Cisco 3550 Problem

I have a number of C3550 switches in the field and one of them seems to have a problem showing Interface statistics on some fast Ethernet ports.
Most ports are running at 100Meg Full-duplex, but some fail to show any "5 minute rate" stats when I do a show interface command. You can only determine the data rate throughput by doing succesive show int commands at set time intervals and counting the difeerence in the total packets received/transmitted sections.
Has anyone seen this elsewhere? Is this a known problem as I can't see any reference to this as a problem on TAC
The IOS version is 12.1(13)EA1a

There was a known issue for interfaces with low rate of pps(<40 pps) because of the way the counter is implemented. Look at the following bug which is in a Closed state(not resolved)
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdz06305
Change the load-interval to 30 seconds and see if this makes any difference.

Similar Messages

  • UPDATE: Deal of the Week - Cisco 3550 24 port PoE Switch

    Well that didn't last long...our "Deal of the Week" this week sold out in 1 day, so we figured we better do another deal for everyone. - - - Cisco 3550 24 Port PoE Switch - $65.00 --- www.cablesandkits.com/DOW

    How might you use PowerShell Direct, the latest addition to the PowerShell family that's coming with Windows 10 and Windows Server 2016? Consider this:Have you ever tried to make a configuration changeon a Friday afternoon, right before beer o’clock, and you couldn’t get access to the machine you needed to change? This problem might be caused by out-of-datesecurity settings, a network change, or something else.PowerShell Direct will work, even when otherwise things would stand in your way.According to Petri, the new software will change the way you operate "between hypervisorhost and guest virtual machine in a secure way." No more "faffing about to get security settings configured, holes poked in firewalls," or remoting in – PowerShell Direct gives you a direct way to open a session on any guest computer in seconds.
    If you have Windows...

  • Cisco 3550 IP Routing

    Hi,
    I am unable to run IP Routing command on my Cisco 3550 switch . Do upgrading of IOS will help me ?
    regards
    Neo

    Hi ,
    here is the output
    Switch-1#sh ver
    Cisco Internetwork Operating System Software
    IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC13, RELEASE SOFTWARE (fc1)
    Copyright (c) 1986-2005 by cisco Systems, Inc.
    Compiled Tue 20-Sep-05 10:05 by antonino
    Image text-base: 0x00003000, data-base: 0x00351FFC
    ROM: Bootstrap program is C3500XL boot loader
    Switch-1 uptime is 1 minute
    System returned to ROM by power-on
    System image file is "flash:c3500xl-c3h2s-mz.120-5.WC13.bin"
    cisco WS-C3548-XL (PowerPC403) processor (revision 0x01) with 16384K/1024K bytes of memory.
    Processor board ID FAA0428Y13Q, with hardware revision 0x00
    Last reset from power-on
    Processor is running Enterprise Edition Software
    Cluster command switch capable
    Cluster member switch capable
    48 FastEthernet/IEEE 802.3 interface(s)
    2 Gigabit Ethernet/IEEE 802.3 interface(s)
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 00:02:B9:9C:23:00
    Motherboard assembly number: 73-3903-04
    Power supply part number: 34-0971-01
    Motherboard serial number: FAA04299A9E
    Power supply serial number: PAC042800LS
    Model revision number: A0
    Motherboard revision number: B0
    Model number: WS-C3548-XL-EN
    System serial number: FAA0428Y13Q
    Configuration register is 0xF
    Switch-1#
    Switch-1#
    Switch-1#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Switch-1(config)#ip routing
    ^
    % Invalid input detected at '^' marker.
    Switch-1(config)#ip r?
    radius rcmd
    Switch-1(config)#
    regards
    Neo

  • Cisco 3550 ACL on VLAN

    i hav got Cisco 3550-12T, in that i hav created VLAN 2,3,4 & 5. now my requirement is VLAN 2 can communicate all VLAN's, where VLAN 5 should only communicate VLAN 2 & vice versa & VLAN 3,4 should only communicate VLAN 2 & vice versa. how do i proceed, by default if i enable "ip routing" i can able to communicate, but i do i filter the packetz as i said above?

