Linksys Gbic on Cisco switch
Hi, I would like to know if the linksys Gbic's like MGBLH1, MGBSX1 and MGBT1 will work on cisco switches like Catalyst 3750 or 2950? Or can cisco gbic's be used on linksys switches? Best regards, Rodrigo Catarino
According to Appendix Apecifications in the user guide for the MGBT1, MGBLH1 and MGBSX1, these modules are 'Compliant with Specifications of SFP Transceiver MSA Specification'.
I understand this to mean that it should be compatible with any 'regular' SFP/mini Gbic port? What basis do you have to say it will only work with a Linksys switch?
I am concerned about this as I am developing a product with SFP ports and am trying to get it to work with MGBT1 modules. If the modules are proprietary I obviously need to use different SFP transceivers!
Similar Messages
-
Linksys router with cisco switch
Hello everyone,
Just wondering if i can connect a cisco switch to my linksys router. Any info will be helpful. Thanks.Well, you should be more specific what info you need.
Your question is answered with: yes, you connect a cisco switch to a linksys router. You can connect pretty much any ethernet switch or hub to a linksys router.
Beyond that I don't know what you want to know and thus cannot really give you more info. -
"Genuine" SFP/GBIC's in Cisco switches
I've heard some rumbling that not all GBIC/SFP products will work in Cisco switches because they are not "genuine Cisco" and Cisco switches have some way of checking to make sure they are. I can't seem to get any search hits confirming this. Can anyone point me to a document that references this?
Searching for vendors of "genuine Cisco" SFP/GBIC products we've noticed amazing pricing disparity! Can anyone comment on their experiences in the marketplace.
Thanks for your help - SteveI've heard some rumbling that not all GBIC/SFP products will work in Cisco switches because they are not "genuine Cisco" and Cisco switches have some way of checking to make sure they are.
Starting with the 2960, 3560 & 3750, Cisco switches will interrogate the SFPs by computing the IDProm value. If the IDProm value of the SFP is incorrect, the port goes into error-disable.
I can't seem to get any search hits confirming this. Can anyone point me to a document that references this?
I won't post the command here but the command can be found in this forum. I have seen one guy approach the manufacturer of the SFP+ and he asked the manufacturer to reflash the SFP+ so it'll show up as Cisco. And it worked. -
Dear All,
Just a question, I have doubt whether Linksys Cisco switch 24 ports SLM2024 and Cisco SLM2024 both are same. Both are look wise and colors are different??
If both are same , are they supports for VLAN?? Can use them in a VLAN environment?? Can anyone tell me the SFP for multimode and single mode which will work with SLM2024, and SLM2048 switches??Just a question, I have doubt whether Linksys Cisco switch 24 ports SLM2024 and Cisco SLM2024 both are same. Both are look wise and colors are different??
Answer; Both are same:
I would like to inform you that Cisco SLM2024 24-port Gigabit Smart Switch - SFPs .. is EOS.
(http://www.cisco.com/c/en/us/products/switches/slm2024-24-port-gigabit-smart-switch-sfps/index.html)
2-2248 is also EOL/EOS:
http://www.cisco.com/c/en/us/products/switches/slm2048-48-port-gigabit-smart-switch-sfps/index.html
B)
If both are same , are they supports for VLAN?? Can use them in a VLAN environment?? Can anyone tell me the SFP for multimode and single mode which will work with SLM2024, and SLM2048 switches??
Answer:
Yes they support VLAN, You can refer the below link for connfiguring the same:
https://supportforums.cisco.com/discussion/11579161/slm-2024-vlan-config-help
Can anyone tell me the SFP for multimode and single mode which will work with SLM2024, and SLM2048 switches??
http://www.cisco.com/c/en/us/products/switches/slm2048-48-port-gigabit-smart-switch-sfps/index.html
HTH
Inayath
*Plz dont forget to rate the usefull posts. -
Collecting information from Cisco switchs using SNMP
Dear All,
I have a wide network with more than 250 sites connected using the DSL. the WAN devices are under the provider responsability and the LAN devices are directly in my responsability. In each site, I have :
1 or 2 Cisco switchs (2960 or 3560), connecting via fibr.
or
Linksys switch connected via ethernet cable
and
cisco 877 router connected to switch
cisco 881G router conected to switch
pc and printers
In order to improve the availibilty of our network, we lauch every day a script from local pc to test connectivity of LAN equipements :
ping to switchs (Vlan 1), ping to ip fa0/0 cisco router1, ip cisco router2, ping to HSRP address (of two router). the resulting ini file will be inserted in a database and exported to excel for analysing.
I'm asking if someone can help in order to implement SNMP and let me know the name of cisco MIB to implement to :
- to have from SNMP information, the result of show cdp nei, show interface status, show ip int brief,...
- to have if wan router LAN interface are up,connected
- others usefuls informations.
