Guest-vlan; catalyst 2960

Similar Messages

• Moving VLAN config from catalyst 2960 to SG300

  Dear all,
  my existing catalyst 2960 config for vlans:
  interface FastEthernet0/2
   description 3Com Switch
   switchport access vlan 10
   switchport mode access
  interface FastEthernet0/5
   description to Cyberoam
   switchport mode trunk
  interface FastEthernet0/18
   switchport access vlan 40
   switchport mode access
  interface FastEthernet0/19
  interface FastEthernet0/20
   switchport access vlan 20
   switchport mode access
  interface FastEthernet0/21
  interface FastEthernet0/22
  interface Vlan1
   no ip address
   no ip route-cache
  interface Vlan10
   ip address 192.168.0.51 255.255.255.0
   no ip route-cache
  Inside trunk there are VLAN10 (native), VLAN20,30,40
  now, when I try to configure the same on SG300 I get trunk issues - no VLAN10 (native) inside trunk.
  Regards
  GN

  Hi Mlechte, I cheated on your question a bit. I have used two SG300-52 switches. I am able to accomplish what you're asking with these models.
  On my master switch the configuration fundamental is simple. For argument sake, I disabled all CDP. I create vlan 100 for voice. Assigned my voice vlan 100. I enabled LLDP on every port. I enabled every optional TLV on every individual port.
  I then connected a 100% factory default SG300-52 to the 'master switch'. After about 3 minutes the VSDP created the voice vlan, the link between switches became 1u, 100t. The vlan database populated the vlan 100 and everything just worked nicely.
  So, to answer your inquiry, if your 2960 supports the same TLVs it should work okay.
  I do recommend you use the SX300 series, it is a much more robust switch, supports full CLI and has a lot better feature set. A SG300-08 (srw2008-k9-na) is around $250. The SG200-08 is about a $100 cheaper. The difference between models is astronomical and a much better investment.
  Please review
  console_log_master  <--This is the switch that will advertise to the downstream
  console_log_receive <-- This is a default switch that received the LLDP information
  -Tom
  Please rate helpful posts

• 802.1x on Cisco Catalyst 2960

  I am trying to enable 802.1x on one of
  the switchports of the Cisco Catalyst
  2960:
  C2960#sh run | i radius
  aaa authentication login test group radius local
  aaa authentication dot1x default group radius
  radius-server host 10.250.97.26 auth-port 1812 acct-port 1813
  radius-server source-ports 1645-1646
  radius-server key 123456
  C2960#sh run | i dot
  aaa authentication dot1x default group radius
  dot1x system-auth-control
  dot1x guest-vlan supplicant
  dot1x critical eapol
  C2960#conf t
  Enter configuration commands, one per line. End with CNTL/Z.
  C2960(config)#int g0/14
  C2960(config-if)#dot1x ?
  % Unrecognized command
  C2960(config-if)#dot1x
  As you can see, I can not enable 802.1x
  at the interface level. The code is am running is 12.2.25SEE4:
  Switch Ports Model SW Version SW Image
  * 1 24 WS-C2960G-24TC-L 12.2(25)SEE4 C2960-LANBASEK9-M
  System image file is "flash:c2960-lanbasek9-mz.122-25.SEE4.bin"
  According to Cisco, this image supports
  802.1x. Why can't enable it at the
  interface level?
  Can someone help me out? Thanks.

  some additional info:
  C2960#sh dot1x all
  Sysauthcontrol Enabled
  Dot1x Protocol Version 2
  Critical Recovery Delay 100
  Critical EAPOL Enabled
  C2960#

• Troubleshooting Fiber Connection on a Catalyst 2960

  I am trying to test my fiber connectivity on a Catalyst 2960 before I deploy it. So what I thought I would do is connect it to another switch in my office with a open port for the fiber connection. The other switch is a Catalyst 3560G. Here are the port configurations:
  interface GigabitEthernet0/2
  switchport trunk allowed vlan 1,100
  switchport mode trunk
  macro description cisco-switch
  interface GigabitEthernet0/25
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,100
  switchport mode trunk
  The first one is the catalyst 2960 and the 3560G is the second.
  When you show the interface for each of these it shows that it recognizes the media but the line protocal and the GigbitEthernet Port is down.
  Any Ideas?

