Cisco switch IOS deletion

Hi
i've got two cisco 3750 Switches where by the ios images have been erased from the units there is no back up version on the switches that i can see,
I do have a swicth with a valid IOS image, My question is how would i go about taking a copy of that working IOS and placing it onto my PC then onto the switches that dont have the IOS.
Regards
Paul

The approach suggested by Dragan of copying directly from switch to switch should work. The other option would be to use tftp to copy the switch IOS from the switch to your PC and then on the switches that do not have images copy using tftp from your PC to the switch.
If the switch has no image is it running in rommon? If so the tftpdnld command may give you the ability to copy the IOS image.
Perhaps we should also verify that the image on the one switch is appropriate to use on the other switches. Are the other switches the same model, do they have the same amount of flash and of memory?
HTH
Rick

Similar Messages

Cisco switch ios upgradation

how can I upgrade cisco 2960s switch's ios.
what commands will be used for it

Hello Anupam,
1. You need to copy the IOS from CCO.
2. The same IOS needs to copied on to the flash.
#copy tftp : flash
#tftp ip address <x.x.x.x>
3. I would suggest before upgrading the IOS. Please verify the MD5 checksum and confirm with CCO that it matches. This confirms that while copying the image didnt get corrupt.
#verify /md5 Flash:<IOSimage>.bin
4. Once you see the IOS in flash. Please configure below.
boot-start-marker
boot system flash <IOS image name>.bin
boot-end-marker
5. Save the confguration.
#wr
6. reload the router. Post reload you can run " show version" to check if device has come up with new IOS.
HTH,
Nikhil

DACL does not get downloaded to Cisco Switch from ISE

Hello,
I have a cisco switch with ios: c3550-ipbasek9-mz.122-44.SE6.bin
I am trying to push dACL fro my ISE device into the switch, but it is not getting applied to switch.   dynamic vlan assignment workds fine, but dACL doesnot apply
Any instruction plz?