    Hi,
    You can do it using extended acl's fro denying traffic from Vlan 3,4 to vlan 5. This can also be done using Vlan MAPS. Please go through the link below:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225sec/3550scg/swacl.htm#wp1082557
    regards,
    -amit singh

  • Cisco 3550-12T IP address

    Can i set IP address in Cisco 3550-12T in any one of the Gigabit Interface, being a layer 3 switch, it is possible, but when i entered the “ip address 192.168.1.1 255.255.255.252” in “gigabitEthernet 0/1” i get a message “IP addresses may not be configured on L2 links” why is that so? I enabled IP Routing & tried without enabling also, but still i get the same message. Thanks in advance.

    Hi Anand,
    Though it is a layer 3 switch but default behaviour of ports are layer 2.
    To make it layer 3 you have to first give "no switchport" command.
    int gig0/1
    no switchport
    ip address
    HTH
    Ankur

  • Assign VLAN from freeradius to Cisco 3550 Switch

    Hi All,
    I am trying to assign VLAN from freeradius to the a cisco 3550 switch but it's not working.
    I keep getting those lines in the cisco switch debug:
    3w6d: RADIUS:  Tunnel-Medium-Type  [65]  6   01:Unsupported            [6]
    3w6d: RADIUS:  Tunnel-Type         [64]  6   01:Unsupported            [13]
    What does it mean? Any idea how to solve this?
    Below freeradius conf and switch debug.
    Thanks.
    Configuration on freeradius users file:
    wassim    Cleartext-Password := "wassim"
            Tunnel-Medium-Type:1 = IEEE-802,
            Tunnel-Type:1 = VLAN,
            Tunnel-Private-Group-Id:1 = 100
    Cisco Switch debug log:
    3w6d: RADIUS:  authenticator 99 15 53 A6 AB B7 0B 75 - 9F A7 5F 27 8F F1 2E 67
    3w6d: RADIUS:  NAS-IP-Address      [4]   6   192.168.1.8              
    3w6d: RADIUS:  NAS-Port            [5]   6   50023                    
    3w6d: RADIUS:  NAS-Port-Type       [61]  6   Eth                       [15]
    3w6d: RADIUS:  User-Name           [1]   8   "wassim"
    3w6d: RADIUS:  Called-Station-Id   [30]  19  "00-15-F9-F8-4E-97"
    3w6d: RADIUS:  Calling-Station-Id  [31]  19  "00-1A-80-3F-F6-A1"
    3w6d: RADIUS:  Service-Type        [6]   6   Framed                    [2]
    3w6d: RADIUS:  Framed-MTU          [12]  6   1500                     
    3w6d: RADIUS:  State               [24]  18 
    3w6d: RADIUS:   DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7  [???????^u^[?#:T?]
    3w6d: RADIUS:  EAP-Message         [79]  69 
    3w6d: RADIUS:   02 06 00 43 15 00 17 03 01 00 38 BF 71 FC FA 04  [???C??????8?q???]
    3w6d: RADIUS:   BE DC FD CC 03 D2 7F 8B 09 63 2C B2 AE D8 AC 61  [?????????c,????a]
    3w6d: RADIUS:   64 21 2B 00 ED 0E 6E E8 B0 49 50 6B 99 B8 88 A4  [d!+???n??IPk????]
    3w6d: RADIUS:   36 C6 FD B9 F0 77 2D 82 28 0A 37 D1 D4 73 B4 59  [6????w-?(?7??s?Y]
    3w6d: RADIUS:   F9 37 E6                                         [?7?]
    3w6d: RADIUS:  Message-Authenticato[80]  18 
    3w6d: RADIUS:   A2 59 A3 DE A6 98 5F 78 25 12 59 BB 4D B8 74 F0  [?Y????_x??Y?M?t?]
    3w6d: RADIUS: Received from id 1645/123 192.168.1.57:1812, Access-Accept, len 186
    3w6d: RADIUS:  authenticator C0 31 7F D7 A6 D4 1F C8 - 27 AA F0 99 EA 1F 92 C3
    3w6d: RADIUS:  Tunnel-Medium-Type  [65]  6   01:Unsupported            [6]
    3w6d: RADIUS:  Tunnel-Type         [64]  6   01:Unsupported            [13]
    3w6d: RADIUS:  Tunnel-Private-Group[81]  6   01:"100"
    3w6d: RADIUS:  Vendor, Microsoft   [26]  58 
    3w6d: RADIUS:   MS-MPPE-Recv-Key   [17]  52 
    3w6d: RADIUS:   86 8B 3E 74 76 E7 CB 9A 8F EF F5 9C 16 2E 88 1A  [??>tv????????.??]
    3w6d: RADIUS:   12 3B 80 A6 E9 9B B6 6F E6 63 C8 AA B0 DB 0E 76  [?;?????o?c?????v]
    3w6d: RADIUS:   61 C1 6A 5D 62 BD 72 BE 78 C8 9D 4D A7 3F 54 35  [a?j]b?r?x??M??T5]
    3w6d: RADIUS:   40 DC                                            [@?]
    3w6d: RADIUS:  Vendor, Microsoft   [26]  58 
    3w6d: RADIUS:   MS-MPPE-Send-Key   [16]  52 
    3w6d: RADIUS:   8A 61 97 87 78 FD CA 16 8D F0 ED 75 C0 70 93 AE  [?a??x??????u?p??]
    3w6d: RADIUS:   71 EF 5A 21 53 35 A4 88 F9 84 16 83 10 43 6E 9E  [q?Z!S5???????Cn?]
    3w6d: RADIUS:   AB A7 8B 56 6C 42 0D AB 09 1D 82 D3 CB 7E 6C B8  [???VlB???????~l?]
    3w6d: RADIUS:   56 58                                            [VX]
    3w6d: RADIUS:  EAP-Message         [79]  6  
    3w6d: RADIUS:   03 06 00 04                                      [????]
    3w6d: RADIUS:  Message-Authenticato[80]  18 
    3w6d: RADIUS:   82 4B 64 0F 07 64 59 18 0F 27 07 95 A5 15 09 33  [?Kd??dY??'?????3]
    3w6d: RADIUS:  User-Name           [1]   8   "wassim"
    3w6d: RADIUS: EAP-login: length of eap packet = 4
    3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
    3w6d: RADIUS: TAS(1) created and enqueued.
    3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
    3w6d: RADIUS: Tunnel-GID, [01] 100
    3w6d: RADIUS: unrecognized Microsoft VSA type 17
    3w6d: RADIUS: unrecognized Microsoft VSA type 16
    3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
    3w6d: RADIUS: free TAS(1)
    3w6d: RADIUS: no appropriate authorization type for user.
    3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
    3w6d: RADIUS: TAS(1) created and enqueued.
    3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
    3w6d: RADIUS: unrecognized Microsoft VSA type 17
    3w6d: RADIUS: unrecognized Microsoft VSA type 16
    3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
    3w6d: RADIUS: free TAS(1)
    3w6d: RADIUS: no appropriate authorization type for user.
    3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
    3w6d: RADIUS: TAS(1) created and enqueued.
    3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
    3w6d: RADIUS: unrecognized Microsoft VSA type 17
    3w6d: RADIUS: unrecognized Microsoft VSA type 16
    3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
    3w6d: RADIUS: free TAS(1)
    3w6d: RADIUS: no appropriate authorization type for user.
    3w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to up

