Switch C2960S
Best regards
I have three switches (2960)in my network. They receive connections by a switch core (4507), links of FO. This switch is a master for ntp service.
The problem consist that switch 1 and 2 receive ntp update but switch 3 not receive it.
I use command show ntp status and the three have the same time, but in logs (sh log) show me different time for this switch (switch 3). The others show me good time in logs and ntp. And the three have the same ntp server configuration.
Please, i'll appreciate your help or orientation.
Hi Mark.. I thinked same to you, reboot the switch 3, but i would have to wait the time window. Thanks for orientation. I attach the corresponding configuration. In master (sw core) and in switch 3...
sw_core4507#sh ntp associations detail
127.127.7.1 configured, our_master, sane, valid, stratum 4
ref ID 127.127.7.1, time D8EA180B.D9302474 (09:30:35.848 bog Tue Apr 28 2015)
our mode active, peer mode passive, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.00, reach 377, sync dist 0.015
delay 0.00 msec, offset 0.0000 msec, dispersion 0.02
precision 2**18, version 3
org time D8EA180B.D9302474 (09:30:35.848 bog Tue Apr 28 2015)
rcv time D8EA180B.D9302474 (09:30:35.848 bog Tue Apr 28 2015)
xmt time D8EA180B.D93013AC (09:30:35.848 bog Tue Apr 28 2015)
filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filterror = 0.02 0.99 1.97 2.94 3.92 4.90 5.87 6.85
Reference clock status: Running normally
Timecode:
10.100.xxx.xxx configured, insane, invalid, stratum 1
ref ID .LOCL., time D8E96434.1C000000 (20:43:16.109 bog Mon Apr 27 2015)
our mode client, peer mode server, our poll intvl 1024, peer poll intvl 1024
root delay 0.00 msec, root disp 10547.76, reach 377, sync dist 10578.522
delay 1.37 msec, offset 618081.8344 msec, dispersion 18.71
precision 2**6, version 3
org time D8EA17CC.DC000000 (09:29:32.859 bog Tue Apr 28 2015)
rcv time D8EA1562.C73A389E (09:19:14.778 bog Tue Apr 28 2015)
xmt time D8EA1562.C6DF9350 (09:19:14.776 bog Tue Apr 28 2015)
filtdelay = 1.37 1.46 11.95 10.10 6.26 1.45 7.05 1.42
filtoffset = 618081. 618071. 618060. 618056. 618048. 618029. 618020. 618001.
filterror = 0.02 15.64 31.27 46.89 62.52 78.14 93.77 109.39
192.168.xxx.xxx configured, insane, invalid, unsynced, stratum 16
ref ID 0.0.0.0, time 00000000.00000000 (19:00:00.000 bog Thu Dec 31 1899)
our mode client, peer mode unspec, our poll intvl 1024, peer poll intvl 1024
root delay 0.00 msec, root disp 0.00, reach 0, sync dist 446651.489
delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00
precision 2**5, version 3
org time 00000000.00000000 (19:00:00.000 bog Thu Dec 31 1899)
rcv time 00000000.00000000 (19:00:00.000 bog Thu Dec 31 1899)
xmt time D8EA14C9.C3DE9667 (09:16:41.765 bog Tue Apr 28 2015)
filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0
sw_core4507#sh clock
09:37:26.367 bog Tue Apr 28 2015
=======================================================================================================
Switch_3_2960#sh ntp associations detail
172.xxx.xxx.xxx configured, our_master, sane, valid, stratum 5 //172.xxx.xxx.xxx is master interface 4507
ref ID 127.127.7.1, time D8EA154B.C64128AC (09:18:51.774 EST Tue Apr 28 2015)
our mode client, peer mode server, our poll intvl 1024, peer poll intvl 1024
root delay 0.00 msec, root disp 0.03, reach 377, sync dist 43.900
delay 1.36 msec, offset 63.5833 msec, dispersion 43.20
precision 2**18, version 3
org time D8EA1587.8C67C83A (09:19:51.548 EST Tue Apr 28 2015)
rcv time D8EA1587.7C4D6792 (09:19:51.485 EST Tue Apr 28 2015)
xmt time D8EA1587.7BF3E80E (09:19:51.484 EST Tue Apr 28 2015)
filtdelay = 1.36 1.92 2.04 2.15 2.01 0.87 0.92 0.92
filtoffset = 63.58 36.45 8.29 -2.37 -1.68 -0.50 0.13 0.37
filterror = 0.02 15.64 31.27 46.89 62.52 78.14 93.77 109.39
Switch_3_2960#sh clock
09:37:17.975 EST Tue Apr 28 2015
Switch_3_2960#sh log
Apr 28 14:40:43.038: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/25, changed state to down //bad time, not corresponding
Apr 28 14:40:44.055: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/25, changed state to down
Apr 28 14:40:46.719: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/25, changed state to up
Apr 28 14:40:47.720: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/25, changed state to up //bad time, not corresponding
Similar Messages
-
802.1x authentication problem on C2960S-48TS-L with Linux clients
Hi,
Due to implementing wired 802.1x in my company I fased with problem of authentication of some Linux computers (Ubuntu 13.10+) via mab at the one of my Access switches(C2960S-48TS-L). The problem exist on IOS 12.55 and 15.0(2)SE6.
It seems that Authenticator can't detect MAC address of supplicant. In debug the MAC address is (Unknown MAC) or (0000.0000.0000).
Before authentication I could see registered MAC address on the switchport interface(without 802.1x settings on the port):
sh mac address-table interface g1/0/2 "before 802.1x authentication"
Vlan Mac Address Type Ports
2 0015.990f.60d9 STATIC Gi1/0/2
The host should get to Vlan 2 after failed authentication(according to port settings). But actually after trying to authenticate the host on this port
loses connection with network and doesn't get in 2 Vlan
sh mac address-table interface g1/0/2 "after 802.1x authentication"
Vlan Mac Address Type Ports
sh authentication sessions
Interface MAC Address Method Domain Status Session ID
Gi1/0/24 (unknown) dot1x DATA Authz Success 6A7D1FAF0000000000023E32
Gi1/0/25 (unknown) dot1x DATA Authz Success 6A7D1FAF0000000200024193
Gi1/0/2 (unknown) mab UNKNOWN Running 6A7D1FAF000000280011BA1A
sh dot1x interface g1/0/2 details
Dot1x Info for GigabitEthernet1/0/2
PAE = AUTHENTICATOR
QuietPeriod = 5
ServerTimeout = 0
SuppTimeout = 30
ReAuthMax = 2
MaxReq = 2
TxPeriod = 3
sh run int g1/0/2
interface GigabitEthernet1/0/2
description ## User Port ##
switchport access vlan 2
switchport mode access
switchport voice vlan 5
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 120
authentication event fail retry 0 action authorize vlan 2
authentication event server dead action authorize vlan 2
authentication event no-response action authorize vlan 2
authentication host-mode multi-host
authentication port-control auto
authentication periodic
authentication timer reauthenticate 3900
authentication timer inactivity 300
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout quiet-period 5
dot1x timeout tx-period 3
storm-control broadcast level 1.00
storm-control multicast level 1.00
storm-control action trap
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
end
I have tried to change authentication host-mode to multi-domain but the problem remains.
