Ssh activation on 3550 switches

Similar Messages

• Routing Issue with 3550 Switch

  I am having an issue with routing with one of my Cisco 3550 switches.  I know the 3550s are EoL but some of us have to work with what we have.
  I am using a 3550 on either side of a Layer 2 link.  The Layer 2 link is 2 Extreme Summit X-440 switches with Microwave between the switches.  I have a VLAN configured on both switches and tagged on the ports connected to the Microwave.  The 3550 switch on each end is configured for IP routing but I cannot pass traffic between the switches.  If I unplug the switch on the local end and plug in a laptop, I can ping the switch on the remote end and access devices at the remote end. 
  I know this should work because I am doing the same thing over another Microwave link and Layer 2 link using another 3550 and a HP ProCurve at the remote end.
  Here are the configs for each 3550:
  Local end;  Port Fa0/23 goes to the Remote Side.  Port Fa0/24 goes to the rest of the network
  Current configuration : 5417 bytes
  ! No configuration change since last restart
  version 12.2
  no service pad
  service timestamps debug datetime localtime show-timezone
  service timestamps log datetime localtime show-timezone
  no service password-encryption
  service sequence-numbers
  hostname Brindley3550
  enable secret 5 $1$3A.n$lzBUQg.fn4hJ7f0jEOqe71
  no aaa new-model
  clock timezone UTC -6
  clock summer-time UTC recurring 1 Sun Apr 2:00 1 Sun Nov 2:00
  mls qos map cos-dscp 0 8 16 26 32 46 48 56
  mls qos min-reserve 5 170
  mls qos min-reserve 6 10
  mls qos min-reserve 7 65
  mls qos min-reserve 8 26
  mls qos
  ip subnet-zero
  ip routing
  ip domain-name morgan911.net
  ip name-server 1.2.150.11
  ip name-server 1.2.150.5
  spanning-tree mode pvst
  no spanning-tree optimize bpdu transmission
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  interface FastEthernet0/1
   switchport access vlan 18
   switchport mode dynamic desirable
   spanning-tree portfast
  {Removed for Brevity}
  |
  interface FastEthernet0/7
   switchport access vlan 13
   switchport mode dynamic desirable
   spanning-tree portfast
  interface FastEthernet0/8
   switchport access vlan 13
   switchport mode dynamic desirable
   spanning-tree portfast
  {Removed for Brevity}
  interface FastEthernet0/23
   description To Gum Springs via Extreme P10
   no switchport
   ip address 1.2.147.1 255.255.255.252
   speed 100
   duplex full
  interface FastEthernet0/24
   description To Flint via Ceragon Eth 2
   switchport trunk encapsulation dot1q
   switchport mode trunk
   speed 100
   duplex full
   mls qos trust cos
   auto qos voip trust
   wrr-queue bandwidth 20 1 80 1
   wrr-queue min-reserve 1 5
   wrr-queue min-reserve 2 6
   wrr-queue min-reserve 3 7
   wrr-queue min-reserve 4 8
   wrr-queue cos-map 1 0 1 2 4
   wrr-queue cos-map 3 3 6 7
   wrr-queue cos-map 4 5
   priority-queue out
   spanning-tree link-type point-to-point
  interface GigabitEthernet0/1
   switchport trunk encapsulation dot1q
   switchport mode trunk
  interface GigabitEthernet0/2
   switchport access vlan 10
   switchport trunk native vlan 50
   switchport mode dynamic desirable
   spanning-tree portfast trunk
  interface Vlan1
   ip address 1.2.145.2 255.255.255.0
  ip default-gateway 1.2.145.1
  ip classless
  ip route 0.0.0.0 0.0.0.0 1.2.145.1
  ip route 1.2.165.0 255.255.255.240 1.2.147.2
  ip route 1.2.166.0 255.255.255.240 1.2.147.2
  ip http server
  snmp-server community public RO
  snmp-server community public/RO RO
  snmp-server location Brindlee Mountain Tower Site
