I have got my ccna voice lab configured and is up and running, my switch is configured with 2 differents Vlans (Data & Voice) and the fa 0/1 is configured as trunk port connecting to the CME router. I can telnet or ssh to all the devices on the network but only the switch in not accepting the request the only message I am getting is "request timeout".
View 12 Replies
#sh run | inc user
!
username USER0 secret 5 $1$passwordusername USER1 privilege 15 secret 5 $1$passwordusername USER2 privilege 15 secret 5 $1$password
!
#sh run | inc aaa
!
aaa new-modelaaa authentication login local_authen localaaa authentication login radius_authen group radius localaaa authorization consoleaaa authorization exec local_author localaaa authorization exec radius_author group radius localaaa session-id common
!
#sh run | begin line vty
!
line vty 0 4access-class 3 inexec-timeout 15 0authorization exec radius_authorlogging synchronouslogin authentication radius_authentransport input sshline vty 5 15!sh verCisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
the intent of the above is that management connections will only be accepted via SSH, and all of those will be authenticated via RADIUS, unless it's down, then it will use the local username/pw combinations, most of which are given Privledge level 15. Telnet should never work.SSH works as expected (authenticates via RADIUS), but the problem is that Telnet also works, will ONLY use the local database (never RADIUS), and, for some reason, leaves the users at Privledge level 1, instead of the configured 15.Essentially, it seems that at every point I have told it to do something that isn't the default with regards to telnet, it ignores me.Prior to a recent IOS upgrade, the switch didn't support SSH, so the previous config was Telnet with RADIUS, and that worked fine.
I have "transport local ssh" but its still allowing telnet??This is a 2960 switch Here is the end of running config:
Code:
We have a Cisco switch in each office and every now and then the port that has the D-Link Wireless AP (DAP-1522) connected to it goes to err-disable state. Actually sometimes even a regular port that has a cisco phone connected may also go to err-disable state (less often). So I have to telnet into the switch and issue shut and no shut command on that interface to get it back to life, then it works for a few days or weeks until it happens again. Any suitable configuraiton for that interface, that would prevent that from happening or a workaround ?
Here's the info:
Model: cisco WS-C3560-24PS and cisco WS-C3560-48PS
Image:c3560-ipbase-mz.122-35.SE5.bin
This is the log from one switch:
31w5d: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
31w5d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 74e2.f592.f7f2 on port FastEthernet0/2.
31w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
And from another, which is almost the same:
5d10h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/3, putting Fa0/3 in err-disable state
5d10h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8a2.5e31.2cf6 on port FastEthernet0/3.
5d10h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
5d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
Here's the configuration of fe interfaces (they are all alike):
interface FastEthernet0/2
description Voice & Data Combo Port
switchport access vlan 11
switchport mode access
switchport voice vlan 15
[code]....
I have below switch and I was interested in configuring GRE on one of the interface. So I tried to create tunnel interface, the tab completes the command. Is GRE supported on this switch and IOS?
Switch#show version
Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
......
cisco WS-C3560-48TS (PowerPC405) processor (revision G0) with 122880K/8184K bytes of memory.
Switch(config)#interface tunnel 0
^% Invalid input detected at '^' marker.
Switch(config)#
IP routing is also enabled.
I have a network running some 20 switches, two controllers and many AP's. All the devices that should be able to connect to cisco network assistant can successfully. However there is one switch that will show in neighbours but will give the message of “unable to connect to device” when I try and add it to the topology.
As far as I can see the config is identically to all other similar switches in the network. I can telnet from a switch (management VLAN) to the switch in question. However when I try to ping or telnet from the PC running network assistant (different subnet) I am unsuccessful. However I can ping/telnet to all other cisco device from this PC. The switch is a WS-C3560-48TS and I have included the config for firstly the switch in question and another switch of the same model and config that works correctly.
sho run
Building configuration...
Current configuration : 7363 bytes
!
version 12.2
no service pad
service timestamps debug datetime localtime
[code]......
I have a strange problem with one switch in my LMS 3.2.1 installation.It is a WS-C3560-48TS with IOS 12.2(50)SE3 running. I have nine switches with the same type and IOS running without problems.
