Catalyst 2960 vs 3750
Long time reader here but first time poster. I am looking into upgrading our network switches soon and I'm trying to decide on a design now. Let me give some background information on the network.
Currently we have a Catalyst 5513 with a Supervisor II, ten 24 port 10/100 cards and a 12 port fiber card installed. There are also two 48 port Alcatel switches that are uplinked to the 5500 as well as six Catalyst 2900XLs (on the factory floor) uplinked to it via fiber. There are about 40 servers and 350clients in total in the building. All servers and most of the clients in the office are connected directly to the 5513. We will be consolidating buildings soon and plan on adding another 200 devices to the network (office and factory floor area).
I was thinking we should get two Catalyst 3750G-48TS and a 3750G-12S in a stack for the core switch. Then use Catalyst 2960-48TC-L switches uplinked to the 3570 stack for the access layer. Does this make more sense than directly connecting all the clients and servers directly to the 3570 stack? What would be the advantages/disadvantages of each setup besides cost?
Thanks for any help you can provide!
I tend to go with a more modular approach and hang nothing off my core except otehr switches. Put your servers on their own switches as well. There are a few reason i do it this way.
The first is I run two cores for redunacy. by giving servers their own access layer switch, i can isolate them from a core failure.
Second, ports on a core switch tend to be more expensive. I know I'm going to be adding servers in the next few years. Its cheaper for me to buy more 3560's then more blades for a 6500.
Third, modularity. I can make more changes to either the core, or edge switches and not effect the other. Say you find out down the road, that the 3750 stack isnt quite moving the number of packets you need. If you plug end users and servers into your core now, just picture how much of a bear it will be to replace the core. Always try to go the route that will give you maximum flexibility and growth.
Similar Messages
-
Bandwidth monitoring on a Catalyst 2960
Hello all, I'm working with two Catalyst 2960 switches and I would like to know if there is a way to monitor bandwidth on individual ports. Ideally I would like to have one graph showing a bandwidth usage reading on each port. I tried using the Network Assistant to accomplish this, but I was only able to view one port at a time. I also tried using a traffic graphing program from Paessler, but a MIB file is needed to allow the program to connect to the switch. When I ran a search on the network management page the 2960 was not on the list for MIB supported products. Is this type of graph possible to do? Or is there a more effective way to accomplish what I would like to do. Any ideas or suggestions would be helpful.
Hi, we have just swapped all our avaya switches with catalyst 2960 (12, 24 and 48 ports) and 3750 (48 ports with 10gig module).
How do I find what port I should monitor for bandwith graphs?
Target[10.0.0.22_loc1]: 1:@10.0.0.22: -
Troubleshooting Fiber Connection on a Catalyst 2960
I am trying to test my fiber connectivity on a Catalyst 2960 before I deploy it. So what I thought I would do is connect it to another switch in my office with a open port for the fiber connection. The other switch is a Catalyst 3560G. Here are the port configurations:
interface GigabitEthernet0/2
switchport trunk allowed vlan 1,100
switchport mode trunk
macro description cisco-switch
interface GigabitEthernet0/25
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100
switchport mode trunk
The first one is the catalyst 2960 and the 3560G is the second.
When you show the interface for each of these it shows that it recognizes the media but the line protocal and the GigbitEthernet Port is down.
Any Ideas?Sorry... a fiber optic cable with a connector on each end.
To aid in troubleshooting, many times we loopback the signal back to the originating device. An optical loopback is just connecting the transmit (Tx) to the receive (Rx).
The multimode SFP/GBIC transceiver you are using will allow you to directly connect the Transmit and Receive ports without damage to the unit. This should provide you with a green link LED.
If so, then you can reconnect your fibers and loopback (connect the two fibers together) at the far end of the fiber link (use an optical adapter) and see if you get a green LED. -
Hi
I am stacking 6 Catalyst 2960 SF Series PoE 48 ports, I am using the Bladestack cable. I plug it in from 1 to 2 on all the switches. If I look at the lights it shows 4 in on group and 2 in another. If I do a show switch detail it shows the following
Switch/Stack Mac Address : 44ad.d982.a100
H/W Current
Switch# Role Mac Address Priority Version State
1 Member 5006.0425.7e00 1 1 Ready
*2 Master 44ad.d982.a100 1 1 Ready
3 Member 5006.0435.bc00 1 1 Waiting
4 Member 5006.04d8.7000 1 1 Ready
Stack Port Status Neighbors
Switch# Port 1 Port 2 Port 1 Port 2
1 Down Ok None 2
2 Ok Ok 4 1
4 Down Ok None 2Hi , i think only four 2960 SF switches can be stacked into a singe logical switch.
Please refer the link , hope this helps:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/white_paper_c11-578928.html -
Catalyst 2960 Problem with Cisco SPA512
Hi there,
I hope someone can help me.