Hi Jatin,
ISE is properly configured for dACL,   i think there is some compatibility issue on cisco switch ios.
following is the debug output>>
06:36:43: dot1x-packet:Received an EAP packet on interface FastEthernet0/11
06:36:43: EAPOL pak dump rx
06:36:43: EAPOL Version: 0x1 type: 0x0 length: 0x0006
06:36:43: dot1x-packet:Received an EAP packet on the FastEthernet0/11 from mac 0019.b981.e812
06:36:43: dot1x-sm:Posting EAPOL_EAP on Client=1D68028
06:36:43:     dot1x_auth_bend Fa0/11: during state auth_bend_request, got event 6(eapolEap)
06:36:43: @@@ dot1x_auth_bend Fa0/11: auth_bend_request -> auth_bend_response
06:36:43: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_enter called
06:36:43: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0019.b981.e812
06:36:43: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_request_response_action called
06:36:43: RADIUS/ENCODE(00000049):Orig. component type = DOT1X
06:36:43: RADIUS(00000049): Config NAS IP: 192.168.2.250
06:36:43: RADIUS/ENCODE(00000049): acct_session_id: 73
06:36:43: RADIUS(00000049): sending
06:36:43: RADIUS(00000049): Send Access-Request to 192.168.2.231:1812 id 1645/99, len 267
06:36:43: RADIUS: authenticator 5B 61 1D 64 D3 D5 9F AD - 23 E0 11 11 B3 C3 5C 81
06:36:43: RADIUS: User-Name           [1]   6   "test"
06:36:43: RADIUS: Service-Type        [6]   6   Framed                    [2]
06:36:43: RADIUS: Framed-MTU          [12] 6   1500
06:36:43: RADIUS: Called-Station-Id   [30] 19 "00-11-5C-6E-5E-0B"
06:36:43: RADIUS: Calling-Station-Id [31] 19 "00-19-B9-81-E8-12"
06:36:43: RADIUS: EAP-Message         [79] 8
06:36:43: RADIUS:   02 7A 00 06 0D 00                 [ z]
06:36:43: RADIUS: Message-Authenticato[80] 18
06:36:43: RADIUS:   A6 AB 5A CA ED B8 B4 1E 36 00 9D AB 1A F6 B9 E0                [ Z6]
06:36:43: RADIUS: Vendor, Cisco       [26] 49
06:36:43: RADIUS:   Cisco AVpair       [1]   43 "audit-session-id=C0A802FA0000006F016B36D8"
06:36:43: RADIUS: NAS-Port-Type       [61] 6   Ethernet                  [15]
06:36:43: RADIUS: NAS-Port            [5]   6   50011
06:36:43: RADIUS: NAS-Port-Id         [87] 18 "FastEthernet0/11"
06:36:43: RADIUS: State               [24] 80
06:36:43: RADIUS:   33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43 [37CPMSessionID=C]
06:36:43: RADIUS:   30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30 [0A802FA0000006F0]
06:36:43: RADIUS:   31 36 42 33 36 44 38 3B 33 35 53 65 73 73 69 6F [16B36D8;35Sessio]
06:36:43: RADIUS:   6E 49 44 3D 69 73 65 2D 73 65 72 76 65 72 2D 31 [nID=ise-server-1]
06:36:43: RADIUS:   2F 31 37 31 30 32 35 39 38 38 2F 32 34 3B    [ /171025988/24;]
06:36:43: RADIUS: NAS-IP-Address      [4]   6   192.168.2.250
06:36:43: %LINK-3-UPDOWN: Interface FastEthernet0/11, changed state to up
06:36:43: RADIUS: Received from id 1645/99 192.168.2.231:1812, Access-Challenge, len 1134
06:36:43: RADIUS: authenticator 78 36 A3 38 30 1C F0 7A - 19 83 93 81 B4 6B FF 9E
06:36:43: RADIUS: State               [24] 80
06:36:43: RADIUS:   33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43 [37CPMSessionID=C]
06:36:43: RADIUS:   30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30 [0A802FA0000006F0]
06:36:43: RADIUS:   31 36 42 33 36 44 38 3B 33 35 53 65 73 73 69 6F [16B36D8;35Sessio]
06:36:43: RADIUS:   6E 49 44 3D 69 73 65 2D 73 65 72 76 65 72 2D 31 [nID=ise-server-1]
06:36:43: RADIUS:   2F 31 37 31 30 32 35 39 38 38 2F 32 34 3B    [ /171025988/24;]
06:36:43: RADIUS: EAP-Message         [79] 255
06:36:43: RADIUS:   4D 5D 13 47 FC 46 16 EE 62 76 40 09 77 48 31 B6 01 6B 5E 52 33 56 A2 1E 34 [M]GFbv@wH1k^R3V4]
06:36:43: RADIUS:   02 32 39 FA 4D CA 79 18 4A 42 A2 4E 5C BD AE 29 D2 3D D1 5A FC C2 ED 3E E5 FB C6 B8 D8 DE A8 75 EB 3A A5 7D 02 03 01 00 01 A3 81 CD 30 [29MyJBN\)=Z>u:}0]
06:36:43: RADIUS:   81 CA 30 0B 06 03 55 1D 0F 04 04 03 02 01 86 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 14 C4 56 80 A7 C9 18 50 92 EE CC 91 D4 E1 EC DB AD E7 1E 70 A8 30 79 06 03 55 1D 1F 04 72 30 70 [0U0U00UVPp0yUr0p]
06:36:43: RADIUS:   30 6E A0 6C A0 6A 86 32 68 74 74 70 3A 2F 2F 73 79 73 6C [0nlj2http://sysl]
06:36:43: RADIUS:   6F 67 2D 73 65 72 76 65 72 2F 43 65 72 74 45 6E [og-server/CertEn]
06:36:43: RADIUS:   72 6F 6C 6C 2F 46 4D 46 42 5F 54 72 75 73 74 65 [roll/FMFB_Truste]
06:36:43: RADIUS:   64 43 41 2E 63 72 6C 86 34 66 69 6C 65 3A 2F 2F 5C [dCA.crl4file://\]