  snmp-server contact Jamey Wright
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  snmp-server enable traps cluster
  snmp-server enable traps entity
  snmp-server enable traps envmon fan shutdown supply temperature
  snmp-server enable traps vtp
  snmp-server enable traps vlancreate
  snmp-server enable traps vlandelete
  snmp-server enable traps flash insertion removal
  snmp-server enable traps port-security
  snmp-server enable traps config
  snmp-server enable traps syslog
  snmp-server enable traps mac-notification
  snmp-server enable traps vlan-membership
  snmp-server host 1.2.150.100 public  tty envmon syslog snmp
  control-plane
  ntp clock-period 17180143
  ntp server 1.2.150.21
  end
  And this is the config for the remote end.  Port Fa0/24 is the port for the link back to the local end.
  Current configuration : 5058 bytes
  version 12.2
  no service pad
  service timestamps debug datetime localtime show-timezone
  service timestamps log datetime localtime show-timezone
  no service password-encryption
  service sequence-numbers
  hostname GS3550
  enable secret 5 $1$3A.n$lzBUQg.fn4hJ7f0jEOqe71
  no aaa new-model
  clock timezone UTC -6
  clock summer-time UTC recurring
  mls qos map cos-dscp 0 8 16 24 32 46 46 56
  udld aggressive
  ip subnet-zero
  ip routing
  ip domain-name morgan911.net
  ip name-server 1.2.150.11
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  interface FastEthernet0/1
   switchport access vlan 21
   switchport mode dynamic desirable
   spanning-tree portfast
  interface FastEthernet0/2
   switchport access vlan 21
   switchport mode dynamic desirable
   power inline delay shutdown 20 initial 300
   spanning-tree portfast
  {Removed for Brevity}
  interface FastEthernet0/23
   switchport access vlan 22
   switchport trunk encapsulation dot1q
   switchport mode trunk
   speed 100
   duplex full
   spanning-tree portfast
  interface FastEthernet0/24
   description To Brindlee via Extreme P10
   switchport mode dynamic desirable
  (Is a member of VLAN 1)
   speed 100
   spanning-tree portfast
  interface GigabitEthernet0/1
   switchport trunk encapsulation dot1q
   switchport mode trunk
  interface GigabitEthernet0/2
   switchport mode dynamic desirable
   spanning-tree portfast
  interface Vlan1
   ip address 1.2.147.2 255.255.255.252
  interface Vlan21
   ip address 1.2.165.1 255.255.255.240
   ip helper-address 1.2.150.11
   ip helper-address 1.2.150.5
  interface Vlan22
   ip address 1.2.166.1 255.255.255.240
   ip helper-address 1.2.150.5
   ip helper-address 1.2.150.11
  ip default-gateway 1.2.147.1
  ip classless
  ip route 0.0.0.0 0.0.0.0 1.2.147.1 10
  ip http server
  snmp-server community public RO
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  snmp-server enable traps cluster
  snmp-server enable traps entity
  snmp-server enable traps envmon fan shutdown supply temperature
  snmp-server enable traps vtp
  snmp-server enable traps vlancreate
  snmp-server enable traps vlandelete
  snmp-server enable traps flash insertion removal
  snmp-server enable traps port-security
  snmp-server enable traps config
  snmp-server enable traps hsrp
  snmp-server enable traps bridge newroot topologychange
  snmp-server enable traps syslog
  snmp-server enable traps mac-notification
  snmp-server enable traps vlan-membership
  snmp-server host 1.2.150.100 public  envmon syslog snmp
  control-plane
  ntp clock-period 17180192
  ntp server 1.2.150.21 key 0 prefer
  Ideas?  Anything stand out as grossly wrong?  I have worked on this for 2 days and am at a loss.
  Thanks
  Jamey