    I believe you should be using the numerical values in your fields, look at this one :
    http://www.scribd.com/doc/75788651/52/X-with-VLAN-Assignment
    Tunnel-Medium-Type:1 = 6
    Tunnel-Type:1 = 13
    Tunnel-Private-Group-Id:1 =

  • Remote Access VPN on Cisco ASA Problem

    Hi, i configured Remote access VPN on Cisco ASA 8.x as per below configuration.
    Problem is that my internet has stopped working, and default route is just showing stars.
    i can ping internal server 10.110.10.150 fine , which i allowed on VPN ACL, but my other traffic not going to regular internet on my laptop,
    what additional required to force my internet to go to regular internet instead of getting encrypted?
    Also attaching output of route print at the point when VPN is connected.
    ip local pool RA_VPN_POOL 10.1.200.100-10.1.200.150 mask 255.255.255.0
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto dynamic-map RA_VPN 65535 set transform-set ESP-AES-128-SHA
    crypto dynamic-map RA_VPN 65535 set security-association lifetime seconds 28800
    crypto dynamic-map RA_VPN 65535 set security-association lifetime kilobytes 4608000
    crypto map VPN_MAP 65535 ipsec-isakmp dynamic RA_VPN
    crypto map VPN_MAP interface outside
    isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    tunnel-group ITT_RA type remote-access
    tunnel-group ITT_RA general-attributes
    address-pool RA_VPN_POOL
    default-group-policy RA_VPN_GP
    tunnel-group ITT_RA ipsec-attributes
    pre-shared-key <group key>
    group-policy RA_VPN_GP internal
    group-policy RA_VPN_GP attributes
    dns-server value 10.0.0.1 10.0.0.2
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Split_Tunnel_List
    default-domain value mydomain.com
    address-pools value RA_VPN_POOL
    access-list Split_Tunnel_List extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
    access-list nonattest extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
    nat (inside) 0 access-list nonattest
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      10.111.36.1      10.111.36.9          276
              0.0.0.0          0.0.0.0         On-link      10.1.200.100            20
           10.1.200.0    255.255.255.0         On-link      10.1.200.100    276
         10.1.200.100  255.255.255.255         On-link      10.1.200.100    276
         10.1.200.255  255.255.255.255         On-link      10.1.200.100    276
        10.110.10.150  255.255.255.255       10.1.200.1     10.1.200.100    100
          10.111.36.0    255.255.255.0         On-link       10.111.36.9    276