06:36:43: RADIUS:   5C 73 79 73 6C 6F 67 2D 73 65 72 76 65 72 5C 43 [\syslog-server\C]
06:36:43: RADIUS:   65 72 74 45 6E 72 6F 6C 6C 5C 46 4D 46 42 5F 54 [ertEnroll\FMFB_T]
06:36:43: RADIUS:   72 75 73 74 65 64 43 41 2E         [ rustedCA.]
06:36:43: RADIUS: EAP-Message         [79] 251
06:36:43: RADIUS:   63 72 6C 30 10 06 09 2B 06 01 04 01 82 37 15 01 04 03 02 01 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 63 BA F8 CE D5 8B 0E 94 77 AE 86 6C 37 AB 2F 36 9A B2 85 D5 4A [crl0+70*Hcwl7/6J]
06:36:43: RADIUS:   74 8C 33 F5 93 06 A6 57 8D 39 56 8F 02 08 97 CB C6 08 70 8C 22 1E 5D 1F A8 26 6D 60 1F 05 62 D1 24 AB 03 8C 41 F8 1C F1 F8 C2 87 8B 97 02 71 FC 6A [t3W9Vp"]&m`b$Aqj]
06:36:43: RADIUS:   EB 12 FC DD 8C 5C 9C 2D AF D2 C4 1C 18 1B 40 BE 78 B0 54 55 59 89 03 1B B7 FB 91 85 EE CA C0 18 1C 78 5D 4D BA FA 9E 44 D3 45 53 A3 BE 46 8A FB 81 BD F1 4C B3 3B [\-@xTUYx]MDESFL;]
06:36:43: RADIUS:   D6 66 7E 5B 79 9F 83 53 5E 49 92 B5 7F E5 1A E2 86 8C 83 96 7D 75 A5 1D 08 4E 32 C3 5E EC BF 28 53 EC 53 8A C3 E0 36 [f~[yS^I}uN2^(SS6]
06:36:43: RADIUS:   82 EE AA 0D 38 3E BA 9C 1D D9 24 BD 48 A6 EE 44 BD 95 68 85 CA 8C 44 F8 E8 A2 FB 94 BC 6F 7C F2 06 91 6C A0 A6 BB 7B 7F 56 BD 15 32 A4     [ 8>$HDhDo|l{V2]
06:36:43: RADIUS: Message-Authenticato[80] 18
06:36:43: RADIUS:   DD 82 F7 10 3F C7 B5 62 9B 2A BB 24 16 A7 59 33            [ ?b*$Y3]
06:36:44: RADIUS(00000049): Received from id 1645/99
06:36:44: RADIUS/DECODE: EAP-Message fragments, 253+253+253+249, total 1008 bytes
06:36:44: dot1x-packet:Received an EAP request packet from EAP for mac 0019.b981.e812
06:36:44: dot1x-sm:Posting EAP_REQ on Client=1D68028
06:36:44:     dot1x_auth_bend Fa0/11: during state auth_bend_response, got event 7(eapReq)
06:36:44: @@@ dot1x_auth_bend Fa0/11: auth_bend_response -> auth_bend_request
06:36:44: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_exit called
06:36:44: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_request_enter called
06:36:44: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x7B length: 0x03F0 type: 0xD data: @Cfui[ab2,Jt1){                                                                                                                              2]g&GZ1pIbu;+Ga;iF"jy#
oohuV.aFZ4_|
P0`At   )B
06:36:44: dot1x-ev:FastEthernet0/11:Sending EAPOL packet to group PAE address
06:36:44: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
06:36:44: RADIUS: Message-Authenticato[80] 18
06:36:44: RADIUS:   F5 B0 56 D3 C6 87 BD 10 6E C7 4A 72 5B 5C 60 C5           [ VnJr[\`]
06:36:44: RADIUS: Vendor, Cisco       [26] 49
06:36:44: RADIUS:   Cisco AVpair       [1]   43 "audit-session-id=C0A802FA0000006F016B36D8"
06:36:44: RADIUS: NAS-Port-Type       [61] 6   Ethernet                  [15]
06:36:44: RADIUS: NAS-Port            [5]   6   50011
06:36:44: RADIUS: NAS-Port-Id         [87] 18 "FastEthernet0/11"
06:36:44: RADIUS: State               [24] 80
06:36:44: RADIUS:   33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43 [37CPMSessionID=C]
06:36:44: RADIUS:   30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30 [0A802FA0000006F0]
06:36:45: dot1x-ev:FastEthernet0/11:Sending EAPOL packet to group PAE address
06:36:45: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
06:36:45: dot1x-registry:registry:dot1x_ether_macaddr called
06:36:45: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/11
06:36:45: EAPOL pak dump Tx
06:36:45: EAPOL Version: 0x2 type: 0x0 length: 0x0039
06:36:45: EAP code: 0x1 id: 0x7E length: 0x0039 type: 0xD
06:36:45: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (0019.b981.e812)
06:36:45: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_request_action called
06:36:46: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
06:36:46: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
06:36:46: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
06:36:46: EAPOL pak dump rx
06:36:46: EAPOL Version: 0x1 type: 0x0 length: 0x0006
06:36:46: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/11 CODE= 2,TYPE= 13,LEN= 6
06:36:46: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/11
06:36:46: dot1x-ev:Received pkt saddr =0019.b981.e812 , daddr = 0180.c200.0003,
                    pae-ether-type = 888e.0100.0006
06:36:46: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port Fa0/11 is TRUE