"debug dot1x all" in the attached file.
Please help me to resolve this issueI have removed port security but still have failed authentication on the port
002262: Mar 26 16:23:26.516: dot1x-ev(Gi1/0/2): Deleting client 0x9A000053 (0000.0000.0000)
002263: Mar 26 16:23:26.516: dot1x-ev:Delete auth client (0x9A000053) message
002264: Mar 26 16:23:26.516: dot1x-ev:Auth client ctx destroyed
002265: Mar 26 16:23:26.715: dot1x_auth Gi1/0/2: initial state auth_initialize has enter
002266: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_initialize_enter called
002267: Mar 26 16:23:26.715: dot1x_auth Gi1/0/2: during state auth_initialize, got event 0(cfg_auto)
002268: Mar 26 16:23:26.715: @@@ dot1x_auth Gi1/0/2: auth_initialize -> auth_disconnected
002269: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_disconnected_enter called
002270: Mar 26 16:23:26.715: dot1x_auth Gi1/0/2: idle during state auth_disconnected
002271: Mar 26 16:23:26.715: @@@ dot1x_auth Gi1/0/2: auth_disconnected -> auth_restart
002272: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_restart_enter called
002273: Mar 26 16:23:26.715: dot1x-ev(Gi1/0/2): Sending create new context event to EAP for 0x6D000054 (0000.0000.0000)
002274: Mar 26 16:23:26.715: dot1x_auth_bend Gi1/0/2: initial state auth_bend_initialize has enter
002275: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_initialize_enter called
002276: Mar 26 16:23:26.715: dot1x_auth_bend Gi1/0/2: initial state auth_bend_initialize has idle
002277: Mar 26 16:23:26.715: dot1x_auth_bend Gi1/0/2: during state auth_bend_initialize, got event 16383(idle)
002278: Mar 26 16:23:26.715: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_initialize -> auth_bend_idle
002279: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_idle_enter called
002280: Mar 26 16:23:26.715: dot1x-ev(Gi1/0/2): Created a client entry (0x6D000054)
002281: Mar 26 16:23:26.715: dot1x-ev(Gi1/0/2): Dot1x authentication started for 0x6D000054 (0000.0000.0000)
002282: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): Posting !EAP_RESTART on Client 0x6D000054
002283: Mar 26 16:23:26.715: dot1x_auth Gi1/0/2: during state auth_restart, got event 6(no_eapRestart)
002284: Mar 26 16:23:26.715: @@@ dot1x_auth Gi1/0/2: auth_restart -> auth_connecting
002285: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_connecting_enter called
002286: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): 0x6D000054:auth_restart_connecting_action called
002287: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): Posting RX_REQ on Client 0x6D000054
002288: Mar 26 16:23:26.721: dot1x_auth Gi1/0/2: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
002289: Mar 26 16:23:26.721: @@@ dot1x_auth Gi1/0/2: auth_connecting -> auth_authenticating
002290: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): 0x6D000054:auth_authenticating_enter called
002291: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): 0x6D000054:auth_connecting_authenticating_action called
002292: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): Posting AUTH_START for 0x6D000054
002293: Mar 26 16:23:26.721: dot1x_auth_bend Gi1/0/2: during state auth_bend_idle, got event 4(eapReq_authStart)
002294: Mar 26 16:23:26.721: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_idle -> auth_bend_request
002295: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_enter called
002296: Mar 26 16:23:26.721: dot1x-ev(Gi1/0/2): Sending EAPOL packet to group PAE address
002297: Mar 26 16:23:26.721: dot1x-ev(Gi1/0/2): Role determination not required
002298: Mar 26 16:23:26.721: dot1x-registry:registry:dot1x_ether_macaddr called
002299: Mar 26 16:23:26.721: dot1x-ev(Gi1/0/2): Sending out EAPOL packet
002300: Mar 26 16:23:26.721: EAPOL pak dump Tx
002301: Mar 26 16:23:26.721: EAPOL Version: 0x3 type: 0x0 length: 0x0005
002302: Mar 26 16:23:26.721: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
002303: Mar 26 16:23:26.721: dot1x-packet(Gi1/0/2): EAPOL packet sent to client 0x6D000054 (0000.0000.0000)
002304: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_idle_request_action called
002305: Mar 26 16:23:29.814: dot1x-sm(Gi1/0/2): Posting EAP_REQ for 0x6D000054
002306: Mar 26 16:23:29.814: dot1x_auth_bend Gi1/0/2: during state auth_bend_request, got event 7(eapReq)
002307: Mar 26 16:23:29.814: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_request -> auth_bend_request
002308: Mar 26 16:23:29.814: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_request_action called
002309: Mar 26 16:23:29.814: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_enter called
002310: Mar 26 16:23:29.814: dot1x-ev(Gi1/0/2): Sending EAPOL packet to group PAE address
002311: Mar 26 16:23:29.814: dot1x-ev(Gi1/0/2): Role determination not required
002312: Mar 26 16:23:29.814: dot1x-registry:registry:dot1x_ether_macaddr called
002313: Mar 26 16:23:29.814: dot1x-ev(Gi1/0/2): Sending out EAPOL packet
002314: Mar 26 16:23:29.814: EAPOL pak dump Tx
002315: Mar 26 16:23:29.814: EAPOL Version: 0x3 type: 0x0 length: 0x0005
002316: Mar 26 16:23:29.814: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
002317: Mar 26 16:23:29.814: dot1x-packet(Gi1/0/2): EAPOL packet sent to client 0x6D000054 (0000.0000.0000)
002318: Mar 26 16:23:32.907: dot1x-sm(Gi1/0/2): Posting EAP_REQ for 0x6D000054
002319: Mar 26 16:23:32.907: dot1x_auth_bend Gi1/0/2: during state auth_bend_request, got event 7(eapReq)
002320: Mar 26 16:23:32.907: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_request -> auth_bend_request
002321: Mar 26 16:23:32.907: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_request_action called
002322: Mar 26 16:23:32.907: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_enter called
002323: Mar 26 16:23:32.913: dot1x-ev(Gi1/0/2): Sending EAPOL packet to group PAE address
002324: Mar 26 16:23:32.913: dot1x-ev(Gi1/0/2): Role determination not required
