Cisco :: Time Synchronization Via NTP Between Catalyst 2960 And 6509?
Jul 1, 2012
I have a problem with the time synchronization via NTP between a Catalyst 2960 and Catalyst 6509. When I configure the 6509 switch as a NTP reference on the 2960, it does not synchronize with the 6509's NTP server. There is no reachability or ACL-related issue between both switches.
As soon as I configure a second Catalyst 6509 (which is completely identical to the other 6509 and in the same subnet) as a NTP server for the 2960, the time sync with the second 6509 happens immediality.
The first 6509 switch works as a NTP reference for at least 50 other switches and routers in the network - so why not for this one more switch? I checked some "debug ntp packet" and "debug ntp events" outputs and can clearly watch the NTP requests going out of the 2960, but on the 6509 just nothing happens - no debug outputs for this specific 2960, while requests from other devices come in all the time.
Maybe you have already experienced this strange behaviour in the past or got some deeper knowledge in the Cisco NTP server implementation. I could think of some sort of "maximum client limit" in the IOS NTP server, but could not find any mechanism like this in the standard NTP specification. Eventually, you can approve that this is a IOS-specific issue.
View 13 Replies
ADVERTISEMENT
Sep 4, 2011
time.windows.com keeps showing error code? Error Code says:( An error occurred getting the status of the last synchronization.) I have even but the info. in manually and the same code appears.
View 1 Replies
View Related
Dec 20, 2011
I've beating my head against the the above said problem for a quite a while. Our client has a very strict security policy and they require all standard protocol to comply with the expected behaviour. It was discovered that their 3750 switch running c3750-ipservicesk9-mz.122-25.SEE3 software and configured to sync its time with an external public NTP server triggers IPS signature - DNS Info leak. The problem is that the switch initiates the packet on UDP port 53 and not as I would expect on port 123 for NTP. Of course I can tune the IPS sensor and make it not to fire this signature but the client needs to know why it is happening and if it is faulty IOS software that doesn't comply to the rules.
View 2 Replies
View Related
Apr 19, 2012
Any input on this: We had a DMZ server that customers used to get to their information. This sever was the front end to get to the host that holds the customer information. The server was in a DMZ, the path from Server to host was: through DMZ switch, through firewall to 6509 switch to the host. We never had a problem with this, the server application was old but worked great.
We have since moved to having someone host the front end. The front end connects via Internet to their third party router, to the same DMZ switch through same firewall, to same 6509 to host. The third party router is configured with VPN tunnel to remote end. Connection comes through Internet to their router and is Na Ted then goes to DMZ, to host.
Internet---E1 (Router NAT) E0 ---ASA---6509---Host
We have had nothing but trouble with this connection. Customers are complaining because the connections time out so much. We see a lot of tcp resets on the host to the Router NAT ip address (which is the DMZ side interface). The resets usually show "Invalid Query Header Length". The current connection is capped at 1Mbps, with average response times of 50ms (spikes to 200).
They keep telling us that something is wrong with the host, but I have to believe the latency is causing us problems. I can see that bandwidth seems to be enough as I do not see the interfaces utilizing that much, averages about 300K. I was wondering could the IOS NAT be contributing to the problem as well?
View 2 Replies
View Related
Feb 16, 2011
I tried to update Cisco Catalyst 2960 Switches through LMS 4.0
But LMS won't update the 2960 because there is not enough Flash Space on the device. The 2960 shoud have 32MB but a dir flash shows this
27998208 bytes total (15343104 bytes free)
A manual update on the switch is working perfect. Is this a bug or if there is a workaround to make LMS 4.0 working?
View 2 Replies
View Related
Jan 4, 2011
I've just made a purchase for a Cisco 2960 8 port switch ( Exact model: WS-C2960PD-8TT-L ), I reckon this is what I need to set up my network, so far I've gone through the Express Set-up and configured it through there with no problems. I've set up the hardware in the following manner:
-Internet Modem
>Port 8 on Switch
->Port 1 on Switch goes to 1252 Cisco AP
->Port 2 on Switch goes to Linksys VOIP home Router
I let it start up and can connect to the internet through the AP, and through the router. (I'm posting through the AP-Switch set-up right now.) However, once I connect to the AP with a second client. It refuses to let the second client connect/not give an internet connection, as it would a direct connection to the modem.I'm going to assume this is due to NAT not being configured through the command line on the switch yet.
