MACsec on Cat 3750G switches (switch to host)

Dear All,
We are trying to enable Macsec (switch to host) on switchports but couldn't find following commands. We are running 15.0(2)se4 IPBASE image.
Switch(config-if)#macsec 
Switch(config-if)#mka policy xx
Both the above commands are not available. I was able to create the MKA policy on the switch in the global configuration mode.
As per below guide MACsec is supported on IPBase images, dont know why above commands are not there.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg/swmacsec.pdf
Regards,
Akhtar

The guide you are citing speaks to MACsec support on the 3750-X and 3560-X.
Your older 3750-G switch does not support MACsec due to hardware limitations. Please refer to the table on page 6 of the Trustsec Platform Support matrix. 

Similar Messages

  • MACSEC switch to host not working

    Hello,
    I am trying to implement macsec only for switch to host segment. I am following below document but still the user is not able to connect.
    http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/117277-config-anyconnect-00.html
    The only difference in the topology is below, i have two switches.
    Host<-------macsec------->Switch---->Switch---->ISE
    The host is repeatedly getting username/password prompts.
    Regards,
    Akhtar

    Do share the configuration policy and log detials

  • 1130AG Access Point PoE Problem with Cat 3750G-24PS-E switch

    I am having a problem on the PoE negotiation of Catalyst 3750G-24PS-E and 1130AG Access point. I used straight and cross cable for physical connection since by default the auto mdix per port of the switch is enabled/on. I used CLI, CNA and Web Device Manager on both devices to isolate and troubleshoot the problem but still the PoE negotiation on both devices won't work out. But when I used the access point into other switch (CE500 PoE Switch), the access point is working properly. Does anyone can help me to distinguish what the problem really is? The IOS Version of 3750G switch is 12.2(25) SEE2 and the 1130AG access point IOS Version is 12.3(8)JEA.

    Hi Rob,
    Thanks for your reply. Yes, I tried shut/no shut on the switchport many times. I saw that the switch grant power inline on the port but the port still can't/won't provide any power to boot up the access point.
    Thanks,
    Nelmar

  • Ensure HA for servers on stacked Cisco 3750g Switches?

    Please bear with me. I'm fairly new to the sys admin world. Though I have a grasp on Cisco Switch technology, the grasp is certainly not solid. I've been tasked by my IT director with finding a device-level redundancy plan for our critical systems. We have four stacked 3750g switches. How would I setup the technology so if the switch with the servers connected were to fail, the downtime would be minimized? Should I deploy a RPS2300? What about the supervisor engine? From what I understand, the supervisor engine is virtual when using stacked 3750s. Is server NIC teaming neceassary? Does the LACP protocol need to be considered? As you can see, I've got a lot of catching up to do. Ultimately, I need guidance so I'm not this plan in the wrong direction by confusing appropriate technologies.
    Thanks in advance.

    Disclaimer
    The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
    Liability Disclaimer
    In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
    Posting
    You've already correctly identified some methods for HA with 3750s.
    As you note, the stack provides "supervisor" redundancy, i.e. if stack master fails, another stack member will take over.  One thing to watch for, if your stack master is running IP Services, you'll want at least one other stack member to have that IOS installed (and licensed).
    Regarding hosts, ideally if they support Etherchannel/Portchannel to the stack, you can have critical hosts connected to two different stack members, so if one path fails, connectivity isn't lost to the host.  For hosts that don't support that, or are not critical, you might have some "spare" VLAN ports in other stack members.  I.e. if a stack member fails, manually repatch such hosts to another stack member port.  (If fact, ideally, you might have one additional stack member already in the stack, so for such single connected hosts, downtime is the time it takes to repatch [then you work about replacing the failed stack member].)
    On the power issue, the RPS would allow usage of a secondary power circuit and it also covers, I believe, failure of a stack member's A/C power supply (those don't fail too often, and if it does on a 3750G, you might need to replace the whole unit[?]).  However, the RPS doesn't handle loss of A/C power on both paths (and when it takes over, I also recall, you need to reload the stack to revert off it).  So, you might also want to consider UPS too (if other parts of the network might still be operational).  Depending how you implement UPS, you might not need an RPS, for example if each stack member had its own UPS and each UPS could be reconnected to another power line.
    PS:
    For additional stability, if not already running it, 12.2(55)SE8 is considered, by many, as being very stable.