I notice the problem because there were no UT data for that switch. In RME and CS it was managed.Checking SNMP and config of the switch, but can't find any issues.Because at this time LMS ran in version 3.2 I installed at first CM 5.2.1 and after that the patches for CSCtd49439 and CSCtg20882.Next step was RME 4.3.1 with a lot of patches for different issues. Then I installed the patch for the internal error of CS (CSCtd07131).And finally I installed LMS 3.2.1 and patch for CSCto46927.Last step was installing the latest device packages. I did this directly from the application because it is much better handling than do a manual download. No the system seems to be fully updated.
I had the hope that CM will now find and manage this one switch. But it is still not available.I can't find the device in the data collection. But I can find it in the "Include Devices From DCR", although I configured to fetch all devices from DCR automatically to CM. To manually include the device is not working, too.
P.S. I used that step-by-step update path because it worked on two other servers very well for me.
Can a C3560-24PS switch with 32 MB flash be loaded with IOS 15? Will it be able to execute the code and function properly?
View 2 Replies View RelatedAfter setting up the domain name I try to use the crypto key and it is no where to be located. Below is some of the information I copied from TeraTerm
Switch-1(config)#ip domain-name justin.lab.comSwitch-1(config)#crySwitch-1(config)#cry?% Unrecognized commandSwitch-1(config)#crypto key ?% Unrecognized commandSwitch-1(config)#crypto key ^% Invalid input detected at '^' marker.
Switch-1(config)#?Configure commands: aaa
I have the following configuration to enable me telnet to a cisco switch, but couldn't even ping the 192.168.1.22.
vlan 22
!
conf t
int f4/4
switchport mode access
switchport access vlan 22
[code].....
I can telnet to switch from checkpoint firewall access port and from switch directly. I can ping/traceroute successfully to the switch. Access-lists 14 & 15 are allowing the traffic I want. The router on the other side of the FW has 2 static routes and a default static route set up.
Here is some of the config from my switch:service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryptionhostname xxxxx
enable secret xxxxxx
username xxxxxxxx password xxxxxxxip domain-name xx.xx.netaaa new-model
aaa authentication login default local enable line none[code].....
Not sure of checkpoint firewall config....I have run wireshark when trying to telnet and I get no syn-ack back from remote switch. Just 3 consecutive syn attempts.I have some switches I can connect to and they go right through the 3 way TCP handshake and I cannot find any differences in the configs between the successful connections and the unsuccessful connections.
I was logged in to this device in monday normally and in tuesday when i trying to
Cisco SW#telnet 172.17.1.1
Trying 172.17.1.1 ...
% Connection refused by remote hos
And i compare the current configuration with last configuration in monday i found no change, this device in live network also cpu is normally and memory.
I have set up a newly switch, cisco 3570C. Its in v15 and the only configuration i did is:
-set up interface ip add. 10.132.16.111
-set up telnet
I am able to telnet within LAN environment. I cant ping or telnet the switch in a WAN enviornment. Is there any setting i should confgure on the switch?
I have a Cisco 2960-S Switch, It is connected to a jack in the building to check the settings, Interface VLAN 1 has an ip, there is a default gateway, Any host connected to switch can access the network resources. But the problem is that I have to use Serial Cable to configure it. I cant ping or telnet into it from any other device. PC's are on different subnets/VLANS.
Basically this switch is connected to a port in a different switch, Do i have to make a trunk?