  Sorry... a fiber optic cable with a connector on each end.
  To aid in troubleshooting, many times we loopback the signal back to the originating device. An optical loopback is just connecting the transmit (Tx) to the receive (Rx).
  The multimode SFP/GBIC transceiver you are using will allow you to directly connect the Transmit and Receive ports without damage to the unit. This should provide you with a green link LED.
  If so, then you can reconnect your fibers and loopback (connect the two fibers together) at the far end of the fiber link (use an optical adapter) and see if you get a green LED.

• Catalyst 2960 Problem with Cisco SPA512

  Hi there,
  I hope someone can help me.
  I don't have much experience with switches, I'm doing the desktop support in our company.
  We have Catalyst 4510 R+E to 2 Catalyst 2960 switches and seperate VLAN's for IP Phones and for Internet in one part of our office.
  Now I'm running into trouble with some IP Phones that are connected to the 2960 switches. It appears only to happen with Cisco's SPA-512. I've tried FW 7.5.2, 7.5.5 and 7.5.5b. These phones sporadically drop the call / connection, with the red MIC button blinking. Based on my research this means that it looses Internet connection. I have 1 SPA512 with FW 7.5.1 that does not show these symptoms.
  I have other phones SPA942 and Polycom IP335 in the same area behind the same switches and no issues.
  We've tried to disable auto negotiate and set a fixed transmition rate or either 1Gbps and 100Mbps, both without success.
  I also have SPA512 in other areas of the office just connected to our Catalyst 4510 R+E and they work just fine. That's why I don't believe it has anything to do with the 4510, but I can be wrong.
  That's all I have for you guys. Hope someone can help me to fix / troubleshoot this..
  Frank

  SSwitch3#test cable-diagnostics tdr int g1/0/16
  TDR test started on interface Gi1/0/16
  A TDR test can take a few seconds to run on an interface
  Use 'show cable-diagnostics tdr' to read the TDR results.
  SSwitch3#show cable-diagnostics tdr int g1/0/16
  TDR test last run on: June 27 13:39:21
  Interface Speed Local pair Pair length        Remote pair Pair status
  Gi1/0/16  1000M Pair A     52   +/- 10 meters Pair A      Normal
                  Pair B     52   +/- 10 meters Pair B      Normal
                  Pair C     52   +/- 10 meters Pair C      Normal
                  Pair D     52   +/- 10 meters Pair D      Normal
  SSwitch3#

• 802.1X with Guest vlan support IOS version ???

  I don't know, Whitch IOS version support 802.1X with Guest vlan to Catalyst 2950 and 3550 switch
  please reply to my question.

  Tkank for your help.
  Also, Cisco web is explained , except for Catalyst 2950 Standard Image (SI) in IOS 12.1(22)EA3
  but I can't understand, My site is using catalyst 2950 SI to 802.1X and guest vlan in IOS image 12.1(22)EA3
  ex) TW_14F_A_C2950_32.8#sh ver
  Cisco Internetwork Operating System Software
  IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA3, RELEASE SOFTWARE (fc1)
  Running Standard Image
  24 FastEthernet/IEEE 802.3 interface(s)
  Model number: WS-C2950-24
  please, reply for my question

• Catalyst 2960-x Tel 1 and g49, bug

  Hi Cisco Community
  I am experiencing a very strang bug or it's just a "feature". We are setting up 3 Catalyst 2960-x (EX5) as a stack. Te 1/0/1 and Te 2/0/1 are bundled as Etherchannel. (works fine "In-channel-group")
  But we just can not connect anything else to Te 1/0/2 or Te 2/0/2. 
  When i checked the "sh run" i noticed that there are the Ports g49 and g50. What should be Te 1 and Te 2.
  interface GigabitEthernet1/0/49
   switchport access vlan 901
   switchport trunk native vlan 901
  interface GigabitEthernet1/0/50
   switchport trunk allowed vlan 1,10,20,30,40,50,761,901
  interface TenGigabitEthernet1/0/1
   description Ecosw2-1:Te1
   switchport trunk allowed vlan 1,10,20,30,40,50,761,901
   switchport mode trunk
   srr-queue bandwidth share 1 30 35 5
   priority-queue out
   mls qos trust cos
   macro description cisco-switch
   auto qos trust
   spanning-tree link-type point-to-point
   spanning-tree vlan 1,10,20,30,40,50,60,761,901 port-priority 64
   channel-group 1 mode active
  interface TenGigabitEthernet1/0/2
   description Ecovm05:1
   switchport access vlan 901
   switchport trunk native vlan 901
  Connecting my Blade to Te 1/0/2 or g50 just will not bring up any link.
  Can somebody help me out here?
  Best regards

