Cisco 500 Series 802.1x Requirements

Hello,
Does anyone have a guide on how to setup 802.1x on the Cisco 500 Series Switches.
I have done the whole implamentation in the past with Catalysts and ACS.
But would like to see a guide for the 500 series.
Do we need the Cisco ACS or can we use RADIUS on Windows?

Hi Peter, you may use IAS or any radius you prefer. To my knowledge the admin guide is the only documentation. You may check the Cisco knowledgd base as well.

Similar Messages

  • Cisco 500 series switches

    Dear support,
    Can Cisco 500 series switches deliver 24V on the access port for POE operation?
    Best Regards

    I belive the 802..2F and 802.2at poe standard is strictly 48v.  I haven't found anything to the contrary.  There are inline convertes 48v-24v or something like this that can be used with a non poe switch: http://www.digital-loggers.com/poe24.html but that means all conected device would be off the same access port / vlan. 

  • Cisco 500 Series Fiber Optic connector issues

    I have a 500 Series express with a Cisco GE SFP, LC connector SX transeiver and a belkin dual LC to ST cable plugged into it.
    The unit is stating the cable is misconfigured. Is there anything I have to do besides configuring the port to switch in the smart role settings to get this fiber interface to work?

    Hi
    If you are getting any error logs in your switch is it possible for you to paste the same here ?
    Also are you connecting your server on the SFP or any other device ..
    regds

  • Catalyst 500 series

    hi,
       i have a question regarding cisco 500 series switches and it is that if we want to shut down this switch remotely then is it possible or it has to be done manually by going to the switch location and disconnecting the power supply because i dont see a power off or shut down option if it is accessed remotely like from a pc.
    regards
    Ahmed

    I don't think many devices are meant to be shutdown. As soon as there is power they run. That's what they are made for.
    What do you wish to acomplish with the shutdown?
    Cheers,
    Michel

  • Connecting two cisco ESW 500 series switches.

    Hi Experts,
    I have a basic knowledge of network and need some help.
    I have two cisco ESW 500 series switches and i want to connect them together.
    Q1 # Which type of cable i should use to connect these two switches CrossOver or fiber...What is the advantage of using Fiber over CrossOver. ?
    Q2 # What are the marked ports in the image used for...???

    tech spec,
    Traditionally you would use crossover to connect switches. Most modern network devices have Auto-MDIX which allows the device to connect using either crossover or straight through.
    The ports on the right can be used for uplink or as regular network ports. On the 10/100 versions the ports on the right are usually Gigabit, thus making them more suitable for uplink to another switch, etc.
    Please mark this thread as answered or reply if you have any additional questions.
    - Marty

  • How to erase all configuration in Cisco ESW 500 Series Switches

    Hi anybody,
    Anyone show me how to erase or remove  configuration file from ESW 500 Series Switches?
    Thanks
    Thuc

    Hi Thuc,
    The restart / reset function will allow for local or remote reset of the  the unit to Factory defaults, see screen capture below. ;
    Alternatively, the Switch can be reset by inserting a paper clip into the RESET opening on the friont of the switch.
    Pressing the manual reset for 0 to 10 seconds only  reboots the switch.
    Pressing the manual reset for longer than 10 seconds results in the switch being reset to factory defaults.
    does this answer your question, not exactly sure it does ?
    regards Dave

  • Cisco ISE for 802.1x (EAP-TLS)

    I work for a banking organization and security is an area that needs to be improved continuously. I am planning on implementing Cisco ISE for 802.1x together with a Microsoft PKI for certificate issuing and signing.
    I am currently trying to implement this in our test environment and I have managed to do a few basic bootstrapping tasks. I need someone to push me into the right direction as to how I can achieve what i am seeking.
    I will use Cisco 2900 series switches on the access layer and a few HP switches as well which supports 802.1x.
    I want to configure the ISE to process authentication requests using 802.1x EAP-TLS (Certificate Based). All the workstations on the domain needs to authenticate itself using the certificates issued to it by the Certificate Issuing Authority.
    I have already managed to get the PKI working and have rolled out the certificates on all the workstations on the test environment. I can't seem to configure the Authentication portion on the ISE.
    I request if someone can guide me or direct me to materials that can help achieve the above requirements. The guides available on the Cisco website are  overwhelming and I can't seem to figure out how I am supposed to configure the authentication portion.
    My email: [email protected]
    Cheers,
    Krishil Reddy