View 4 Replies
View Related
Jan 23, 2011
i have got 5 catalyst :
Cisco Catalyst WS-C2960G-24TS-S
version 12.2 (53) SE
Image : C2960S-UNIVERSALK9-M
and i can 't configure the switch with Cisco Network Assistant. I have got this error : "unsupported device".
it is not possible to configure this model with CNA ?
View 3 Replies
View Related
May 18, 2011
I have the folowing nat configuration on my catalyst 6509-E with a sup720-10G that does not work, and gives a erros messague:
ip vrf testes
rd 6900:5
interface Vlan1111
description liga
ip vrf forwarding testes
ip address 192.168.63.91 255.255.255.248
ip nat inside
[code]....
This configuration generates the folowing error:
NAT: translation failed (A), dropping packet s=128.2.21.21 d=192.168.63.185
If i change the nat overload to a static nat, everything? Is there any wrong with this configuration ?
View 1 Replies
View Related
Mar 6, 2012
I am using Cisco 2960 access switches and dont have NTP server so i can manually set time on switches but problem raised when these switches restart they show their factory default time.
View 2 Replies
View Related
May 22, 2011
One of my client useing 2960 switch but now face a problen after periodic time power off automaticaly. sometime cooling fan only run. Power of after 10 min or 3/4 hours and after power off it can get any power again. after 10/15 hours when power on then its works again but some times. whats is the problem hardware or software.
View 4 Replies
View Related
Oct 23, 2007
I'm working with two Catalyst 2960 switches and I would like to know if there is a way to monitor bandwidth on individual ports. Ideally I would like to have one graph showing a bandwidth usage reading on each port. I tried using the Network Assistant to accomplish this, but I was only able to view one port at a time. I also tried using a traffic graphing program from Paessler, but a MIB file is needed to allow the program to connect to the switch. When I ran a search on the network management page the 2960 was not on the list for MIB supported products. Is this type of graph possible to do?
View 2 Replies
View Related
Feb 25, 2013
I have a problem with radius authentication on catalyst 2960 with freeradius as radius-server. The Catalyst is behind a HP5412zl layer3-switch. The rest of the network are hp-layer2 switches, which do radius authentication to the same radius server. The ios on the catalyst is c2960-lanbasek9-mz.150-1.SE3. Apparently there are no requests made to the radius-server, since I dont see any requests coming in. Port 0/7 is voice port with laptop behind , /port 0/8 access-port with laptop directly connected.
config :
aaa new-model
aaa authentication dot1x default group radius
dot1x system-auth-control
!
!
!
interface FastEthernet0/1
[code]....
View 1 Replies
View Related
Feb 10, 2013
I need to configure on a cisco catalyst 6509 two VACL. On cisco 6509 there are already two SPAN ports configured, there are problems configuring other two VACL?
These VACLs send traffic to a Traffic Analyzer (SIEM), there are particular configurations to facilitate the operation?
View 1 Replies
View Related
Aug 4, 2011
We want to implement multicast on our network. We are going to use for online teaching purpose. I am very new at Multicast and not have much idea about it. We are not running any routing protocol in our network, only static route. The multicast server is located at One of our office and it is connected with L2 (Cisco 2960) switch, L2 switch is connected to L3 switch(Cisco 4948). L3(Cisco 4948) and Core Switch(Cisco 6509) with FWSM are connected with E-3 link with tunnel. Router 1 and Router 2 are connected with P2P ILL links which are terminated at serial interface. The Multicast Server IP is 192.168.2.131/25. The scenario of our network are mentioned below:
Multicast Server--->(L2 Switch)--->(L3 Switch)--->(Core Switch)--->(FWSM)--->(Router 1)---->(Router 2)--->(L2 Switch)--->(Multicast Client)
We have created a seprate vlan (i.e. vlan 102, interface IP is 192.168.2.129/25) for multicast at L3 switch, enable multicast routing, defined rp-address(i.e. 192.168.2.129/25), enable sparse-dense mode at multicast vlan as well as at some other vlan also for testing purpose and joined multicast group (i.e. Multicast IP is 224.3.3.5). At core switch we have also enabled multicast routing, defined rp-address (i.e. 19.268.2.129/25), enable sparse-dense mode at user vlan and inside vlan of FWSM and joined multicast group at user vlan and inside vlan. At FWSM we have enabled multicast routing, defined rp-address(192.168.2.129), doesn’t find any option to enable sparse-dense mode and joined Multicast group at inside vlan and router 1 vlan. At Router 1, we have configured the same thing. We have configured mroute at all the devices. We are able to ping from end to end. We are testing multicast by Multicast IP checker tool (provided by vendor). Multicast is working fine at L2 switch, L3 switch and Core Switch, but not from Router 1. Ping is reachable from Router 1. After doing mtrace at Router 1, the following output has come:
Router 1 (Mtrace with destination address 192.168.2.131)
mtrace 172.21.15.2 192.168.2.131 224.3.3.5
Type escape sequence to abort.