    Hi, i configured Remote access VPN on Cisco ASA 8.x as per below configuration.
    Problem is that my internet has stopped working, and default route is just showing stars.
    i can ping internal server 10.110.10.150 fine , which i allowed on VPN ACL, but my other traffic not going to regular internet on my laptop,
    what additional required to force my internet to go to regular internet instead of getting encrypted?
    Also attaching output of route print at the point when VPN is connected.
    ip local pool RA_VPN_POOL 10.1.200.100-10.1.200.150 mask 255.255.255.0
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto dynamic-map RA_VPN 65535 set transform-set ESP-AES-128-SHA
    crypto dynamic-map RA_VPN 65535 set security-association lifetime seconds 28800
    crypto dynamic-map RA_VPN 65535 set security-association lifetime kilobytes 4608000
    crypto map VPN_MAP 65535 ipsec-isakmp dynamic RA_VPN
    crypto map VPN_MAP interface outside
    isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    tunnel-group ITT_RA type remote-access
    tunnel-group ITT_RA general-attributes
    address-pool RA_VPN_POOL
    default-group-policy RA_VPN_GP
    tunnel-group ITT_RA ipsec-attributes
    pre-shared-key <group key>
    group-policy RA_VPN_GP internal
    group-policy RA_VPN_GP attributes
    dns-server value 10.0.0.1 10.0.0.2
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Split_Tunnel_List
    default-domain value mydomain.com
    address-pools value RA_VPN_POOL
    access-list Split_Tunnel_List extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
    access-list nonattest extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
    nat (inside) 0 access-list nonattest
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      10.111.36.1      10.111.36.9          276
              0.0.0.0          0.0.0.0         On-link      10.1.200.100            20
           10.1.200.0    255.255.255.0         On-link      10.1.200.100    276
         10.1.200.100  255.255.255.255         On-link      10.1.200.100    276
         10.1.200.255  255.255.255.255         On-link      10.1.200.100    276
        10.110.10.150  255.255.255.255       10.1.200.1     10.1.200.100    100
          10.111.36.0    255.255.255.0         On-link       10.111.36.9    276

