Question about Cisco Network Assistant and authentication

I'm trying to manage several 3750 stacks using CNA and it's able to authenticate with all but two of the stacks (these are NOT cluster members).  During the discovery process, CNA keeps prompting for a username/password.  We use TACACS+ so I give it the same username/password that I would when I login using SSH.  Here's where things come off the rails for me.  If I go to my ACS server and pull up troubleshooting and the load up CNA I do not see any activity.  If I turn on debugs on the switch here's the output I get while trying to connect with CNA:
3750-Fire-Access-Sw2#show debug
General OS:
  TACACS+ events debugging is on
  TACACS+ authentication debugging is on
  TACACS+ authorization debugging is on
  TACACS+ packets debugging is on
  AAA Authentication debugging is on
  AAA Authorization debugging is on
HTTP Server:
  HTTP Server Authentication debugging is on
3750-Fire-Access-Sw2#termin
3750-Fire-Access-Sw2#terminal mon
3750-Fire-Access-Sw2#terminal monitor
3750-Fire-Access-Sw2#
Mar  4 16:26:19: HTTP: Authentication failed for level 15
The funny thing is that if I do these same debugs on a switch that works I get this:
3750-Saints-Access#
Mar  4 16:32:25: HTTP: Priv level granted 15
Mar  4 16:32:25: AAA/BIND(000005A8): Bind i/f
(this is repeated several dozen times)
My understanding of ip http is that if no authentication is enabled it uses the authenication method used by vty (the switch is using http server version 1).  The switch is configured to use aaa/tacacs for vty.  If that is the case then why don't I see activity in ACS and why don't a see a bunch of output from all of the other debugs?  How is CNA authenticating with the switch? 

Does anybody else think Cisco's aaa new-model configuration is as clear as mud?  For what it's worth, I figured out the problem (just in case anybody else has the same issue).  What killed me was this line:
aaa authentication enable default group tacacs+ enable
There's nothing wrong with this command.  I think all it's saying is exec privilege can be provided by tacacs+ OR the locally configured enable secret/password.  The problem for me was that the user account I was using to login just happened to have a different password (in Active Directory) than it did on the local switch for TWO of the ten switch stacks I was trying to group together.  The other switch stacks had the same enable secret as the user account's password.  Now what I don't understand is why the switch decided to look at the enable secret first before trying tacacs.  That doesn't seem logical to me.  How does the switch make this decision?  Is that documented anywhere?

Similar Messages

  • Cisco Network Assistant, and Linksys Switches?

    Hi all,
    Given that Cisco owns Linksys, that CNA seems aimed at the small/medium business market, and that many of those businesses (like me) probably mix and match Linksys managed switches (like the SRW series) as leaf switches hanging off other higher end Cisco network gear, It seems to me that making CNA ccapable of discovering and managing those Linksys switches would make a lot of sense.
    Is there any hope or plan for this in the future?
    -Kyle

    I would like to see this as well.  I have nine Linksys SRW2024 units and it is a pain to go into each one seperately.  I am used to the Cisco Network Assistant and it would greatly help if they could talk to LinkSys smart switches.  Please!
    -Milt Hull

  • Cisco Network Assistant and add to comunity problem via HTTPS

    hello,
    i have big network of cisco switches and all is in my cisco network assistant in comunity connected via HTTPS. if i add new switch to network (all for HTTPS access is configured good: domain name, ip http secure-server, authenticate locale ...) and if i can add this switch to comunity (right click on icon and ADD TO COMUNITY), CNA say "Unable to Connect", because it can connect to switch via HTTP (i have disable it on switch), not via HTTPS. i have never version of CNA ... where is problem? why it not connect to switch via HTTPS? hmmm? thank you ... Peter

    "The HTTP server interface must be enabled to display the network assistant. " Source.
    You can put an access-list on the http server if you are concerned about security exposure.

  • Cisco Network Assistant and IOS

    Does Cisco Network Assistant require a certain Ciso IOS to work?