  Sorry for the delay in replying.  Other items at the office took priority over this project.  I tried that and no change.  I pulled the switch from the remote site and took it back to the local end and connected the switches with a crossover cable and everything works fine.  I have pretty much determined that it is an issue with the config in one of the Extreme switches.  The config in those look pretty normal but there are a few things I am unsure of.  Guess I'll see if there is a similar site for Extreme gear.
  Thanks
  Jamey

• Using Catalyst 3550 Switch with Linksys Home Router and Cable Internet

  I've about pulled what little hair I have out of my head on this one, and need some configuration help.
  I have a Cisco Catalyst 3550 switch with five Windows 7 desktops, an Avaya PBX and five Avaya IP phones attached.  All of these devices are on a 192.168.0.0/24 subnet, and are communicating properly.  I will refer to this as network # 1. I also have SEPARATE network, we'll call network # 2, using AT&T ADSL service and a Netgear 4-port/wireless router/ADSL modem combo device, which is functioning properly with a couple of other Windows 7 desktops over its own wired Ethernet network, using DHCP, and also on a 192.168.0.0/24 subnet.  I thought it would be a simple integration, just plugging one of the 3550's ports to one of the DSL router's ports, in order to give the five Windows 7 desktop computers on network # 1 internet access via the DSL modem. Guess I was wrong.  When I connect the two switches together, although I get a good connectivity (green lights on both ports) and am able to ping the DSL router's gateway address (192.168.0.252) from network # 1's computers, the computers on network # 1 cannot access the internet. Also, the working computers on network # 2 lose their internet access as long as the two switches are connected together. I am not a Cisco guru, but there's got to be a way to make this scenario work.  Can someone provide me with a 3550 configuration that will allow me to extend my internet service from network # 2 on the DSL router to my 3550 switch and their computers?  Here's what I am looking for:
  INTERNET ---> ADSL MODEM ---> NETGEAR ROUTER ---> CISCO 3550 SWITCH ---> NETWORK DEVICES WITH INTERNET ACCESS

  The Netgear router is probably what's doing the natting. Is the 3550 configured for routing or is it straight L2? If you have the 3550 configured as L3, then it's going to be easy to do what you want. Just add a static route on the Netgear to point the subnet that it doesn't know about to the 3550. For example, if the Netgear is addressed at 192.168.1.1 and the Cisco 3550 is addressed at 192.168.1.2, but it also knows about the 192.168.0.0/24 (separate vlan), then you would put a static route on your Netgear for 192.168.0.0/24 to go to 192.168.1.2.
  The way that I would do it is to create a separate vlan on the 3550 and assign an address to it. Once you do that, make the port that the other switch connects to an access port of that vlan. (It would need to be on the same subnet as the existing equipment.) All of your devices would use it as a default gateway and then you would do the rest as above. You could also use RIP between the Netgear and Cisco if you can't do static routing.
  HTH,
  John

• 802.1x, 350AP, 3550 Switch, and ACS 3.0

  Yikes!
  Whatta mess I got myself into! Im trying to implement a couple of security features (at the same time) due to higher corporate directives. I am trying to implement Radius, 802.1x port authentication on a Cat 3550 switch, and mac address athuentication for wireless clients. The idea was:
  1. The 3550 has port based authentication on it and should authenticate access points as well as any workstations that will/may connect to it.
  2. The wireless clients will be MAC authenticated via the access point passing requests to the radius server.
  Confused? I am too, help!
  Thanks

  Nilesh, Thanks for the reply.
  But I do have a few further questions if you are willing:
  1. Getting the AP to use 802.1x and talk with the radius server seems to be the big problem. I have not been able to find clear enough instructions on how to set the AP to do 802.1x through the switch. I do realize the LEAP is just cisco's implementation of 802.1x but we are trying to use non-proprietary protocols.
  2. We already have the clients MAC addresses in the AP's but want to get away from this (network mgt issues) by using the ACS server.
  I guess what makes this confusing for me is the chain of events and if they are possible to do. Here are the steps as I see them, please advise if this is not possible to do.
  1. Access point is plugged into 3550 and uses 802.1x authentication with radius through the switch. Once the switchport is authorized, then the wireless clients can try to associate with AP. To do this the MAC address of the client , is sent to ACS for authorization and when authorized allowed to communicate. Then the wireless client retrieves an IP address through DHCP.
  Whew.

