802.1x Bug in Switch IOS ??

Similar Messages

• How can I configure a 802.1x in a switch 2960 with IOS 15.0.2?

  Hi,
  I'm trying to config a switch WS-C2960+24PC-L with IOS 15.0(2)SE5 and C2960-LANBASEK9-M to use 802.1x in my network but when I type the following commands the IOS doesn't recognize the interface commands and I can't complete the settings:
  Router# configure terminal
  Router(config)# dot1x system-auth-control
  Router(config)# aaa new-model
  Router(config)# aaa authentication dot1x default group radius
  Router(config)# interface fastethernet2/1
  Router(config-if)# switchport mode access
  Switch(config-if)# authentication port-control auto (or dot1x port-control auto)
  Switch(config-if)# authentication host-mode multihost
  Router(config-if)# dot1x pae authenticator
  Router(config-if)# end
  Source: http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_8021x/configuration/15-2mt/config-ieee-802x-pba.html#GUID-C11588CB-31B6-4CD9-9E74-CF2199FB1807
  I've used the same commands in other switch with IOS 12.x and I don't have any problem to complete the settings so.... somebody know if:
  * Should I use others commands to activate this feature in this IOS?
  * Do I need to use other IOS?
  Thanks in advance,

  The authentication manager commands in Cisco IOS Release 12.2(50)SE or later
  The equivalent 802.1x commands in Cisco IOS Release 12.2(46)SE and earlier
  Description
  authentication control-direction { both | in}
  dot1x control-direction { both | in}
  Enable 802.1x authentication with the wake-on-LAN (WoL) feature, and configure the port control as unidirectional or bidirectional.
  authentication event
  dot1x auth-fail vlan
  dot1x critical (interface configuration)
  

dot1x guest-vlan6
  Enable the restricted VLAN on a port.
  Enable the inaccessible-authentication-bypass feature.
  Specify an active VLAN as an 802.1x guest VLAN.
  authentication fallback fallback-profile
  dot1x fallback fallback-profile
  Configure a port to use web authentication as a fallback method for clients that do not support 802.1x authentication.
  authentication host-mode [ multi-auth | multi-domain | multi-host | single-host]
  dot1x host-mode { single-host | multi-host | multi-domain}
  Allow a single host (client) or multiple hosts on an 802.1x-authorized port.
  authentication order
  mab
  Provides the flexibility to define the order of authentication methods to be used.
  authentication periodic
  dot1x reauthentication
  Enable periodic re-authentication of the client.
  authentication port-control { auto | force-authorized | force-un authorized}
  dot1x port-control { auto | force-authorized | force-unauthorized}
  Enable manual control of the authorization state of the port.
  authentication timer
  dot1x timeout
  Set the 802.1x timers.
  authentication violation { protect | restrict | shutdown}
  dot1x violation-mode { shutdown | restrict | protect}
  Configure the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port.
  show authentication
  show dot1x
  Display 802.1x statistics, administrative status, and operational status for the switch or for the specified port. authentication manager: compatibility with earlier 802.1x CLI commands
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_010000.html#concept_6275D339A9074AC0BB06F872D7A54FBB

• Has anyone experienced the mute switch / auto-rotate switch iOS bug on their ipad?

  Has anyone experienced the mute switch / auto-rotate switch iOS bug on their ipad?
  I have experienced this on iPad 1 as well as iPad 2.
  Basically, when you set the side switch to toggle screen orientation (or mute), after a period of use I will have either my sound cease to function or the ipad screen will not orient correctly.  This depends on what i have chosen the side switch to toggle.  I am not sure what causes it.  The time it takes for the problem to appear is inconsistent. Some say it is caused by third party applications.
  One can find numerous threads on here if you search for "sound on my ipad stopped working" or "orientation not working".  It appears to be the same problem. Fudging with the toggle switch settings can fix it (but it takes a weird order to get it out of its non functioning loop). 
  Here is a thread that addresses the sound issue:  https://discussions.apple.com/message/15263298#15263298

  Its only for notifications.. it is not for sound from videos or music!