I don't have much experience with switches, I'm doing the desktop support in our company.
We have Catalyst 4510 R+E to 2 Catalyst 2960 switches and seperate VLAN's for IP Phones and for Internet in one part of our office.
Now I'm running into trouble with some IP Phones that are connected to the 2960 switches. It appears only to happen with Cisco's SPA-512. I've tried FW 7.5.2, 7.5.5 and 7.5.5b. These phones sporadically drop the call / connection, with the red MIC button blinking. Based on my research this means that it looses Internet connection. I have 1 SPA512 with FW 7.5.1 that does not show these symptoms.
I have other phones SPA942 and Polycom IP335 in the same area behind the same switches and no issues.
We've tried to disable auto negotiate and set a fixed transmition rate or either 1Gbps and 100Mbps, both without success.
I also have SPA512 in other areas of the office just connected to our Catalyst 4510 R+E and they work just fine. That's why I don't believe it has anything to do with the 4510, but I can be wrong.
That's all I have for you guys. Hope someone can help me to fix / troubleshoot this..
FrankSSwitch3#test cable-diagnostics tdr int g1/0/16
TDR test started on interface Gi1/0/16
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.
SSwitch3#show cable-diagnostics tdr int g1/0/16
TDR test last run on: June 27 13:39:21
Interface Speed Local pair Pair length Remote pair Pair status
Gi1/0/16 1000M Pair A 52 +/- 10 meters Pair A Normal
Pair B 52 +/- 10 meters Pair B Normal
Pair C 52 +/- 10 meters Pair C Normal
Pair D 52 +/- 10 meters Pair D Normal
SSwitch3# -
Hello,
I would like to know if there is a way to validate that a SFP type 1000baseLX is working properly on catalyst 2960.
I am looking for the loop feature that is available on routers.... but not on switches.
The topology is 2 catalyst 2960 switches with both SFP type 1000baseLX connected together with a fiber. This was working find but actually, the two interfaces are down/down.
The idea is to be sure that the problem is on the fiber and not on one of the SFP....
Thank You for your help.UniDirectional Link Detection (UDLD) addresses your concern regarding the fiber. See http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_46_se/configuration/guide/swudld.html for more information.
For the SFPs themselves, you might want to review http://www.cisco.com/en/US/products/hw/modules/ps4999/products_tech_note09186a00807a30d6.shtml for more information.
Hope this helps. -
Problem with Cisco Catalyst 2960
I've got a problem with the Catalyst 2960 / 24TCL switch. The Flash-directory was empty. After I copy with xmodem the firmware bin-file into the flash-directory and installed it .. I miss the HTML-Directory. Can somebody tell me how I can get it back?
SSwitch3#test cable-diagnostics tdr int g1/0/16
TDR test started on interface Gi1/0/16
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.
SSwitch3#show cable-diagnostics tdr int g1/0/16
TDR test last run on: June 27 13:39:21
Interface Speed Local pair Pair length Remote pair Pair status
Gi1/0/16 1000M Pair A 52 +/- 10 meters Pair A Normal
Pair B 52 +/- 10 meters Pair B Normal
Pair C 52 +/- 10 meters Pair C Normal
Pair D 52 +/- 10 meters Pair D Normal
SSwitch3# -
Cisco Network Assistant MAC search in Catalyst 2960
Hi,
Since I updated a Catalyst 2960 switch to IOS version 12.2(55)SE1 I can't do searchs by MAC address, when I do "Monitor->Search" the following error appears:
"The software version of the selected switch does not support some of the CLI commands in read-only mode for this window. You must have read-write access to this switch to display complete information in this window"
If packets are captured you can see that the issued command by the CNA host is "GET /exec/show/mac-address-table/", the answer from the switch is:
"show mac-address-table
^
% Invalid input detected at '^' marker.