Cisco switches make me crazy

mohamedhalim2 wrote:
i wana an answer to this case pleaseWe aren't Cisco TAC, we are volunteers.mohamedhalim2 wrote:
how can i defaulting this switch , the switsh is switch catalyst 2960 48 portuse the clear config command.
Resetting Catalyst Switches to Factory Defaults - Cisco

i wana an answer to this case please
Yesterday I wanted to erase an cisco switch and delete all the configration file
make it to default , i did evry command line that i know but finaly the switch was make arestat and stoped at this word
switch :
switch :
switch :
switch :
I want to find a solution to this problem please
how can i defaulting this switch , the switsh is switch catalyst 2960 48 port
This topic first appeared in the Spiceworks Community

Nexus 2K to Cisco 2960 IOS Switch

Hi,
I am trying to connect Nexus 2K FEX to Cisco 2960 IOS Switch (Trunk config) and causing spanning tree loop having issues. I am aware that I should't be connecting non host port to 2K FEX but it's corner case. I have done similar setup with Access Port configuration and didn't faced any issues.
Nexus 5K config Config
interface Ethernet107/1/47
switchport mode trunk
switchport trunk allowed vlan 500-501
spanning-tree guard root
spanning-tree bpdufilter enable
interface Ethernet108/1/47
switchport mode trunk
switchport trunk allowed vlan 500-501
spanning-tree guard root
spanning-tree bpdufilter enable
2960-Config
interface GigabitEthernet1/0/47
switchport mode trunk
switchport trunk allowed vlan 500-501
spanning-tree bpdufilter enable
interface GigabitEthernet1/0/48
switchport mode trunk
switchport trunk allowed vlan 500-501
spanning-tree bpdufilter enable
Error Log
%FWM-2-STM_LOOP_DETECT: Loops detected in the network for mac 001b.1700.0130 among ports Eth107/1/47
Eth108/1/47 vlan 500 - Disabling dynamic learn notifications for 180 seconds
Should I configure port as "spanning-tree port type network" and create VPC and "storm-control broadcast level" to stop future occurrence? OR Do i have to configure anything else to prevent spanning-tree loops?
Thanks for your help
Ritesh