Thanks and regards,
AAHi,
the basic SNMP config for 2960 and 3560 is:
snmp-server community <> RO
The configuration for SNMP traps to get alerts from the device if there is for example a failure with a fan is:
snmp-server enable traps
snmp-server host <> <>
This enables all traps available with your IOS version. You can the disable not wanted traps by using the "no"-command like this.
Example for dot1x traps:
no snmp-server enable traps dot1x
With a snmp client you can then do a snmpwalk (or snmp get) without a specific OID to get all the SNMP information from the device:
On a Linux server the following command should work:
snmpwalk -v 2c -c <> -T <>
-v = use SNMP version 2c
-c = use the community string you configured on the device
-T = output in the dotted decimal format
But be careful, this will be a lot of data output.
Here you will find a docu for configuring SNMP on a Cisco device:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf014.html
Sven -
Hi All,
I am having issue specifally doing QOS configuration on 6503 or 6524 or 6509 switches. I am unable to match any EF(voice) traffic for eompls(vlan based) on 6503 cisco switch. If i use any other router as 2811 or 2821 my QOS configuration works perfect but if i put 6503 as PE2 it does not work.i am using vlan based eompls.
Below is the scenario & configuration which i am having issue.
CE1(2821 router)(dot1Q)--------->PE1(2821 router)------->P(6524 switch)-------->PE2(6503 switch)------->(dot1Q)(2821 switch)CE2.
On CE1 i can match ip-precedence 5 traffic and mark that traffic to cos5 on outbound port.On PE1 i can match cos5 packet and mark with mpls exp top5 on inbound port, on outbound port i can match mpls exp 5.
On PE2(6503) i am unable to match that mpls exp5 packet on inbound port. none of the configuration worked on 6500 series switches with mls qos, ,mls qos trust dscp,mls qos trust cos etc. Although i can match cos5 traffic on CE2 on inbound interface.i can not match mpls exp 5 traffic on 6503 and all i can see traffic as default-class on 6503 switch. I tried many things and many configurations on 6503 but nothing worked.If i put 2821 router as PE2 instead of 6503 my qos configuration works. but why if i put 6503 my same qos configuration does not work?
---match means=classification or classify
Can anyone tell me how qos works on 6500 series switches or where i am having issue in my scenario.
i am using this ios on 6503: s72033-advipservicesk9_wan-mz.122-33.SXI3.bin.
below r my questions for 6503 qos:
1.do i need to use some other map tables,am i using correct map tables on 6503 as cos-dscp,dscp-cos,exp-dscp etc.
2.any other configutaion of qos needed on 6503?
3.i am unable to match anything on outbound port of 6503.
4.on 6503 i am using sup720 and PFC3BXL.any specific configuration needed for PFC3bxl.
5. 6503 not allowing me to match qos-group on inbound interface, not allowing me to set cos5 on outbound interface. not allowing me to set cos5 as an inbound interface.
CE1(2821) config:
class-map match-any EF
match ip precedence 5
class-map match-any data
match ip precedence 3
policy-map ip2mpls
class EF
set cos 5
class data
set cos 3
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.455
encapsulation dot1Q 455
ip address 172.16.15.1 255.255.255.252
service-policy output EF
PE1(2821) config:
mls qos map cos-dscp 0 8 16 24 32 40 48 56
class-map match-all exp_3
match mpls experimental topmost 3
class-map match-all mpls_exp
match mpls experimental topmost 5
class-map match-any cos3
match cos 3
class-map match-any LOO1
match cos 5
policy-map EF
class LOO1
set mpls experimental imposition 5
class cos3
set mpls experimental imposition 3
policy-map QOS_G_5
class mpls_exp
priority
class exp_3
bandwidth 500
interface Loopback0
ip address 3.3.3.3 255.255.255.255
interface FastEthernet0/0
ip address 192.168.23.2 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
mpls ip
service-policy output QOS_G_5
interface FastEthernet0/1.455
encapsulation dot1Q 455
xconnect 5.5.5.5 455 encapsulation mpls
service-policy input EF
PE2(6503 qos):
R1#show module
Mod Ports Card Type Model Serial No.
