shell:priv-lvl=15 and allow full network access. All my AP's and switches with IOS are able to use that policy and i am able to get directly to exec mode (privilege lvl 15)
Is there a way to configure a ASA 5500 firewall so that when i access the firewall via SSH, my user is in privileged exec mode immediately after i have entered the log in credentials? So no need to enter "enable" anymore. I know how to do that with a router but couldn't figure it out for the ASA.
I am currently setting up a 2800 Series router, and prefer a username/password type authentication rather than a single enable password. To do this, I did:
This basically does what I want - when I connect to the router through console, it immediately asks me for a username and password. The thing is - as soon as I provide the right credentials, it takes me to USER EXEC mode (the default command mode). Is it possible to change that so that after entering the credentials, I go right into privileged exec mode?
Bonus question: As it is now, I just have no enable password, so when I login with my credentials, I issue "enable" to enter privileged exec mode without it prompting for an additional password. Is it safe to do it this way - having no enable password but requiring a username and password for login?
I am unable to login to switch c3560 through Hostname but able to login through IP address. when i am putting the command : login authentication telnetpwd
getting the below message:
AAA: Warning authentication list "telnetpwd" is not defined for LOGIN.
recently i do some lab about trunking protocol using Layer 3 switch C3560 and layer 2 switch C2960, but i face a problem that i cannot configure trunk port on my C3560 using "switchport mode trunk" command, and after looking for the answer from google i found that i have to "remove" the "auto" mode of C3560 using "switchport mode dynamic desirable" and after that we can enter the "switcport mode trunk" command successfully.
and my question are, whether the "auto" trunk mode in switch layer 3 is a default mode or not? and why i should enter "sw mode dynamic desirable" command before "sw mo trunk" command ?
We have a Cisco switch in each office and every now and then the port that has the D-Link Wireless AP (DAP-1522) connected to it goes to err-disable state. Actually sometimes even a regular port that has a cisco phone connected may also go to err-disable state (less often). So I have to telnet into the switch and issue shut and no shut command on that interface to get it back to life, then it works for a few days or weeks until it happens again. Any suitable configuraiton for that interface, that would prevent that from happening or a workaround ?
Here's the info:
Model: cisco WS-C3560-24PS and cisco WS-C3560-48PS Image:c3560-ipbase-mz.122-35.SE5.bin
This is the log from one switch:
31w5d: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state 31w5d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 74e2.f592.f7f2 on port FastEthernet0/2. 31w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
And from another, which is almost the same:
5d10h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/3, putting Fa0/3 in err-disable state 5d10h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8a2.5e31.2cf6 on port FastEthernet0/3. 5d10h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down 5d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
Here's the configuration of fe interfaces (they are all alike):
interface FastEthernet0/2 description Voice & Data Combo Port switchport access vlan 11 switchport mode access switchport voice vlan 15
I have created users and given them telnet access to router 7200. They have full privilges(15) but everytime they login they login into user-exec mode instead of privilege mode. Is there a way to skip user-exec mode and allow the users to login directly into privilge mode so they dont have to enter password twice?
I have added Cisco 5520 into the Cisco ACS 4.2 Tacacs Server. I can login to the user mode, but I can't login to the privilege mode ? though I have put enable password, but when I use that password, no joy ?
I configured the below config in Routers it is working good , but when i do the same in SWITCH-2960 , i am getting a problem not able to login to enable mode ... i am getting the basic login only ....
Error msg : % Error in Authentication.
Need to be configured at TAFE Network Devices: Code...
I have my first 3560x running IOS 15.0(1)SE and noticed that I can no longer login to privilege mode even though my use account is setup with privilege 15. I have the exact same setup on 12.2 (53)SE2 and have no issue, so has something changed?
how to straight away enter priv EXEC mode when authenticated for asr1002?? Using XR12000, it can be done but asr1002 have to input enable passwd...my username for asr1002 have privilege 15 and i want to enter priv EXEC mode straight away after login without asking the enable passwd.
I recently configured a Cisco AP 1242, software version 12.4, via the web interface using the default Cisco credentials. At that time I setup an administrator account with read/write access and changed the Cisco to a read only access. Now went I attempt to login to the web interface it won't accept the administrator password. It will except the administrator password in a telnet session however. So via the telnet session I setup another user with privileged exec level access and that wont work on the web interface either. The Login box keeps coming back requesting a password. Strangely enough, I can login to the web Interface using admin username, with the Cisco password; but I can't do anything, and I also can't view everything. I've tried the following:
I've turned on SSH and created a certificate in the AP, but the login box continues to pop on the https://url.I've attempted to setup a user with a non-encrypted password, but have been unsuccessful.I've tried a different browser - login box continues to pop.I've made sure the web interface is activated in the API've tried a differnet computerI've tried disabling password-encryption service. Reset the enable password , I've successfully setup other 1240 APs but must have done something wrong on this one.
