Switch command of 2960 switches
I have 1 switch 2960 24TC S. i updated the iOS to 15.0.2 . i want to configuration with the command:
authentication event server dead action reintialize vlan
but the command of the switch show me i can only configure: event fail or non-response
i read some article that this switch do support the command: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/15-0_1_se/command/reference/cr_2960/cli1.html
Any idea for fix it ?
I think the actual deployed number is coming out to 6, but with this customer, you never can tell. :)
I came in to this well after the architecture was planned and sold to the customer, now it is just a matter of making it work.
It should not be too bad, considering the stacks are backed by 10gb uplinks to the core and the port-channels are to bond the ports to the workstations, so at least we are not hanging more switching off of them.
Thanks for the info,
Similar Messages
-
Can not administer Catalyst 2960 switch via console
Hello,
I want to configure my switch via console cable, the switch boots up normally, and there are no configurations present on the switch. However, anything I type does not appear on the terminal client. I used several terminal clients (TeraTerm, PuTTY, HyperTerminal), all latest versions as well as different PCs. I even forced the switch to rommon mode, still, anything I type does not appear on the terminal client.
Here's the output of TeraTerm:
Boot Sector Filesystem (bs) installed, fsid: 2
Base ethernet MAC Address: e8:40:40:06:f0:80
Xmodem file system is available.
The password-recovery mechanism is enabled.
Initializing Flash...
flashfs[0]: 542 files, 19 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 11565056
flashfs[0]: Bytes available: 20948992
flashfs[0]: flashfs fsck took 11 seconds.
...done Initializing Flash.
done.
Loading "flash:/c2960-lanbasek9-mz.122-50.SE5/c2960-lanbasek9-mz.122-50.SE5.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File "flash:/c2960-lanbasek9-mz.122-50.SE5/c2960-lanbasek9-mz.122-50.SE5.bin" uncompressed and installed, entry point: 0x3000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 28-Sep-10 13:44 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01400000
Initializing flashfs...
fsck: Disable shadow buffering due to heap fragmentation.
flashfs[1]: 542 files, 19 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32514048
flashfs[1]: Bytes used: 11565056
flashfs[1]: Bytes available: 20948992
flashfs[1]: flashfs fsck took 2 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
Checking for Bootloader upgrade.. not needed
POST: CPU MIC register Tests : Begin
POST: CPU MIC register Tests : End, Status Passed
POST: PortASIC Memory Tests : Begin
POST: PortASIC Memory Tests : End, Status Passed
POST: CPU MIC interface Loopback Tests : Begin
POST: CPU MIC interface Loopback Tests : End, Status Passed
POST: PortASIC RingLoopback Tests : Begin
POST: PortASIC RingLoopback Tests : End, Status Passed
POST: PortASIC CAM Subsystem Tests : Begin
POST: PortASIC CAM Subsystem Tests : End, Status Passed
POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed
Waiting for Port download...Complete
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco WS-C2960-24TT-L (PowerPC405) processor (revision J0) with 65536K bytes of memory.
Processor board ID FOC1510X4ZQ
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : E8:40:40:06:F0:80
Motherboard assembly number : 73-12600-05
Power supply part number : 341-0097-03
Motherboard serial number : FOC15094MZG
Power supply serial number : DCA150583WQ
Model revision number : J0
Motherboard revision number : A0
Model number : WS-C2960-24TT-L
System serial number : FOC1510X4ZQ
Top Assembly Part Number : 800-32797-01
Top Assembly Revision Number : F0
Version ID : V09
CLEI Code Number : COM3L00BRE
Hardware Board Revision Number : 0x0A
Switch Ports Model SW Version SW Image
* 1 26 WS-C2960-24TT-L 12.2(50)SE5 C2960-LANBASEK9-M
Press RETURN to get started!