  Hello Ajay,
  This is hardware failure. Please replace it.
  Another useful post i found 
  https://supportforums.cisco.com/discussion/12251826/brom-boot-2960xr-switch
  Hope this helps
  ******Please rate useful posts******
  Thanks,
  Madhu

• Can't see Catalyst 2960 48TT

  I had to connect a new Catalyst 2960 48TT switch to my Network. Which is connected straight to port two in Catalyst 3750G 48+4. I have three other already connected: 2 x Catalyst 2960 48TT and 1 Catalyst 2960 48TC.
  The problem is I can not see the newly connected switch in Cisco Network Assistant.  I see the other two switches but not the new one.
  I have couple of computers connected to the new switch which are working fine.
  I changed the main cables which go from 3750G to the other switches.
  The network is working fine, the connected compuetrs have internet...
  Can someone please help...?

  ....Port Settings, on the 3750G(port 2)...
  (ALL the ports are set correctly, on all the switches)
  Status: enable
  Duplex: auto
  speed: auto
  PortFast: enable when static access
  Flow ctrl: off
  Auto MDIX: on
  VLAN SETTINGS:
  Administrative port: 802.1Q Trunk
  trunk allowed VLAN:1,2,5,10,15,20.....
  Pruning VLAN: 2-1001
  Native VLAN: 1

• Catalyst 2960 and SGE500 switches

  Hi,
  Can we  on the same network use Cisco Catalyst 2960 and Cisco SGE500 switches and share the same VLANs ?

  Hi,
  I didn't find VLAN support in key feautures of SGE500 but I'm sure it is there. For VLAN sharing you must configure trunk between switches. The number of VLAN must be the same (exluded some cases).
  For sharing VLAN information (VLAN count, names etc) the switches must support VTP protocol, not sure that SGE500 support it. But VTP is not necessary for trunking between switches.

• Catalyst 2960 XR support standar IEEE 802.3i

  Hi
  The Catalyst 2960 XR support standar IEEE 802.3i?.
  becouse the datasheet not is present.
  Best regards.

  Data Sheet doesnt cover this standard:
  tandards
  ● IEEE 802.1D Spanning Tree Protocol
  ● IEEE 802.1p CoS Prioritization
  ● IEEE 802.1Q VLAN
  ● IEEE 802.1s
  ● IEEE 802.1w
  ● IEEE 802.1X
  ● IEEE 802.1ab (LLDP)
  ● IEEE 802.3ad
  ● IEEE 802.3af
  ● IEEE 802.3ah (100BASE-X single/multimode fiber only)
  ● IEEE 802.3x full duplex on 10BASE-T, 100BASE-TX, and 1000BASE-T ports
  ● IEEE 802.3 10BASE-T specification
  ● IEEE 802.3u 100BASE-TX specification
  ● IEEE 802.3ab 1000BASE-T specification
  ● IEEE 802.3z 1000BASE-X specification
  Could you please open a TAC case so that we check with BU on the same?

• Catalyst 2960 for my LAN WS-c2960-48TC-S vs WS-c2960-48TC-L

  Hello
  I want buy a Catalyst 2960 but i don't now which is great for my situation.
  Model : WS-c2960-48TC-S (LAN Lite - 400 euro) vs WS-c2960-48TC-L (LAN Base - 900 euro) the difference of price is half.
  I need 3 VLAN (2 VLANs with data  and other VLAN (3th only voice).All security options want applied on ports.(MAC,ACCESS..etc)
  Between switch and router will be a TRUNK channel...
  The network design parts: lan printers  - 4, desktop - 16, phone IP - 10.
  I have only ISP .
  So..what i need?      LAN Lite or LAN Base
  Another question: In LAN Lite i have all commands?
  thank's