  • Who is anybody using a WISM with FWSM on a CAT 6500 Switch?

    Hi
    Who is anybody using a WISM with FWSM on CAT 6500 switch ?
    Are there any problem,if use?
    And How can I set them to connecting each other ?
    I have founded a document relate it on the cisco website that name is Integrating Cisco WiSM and Firewall Service Module.
    I have a question concern it.
    Why do I have make a VRF to communication each other ?
    Please let me know.

    As far as the FWSM is concerned you can have each of the wireless vlans come in to the same context of the FWSM and then just add those vlans to the FWSM as separate vlans.

  • QoS on Cat 5000 switches?

    Hello. Are there QoS features on old Cat 5000 switches?
    Thanks, Olga

    It all depends on the firmware version you have , whether CatOS or IOS.
    check out these data sheets
    http://www.cisco.com/en/US/products/hw/switches/ps679/products_data_sheets_list.html

  • Whats causing Input drops and overruns between 3502lap and 3750g switch?

    At our HQ we have 6 3502 LAPs terminating into a 3750g switch stack.  We have an issue with performance in some instances which I think is RF related, however in doing all due diligence I am looking at the Ethernet layer as well between the switch and the AP's in the area's of the performance issues.
    I am seeing some Input Overruns and Input Drops on all of the AP's at the HQ location.  One I am looking at now has 330 overrun and 34564 input drops.  I have other remote sites and when checking those interface statistics they have 0 input drops and overruns.  The other difference is that the remote sites are in flex connect mode whereas the HQ is in local mode.
    Are the input drops and overruns a concern, or is it just because there's a lot more traffic at the HQ?
    Thanks for your assistance!

    Ok here is the port this AP is connected to that I referenced above.
    GigabitEthernet1/0/30 is up, line protocol is up (connected)
      Hardware is Gigabit Ethernet, address is 6416.8dc9.609e (bia 6416.8dc9.609e)
      Description: Access Port Connection to Cisco Lightweight AP
      MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive set (10 sec)
      Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
      input flow-control is off, output flow-control is unsupported
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input 00:00:19, output 00:00:01, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 46951
      Queueing strategy: fifo
      Output queue: 0/40 (size/max)
      5 minute input rate 52000 bits/sec, 3 packets/sec
      5 minute output rate 30000 bits/sec, 31 packets/sec
         113080164 packets input, 47601198717 bytes, 0 no buffer
         Received 2211359 broadcasts (1347169 multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         0 watchdog, 1347169 multicast, 0 pause input
         0 input packets with dribble condition detected
         711149027 packets output, 153496944729 bytes, 0 underruns
         0 output errors, 0 collisions, 1 interface resets
         0 babbles, 0 late collision, 0 deferred
         0 lost carrier, 0 no carrier, 0 PAUSE output
         0 output buffer failures, 0 output buffers swapped out
    Here is the ports configuration:
    interface GigabitEthernet1/0/30
     description Access Port Connection to Cisco Lightweight AP
     switchport mode access
     ip access-group acl1 in
    end
    Doesn't look too bad on the switch, but on the cisco wireless controller for this AP in question (and others in the HQ) it shows the drops and overruns.  I uploaded a picture of that screen.
    If I change it to local, will it still allow other VLAN's through or would I have to change the switchport to a trunk?

  • Shetting up SSH in Cat 2950 switch

    http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_19_ea1/configuration/guide/swauthen.html#wp1205873
    I am trying to configure SSH on the Cat 2950 switch.  AAA needs to be configured for authentication using the local database.  What does the following sentence mean? "When configuring the local authentication and authorization authentication method, make sure that AAA is disabled on the console".

