Dot1x from catalyst 2960 to rsa

Similar Messages

• Moving VLAN config from catalyst 2960 to SG300

  Dear all,
  my existing catalyst 2960 config for vlans:
  interface FastEthernet0/2
   description 3Com Switch
   switchport access vlan 10
   switchport mode access
  interface FastEthernet0/5
   description to Cyberoam
   switchport mode trunk
  interface FastEthernet0/18
   switchport access vlan 40
   switchport mode access
  interface FastEthernet0/19
  interface FastEthernet0/20
   switchport access vlan 20
   switchport mode access
  interface FastEthernet0/21
  interface FastEthernet0/22
  interface Vlan1
   no ip address
   no ip route-cache
  interface Vlan10
   ip address 192.168.0.51 255.255.255.0
   no ip route-cache
  Inside trunk there are VLAN10 (native), VLAN20,30,40
  now, when I try to configure the same on SG300 I get trunk issues - no VLAN10 (native) inside trunk.
  Regards
  GN

  Hi Mlechte, I cheated on your question a bit. I have used two SG300-52 switches. I am able to accomplish what you're asking with these models.
  On my master switch the configuration fundamental is simple. For argument sake, I disabled all CDP. I create vlan 100 for voice. Assigned my voice vlan 100. I enabled LLDP on every port. I enabled every optional TLV on every individual port.
  I then connected a 100% factory default SG300-52 to the 'master switch'. After about 3 minutes the VSDP created the voice vlan, the link between switches became 1u, 100t. The vlan database populated the vlan 100 and everything just worked nicely.
  So, to answer your inquiry, if your 2960 supports the same TLVs it should work okay.
  I do recommend you use the SX300 series, it is a much more robust switch, supports full CLI and has a lot better feature set. A SG300-08 (srw2008-k9-na) is around $250. The SG200-08 is about a $100 cheaper. The difference between models is astronomical and a much better investment.
  Please review
  console_log_master  <--This is the switch that will advertise to the downstream
  console_log_receive <-- This is a default switch that received the LLDP information
  -Tom
  Please rate helpful posts

• Bandwidth monitoring on a Catalyst 2960

  Hello all, I'm working with two Catalyst 2960 switches and I would like to know if there is a way to monitor bandwidth on individual ports. Ideally I would like to have one graph showing a bandwidth usage reading on each port. I tried using the Network Assistant to accomplish this, but I was only able to view one port at a time. I also tried using a traffic graphing program from Paessler, but a MIB file is needed to allow the program to connect to the switch. When I ran a search on the network management page the 2960 was not on the list for MIB supported products. Is this type of graph possible to do? Or is there a more effective way to accomplish what I would like to do. Any ideas or suggestions would be helpful.

  Hi, we have just swapped all our avaya switches with catalyst 2960 (12, 24 and 48 ports) and 3750 (48 ports with 10gig module).
  How do I find what port I should monitor for bandwith graphs?
  Target[10.0.0.22_loc1]: 1:@10.0.0.22:

• Catalyst 2960 SF Stacking

  Hi
  I am stacking 6 Catalyst 2960 SF Series PoE 48 ports, I am using the Bladestack cable. I plug it in from 1 to 2 on all the switches. If I look at the lights it shows 4 in on group and 2 in another. If I do a show switch detail it shows the following
  Switch/Stack Mac Address : 44ad.d982.a100
                                             H/W   Current
  Switch#  Role   Mac Address     Priority Version  State
  1       Member 5006.0425.7e00     1      1       Ready              
  *2       Master 44ad.d982.a100     1      1       Ready              
  3       Member 5006.0435.bc00     1      1       Waiting            
  4       Member 5006.04d8.7000     1      1       Ready              
           Stack Port Status             Neighbors    
  Switch#  Port 1     Port 2           Port 1   Port 2
    1       Down        Ok              None       2
    2        Ok         Ok                4        1
    4       Down        Ok              None       2

  Hi , i think only four 2960 SF switches can be stacked into a singe logical switch.
  Please refer the link , hope this helps:
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/white_paper_c11-578928.html

• Cisco Network Assistant MAC search in Catalyst 2960

  Hi,
  Since I updated a Catalyst 2960 switch to IOS version 12.2(55)SE1 I can't do searchs by MAC address, when I do "Monitor->Search" the following error appears:
  "The software version of the selected switch does not support some of the CLI commands in read-only mode for this window. You must have read-write access to this switch to display complete information in this window"
  If packets are captured you can see that the issued command by the CNA host is "GET /exec/show/mac-address-table/", the answer from the switch is:
  "show mac-address-table
                  ^
  % Invalid input detected at '^' marker.
  If I do "Configure->Switching->MAC Address" instead I get the mac address-table correctly. In this case the issued command is "GET /exec/show/mac/address-table/dynamic" and no error is displayed, the answer from the switch is the list of mac-address table.