1 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL09401U2L
2 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL114247YN
3 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC SAL0712AM69
4 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAL10019J4N
5 2 Supervisor Engine 720 (Hot) WS-SUP720-3BXL SAD102805VM
6 2 Supervisor Engine 720 (Active) WS-SUP720-BASE SAD0846060F
Mod Sub-Module Model Serial Hw Status
1 Distributed Forwarding Card WS-F6700-DFC3BXL SAD102504EF 5.3 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAD111300PD 3.1 Ok
4 Centralized Forwarding Card WS-F6700-CFC SAL1004BQ2A 2.0 Ok
5 Policy Feature Card 3 WS-F6K-PFC3BXL SAD10270189 1.8 Ok
5 MSFC3 Daughterboard WS-SUP720 SAD102801G5 2.5 Ok
6 Policy Feature Card 3 WS-F6K-PFC3BXL SAL1415FE95 1.11 Ok
6 MSFC3 Daughterboard WS-SUP720 SAD08440794 2.4 Ok
R1#show mls qos maps
Normal Burst Policed-dscp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 01 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 01 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Maximum Burst Policed-dscp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Dscp-cos map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Dscp-exp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
dscp: 0 10 18 24 34 46 48 56
IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56
Exp-dscp map:
exp: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56
mls netflow interface
mls qos map cos-dscp 0 10 18 24 34 46 48 56
mls qos
class-map match-all exp_3
match mpls experimental topmost 3
class-map match-all EXP_5
match mpls experimental topmost 5
class-map match-all QOS_GROUP_5
match qos-group 5
class-map match-all prec5
match ip precedence 5
class-map match-all cos5
match cos 5
policy-map mpls2ip
class QOS_GROUP_5
set cos 5
policy-map IN_FROM_R3
class EXP_5
set qos-group 5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
interface GigabitEthernet2/2
mls qos trust cos
or <------------ (tried both individually but none worked)
mls qos trust dscp
interface GigabitEthernet2/2.455
encapsulation dot1Q 455
xconnect 3.3.3.3 455 encapsulation mpls
service-policy output mpls2ip
interface GigabitEthernet2/1
ip address 192.168.34.4 255.255.255.0
ip ospf network point-to-point
mls qos trust cos
or <------------ (tried both individually but none worked)
mls qos trust dscp
mpls ip
service-policy input IN_FROM_R4
Thanks & regards,
Ahsan RasheedHi All,.
I am still having issue on 6503 or 6524 Cisco Switch.
" Can any one give me any sample of 6524 or 6503 QOS working configuration, i would be really thankful "
As i have mentioned in my prevoius post of configuration of 6503. I am unable to match mpls exp 5 packet on 6503. My qos configuration on PE1(2811 router) is working perfectly. I am unable to classify mpls ex5 or mpls exp3 on 6503 switch. Am i missing something on configuration?
PE2 config:"6503 switch"
class-map match-all mpls_exp
match mpls experimental topmost 5
policy-map EF
class mpls_exp
R!#mls qos
int Gi2/4
service-policy input EF
mls qos trust cos
dscp: 0 10 18 24 34 46 48 56
Exp-dscp map:
exp: 0 1 2 3 4 5 6 7
dscp: 0 10 18 24 34 46 48 56
Thanks,
Ahsan Rasheed -
Add Cisco Switch into a configuration
I have a Dell 6248 switch with three VLANS defined (1,2,10).
I need to expand VLAN 10 (need more ports) on the Dell Switch.
I have downloaded the Cisco CNA.
In the attached screen of the CNA, am I on the correct display to create a new VLAN 10 ?
What is the best way to connect the Dell Switch to the Cisco?
thanksYes, so far 21-24 are in VLAN 10, but I will need to set a few more .
This is bit more complicated.
What I am looking at an old test and dev virtual infrastructure configuration that was set up with a 1GB Linksys Switch and a Dell 6248 Switch.
The reason given for the Linksys in the config is it was the only 1GB switch available at the time when the SAN had to be installed and there were no more available ports on the 6248. Running Dell Dpack reports show latency issues when migrating from an EqualLogic Volume to a MD3200 volume and from the MD3200 to Md3200 volumes (on the order of 30-45 minutes for a 20GB VM). Migrating from EqualLogic volumes to EqualLogic volumes is in seconds.
I think the Linksys is the issue as does our Dell reps. We are looking at replacing the Linksys with a Cisco or another L2/L3.
SAN traffic is isolated to VLAN 10 on the Dell Switch. I want to set up a VLAN 10 on the Cisco switch and then want to connect the Md3200 to the Cisco which will be connected to VLAN 10 on the Dell Switch for access to an EqualLogic SAN. I am not sure what will be involved.
Is it as simple as what you are saying,, I config the VLAN10 on the Cisco switch and connect a port from the Cisco to VLAN 10 on the Dell Switch.. .
I have a diagram attached,,,it needs some updates but it is close to the config. -
How should I configure the smartport on a catalyst express 500 switch if I am connecting a non-cisco switch like a small linksys. I dont think I can make the smartport a switch because it tries to trunk?? right??
And if I leave it as a PC it complains abouting having to many devices connected to it.
Would having it configured as something like an access point work??Now, I noticed something very odd, I kept the switch option selected on the port on the ce 500 that the linksys was plugged in to and the devices plugged in downstream behind the linksys all kept the correct VLAN assignment. Phones were in the voice vlan and PC's were in the data vlan. Does not really make sense to me how this is working??