    Hi,
    For configuring ssh  in switches you should have cryptography images with switches it will be in names like K9 in ios name and configuraing aaa check ou the below link hope this helps out your query !!
    http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html#wp1084748
    http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml
    The message genrally indicates to avoid for packet to move to radius/tacas server.so that login can happen via local database.
    Regards
    Ganesh.H

  • How do I switch web hosting to Business Catalyst?

    I have 2 websites hosted outside BC. As a Creative Cloud member I understand I get to host up to 5 sites for free on BC. Is that the case? If it is, how do I go about switching the hosting from my current web hoster to BC? I'm pretty new to all this.

    Hi Paul,
    The five free sites you get with your Cloud subscription are 5 very basic Business Catalyst plans. Unless your sites are just plain html and CSS it won't work on Business Catalyst servers.

  • While switching web hosting services my podcast quit updating on iTunes. What do I do?

    While switching web hosting services my podcast quit updating on iTunes. What do I do? My RSS URL is http://www.soapboxheroescc.com/podcast/feed.
    Any help would be greatly appreciated

    There is no file at that URL, only an error message.
    Is this your podcast -
    https://itunes.apple.com/podcast/soap-box-heroessoap-box-heroes/id682605938
    This is using the feed at
    http://feeds.feedburner.com/SoapBoxHeroessoapBoxHeroesPodcast
    which has four episodes; however there are no 'enclosure' tags containing the URLs of playable media, so as iTunes does not show episodes with no playable media the podcast shows as empty.
    I could only guess that that is your podcast from the title given in the error message for the URL you quote as you haven't given any further information.
    If it is, then the Feedburner feed must be working from a feed you've created, though there's no way of knowing its URL. You can move Feedburner to using a different feed easily enough, or get the feed it's using working properly, and then the podcast will be subscribable again and the Store will catch up after a few days.

  • NATIVE VLAN on 4006(CAT OS )Switch

    HI,
    How can we configure Native Vlan on 4006(CAT OS) switches??
    Thanks in Advance.

    Hi,
    To control the tagging of the native VLAN traffic on 802.1Q private VLAN trunks, use the tag command.
    switchport private-vlan trunk native vlan
    Rate if it does,

  • Cannot Add Logic Switch To host When Teaming two 10Gbe ports on the same CNA or on different CNAs

    We are trying to set up a new Hyper-V environment for a customer with VMM2012 SP1.  We have the hosts configured, imported, and clustered.  The Uplink Port-Profile is set to the proper LACP teaming method for our switching.  The Logical switch
    is created in uplink mode Team and includes the proper Uplink Port Profile.
    When we go to create a logical switch on the Hosts using the two interfaces to be teamed, we get Warning (25259), Error while applying physical adapter network settings to the teamed adapter.  Error code details 2147942484.
    I reasearched and found articles about setting up NICs in a correct order in the team from least capable to most capable, but in this case we are trying to team two ports on the same adapter... We have tried with Intel X520-2's and Brocade CNA1020's.  The
    odd thing is, if we try to do it on the onboard 1Gbe Broadcom cards, it works fine.
    This happens on both clustered and non-clustered hosts as well.  All VMM components are the latest versions with the latest updates.
    Thanks!

    We are trying to set up a new Hyper-V environment for a customer with VMM2012 SP1.  We have the hosts configured, imported, and clustered.  The Uplink Port-Profile is set to the proper LACP teaming method for our switching.  The Logical switch
    is created in uplink mode Team and includes the proper Uplink Port Profile.
    When we go to create a logical switch on the Hosts using the two interfaces to be teamed, we get Warning (25259), Error while applying physical adapter network settings to the teamed adapter.  Error code details 2147942484.
    I reasearched and found articles about setting up NICs in a correct order in the team from least capable to most capable, but in this case we are trying to team two ports on the same adapter... We have tried with Intel X520-2's and Brocade CNA1020's.  The
    odd thing is, if we try to do it on the onboard 1Gbe Broadcom cards, it works fine.
    This happens on both clustered and non-clustered hosts as well.  All VMM components are the latest versions with the latest updates.
    Thanks!