    Hello Mubashir,
    Many timers can be modified as  needed in a deployment. Unless you are experiencing a specific problem  where adjusting the timer may correct unwanted behavior, it is  recommended to leave all timers at their default values except for the  802.1X transmit timer (tx-period).
    The tx-period timer defaults to a value of 30 seconds.  Leaving this value at 30 seconds provides a default wait of 90 seconds  (3 x tx-period) before a switchport will begin the next method of  authentication, and begin the MAB process for non-authenticating  devices.
    Based on numerous deployments, the best-practice  recommendation is to set the tx-period value to 10 seconds to provide  the optimal time for MAB devices. Setting the value below 10 seconds may  result in the port moving to MAC authentication bypass too quickly.
    Configure the tx-period timer.
    C3750X(config-if-range)#dot1x timeout tx-period 10

  • I want your valuabale opininon on ESW 500 series switches

    In my offiec i want to connect 8 accesspoints and 8 smart boad and 8 pcs to a switch the access points are cisco 1240g series and controlled by a wlan controller.
    this switch should be connected to a core switch 4507 using fiber.
    can i use these esw switches for this

    Not sure what you mean by 8 smart boad - can you be more clear on that?
    Couple of comments:
    - Please note that we recommend the ESW in a Cisco Small Business type deployment with products such as UC500, SR500, AP500. Also, management is via a configuration utility GUI or CCA, not CLI as you would use for the Cisco Catalyst switches. Check this discussion which has a PDF that goes over positioning of the switches- https://www.myciscocommunity.com/message/8385#8385
    - Please check the POE requirements you need against the ESW switches - check the question on at Q & A
    Q. How many devices can the Cisco ESW 500 Series PoE switches power?

  • Trying to Download a Software Image to Cisco 2800 series router through TFTP Using the tftpdnld ROMmon Command