-
SFP (Cisco GLC-SX-MM) unknown in cisco switch 2960s
I have cisco switch WS-C2960S-24TS-S with IOS 12.2(55)SE8 C2960S-UNIVERSALK9-M when I connect the SFP Cisco GLC-SX-MM to the interface the switch does not know it .
Switch#sh interfaces gig0/25 status
Port Name Status Vlan Duplex Speed Type
Gi0/25 err-disabled 1 auto auto unknownSwitch(config)#int gigabitEthernet 0/25
Switch(config-if)#sho
Switch(config-if)#shu
Switch(config-if)#shutdown
Switch(config-if)#do sh
*Mar 1 00:08:10.481: %LINK-5-CHANGED: Interface GigabitEthernet0/25, changed state to administratively down ip int br
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES unset up up
FastEthernet0 unassigned YES unset down down
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down
GigabitEthernet0/3 unassigned YES unset down down
GigabitEthernet0/4 unassigned YES unset down down
GigabitEthernet0/5 unassigned YES unset down down
GigabitEthernet0/6 unassigned YES unset down down
GigabitEthernet0/7 unassigned YES unset down down
GigabitEthernet0/8 unassigned YES unset down down
GigabitEthernet0/9 unassigned YES unset down down
GigabitEthernet0/10 unassigned YES unset down down
GigabitEthernet0/11 unassigned YES unset down down
GigabitEthernet0/12 unassigned YES unset down down
GigabitEthernet0/13 unassigned YES unset down down
GigabitEthernet0/14 unassigned YES unset down down
GigabitEthernet0/15 unassigned YES unset down down
GigabitEthernet0/16 unassigned YES unset down down
GigabitEthernet0/17 unassigned YES unset down down
GigabitEthernet0/18 unassigned YES unset down down
GigabitEthernet0/19 unassigned YES unset down down
GigabitEthernet0/20 unassigned YES unset down down
GigabitEthernet0/21 unassigned YES unset down down
GigabitEthernet0/22 unassigned YES unset down down
GigabitEthernet0/23 unassigned YES unset down down
GigabitEthernet0/24 unassigned YES unset up up
GigabitEthernet0/25 unassigned YES unset administratively down down
GigabitEthernet0/26 unassigned YES unset down down
Switch(config-if)#no shut
Switch(config-if)#
*Mar 1 00:08:30.326: %LINK-3-UPDOWN: Interface GigabitEthernet0/25, changed state to down
Switch(config-if)#
Switch#show ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES unset up down
FastEthernet0 unassigned YES unset down down
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down
GigabitEthernet0/3 unassigned YES unset down down
GigabitEthernet0/4 unassigned YES unset down down
GigabitEthernet0/5 unassigned YES unset down down
GigabitEthernet0/6 unassigned YES unset down down
GigabitEthernet0/7 unassigned YES unset down down
GigabitEthernet0/8 unassigned YES unset down down
GigabitEthernet0/9 unassigned YES unset down down
GigabitEthernet0/10 unassigned YES unset down down
GigabitEthernet0/11 unassigned YES unset down down
GigabitEthernet0/12 unassigned YES unset down down
GigabitEthernet0/13 unassigned YES unset down down
GigabitEthernet0/14 unassigned YES unset down down
GigabitEthernet0/15 unassigned YES unset down down
GigabitEthernet0/16 unassigned YES unset down down
GigabitEthernet0/17 unassigned YES unset down down
GigabitEthernet0/18 unassigned YES unset down down
GigabitEthernet0/19 unassigned YES unset down down
GigabitEthernet0/20 unassigned YES unset down down
GigabitEthernet0/21 unassigned YES unset down down
GigabitEthernet0/22 unassigned YES unset down down
GigabitEthernet0/23 unassigned YES unset down down
GigabitEthernet0/24 unassigned YES unset down down
GigabitEthernet0/25 unassigned YES unset down down
GigabitEthernet0/26 unassigned YES unset down down
Switch#
Mar 1 00:07:55.508: %GBIC_SECURITY_CRYPT-4-VN_DATA_CRC_ERROR: GBIC in port Gi0/25 has bad crc
*Mar 1 00:07:55.508: %PM-4-ERR_DISABLE: gbic-invalid error detected on Gi0/25, putting Gi0/25 in err-disable state
*Mar 1 00:08:24.003: %GBIC_SECURITY_CRYPT-4-VN_DATA_CRC_ERROR: GBIC in port Gi0/25 has bad crc
*Mar 1 00:08:39.144: %GBIC_SECURITY_CRYPT-4-VN_DATA_CRC_ERROR: GBIC in port Gi0/25 has bad crc
Mar 1 00:24:18.611: %GBIC_SECURITY_CRYPT-4-VN_DATA_CRC_ERROR: GBIC in port Gi0/25 has bad crc
*Mar 1 00:24:18.611: %PHY-4-UNSUPPORTED_TRANSCEIVER: Unsupported transceiver found in Gi0/25 -
Linksys SRW 224G4, Cisco Catalyst 3650G and management via trunk
I have couple of Linksys SRW 224G4 and SRW 2024 connected together with Cisco C3650 switches. For my part of network VLAN100 is used as administrative vlan and VLAN1 as defult (on trunks or unused ports).