• Defining DNS on a 3550 switch

  I have three 3550 switches and want to define a DNS server on one of my switches (172.16.2.10). I have done the following in the DNS switch:
  3550(config)#ip domain-lookup
  3550(config)#ip host Setad 172.16.8.2
  3550(config)#ip host MAVAD 172.16.5.2
  3550(config)#ip domain-name cressnet.com
  I have done the following on the 172.16.5.2 (MAVAD) switch (one that is not a DNS):
  3550(config)#ip domain-lookup
  3550(config)#ip name-server 172.16.2.10
  3550(config)#ip domain-name cressnet.com
  In normal operation I can telnet from 172.16.5.2 to 172.16.8.2; but in this situation, when I issue the "Setad" to telnet Setad (172.16.8.2) from the 172.16.5.2, nothing happens.
  Please help!
  Thanks.

  Thanks for your reply.
  My DNS server switch hostname is "MUT-FIBER-SWITCH" and its IP address is 172.16.2.10. Look at the DNS configuration in this switch:
  MUT-FIBER-SWITCH#sh hosts
  Default domain is not set
  Name/address lookup uses domain service
  Name servers are 255.255.255.255
  Host Port Flags Age Type Address(es)
  Setad None (perm, OK) 44 IP 172.16.8.2
  MAVAD None (perm, OK) 0 IP 172.16.5.2
  I have set the following configuration in the MAVAD switch:
  MAVAD(config)#ip domain-lookup
  MAVAD(config)#ip name-server 172.16.2.10
  and
  MAVAD:#ping 172.16.2.10
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 172.16.2.10, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
  and
  MAVAD:#ping 172.16.8.2
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 172.16.8.2, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
  and
  MAVAD:#telnet 172.16.8.2
  Trying 172.16.8.2 ... Open
  Welcome To Master Switch In SETAD
  Username: Malek
  Password:
  SETAD>exit
  but
  MAVAD:#Setad
  Translating "Setad"...domain server (172.16.2.10)
  % Unknown command or computer name, or unable to find computer address
  and
  MAVAD:#ping setad
  Translating "setad"...domain server (172.16.2.10)
  % Unrecognized host or address, or protocol not running.

• Activation of additional Switch BC sets

  Hello,
  I've recently activated several business functions for Utilities via the Switch framework.
  Apparently a few additional BC-sets have been saved with inconsistencies and therefore not all Switch BC sets are "on"
  The reason for this inconsistency is that SAP delivered standard entries in the BC-set while in there exist no such entries in the system database table.
  The activation of this switch is ended with error "Activation ended" reason is "Differences between BC Set and system Data"
  My question: How can this be resolved?
  Also, I suspect that is not necessary that all additional BC-sets are activated in order to have a good working IS-U environment
  Important remark: I'm not able to find these additional BC-sets through transactions SCPR20 or SCPR3 (only the general ones are there) Why is this?
  Thank you,
  Krgds
  Joke

  Hello Joke,
  First, in TA SCPR3 you have to set your settings to allow displaying Switch BC sets.
  -> Utilities ->User Settings . Then select option 'Allow displaying Switch BC sets'
               TA SCPR20 is use for Classic BC sets
  Second, Non-cascading do not automatically unpack BC sets in all clients. Therefore, depending how the activation was triggered may influence in which client the BC sets are activated. If the BC sets are activated by the transport of Switch Framework settings, most probably they were activated in client 000 only.
  You may require extra options to activate the BC sets, i.e. activate them in Logon Client.
  See SAP Consulting note 1909425 and its PDF attachment.
  From the provided attachment, I could see that you already accessed TA SFW_BROWSER.
  From the BC set screen, you have access to the Activation log ('page' icon next to the 'Activate' icon).
  Regards, Pascale