If I do "Configure->Switching->MAC Address" instead I get the mac address-table correctly. In this case the issued command is "GET /exec/show/mac/address-table/dynamic" and no error is displayed, the answer from the switch is the list of mac-address table.I have some site admins that use CNA. I just upgraded their LAN to 3560v2 switches running 12.2(58)SE2 and had them upgrade their CNA software to CNA 5.7(6). They reported the same error.
I think you clearly indentified the problem. At one time the IOS command parser accepted both "show mac-address" and "show mac address". At some point IOS stopped accepting the older "show mac-address" format, and CNA is still issuing this command regardless of the IOS version it is trying to manage. -
Installed wrong image on Cisco Catalyst 2960
some time ago I did an IOS upgrade on the Catalyst 2960, however I used the wrong image and caused the switch CAN NOT load properly. My switch is c2960 but I used c2960s, what a big mistake.
When the switch boots, and it hangs on the execution of the image, because c2960s image will not work on c2960.
Anyone got some idea how I can fix this? I tried to restart the switch and pressed "Break" on the terminal, and it didn't stopped.
Using driver version 1 for media type 1
Base ethernet MAC Address: fc:fb:fb:f4:5b:00
Xmodem file system is available.
The password-recovery mechanism is enabled.
Initializing Flash...
mifs[2]: 0 files, 1 directories
mifs[2]: Total bytes : 3870720
mifs[2]: Bytes used : 1024
mifs[2]: Bytes available : 3869696
mifs[2]: mifs fsck took 0 seconds.
mifs[3]: 529 files, 19 directories
mifs[3]: Total bytes : 27998208
mifs[3]: Bytes used : 24108032
mifs[3]: Bytes available : 3890176
mifs[3]: mifs fsck took 11 seconds.
...done Initializing Flash.
done.
Loading "flash:/c2960s-universalk9-mz.122-58.SE1.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File "flash:/c2960s-universalk9-mz.122-58.SE1.bin" uncompressed and installed, entry point: 0x3000
executing...
Thanks,
DavidHi David,
You have interuppt and get to the rommon mode and give boot: <old IOS image> if you have....
if that has been deleted.... then you have go with the recovery procedures like x modem or something
Regards
Karthik -
Cisco SG300-28 / SGE2000 / Catalyst 2960
Hello everyone,
I'm looking for switch to accompany Cisco ASA 5520 in data center, with 20+ GE ports and no need for PoE.
I would like to understand the difference between Cisco SG300-28, Cisco SGE2000 and Cisco Catalyst 2960, 2960-C and 2960-S Series (except specific number of ports). As far as I can see the Cisco SGE2000 has 4x SFP and is stackable unlike the SG300 with 2x miniGBIC/SFP, but not much else. Cisco Catalyst 2960 series offers some additional features like USB storage, but I can't imagine I will need that.
Any suggestions?
Thank you
DanHello everyone,
I'm looking for switch to accompany Cisco ASA 5520 in data center, with 20+ GE ports and no need for PoE.
I would like to understand the difference between Cisco SG300-28, Cisco SGE2000 and Cisco Catalyst 2960, 2960-C and 2960-S Series (except specific number of ports). As far as I can see the Cisco SGE2000 has 4x SFP and is stackable unlike the SG300 with 2x miniGBIC/SFP, but not much else. Cisco Catalyst 2960 series offers some additional features like USB storage, but I can't imagine I will need that.
Any suggestions?
Thank you
Dan -
802.1x on Cisco Catalyst 2960
I am trying to enable 802.1x on one of
the switchports of the Cisco Catalyst
2960:
C2960#sh run | i radius
aaa authentication login test group radius local
aaa authentication dot1x default group radius
radius-server host 10.250.97.26 auth-port 1812 acct-port 1813
radius-server source-ports 1645-1646
radius-server key 123456
C2960#sh run | i dot
aaa authentication dot1x default group radius
dot1x system-auth-control
dot1x guest-vlan supplicant
dot1x critical eapol
C2960#conf t
Enter configuration commands, one per line. End with CNTL/Z.
C2960(config)#int g0/14
C2960(config-if)#dot1x ?