*Mar 1 00:00:31.381: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 00:00:32.556: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Mar 1 00:00:35.802: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to down
*Mar 1 00:00:35.861: %SYS-5-CONFIG_I: Configured from memory by console
*Mar 1 00:00:36.012: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 28-Sep-10 13:44 by prod_rel_team
*Mar 1 00:00:36.037: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Mar 1 00:00:37.060: %LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administratively down
*Mar 1 00:00:37.094: %LINK-5-CHANGED: Interface FastEthernet0/7, changed state to administratively down
*Mar 1 00:00:37.127: %LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down
*Mar 1 00:00:37.161: %LINK-5-CHANGED: Interface FastEthernet0/9, changed state to administratively down
*Mar 1 00:00:37.195: %LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down
*Mar 1 00:00:37.228: %LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down
*Mar 1 00:00:37.262: %LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down
*Mar 1 00:00:37.362: %LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administratively down
*Mar 1 00:00:37.362: %LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administratively down
*Mar 1 00:00:37.362: %LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down
*Mar 1 00:00:37.404: %LINK-5-CHANGED: Interface FastEthernet0/16, changed state to administratively down
*Mar 1 00:00:37.446: %LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down
*Mar 1 00:00:37.488: %LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administratively down
*Mar 1 00:00:37.497: %LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administratively down
*Mar 1 00:00:37.539: %LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administratively down
*Mar 1 00:00:37.572: %LINK-5-CHANGED: Interface FastEthernet0/21, changed state to administratively down
*Mar 1 00:00:37.606: %LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administratively down
*Mar 1 00:00:37.639: %LINK-5-CHANGED: Interface FastEthernet0/23, changed state to administratively down
*Mar 1 00:00:37.673: %LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administratively down
*Mar 1 00:00:37.690: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
*Mar 1 00:00:37.715: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
After the last line, I can not type any command at all. I encountered this on three 2960 switches that we have here in our laboratory. Can anybody help me on how I can get access to the switch via console?
Thanks in advance.Have You Check your console Cable.
also
If u are using USB to Serial check driver are properly installed.
else
See Helpful Cisco Documentation
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008010ff7a.shtml
Do Rate Helpful Posts -
Aironet 1142 as supplicant to 2960 switch (NEAT/CISP/MAB)
Hello!
First, my configuration, (then the problem down below):
I have an Aironet 1142 with mulitple SSIDs [mapped to VLANs] connected to Gi1/0/2 on a 2960 switch in a user-accessible area. This switch is uplinked to another 2960 switch in a wiring closet, and the Microsoft NPS server is connected to the wiring closet 2960.
Aironet -- 2960 [user area] --- 2960 [closet] -- NPS RADIUS
I have the user-area 2960 configured as an authenticator switch for dot1x, and port Gi1/0/2 is authenticating the Aironet via MAB to RADIUS. RADIUS is sending VSA device-traffic-class=switch to the 2960. The closet-2960 has no special 802.1x configuration, nor is it an authenticator swtich; it just has a manually-configured trunk port to the user-area 2960 [for now; i'm trying to take this one step at a time!].
The user-area 2960 correctly converts port Gi1/0/1 to a trunk port when the Aironet is authenticated [via MAB]. The Aironet boots up, the port is opened, I can ping the Aironet on the native VLAN, and all is well [so it seems]. The Aironet's dot11Radio is configured for two SSIDs and mapped to VLANs, which are being spanned via STP thru the user-area 2960 and the closet-2960. STP is correct and verified on all switches.
I have DHCP snooping configured on the user-area 2960 but only for VLAN 1 [but NOT the wireless user VLANs], the trunk port to the closet 2960 is a trusted port. Hosts on the wired ports on the user-area 2960 are able to get DHCP IPs. On the Aironet, "show dot11 associations" shows hosts on the SSIDs are getting DHCP addresses. Again, I am *NOT* running dhcp snooping on wireless SSID VLANs [i read elsewhere that can cause problems as users roam between Aironets].
I do have CISP configured on the user-area 2960. I do not have CISP configured on the closet-2960 [best I can tell, that's not required at this stage, but I could be wrong].
Despite the alleged documentation, I could not get the Aironet to use a dot1x credentials profile to authenticate to NPS/RADIUS as an 802.1x supplicant, which is why I resorted to MAB for this exercise. The Aironet simply would not run dot1x [best I could tell]. The documentation and configuration didn't seem complex, so I was quite confused.
I have upgraded the Aironet to the latest 12.4(25d)JA2 software, and the 2960 is at 12.2(55)SE7 [i saw 12.2(58) has some issues, but i'm willing to be persuaded otherwise, based on sound advice].
Ok, now the problem:
Users on the guest wireless SSID (Vlan 20) say they cannot connect. Yep, classic. VLAN 20 is trunked and spanned to all the sufficient places. The Aironet shows users in the associations list for that SSID with IP addresses from the DHCP server! DHCP snooping is not configured on that VLAN.
I read another support forum post saying CISP and MAB could cause problems with "disappearing" ARP entries. I appear to have that problem. However, the user on the Staff wireless (VLAN 10) has full access. Am I running into a problem with "multi-host" authentication config? Via tcpdump on my firewall, I see nothing but broadcast and multicast traffic coming from a host on VLAN 20. What puzzles me is how I do see *SOME* traffic from a VLAN 20 host on this SSID, but no unicast traffic! Argh!