    Hi,
    My understanding is that CNA is limited to a certain set of platforms, as indicated here:
    http://www.cisco.com/en/US/products/ps5931/products_data_sheet0900aecd8034fbf1.html
    AS long as you have a supported device, I don't believe you need a special IOS version in order to use it.
    Hope that helps - pls rate the post if it does.
    Paresh

  • Network Management: Question about calculating network,host and broadcast a

    I would like to say i am new to this forum and I do not know if this is the right place to post this but i am currently in a cisco academy for CCNA and if anyone else is in this class i am stuck @ 6.2.2 in the online cisco material.....
    given the following address/prefix of 141.124.88.174/30
    enter the last octet in binary of the network,
    I am totally lost @ how to find the network octet i know /30 means the first 30bits are network and the last 2 are host i also know the last octet is 10101100 or 172
    my question how do you get .174 to .172??? if you are wondering how i know the answer --it is in the book i just dont know how to do it on my own :)
    thanks much

    Eric
    My sense is that you may have skipped a step (or maybe I skipped in understanding your post). The best way to explain this is to refer to binary - which you have started to do.
    For address ...174 the last octet is 101011 10 (in which 101011 represent the network bits and 10 represent the host bits). To find the network bits make the host bits all binary 0 - which means that the subnet address is 101011 00 or 172.
    So the answer to your question is that you get from 174 (host address ) to 172 (network address) by changing all host bits to binary zero.
    HTH
    Rick

  • ESW-520-24-K9 and Cisco Network Assistant

    HI,
    Is this switch model ESW-520-24-K9 is supported by Cisco Network Assistant.
    In the leatest release notes of CNA are supported Catalyst Express 520 Series Switches and this model WS-CE520-24TT-K9 is on the supported list.
    But the mention model above is EoL and the new one is ESW-520-24-K9.
    Thanks,
    Kamil

    Hi Dave,
    Thanks for your replay.
    Yes, you are right that this switch model is supported by CCA but not by Cisco Network Assistant.
    These programs are different in functionality.
    The situation has become clearer, since the customer bought the Cisco Catalyst 2960 series switch.
    Kamil

  • 2960S-48FPD and Cisco network Assistant

    Hi all,
    I'm using Cisco network Assistant V5.5 and when I try to discover WS-C2960S-48FPD-L I have this message :
    Unsuported device type ... cannot add device to commuity
    Any have a solution to that problem ??
    Thank's, Laurent

    Hi Laurent,
    This switch is not supported by Cisco Network Assistant yet.

  • WS-2960-48TC-L and Cisco Network Assistant

    Hello all!
    I have WS-2960-48TC-L in
    #show ver
    Switch Ports Model              SW Version            SW Image
    *    1 50    WS-C2960+48TC-L    15.0(2)EZ             C2960-LANBASEK9-M
    In Cisco Network Assistant (ver. 5.8.(9.1)) I can not  add a switch to the community? And Why in Model string we have + (plus) but not - (dash)
    Sorrry for my bad English.

    Hi Dave,
    Thanks for your replay.
    Yes, you are right that this switch model is supported by CCA but not by Cisco Network Assistant.
    These programs are different in functionality.
    The situation has become clearer, since the customer bought the Cisco Catalyst 2960 series switch.
    Kamil

  • Cisco Network Assistant 5.5 and WS-X4013+10GE

    I have installed CNA 5.5 and it works fine with most of the devices, including catalyst 4500 series with different supervisors (WS-X4013+, WS-X4013+TS, WS-X45 SUP6-E).
    It can also detect supervisor WS-X4013+10GE, but CNA failed to show this device in Front Panel View. Is there anything I have to do to make the devices with Supervisor WS-X4013+10GE to be shown in Front Panel View?
    WS-X4013+10GE are in either 4503 or 4506 chassis, running IOS version 12.2(31)SGA or 12.2(40)SG.
    Please give some hints, thanks.
    Rgds,
    Sunny