  I have some site admins that use CNA.  I just upgraded their LAN to 3560v2 switches running 12.2(58)SE2 and had them upgrade their CNA software to CNA 5.7(6).  They reported the same error.
  I think you clearly indentified the problem.  At one time the IOS command parser accepted both "show mac-address" and "show mac address".  At some point IOS stopped accepting the older "show mac-address" format, and CNA is still issuing this command regardless of the IOS version it is trying to manage.

• 802.1x on Cisco Catalyst 2960

  I am trying to enable 802.1x on one of
  the switchports of the Cisco Catalyst
  2960:
  C2960#sh run | i radius
  aaa authentication login test group radius local
  aaa authentication dot1x default group radius
  radius-server host 10.250.97.26 auth-port 1812 acct-port 1813
  radius-server source-ports 1645-1646
  radius-server key 123456
  C2960#sh run | i dot
  aaa authentication dot1x default group radius
  dot1x system-auth-control
  dot1x guest-vlan supplicant
  dot1x critical eapol
  C2960#conf t
  Enter configuration commands, one per line. End with CNTL/Z.
  C2960(config)#int g0/14
  C2960(config-if)#dot1x ?
  % Unrecognized command
  C2960(config-if)#dot1x
  As you can see, I can not enable 802.1x
  at the interface level. The code is am running is 12.2.25SEE4:
  Switch Ports Model SW Version SW Image
  * 1 24 WS-C2960G-24TC-L 12.2(25)SEE4 C2960-LANBASEK9-M
  System image file is "flash:c2960-lanbasek9-mz.122-25.SEE4.bin"
  According to Cisco, this image supports
  802.1x. Why can't enable it at the
  interface level?
  Can someone help me out? Thanks.

  some additional info:
  C2960#sh dot1x all
  Sysauthcontrol Enabled
  Dot1x Protocol Version 2
  Critical Recovery Delay 100
  Critical EAPOL Enabled
  C2960#

• View-only access to Catalyst 2960/2960S device manager

  I have noticed that when I access the (Web-based) device manager on a Catalyst 2960 or 2960S switch, the authentication prompt (from within IE, at least) includes the phrase, "The server <switch-hostname> at level_15_or_view_access requires a username and password." This would seem to imply that it's possible to configure view-only (a.k.a. read-only) access to the device manager, which would be perfect for first-level support personnel (in our environment). I reviewed the information on how to configure local authentication for the Web server (leveraging "ip http authentication local" among other commands), but the examples are a bit too broad for me understand how to specifically (and only) allow someone coming in via HTTP(S) to gain read-only access to the device manager. (Command line access should be denied entirely for the view-only user, if possible, or at least limited to commands that can't modify the switch's configuration.) Assuming this is possible, could someone cite the command sequence required?
  Thanks,
  Mike

  Hi,a customer want a user which has view-only rights on his catalyst switches. I created a user whit privilige level 7.If you log into the CLI everything is fine. But by trying to log into the web page the system wants a level 15 user.Is their any possibility to grant the level 7 user "view-only" rights on the Catalyst Device Manager?Thanks.Thanks.
  Hi,
  Check out the below link for SDM for read only user configuration
  http://conft.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/application/notes/SDMcli.pdf
  Hope to Help !!
  Ganesh.H
  Remember to rate the helpful post

• Problem GLC-T with Catalyst 2960

  Hi Team
  We happen case GLC-T with Catalyst 2960 Hang , It can't work 
  We was reload switch but same ( GLC-T with Catalyst 2960 Hang)
  and use command bellow  
  Switch97#
  Switch97#
  Switch97#sh int gi 1/0/26 transceiver 5 transceiver de
  Switch97#sh int gi 1/0/25 transceiver detail 
  hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry fail
  hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry fail
  hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry failDiagnostic Monitoring is not implemented.
  Switch97#
  Switch97#
  Switch97#sh int gi 1/0/25 transceiver detail 6 transceiver        de
  Switch97#sh int gi 1/0/26 transceiver detail 
  hulc_sfp_iic_intf_read_eeprom sfp _index 1 yeti_iic_read_retry fail
  hulc_sfp_iic_intf_read_eeprom sfp _index 1 yeti_iic_read_retry fail
  hulc_sfp_iic_intf_read_eeprom sfp _index 1 yeti_iic_read_retry failDiagnostic Monitoring is not implemented.
  We try IOS Software EX3, EX4, EX5 and 15-2.2 but can't problem 
  Please suggest case to me