Altrough most of switches work fine, on all older models of SRW224G4 (hw 1.0, various firmware versions) there is no connectivity to management utilities (also ping won't work) via trunk (where of course VLAN100 is present). At the same time there is no problem with access on "local" ports (assigned to VLAN100) and there are no problems with traffic on VLAN 100 along the network.
For example:
Two computers (A and B), two switches (sw1 - old SRW224G4 and sw2 - Cisco switch), are connected as follow:
A--VLAN100--sw1--TRUNK--sw2--VLAN100--B
Swicthes have VLAN100 as management VLAN, computers are connected to access ports (untagged).
A has access to management on sw1 and sw2 and connectivity with B
B has access to management on sw2 and connectivity with B but has no access to management on sw1...
If sw1 and sw2 are same, old SRW224G4 - everything works fine.
Newer versions of SRW224G4, SRW2024 and SLM2024 works OK.
Why it doesn't work?
Thank for your attention.I don’t thing there is difference with the old and new versions of the SRW224G4 unless there is a reported case of firmware problem with the said switch. As what you have said you also tested the new version of SRW224G4 and other models of these manage switches and seemed to work. I suggest totally resetting the said switch, making sure you updated the latest firmware version and making the necessary VLAN configurations.
Other than these, I suggest contacting Cisco Tech support to further look into your concern. I believe this unit belongs to the business series devices that Cisco is now supporting. Try to go to this link for the other business series devices and the site where you can get hold of Cisco for support:
http://www.cisco.com/web/products/linksys/index.html -
Windows 7 LLDP and Cisco Switches
Does Windows 7 support IEEE LLDP (not to be confused with MS LLTP). We have LLDP enabled on are Cisco Switches and want to be able to see are what ports the Windows 7 devices are connected to. Using the Cisco Show LLDP neighbors.
Hi,
I suggest you refer to the following article in MSDN blog:
Link Layer Topology Discovery Protocol Specification
http://msdn.microsoft.com/en-us/library/windows/hardware/gg463061.aspx
Thanks,
Vincent Wang
TechNet Community Support -
Rrack mounting brackets for Cisco switch SF300-48P ?
Does anyone know how to get rack mounting brackets for Cisco switch SF300-48P ?
You might be able to get them through Cisco support. Check this thread: https://supportforums.cisco.com/discussion/11201291/sf-300-series-rack-mount-brackets
-
Has anyone develped an EM plug-in for Cisco switches or routers
Folks,
Has anyone develped an EM plug-in for Cisco switches or routers? Please reply to this thread if you have developed one and would like to share your experience in developing this plug-in?
Thanks,It's probably not the conversion from CMYK to RGB that's causing the problem, but color profile (ICC) embedding in Photoshop. Fireworks doesn't read color profiles. You might be able to create an action to remove the color profile in Photoshop and then batch process the images with it.
-
NPS Discarding RADIUS request from Cisco switch (802.1x)
Last few weeks I've been busy to get the following to work:
- Cisco 2960 switch as the suppliant
- Another Cisco 2960 as the authenticator switch
- The supplicant is only able to send MS-EAP MS-ChapV2 requests
- The NPS server is Windows 2008 R2 (and also tested on 2012 R2)
This is called "NEAT" by Cisco; which does seem to work with Cisco ISE (http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116681-config-neat-cise-00.html)
but I'd like to get it to work with Windows NPS.
Within NPS I've setup the following Connection Request policy:
- NAS Port Type: Ethernet
I'm using the following Network Policy:
- User Group: DOMAIN\Switches (the useraccount used by the switch is part of this group)
- NAS Port Type: Ethernet
- Autehntcation Type: EAP
Now the request sent by the switch is discarded. The actual error is the following (excluded irrelevant information):
User:
Account Name: Rotterdam-Switch-8-1
Account Domain: DOMAIN
Authentication Details:
Connection Request Policy Name: Secure Wired Connections
Network Policy Name: Switches Allowed
Authentication Provider: Windows
Authentication Server: SERVER.DOMAIN.local
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Reason Code: 1
Reason: An internal error occurred. Check the system event log for additional information.