We have recently purchased SG 300-52Port Cisco Switch to support our Network but they constantly having some bizarre issues or I assume bugs, i.e. we cannot Telnet nor SSH to the switch now, whereas we were able to SSH before, we have set them up for Remote Log Services to get some syslogs and reports but no report have been generated nor logs,
I have done some testing through Wireshark and there are absolutely no reports / logs.We have some real issues with this switch and it’s hard to believe that this is a Cisco Product,
SG 300-52 Port Gigabit Managed Switch
Firmware Version (Active Image ) : 1.1.1.8
Firmware Version (Non-active ) : 1.1.0.73
Boot Version : 1.0.0.4
I only want SSH to be allowed when accessing this switch, but telnet is still allowed, why? Whe authenticate via radius.version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname 3750!boot-start-markerboot-end-marker!logging buffered 64000logging console informationallogging monitor informationalenable secret 5 $1$1K$!username admin privilege 15 secret 5 $1$Bs$cLHusername users view priv3 secret 5 $1$Jfnviwp!!aaa new-model!!aaa authentication login default group radius localaaa authentication enable default lineaaa authorization consoleaaa authorization exec default group radius local !!!aaa session-id commonclock timezone GMT 0clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-12ssystem mtu routing 1500udld aggressiveno ip domain-lookupip domain-name CB!!login on-failure loglogin on-success log!!crypto pki trustpoint TP-self-signed-3817403392enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-3817403392revocation-check nonersakeypair TP-self-signed-3817403392!!crypto pki certificate chain TP-self-signed-3817403392certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33383137 34303333 3932301E 170D3132 30343133 31303539 33395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38313734 30333339 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C31D AE6DD8B5 56245317 AD96F4F4 727385D4 97A5B138 488A215E 4294FC40 1C5B2F26 2B75E1CF E562F240 118F2F50 0CFF2449 16EC66EA 2D489F5F F36BFD05 ACCC79CA DDDA984D 4CB7AB DD95A5E0 9274A225 3F5A3634 DEBF1A2A 416E2189 B35B4473 C7D5EE2C E3D41675 A86F31CD.
View 3 Replies View RelatedI have 2 switches. 2960 and 3750. I have trunk on both ports of the switch. there are couple of vlans and ports are assigned to those vlans. examples are management, voice and data. int vlan 1 has ip there is default gateway the hosts are able to connect to the internet when connected to the switch.
View 5 Replies View RelatedI can't to connect on my switch (WS-C2950G-48-EI) with Telnet or HTTP.When to connect with console, i have a error [code]
View 4 Replies View RelatedWe got a switch issue here for 4507R-E with two sup6l-e supervisor running sso redudant. and we found that sometimes client can't ping through the local vlan ip add on the switch , can't logon the cli by telnet too. In the direct connected network device such as access switch and ASA , can't ping or telnet the 4507R too. when we made a forceswitch to sso standby supervisor from console , the problem solve and everything get fine . after that, we switch angin back to the origin supervisor , fine too.
before we made the supervisor forceswitch , we had check the system cpu usage is 15 - 20 % from console . also we had creat a new vlan 200, attach the notebook to 4507's vlan 200 port , the notebook can't ping or telnet the vlan 200 ip interface too.
Cisco cannot login? Currently i cannot login to the two of my cisco 3560 with the password that i usually used to login. and it is strength to me that its Configuration register is 0xF.
[BEGIN] 10/4/2011 10:22:57 AMshoTC-NGN-C3560-1>show verTC-NGN-C3560-1>show version Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Thu 19-Jul-07 18:15 by nachenImage text-base: 0x00003000, data-base: 0x01300000
ROM: Bootstrap program is C3560 boot loaderBOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)
TC-NGN-C3560-1 uptime is 50 weeks, 6 days, 9 hours, 34 minutesSystem returned to ROM by power-onSystem image file is "flash:c3560-ipservices-mz.122-35.SE5/c3560-ipservices-mz.122-35.SE5.bin"
[code]....
I have a 3560-8PC in which the mgt vlan randomly (twice in one day or 2 weeks later) goes into the down state and will return w/o any interventaion 15-20 minutes later. Int G0/1 is the uplink to a 3750. I dont think its a layer1 issue at this time since i have seen it work just fine for over 2 weeks and drop again. I don't see any errors on the 3750 either.
WS-C3560-8PC 15.0(2)SE C3560-IPBASEK9-M
LOG:
----------------------------------------
.Oct 20 19:34:37.533 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changeds tate to up
[Code].....
I was working with Opmanager software to monitor my network, and i downloaded the Netflow plugin, i tried to enable the netflow on my core switch c3560 but I was surprised that it does not support the NetFlow, after many resersh most of URL's say it does not support until i found another URL from Cisco Says that it support Flexble netflow now, but i think we should update the IOS.