• 802.1x Dynamic VLAN Switching Question

  Trying to set up 802.1x dynamic VLAN switching, and have a question. I think I've gotten it working except for one part. The VLAN on a protected interface is never getting switched. I can see an entry in the ACS stating that it applied the appropriate VLAN via RADIUS response, but it never changes on the switch.
  Environment:
  ACS Express 5.0.1
  C3550 running c3550-ipbasek9-mz.122-44.SE6.bin
  Switch config:
  aaa new-model
  aaa group server radius dot1x
  server-private 10.10.1.4 auth-port 1645 acct-port 1646 key 7 071C244F5C0C0D544541
  aaa authentication dot1x default group dot1x
  dot1x system-auth-control
  dot1x guest-vlan supplicant
  interface FastEthernet0/3
  switchport access vlan 3
  switchport mode access
  speed 100
  duplex full
  dot1x pae authenticator
  dot1x port-control auto
  dot1x violation-mode protect
  dot1x timeout tx-period 5
  dot1x timeout supp-timeout 5
  spanning-tree portfast
  ip radius source-interface FastEthernet0/1 vrf default!
  radius-server host 10.10.1.4 auth-port 1645 acct-port 1646 key 7 01000307490E125E731F
  Am I missing something easy?

  It looks like "aaa authorization network default group dot1x" was the missing command I needed to get this working.
  The only issue I'm having now is that if the client fails to meet the authentication requirements, the line status gets set as "down"

• 802.1x, 350AP, 3550 Switch, and ACS 3.0

  Yikes!
  Whatta mess I got myself into! Im trying to implement a couple of security features (at the same time) due to higher corporate directives. I am trying to implement Radius, 802.1x port authentication on a Cat 3550 switch, and mac address athuentication for wireless clients. The idea was:
  1. The 3550 has port based authentication on it and should authenticate access points as well as any workstations that will/may connect to it.
  2. The wireless clients will be MAC authenticated via the access point passing requests to the radius server.
  Confused? I am too, help!
  Thanks

  Nilesh, Thanks for the reply.
  But I do have a few further questions if you are willing:
  1. Getting the AP to use 802.1x and talk with the radius server seems to be the big problem. I have not been able to find clear enough instructions on how to set the AP to do 802.1x through the switch. I do realize the LEAP is just cisco's implementation of 802.1x but we are trying to use non-proprietary protocols.
  2. We already have the clients MAC addresses in the AP's but want to get away from this (network mgt issues) by using the ACS server.
  I guess what makes this confusing for me is the chain of events and if they are possible to do. Here are the steps as I see them, please advise if this is not possible to do.
  1. Access point is plugged into 3550 and uses 802.1x authentication with radius through the switch. Once the switchport is authorized, then the wireless clients can try to associate with AP. To do this the MAC address of the client , is sent to ACS for authorization and when authorized allowed to communicate. Then the wireless client retrieves an IP address through DHCP.
  Whew.

• My Iphone 4S has far less battery life since before I downloaded IOS 7.1,  Is there a bug in this IOS that wears the battery down faster?

  Since I downloaded IOS 7.1 my phone (4S) battery won't last more than eight hours and takes three or four hours to charge.  There must be a bug in this IOS that affects battery life.

  Hi Smilesalong,
  If you are experiencing shorter battery life you may want to read through this article to help you extend it -
  Apple - Batteries - iPhone
  http://www.apple.com/batteries/iphone.html
  Thanks for using Apple Support Communities.
  Best,
  Brett L

• When will apple release an update with bug fixes for ios 6?

  when will apple release an update with bug fixes for ios 6?

  When indeed. I purchased iPhone 5 64gb and have so far experienced the following issues/Bugs
  1. Flash on camera out of sync
  2. Cannot connect to some WIFI Bluetooth drvices
  3. Missing Album Artwork on iTunes album view
  4. Buggy and confused maps/satnav
  5. iMessage comes and goes
  6. Battery Life *****

• Any possibility of upgrading 2950 switch IOS

  Hi,
  I would like to know if possible to upgrade my cisco 2950 switch IOS from Standard to Enhanced Image, As I notice from some one that it comes standard box with no uograde capabilities.
  Is that means as hardware upgrade or IOS Image Upgrade?
  Ankur : u have helped me before but I am still confused.
  thanks,

  The ability to run either the SI or EI features on the 2950 is hardware dependant. If you have a look at the release notes for the latest IOS there is a table about 2 pages in detailing the various 2950's available and whether they run the SI or EI features.
  The actual IOS software image is the same for both the EI & SI switches but only the EI features are available on the platforms that support it.
  The 2950-12, 2950-24, 2950SX-24, 2950SX-48-SI and 2950T-48-SI only have the SI features, it looks like all the others run the EI.
  HTH
  Andy

• Slide to unlock doesn't work happend more than 8 time every time i had to restart my phone, Please can you tell me how to fix this bug . iPhone 5, iOS 7.0.4

  Slide to unlock doesn't work happend more than 8 time every time i had to restart my phone, Please can you tell me how to fix this bug .
  iPhone 5, iOS 7.0.4

  Backup and restore your software via iTunes. If the problem continues, restore as a NEW device. If this solves it, that means there is some corruption in your backup file. If the problem is still there, you should take it to the Genius Bar at an Apple Store for evaluation.