Mtrace from 172.21.254.50 to 192.168.2.131 via group 224.3.3.5
From source (?) to destination (?)
[Code] .....
If , we do mtrace from gateway IP address(i.e. 192.168.2.129) as destination address then mtrace is getting completed, but if mtrace is done from Mutlicast server IP address(192.168.2.131) as destination address, then mtrace is not getting completed.
We have connected one laptop at Router 1 vlan to test Multicast. The host, which is connected to Router 1 vlan is able to send multicast packet to other host and other host at different vlan are receiving it , but it’s unable to receive multicast packet send by other host of different vlan.
Do I need to enable igmp snooping at L2 switch, L3 switch and Core Switch ? I am not able to understand or can't figure out where i have configured wrong.
View 23 Replies
View Related
Oct 18, 2012
I'm trying to configure Catalyst 2960 series 8 port switch in my office. I have just plugged in switch and started and then put Ethernet cable (which is coming from the wall port (LAN) into CONSOLE (switch). and connected my laptop's ethernet cable to switch's 1x por
View 16 Replies
View Related
Dec 10, 2012
I would like to be able to query the dot1dStpPortState obect on the Catalyst 2960-S on our LAN . Im running firmware c2960s-universalk9-mz.122-55.SE2.bin and according to the Cisco SNMP Object Navigator the object is supported (via the BRIDGE-MIB).However when i query using snmpwalk from my workstation :snmpwalk -v 2c -c bic-zua-ro 10.u.y.x 1.3.6.1.2.1.17.2.15.1.3 I receive and error .SNMPv2-SMI::mib-2.17.2.15.1.3 = No Such Instance currently exists at this OID For the sake of comparison, querying our 4700 :snmpwalk -v 2c -c bic-zua-ro 10.u.y.x 1.3.6.1.2.1.17.2.15.1.3 returns (as expected, cropped)
SNMPv2-SMI::mib-2.17.2.15.1.3.1 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.3 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.40 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.67 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.104 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.257 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.258 = INTEGER: 5
SNMPv2-SMI::mib-2.17.2.15.1.3.259 = INTEGER: 5
Is there some special configuration i need to do on our 2960's. The only snmp related settings i can see in the running config is snmp-server community. In this case :
snmp-server community bic-zua-ro RO
View 3 Replies
View Related
Mar 27, 2013
I try to add a Catalyst 2960 to Cisco Network Assistant, I get the prompt for password but I get a "Authentication failed". I use the same login / password for telnet that works fine. Http admin page is reachable but I cannot login with the "admin" account.
View 2 Replies
View Related
Jun 13, 2012
I'm having trouble setting up SSH on my new Switch.
no aaa new-model
aaa authentication login default local
ip domain-name king.local
[Code].....
I would like to be able to use Vlan 10 192.168.155.1 for SSH remote management.
View 11 Replies
View Related
Aug 7, 2011
I have a device that does ip audio on one mac address and managagement is on another mac address. Both of these mac addresses come from one NIC on the device. We need to split these two traffic paths into two different vlans.How can I program this switch to sperate the different traffic into two vlan's based on mac address on one interface?
View 2 Replies
View Related
Mar 18, 2013
I have Catalyst 2960 S (WS-C2960S-48FPS-L) Switch. I have plugged in SFP module but still interface is down and line protocol down. Is there any configuration to enable SFP module and make the interface up?
This port is connected to nexus 5 k.
View 11 Replies
View Related
Dec 17, 2012
i have few catalyst switches (2960, 3750) and i can't upload to them any files by tftp from my laptop, but i can download from them, and this bug don't appears on two routers.I was change tftp server, type of connection (wifi, cable), turn off firewall on win7, but no dice.
View 2 Replies
View Related
Aug 20, 2012
i try to implement layer 2 qos in 2960. when i complete to configure the switch, i want to test the qos.PC1 conect to switch port 1,PC2 conect to switch port 2 . PC1 is source teminal. i use skydata.exe and FTP for the test.
when use the skydata ,the PC2 speed can reach 10mbps.when use the FTP , the PC2 only can reach 1.2mbps. why?