I have a website account with fatcow. I created the website with Dreamweaver software and uploaded it to fatcow via port 21.My internet connection was via xplornet and I had no access problems. I upgraded to xplornet's new g4 system and now I can no longer access my account online or upload to my website.We have two computers. The first is a desktop system that has the dreamweaver software. The second is a laptop which connects wirelessly. We share the signal through a dlink router. The modem is a viasat Surfbeam 2 residential satellite modem.1. When I attempt to login to the fatcow control panel, the tab shows successfully authenticated and then re-directs me back to the login page. This happens on both the laptop and the desktop.
I have tried bypassing the router and the problem still exists.I took the laptop to the computer center and I can login to the account no problem.I used a free proxy server page on the internet and can login from my home system on my desktop no problem.I have completely turned off virus scan and firewalls. It doesn't work. I have tried IE7, Chrome, Firefox and they all have the same problem. The laptop runs IE8 and has the same problem.I can ping the page successfully. I can traceroute the page successfully. I can't nslooup any site at all. I get the domain not existant message.My ip and dns settings are the automatically find option.I have renewed ips and dumped the dns cache.Using alternate dns addresses doesn't rectify the problem. When I attempt to upload via dreamweaver, I connect but within seconds I get a Dreamweaver message that says "Connection to remote host has been lost. Click refresh to continue" and the log reads "FTP Error. Dreamweaver could not connect to server." I haven't taken my desktop anywhere to try to see if it works on a different network. I'm in a remote location (hence the satellite internet)and it is an hours drive to the nearest private internet connection and a 2 hour drive to the nearest public connection.
We have a Linksys WRT120N wireless router set up at one of our small offices. I noticed recently when trying to log in to the router to make some admin configurations that it will not accept the login credentials when trying to log in from IE10 browser. Works fine from Chrome, IE9, ect. logging in to a linksys router with IE10?
I have got my ccna voice lab configured and is up and running, my switch is configured with 2 differents Vlans (Data & Voice) and the fa 0/1 is configured as trunk port connecting to the CME router. I can telnet or ssh to all the devices on the network but only the switch in not accepting the request the only message I am getting is "request timeout".
I have a 3560-8PC in which the mgt vlan randomly (twice in one day or 2 weeks later) goes into the down state and will return w/o any interventaion 15-20 minutes later. Int G0/1 is the uplink to a 3750. I dont think its a layer1 issue at this time since i have seen it work just fine for over 2 weeks and drop again. I don't see any errors on the 3750 either.
WS-C3560-8PC 15.0(2)SE C3560-IPBASEK9-M LOG: ---------------------------------------- .Oct 20 19:34:37.533 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changeds tate to up
I was working with Opmanager software to monitor my network, and i downloaded the Netflow plugin, i tried to enable the netflow on my core switch c3560 but I was surprised that it does not support the NetFlow, after many resersh most of URL's say it does not support until i found another URL from Cisco Says that it support Flexble netflow now, but i think we should update the IOS.
I have some c3560 with system MTU set 1546 with interface VLAN10 whose MTU size is 1546 and there is no possibility to change it to another value. and we have some cisco 2600 where I can't set MTU bigger as 1500. I have a problem in establishing the OSPF adjacency between cisco 2600 abd 3560 , the command "ip ospf mtu-ignore" is set on both side but it doesn't work - the OSPF packets which are sent by c3560 are simply lager as 1500 bytes and are dropped by cisco2600.
the problem is that sometimes c7200 losses their BGP session, I would say in most cases it happens between NPE400 and NPE-G1/G2 whit error message like "session closed by a peer x.x.x.x" after some seconds BGP session goes again UP , and then after some minutes again DOWN .
it can be MTU problem, as the traffic passes those c35660 with MTU1500. The neighbour status showes that "transport tcp path-mtu-discovery" is enabled an all neighbours but it seems doesn't work. if I disable the path-mtu-discovery on the neighbours - the BGP session between them stays stable.
On my study lab I have got 2 switches a c3560 running IOS and a c2948g-ge-tx running CatOS. Both switches has SFP ports, I would like to configure ether channel between them switches using 2 SFP ports on each switch.
My question is if such configuration is possible and how to configure ether channel so that VLANS can travel between both switches running different operating system. I have tried but it's no working,
1.Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1) This switch EIGRP coverge is slow. 2.Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1) This switch EIGRP coverge is fast
The IOS have effect of the EIGRP coverge ? From which version IOS began ?
I have C3560 switches in my work environment. I want configure ssh on that switch but the IOS what they have 'c3560e-universal-mz.122-58.SE2' not support. As per advised I was triying to upgrade 'c3560e-universalk9-mz.122-58.SE2" for all my access switches.
I successfully upgraded for two switches.