% Unrecognized command
C2960(config-if)#dot1x
As you can see, I can not enable 802.1x
at the interface level. The code is am running is 12.2.25SEE4:
Switch Ports Model SW Version SW Image
* 1 24 WS-C2960G-24TC-L 12.2(25)SEE4 C2960-LANBASEK9-M
System image file is "flash:c2960-lanbasek9-mz.122-25.SEE4.bin"
According to Cisco, this image supports
802.1x. Why can't enable it at the
interface level?
Can someone help me out? Thanks.some additional info:
C2960#sh dot1x all
Sysauthcontrol Enabled
Dot1x Protocol Version 2
Critical Recovery Delay 100
Critical EAPOL Enabled
C2960# -
View-only access to Catalyst 2960/2960S device manager
I have noticed that when I access the (Web-based) device manager on a Catalyst 2960 or 2960S switch, the authentication prompt (from within IE, at least) includes the phrase, "The server <switch-hostname> at level_15_or_view_access requires a username and password." This would seem to imply that it's possible to configure view-only (a.k.a. read-only) access to the device manager, which would be perfect for first-level support personnel (in our environment). I reviewed the information on how to configure local authentication for the Web server (leveraging "ip http authentication local" among other commands), but the examples are a bit too broad for me understand how to specifically (and only) allow someone coming in via HTTP(S) to gain read-only access to the device manager. (Command line access should be denied entirely for the view-only user, if possible, or at least limited to commands that can't modify the switch's configuration.) Assuming this is possible, could someone cite the command sequence required?
Thanks,
MikeHi,a customer want a user which has view-only rights on his catalyst switches. I created a user whit privilige level 7.If you log into the CLI everything is fine. But by trying to log into the web page the system wants a level 15 user.Is their any possibility to grant the level 7 user "view-only" rights on the Catalyst Device Manager?Thanks.Thanks.
Hi,
Check out the below link for SDM for read only user configuration
http://conft.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/application/notes/SDMcli.pdf
Hope to Help !!
Ganesh.H
Remember to rate the helpful post -
Problem GLC-T with Catalyst 2960
Hi Team
We happen case GLC-T with Catalyst 2960 Hang , It can't work
We was reload switch but same ( GLC-T with Catalyst 2960 Hang)
and use command bellow
Switch97#
Switch97#
Switch97#sh int gi 1/0/26 transceiver 5 transceiver de
Switch97#sh int gi 1/0/25 transceiver detail
hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry fail
hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry fail
hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry failDiagnostic Monitoring is not implemented.
Switch97#
Switch97#
Switch97#sh int gi 1/0/25 transceiver detail 6 transceiver de
Switch97#sh int gi 1/0/26 transceiver detail
hulc_sfp_iic_intf_read_eeprom sfp _index 1 yeti_iic_read_retry fail
hulc_sfp_iic_intf_read_eeprom sfp _index 1 yeti_iic_read_retry fail
hulc_sfp_iic_intf_read_eeprom sfp _index 1 yeti_iic_read_retry failDiagnostic Monitoring is not implemented.
We try IOS Software EX3, EX4, EX5 and 15-2.2 but can't problem
Please suggest case to mecisco WS-C2960X-24TS-L (APM86XXX) processor (revision A0) with 524288K bytes of memory.
Processor board ID FCW1832A38M
Last reset from power-on
1 Virtual Ethernet interface
1 FastEthernet interface
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : F0:9E:63:F7:8B:00
Motherboard assembly number : 73-15973-02
Power supply part number : 341-0529-02
Motherboard serial number : FOC183234M6
Power supply serial number : LIT18220612
Model revision number : A0
Motherboard revision number : A0
Model number : WS-C2960X-24TS-L
Daughterboard assembly number : 73-14200-03
Daughterboard serial number : FOC18319MMY
System serial number : FCW1832A38M
Top Assembly Part Number : 800-41470-01
Top Assembly Revision Number : A0
Version ID : V03
CLEI Code Number : CMMMU00ARB
Daughterboard revision number : A0
Hardware Board Revision Number : 0x12
Switch Ports Model SW Version SW Image
* 1 28 WS-C2960X-24TS-L 15.0(2)EX3 C2960X-UNIVERSALK9-M -
Web Authentication Catalyst 2960
Hi,
I am trying to configure fallback Web Authentication on a catalyst 2960 switch. The goal is to authenticate clients via web authentication who are not 802.1x compliant (the 802.1x part is working fine) and allow them restricted access to the network. The problem is that the web authentication seems to fail.