    I  downloaded Cisco Network Assistant 5.5, everytime when I try to run
    I get error message "Could not creat Java virtual Machine' any idea how
    to solve this?
    To overcome this problem, open the file C:\Program Files\Cisco Systems\CiscoSMB\Cisco Network Assistant\startup\startup.properties (the default installation path), and modify this entry:
    JVM_MAXIMUM_HEAP=1024m
    Replace 1024m with a lower setting that does not exceed the available RAM. There is no way to foresee what value will work. Try 512m, and lower it further if necessary. You can use the dial peer tag range 2500 to 2999 out-of-band to define your own dial peers.
    Check out the below link for more information
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_network_assistant/version5_0/release/notes/OL12210a.html
    Hope to Help !!
    Ganesh.H
    Remember to rate the helpful post

  • Cisco Network Assistant question

    Hi
    I am a new user of Cisco Network Assistant. I got it to display the network of switches in the topology view. However a couple of switches are not displayed as linked to another switch (i.e shown as seperate from the network). Could someone please let me know why this is happening and how to get the switches to display as linked to another switch.
    Thanks

    Hi Michel
    Thanks for your reply.
    I have the right to see the switches as I am the one who configured all of them from scratch and deployed them. All is working fine except that now I started to look at ways to manage them. I thought I enabled CDP on all of them but I will double check. Also I am not using ACS but planning to in the future.
    Cheers
    Raoul

  • Cisco Network Assistant, unable to add a switch

    I have a network running some 20 switches, two controllers and many AP's.  All the devices that should be able to connect to cisco network assistant can successfully.  However there is one switch that will show in neighbours but will give the message of “unable to connect to device” when I try and add it to the topology. 
    As far as I can see the config is identically to all other similar switches in the network.  I can telnet from a switch (management VLAN) to the switch in question.  However when I try to ping or telnet from the PC running network assistant (different subnet) I am unsuccessful.  However I can ping/telnet to all other cisco device from this PC. 
    The switch is a WS-C3560-48TS and I have included the config for firstly the switch in question and another switch of the same model and config that works correctly.  Any help would be greatly appreciated, thank you.    
    sho run
    Building configuration...
    Current configuration : 7363 bytes
    version 12.2
    no service pad
    service timestamps debug datetime localtime
    service timestamps log datetime localtime
    service password-encryption
    hostname wc3_switch_1
    enable secret 5 $1$Fn0U$2rG6DadA8JSUzQzSNmMc4/
    enable password 7 1511021F0725
    username dis privilege 15 secret 5 $1$b3d.$S43CM1xtXyEtO5Rsil6Bn1
    username admin privilege 15 password 7 0811185C224C543341
    no aaa new-model
    ip subnet-zero
    ip routing
    no ip domain-lookup
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    interface FastEthernet0/1
    description ### Connected to Parkside-AP05 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/2
    description ### Connected to Parkside-AP06 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/3
    description ### Connected to Parkside-AP07 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/4
    description ### Connected to Parkside-AP08 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/5
    description ### Connected to Parkside-AP12 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/6
    description ### Connected to Parkside-AP13 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/7
    description ### Connected to Parkside-AP20 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/8
    description ### Connected to Parkside-AP21 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/9
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/10
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/11
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/12
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/13
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/14
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/15
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/16
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/17
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/18
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/19
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/20
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/21
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/22
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/23
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/24
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/25
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/26
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/27
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/28
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/29
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/30
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/31
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/32
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/33
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/34
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/35
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/36
    description ### Connected to Parkside-AP36 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/37
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/38
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/39
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/40
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/41
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/42
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/43
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/44
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/45
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/46
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/47
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/48
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface GigabitEthernet0/1
    description *** Connected to WC2A_Core_Switch ***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface GigabitEthernet0/2
    description *** Connected to wc3_switch_2 ***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface GigabitEthernet0/3
    shutdown
    interface GigabitEthernet0/4
    shutdown
    interface Vlan1
    ip address 10.0.0.31 255.255.255.0
    ip default-gateway 10.0.0.254
    ip classless
    ip http server
    control-plane
    line con 0
    password 7 144711185D07
    logging synchronous
    login local
    line vty 0 4
    password 7 144711185D07
    logging synchronous
    login local
    line vty 5 15
    password 7 094F471A1A0A
    no login
    end
    wc3_switch_2#sho run
    Building configuration...
    Current configuration : 7239 bytes
    version 12.2
    no service pad
    service timestamps debug datetime localtime
    service timestamps log datetime localtime
    service password-encryption
    hostname wc3_switch_2
    enable secret 5 $1$Sfoj$a6AdO7PI0bP8ERhpWl3OP.
    username dis privilege 15 secret 5 $1$D9c6$16yFzETOxBNHiPdTEqkxQ1
    username admin privilege 15 password 7 133543002059550E78
    no aaa new-model
    ip subnet-zero
    no ip domain-lookup
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    interface FastEthernet0/1
    description ### Connected to Parkside-AP24 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/2
    description ### Connected to Parkside-AP27 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/3
    description ### Connected to Parkside-AP28 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/4
    description ### Connected to Parkside-AP30 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/5
    description ### Connected to Parkside-AP31 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/6
    description ### Connected to Parkside-AP32 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/7
    description ### Connected to Parkside-AP33 ###
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/8
    description *** Curric4 VLAN Port ***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface FastEthernet0/9
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/10
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/11
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/12
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/13
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/14
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/15
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/16
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/17
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/18
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/19
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/20
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/21
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/22
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/23
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/24
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/25
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/26
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/27
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/28
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/29
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/30
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/31
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/32
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/33
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/34
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/35
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/36
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/37
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/38
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/39
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/40
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/41
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/42
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/43
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/44
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/45
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/46
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/47
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface FastEthernet0/48
    description *** Curric4 VLAN Port ***
    switchport access vlan 6
    spanning-tree portfast
    interface GigabitEthernet0/1
    description *** Connected to wc3_switch_1 ***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface GigabitEthernet0/2
    description *** Connected to wc3_switch_3 ***
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast
    interface GigabitEthernet0/3
    shutdown
    interface GigabitEthernet0/4
    shutdown
    interface Vlan1
    ip address 10.0.0.32 255.255.255.0
    ip default-gateway 10.0.0.254
    ip classless
    ip http server
    control-plane
    line con 0
    password 7 135514015A0F
    logging synchronous
    login local
    line vty 0 4
    password 7 135514015A0F
    logging synchronous
    login local
    line vty 5 15
    no login
    end