  • Cisco 3905 problem / remote site

    Hi all!
    Information:
    I have CUCM 8.6.2.20000-2 and many Cisco IP Phone 3905 (SIP). Some of them deployed in central office and some in remote sites.
    Phone information:
    Boot Version: 3905.0-0-0-01-01
    DSP Version: 12.0.0.8
    Application: 3905.9-2-2-0
    Symptoms:
    In remote sites only!
    The phone is registered and working fine. However, after few hours idle state I lift the handset, dial any number and nothing happens. Drop the call and try again 2-3 times. After that either call passed or get permanent busy tone (need to reboot the phone to work again).
    The phone is marked as registered on CUCM and I hear dial tone when lifted the handset.
    I cannot collect debug messages from phones, because as soon as I login via telnet it going work fine.
    There is no such problem in central office.
    Phones print following messages in terminal all the time:
    17:07:10:302 x [CENTRAL] CDP/LLDP-MED CB function is called
    17:07:26:491   [sip]  03:58:24.490    pjsua_acc.c  SIP outbound status for acc 0 is not active
    17:07:26:495   [sip]  03:58:24.494    pjsua_acc.c  "п°п╦я┘п╟п╦п╩ п я┐пЇя▄п╪п╦пҐ"<sip:[email protected]:5060>: registration success, status=200 (OK              ), will re-register in 120 seconds
    17:07:26:502   [sip]  03:58:24.500         pjcu.c  pjcu_on_reg_state2(), Account["п°п╦я┘п╟п╦п╩ п я┐пЇя▄п╪п╦пҐ"<sip:[email protected]:5060>] : OK,               status=200
    17:07:26:506 x [pcu] pcuRcvHandler(CALL), SRV_EV, eid=0, cid=65535,
    17:07:26:510 x [pcu] [pcux_insrv_cb():7071] CUCM_DateTime:Mon, 27 May 2013 11:07:26 GMT
    17:07:26:511 x [pcu] Sync time from server: Mon, 27 May 2013 11:07:26 GMT
    17:07:26:515 x [pcu] [set_svr_type][1599] Bfe active_server_idx=0, serverType=0
    17:07:26:515 x [pcu] [set_svr_type][1602] Aft  serverType=0, Server Number=2
    17:07:26:531   [ipps] ----- PCU: CC_SRV, pid=0, eid=0, cid=65535 -----
    17:07:26:532   [ipps] In func: remoteNtyEvtProcess(), lib = 0, cid = 65535, ntyEv = 0
    17:07:26:533 f [ipps] In func: remoteNtyEvtProcess(), recv inservice nty, svrType = 0, cause = 0
    17:07:26:534 f [MMI] <RCV>: In func: ui_nty(), lid = 0, cid = 65535, ntyEv = 0
    17:07:26:535 x [CENTRAL] IPPS CB function(RegStatus) is called (1) with Line (0)
    17:07:26:536 f [ipps] In func: mlcu_isKpmlEnabled(), KPML value = 3, blRet = 1
    17:07:26:537 x [CENTRAL] Enter FSM: State(STANDBY) | Event(REGISTER_OK) | Cause(0)
    17:07:26:540 x [CENTRAL] Unexpected event REGISTER_OK (cause=0) at STANDBY state
    17:07:26:541 x [CENTRAL] Waiting event in STANDBY
    17:07:58:990 x [CENTRAL] CDP/LLDP-MED CB function is called
    17:08:39:022   [sip]  03:59:37.021         pjcu.c  pjcuRcvHandler(KA), KA_REQUEST, eid=-1, p1=192.168.70.1:5060
    17:08:39:040   [sip]  03:59:37.036         pjcu.c  pjcu_rpt_ka_status(), target(192.168.70.1:5060): status=1, id=27
    17:08:39:044 x [pcu] pcuRcvHandler(KA), KA_RESPONSE, eid=0, addr=192.168.70.1:5060, status=1
    17:08:39:050 x [pcu] [pcu_polling_sipserver_thread():1478] mark!
    17:08:54:130 x [CENTRAL] CDP/LLDP-MED CB function is called
    Thanks for your help.

    There are 2 versions of firmware on cisco.com. cmterm-3905.9-2-1-0 is the default firmware going with CUCM 8.6.2.20000-2 for 3905 phones and cmterm-3905.9-2-2-0 I've installed recently. Both versions of firmware with same problems.
           Some new information. I get traffic dump with wireshark.
    INVITE sip:[email protected]:5060;transport=tcp SIP/2.0
    Via: SIP/2.0/TCP 192.168.70.86:3457;rport;branch=z9hG4bKPjdp3HjFLs7Dy03RL9ce.16qung.tOq5O3
    Max-Forwards: 70
    From: "............ .............." ;tag=5a25b465-747b-4c31-a020-1a9636827427
    To: sip:[email protected]
    Contact: ;+sip.instance="";+u.sip!devicename.ccm.cisco.com="SEP10BD18DD3F59";+u.sip!model.ccm.cisco.com="592"
    Call-ID: e9edcc43-6a9b-42b8-8efc-99f702b313d1
    CSeq: 28324 INVITE
    Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
    User-Agent: Cisco-CP3905/9.2.1
    Supported: replaces,join,sdp-anat,norefersub,extended-refer,X-cisco-callinfo,X-cisco-serviceuri,X-cisco-escapecodes,X-cisco-service-control,X-cisco-monrec,X-cisco-config,X-cisco-sis-4.0.0,X-cisco-xsi-7.0.1
    Expires: 900
    Accept: application/sdp
    Allow-Events: kpml,dialog
    Remote-Party-ID: "............ ..............";privacy=off
    Content-Type: application/sdp
    Content-Length:   294
    As you can see phone trying to invite [email protected]:5060, BUT I dial 7103 DN from 7102. So where are other numbers? Bug?