• 3550 Switch -Fiber interface VLAN question

  Hello,
  I will deploying two Cisco 3550 Switches and connecting them via a ordinary multimode fiber with GBIC 1000BASE-SX - transceivers installed on each switch. Here is my question: I will be configureing about half of the ports on each of the switches to be in one of two VLANS. I would like to configure the two vlans to run over the single fiber line. Is is possible to configure one fiber port, with the GBIC 1000BASE-SX - transceiver installed, with two vlans and/or subinterfaces each with half of the 1000mb of bandwidth, or will I need to run an additional fiber line connected to the second fiber interface on the 3550 to accomplish this. I really hope not to as I don't have the funds to run a second line at this time. If this configuration is possible could someone please point me to documentation on how to configure this and\or give some advice. Thank you.
  Regards,
  JPS

  Just set up the link as a trunk , this allows you to send as many vlans across that link as you want . On each side just do the following.
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk mode dynamic desirable
  Verify trunk status with the "show int trunk " command.
  More info at http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00803a9af5.html#wp1200245

• Assign VLAN from freeradius to Cisco 3550 Switch

  Hi All,
  I am trying to assign VLAN from freeradius to the a cisco 3550 switch but it's not working.
  I keep getting those lines in the cisco switch debug:
  3w6d: RADIUS:  Tunnel-Medium-Type  [65]  6   01:Unsupported            [6]
  3w6d: RADIUS:  Tunnel-Type         [64]  6   01:Unsupported            [13]
  What does it mean? Any idea how to solve this?
  Below freeradius conf and switch debug.
  Thanks.
  Configuration on freeradius users file:
  wassim    Cleartext-Password := "wassim"
          Tunnel-Medium-Type:1 = IEEE-802,
          Tunnel-Type:1 = VLAN,
          Tunnel-Private-Group-Id:1 = 100
  Cisco Switch debug log:
  3w6d: RADIUS:  authenticator 99 15 53 A6 AB B7 0B 75 - 9F A7 5F 27 8F F1 2E 67
  3w6d: RADIUS:  NAS-IP-Address      [4]   6   192.168.1.8              
  3w6d: RADIUS:  NAS-Port            [5]   6   50023                    
  3w6d: RADIUS:  NAS-Port-Type       [61]  6   Eth                       [15]
  3w6d: RADIUS:  User-Name           [1]   8   "wassim"
  3w6d: RADIUS:  Called-Station-Id   [30]  19  "00-15-F9-F8-4E-97"
  3w6d: RADIUS:  Calling-Station-Id  [31]  19  "00-1A-80-3F-F6-A1"
  3w6d: RADIUS:  Service-Type        [6]   6   Framed                    [2]
  3w6d: RADIUS:  Framed-MTU          [12]  6   1500                     
  3w6d: RADIUS:  State               [24]  18 
  3w6d: RADIUS:   DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7  [???????^u^[?#:T?]
  3w6d: RADIUS:  EAP-Message         [79]  69 
  3w6d: RADIUS:   02 06 00 43 15 00 17 03 01 00 38 BF 71 FC FA 04  [???C??????8?q???]
  3w6d: RADIUS:   BE DC FD CC 03 D2 7F 8B 09 63 2C B2 AE D8 AC 61  [?????????c,????a]
  3w6d: RADIUS:   64 21 2B 00 ED 0E 6E E8 B0 49 50 6B 99 B8 88 A4  [d!+???n??IPk????]
  3w6d: RADIUS:   36 C6 FD B9 F0 77 2D 82 28 0A 37 D1 D4 73 B4 59  [6????w-?(?7??s?Y]
  3w6d: RADIUS:   F9 37 E6                                         [?7?]
  3w6d: RADIUS:  Message-Authenticato[80]  18 
  3w6d: RADIUS:   A2 59 A3 DE A6 98 5F 78 25 12 59 BB 4D B8 74 F0  [?Y????_x??Y?M?t?]
  3w6d: RADIUS: Received from id 1645/123 192.168.1.57:1812, Access-Accept, len 186