    The switch configurations look pretty straightforward and mostly correct.
    I notice that the problem switch has "ip routing" global command. Why is that necessary? You are only using it as a L2 switch, yes?  If you use "ip routing" and have no routing process (ospf, eigrp, etc.) running you would need to add a static default route (ip route 0.0.0.0 etc.) and not use the "ip default-gateway" command. Otherwise the switch itself (the SVI) does not know how to leave the management VLAN routing-wise since it is the only L3 interface defined.
    (I might also add "ip http authentication local" on each and I'd definitely disable telnet in favor of ssh)

  • Cisco Network Assistant (CNA) Error: Connect

    Best regards community,
    Please I need your help, I installed Cisco Network Assistant 5.8 (9.1) for manage some catalyst switches as 2950, 2960, 2960S, 2960X, 3750X. I can manage all devices except WS-C2960X-24TS-LL model, I have following message from CNA: "Error: Connect Index: 26, Size:26". This device have same configuration for level 15 access as other devices with user name and password. the catalyst switch IOS version is 15.0(2)EX4
    This problem is about either software or hardware? How can solve?
    Thanks in advance

    You're welcome.
    I know the product team monitor the Network Management Forum. If you post your question there, one of them may pick up on it.
    The CNA support typically lags the new product release by about 4-6 months, sometimes longer depending on how well the hardware product release matches up with the network management product's latest release date. The 2960XR just started shipping in July 2013 so a good guess would be that CNA might support it in the next release (5.9?). That's just a guess though.

  • Cisco Network Assistant mail notification

    We just install CNA ver 5.5. and we setup the mail alerting from logging level 3 (Errors) to avoid too much notifications but we get mail informing us about interface up/down due simple machine shutdown/reboot like this one:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Tabella normale";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    X-Mailer: Cisco Network Assistant System Messages Notification Mailer
    Device: XXXX
    000777: Aug 25 09:07:00.086: %LINK-3-UPDOWN: Interface GigabitEthernet0/24, changed state to up
    How is possible to disable this kind of messages?
    Thank you.