[URL]
I have some c3560 with system MTU set 1546 with interface VLAN10 whose MTU size is 1546 and there is no possibility to change it to another value. and we have some cisco 2600 where I can't set MTU bigger as 1500. I have a problem in establishing the OSPF adjacency between cisco 2600 abd 3560 , the command "ip ospf mtu-ignore" is set on both side but it doesn't work - the OSPF packets which are sent by c3560 are simply lager as 1500 bytes and are dropped by cisco2600.
the problem is that sometimes c7200 losses their BGP session, I would say in most cases it happens between NPE400 and NPE-G1/G2 whit error message like "session closed by a peer x.x.x.x" after some seconds BGP session goes again UP , and then after some minutes again DOWN .
it can be MTU problem, as the traffic passes those c35660 with MTU1500. The neighbour status showes that "transport tcp path-mtu-discovery" is enabled an all neighbours but it seems doesn't work. if I disable the path-mtu-discovery on the neighbours - the BGP session between them stays stable.
On my study lab I have got 2 switches a c3560 running IOS and a c2948g-ge-tx running CatOS. Both switches has SFP ports, I would like to configure ether channel between them switches using 2 SFP ports on each switch.
My question is if such configuration is possible and how to configure ether channel so that VLANS can travel between both switches running different operating system. I have tried but it's no working,
1.Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1) This switch EIGRP coverge is slow.
2.Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1) This switch EIGRP coverge is fast
The IOS have effect of the EIGRP coverge ? From which version IOS began ?
I have C3560 switches in my work environment. I want configure ssh on that switch but the IOS what they have 'c3560e-universal-mz.122-58.SE2' not support. As per advised I was triying to upgrade 'c3560e-universalk9-mz.122-58.SE2" for all my access switches.
I successfully upgraded for two switches.
I have two problems now
01. I upgraded the IOS successfully one Switch but the Poe is not working. What is the reason ?
02. After upgrade the IOS, the out put is as follows
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C3560E-24PD 12.2(35)SE5 C3560E-UNIVERSAL-M
Cisco#sh boot sys
[Code].....
recently i do some lab about trunking protocol using Layer 3 switch C3560 and layer 2 switch C2960, but i face a problem that i cannot configure trunk port on my C3560 using "switchport mode trunk" command, and after looking for the answer from google i found that i have to "remove" the "auto" mode of C3560 using "switchport mode dynamic desirable" and after that we can enter the "switcport mode trunk" command successfully.
and my question are, whether the "auto" trunk mode in switch layer 3 is a default mode or not? and why i should enter "sw mode dynamic desirable" command before "sw mo trunk" command ?
I am in a doubt if the 3560-12-PC-S supports OSPF. Datasheet says we need IP Services image. But 3560-12PC doesn’t have the option with IP Services. Then I havigate to [URL] how?
So, any clues whether or not this box can run OSPF?
I am unable to login to switch c3560 through Hostname but able to login through IP address. when i am putting the command : login authentication telnetpwd
getting the below message:
AAA: Warning authentication list "telnetpwd" is not defined for LOGIN.
Is it possible to reduce de recoveery time after an interface shutdown? Current interface configuration is as follows and it takes 1 second to recover from a shutdown. I need to decrease this time.(Cisco Catalyst C3560) [code]
View 1 Replies View RelatedPrime 1.3 (POC testing), for testing purposes I discovered a class C range (255.255.255.0) containing a bit of everything (AP 1240, C3560 & C3750).When looking in the config archive only the AP's have configs stored, the others failed, snmp & telnet credentials are the same for the whole range, what could I do wrong ?
View 5 Replies View RelatedI have a weird situation with some switches.
Switch .55 can ssh into Switch .57 but cannot ssh into Switch .56.
Switch 56 can ssh into Switch 55 and ssh into Switch 57
Switch 57 can ssh into Switch 55 and ssh into Switch 56
The software on .56 is:
C3560 Software (C3560-IPBASEK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
I noticed on .56, when I do a show ip ssh I get: SSH Enabled - version 1.5. It doesn't say version 1.99 like the others even when I configure version 2. Is this a bug I am running into?
I am upgrading the network equipment at my place of employment. We use Cisco C3560, 2960, 4506 and I was noticing that IOS 15.0.x is available. After doing some reading it appears that Cisco is going to a pay for the licensing functionality that you want. Do I need to purchase licenses to upgrade from IOS 12.X to 15.0.x to maintain functionality?
View 4 Replies View Related