Wireshark on the NPS server shows:
1. The RADIUS Access-Request (1) being received by the NPS Server
2. The NPS Server sending out a RADIUS Access-Challenge (11) to the authenticator switch
3. Another RADIUS Access-Request (1) is beging received by the NPS Server
Packet 2 has an t=EAP-Message(79) with type MS-EAP-Authentication [Palekar](26) and MS-CHAPv2-ID set to 2 and OpCode 1 (Challange)
Packet 3 has an t=EAP-Message(79) with type MS-EAP-Authentication [Palekar](26) and MS-CHAPv2-ID set to 2 and OpCode 2 (Response)
I've also tried the following:
- I've also tested with an invalid username/password. The request is correctly denied
- I've also tested by added ALL EAP Types as condition to the Network Policy. The request isn't pickup by this policy anymore.
Any help would be greatly appriciated ofcourse.
Kind regards,
PeterIt only took like.. uhm.. forever.. but there's an answer which is "OK ish..".
Cisco 2960 switches support EAP-MSCHAP; but it seems that NPS only supports EAP-MSCHAP for VPN Connections and not for Wired/Wirelss authentication. Something to do with inner and outer methods and NPS requireing PEAP as an outer method for Wired/Wirelss
authentication.
End result is that both the Cisco switches and NPS do support EAP-MD5. Though it's definitly not as secure (at all), it's definitly a step in the right direction and it's something that we'll be implementing.
Now it seems that NPS doesn't support EAP-MD5 (which is supposidly depricated), it's possible to re-enable it. Using the following articles.
http://support.microsoft.com/kb/922574/en-us
Microsft mentioned me that "Though this article says it applies to Windows Vista only, it does apply to Server 2008R2 as well. Also I would suggest you the following link:
http://support.microsoft.com/kb/981190"
Please note that you'll have to enable 'Store password using reversible encryption’ on the accounts that will be used for NEAT authentication.
All though I would have hoped EAP-MSCHAPv2 would work, I feel I do need to clarify that I understand Microsoft's point of view on this as well. They feel EAP methods without PEAP are simply not safe; which is understandable, espcially for EAP-MD5 which
could be sniffer using a hub/repeater/etc.
Kind regards,
Peter -
DACL does not get downloaded to Cisco Switch from ISE
Hello,
I have a cisco switch with ios: c3550-ipbasek9-mz.122-44.SE6.bin
I am trying to push dACL fro my ISE device into the switch, but it is not getting applied to switch. dynamic vlan assignment workds fine, but dACL doesnot apply
Any instruction plz?Hi Jatin,
ISE is properly configured for dACL, i think there is some compatibility issue on cisco switch ios.
following is the debug output>>
06:36:43: dot1x-packet:Received an EAP packet on interface FastEthernet0/11
06:36:43: EAPOL pak dump rx
06:36:43: EAPOL Version: 0x1 type: 0x0 length: 0x0006
06:36:43: dot1x-packet:Received an EAP packet on the FastEthernet0/11 from mac 0019.b981.e812
06:36:43: dot1x-sm:Posting EAPOL_EAP on Client=1D68028
06:36:43: dot1x_auth_bend Fa0/11: during state auth_bend_request, got event 6(eapolEap)
06:36:43: @@@ dot1x_auth_bend Fa0/11: auth_bend_request -> auth_bend_response
06:36:43: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_enter called
06:36:43: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0019.b981.e812
06:36:43: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_request_response_action called
06:36:43: RADIUS/ENCODE(00000049):Orig. component type = DOT1X