  3w6d: RADIUS:  authenticator C0 31 7F D7 A6 D4 1F C8 - 27 AA F0 99 EA 1F 92 C3
  3w6d: RADIUS:  Tunnel-Medium-Type  [65]  6   01:Unsupported            [6]
  3w6d: RADIUS:  Tunnel-Type         [64]  6   01:Unsupported            [13]
  3w6d: RADIUS:  Tunnel-Private-Group[81]  6   01:"100"
  3w6d: RADIUS:  Vendor, Microsoft   [26]  58 
  3w6d: RADIUS:   MS-MPPE-Recv-Key   [17]  52 
  3w6d: RADIUS:   86 8B 3E 74 76 E7 CB 9A 8F EF F5 9C 16 2E 88 1A  [??>tv????????.??]
  3w6d: RADIUS:   12 3B 80 A6 E9 9B B6 6F E6 63 C8 AA B0 DB 0E 76  [?;?????o?c?????v]
  3w6d: RADIUS:   61 C1 6A 5D 62 BD 72 BE 78 C8 9D 4D A7 3F 54 35  [a?j]b?r?x??M??T5]
  3w6d: RADIUS:   40 DC                                            [@?]
  3w6d: RADIUS:  Vendor, Microsoft   [26]  58 
  3w6d: RADIUS:   MS-MPPE-Send-Key   [16]  52 
  3w6d: RADIUS:   8A 61 97 87 78 FD CA 16 8D F0 ED 75 C0 70 93 AE  [?a??x??????u?p??]
  3w6d: RADIUS:   71 EF 5A 21 53 35 A4 88 F9 84 16 83 10 43 6E 9E  [q?Z!S5???????Cn?]
  3w6d: RADIUS:   AB A7 8B 56 6C 42 0D AB 09 1D 82 D3 CB 7E 6C B8  [???VlB???????~l?]
  3w6d: RADIUS:   56 58                                            [VX]
  3w6d: RADIUS:  EAP-Message         [79]  6  
  3w6d: RADIUS:   03 06 00 04                                      [????]
  3w6d: RADIUS:  Message-Authenticato[80]  18 
  3w6d: RADIUS:   82 4B 64 0F 07 64 59 18 0F 27 07 95 A5 15 09 33  [?Kd??dY??'?????3]
  3w6d: RADIUS:  User-Name           [1]   8   "wassim"
  3w6d: RADIUS: EAP-login: length of eap packet = 4
  3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
  3w6d: RADIUS: TAS(1) created and enqueued.
  3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
  3w6d: RADIUS: Tunnel-GID, [01] 100
  3w6d: RADIUS: unrecognized Microsoft VSA type 17
  3w6d: RADIUS: unrecognized Microsoft VSA type 16
  3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
  3w6d: RADIUS: free TAS(1)
  3w6d: RADIUS: no appropriate authorization type for user.
  3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
  3w6d: RADIUS: TAS(1) created and enqueued.
  3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
  3w6d: RADIUS: unrecognized Microsoft VSA type 17
  3w6d: RADIUS: unrecognized Microsoft VSA type 16
  3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
  3w6d: RADIUS: free TAS(1)
  3w6d: RADIUS: no appropriate authorization type for user.
  3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
  3w6d: RADIUS: TAS(1) created and enqueued.
  3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
  3w6d: RADIUS: unrecognized Microsoft VSA type 17
  3w6d: RADIUS: unrecognized Microsoft VSA type 16
  3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
  3w6d: RADIUS: free TAS(1)
  3w6d: RADIUS: no appropriate authorization type for user.
  3w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to up

  I believe you should be using the numerical values in your fields, look at this one :
  http://www.scribd.com/doc/75788651/52/X-with-VLAN-Assignment
  Tunnel-Medium-Type:1 = 6
  Tunnel-Type:1 = 13
  Tunnel-Private-Group-Id:1 =

• SSH on SG200 series switches

  Community,
  Can someone tell me what the intention behind adding SSH to the SG200 series switches was.  Is it to allow SCP copies to and from the switch for configuration and firmware updates OR is it to allow CLI access to the switches.
  I have tried to SSH to the switch using PuTTY from Windows and native SSH from Linux/Unix clients, but nothing happens.
  Is there some other area of configuration to enable communcation via SSH?
  Thanks.                  