Since you're going to ask, here is my port config for this AP on the 2960 authenticator switch in the user-area, and the AAA config pieces:
#sh run br | in ip dhcp
ip dhcp snooping vlan 1
no ip dhcp snooping information option
ip dhcp snooping database flash:dhcp_snoop.txt
ip dhcp snooping
#sh ip dhcp snoop
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1
DHCP snooping is operational on following VLANs:
1
DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is disabled
circuit-id default format: vlan-mod-port
remote-id: ccd5.3947.7980 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:
Interface Trusted Allow option Rate limit (pps)
GigabitEthernet1/0/46 no no 15
Custom circuit-ids:
GigabitEthernet1/0/48 yes yes unlimited
Custom circuit-ids:
GigabitEthernet1/0/52 yes yes unlimited
Custom circuit-ids:
#sh run br | incl aaa auth
aaa authentication login default local group rad_eap
aaa authentication dot1x default group radius
aaa authorization console
aaa authorization exec default local group rad_eap
aaa authorization network default group rad_eap local
#sh run int gi1/0/2
interface GigabitEthernet1/0/2
description Wireless Access Points
switchport mode trunk
switchport nonegotiate
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth limit 50
priority-queue out
authentication host-mode multi-host
authentication order mab dot1x
authentication port-control auto
authentication violation restrict
mab
mls qos trust cos
macro description CISCO_WIRELESS_AP_EVENT
auto qos trust
spanning-tree portfast
#sh int gi1/0/2 sw
Name: Gi1/0/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
#sh auth sess int gi1/0/2
Interface: GigabitEthernet1/0/2
MAC Address: acf2.c5f2.8e27
IP Address: 10.100.32.42
User-Name: acf2c5f28e27
Status: Authz Success
Domain: DATA
Oper host mode: multi-host
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A64200B00000CDA41AFBEDF
Acct Session ID: 0x00000D00
Handle: 0xDE000CDA
Runnable methods list:
Method State
mab Authc Success
dot1x Not run
#sh mab int gi1/0/2
MAB details for GigabitEthernet1/0/2
Mac-Auth-Bypass = Enabled
#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1
Gi1/0/2 on 802.1q trunking 1
Gi1/0/48 on 802.1q trunking 1
Gi1/0/52 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/1 1-4094
Gi1/0/2 1-4094
Gi1/0/48 1-2,10,20
Gi1/0/52 1-2,10,20
Port Vlans allowed and active in management domain
Gi1/0/1 1-2,10,20
Gi1/0/2 1-2,10,20
Gi1/0/48 1-2,10,20
Gi1/0/52 1-2,10,20
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1-2,10,20
Gi1/0/2 1-2,10,20
Gi1/0/48 2
Gi1/0/52 1-2,10,20
Ok, what am I missing??The problem lies in the wired Ethernet port on the Aironet. I did not submit that configuration because I thought it was simple and unrelated. Here is what I had:
interface GigabitEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
The correct configuration should have been:
interface GigabitEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
The line "no bridge-group 20 unicast-flooding" should not be applied to the wired port. That's stupid. With that erroneous command, the wired port will forward only broadcast and multicast traffic! Unicast traffic will be dropped. Oops.
However, I do not understand why applying this to the radio interfaces has no effect there. I have yet to find any conclusive detailed answers, either. Regardless, my original problem is fixed. -
Catalyst 2960 POE Switch Consumption Mode
Hi,
I'm curious how I can configure a 2960 to function in POE consumption mode. I know with other switches you can explicitly configure them to only give devices the power they consume and not power based on what class the belong to.
I have read that the following command should do what I need:
power inline consumption wattage
...although I would have thought I wouldn't need to specify the wattage if I wanted the device to tell the switch how much power it needs.
ThanksHi,
The "power inline consumption" command is a global config that applies to the entire switch to override the default:
from the command reference guide
Use the power inline consumption global or interface configuration command on the switch stack or on a standalone switch to override the amount of power specified by the IEEE classification for the device by specifying the wattage used by each powered device. Use the no form of this command to return to the default power setting.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750e_3560e/software/release/12-2_44_se/command/reference/cr1/cli1.html#wp8821622
HTH -
Hi all,
I'm using switch Catalyst 2960. I use pc for console, I want to packet from a device to switch, I saw that Switch only receive bytes but not receive packets, I don't know why? I console switch, " show interfaces stats". Thank you very much.Post the complete output to the command "sh interface <BLAH>".