06:36:43: RADIUS(00000049): Config NAS IP: 192.168.2.250
06:36:43: RADIUS/ENCODE(00000049): acct_session_id: 73
06:36:43: RADIUS(00000049): sending
06:36:43: RADIUS(00000049): Send Access-Request to 192.168.2.231:1812 id 1645/99, len 267
06:36:43: RADIUS: authenticator 5B 61 1D 64 D3 D5 9F AD - 23 E0 11 11 B3 C3 5C 81
06:36:43: RADIUS: User-Name [1] 6 "test"
06:36:43: RADIUS: Service-Type [6] 6 Framed [2]
06:36:43: RADIUS: Framed-MTU [12] 6 1500
06:36:43: RADIUS: Called-Station-Id [30] 19 "00-11-5C-6E-5E-0B"
06:36:43: RADIUS: Calling-Station-Id [31] 19 "00-19-B9-81-E8-12"
06:36:43: RADIUS: EAP-Message [79] 8
06:36:43: RADIUS: 02 7A 00 06 0D 00 [ z]
06:36:43: RADIUS: Message-Authenticato[80] 18
06:36:43: RADIUS: A6 AB 5A CA ED B8 B4 1E 36 00 9D AB 1A F6 B9 E0 [ Z6]
06:36:43: RADIUS: Vendor, Cisco [26] 49
06:36:43: RADIUS: Cisco AVpair [1] 43 "audit-session-id=C0A802FA0000006F016B36D8"
06:36:43: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
06:36:43: RADIUS: NAS-Port [5] 6 50011
06:36:43: RADIUS: NAS-Port-Id [87] 18 "FastEthernet0/11"
06:36:43: RADIUS: State [24] 80
06:36:43: RADIUS: 33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43 [37CPMSessionID=C]
06:36:43: RADIUS: 30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30 [0A802FA0000006F0]
06:36:43: RADIUS: 31 36 42 33 36 44 38 3B 33 35 53 65 73 73 69 6F [16B36D8;35Sessio]
06:36:43: RADIUS: 6E 49 44 3D 69 73 65 2D 73 65 72 76 65 72 2D 31 [nID=ise-server-1]
06:36:43: RADIUS: 2F 31 37 31 30 32 35 39 38 38 2F 32 34 3B [ /171025988/24;]
06:36:43: RADIUS: NAS-IP-Address [4] 6 192.168.2.250
06:36:43: %LINK-3-UPDOWN: Interface FastEthernet0/11, changed state to up
06:36:43: RADIUS: Received from id 1645/99 192.168.2.231:1812, Access-Challenge, len 1134
06:36:43: RADIUS: authenticator 78 36 A3 38 30 1C F0 7A - 19 83 93 81 B4 6B FF 9E
06:36:43: RADIUS: State [24] 80
06:36:43: RADIUS: 33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43 [37CPMSessionID=C]
06:36:43: RADIUS: 30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30 [0A802FA0000006F0]
06:36:43: RADIUS: 31 36 42 33 36 44 38 3B 33 35 53 65 73 73 69 6F [16B36D8;35Sessio]
06:36:43: RADIUS: 6E 49 44 3D 69 73 65 2D 73 65 72 76 65 72 2D 31 [nID=ise-server-1]
06:36:43: RADIUS: 2F 31 37 31 30 32 35 39 38 38 2F 32 34 3B [ /171025988/24;]
06:36:43: RADIUS: EAP-Message [79] 255
06:36:43: RADIUS: 4D 5D 13 47 FC 46 16 EE 62 76 40 09 77 48 31 B6 01 6B 5E 52 33 56 A2 1E 34 [M]GFbv@wH1k^R3V4]
06:36:43: RADIUS: 02 32 39 FA 4D CA 79 18 4A 42 A2 4E 5C BD AE 29 D2 3D D1 5A FC C2 ED 3E E5 FB C6 B8 D8 DE A8 75 EB 3A A5 7D 02 03 01 00 01 A3 81 CD 30 [29MyJBN\)=Z>u:}0]
06:36:43: RADIUS: 81 CA 30 0B 06 03 55 1D 0F 04 04 03 02 01 86 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 14 C4 56 80 A7 C9 18 50 92 EE CC 91 D4 E1 EC DB AD E7 1E 70 A8 30 79 06 03 55 1D 1F 04 72 30 70 [0U0U00UVPp0yUr0p]
06:36:43: RADIUS: 30 6E A0 6C A0 6A 86 32 68 74 74 70 3A 2F 2F 73 79 73 6C [0nlj2http://sysl]
06:36:43: RADIUS: 6F 67 2D 73 65 72 76 65 72 2F 43 65 72 74 45 6E [og-server/CertEn]
06:36:43: RADIUS: 72 6F 6C 6C 2F 46 4D 46 42 5F 54 72 75 73 74 65 [roll/FMFB_Truste]
06:36:43: RADIUS: 64 43 41 2E 63 72 6C 86 34 66 69 6C 65 3A 2F 2F 5C [dCA.crl4file://\]
06:36:43: RADIUS: 5C 73 79 73 6C 6F 67 2D 73 65 72 76 65 72 5C 43 [\syslog-server\C]
06:36:43: RADIUS: 65 72 74 45 6E 72 6F 6C 6C 5C 46 4D 46 42 5F 54 [ertEnroll\FMFB_T]
06:36:43: RADIUS: 72 75 73 74 65 64 43 41 2E [ rustedCA.]