    Trying to Download a Software Image to Cisco 2800 series router through TFTP Using the tftpdnld ROMmon Command
    and I am getting an Error , I cant figure out what I am doing wrong. I have also pasted my display down here can someone help me out, thanks in advance, I am still new to this utility.
    My questions are How do you direct this utility to point to the desktop or the TFTP folder
    does FE_PORT: Fast Ethernet 0 imply or point to Fa0/0 on my router
    My router is suppose to have 10.0.0.3 255.0.0.0
    Gateway of 10.0.0.1 255.0.0.0
    My TFTP Server 10.0.0.2 255.0.0.0
    How do I get the MAC address of the Router or the TFTP Server and which one  is required?
    my Ethernet port is 100Mb/Sec I cant tell whether it is full duplex or not so How do i set this FE_SPEED_MODE: Auto???
    =====================================================================================
    rommon 10 >
    rommon 10 > set
    PS1=rommon ! >
    FE_PORT=0
    WARM_REBOOT=
    RET_2_RTS=20:35:55 UTC Thu Sep 25 2014
    BSI=0
    RET_2_RCALTS=
    RANDOM_NUM=1600357627
    ?=0
    IP_ADDRESS=10.0.0.3
    IP_SUBNET_MASK=255.0.0.0
    DEFAULT_GATEWAY=10.0.0.1
    TFTP_SERVER=10.0.0.2
    TFTP_FILE=
    rommon 11 > TFTP_FILE=c2800nm-adventerprisek9-mz.124-24.T4
    rommon 12 > TFTP_CHECKSUM=0
    rommon 13 > SET
    monitor: command "SET" not found
    rommon 14 > set
    PS1=rommon ! >
    FE_PORT=0
    WARM_REBOOT=
    RET_2_RTS=20:35:55 UTC Thu Sep 25 2014
    BSI=0
    RET_2_RCALTS=
    RANDOM_NUM=1600357627
    IP_ADDRESS=10.0.0.3
    IP_SUBNET_MASK=255.0.0.0
    DEFAULT_GATEWAY=10.0.0.1
    TFTP_SERVER=10.0.0.2
    ?=0
    TFTP_FILE=c2800nm-adventerprisek9-mz.124-24.T4
    TFTP_CHECKSUM=0
    rommon 15 > tftpdnld
              IP_ADDRESS: 10.0.0.3
          IP_SUBNET_MASK: 255.0.0.0
         DEFAULT_GATEWAY: 10.0.0.1
             TFTP_SERVER: 10.0.0.2
               TFTP_FILE: c2800nm-adventerprisek9-mz.124-24.T4
            TFTP_VERBOSE: Progress
        TFTP_RETRY_COUNT: 18
            TFTP_TIMEOUT: 7200
           TFTP_CHECKSUM: No
            TFTP_MACADDR: 30:37:a6:49:35:a8
                 FE_PORT: Fast Ethernet 0
           FE_SPEED_MODE: Auto
    Invoke this command for disaster recovery only.
    WARNING: all existing data in all partitions on flash: will be lost!
    Do you wish to continue? y/n:  [n]:  y
    ARP: address resolution for 10.0.0.2 timed out.
    ARP failed with failure code 1.  TFTP transfer aborted.
    TFTP: Operation terminated prematurely.
    rommon 16 >       " not found
    rommon 17 >FE_SPEED_MODE=2
    variable name contains illegal (non-printable) characters
    rommon
    rommon 18 > set
    PS1=rommon ! >
    FE_PORT=0
    WARM_REBOOT=
    RET_2_RTS=20:35:55 UTC Thu Sep 25 2014
    BSI=0
    RET_2_RCALTS=
    RANDOM_NUM=1600357627
    IP_ADDRESS=10.0.0.3
    IP_SUBNET_MASK=255.0.0.0
    DEFAULT_GATEWAY=10.0.0.1
    TFTP_SERVER=10.0.0.2
    TFTP_FILE=c2800nm-adventerprisek9-mz.124-24.T4
    TFTP_CHECKSUM=0
    ?=0
    rommon 19 > tftpdnld [ur]
    usage: tftpdnld [-hr]
      Use this command for disaster recovery only to recover an image via TFTP.
      Monitor variables are used to set up parameters for the transfer.
      (Syntax: "VARIABLE_NAME=value" and use "set" to show current variables.)
      "ctrl-c" or "break" stops the transfer before flash erase begins.
      The following variables are REQUIRED to be set for tftpdnld:
                IP_ADDRESS: The IP address for this unit
            IP_SUBNET_MASK: The subnet mask for this unit
           DEFAULT_GATEWAY: The default gateway for this unit
               TFTP_SERVER: The IP address of the server to fetch from
                 TFTP_FILE: The filename to fetch
      The following variables are OPTIONAL:
              TFTP_VERBOSE: Print setting. 0=quiet, 1=progress(default), 2=verbose
          TFTP_RETRY_COUNT: Retry count for ARP and TFTP (default=18)
              TFTP_TIMEOUT: Overall timeout of operation in seconds (default=7200)
             TFTP_CHECKSUM: Perform checksum test on image, 0=no, 1=yes (default=1)
              TFTP_MACADDR: The MAC address for this unit
                   FE_PORT: 0= (default), 1
             FE_SPEED_MODE: 0=10/hdx, 1=10/fdx, 2=100/hdx, 3=100/fdx,
                            5=Auto (default)
          TFTP_DESTINATION: The flash destination device for the file
                            flash:(default), usbflash0:, usbflash1:
      Command line options:
       -h: this help screen
       -r: do not write flash, load to DRAM only and launch image
    rommon 20 > tftpdnld
              IP_ADDRESS: 10.0.0.3
          IP_SUBNET_MASK: 255.0.0.0
         DEFAULT_GATEWAY: 10.0.0.1
             TFTP_SERVER: 10.0.0.2
               TFTP_FILE: c2800nm-adventerprisek9-mz.124-24.T4
            TFTP_VERBOSE: Progress
        TFTP_RETRY_COUNT: 18
            TFTP_TIMEOUT: 7200
           TFTP_CHECKSUM: No
            TFTP_MACADDR: 30:37:a6:49:35:a8
                 FE_PORT: Fast Ethernet 0
           FE_SPEED_MODE: Auto
    Invoke this command for disaster recovery only.
    WARNING: all existing data in all partitions on flash: will be lost!
    Do you wish to continue? y/n:  [n]:  y
    ARP: address resolution for 10.0.0.2 timed out.
    ARP failed with failure code 1.  TFTP transfer aborted.
    TFTP: Operation terminated prematurely.
    rommon 21 >