002325: Mar 26 16:23:32.913: dot1x-registry:registry:dot1x_ether_macaddr called
002326: Mar 26 16:23:32.913: dot1x-ev(Gi1/0/2): Sending out EAPOL packet
002327: Mar 26 16:23:32.913: EAPOL pak dump Tx
002328: Mar 26 16:23:32.913: EAPOL Version: 0x3 type: 0x0 length: 0x0005
002329: Mar 26 16:23:32.913: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
002330: Mar 26 16:23:32.913: dot1x-packet(Gi1/0/2): EAPOL packet sent to client 0x6D000054 (0000.0000.0000)
002331: Mar 26 16:23:36.001: dot1x-ev(Gi1/0/2): Received an EAP Timeout
002332: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): Posting EAP_TIMEOUT for 0x6D000054
002333: Mar 26 16:23:36.001: dot1x_auth_bend Gi1/0/2: during state auth_bend_request, got event 12(eapTimeout)
002334: Mar 26 16:23:36.001: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_request -> auth_bend_timeout
002335: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_timeout_enter called
002336: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_timeout_action called
002337: Mar 26 16:23:36.001: dot1x_auth_bend Gi1/0/2: idle during state auth_bend_timeout
002338: Mar 26 16:23:36.001: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_timeout -> auth_bend_idle
002339: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_idle_enter called
002340: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): Posting AUTH_TIMEOUT on Client 0x6D000054
002341: Mar 26 16:23:36.001: dot1x_auth Gi1/0/2: during state auth_authenticating, got event 14(authTimeout)
002342: Mar 26 16:23:36.001: @@@ dot1x_auth Gi1/0/2: auth_authenticating -> auth_authc_result
002343: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): 0x6D000054:auth_authenticating_exit called
002344: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): 0x6D000054:auth_authc_result_enter called
002345: Mar 26 16:23:36.001: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID 6A7D1FAF0000006001916AC3
002346: Mar 26 16:23:36.001: dot1x-ev(Gi1/0/2): Sending event (2) to Auth Mgr for 0000.0000.0000
002347: Mar 26 16:23:36.001: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID 6A7D1FAF0000006001916AC3
002348: Mar 26 16:23:36.001: dot1x-ev(Gi1/0/2): Received Authz fail for the client 0x6D000054 (0000.0000.0000)
002349: Mar 26 16:23:36.001: dot1x-ev(Gi1/0/2): Deleting client 0x6D000054 (0000.0000.0000)
002350: Mar 26 16:23:36.001: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID 6A7D1FAF0000006001916AC3
002351: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): Posting_AUTHZ_FAIL on Client 0x6D000054
002352: Mar 26 16:23:36.001: dot1x_auth Gi1/0/2: during state auth_authc_result, got event 22(authzFail)
002353: Mar 26 16:23:36.006: @@@ dot1x_auth Gi1/0/2: auth_authc_result -> auth_held
002354: Mar 26 16:23:36.006: dot1x-ev:Delete auth client (0x6D000054) message
002355: Mar 26 16:23:36.006: dot1x-ev:Auth client ctx destroyed
002356: Mar 26 16:23:36.006: dot1x-ev:Aborted posting message to authenticator state machine: Invalid client -
Cisco catalyst 2690 switch vlanTable
Hi,
I have a cisco catalyst 2690 switch.
I want monitoring IP, MAC, and Port Address.
I use this docu: http://docstore.mik.ua/orelly/perl/sysadmin/ch10_03.htm
This works great:
htvtef7-nagios:/ # snmptranslate -On BRIDGE-MIB:dot1dTpFdbTable
.1.3.6.1.2.1.17.4.3
snmpwalk -c tef7snmp@761 -v 2c 10.76.1.7 .1.3.6.1.2.1.17.4.3
htvtef7-nagios:/ # snmptranslate -On BRIDGE-MIB:dot1dBasePortTable
.1.3.6.1.2.1.17.1.4
snmpwalk -c tef7snmp@761 -v 2c 10.76.1.7 .1.3.6.1.2.1.17.1.4
htvtef7-nagios:/ # snmptranslate -On CISCO-STACK-MIB:vlanTable
.1.3.6.1.4.1.9.5.1.9.2
But I get a error:
htvtef7-nagios:/ # snmpwalk -c tef7snmp -v 2c 10.76.1.7 .1.3.6.1.4.1.9.5.1.9.2
SNMPv2-SMI::enterprises.9.5.1.9.2 = No Such Object available on this agent at this OID
Switch config:
snmp-server community testament RO
snmp-server community tef7snmp RO
snmp-server location XYZ
snmp-server contact MR.XYZ
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon
snmp-server enable traps mac-notification
snmp-server enable traps copy-config
snmp-server enable traps config
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
snmp-server host XXX.XXX.XXX.XXX public
snmp-server host YYY.YYY.YYY.YYY tef7snmp
What did I do wrong?
THX!/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normál táblázat";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Thx for the replay!
I use on the switch c2960-lanbasek9-mz.122-25.SEE3.bin (IOS),
the Cisco Feature Navigator say, this IOS support the CISCO-STACK-MIB:
http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=0&PlatformSel=0&fsSel=0&IMAGE_NAME=c2960-lanbasek9-mz.122-25.SEE3.bin&SUBMIT2=Submit&IMAGE_ID=816103
In show snmp mib I could not find the vlanTable. See the attachment.
I du not understand! -
Vlan removed after the switch reload.
Dear Team
I have an access switch (C2960S-48FPS-L) which is running on version (universalk9-mz.122-55.SE5).
This switch was running on VTP client mode and connected to distribution switch running on VTP client mode and vtp version 3, due to power failure the switch got reloaded and after reload it come to VTP server mode and all the vlans were deleted, but the SVI of the vlan and all other config was still there.
In show vtp status it is showing vtp prunning is disabled but in interfaces parameters it is showing (Pruning VLANs Enabled: 2-1001)
Does VTP pruning will restrict the switch to become VTP client again after the reload even if the configuration is saved
Or it is causing by known bug.
sh vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Enabled
Name: Gi1/0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001Dear Leo
Thanks for your reply.
Please ignore the previous vtp status output that was mistakenly posted.
Following is the output of show vtp status after the switch restarted and came in server mode. Earlier it was configured with VTP mode 'client' and vtp domain as well.