Hi,
spanning-tree port type network is used for VPC peer-link. Try creating a new VPC and add ports 107/1/47 and 108/1/47 to it and a Portchannel on the 2960 and test.
HTH

802.1X Switch IOS version

Hi,
I' have realy big layer two access network made of etherogenius Cisco switch with different IOS version and train.
My customer bought ISE (ADVANCED AND BASE LICENSE).
As far I read on DS it is seem that if you have Minimum IOS release 12.2(52) SE you are able to perform COA, reading DS with more attention I notice that cisco raccomend IOS versione 12.2(55)SE3 why ? does it means COA does not work with 12.2(52)SE ?
But more important :
I need a minimum IOS release to perform 802.1x on my wired network ?

Carlo,
Here is the guide that states 12.2(52)SE but the foot note states that for 802.1x authentication you need 12.2(55)SE.
http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html#wp55038
After checking the release notes this solution falls under the Cisco Trustsec which is supported on 12.2(55)SE, there are several features released in 12.2(55)SE such has vlan assignment in multi-auth mode that makes it much easier for Cisco help generate initial configs for their customers.
Here are the release notes:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/release/notes/OL23054.html#wp1047679
Thanks,
Tarik admani

Collecting information from Cisco switchs using SNMP

Dear All,
I have a wide network with more than 250 sites connected using the DSL. the WAN devices are under the provider responsability and the LAN devices are directly in my responsability. In each site, I have :
1 or 2 Cisco switchs (2960 or 3560), connecting via fibr.
or
Linksys switch connected via ethernet cable
and
cisco 877 router connected to switch
cisco 881G router conected to switch
pc and printers
In order to improve the availibilty of our network, we lauch every day a script from local pc to test connectivity of LAN equipements :
ping to switchs (Vlan 1), ping to ip fa0/0 cisco router1, ip cisco router2, ping to HSRP address (of two router). the resulting ini file will be inserted in a database and exported to excel for analysing.
I'm asking if someone can help in order to implement SNMP and let me know the name of cisco MIB to implement to :
- to have from SNMP information, the result of show cdp nei, show interface status, show ip int brief,...
- to have if wan router LAN interface are up,connected
- others usefuls informations.
Thanks and regards,
AA

Hi,
the basic SNMP config for 2960 and 3560 is:
     snmp-server community <> RO
The configuration for SNMP traps to get alerts from the device if there is for example a failure with a fan is:
          snmp-server enable traps
          snmp-server host <> <>
This enables all traps available with your IOS version. You can the disable not wanted traps by using the "no"-command like this.
Example for dot1x traps:
          no snmp-server enable traps dot1x
With a snmp client you can then do a snmpwalk (or snmp get) without a specific OID to get all the SNMP information from the device:
On a Linux server the following command should work:
     snmpwalk -v 2c -c <> -T <>
-v = use SNMP version 2c
-c = use the community string you configured on the device
-T = output in the dotted decimal format
But be careful, this will be a lot of data output.
Here you will find a docu for configuring SNMP on a Cisco device:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf014.html
Sven

Cisco switch/router authentication

hi! is there anyway that i can authenticate user login thru Microsoft AD/IAS to the cisco switch/router without using Cisco ACS or any paid solution? Thx

Hello,
IOS configuration:
Switch(config)#radius-server host 192.168.250.20 key cisco123
Switch(config)#aaa authentication login default group radius local
Switch(config)#aaa authorization exec default group radius local
IAS configuration:
1) Define the RADIUS client entry:
2) Define the IAS Policies:

Changing SSH port in Cisco switches

Hello everyone
I have switches with different platforms 2950 , 3750 , 3560 ...... I want to change the port of SSH , but the command ip ssh port not found ... be informed that the IOS is ipservice type for layer 3 switches

Sorry but you cannot change the port (tcp/22) used by ssh on Cisco switches.
The best practices for securing it it include:
- enforce ssh version 2,
- apply an access-list to your vty lines,
- set a timeout and retry lockout, and
- possibly control plane policing.