  Hi, any access feature would be under security -> tcp/udp services
  SSH, telnet, etc is not included there.
  The only SG200 switch which supports a CLI is the SG200E models (which has supported CLI for as long as I can remember , at least 2 yrs).
  Please reference the documentation, Chapter 18 start page 276.
  http://www.cisco.com/en/US/docs/switches/lan/csbss/sf20x_sg20x/administration_guide/78-21139.pdf
  As far as I can tell this is for things like Secure Copy.
  There is also CLI information in chapter 19, here's the excerpt. This is in context with SSD.
  The Menu CLI interface is only allowed to users if their read permissions are Both
  or Plaintext Only. Other users are rejected. Sensitive data in the Menu CLI is always
  displayed as plaintext.
  Password recovery is currently activated from the boot menu and allows the user
  to log on to the terminal without authentica
  tion. If SSD is supported, this option is
  only permitted if the local passphrase is identical to the default passphrase. If a
  device is configured with a user-defined passphrase, the user is unable to activate
  password recovery.
  -Tom
  Please mark answered for helpful posts

• RPS and Cisco Catalyst 2950 and 3550 switches

  We are doing experiments with RPS and CC 2950 and 3550. When we unplug the main power, the RPS takes over and feeds the switch with power. But when we plug the main power back again, the switch contiues to take power from the RPS. How is the power reduncancy achieved with CC 2950 and/or 3550s?
  Thanks in advance,
  Dardan

  You will need to press the active/standby button on the RPS for the internal power supply in the switch to take over. Note that this can cause the switch to reload and do it in your maintenance window if this switch is in production.
  http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdx81023

• Changing SSH port in Cisco switches

  Hello everyone 
  I have switches with different platforms 2950 , 3750 , 3560  ...... I want to change the port of SSH , but the command ip ssh port not found ... be informed that the IOS is ipservice type for layer 3 switches

  Sorry but you cannot change the port (tcp/22) used by ssh on Cisco switches.
  The best practices for securing it it include:
  - enforce ssh version 2,
  - apply an access-list to your vty lines,
  - set a timeout and retry lockout, and
  - possibly control plane policing.

• HT1338 my iPad is currently updated with the latest software. I have been experiencing a strange activity; the iPad switches screens on its own, bouncing back and forth from screens. Sometimes I am typing and suddenly the screen switches randomly.

  My iPad is currently updated with the latest version, I've been experiencing an unusual activity. The screens tend to switch on me randomly even as I type.

  Try the iPad forum. This is the Mountain Lion forum.

• 3550 switches - STP or HSRP ?

  Hello,
  My network consist of the following components :
  - 4 3550-48 switches where all workstations reside on.
  - GBIC links between the 4 switches (daisy-chained)
  - GBIC link to 2 other switches where my servers reside.
  - Servers all use 2 NIC's wich are teamed to provide fault tolerance.
  The workstations are in a different ip-segment than the servers, so both of the switches uplinked to the switches where the servers reside must be able to route traffic fault-tolerant.
  Reading all of the documentation, i understand i need to be able to use STP or HSRP on these 2 switches to be able to create fault-tolerance to the 2 other switches...
  To be able to use STP, i need to configure a VLAN on the switches.
  To be able to configure this vlan i understand i need to stack the switches so they will be able to understand that the vlan exists on both switches and routes to the same ip-segment.
  To "stack" the 4 switches i am able to purchase 4 GigaStack modules, but will i be able to "stack" the switches together to address and configure them as 1 device ?
  see attached file for network schematic