06:36:43: RADIUS: EAP-Message [79] 251
06:36:43: RADIUS: 63 72 6C 30 10 06 09 2B 06 01 04 01 82 37 15 01 04 03 02 01 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 63 BA F8 CE D5 8B 0E 94 77 AE 86 6C 37 AB 2F 36 9A B2 85 D5 4A [crl0+70*Hcwl7/6J]
06:36:43: RADIUS: 74 8C 33 F5 93 06 A6 57 8D 39 56 8F 02 08 97 CB C6 08 70 8C 22 1E 5D 1F A8 26 6D 60 1F 05 62 D1 24 AB 03 8C 41 F8 1C F1 F8 C2 87 8B 97 02 71 FC 6A [t3W9Vp"]&m`b$Aqj]
06:36:43: RADIUS: EB 12 FC DD 8C 5C 9C 2D AF D2 C4 1C 18 1B 40 BE 78 B0 54 55 59 89 03 1B B7 FB 91 85 EE CA C0 18 1C 78 5D 4D BA FA 9E 44 D3 45 53 A3 BE 46 8A FB 81 BD F1 4C B3 3B [\-@xTUYx]MDESFL;]
06:36:43: RADIUS: D6 66 7E 5B 79 9F 83 53 5E 49 92 B5 7F E5 1A E2 86 8C 83 96 7D 75 A5 1D 08 4E 32 C3 5E EC BF 28 53 EC 53 8A C3 E0 36 [f~[yS^I}uN2^(SS6]
06:36:43: RADIUS: 82 EE AA 0D 38 3E BA 9C 1D D9 24 BD 48 A6 EE 44 BD 95 68 85 CA 8C 44 F8 E8 A2 FB 94 BC 6F 7C F2 06 91 6C A0 A6 BB 7B 7F 56 BD 15 32 A4 [ 8>$HDhDo|l{V2]
06:36:43: RADIUS: Message-Authenticato[80] 18
06:36:43: RADIUS: DD 82 F7 10 3F C7 B5 62 9B 2A BB 24 16 A7 59 33 [ ?b*$Y3]
06:36:44: RADIUS(00000049): Received from id 1645/99
06:36:44: RADIUS/DECODE: EAP-Message fragments, 253+253+253+249, total 1008 bytes
06:36:44: dot1x-packet:Received an EAP request packet from EAP for mac 0019.b981.e812
06:36:44: dot1x-sm:Posting EAP_REQ on Client=1D68028
06:36:44: dot1x_auth_bend Fa0/11: during state auth_bend_response, got event 7(eapReq)
06:36:44: @@@ dot1x_auth_bend Fa0/11: auth_bend_response -> auth_bend_request
06:36:44: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_exit called
06:36:44: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_request_enter called
06:36:44: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x7B length: 0x03F0 type: 0xD data: @Cfui[ab2,Jt1){ 2]g&GZ1pIbu;+Ga;iF"jy#
oohuV.aFZ4_|
P0`At )B
06:36:44: dot1x-ev:FastEthernet0/11:Sending EAPOL packet to group PAE address
06:36:44: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
06:36:44: RADIUS: Message-Authenticato[80] 18
06:36:44: RADIUS: F5 B0 56 D3 C6 87 BD 10 6E C7 4A 72 5B 5C 60 C5 [ VnJr[\`]
06:36:44: RADIUS: Vendor, Cisco [26] 49
06:36:44: RADIUS: Cisco AVpair [1] 43 "audit-session-id=C0A802FA0000006F016B36D8"
06:36:44: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
06:36:44: RADIUS: NAS-Port [5] 6 50011
06:36:44: RADIUS: NAS-Port-Id [87] 18 "FastEthernet0/11"
06:36:44: RADIUS: State [24] 80
06:36:44: RADIUS: 33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43 [37CPMSessionID=C]
06:36:44: RADIUS: 30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30 [0A802FA0000006F0]
06:36:45: dot1x-ev:FastEthernet0/11:Sending EAPOL packet to group PAE address
06:36:45: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
06:36:45: dot1x-registry:registry:dot1x_ether_macaddr called
06:36:45: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/11
06:36:45: EAPOL pak dump Tx
06:36:45: EAPOL Version: 0x2 type: 0x0 length: 0x0039
06:36:45: EAP code: 0x1 id: 0x7E length: 0x0039 type: 0xD
06:36:45: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (0019.b981.e812)
06:36:45: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_request_action called
06:36:46: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
06:36:46: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
06:36:46: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
06:36:46: EAPOL pak dump rx
06:36:46: EAPOL Version: 0x1 type: 0x0 length: 0x0006
06:36:46: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/11 CODE= 2,TYPE= 13,LEN= 6
06:36:46: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/11
06:36:46: dot1x-ev:Received pkt saddr =0019.b981.e812 , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.0006
06:36:46: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port Fa0/11 is TRUE
Maybe you are looking for
-
I have installed Win 7 professional on hp touchsmart 320-1030 with an OEM DVD to overwrite Win 7 premium preinstalled from factory. I want to reboot the machine with the same DVD after completing the installation, to test for possibility of reimage
-
Adobe photoshop album 2.0: sending photos to a folder
I previously used adobe photo deluxe but lost it due to virus. The disc is no longer available to reinstall so I am trying out photoshop album 2.0 to replace. I have windows me. I normally ftp photos from a folder to my remote site for Ebay. My quest
-
TS3274 Video and music won't play
I can't get the video's online or in my gallery to play. Same with any music, like Pandora Radio. I can't seem to find any online support for this issue. Can anyone help?
-
slow mini mac
-
One save for multiple portlets in a page.
Hi, I have 3 portlets in 1 page. All the portlets are having individual "Save" button to save some information in individual portlets. I need to create a new "Save" button which does the work of all these 3 Save buttons in one shot. Basically my new