  cisco WS-C2960X-24TS-L (APM86XXX) processor (revision A0) with 524288K bytes of memory.
  Processor board ID FCW1832A38M
  Last reset from power-on
  1 Virtual Ethernet interface
  1 FastEthernet interface
  28 Gigabit Ethernet interfaces
  The password-recovery mechanism is enabled.
  512K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address       : F0:9E:63:F7:8B:00
  Motherboard assembly number     : 73-15973-02
  Power supply part number        : 341-0529-02
  Motherboard serial number       : FOC183234M6
  Power supply serial number      : LIT18220612
  Model revision number           : A0
  Motherboard revision number     : A0
  Model number                    : WS-C2960X-24TS-L
  Daughterboard assembly number   : 73-14200-03
  Daughterboard serial number     : FOC18319MMY
  System serial number            : FCW1832A38M
  Top Assembly Part Number        : 800-41470-01
  Top Assembly Revision Number    : A0
  Version ID                      : V03
  CLEI Code Number                : CMMMU00ARB
  Daughterboard revision number   : A0
  Hardware Board Revision Number  : 0x12
  Switch Ports Model              SW Version            SW Image                 
  *    1 28    WS-C2960X-24TS-L   15.0(2)EX3            C2960X-UNIVERSALK9-M  

• Catalyst 2960 vs 3750

  Long time reader here but first time poster. I am looking into upgrading our network switches soon and I'm trying to decide on a design now. Let me give some background information on the network.
  Currently we have a Catalyst 5513 with a Supervisor II, ten 24 port 10/100 cards and a 12 port fiber card installed. There are also two 48 port Alcatel switches that are uplinked to the 5500 as well as six Catalyst 2900XLs (on the factory floor) uplinked to it via fiber. There are about 40 servers and 350clients in total in the building. All servers and most of the clients in the office are connected directly to the 5513. We will be consolidating buildings soon and plan on adding another 200 devices to the network (office and factory floor area).
  I was thinking we should get two Catalyst 3750G-48TS and a 3750G-12S in a stack for the core switch. Then use Catalyst 2960-48TC-L switches uplinked to the 3570 stack for the access layer. Does this make more sense than directly connecting all the clients and servers directly to the 3570 stack? What would be the advantages/disadvantages of each setup besides cost?
  Thanks for any help you can provide!

  I tend to go with a more modular approach and hang nothing off my core except otehr switches. Put your servers on their own switches as well. There are a few reason i do it this way.
  The first is I run two cores for redunacy. by giving servers their own access layer switch, i can isolate them from a core failure.
  Second, ports on a core switch tend to be more expensive. I know I'm going to be adding servers in the next few years. Its cheaper for me to buy more 3560's then more blades for a 6500.
  Third, modularity. I can make more changes to either the core, or edge switches and not effect the other. Say you find out down the road, that the 3750 stack isnt quite moving the number of packets you need. If you plug end users and servers into your core now, just picture how much of a bear it will be to replace the core. Always try to go the route that will give you maximum flexibility and growth.

• Catalyst 2960 after upgrade

  hello,
  I have a Catalyst 2960 series switch after upd blocked by the Web console,
  I turned on the switch and connected the console cable but it does not reponds, LED Lighted system remains,
  I feel that the update process was interrupted because that I was trying to update the others switchs at the same time,and all switch are cascaded,
  can you please help me?
  Regards,

  If you've tried two or three different clients and you can't get anything (not even garbage characters) from console then there's a sure chance the appliance is toast.
  Your remedial action would be to raise a TAC Case and get the appliance RMA-ed.

• Can't see Catalyst 2960 48TT

  I had to connect a new Catalyst 2960 48TT switch to my Network. Which is connected straight to port two in Catalyst 3750G 48+4. I have three other already connected: 2 x Catalyst 2960 48TT and 1 Catalyst 2960 48TC.
  The problem is I can not see the newly connected switch in Cisco Network Assistant.  I see the other two switches but not the new one.
  I have couple of computers connected to the new switch which are working fine.
  I changed the main cables which go from 3750G to the other switches.
  The network is working fine, the connected compuetrs have internet...
  Can someone please help...?