Configuring HSRP in Cisco Switches using Dynamips

Dear Friends,
I am in process of configuring hsrp using dynamips
   when i am putting the comand
    SW1(config)#standby 1 ip 10.1.1.10
                                           ^
% Invalid input detected at '^' marker.
   its showing error i,e the command is support by switch ios
Please check the show version command for ios details
"SW1#sh version Cisco IOS Software, 3600 Software (C3640-IK9O3S-M), Version 12.4(7), RELEASE SOF TWARE (fc6) Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Wed 01-Mar-06 00:58 by alnguyen ROM: ROMMON Emulation Microcode ROM: 3600 Software (C3640-IK9O3S-M), Version 12.4(7), RELEASE SOFTWARE (fc6) SW1 uptime is 3 hours, 13 minutes System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0 x0, BOOT_COUNT 0, BOOTDATA 19 System image file is "tftp://255.255.255.255/unknown"    Cisco 3640 (R4700) processor (revision 0xFF) with 94208K/4096K bytes of memory. Processor board ID 00000000 R4700 CPU at 100MHz, Implementation 33, Rev 1.2 16 FastEthernet interfaces DRAM configuration is 64 bits wide with parity enabled. 125K bytes of NVRAM. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 "
Can anyone help me in solving this issue. Any kind of help is greatly appreciated

Hi,
SW1(config)#
you have to be in (layer-3) interface configuration mode, e.g. on a SVI:
R1#conf termR1(config)#interface vlan1R1(config-if)#standby 1 ip 1.1.1.1
Hope that helps
Rolf

Any one ever worked on 6500 series Cisco switches QOS or 6503 or 6524 QOS(Urgent help needed)