View 3 Replies
View Related
Apr 29, 2012
I can use Putty to SSH into my new switch (Directly connected to my laptop with ethernet cable), but I cant log into my switch.
Sent username "admin"
admin@192.168.251.1's password:
Access denied
It doesnt like my password, but I have only set 1 password (king) on this switch. I've configured 3 other switches with SSH and had no problem. Been trouble shooting for awhile and It'd be great if I could have a 2nd set of eyes take a peek, Also, my running config is attached.
View 5 Replies
View Related
Feb 28, 2011
Since I updated a Catalyst 2960 switch to IOS version 12.2(55)SE1 I can't do searchs by MAC address, when I do "Monitor->Search" the following error appears:"The software version of the selected switch does not support some of the CLI commands in read-only mode for this window. You must have read-write access to this switch to display complete information in this window" If packets are captured you can see that the issued command by the CNA host is "GET /exec/show/mac-address-table/", the answer from the switch is:"show mac-address-table ^% Invalid input detected at '^' marker.
If I do "Configure->Switching->MAC Address" instead I get the mac address-table correctly. In this case the issued command is "GET /exec/show/mac/address-table/dynamic" and no error is displayed, the answer from the switch is the list of mac-address table.
View 4 Replies
View Related
Dec 1, 2012
How would I go about stacking 4 Cisco Catalyst 2960-48PST-L switches? The one switch needs to accept a fiber connection from a distribution switch. Do I have to buy flexstack module and cables? If so where does the module go on the switch? If this switch cannot do this set up, any other switch I should look at.
View 6 Replies
View Related
Sep 20, 2012
Will catalyst2960 supports SSH, and how to configures with CLI.
View 2 Replies
View Related
Apr 9, 2012
I need to upgrade a Catalyst IOS, but I got a bit confused. The catalyst is currently running "c2960-lanbase-mz.122-35.SE5.bin", but I want to upgrade to "c2960-lanbasek9-mz.122-35.SE5.bin", in order to enable ssh. [code] What are the appropriate steps in order to upgrade to "c2960-lanbasek9-mz. 122- 35. SE5.bin". I have downloaded the tar file (c2960-lanbasek9-tar.122-35.SE5.tar)
1) Do I have to delete the old directory (drwx 192 Mar 1 1993 02:07:21 +02:00 c2960-lanbase-mz.122-35.SE5)?
2) Are these the correct steps to download and extract the IOS?
3) Where will the tar files be extracted? Will an new directory be made or do I have to make one manually?
View 3 Replies
View Related
Feb 22, 2012
Im trying to Connect a 2960-S Catalyst Switch to a 3560 Catalyst Switch. It worth pointing out im newish to switching although i know some commands and what they do This is my first time connecting 2 switches together.They are connected via a crossover cable and have green lights flashing on the connected ports When i run "show CDP neighbours it sees the new switch Unable to ping new switch...just timesout Here is the the interface on the 3650
GigabitEthernet0/40 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 001b.532f.8428 (bia 001b.532f.8428)
Description: Uplink to Switch 2
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
[code]....
View 6 Replies
View Related
Dec 15, 2012
I have packet loss with QoS configured and I was wondering is it somehow connected with the QoS configured on the switch.The traffic is passing through fa0/19 and gi0/1 interfaces.
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
[code]...
View 2 Replies
View Related
Feb 17, 2013
I have 4 Catalyst 2960 connected via Etherchannel to each other. If I plug in my notebook in one port, I see the traffic from the neighbor port. So my switch acts like a hub.. I had a look at my MAC table and saw it isn't full.
View 2 Replies
View Related
Jul 10, 2012
I am getting alarms on Solarwind indicating interface down on "GigabitEthernet 4/7 - Gi4/d1" and "GigabitEthernet 4/8 - Gi4/d2" from our core switch 6509.Remote login to the switch does not show the interfaces when I do the "sh run" command. Now I am at site trying to identify and diagnose this fault.Looking at the numbering on the switch, it indicates to me the card where these alarms come from is from the 'intrusion dectection module'
how I may login and identify this interfaces and rectify these alarms.
View 4 Replies
View Related
Feb 25, 2013
I have an doubt about some port in 2960.He have 2 SFP and 2 Fixed Ethernet. Can I use these 4 ports in the same time? Use 2 Ethernet and the 2 SFP with Fiber?
View 2 Replies
View Related
Mar 2, 2012
I have NM-AIR-WLC6-K9 in Cisco 2821. Is there opprotunity to retreive configuration via SNMP as from Cisco Catalyst 2960?
View 1 Replies
View Related