• Cisco switch IOS deletion

  Hi
  i've got two cisco 3750 Switches where by the ios images have been erased from the units there is no back up version on the switches that i can see,
  I do have a swicth with a valid IOS image, My question is how would i go about taking a copy of that working IOS and placing it onto my PC then onto the switches that dont have the IOS.
  Regards
  Paul

  The approach suggested by Dragan of copying directly from switch to switch should work. The other option would be to use tftp to copy the switch IOS from the switch to your PC and then on the switches that do not have images copy using tftp from your PC to the switch.
  If the switch has no image is it running in rommon? If so the tftpdnld command may give you the ability to copy the IOS image.
  Perhaps we should also verify that the image on the one switch is appropriate to use on the other switches. Are the other switches the same model, do they have the same amount of flash and of memory?
  HTH
  Rick

• I am having bugs with the ios 5, after it got the update it is unable to make outgoing calls. in-place the incoming and outgoing texts are working please help me asap...!

  i am having bugs with the ios 5, after it got the update it is unable to make outgoing calls. in-place the incoming and outgoing texts are working please help me asap...!

  Sometimes and this is network dependant if they suspect the phone to be lost or stolen as in this case with change of Sim card and provider then the origonal network can and some will block the phone untill you have rang them and proven it's not the case or if you have bough this 2nd hand then the origonal seller may have stopped paying the contract bill and thus the phone is blocked

• Is Apple working on bug fixes for IOS 8.0.2? Wish I had NOT updated! Terrible on IPad2!

  IS Apple working on bug fixes for IOS 8.0.2? It is terrible on IPad2, wish I had NOT updated!

  Since "upgrading" to iOS8.x my IPad2 is so slow and buggy.  If the old hardware can't handle the new iOS, Apple should say so.

• Anyone have Bugs since installing IOS 8?

  Anyone having bugs after installing IOS 8?

  Oh yes.  iOS 8.x seems to be incompatible with accessing 2 of our 3 intranet sites.  We have an iPhone 6, iPhone 5 (upgraded to iOS 8) and a 4th Gen iPad (also upgraded).  One of the sites is a java application, the other is SharePoint.  The funny thing is we can access these sites from "outside" the firewall.  Though, the device asks for the credentials twice.
  Also, the iPhone 6 has problems syncing photos.  There are 5k+ photos my boss is trying to sync.  iTunes shows it as syncing just fine.  However, when viewing the photos on the phone, many of the thumbnails are blank.  If you tap the photo, it briefly shows the photo, then it disappears with a message saying that its downloading the file, but it never downloads.

• Iphone in recovery mode after update to bug fix on IOS 7

  Iphone 4 has gone into recovery mode after updating a bug fix on IOS 7. Is there any way to fix it without having to restore?

  No. 
  http://support.apple.com/kb/ht1808
  1. Turn off device
  2. Connect USB cable to computer; leave the other end alone
  3. Press and hold the Home button down and connect the docking end of cable to device
  4. Continue holding the Home button until you see the "Connect To iTune" screen
  5. Release the Home button
  6. Open iTune
  7. You should see "iTunes has detected the device in recovery mode"
  8. Use iTune to restore device
  Note: You need to be patient and repeat the above many times to recover your device
  Here's a link that discusses recover mode:  http://ipod.about.com/od/iphonetroubleshooting/a/Iphone-Recovery-Mode.htm

• 802.1X Switch IOS version

                     Hi,
  I' have realy big layer two access network made of etherogenius Cisco switch with different IOS version and train.
  My customer bought ISE (ADVANCED AND BASE LICENSE).
  As far I read on DS it is seem that if you have Minimum IOS release 12.2(52) SE you are able to perform COA, reading  DS with more attention I notice that cisco raccomend IOS versione 12.2(55)SE3 why ? does it means COA does not work with 12.2(52)SE ?
  But more important :
  I need a minimum IOS release to perform 802.1x on my  wired network ?

  Carlo,
  Here is the guide that states 12.2(52)SE but the foot note states that for 802.1x authentication you need 12.2(55)SE.
  http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html#wp55038
  After checking the release notes this solution falls under the Cisco Trustsec which is supported on 12.2(55)SE, there are several features released in 12.2(55)SE such has vlan assignment in multi-auth mode that makes it much easier for Cisco help generate initial configs for their customers.
  Here are the release notes:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/release/notes/OL23054.html#wp1047679
  Thanks,
  Tarik admani