Hi All,
I am having issue specifally doing QOS configuration on 6503 or 6524 or 6509 switches. I am unable to match any EF(voice) traffic for eompls(vlan based) on 6503 cisco switch. If i use any other router as 2811 or 2821 my QOS configuration works perfect but if i put 6503 as PE2 it does not work.i am using vlan based eompls.
Below is the scenario & configuration which i am having issue.
CE1(2821 router)(dot1Q)--------->PE1(2821 router)------->P(6524 switch)-------->PE2(6503 switch)------->(dot1Q)(2821 switch)CE2.
On CE1 i can match ip-precedence 5 traffic and mark that traffic to cos5 on outbound port.On PE1 i can match cos5 packet and mark with mpls exp top5 on inbound port, on outbound port i can match mpls exp 5.
On PE2(6503) i am unable to match that mpls exp5 packet on inbound port. none of the configuration worked on 6500 series switches with mls qos, ,mls qos trust dscp,mls qos trust cos etc. Although i can match cos5 traffic on CE2 on inbound interface.i can not match mpls exp 5 traffic on 6503 and all i can see traffic as default-class on 6503 switch. I tried many things and many configurations on 6503 but nothing worked.If i put 2821 router as PE2 instead of 6503 my qos configuration works. but why if i put 6503 my same qos configuration does not work?
---match means=classification or classify
Can anyone tell me how qos works on 6500 series switches or where i am having issue in my scenario.
i am using this ios on 6503: s72033-advipservicesk9_wan-mz.122-33.SXI3.bin.
below r my questions for 6503 qos:
1.do i need to use some other map tables,am i using correct map tables on 6503 as cos-dscp,dscp-cos,exp-dscp etc.
2.any other configutaion of qos needed on 6503?
3.i am unable to match anything on outbound port of 6503.
4.on 6503 i am using sup720 and PFC3BXL.any specific configuration needed for PFC3bxl.
5. 6503 not allowing me to match qos-group on inbound interface, not allowing me to set cos5 on outbound interface. not allowing me to set cos5 as an inbound interface.
CE1(2821) config:
class-map match-any EF
match ip precedence 5
class-map match-any data
match ip precedence 3
policy-map ip2mpls
class EF
set cos 5
class data
set cos 3
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.455
encapsulation dot1Q 455
ip address 172.16.15.1 255.255.255.252
service-policy output EF
PE1(2821) config:
mls qos map cos-dscp 0 8 16 24 32 40 48 56
class-map match-all exp_3
match mpls experimental topmost 3
class-map match-all mpls_exp
match mpls experimental topmost 5
class-map match-any cos3
match cos 3
class-map match-any LOO1
match cos 5
policy-map EF
class LOO1
set mpls experimental imposition 5
class cos3
set mpls experimental imposition 3
policy-map QOS_G_5
class mpls_exp
priority
class exp_3
bandwidth 500
interface Loopback0
ip address 3.3.3.3 255.255.255.255
interface FastEthernet0/0
ip address 192.168.23.2 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
mpls ip
service-policy output QOS_G_5
interface FastEthernet0/1.455
encapsulation dot1Q 455
xconnect 5.5.5.5 455 encapsulation mpls
service-policy input EF
PE2(6503 qos):
R1#show module
Mod Ports Card Type Model Serial No.
1 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL09401U2L
2 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL114247YN
3 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC SAL0712AM69
4 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAL10019J4N
5 2 Supervisor Engine 720 (Hot) WS-SUP720-3BXL SAD102805VM
6 2 Supervisor Engine 720 (Active) WS-SUP720-BASE SAD0846060F
Mod Sub-Module Model Serial Hw Status
1 Distributed Forwarding Card WS-F6700-DFC3BXL SAD102504EF 5.3 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAD111300PD 3.1 Ok
4 Centralized Forwarding Card WS-F6700-CFC SAL1004BQ2A 2.0 Ok
5 Policy Feature Card 3 WS-F6K-PFC3BXL SAD10270189 1.8 Ok
5 MSFC3 Daughterboard WS-SUP720 SAD102801G5 2.5 Ok
6 Policy Feature Card 3 WS-F6K-PFC3BXL SAL1415FE95 1.11 Ok
6 MSFC3 Daughterboard WS-SUP720 SAD08440794 2.4 Ok
R1#show mls qos maps
Normal Burst Policed-dscp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 01 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 01 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Maximum Burst Policed-dscp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Dscp-cos map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Dscp-exp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
dscp: 0 10 18 24 34 46 48 56
IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56
Exp-dscp map:
exp: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56
mls netflow interface
mls qos map cos-dscp 0 10 18 24 34 46 48 56
mls qos
class-map match-all exp_3
match mpls experimental topmost 3
class-map match-all EXP_5
match mpls experimental topmost 5
class-map match-all QOS_GROUP_5
match qos-group 5
class-map match-all prec5
match ip precedence 5
class-map match-all cos5
match cos 5
policy-map mpls2ip
class QOS_GROUP_5
set cos 5
policy-map IN_FROM_R3
class EXP_5
set qos-group 5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
interface GigabitEthernet2/2
mls qos trust cos
or <------------ (tried both individually but none worked)
mls qos trust dscp
interface GigabitEthernet2/2.455
encapsulation dot1Q 455
xconnect 3.3.3.3 455 encapsulation mpls
service-policy output mpls2ip
interface GigabitEthernet2/1
ip address 192.168.34.4 255.255.255.0
ip ospf network point-to-point
mls qos trust cos
or <------------ (tried both individually but none worked)
mls qos trust dscp
mpls ip
service-policy input IN_FROM_R4
Thanks & regards,
Ahsan Rasheed