The equipment regarding my question : catalyst 2960 switch (version : 122-37.SE) and a FreeRadius.
Here's what happens :
The authentication window pops up in my browser and the Access-Request is sent to the RADIUS.
The RADIUS in term responds with a Access-Accept. The debugs running on the switch show that all this information arrives correctly at the switch and the Authentication debug outputs a 'status = PASS' and the Authorization debug outputs a 'status = PASS_ADD'. In spite of this the browser on the client outputs a 'Authentication failed' message.
I've read the manual and the Cisco-attribute Value pairs were mentioned : 'priv-lvl=15' and 'proxyacl ...'. Are these mandatory for it to work? Since I'm not configuring any switch login authentication via RADIUS.
Any suggestions ?
Thanx in advanceYes, they are mandatory.
If priv-lvl=15 is not returned to the switch, the user will see ?Authentication Failed? and the access-list will not be applied. If the source field in the proxyacl statements is not ?any? or there are other syntax errors, the user will see ?Authentication Successful? but the access-list will not be applied and the user will be denied access to the network.
Not sure about the specific FreeRADIUS config, but you need to setup the ?[026\009\001] cisco-av-pair VSA. It would look something like:
priv-lvl=15
proxyacl#10=permit ip any any
Let me know if this gets you squared away, -
Cisco catalyst 2960 booting garbage, help on restore IOS
Dear All,
This is my first time on terminal access of Cisco Catalyst 2960 (2960TC-L), normally would use the web configuration for most task.
Now the switch has an issue with the web interface and when I try to access through terminal, I was greeted with garbage upon the booting of the switch, I searched for the terminal boot process and it wasn't what I was expected for my switch. I was a bit dumbfound now of how can I recover the firmware to its default stage, now that I cannot even boot through its terminal console.
Any help is highly appreciated. Thank you for your time.Hi,
I just verified with my colleague of whom have done quite a few bits before I took over his task.
His reply was he actually did an IOS flash before, though I'm not sure how he did it, but according to him, it was actually a success and the web interface still works for few times before it become like this.
As I tried another time to goes into root mode (or Admin mode??) for the switch, the steps as I performed below:
1. Refer to cisco-2960-putting-setting.jpg for the settings. I press Open and it does display the console Window, no issue there.
2. I hold the "mode" button on the switch and turn on the switch power, and after few seconds the screen display as such (refer to cisco-2960-putty-output2.jpg), the SYST L.E.D. did flash with following pattern: Green (blink ~15 times) then Orange-Green (repeat blink twice) then Green (stable light), for this I was expecting it to goes off after few seconds but it didn't, I wait about a minute before I let go the "mode" button.
3. After I let go the "mode" button, it goes to the screen (refer cisco-2960-putty-output3.jpg), and the SYST still blinking, possibly infinitely... with the console output screen stays like that... and whatever I entered display weird/garbage characters instead, I can't do anything on it.
Each tries display different weird characters, as the SYST still blinking infinitely.
I'm unsure if I'm giving enough details for online troubleshooting, I'll try my best to give as per instructed.
Thank you for your time.
Maybe you are looking for
-
The program used to run perfectly fine, and quickly, at that. Recently it takes about 5 minutes to open a single page. I know the problem is not with my system because everything else runs fine, and Internet Explorer opens up immediately. What caused
-
Cannot received TV signal from my numerci decoder to my Qosmio F20
Hello all, i've just bought a new notebook Qosmio F20, everything works fine except the tv tuner. I've tried to plugged a scart cable, a yellow-red-white cable and one antenna cable in my notebook and in my numeric decoder (Atlanta 5400) but i cannot
-
Changing file classification after importing
I've got loads of CDs that contain spoken word and radio plays. When I imported them, the contents were automatically classified as individual songs and put in my Music library. Any way to have them reclassified as Audiobooks? I'd also like to have i
-
How do I get buttons to show at the end of a menu
I have a menu that should be played every time (contains disclaimers, etc) and then there should be a choice of which track to play. How do I either get buttons that ONLY show up at the end--or have the menu automatically go to a next item which only
-
Hi MM experts I used MR21 to change cost of sales order stock,FI posting generated in current period,but one auto reversed document in next period generated at the same time,can somebody kindly advise me whats happen,thanks