-
AAA configuration on switches 2960
Hi
I have introduced the following configuration of AAA in the switches of series 2950 and works very well,
but when I do the same in switches 2960, the local password does not work and it is obligatory to introduce the switch in the ACS to have management of the switch.
Is needed some additional configuration of AAA in switches 2960?
Thanks.
tacacs-server host y.y.y.y
tacacs-server key xxxxx
aaa new-model
aaa authentication login acceso-consola group tacacs+ line
aaa authentication login acceso-telnet group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
line con 0
exec-timeout 0 0
login authentication acceso-consola
line vty 0 4
login authentication acceso-telnetMaria
Perhaps some clarification of your environment might help us. In particular it would help to understand how you produce the "without ACS" environment.
Clearly the switch is still configured for ACS. And clearly there is connectivity from the switch to the ACS. And the ACS is responding to the authentication request from the switch. I am not sure what the errno 254 represents or what on the ACS server causes it. Perhaps you can help us understand that?
I had a situation at one point that may have been similar to your situation. Our devices were sending requests to ACS. But ACS was not able to communicate with the external DB because one of the services on ACS was not running. ACS responded with an error indicating unable to process. But the IOS devices were not interpreting that as an error that should send them to the backup authentication method.
If you are stopping something on the ACS server then I would suggest that a better test would be to break IP connectivity between the switch and the ACS so that the switch receives no response to its request or to change the configured IP address for the server in the switc and point to some device not running ACS so that the switch receives a port unreachable response to its request. Those would give you a better test of without ACS.
HTH
Rick -
3560G and 2960 switch CPU loading
Hi all,
I'm using PRTG monitoring switchs performance, the core switch 3560G CPU is 75% and outsite switch 2960 CPU is 25%, is it high loading of those switch ?
ThanksHi Leo
I have attached PRTG report and Cisco show proc memory command to you, thanks for help.
3560G
Processor Pool Total: 94334556 Used: 14594348 Free: 79740208
I/O Pool Total: 8380416 Used: 3587708 Free: 4792708
Driver te Pool Total: 1048576 Used: 40 Free: 1048536
2960
Processor Pool Total: 34988900 Used: 8256776 Free: 26732124
I/O Pool Total: 4186112 Used: 1641672 Free: 2544440
Driver te Pool Total: 1048576 Used: 40 Free: 1048536 -
Good evening,
I have purchased a new 2960 - S switch catalyst and have configured one SVI (interface -Layer 3). But my problem is that can't to use the show ip route command on this model.
This device has the universalk9 flash.
Thanks in advance!You won't be able to, because it's a L2 switch, i.e. it cannot route!
Martin -
Increasing TFTP block size for 2960 series switches
I have read that some Cisco components can increase the default TFTP block size to values greater than 512 bytes by using the command -
ip tftp blocksize xxxx
This doesn't seem to be available on Cisco 2960 series switches. Is there a way to do this with the 2960's?I have moved a WS-C2960-24LC-S running LanLite to 12.2(55)SE9 - the current end of the line for this switch - and indeed the command is not present. Sooo....this appears to be a limitation of LanLite.
My predecessor implemented about 70 switches with LanLite. I put a stop to this about a year ago but it is going to take some time to flush them out of the inventory.
Thanks for your response. -
Siemens HiPath PBX not answering when connected in 2960 class switches
Hi guys,
I have some HiPath PBXs connected in the network using a dedicated VLAN.
While their uplink is a UTP port in any 2950 class Cisco switch, everything is working fine.
When replacing the switch with a newer 2960 class. not working anymore.
Moving back to 2950 - start working again.
Switches have same VLAN configuration, port configuration... everything identical except switch model.
This happens for HiPath 4000 as well as HiPath 3000 PBXs.
If any idea on this... much appreciated.
Thank you,
CatalinHi Andras,
Just looked at them on the 2960 switch, but I can't make anything as being an issue. Pasted here below.
On the old 2950, I can only see that interface is configured in the same vlan 15 - all that was shown - does not recognize "sh run all" command.
Many thanks!
interface GigabitEthernet1/0/24
description HiPath local
switchport
switchport access vlan 15
no switchport nonegotiate
no switchport protected
no switchport block multicast
no switchport block unicast
no ip arp inspection trust
ip arp inspection limit rate 15 burst interval 1
ip arp inspection limit rate 15
no shutdown
duplex full
ipv6 mld snooping tcn flood
snmp trap mac-notification change added
snmp trap mac-notification change removed
snmp trap link-status
mls qos cos 0
cdp tlv location
cdp tlv server-location
cdp tlv app
spanning-tree port-priority 3
spanning-tree cost 3
ip igmp snooping tcn flood -
2960-S switch firmware upgrade path ?