Hi All,.
I am still having issue on 6503 or 6524 Cisco Switch.
" Can any one give me any sample of 6524 or 6503 QOS working configuration, i would be really thankful "
As i have mentioned in my prevoius post of configuration of 6503. I am unable to match mpls exp 5 packet on 6503. My qos configuration on PE1(2811 router) is working perfectly. I am unable to classify mpls ex5 or mpls exp3 on 6503 switch. Am i missing something on configuration?
PE2 config:"6503 switch"
class-map match-all mpls_exp
match mpls experimental topmost 5
policy-map EF
class mpls_exp
R!#mls qos
int Gi2/4
service-policy input EF
mls qos trust cos
dscp: 0 10 18 24 34 46 48 56
Exp-dscp map:
exp: 0 1 2 3 4 5 6 7
dscp: 0 10 18 24 34 46 48 56
Thanks,
Ahsan Rasheed

Cisco Switches (2960 Series) Management

We are managing these devices using HP OpenView Network Node Manager (Ver. 7.5) on HP-UX platform.
What are the known problems, limitations on its initial discovery and on later stages of managing the same ?

The Cisco Catalyst 2960 Series supports the Cisco IOS LAN BASE software image. This software image is a rich suite of intelligent services that is also available in a crypto image at no additional charge.
Cisco Network Assistant also offers centralized management and configuration of Cisco switches and other Cisco devices such as routers and wireless access points. With Cisco Network Assistant, in addition to configuring multiple switches at a time, you can configure Cisco wireless access points, and invoke the Device Manager on Cisco routers and access points. Cisco Network Assistant can be downloaded (available at no cost).
This URL should help you:
http://www.cisco.com/en/US/products/ps5931/index.html

Any script to let me find out which Cisco switches have RSA key less than 800 bit?

Hi,
Imagine I have 500 Cisco switches (2950, 3750, 4507), IOS 12.3 but some may have different IOS level.
I know that some of these switches got 'cry key gen rsa' key size = 512.
I need to have key size = 800 bit.
We do not have Cisco Works in place. Someone in my organization tells me that I would need all these switches at 800 bit otherwise CiscoWorks can't login to it. Does that make sense? I am not sure if I understand that correctly.
Question:
If it is true that CiscoWorks can't access such switches and let me change that setting automatically, do you know any script which I could use to let me run against a list of IP addresses and query the switches to find out where RSA key is 800 bits? If it is not 800 bit, I would like to log a message so that I could go manually to the switch to re-execute 'cry key gen rsa' and do 800 bit instead.

IOS 12.3 doesn't run on any of these switches.
LMS can login to switches with an RSA modulus of 512 bits. It will just use SSHv1 instead of v2. I do not know of any pre-built scripts to change the modulus size; however, it would be relatively trivial to do with expect. You could deploy one command to avoid the interactivity:
crypto key generate rsa gen mod 800

Any possibility of upgrading 2950 switch IOS

Hi,
I would like to know if possible to upgrade my cisco 2950 switch IOS from Standard to Enhanced Image, As I notice from some one that it comes standard box with no uograde capabilities.
Is that means as hardware upgrade or IOS Image Upgrade?
Ankur : u have helped me before but I am still confused.
thanks,

The ability to run either the SI or EI features on the 2950 is hardware dependant. If you have a look at the release notes for the latest IOS there is a table about 2 pages in detailing the various 2950's available and whether they run the SI or EI features.
The actual IOS software image is the same for both the EI & SI switches but only the EI features are available on the platforms that support it.
The 2950-12, 2950-24, 2950SX-24, 2950SX-48-SI and 2950T-48-SI only have the SI features, it looks like all the others run the EI.
HTH
Andy

Tacacs+ Enable password is not working on Cisco Switch

Ladies/Gents,
I am facing issues when enabling tacacs authentication on my cisco switch, aaa login/password is working, aaa enable is not. Underneath details of my devices.
Cisco ACS 1121: version 5.1
Cisco Switch 3560: ios ver 15
I also attached here some documents for your review and comment (switch aaa configuration, debug aaa authentication, acs captured screen)
Hoping to receive an update and comment from you soon.
Thanks,
Arnold

Hi Edward,
I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.
1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.
2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.
Note:
I also attached here the captured screen and debug result for the "shell profiles"

Cisco switch IOS deletion

Similar Messages

Maybe you are looking for