  ....Port Settings, on the 3750G(port 2)...
  (ALL the ports are set correctly, on all the switches)
  Status: enable
  Duplex: auto
  speed: auto
  PortFast: enable when static access
  Flow ctrl: off
  Auto MDIX: on
  VLAN SETTINGS:
  Administrative port: 802.1Q Trunk
  trunk allowed VLAN:1,2,5,10,15,20.....
  Pruning VLAN: 2-1001
  Native VLAN: 1

• Catalyst 2960 switch

  Hi all,
  I'm using switch Catalyst 2960. I use pc for console, I want to packet from a device to switch, I saw that Switch only receive bytes but not receive packets, I don't know why? I console switch, " show interfaces stats". Thank you very much.

  Post the complete output to the command "sh interface <BLAH>".

• SFP Mini-GBIC for Catalyst 2960

  We are looking at getting the SFP Mini-GBIC from HP HP-J4858C.  This transceiver module is Gigabit-SX-LC Mini-GBIC.  Will this module work on our Catalyst 2960 PoE switches and will it also work using a MultiMode fiber?

  I've used non-Cisco GBICs successfully in Cisco gear. In the event of a problem related to the link, the TAC MAY refer you back to the HP or suggest using a Cisco transceiver.
  Running a multimode connection that close to the length limit is not the best idea but if that's all you have installed (and you can't get a single mode link installed) then it is what it is. A single mode GBIC WILL NOT operate over multimode fiber.
  The high level specs cite distance but the real indicator of usability is better characterized by loss. As long as you getting adequate light levels at the receiver, you will be OK. Problem is, it's not easy to tell light levels (on a non-SMD type transceiver such as Leo suggested) without some relatively costly measurement equipment.

• NAC modes supported by the Catalyst 2960

  Hello, we want to be able to use NAC with agentless hosts. From my reading the NAC-L2-IP and NAC-L3-IP modes are the only modes that support NAH's.
  Are these two modes supported by The Catalyst 2960 switch?

  This should answer your question:
  http://www.cisco.com/en/US/netsol/ns628/networking_solutions_package.html
  Note: you can find it off of:
  cisco.com/go/nac
  Hope it helps,
  David.

• SNMP, Query dot1dStpPortState on Catalyst 2960-S

  Hi Community,
  I would like to be able to query the dot1dStpPortState obect on the Catalyst 2960-S on our LAN . Im running firmware
  c2960s-universalk9-mz.122-55.SE2.bin and according to the Cisco SNMP Object Navigator the object is supported (via the BRIDGE-MIB).
  However when i query using snmpwalk from my workstation :
  snmpwalk -v 2c -c bic-zua-ro 10.u.y.x 1.3.6.1.2.1.17.2.15.1.3
  I recieve and error .
  SNMPv2-SMI::mib-2.17.2.15.1.3 = No Such Instance currently exists at this OID
  For the sake of comparison, querying our 4700 :
  snmpwalk -v 2c -c bic-zua-ro 10.u.y.x 1.3.6.1.2.1.17.2.15.1.3
  returns (as expected, cropped)
  SNMPv2-SMI::mib-2.17.2.15.1.3.1 = INTEGER: 5
  SNMPv2-SMI::mib-2.17.2.15.1.3.3 = INTEGER: 5
  SNMPv2-SMI::mib-2.17.2.15.1.3.40 = INTEGER: 5
  SNMPv2-SMI::mib-2.17.2.15.1.3.67 = INTEGER: 5
  SNMPv2-SMI::mib-2.17.2.15.1.3.104 = INTEGER: 5
  SNMPv2-SMI::mib-2.17.2.15.1.3.257 = INTEGER: 5
  SNMPv2-SMI::mib-2.17.2.15.1.3.258 = INTEGER: 5
  SNMPv2-SMI::mib-2.17.2.15.1.3.259 = INTEGER: 5
  Is there some special configuration i need to do on our 2960's. The only snmp related settings i can see in the running config is snmp-server community. In this case :
  snmp-server community bic-zua-ro RO
  Thanks in advance for any comments/ assistance.
  Rgds
  Ian

  Hi Vinod,
  Wow, thanks for your prompt reply. Output from filtered running config pasted below
  TVS-Stack17#sh run | inclu snmp
  snmp-server community bic-zua-ro RO
  Interestingly when i walk the entire dot1dBridge (1.3.6.1.2.1.17) i recieve lots of data from both dot1dBase (1) and dot1dTp (4) but nothing from dot1dStp (2)
  I tried portAdditionalOperStatus and did not recieve any response but got lots of data from its patent  portEntry (1)
  Running show spann on the 2960 stack i can see various ports in forwarding and blocking start as i would expect.
  Rgds,
  Ian