    What I notice in the original post is this error
    ARP: address resolution for 10.0.0.2 timed out.
    which says that the router is looking for the 10.0.0.2 server but not getting response to its arp request. Can the original poster clarify for us how the device that has the image file is connected to the router that has the problem? Also what kind of device is 10.0.0.2? Is it a PC running TFTP server software or is it something else?
    HTH
    Rick

  • I need online Configuration Guide for Catalyst Express 500 Series Switches

    Hi Mates,
    Please is there an online help page for 500 series catalyst
    I have this one for IOS 12.2(25)FY http://www.cisco.com/en/US/products/ps6545/products_configuration_example09186a00806da6c9.shtml
    but I need more detailes like IOS 12.3(7)JA for Aironet 1300 http://www.cisco.com/en/US/products/ps5861/products_configuration_guide_book09186a00804ebd50.html
    Regards
    Saher

    I'm afraid there is not such document for IOS 12.2(25)FY since the Catalyst Express 500 Series switches are manageable through the GUI Device Manager or Cisco Network Assistant.
    I have also found key features and standards supported for that release:
    http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_bulletin0900aecd8033b8b3.html
    Hope this helps

  • Can I terminate 40 Mbps DSL BROAD BAND connection in Cisco 800 series routers

    Dear all,
     Can I terminate 40 Mbps DSL BROAD BAND connection in Cisco 800 series router?.It is not a leased line.
    Which Router model is best for 40 Mbps DSL Broad band termination ?
    Thanks&Regards
    Ajay Jose K

    Hi , 
     Below link provides you all model in 800 series . 
    http://www.cisco.com/c/en/us/support/routers/800-series-routers/tsd-products-support-series-home.html
    For your requirement below model should suffice . 
    Complete throughput from the router is 51 Mbps .
    Cisco C891FW Integrated Services Router
    HTH
    Sandy

  • Error in Cisco 2500 series Wireless Controller

    I have this error in Cisco 2500 series  Wireless Controller 
    The AP type Cisco AIR-CAP35021-A-K9
    I cann't connect the client to AP when i try to connect i get this error on Cisco 2500 series  Wireless Controller  But the AP get ip .
    Please can any on help me . 
    Client Excluded: MACAddress:Base Radio MAC : Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 

    Duplicate posts.  
    Go here:   http://supportforums.cisco.com/discussion/12142556/cisco-2500-series-wireless-controller

  • Catalyst Express 500 series connection problems

    Hello! our company is currently using two 500 series switch connected to eachother using the g1/1000mbits port, a cisco router is also plugged in to one of the switches for broadband internet access. After deployment the following problems came up, we are unable to use our wireless access point even when the port is set up as being "access point" using the smartports feature, we simply cant ping the access point no matter what port type we set on the switch and we keep having the error message on the router that it has denied connection from that device, my feeling is that for some reason i'm not aware of the router is blocking certain devices to transfer data no matter what type of port we define on the smartports feature. I cant find anyway or option on the router software to disable this blocking or filtering of the data in order to connect any devices i want normally without any restrictions. for some reason the switch is not accepting connections from the access point...
    Any help would be much appreciated.
    Fernando - London - UK