  • Cat 3750 Switch: Dynamic vlan assignment

    Hey guys,
    I am trying to configure 802.1x on the switch and authenticate users against a Radius server. My radius server is FreeRadius running on Redhat. The authentication works fine but the switch just doesn't take the VLAN assigned by the server. I captured the packets between the server 172.17.1.1 and the switch 172.17.254.100. The cap file is attached here. Can anybody please verify that all the attributes are there and are all correct?
    The client laptop is running Windows XP and it's using EAP-MD5. The laptop in on port F1/0/1. Here is the configuration on the switch:
    aaa new-model
    aaa authentication dot1x default group radius none
    aaa authorization network default group radius none
    interface FastEthernet1/0/1
    switchport mode access
    dot1x pae authenticator
    dot1x port-control auto
    dot1x violation-mode protect
    dot1x reauthentication
    dot1x guest-vlan 17
    dot1x auth-fail vlan 18
    spanning-tree portfast
    radius-server host 172.17.1.1 auth-port 1812 acct-port 1813 key xxxxxx
    I also tried to debug dot1x errors and there is no output so I guess there is no errors... Any advise is appreciated! Thank you!

    Hey Kush, thanks for reply! I did those debugs and I will upload them here. In the debug radius the output is saying that unknow cisco AVP type. I think the switch just doesn't like the Freeradius's attributes. I think what I will do is that I will setup ACS server (with the evaluation software) and configure it to dynamically assign vlan and use the wireshark to watch the attributes sent by the server and adjust my Freeradius setting accordingly and see if that helps...

  • Challenges switching MobileMe-hosted site over to FTP server

    Even after switching over my MobileMe-hosted iWeb page to an FTP server, when I go to my site, I get a msg "MobileMe is now closed." From my understanding, and from the way I have set up my settings in iWeb, this is absolutely not be the case. I don't know what to do.
    To see the message I have been receiving, go here: www.leannamanning.com

    If you had forwarding set up for MobileMe, then this could well be affecting your site.  Did you have CNAME forwarding set up for your domain name when you used MobileMe?  If so, then you will need to go to your domain name registrar and cancel any CNAME forwarding that you had.  You don't need it now that you are publishing to another host.  Cancel it by going to the DNS settings at your domain name registrar.

  • Switching Podcast Hosts on iTunes

    Hi,
    I have found a better host for my podcast, and would like to switch hosts, while still keeping my podcast on iTunes. I am not sure how I would edit these settings within iTunes, if their are any at all. Help anybody?
    Thanks for any replies

    In order to switch iTunes to a new feed URL, you need to first get the new feed up and running, and then add a special tag to the old feed to redirect iTunes: so it's important to keep the old feed running for at least two weeks after the change.
    The exact method is described here:
    http://www.wilmut.webspace.virginmedia.com/notes/podcast.html#move
    Please be careful to follow it exactly, and note the warning that if you make a typing error you can lose control of your podcast.

Maybe you are looking for

  • Date format in Report

    Dear All, In Bex Query I am passing date in this format mm/dd/yyyy and I want this to be display as dd/Mon/yyyy so could you please provide me the solution Thx & regards

  • Speaker is always on when I receive a call

    When I receive a call with my iPhone 5 there is alwas the speaker on and I have to turn it off, otherwise everybody can hear who is calling. How can I turn the speaker off for incomeing calls?

  • Converter for XviD?

    I wanted to convert some XviD video files to avi. After searching online, I downloaded a couple programs including handbrake, but each one diminishes the quality, which is out of my expectation. Is there any program that can convert xvid to avi witho

  • Convert number to date

    Hello. I'm new at this stuff and need a hand with a function. I have a Customer table that has a Date set as a number.  When I drag this field on to the report I get the following: 20,071,101.00 Which makes complete sense since it is a number field.

  • Graphs

    I have recently sarted programming in java, and I would like to write a program that takes in corridinates x and y and draws a line graph on a logarithmic scale with a line of best fit, but i do not know how to handle graphics in java, how is it best