  Q. What are the advantages of Cisco Catalyst 2960 Series Switches with the LAN Base software relative to Cisco Catalyst 2960 Series Switches with the LAN Lite software?
  A. Cisco Catalyst 2960 LAN Base switches deliver intelligent services for branch offices and wiring closets. The LAN Base IOS software supports enhanced Layer 2+ security, quality of service (QoS), availability, and scalable management to enable new converged applications. Catalyst 2960 LAN Base switches include both 10/100 Fast Ethernet and 10/100/1000 Gigabit Ethernet connectivity in 8-, 24-, and 48-port configurations.
  Cisco Catalyst 2960 LAN Lite switches are for entry-level branch office and wiring closet networks. They simplify the migration from nonintelligent hubs and unmanaged switches to a fully scalable and reliable network. The LAN Lite IOS software supports standard Layer 2 security, QoS, and availability while lowering the network total cost of ownership. Catalyst 2960 LAN Lite switches deliver 10/100 Fast Ethernet connectivity in 24- and 48-port configurations.
  All Cisco Catalyst 2960 Series Switches have technical support service options available through Cisco SMARTNet ® service. All come with a Limited Lifetime Hardware Warranty, and LAN Base and LAN Lite software updates are provided at no additional cost.
  Information came from the below link:
  http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-series-switches/prod_qas0900aecd80322c37.html
  Will all commands be available? No...if they were then what would be the point of having different software levels? Will the switch meet all basic to intermediate needs? Yes. If you are looking for a set of specific commands to see if they are available then check out the command reference tools available from Cisco.
  http://www.cisco.com/c/en/us/support/switches/catalyst-2960-series-switches/products-command-reference-list.html

• Catalyst 2960 - IBM/Cisco IGESM - Trunk port configuration

  Good day all!
  I am new in Cisco world and try to configure a trunk between a Catalyst 2960 switch and a IBM Blade Center IGESM switch (manifactured by Cisco).
  Unfortunately, it seems that the network traffic doesn't cross the trunk link.
  I have followed (at least, I think so) the instructions given on the different Cisco documentation papers but I can't find the mistake in my configuration (lack of experience :-( !).
  Both switches are using IOS. 2960 uses IOS 12.2(25)FX and IGESM uses IOS 12.2(22)EA8.
  The ports are connected through a cross-over cable Cat5e.
  Please find below the configuration for each ports:
  Catalyst 2960:
  Name: Gi0/1
  Switchport: Enabled
  Administrative Mode: trunk
  Operational Mode: trunk
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: dot1q
  Negotiation of Trunking: On
  Access Mode VLAN: 200 (Workstation VLAN)
  Trunking Native Mode VLAN: 200 (Workstation VLAN)
  Administrative Native VLAN tagging: enabled
  Voice VLAN: none
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk Native VLAN tagging: enabled
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk private VLANs: none
  Operational private-vlan: none
  Trunking VLANs Enabled: 1,99,200
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  Protected: false
  Unknown unicast blocked: disabled
  Unknown multicast blocked: disabled
  Appliance trust: none
  IBM/Cisco IGESM:
  Name: Gi0/20
  Switchport: Enabled
  Administrative Mode: trunk
  Operational Mode: trunk
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: dot1q
  Negotiation of Trunking: On
  Access Mode VLAN: 200 (Workstation VLAN)
  Trunking Native Mode VLAN: 200 (Workstation VLAN)
  Voice VLAN: none
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk private VLANs: none
  Operational private-vlan: none
  Trunking VLANs Enabled: 1,99,200
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  Protected: false
  Unknown unicast blocked: disabled
  Unknown multicast blocked: disabled
  Appliance trust: none
  For my test, I try to ping a blade (connected to IGESM) in VLAN 200 from a workstation connected to Catalyst 2960 (in VLAN 200 too). From a network anaylser (ethereal), I can see the ARP broadcast from each side but none are going across the trunk link.
  I am a bit lost about this problem and would be grateful for any assistance in solving it!
  Many, many thanks in advance for your time!
  Best regards,
  Fabian