I have two problems now
01. I upgraded the IOS successfully one Switch but the Poe is not working. What is the reason ?
02. After upgrade the IOS, the out put is as follows
I am in a doubt if the 3560-12-PC-S supports OSPF. Datasheet says we need IP Services image. But 3560-12PC doesn’t have the option with IP Services. Then I havigate to [URL] how?
So, any clues whether or not this box can run OSPF?
I have below switch and I was interested in configuring GRE on one of the interface. So I tried to create tunnel interface, the tab completes the command. Is GRE supported on this switch and IOS?
Switch#show version Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2007 by Cisco Systems, Inc. ...... cisco WS-C3560-48TS (PowerPC405) processor (revision G0) with 122880K/8184K bytes of memory. Switch(config)#interface tunnel 0 ^% Invalid input detected at '^' marker. Switch(config)#
Is it possible to reduce de recoveery time after an interface shutdown? Current interface configuration is as follows and it takes 1 second to recover from a shutdown. I need to decrease this time.(Cisco Catalyst C3560) [code]
Prime 1.3 (POC testing), for testing purposes I discovered a class C range (255.255.255.0) containing a bit of everything (AP 1240, C3560 & C3750).When looking in the config archive only the AP's have configs stored, the others failed, snmp & telnet credentials are the same for the whole range, what could I do wrong ?
Switch .55 can ssh into Switch .57 but cannot ssh into Switch .56. Switch 56 can ssh into Switch 55 and ssh into Switch 57 Switch 57 can ssh into Switch 55 and ssh into Switch 56
The software on .56 is:
C3560 Software (C3560-IPBASEK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
I noticed on .56, when I do a show ip ssh I get: SSH Enabled - version 1.5. It doesn't say version 1.99 like the others even when I configure version 2. Is this a bug I am running into?
I am upgrading the network equipment at my place of employment. We use Cisco C3560, 2960, 4506 and I was noticing that IOS 15.0.x is available. After doing some reading it appears that Cisco is going to a pay for the licensing functionality that you want. Do I need to purchase licenses to upgrade from IOS 12.X to 15.0.x to maintain functionality?
#sh run | inc user ! username USER0 secret 5 $1$passwordusername USER1 privilege 15 secret 5 $1$passwordusername USER2 privilege 15 secret 5 $1$password ! #sh run | inc aaa ! aaa new-modelaaa authentication login local_authen localaaa authentication login radius_authen group radius localaaa authorization consoleaaa authorization exec local_author localaaa authorization exec radius_author group radius localaaa session-id common ! #sh run | begin line vty ! line vty 0 4access-class 3 inexec-timeout 15 0authorization exec radius_authorlogging synchronouslogin authentication radius_authentransport input sshline vty 5 15!sh verCisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
the intent of the above is that management connections will only be accepted via SSH, and all of those will be authenticated via RADIUS, unless it's down, then it will use the local username/pw combinations, most of which are given Privledge level 15. Telnet should never work.SSH works as expected (authenticates via RADIUS), but the problem is that Telnet also works, will ONLY use the local database (never RADIUS), and, for some reason, leaves the users at Privledge level 1, instead of the configured 15.Essentially, it seems that at every point I have told it to do something that isn't the default with regards to telnet, it ignores me.Prior to a recent IOS upgrade, the switch didn't support SSH, so the previous config was Telnet with RADIUS, and that worked fine.
Had a switch die over the weekend, a c3560, per our normal procedure I pulled the hardware put a very basic config on it(vlans, portchannel, uplink ports, ip of management vlan, con and vty security, snmp, enable secret, and hostname). Then I use solarwinds orion to upload a copy of the old config to bring the switch back to the same state as the one that failed. Its a system that has worked for us 3 or 4 times in the past. But this time when the base config was on the box it couldnt ping across the network.I have tried clearing the arp cache and the dynamic mac tables, i verified the routing tables and even removed the 10.1.185.128/27 route and re-added it, saw the routing update go across to the other 65k, tried bouncing the edge switch(i cant bounce the 65k's), took down the po between the edge and 65k.
I have a network running some 20 switches, two controllers and many AP's. All the devices that should be able to connect to cisco network assistant can successfully. However there is one switch that will show in neighbours but will give the message of “unable to connect to device” when I try and add it to the topology.
As far as I can see the config is identically to all other similar switches in the network. I can telnet from a switch (management VLAN) to the switch in question. However when I try to ping or telnet from the PC running network assistant (different subnet) I am unsuccessful. However I can ping/telnet to all other cisco device from this PC. The switch is a WS-C3560-48TS and I have included the config for firstly the switch in question and another switch of the same model and config that works correctly.
sho run Building configuration... Current configuration : 7363 bytes ! version 12.2 no service pad service timestamps debug datetime localtime
I have a c3560 switch that has two gig fiber modules in it. I need to uplink fiber to one of these at 100mb. This is because this port will be rate limited to 20mb and 10 percent is the lowest you can go with the rate limiting command. Is there a 100mb fiber module i can insert in the 3560