    Hi Luis,
    Few questions :
    - is it the same on all machines you tested CNA on ?
    - is this an upgrade from a previous (and working) version ?
    - is it the English version of Windows, or a localized one ?
    Regards,
    Marc

  • Cisco Network Assistant (CNA) 2960X Support

    Hi Folks,
    The 2960X datasheet indicates that it supports Cisco Network Assistant (CNA), but when I tried it with CNA 5.8.7 it was not compatible. The release notes for 5.8.7 did not include the 2960X as a  supported device.
    CNA 5.8.7 Release Notes:
    https://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/qa_c67-577519.pdfhttp://www.cisco.com/en/US/docs/net_mgmt/cisco_network_assistant/version5_0/release/notes/OL12210a.html
    Can someone confirm if CNA will have support for the 2960X series in the future and if possible provide some guidelines on timing?
    Thanks,
    Chris

    You're welcome.
    I know the product team monitor the Network Management Forum. If you post your question there, one of them may pick up on it.
    The CNA support typically lags the new product release by about 4-6 months, sometimes longer depending on how well the hardware product release matches up with the network management product's latest release date. The 2960XR just started shipping in July 2013 so a good guess would be that CNA might support it in the next release (5.9?). That's just a guess though.

  • Wrong Port Statistics in Cisco Network Assistant

    Hello,
    I'm having some troubles with CNA (version 6.0). There's a few switches in the network that displays wrong information about sports activities/statistics. I've got some ports administratively down, without activity, however CNA is showing Tx and Rx rates, etc. I've already cleared counters from the application and from CLI too. If I do "show interface Gix/x/x" in the CLI, it returns results that I waited, but not in CNA, where it's showing wrong information. Moreover, some ports which should have activity and statistics, don't displays info. All rates and statistics shows 0 when I'd must see any number except 0.
    I'm talking about a stack with 3 Catalyst 3750-X 48P.
    Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.0(2)SE5, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2013 by Cisco Systems, Inc.
    Compiled Fri 25-Oct-13 12:38 by prod_rel_team
    ROM: Bootstrap program is C3750E boot loader
    BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
    Thanks,
    Kind regards,

    In Cisco Network Assistant, under smart ports, if I configure the switch port as Cisco Wireless/Router, it hard  codes the interface as Trunk.In this particular case what is the reason for hard coding it as trunk?
    When you are dealing with autonomous wireless access point, it's very common to have mutiple VLANs configured in the WAP, therefore you need a Trunk switch port.
    You can also configure the trunk port to allow VLANs of your choice.

Maybe you are looking for

  • Problem in using JOB_OPEN, JOB_SUBMIT & JOB_CLOSE

    Hi, I using following code to submit the Job. But Job which is created is getting canceled in SM37 can anybody let me where the error is ? I used GET_PRINT_PARAMETERS function module too but same results. Thanks in advance. DATA: TBTCJOB  TYPE  TBTCJ

  • Help me find a new headset for iPhone!

    Apple sure can design some awesome products, but sometimes they think a little too different or not different enough on the simplest things. Like their mice. The Mighty Mouse has some awesome functionality, but I never owned one whose scrollball last

  • Problem with my feed

    the service i was using server went down for a couple of hurs but ever since it came back up i cant find it in the itunes store anymore so my subscribers cannot get the new show. i tried re submiting the feed but itunes says they already have it here

  • HT202157 Apple TV update

    My apple tv has a box saying "new software to update the tv has been found. it is strongly recommended to update now" I press the centre button on the remote to do update and nothing happens. I could still use the menu behind the info box but it want

  • HDMI sound. Pavilion DV6. Windows 7. TV sound was working via HDMI. Now switched off?

    I connected the pavilion dv6 to the tv with an HDMI cable. Sound and vision were working on the tv after setting the TV to HDMI. My Grandson discovered that their was no sound from the computer and, unknown to me, changed something to get sound from