    Hi, well, i did disabled STP but it didnt help, i'm going to post the network topology more exactely and the settings being used so its easier to get any help as i think i missed some points about our network :) ....so here it goes :
    1. All the devices and client computers are using fixed ip addresses on the range 192.168.254.x
    2. Topology :
    Switch number 1 connected devices:
    17 client computers connected
    1 printer
    1 cisco router (with dhcp disabled and using fixed ip too)
    1 Netgear AP using set with DHCP
    Switch number 2 connected devices:
    10 client computer connected
    Switch 1 and 2 are connected using the G1/1000mbits uplink port
    Settings being used on BOTH switches (they are both catalyst 500,same software version) :
    - default vlan1 is set and enabled
    - STP enabled
    - IGMP snooping enabled
    - all ports are enabled and set to auto mode for speed and duplex
    - port Gi1 that is used to connect both switches is set as "Switch" type with smartports.
    - gateway (cisco router) ip address set
    - security set to "low"
    - STP settings on switch 1:
    currents roots: VLAN1 , priority:32768 , root port: fa24 (where the router is connected), route path:38
    - STP settings on switch 2:
    currents roots: VLAN1 , priority:32768 , root port: Gi1 (uplink to switch 1), route path:42
    switch 1 specific settings:
    - the port where the AP is connected is set using smartports as "Access Point" and the port where the printer is connected is set as "Printer" also using smartports on the switch device manager software.
    - the port where the cisco router is connected is set as "router" with smartports
    Facts:
    - I am able to ping all the devices on the network from any computers connected to both switches.
    - I am able to ping the printer from any computer connected to both switches as well.
    - When AP is connected directly to the cisco router wireless clients have access to internet with no problems
    - all wired client computers on both switches connect to the internet using the router without problems.
    Issues:
    - Cannot ping the AP from any client computer on the network
    - When printing from Switch 1 clients everything goes well, but when i print from clients on Switch 2 i am unable to print as its unable to connect to the printer, however i can ping the printer on the command-line !
    - When i try to plug in the network cable from the AP to its designated port on Switch 1 the network crashes !
    Error messages:
    When trying to print from clients on Switch 2 or when try to connect and use AP on switch 1 i get or "access denied to device connecting to portxx" or i get an STP blocking error .
    Hope the picture is clearer now.
    thanks once more.
    Fernando.

  • US 500 Series FXO/FXS

    Hello all. I just need to clarify/ask a question. From my discussions with Cisco tech support, the maximum number of FXO and FXS ports I can have on a UC 500 series is 8 of each, using a VIC card for 4 more FXO and a SPA8800 for 4 more FXS.
    Does anyone know of anyway to increase this? I have a client who needs to run with 12 FXO and 12 FXS to make a functioning system.
    Does anyone have any other solutions I can deliver? (And please do not go into BRI or SIP; it's not going to happen.)
    Thanks all.

    Hello Kris,
    If you are using UC560-FXO and add two additional FXO VICs - VIC2-4FXO you will have a total of 12 FXO ports.
    Then add SPA8000 will give you additional 8 FXS ports - total 12.
    This is how you add SPA8000 to the UC.
    https://supportforums.cisco.com/docs/DOC-9465
    For FXS also you may use ATA186.
    HTH,
    Alex
    *Please rate helpful posts

  • SPA 300 and 500 series programming guides

    Hello all.
    I am working a FreePBX system that implements Cisco SPA 300 series and 500 series solely. I have been trying to find more information regarding programming the line buttons for special features, like call pickup, and the lower 4 programmable buttons, but I can't seem to find any proper documentation. Any help would be greatly appreciated.
    Also if anyone has experience with provisioning these devices in a FreePBX environment I would love any and all pointers on that as well.
    With regards,
    A Hopeful PBX admin
    Gunnar Ingi                   

    Hi Gunnar,
    Although not specific to FreePBX, this document map may help you.
    There is a lot of information specific to FreePBX out on the Internet. When searching, keep in mind that FreePBX is based on Asterisk and that the SPA5xx and SPA3xx IP phones are children of the SPA9xx phones so you may find more help by searching using the SPA942 as a model number, for example.
    Regards,
    Patrick

Maybe you are looking for