  • 10.4.8 and Cisco/VPN problem solved

    Hi,
    This and related issues have arisen in threads on the past month, regarding the Cisco VPN v 4.9005 (and perhaps other VPN software) not working the same after the 10.4.8 upgrade. The problems relate to either not making a VPN connection, or data transfer after the successful connection is made, once the upgrade happened.
    The workaround was to run the Network Setup Assistant every time to do the connection properly before launching the VPN. But this is a pain.
    The eventual solution was simple, although effecting it was not straightforward. It was necessary to do a clean install of the VPN client. This is something that I could not accomplish manually, despite suggestions from the discussion group as to which files to remove, because it was difficult to find all the files that the install put it. But, at least on my machines, it could be done by command line in Terminal - cd to /usr/local/bin, ls vpn_uninstall to see if it is there, and if so, sudo ./vpn_uninstall.
    I don't know if other machines can do this or if this was part of our local IT install, but IT WORKED. I AM FREE!
    Wayne

    that's odd....
    I'm running cisco client 4.6.04 on OS X 10.4.8 and VNC without any problems...
    the only difference is my radius server is an NT box, but I can AFP and VNC to my Mac on that network.

  • New 2.4 Macbook and Cisco VPN problems?

    Is anyone else using the new MacBook Pro's with Cisco VPN? I cannot get the software to work, I get an error 51 "unable to connect to VPN subsystem" at every launch. I've ininstalled and reinstalled the cisco software, I'm using the latest VPN 4.9. I've got a 2.3 macbook pro sitting right next to it, and it runs the cisco software fine. Something with the Santa Rosa set? Any help would be greatly appreciated. I have no other network issues. All the software is up to date, system, cisco, etc. Thanks...

    Fixed my own problem, appears it's Parallels related, after I reinstalled the new parallels 3.0, cisco started working fine. Whew....;-) Hope this helps others.

  • AD Machine Authentication with Cisco ISE problem

    Hi Experts,
    I am new with ISE, I have configured ISE & Domain computers for PEAP authentication. initially machine gets authenticated and then starts going MAB.
    Authentication policy:
    Allowed protocol = PEAP & TLS
    Authorization Policy:
    Condition for computer to be checked in external identity store (AD) = Permit access
    Condition for users to be checked in external identity store (AD) plus WasMachineAuthenticated = permit access
    All of the above policies do match and download the ACL from ISE but computer starts to mab authentication again...
    Switchport configuration:
    ===============================================
    ip access-list extended ACL-DEFAULT
    remark Allow DHCP
    permit udp any eq bootpc any eq bootps
    remark Allow DNS
    permit udp any any eq domain
    permit ip any host (AD)
    permit icmp any any
    permit ip any host (ISE-1)
    permit ip any host  (ISE-2)
    permit udp any host (CUCM-1) eq tftp
    permit udp any host (CUCM-2)eq tftp
    deny ip any any
    ===============================================
    switchport config
    ===============================================
    Switchport Access vlan 10
    switchport mode access
    switchport voice vlan 20
    ip access-group ACL-DEFAULT in
    authentication open
    authentication event fail action next-method
    authentication event server dead action authorize vlan 1
    authentication event server alive action reinitialize
    authentication host-mode multi-domain
    authentication order dot1x mab
    authentication priority dot1x mab
    authentication port-control auto
    authentication periodic
    authentication timer reauthenticate server
    authentication timer inactivity 180
    authentication violation restrict
    mab
    dot1x pae authenticator
    dot1x timeout tx-period 100
    ====================================================
    One more problem about the "authentication open" and default ACL. Once the authentication succeeds and per user is ACL pushed though ISE to the switch. The default ACL still blocks communication on this switchprort.
    Your help will highly appreciated.
    Regards,