  Yes, you can configure STP or HSRP for the scenario mentioned. Check the following link for more information on configuring HSRP :
  http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00801cdea2.html
  and configuring STP :
  http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00801cdee4.html

• Eigrp support for Vrf-lite on 3550 switches

  Folks,
  Cisco has added support for EIGRP for Vrf-lite on Sup 720's and Metro 3750 swithches. Just curious if anyone knows timeline when Cisco would be doing the same for 3550 series switches.
  Thanks

  No current plans at this time for EIGRP for Vrf-lite on 3550 since 3750 platform supports it. Contact your account team for feature request who can contact the business unit with a business case.

• VoIp settings for replacing a Cisco 3550 switch with a SF300-24P

  I am adding the SF300-24P to an existing set of switches.  My backbone switch is a 3560.
  The 3550 I am replacing has this config for each port that supports a Shoretel phone
  switchport trunk encapsulation dot1q
  switchport mode trunk
  mls qos trust dscp
  global settings include
  spaning-tree mode pvst
  spanning-tree extend system-id
  spanning-tree vlan 1,200 priority 28762
  vlan internal allocation policy ascending
  all other settings are at default
  Any ideas how to replicate this on this new switch?  I added the Shoretel mac address range (00-10-49) into the Telephone OUI.  The phone gets power, I think it gets a 192.168.6.x address (local subnet), but then it should get an IP 10.6.0.xx on its VLAN - but it doesn't.
  Some configs from the backbone are attached.  I did not need to configure any of this in the 3550.
  Any ideas?
  Fred

  Hi fred,
  The shoretel phone sounds like it is not attaching to tagged  vlan 200 on my switch, the shortel voice vlan as per your screen captures.
  The Voice VLAN should be tagged on my switch so that phones attach to a Voice VLAN and PC's connected on the back of the VoIP phones attach to  the Data Vlan .
  I scoped out, excuse the pun, the shoretel site and have attached a white paper on setting vlans and shoretel.
  They mention setting option 156 on the DHCP server, so the phone can get vendor specific information etc...  But the phones are not attached to the voice vlan , but the untagged data vlan.  You gotta figure how to get the shortel phones to attach to vlan 200, or if you are not daisy chaining PC on the back of the phone, make vlan 200 untagged on these FastEthernet switch ports..
  I have attached my SF300-48P version of my configuration and some configuration screen shots i took along the way.
  Please review carefully that attached shortel document and my screen  shots and a real configuration done on my SF300-48P.  The configuration should be almost identical to your configuration.
  I added vlan 200. and made sure that all ports were in trunk mode, even the Gigabit uplink ports.
  All ports by default are in VLAN1  as you can see below
  I then added all ports as tagged ports to vlan 200 as you can see below.
  For the sake of Spanning tree, I then made all fast ethernet (phone or PC) ports  fastports except for the uplink Gigabit ports.
  If you are not sure what portfast does , here's a little tutorial I grabbed from cisco.com
  Spanning-tree PortFast causes a port to enter the spanning-tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch ports connected to a single workstation or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.
  Caution PortFast should be used only when connecting a single end station to a switch port. If you enable PortFast on a port connected to another networking device, such as a switch, you can create network loops.
  When the switch powers up, or when a device is connected to a port, the port normally enters the spanning-tree listening state. When the forward delay timer expires, the port enters the learning state. When the forward delay timer expires a second time, the port is transitioned to the forwarding or blocking state.
  When you enable PortFast on a port, the port is immediately and permanently transitioned to the spanning-tree forwarding state.
  Your tasks I guess should be , making sure that vendor specific options for the shoretel phones are included in the DHCP configuration and that you somehow attach the shortel phones (even manually) to vlan 200.
  For some reason this site adds a zip extension to the end of my running configuration.  I used wordpad to look at the file 
  I am using firmware version 1.0.0.27 on my unit and the userid=admin  password i used was admin
  I hope this helps.
  regards Dave