DCC-CCTV-IDF29-2F-ASW01#sh vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Enabled
Device ID : 8875.5638.1600
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
VTP Operating Mode : Server
Maximum VLANs supported locally : 255
Number of existing VLANs : 5
Configuration Revision : 0
MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
0x56 0x9D 0x4A 0x3E 0xA5 0x69 0x35 0xBC -
Two switches connected with fiber in mode trunk - Problem
Hi to all.
Iam new in the forum, and my english is bad.
I want to post a problem. I have two switches connected with fiber in mode trunk, in the switch C3550 i have this configuration:
interface FastEthernet0/1
description Enlace LAB Medicion
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
duplex full
spanning-tree portfast
In the switch C2960 this configuration, on interfaces Fa0/48, Giga0/1:
interface FastEthernet0/48
switchport trunk allowed vlan 1,20,229
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,20,229
switchport mode trunk
media-type sfp
duplex full
spanning-tree portfast
The problem:
The ip phones with Voice vlan (vlan 20), not find the DHCP server located in the data vlan (vlan 229)
However, using the command:
#switchport trunk native vlan 229
The result is the voice vlan works, but the data vlan not and viceversa depending if the native vlan 229 is present.
I will appreciate any suggestion.leolaohoo.
The configuration on ports switch C2960, have the mode access with voice vlan 20:
interface FastEthernet0/1
switchport access vlan 229
switchport mode access
switchport voice vlan 20
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 229
switchport mode access
switchport voice vlan 20
spanning-tree portfast
I will remove from trunk links:
spanning-tree portfast
Thanks alot. -
Vlan database deleted after switch reload
Dear Team
I have an access switch (C2960S-48FPS-L) which is running on version (universalk9-mz.122-55.SE5).
This switch was running on VTP client mode and connected to distribution switch running on VTP client mode and vtp version 3, due to power failure the switch got reloaded and after reload it came to VTP server mode and all the vlans were deleted, but the SVI of the vlan and all other config was still there.
I noticesd the same behavior with other switches of model (C2960S-48FPS-L & WS-C3560X-48PF-L) running on the following IOS
1) 12.2(55)SE'X' (here X means, it could be SE3,SE4,SE5etc)
2) 12.2)58SE'X' (here X means, it could be SE3,SE4, SE5 etc)
3) 15.0(2)SE (here X means, it could be SE3,SE4, SE5 etc)
I also noticed the following error during switch reload.
"%SW_VLAN-4-BAD_VLAN_CONFIGURATION_FILE: VLAN configuration file contained incorrect verification word:[hex]."
The issue is intermittent means the same switch will not have issue sometime after reload but sometime it will have this issue.
Anybody have any idea, is this bug causing this issue or something else.
Appreciate your response.Duplicate post.
Go HERE. -
Wired WebAuth with NAC Guest Server
Hi,
I am trying to get wired WebAuth working with NAC Guest Server. In the switch_login.html file example, what should be changed for this line:
ngsOptions.actionUrl = https://1.1.1.1/;
Should this be an IP address on the switch? Shoul I have this pointing to the success.html page like this:
ngsOptions.actionUrl = "https://1.1.1.1/success.html";
When I log on, and accept the AUP, my browser just sits there trying to access Https://1.1.1.1/?redirect-url=blah blah blah
Thanks,
PeterFYI,
In my case I WAS getting the switch_login.html web page being displayed, but after entering credentials and submitting the Acceptable Use Policy page, I did NOT 'see' any radius traffic between the switch (C2960S 12.2(55)SE3) and the ACS 5.3 radius server?!.
I used the sample .html docs that you can find on the NAC Guest Server in the 'samples' folder on that server. I used WCP app to copy them to my PC/laptop before modifying where relevant and copying to flash on switch and to the wireless 'hotspot' folders on the NGS.
I went through the following document in url below line by line, paragraph by paragraph and found that I had left out the following command in the configuration:
aaa authentication login default group radius
see doc at:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_1.99/WebAuth/WebAuth_Dep_Guide.html#wp392553
So I added it in and I am now seeing the radius debug traffic being redirected to the ACS by the switch when a user submits the credentials.
aaa new-model
aaa authentication login default group radius
aaa authentication login VTY-USER-LOGIN local
aaa authentication dot1x default group radius
aaa authorization console
aaa authorization exec EXEC-LOCAL local
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
with debug radius enabled:
Feb 1 13:36:09 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/4, changed state to down
TEST-802.1X#
Feb 1 13:36:10 PST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/4, changed state to down
TEST-802.1X#
Feb 1 13:36:18 PST: %AUTHMGR-5-START: Starting 'dot1x' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
TEST-802.1X#
Feb 1 13:36:20 PST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/4, changed state to up
Feb 1 13:36:21 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/4, changed state to up
TEST-802.1X#
Feb 1 13:36:27 PST: %DOT1X-5-FAIL: Authentication failed for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID
Feb 1 13:36:27 PST: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-5-START: Starting 'mab' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27.367 PST: RADIUS/ENCODE(0000058E):Orig. component type = DOT1X
Feb 1 13:36:27.367 PST: RADIUS(0000058E): Config NAS IP: 10.167.64.74
Feb 1 13:36:27.367 PST: RADIUS/ENCODE(0000058E): acct_session_id: 1421
Feb 1 13:36:27.367 PST: RADIUS(0000058E): sending
Feb 1 13:36:27.367 PST: RADIUS(0000058E): Send Access-Request to 10.167.77.70:1645 id 1645/14, len 211
Feb 1 13:36:27.372 PST: RADIUS: authenticator 2E F0 62 2D 43 D9 7D 2A - 7C 88 0A 52 B9 6E 78 A8
Feb 1 13:36:27.372 PST: RADIUS: User-Name [1] 14 "848f69f0fcc7"
Feb 1 13:36:27.372 PST: RADIUS: User-Password [2] 18 *
Feb 1 13:36:27.372 PST: RADIUS: Service-Type [6] 6 Call Check [10]
Feb 1 13:36:27.372 PST: RADIUS: Framed-MTU [12] 6 1500
Feb 1 13:36:27.372 PST: RADIUS: Called-Station-Id [30] 19 "20-37-06-C8-68-84"
Feb 1 13:36:27.372 PST: RADIUS: Calling-Station-Id [31] 19 "84-8F-69-F0-FC-C7"
Feb 1 13:36:27.372 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:27.372 PST: RADIUS: 11 20 B4 9A B6 E2 56 30 AC EC 43 CD 17 13 3E 14 [ V0C>]
Feb 1 13:36:27.372 PST: RADIUS: EAP-Key-Name [102] 2 *
Feb 1 13:36:27.372 PST: RADIUS: Vendor, Cisco [26] 49
Feb 1 13:36:27.372 PST: RADIUS: Cisco AVpair [1] 43 "audit-session-id=0AA7404A0000054E16335518"
Feb 1 13:36:27.372 PST: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Feb 1 13:36:27.372 PST: RADIUS: NAS-Port [5] 6 50104
Feb 1 13:36:27.372 PST: RADIUS: NAS-Port-Id [87] 22 "GigabitEthernet1/0/4"
Feb 1 13:36:27.372 PST: RADIUS: NAS-IP-Address [4] 6 10.167.64.74
Feb 1 13:36:27.372 PST: RADIUS(0000058E): Started 5 sec timeout
Feb 1 13:36:27.377 PST: RADIUS: Received from id 1645/14 10.167.77.70:1645, Access-Reject, len 38
Feb 1 13:36:27.377 PST: RADIUS: authenticator 68 CE 3D C8 C3 BC B2 69 - DB 33 F5 C0 FF 30 D6 33
Feb 1 13:36:27.377 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:27.377 PST: RADIUS: 82 3D 31 0A C7 A2 E0 62 D5 B7 6B 26 B8 A0 0B 46 [ =1bk&F]
Feb 1 13:36:27.377 PST: RADIUS(0000058E): Received from id 1645/14
Feb 1 13:36:27 PST: %MAB-5-FAIL: Authentication failed for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-5-START: Starting 'webauth' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-7-RESULT: Authentication result 'success' from 'webauth' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27.933 PST: RADIUS/ENCODE(0000058E):Orig. component type = DOT1X
Feb 1 13:36:27.933 PST: RADIUS(0000058E): Config NAS IP: 10.167.64.74
Feb 1 13:36:27.933 PST: RADIUS(0000058E): sending
Feb 1 13:36:27.933 PST: RADIUS(0000058E): Send Accounting-Request to 10.167.77.70:1646 id 1646/151, len 100
Feb 1 13:36:27.933 PST: RADIUS: authenticator D0 F0 04 F3 A5 08 90 BE - A9 07 8D 32 1B 0E 93 AC
Feb 1 13:36:27.933 PST: RADIUS: Acct-Session-Id [44] 10 "0000058D"
Feb 1 13:36:27.933 PST: RADIUS: Framed-IP-Address [8] 6 10.167.72.52
Feb 1 13:36:27.933 PST: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
Feb 1 13:36:27.933 PST: RADIUS: Acct-Status-Type [40] 6 Start [1]
Feb 1 13:36:27.933 PST: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Feb 1 13:36:27.933 PST: RADIUS: NAS-Port [5] 6 50104
Feb 1 13:36:27.933 PST: RADIUS: NAS-Port-Id [87] 22 "GigabitEthernet1/0/4"
Feb 1 13:36:27.933 PST: RADIUS: Service-Type [6] 6 Framed [2]
Feb 1 13:36:27.933 PST: RADIUS: NAS-IP-Address [4] 6 10.167.64.74
Feb 1 13:36:27.933 PST: RADIUS: Acct-Delay-Time [41] 6 0
TEST-802.1X#
Feb 1 13:36:27.938 PST: RADIUS(0000058E): Started 5 sec timeout
Feb 1 13:36:27.938 PST: RADIUS: Received from id 1646/151 10.167.77.70:1646, Accounting-response, len 20
Feb 1 13:36:27.938 PST: RADIUS: authenticator C2 DC 8D C7 B1 35 67 D9 - 28 2B 56 E4 4A 1E AD 65
At this point the user enters the credentials on the switch_login.html page and the clicks Submit on the Acceptable Use Policy splash page.
TEST-802.1X#
Feb 1 13:36:41.413 PST: RADIUS/ENCODE(0000058F):Orig. component type = AUTH_PROXY
Feb 1 13:36:41.413 PST: RADIUS(0000058F): Config NAS IP: 10.167.64.74
Feb 1 13:36:41.413 PST: RADIUS/ENCODE(0000058F): acct_session_id: 1422
Feb 1 13:36:41.413 PST: RADIUS(0000058F): sending
Feb 1 13:36:41.413 PST: RADIUS(0000058F): Send Access-Request to 10.167.77.70:1645 id 1645/15, len 176
Feb 1 13:36:41.413 PST: RADIUS: authenticator 6D 34 7E D6 34 B5 CB AC - 09 1F AC 5A 34 97 7D 6B
Feb 1 13:36:41.413 PST: RADIUS: User-Name [1] 11 "testuser1"
Feb 1 13:36:41.413 PST: RADIUS: User-Password [2] 18 *
Feb 1 13:36:41.413 PST: RADIUS: Calling-Station-Id [31] 14 "ip|G
Feb 1 13:36:41.413 PST: RADIUS: Service-Type [6] 6 Outbound [5]
Feb 1 13:36:41.413 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:41.413 PST: RADIUS: F8 4D 85 64 05 5E C9 1D D8 11 B2 A3 1A 3A 76 E0 [ Md^:v]
Feb 1 13:36:41.413 PST: RADIUS: Vendor, Cisco [26] 49
Feb 1 13:36:41.418 PST: RADIUS: Cisco AVpair [1] 43 "audit-session-id=0AA7404A0000054E16335518"
Feb 1 13:36:41.418 PST: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Feb 1 13:36:41.418 PST: RADIUS: NAS-Port [5] 6 50104
Feb 1 13:36:41.418 PST: RADIUS: NAS-Port-Id [87] 22 "GigabitEthernet1/0/4"
Feb 1 13:36:41.418 PST: RADIUS: NAS-IP-Address [4] 6 10.167.64.74
Feb 1 13:36:41.418 PST: RADIUS(0000058F): Started 5 sec timeout
Feb 1 13:36:41.424 PST: RADIUS: Received from id 1645/15 10.167.77.70:1645, Access-Accept, len 173
Feb 1 13:36:41.424 PST: RADIUS: authenticator 28 48 DE B5 1A 0A 71 5A - 3B 8B 7A 12 FB EA 01 58
Feb 1 13:36:41.424 PST: RADIUS: User-Name [1] 11 "testuser1"
Feb 1 13:36:41.424 PST: RADIUS: Class [25] 28
Feb 1 13:36:41.424 PST: RADIUS: 43 41 43 53 3A 78 62 63 2D 61 63 73 2F 31 31 36 [CACS:xbc-acs/116]
Feb 1 13:36:41.424 PST: RADIUS: 34 37 33 32 33 39 2F 31 36 36 [ 473239/166]
Feb 1 13:36:41.424 PST: RADIUS: Session-Timeout [27] 6 3600
Feb 1 13:36:41.424 PST: RADIUS: Termination-Action [29] 6 1
Feb 1 13:36:41.424 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:41.424 PST: RADIUS: 10 80 26 5D 02 C5 15 0C A8 16 AA 35 14 C9 4F 14 [ &]5O]
Feb 1 13:36:41.424 PST: RADIUS: Vendor, Cisco [26] 19
Feb 1 13:36:41.429 PST: RADIUS: Cisco AVpair [1] 13 "priv-lvl=15"
Feb 1 13:36:41.429 PST: RADIUS: Vendor, Cisco [26] 65
Feb 1 13:36:41.429 PST: RADIUS: Cisco AVpair [1] 59 "ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-GuestACL-4eefc9a0"
Feb 1 13:36:41.429 PST: RADIUS(0000058F): Received from id 1645/15
Feb 1 13:36:41.439 PST: RADIUS/ENCODE(0000058F):Orig. component type = AUTH_PROXY
Feb 1 13:36:41.439 PST: RADIUS(0000058F): Config NAS IP: 10.167.64.74
Feb 1 13:36:41.439 PST: RADIUS(0000058F): sending
Feb 1 13:36:41.439 PST: RADIUS/ENCODE(00000000):Orig. component type = INVALID
Feb 1 13:36:41.444 PST: RADIUS(00000000): Config NAS IP: 10.167.64.74
Feb 1 13:36:41.444 PST: RADIUS(00000000): sending
Feb 1 13:36:41.450 PST: RADIUS(0000058F): Send Accounting-Request to 10.167.77.70:1646 id 1646/152, len 119
Feb 1 13:36:41.450 PST: RADIUS: authenticator 23 E3 DA C3 06 5B 37 20 - 67 E2 96 C5 90 1C 71 33
Feb 1 13:36:41.450 PST: RADIUS: Acct-Session-Id [44] 10 "0000058E"
Feb 1 13:36:41.450 PST: RADIUS: Calling-Station-Id [31] 14 "10.167.72.52"
Feb 1 13:36:41.450 PST: RADIUS: User-Name [1] 11 "testuser1"
Feb 1 13:36:41.450 PST: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
Feb 1 13:36:41.455 PST: RADIUS: Acct-Status-Type [40] 6 Start [1]
Feb 1 13:36:41.455 PST: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Feb 1 13:36:41.455 PST: RADIUS: NAS-Port [5] 6 50104
Feb 1 13:36:41.455 PST: RADIUS: NAS-Port-Id [87] 22 "GigabitEthernet1/0/4"
Feb 1 13:36:41.455 PST: RADIUS: Service-Type [6] 6 Outbound [5]
Feb 1 13:36:41.455 PST: RADIUS: NAS-IP-Address [4] 6 10.167.64.74
Feb 1 13:36:41.455 PST: RADIUS: Acct-Delay-Time [41] 6 0
Feb 1 13:36:41.455 PST: RADIUS(0000058F): Started 5 sec timeout
Feb 1 13:36:41.455 PST: RADIUS(00000000): Send Access-Request to 10.167.77.70:1645 id 1645/16, len 137
Feb 1 13:36:41.455 PST: RADIUS: authenticator 02 B0 50 47 EE CC FB 54 - 2A B6 14 23 63 86 DE 18
Feb 1 13:36:41.455 PST: RADIUS: NAS-IP-Address [4] 6 10.167.64.74
Feb 1 13:36:41.455 PST: RADIUS: User-Name [1] 31 "#ACSACL#-IP-GuestACL-4eefc9a0"
Feb 1 13:36:41.455 PST: RADIUS: Vendor, Cisco [26] 32
Feb 1 13:36:41.455 PST: RADIUS: Cisco AVpair [1] 26 "aaa:service=ip_admission"
Feb 1 13:36:41.455 PST: RADIUS: Vendor, Cisco [26] 30
Feb 1 13:36:41.455 PST: RADIUS: Cisco AVpair [1] 24 "aaa:event=acl-download"
Feb 1 13:36:41.455 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:41.455 PST: RADIUS: 15 EC 10 E7 2F 67 33 DD BC B5 AE 11 E3 C3 19 E1 [ /g3]
Feb 1 13:36:41.455 PST: RADIUS(00000000): Started 5 sec timeout
Feb 1 13:36:41.455 PST: RADIUS: Received from id 1646/152 10.167.77.70:1646, Accounting-response, len 20
Feb 1 13:36:41.455 PST: RADIUS: authenticator AB 0F 81 95 71 A9 61 E0 - 5B B5 D3 2E 8D A2 68 98
Feb 1 13:36:41.460 PST: RADIUS: Received from id 1645/16 10.167.77.70:1645, Access-Accept, len 560
Feb 1 13:36:41.460 PST: RADIUS: authenticator 64 53 94 79 CF CD 05 B0 - ED 12 5C 5B A0 AB 4F FA
Feb 1 13:36:41.460 PST: RADIUS: User-Name [1] 31 "#ACSACL#-IP-GuestACL-4eefc9a0"
Feb 1 13:36:41.460 PST: RADIUS: Class [25] 28
Feb 1 13:36:41.460 PST: RADIUS: 43 41 43 53 3A 78 62 63 2D 61 63 73 2F 31 31 36 [CACS:xbc-acs/116]
Feb 1 13:36:41.460 PST: RADIUS: 34 37 33 32 33 39 2F 31 36 38 [ 473239/168]
Feb 1 13:36:41.460 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:41.460 PST: RADIUS: A1 E6 37 EB 60 3A 28 35 92 56 C5 A9 27 7D 2C E9 [ 7`:(5V'},]
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco [26] 38
Feb 1 13:36:41.460 PST: RADIUS: Cisco AVpair [1] 32 "ip:inacl#1=remark **Allow DHCP"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco [26] 57
Feb 1 13:36:41.460 PST: RADIUS: Cisco AVpair [1] 51 "ip:inacl#2=permit udp any eq bootpc any eq bootps"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco [26] 37
Feb 1 13:36:41.460 PST: RADIUS: Cisco AVpair [1] 31 "ip:inacl#3=remark **Allow DNS"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco [26] 47
Feb 1 13:36:41.460 PST: RADIUS: Cisco AVpair [1] 41 "ip:inacl#4=permit udp any any eq domain"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco [26] 61
Feb 1 13:36:41.460 PST: RADIUS: Cisco AVpair [1] 55 "ip:inacl#5=remark **Deny access to Corporate Networks"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco [26] 53
Feb 1 13:36:41.460 PST: RADIUS: Cisco AVpair [1] 47 "ip:inacl#6=deny ip any 10.0.0.0 0.255.255.255"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco [26] 45
Feb 1 13:36:41.460 PST: RADIUS: Cisco AVpair [1] 39 "ip:inacl#7=remark **Permit icmp pings"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco [26] 38
Feb 1 13:36:41.460 PST: RADIUS: Cisco AVpair [1] 32 "ip:inacl#8=permit icmp any any"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco [26] 50
TEST-802.1X#
Feb 1 13:36:41.460 PST: RADIUS: Cisco AVpair [1] 44 "ip:inacl#9=remark **Permit everything else"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco [26] 37
Feb 1 13:36:41.460 PST: RADIUS: Cisco AVpair [1] 31 "ip:inacl#10=permit ip any any"
Feb 1 13:36:41.465 PST: RADIUS(00000000): Received from id 1645/16
TEST-802.1X#
TEST-802.1X#
TEST-802.1X#
interface config looks like:
interface GigabitEthernet1/0/4
description **User/IPphone/Guest
switchport access vlan 702
switchport mode access
switchport voice vlan 704
ip access-group PRE-AUTH in
srr-queue bandwidth share 1 30 35 5
queue-set 2
priority-queue out
authentication event fail action next-method
authentication event server dead action authorize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab webauth
authentication priority dot1x mab webauth
authentication port-control auto
authentication fallback WEB_AUTH_PROFILE
mab
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 3
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY -
Radio Interface Reset and Shutdown Frequently
As recently new office from end-Sept, we have found that the radio interface reset very frequently which has been happening about over 15 times within 8 weeks for one AP on average. Some of those (3 AP so far) got the radio interface down eventually and we need to reload the AP to make it up again.
the AP model is AIR-LAP1142N-N-K9 and the IOS version is
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:表格內文;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
st1\:*{behavior:url(#ieooui) }
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:表格內文;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
c1140-k9w7-mx.124-21a.JA1. Power supply is made from the PoE switch c2960s. Is there any issue related to IOS? or some other factors may cause the issue happen? Any debug command can show the status of AP? Please advice.Hi Surendra,
Other than IOS, will this radio interface reset and shutdown issue affect by the nearby AP which is not belongs to the same office.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Scenario:
The new office gets 2 floors. One is 5/F which has installed 9 APs with different channels and another one is 6/F which has installed 6 APs with different channels as well. We found that there are many events “%DOT11-4-MAXRETRIES: Packet to client reached max retries, removing the client” logged on 5/F and 6/F AP.
We also found that the radio interface reset very frequently which has been happening about over 15 times within 8 weeks for one AP on average. Some of those (3 AP so far) got the radio interface down eventually and we need to reload the AP to make it up again.
Is/ are there any possibility caused by otherenvironmental factors? Please advise.
Best regards,
Bell -
Contact center call recording issues
Good day,
We have a very strange issues with recording calls on our contact center. We use cisco Agent desktop 7.0(1) seem in the startup window. In agent window, from the help>about:
Cisco Unified Contact Center Express 7.0 Cisco Agent desktop 6.6(1) (Premium Version)
Build: 6.6.1.400
So let me start by saying that the recording of inbound calls works more or less. The problem that we have are three:
(1) sometimes the recording suddenly stop with no apparent reason. So we have calls of which the call itself lasts let's say 8 minutes but the recording suddenly stops after 5 minutes.
(2) Sometimes recordings overlap. So when you play back a recorded file, suddenly you hear a completely different call conversation from another agent. Sometimes it hops back to the original agent and sometimes it doesn't. Again there is no apparent reason for why this is happening.
(3) some recordings are half speed. So when you play back the call is in 'slomotion'
I've checked the historical reports to see whether the agents themselves where doing anything out of the ordinary. I looked at reports like login/logout, call details, not ready states, reason codes etc but found nothing. The one thing that comes to mind while posting this is muting of calls. Could this mess up a recording? Anyway, mostly we have no issues but sometimes these 3 issues randomly pop up. Anybody have any experience with this? Or similar issues? Does anybody know the cause and even better the solution?
Any information would be very helpfull, thanks.
rgds,Hello Dass,
Unfortunately I was not the one who implemented this. I'm also not an ip phone engineer. To put it simple, I'm a cisco network engineer and my boss says well VOIP devices are from cisco so you should support that too ;-) . So bare with me as it is kind of not so easy for me to produce the answers. So Imma blur out al lot of info now.
Let me say something about the setup using a diagram:
Because of security I had to leave a few things out of the diagram, but this pretty much tells it all. So we record all inbound calls to our servicdesk. The agents use the agent desktop software, Cisco Unified Contact Center Express 7.0 Cisco Agent desktop 6.6(1) (Premium Version) Build: 6.6.1.400. The pc on which this software runs is physicaly connected to a cisco ip phone 7962 (pc port) and the phone is connected to a C2960 switch. Switch port confguration:
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
switchport voice vlan 50
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
We have a few of thses switches in a star topology connected to a 'backbone' switch C2960S. All connections to the backbone are trunked. The contact center is directly connected to this 'backbone switch' on an access port on vlan 50.
Now looking at the contact center web interface, I see in System=>Control Center I see a couple of services that are running related to recording:
Cisco Desktop Recording & Statistics Service
Cisco Desktop Recording Service
This is pretty much all I have now. If there is more info required I can look it up. So can anyone say anything about this issue that I have? -
I have below config on switch (C2960S-UNIVERSALK9-M), Version 15.0(2)SE7,
aaa group server tacacs+ testgroup
server name test1
server name test2
server name test3
tacacs server test1
address ipv4 192.1.1.1
key 7 testkey
timeout 3
single-connection
Similarly for test 2 and test3
Issue is, when the switch boots, it shows below message though all the authentication and autho is working properly.
Mar 25 01:19:10 UTC: %AAAA-4-NOSERVER: Warning: Server test1 is not defined.
Mar 25 01:19:10 UTC: %AAAA-4-NOSERVER: Warning: Server test2 is not defined.
Mar 25 01:19:10 UTC: %AAAA-4-NOSERVER: Warning: Server test3 is not defined.
Only reason I can think of is when the switch boots, it parses line by line and since the ip addresses of test1,test2,test3 are defined after the declaration, we are receiving this message? Can someone please advise?
Thanksrakeshvelagala,
Try config with this command:
tacacs-server host x.x.x.x single-connection timeout 3 key 0 yyyyyyyyyy
Regards,
GUs Magno -
Switch WS-C2960+24TC-L not recognized by CNA
Switch WS-C2960+24TC-L not recognized by Cisco network assistant. Switch is running on IOS 15.0(2)SE5, CNA 5.8(8.9). CNA show switch as wireless klient.
I tried upgrade but not help.Yes 6.1 supports it , 5.8 does not
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_network_assistant/version6/relnotes/ol32368.html
With Cisco Network Assistant 6.0, you can manage these devices:
Catalyst 2960-Plus switches
– WS-C2960+24PC-L
– WS-C2960+24LC-L
– WS-C2960+48TC-L
– WS-C2960+24TC-L
– WS-C2960+48PST-S -
C2960 Web Catalyst Device Manager switch view shows "Unsupported Device"
Hi All,
I`ve setup many C2960 switches over the years but this one has me stumped.
I`ve configured a brand-new out of the box Cisco C2960+24pc-l using the same procedure used on our other switches but when accessing the Web GUI the view that should show a picture of the switch and port status just shows a grey block with "Unsupported Device".
I`ve tried it from IE, Chrome and firefox and XP plus Win7 PCs to no avail.
Am I missing something or do I need to send this switch back for warranty replacement?
Can anyone point me in the right direction please?
Many thanks,
PaulI'm also. Try to Call Cisco support no response and also email for support.
-
Any suggestions??
This is where I'm at:
I'm using Secure CRT with a baud rate of 115220
switch: set BAUD 115200
switch: format flash:
switch: copy xmodem: flash:c2960-lanbasek9-mz.150-2.SE6.bin
switch: set BAUD 9600
switch: boot flash:c2960-lanbasek9-mz.150-2.SE6.bin
switch: boot
Loading "c2960s-universalk9-mz.152-1.E2.bin"...c2960s-universalk9-mz.152-1.E2.bin: no such device
or
switch: boot flash:c2960-lanbasek9-mz.150-2.SE6.bin
Loading "flash:c2960-lanbasek9-mz.150-2.SE6.bin"...flash:c2960-lanbasek9-mz.150-2.SE6.bin: magic number mismatch: bad mzip file
Error loading "flash:c2960-lanbasek9-mz.150-2.SE6.bin"hello thompson318,
most probably the following mentioned error/ messages you are getting is due to bad IOS, the IOS is corrupted, i would suggest you to use another well-known working/ verified IOS and to upload it to the switch using Xmodem...
magic number mismatch: bad mzip file
here is some links for your reference:
http://www.youtube.com/watch?v=zxTO5qxti-I
http://www.cisco.com/c/en/us/support/docs/routers/2600-series-multiservice-platforms/15085-xmodem-generic.html
please note, if there is no enough space on the flash to handle the new and the old IOS image, i would suggest you to upload old/small IOS to fits into the flash, then you can delete the old corrupted one and to upgrade to new IOS image...
Kind Regards,
/Osama -
C2960S switches reset SFP+ ports hourly
We have several C2960S switches that seem to reset their uplink SFP+ ports at the same time each hour. It looks like it's only a brief reset but any Cisco phones we have attached to these switches will lose their connectivity to our Subscriber and reset. Has anyone else seen this? We are running iOS 15.2(2a)E1 due to a different error we were having (%ENTROPY errors), and Cisco TAC recommended we upgrade to the latest code. I included a "sho log" to demonstrate what I'm talking about. The interface in question is Gi1/0/49 which has a GLC-T in it that uplinks to our Data Center switches.
I see you have 2960s, but there is know bug for the 2960-X series regarding GLC-T and other SFPs.
So, this maybe effecting your switch as well but not sure.
here is the bug id and link:
CSCur56395
https://tools.cisco.com/bugsearch/bug/CSCur56395/?reffering_site=dumpcr
HTH -
Router 2811 and C2960 Switch Trunking Problem
Hi all
I got an problem with a trunking problem between Router 2811 and C2960 switch
In router 2811 - I created f0/0.1 10.65.20.1 (VLAN 1) and f0/0.48 10.65.23.1 (VLAN 48)
In C2960 - Vlan 1 10.65.20.30 , VLAN 48 10.65.23.30
Finally I can only ping VLAN 1 IP but fail to ping VLAN 48 IP, can help me how to troubleshoot it?
Hugo
Router 2811 Configuration:
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.65.20.1 255.255.255.0
interface FastEthernet0/0.48
encapsulation dot1Q 48
ip address 10.65.23.1 255.255.255.0
C2960 Configuration:
interface FastEthernet0/24
switchport mode trunk2811#sh vlans
Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.1
This is configured as native Vlan for the following interface(s) :
FastEthernet0/0
Protocols Configured: Address: Received: Transmitted:
IP 10.65.20.1 388873 262275
Other 0 1723
390760 packets, 71854310 bytes input
263998 packets, 53723195 bytes output
Virtual LAN ID: 48 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.48
Protocols Configured: Address: Received: Transmitted:
IP 10.65.23.1 0 0
Other 0 20
0 packets, 0 bytes input
20 packets, 1883 bytes output
2960_24#sh int trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1
Gi0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 1-4094
Gi0/1 1-4094
Port Vlans allowed and active in management domain
Fa0/24 1,48
Gi0/1 1,48
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1,48
Gi0/1 1,48
Maybe you are looking for
-
How to release blocked GLs e..t.c
Dear All: I have a query, i encountered this issue when end users complained that posting to certian GLs and Vednors is not possible because they are blocked.Although they were never blocked by me. 15 mints before their complaint SAP was
-
Dear Experts, I am able to find the short URL for the following iView in Development portal. ROLES://portal_content/com.sap.pct/every_user/com.sap.pct.erp.ess.bp_folder/com.sap.pct.erp.ess.roles/com.sap.pct.erp.ess.employee_self_service/com.sap.pct.e
-
How can I re-download previous paid apps?
I have purchased the new 3GS. Previously, on my 2G IPhone, I have bought several apps from the App Store but have not synched them with ITunes. Now, with the new 3GS, how do I recover those paid apps?
-
When I use FCP X to import Digital 8 tapes from my Sony it worked fine. I've now switched over to my miniDV tapes that were shot on a GL2. I'm using my HV20 to import them. As the import goes a black flash appears every 3-5 seconds and I can see the
-
Printing/PDF from Web Analyzer and WAD
Hi, In BI7, when we run the query via Web Analyzer / WAD, is there an option for us to do Printing? Or can we convert the result output to PDF in Web Analyzer / WAD? Have you done this before? Please advise, thanks.