    You need to watch the switch during an authentication, see if the machine is passing authentication and the user may be failing authentication causing the switch to fail to mab.  If your switch configuration is on auth failure continue to next method, then this makes sense.  The question is why is the user failing auth but the machine is passing, could be something in the policy.  Make sure your AD setup has machine authentciation checked or it may not tie the machine and user auth together and the user may be failing because ISE can't make that relationship so the machinewasauth=true is not beeing matched.  Easy way to check is remove that rule from your policy and see if the same thing happens.
    I've also seen this happen when clients want to use EAP-TLS on the wired, machines passes auth, then the user logs into a machine for the first time.  The user auth kicks off before the user gets a cert and fails auth with a null certificate, since this is a auth failure the switchport kicks over to MAB.
    I don't think wasmachineauth=true is that great, I prefer to use EAP-FASTv2 using Cisco Anyconnect NAM with eap-chaining.  This is great because you can do two part authentication.  EAP-FAST outer with EAP-TLS inner for the machine auth, and MSCHAPv2 for the inner of the user auth. You get your EAP-TLS auth for the machine and don't have to worry about a user logging into a machine for the first time and switching to MAB because the user doesn't have a cert yet.  I also do my rule to say if machine pass and user fail, then workstaion policy, if machine and user pass then corp policy.

  • Cisco 1310 problem

    First, i want to apologize for my English.
    I have a wireless network, which connects areas isolated by the sea.
    One of the repeaters have connection problems.
    There is a picture that illustrates my problem.
    The repeater in red, was installed recently. Because of the distances are added to each output TNC an amplifier of 1 watt.
    The problem arises when the bridge that connects to the repeater, it begins to traffic on the network.
    The repeater is disconnected, leaving the bridge and repeater offline.
    We believe that the problem is caused by the fact that this link is at 12 meters above sea level. And we think that we could solve that problem by adding two amplifiers to the Master AP.
    Any suggestion.

    You did not include the config files for the 1310's, did you set the distsnce prameter for the radio on the root bridge. for longer distances the AP needs to adjust the time out values.
    http://cisco.com/en/US/docs/wireless/access_point/12.3_8_JA/command/reference/cr38main.html#wp2481270
    Hope this helps.
    Bill

  • Cisco IOS problem

    I have this error when I start my router
    System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
    Copyright (c) 2003 by cisco Systems, Inc.
    Bad RAM at location 0x00000000: wrote 0x00000000, read 0x00000400
    Which is the problem? How can I fix it?

    RAM is creating problem or you can say that not compatable just change your RAM ( If 2 RAMS are placed in Router then unplugged ram 1 by 1 like unplug 1st RAM and check then place 1st RAM back and unplug 2nd RAM and then check
    i m sure your problem will solve
    Hope this will help you
    if yes then rate this article

  • Cisco E900 problem

    Hi I bought a Cisco E900 wireless router in the last week. Its blocking certain websites .Its even blocking where a user has to sign in yahoo answers page or to sign in even the yahoo mail.
    Please help me Its urgent

     I have a broadband connection with ADSL modem.  The modem and router are connected as ofcourse seen from the documentation correctly. I am getting excellent signal strength in my laptop also
     I can access many other sites without any problem.Its just with some sites that are causing problem like yahoo sign in pages(but the yahoo page is accessible,from that when I click sign in or mail link it doesn't load). Also with UHRS web entry login I am experiencing issue, this site also loads but when I use its sign in button nothing happens just that site stays without any action.
    Do u want me to share the snapshot , because only it says is the usual error display with browser ie
    the web page  is not available. 
    Please help to solve this issue as soon as possible

  • Cisco 7204VXR problem

    I am experiencing a problem with a Cisco Router 7204VXR with the fastEthernet interface. The board is model PA-2FE-TX (FE2/0 and FE2/1): the FE2/1 seems to work correctly, while I have problems with the FE2/0. After putting it up and as soon as a data traffic greater than a ping passes through it, the interface becomes "frozen", still remaining up. Sometimes this fact causes problems also to the other interface (FE2/1).
    I also replaced the board, but the problem remains. I observed the presence of a lot of collisions (in half-duplex mode), while in full duplex-mode neither a ping works.
    Thanks in advance for your help

    Hi, I suppose that u want to see the counters on the fa 2/0 while is working, but unfortunatelly i' ve setted it down few days ago couse it was causing some prob to the other interface fa 2/1 (on the same slot) and i had to reboot the router then. It was losing some packets!
    Anyway the interface 2/0 was giving me many collision and deferred packets while it was still active!
    If u want i can tell u the others board mounted on the router. Or something of other u want to know!

Maybe you are looking for