Hello, I have a stack of three 2960-S switches. They are currently running ' Version 12.2(53)SE2, RELEASE SOFTWARE (fc3'.
Is it OK to do a direct upgrade to 'c2960s-universalk9-tar.122-58.SE2' ? or is an incremental upgrade required ?
I understand I simply upgrade this to the master switch in the stack and it then propagates to the other switches.
Is there anything else important I need to be aware of ?
Thanks for any advice.You can upgrade directly to that version of code. Just be sure to use the archive download-sw command and it will transfer the image to all switches in the stack. Good luck!
-
2960s switch gui and smartport user defined macro
Hi,
I have a few 2960s switches and would like to use the GUI to configure ports using the smartport function. These seem to be based on predefined macro's which I can't edit. I have created my own macro, how do I enable the macro in the GUI so I can use the use my own macro?
Regards,
PaulOk, SmartPort macro is now a HIDDEN command, since 12.2(58)SE and later.
If you've got a macro you want to use, you have to enter it using CLI. Here's how you do it:
config t
macro name <BLAH>
[ENTER YOUR MACRO HERE]
[Use the "@" to end your macro]
end
To envoke the macro:
config t
interface <BLAH>
macro apply <MACRO NAME>
end
To view the macro:
sh pars macro name <MACRO NAME> -
How to priorities(QoS) the traffic for DSCP 46 and 34 in cisco 2960s switch
HI,
We are going to implement Microsoft Lyncs 2013 in our network, so how to priorities the traffic for DSCP 46 and 34 in cisco 2960s switch. Kindly replay with detailed QoS commands for enabling QOs in LAN.
Thanks
SujishHi,
Have a look at this config guide for all the details:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/configuration/guide/2960scg/swqos.html
HTH -
How to connet cisco 2960S switch to sony nexus 7?
I want to buy an cisco WS-C2960S-24TS-S switch to help me solve business networking problem. Can someone help me to connect cisco 2960s switch to nexus 7 ?
I don't need to do anything config on the new switch, I just need to upgrade the new switch's IOS version as the existing stack.
Correct. Upgrade using the command "archive download-sw" instead copying the BIN files.
After doing above task, I connect all stack cable and power cord as you said, and then the new switch can be synchronized with the MASTER switch. right??
Correct. The new switch should NOT have any configuration. This includes VLAN.dat file. -
Half Duplex/100M problem on 2960 switch with GLC-GE-100FX
We have a 2960-24TC switch with GLC-GE-100FX SFP interface converter. We connected the switch to another switch through fiber, one end was GLC-GE-100FX and the other end was a 100/FULL ATI media converter. Both switches could talk to each other. The problem was the GLC-GE-100FX interface running at 100M/half duplex status and we couldn't change the port configuration. Is there a way to fix this problem? Your help would be much appreciated.
Using show interface command. It shows half duplex. It's a new design on Cisco 2960-24TC switches, the Giga uplink ports are dual purposed. When I plugged GLC-GE-100FX SFP interface converter and connected it to a media converter, it showed half duplex. There's no way I could change the speed and duplex under that configuration.
Maybe you are looking for
-
My iPhone 5s is stuck in recovery mode and won't turn on, I've tried to restore and update it to iTunes and its finding my phone, but saying an error has occurred and won't work, the software is up to date, it just automatically switched itself off a
-
Problem with Pages Sharing in icloud
Since my upgrade to Yosemite I have been unable to share documents. If I try to share via email for some reason I get a dialogue asking if I want to start Windows Recorder in Parallels???? If I copy the link offered into an email then the link doesn'
-
Can't remove stroke from shape CS6 Mac
Hi, I've not run into this before, but haven't used Pshop CS 6 a lot. I am setting the stroke to 0 and none, but Pshop keeps putting a stroke around the shape: http://screencast.com/t/J7sgWJpF Not sure what is wrong or how to fix it. Thanks Jeff
-
Hi Experts, I have created the workflow on CRM system. I am using the object type BUS2000115.But the workflow is not getting triggered. In event trace in swels, Its showing 'Check FM with exception' error. Also in swo1, the status of the object is im
-
I need a free IDE (Environment) for programming
Hello I need a free IDE (Environment) for making java card Applets.I want this environment have a good debuger and it works with javacard 2.1 or later. Please hellp me. Thanks