  Hi Glen!
  Both switches (Catalyst 2960 & IGESM) are brand new and most ports are still reflecting manufacturer's default configuration. Vlan 2 is the default native vlan for IGESM ports (excluding ports used for switch management which use vlan 1 as most Cisco switches).
  I changed the native vlan for g0/5 on IGESM to 200. Now, ports g0/5 (access mode) and g0/20 (trunk mode) are on native vlan 200. On g0/5 is installed Windows 2003 instance (firewall disabled). The only purpose is to receive and send ping request to test connectivity.
  My workstation is connected to 2960 switch on port fa0/1 (please find the configuration below). I can successfully ping other vlan 200 machines connected on the same switch. For testing purpose, I try to ping the blade machine connected on port g0/5 on IGESM.
  Configuration of fa0/1:
  Name: Fa0/1
  Switchport: Enabled
  Administrative Mode: dynamic auto
  Operational Mode: static access
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: native
  Negotiation of Trunking: On
  Access Mode VLAN: 200 (Workstation VLAN)
  Trunking Native Mode VLAN: 200 (Workstation VLAN)
  Administrative Native VLAN tagging: enabled
  Voice VLAN: none
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk Native VLAN tagging: enabled
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk private VLANs: none
  Operational private-vlan: none
  Trunking VLANs Enabled: ALL
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  Protected: false
  Unknown unicast blocked: disabled
  Unknown multicast blocked: disabled
  Appliance trust: none
  Is there any other information I could provide to better help you to understand the configuration?
  Cheers!
  Fabian

• Dot1x guest VLAN on 2960G

  Hi,
  I have a 2960 sw configured for dot1x authentication, the problem is the Guest VLAN and Restricted VLAN didnot work. The switch port was stuck in authenticating status.
  The server is Juniper IC4500.
  Switch is 2960G, IOS 15.0(1)SE2
  the configuration:
  aaa new-model
  aaa authentication login default local
  aaa authentication dot1x default group radius
  aaa authorization exec default local
  aaa authorization network default group radius
  dot1x system-auth-control
  dot1x test timeout 30
  dot1x guest-vlan supplicant
  dot1x critical eapol
  interface FastEthernet0/32
  switchport access vlan 28
  switchport mode access
  authentication event fail action authorize vlan 41
  authentication event server dead action authorize vlan 41
  authentication event server dead action authorize voice
  authentication event no-response action authorize vlan 41
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab
  authentication port-control auto
  authentication timer reauthenticate 300
  authentication violation protect
  mab eap
  dot1x pae authenticator
  dot1x timeout quiet-period 5
  dot1x max-req 1
  dot1x max-reauth-req 1
  dot1x max-start 1
  spanning-tree portfast
  Anyone with experience on this pls help.
  Thanks,
  hoanghiep

  forgot to mention that multi-auth do not support actions on either no-response or fail authentication events. So you need to set host-mode to MDA or single host.
  Ref:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1454875

• HQ and Remote Wired Guest VLAN

  Hello all,
  I am having trouble to create a standard condition for Policy Authorization.  Basically there are HQ and remote locations configure for guest access.
  Each location has its own guest vlan.  On ISE the standard rule are:
  Standard Rule 1 if Unknown AND Wired_MAB then Guest_Access
  This rule is working good for HQ.
  Standard Rule 2 if (Unknown OR MTL_Devices) AND Wired_MAB_MTL_Guest then Montreal_Guest
  This rule is design for remote but Standard rule 1 is taking over because first match applied and since the OR condition may cause some problem
  with internal users since the condition is Unknown OR MTL_Devices.  There is no AND condition for this.
  Let me know if anyone has idea or have solved this problem.
  Thank you.

  Hi,
  You need to change the order of your rules, ISE uses the first matched rule from top to bottom, in your case the MTRL is matching the first rule since it is more open than the rule below which has the check for the network device.
  Please change the order and see if this fixes your issue, if this doesnt work, post a screenshot of your policies just to make sure we are on the same page.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Bandwidth monitoring on a Catalyst 2960

  Hello all, I'm working with two Catalyst 2960 switches and I would like to know if there is a way to monitor bandwidth on individual ports. Ideally I would like to have one graph showing a bandwidth usage reading on each port. I tried using the Network Assistant to accomplish this, but I was only able to view one port at a time. I also tried using a traffic graphing program from Paessler, but a MIB file is needed to allow the program to connect to the switch. When I ran a search on the network management page the 2960 was not on the list for MIB supported products. Is this type of graph possible to do? Or is there a more effective way to accomplish what I would like to do. Any ideas or suggestions would be helpful.

  Hi, we have just swapped all our avaya switches with catalyst 2960 (12, 24 and 48 ports) and 3750 (48 ports with 10gig module).
  How do I find what port I should monitor for bandwith graphs?
  Target[10.0.0.22_loc1]: 1:@10.0.0.22: