TACACS+ Authorization on 300 Series Switches

Similar Messages

• Using TACACS+ With ACS 5.6 on 300 Series Switches v1.4

  I was wondering if anyone could give me instructions on how to set up ACS for TACACS+ on a 300 series switch using Authorization? I can get it to work to authenticate, but the authorization doesn't seem to work like a catalyst switch. Thanks in advance for any help!

  Brandon, thanks for the link, but this is for the older software before they included authorization (the v1.4). I've looked through a bunch of manuals and tried to find examples online, but it doesn't seem like anyone has anything out there I can find.

• Firmware upgrade question for 300 series switches

  Hi-
  I have a customer that is investigating a strategy and solution for centralized firmware management of the 300 series switches.  They have found an issue in the lab where they were trying to roll back the firmware to a previous version  They can not roll back to the previous firmware version, which is desirable in the case of finding an issue in the new firmware that causes them to have need to rollback to a known working version.
  We have read in the cisco 300 switch admin guide that there are two images (active and inactive) and that a new downloaded firmware always replaces the inactive image and is active until explicitly set.  The admin guide does not mention inability to make an older firmware image as active image when the switch has previously run on a new release firmware image.  My customer's engineers testing have informed me that an older image can not be made active after a newer image has booted.  Can you please verify if this if a fallback is supposed to work as it is causing a lot of concern-
  Thanks-
  Jena

  Jena,
  The release notes -
  http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/release_notes/Sx200-Sx300_R1.1.2.x.pdf
  What firmware is the switches currently on?
  Major Changes and Defects Corrected
  • Hardware version 1.0 devices that were upgraded to software version 1.1
  can now be downgraded to software version 1.0. You must delete the
  startup configuration file before rebooting the device to software version
  1.0. Otherwise the device may have problems when booting up. You may
  backup your running configuration before the reboot, and re-import the
  configuration afterward. Major Changes and Defects Corrected
  • Hardware version 1.0 devices that were upgraded to software version 1.1
  can now be downgraded to software version 1.0. You must delete the
  startup configuration file before rebooting the device to software version
  1.0. Otherwise the device may have problems when booting up. You may
  backup your running configuration before the reboot, and re-import the
  configuration afterward.
  Please read full release notes for other work arounds
  Hope this helps,
  Jasbryan

• CCA for 100 + 300 series switches?

  Is it in the roadmap to provide CCA control over 300 series switches?  We have a lot of SRW2008's put in before the 8-port ESW existed...and we have PITA vlan consistency issues out there too that I think CCA would help fix. 
  While I understand the "don't pre-announce products", I need a level of design intent around CCA - is it a tool for configuring UC series pieces primarily and all else is secondary? Or is it the multi-device config tool for all SBCS pieces?

  Nothing to do with the UC - primary concern is standalone networks.
  Real life case:
  2 ESW switches in control room hooked up to SA540
  Closet switches are SRW2008's
  Port no more than two devices are supposed to go now has 4, add an SRW2008 to the desk location.
  Now, it turns out that there is a badly behaved device at the desk - a video player that spews all sorts of traffic when it's playing that doesn't play nice with others.  So I now need to set-up a VLAN crossing those two switches. Oh, and it turns out the customer decided to unplug an access point and plug it into that switch too which ended up causing a loop when the PC plugged into ethernet someplace else attached to the PC.
  Tasks:
  Ensure that the 2 SRW2008's have proper vlan assignments to setup a port vlan for that video server.
  Issues:
  Make sure you assign proper configs to both ends of each link
  Make sure not to confuse one SRW2008 with another
  If new vlan, make sure all other ports that need to see it can still see it.
  Applications for CCA:
  Visualize all VLANS
  Document port assignments (i.e. where is the video server vs. printer on that last leg 2008)
  More easily see port statistics across multiple switches
  So after I did that work, I realized that the SA540 wasn't really up to being an aggregation switch too and made the ESW-540-48 into the aggregation switch which required some more changes - however CCA made it easy...
  At another job, I have SA540 + AP541ns (upgraded from RVL200 + WAP54GP's) but if I had 300 series in CCA, I'd upgrade the SRW2024's and SRW2008's but without easy management tools, the labor cost will be too high to make their networks really managed.....CCA makes that layer of management cheaper.

• Cisco 300 series switches with 802.3at standard

  I'm a bit confused as to which of the 300 series switches supports the 802.3at standard. According to the website, the SG300-28P supports it. But in the quick start guide for the 300 series, only the MP models (excluding the SF302-08MP and SG300-10MP) including the SG300-52P has it. Can someone give me a difinitive answer to this? Thanks!

  LJ,
  P    = PoE capable. On the 300 series, half of the ports can provide 15.4W, or all can provide half that.
  PoE+ is NOT SUPPORTED.
  MP = Maximum Power. This means that all ports can provide up to 15.4W. PoE+ is supported on some models only.
  PP = PoE Plus. Can provide up to 30W on a single port. Note the maximum PoE budget for each switch. Also,
  half of the ports can provide 15.4W, or all can provide half that - any extra power used by PoE+
  MPP = Maximum Power and PoE Plus. This means that all ports can provide up to 15.4W - any extra power used by PoE+
  According to the Data Sheet:
  "Switches support 802.3at PoE+, 802.3af, and Cisco pre-standard (legacy) PoE. Maximum power of 30.0W to any 10/100 or Gigabit Ethernet port for PoE+ supported devices and 15.4W for PoE supported devices, until the PoE budget for the switch is reached"
  The PoE+ models are brand new and are not widey available yet. I did a web search for SG300-28PP and found that at least a few online resellers have it in stock.
  - Marty
  Message was edited by: Martin Pyhala

• Are 300 Series switches compatible with pre-standard PoE detection in old Cisco phones?

  Are 300 Series switches compatible with pre-standard PoE detection in old Cisco phones? They don't seem to be (a 7902G won't power on when connected to an SF302-08MP with firmware version 1.1). Is any special configuration needed on the switch to enable this detection?

  Please note that the 200 and 300 Series switches now support Cisco Legacy POE as of September 2011, allowing it to deliver power to 7960, 7940, and other pre-standard phones and APs. Details provided at the following link:
  https://supportforums.cisco.com/docs/DOC-18337

• Where is the 300 series switch with 48 gigabit ports and PoE?

  Love the 300 series but surprised that Cisco did not put out a 48 port model with gigabit and PoE.  Would love to hear from Cisco on the reasoning behind that and if there are any plans to introduce one?  Given that gigabit and VoIP is the future at many companies it only makes sense.

  The switches use the SFPs to link to each other. The SG500 has ports for 1G or 5G and the SG500X has 10G ports. Whichever port you select will be the speed at which the switches pass traffic and stack control information. These same ports can be 'reclaimed' if you were to set the switch to stand alone mode. I have put a chart below which details the ports you can use and the speed of these ports.
  Header 1
  Header 2
  Header 3
  Header 4
  Header 5
  Units in Stack
  SG500X
  SG500X
  SG500
  SG500
  Stack Port Name
  S1,S2-XG
  S1,S2-5G
  S1,S2
  S3,S4
  Stack Port Speeds
  10G/1G
  1G/5G
  1G
  1G/5G

• Cisco 300 series switches

  hi all
  Ive looked through some of the online content but dont see a definitive answer to my question about the physical size of the switches, are they all 19" rack mountable or desktop?
  I look forward to a confirmation..

  LJ,
  P    = PoE capable. On the 300 series, half of the ports can provide 15.4W, or all can provide half that.
  PoE+ is NOT SUPPORTED.
  MP = Maximum Power. This means that all ports can provide up to 15.4W. PoE+ is supported on some models only.
  PP = PoE Plus. Can provide up to 30W on a single port. Note the maximum PoE budget for each switch. Also,
  half of the ports can provide 15.4W, or all can provide half that - any extra power used by PoE+
  MPP = Maximum Power and PoE Plus. This means that all ports can provide up to 15.4W - any extra power used by PoE+
  According to the Data Sheet:
  "Switches support 802.3at PoE+, 802.3af, and Cisco pre-standard (legacy) PoE. Maximum power of 30.0W to any 10/100 or Gigabit Ethernet port for PoE+ supported devices and 15.4W for PoE supported devices, until the PoE budget for the switch is reached"
  The PoE+ models are brand new and are not widey available yet. I did a web search for SG300-28PP and found that at least a few online resellers have it in stock.
  - Marty
  Message was edited by: Martin Pyhala

• Scripting reboot for Cisco 300 Series switches

  I would like to have some help putting together a script for rebooting our 300 series POE switches. I have about 150 at this stage to administer and it would make it much easier not to have to remotely reboot them. The IP settings will be the same for each location and we have about 2-5 in each location. I will be logging in through logmein to each remote server, and will run the scripts from this to the local switches. Any help would be appreciated.

  I was playing with my Indigo on an SG-500 and it seems to work.  Create a session for each switch and in the session properties for each switch enter your crendentials (user/pass) IP/port, etc, I was using telnet, port 23 for this and then under the send command tab, on connection I entered:
  reload
  y
  One command per line up to 20 commands I believe and it connected, I saw my prompts and replies and then shutting down.
  So if you try this you can just go down the file tree list for switches with cameras than need a reboot and restart the entire switch if you like, quick and easy.
  You could also add a folder for each switch and a session in that folder possibly for each camera/port with online port number changing for each camera in the session properties and then selectively cycle power for just the affected cameras.
  Example for port 22/camera xxxx:
  conf t
  int gi22 
  power inline never
  power inline auto
  It would take a fair amount of time to set up but once done you could just pick a switch folder and the port in that switch to cycle.  If you have multiple port on a switch you could use
  conf t
  int range gi22-24
  or 
  int range gi1,6,16,20
  power inline never
  power inline auto
  might have to verify that syntax

• SVI support on SG 300 series switches

  hi people:
  my client have 6 sg 300 switches one switch is connected with firewall an d firewall has dhcp server of one network, they want to make another vlan of another network, if sg 300 series support SVI's than i can make two svi's on my one switch.i think they dont support svi other than default.can you help me out on this problem...

  Hi Khurram, the switch does support layer 3 vlan interfaces.
  You may log in to the CLI and use the command
  set system mode router
  Once you do this, this will factory default reset the switch after reload.
  Once the switch has come back up, ensure the first thing you do is make a static IP address on vlan 1 then proceed to make your additional vlans and ip addresses on the vlans
  -Tom
  Please mark answered for helpful posts

• Traceroute and Ping from GUI on 300 series switches?

  Any hopes of being able to do Pings and Traceroutes from the GUI? It's a little frustrating having to telnet/ssh to do those basic things.
  It would also be nice to be able to switch to Layer3 mode through the web GUI.

  Hi,
  Thank you for participating in the Small Business support community. My name is Nico Muselle from Cisco Sofia SBSC.
  With pleasure I can announce that the ping and traceroute function will be available in the next firmware release of the Sx300 series switches. Changing the system mode however is not (as far as I know).  The firmware to be release will contain major updates and addition of functions like TextView (command line interface), CDP, smartports, QinQ etc ...
  A little patience before this maintenance release is available, it will be certainly worth waiting for !
  Best regards,
  Nico Muselle
  Sr. Network Engineer - CCNA

• How do I install a firmware upgrade on a 300 series switch?

  I have downloaded the ros file, but can't find how to apply it. I know this information must be out there, but can't find it. Thanks

  Hello Henry,
  Once logged into the switch you will want to go to the following location Administration > File Management > Upgrade/Backup Firmware.
  From here you will select the file you downloaded and upload it to the switch. Once this process is complete, the firmware will now be located on the switch on image 2.
  You will then go to the Active Image tab right below. From here you will change to image 2. Please make sure to save your configuration at this point and then reboot the switch.

• 300 Series Switch VLAN Setup

  Hello,
  I  am trying to setup vlans on sf 302 switch and been unsuccesful. My idea  is having 2 separate networks and both connecting to internet
  192.168.2.0/24  Gaming Network
  192.168.3.0/24  Work Network
  Router ( Linkys) connected to port 8 on the switch - 192.168.4.1
  I have attached the serial cable and made the following changes
  Creating VLAN's
  Created Vlan 20 for gaming network
  #config t
  #vlan database vlan 20
  exit
  Created Vlan 30 for work
  #config t
  # vlan database vlan 30
  #exit
  Asigned ports to VLAN's
  #config t
  # int fa2
  # switchport mode access
  # switchport access vlan 20
  #exit
  #config t
  #int fa3
  # switchport mode access
  # switchport access vlan 30
  #exit
  Assigning IP address to VLAN
  #conf t
  #int vlan 20
  # ip address 192.168.2.1 255.255.255.0
  #end
  #conf t
  #int vlan 30
  # ip address 192.168.3.1 255.255.255.0
  #end
  I  am stuck after this. Now i want to connect vlan 20 and vlan 30 on to  router attached to port8 on switch so that computers on both vlans have  access to internet. The IP address of router is
  192.168.4.1.
  Please explain what needs to be done to acomplish this. 
  Thanks
  Maakri

  Hello Randy,
  The switch is already set to router mode.
  I have attached a belkin router on port 8 of the switch. The LAN IP of router is 192.168.4.2
  On the switch I have configured port 8 as follows
  #int fa8
  #ip address 192.168.4.1
  # switchport mode trunk
  #switchport trunk allowed vlan add vlan 20
  #switchport trunk allowed vlan add vlan 30
  #no shutdown
  #exit
  #ip routing
  From  PC connected to vlan 20 and VLAN30 I can ping 192.168.4.1 but not 192.168.4.2. I want to access internet from my PC's on Vlan20 and VLAN30
  I can ping PC in  vlan30 from my pc in Vlan20 but cant access the router IP and so no internet. What am I missing? Please let me know
  Thank you
  Maakri

• SG-300 series switches - Network loop / broadcast storm question

  So the SG300's have STP on them and prevent network loops when other switches on the network also support STP too.  However, if someone plugs in a non-managed switch that doesn't support STP with a network loop, is there anything within the SG300 switches to help isloate and/or prevent that from happening?
  (I currently have port mirroring turned on for one port and a network sniffer attached awaiting the incident to happen again).
  Thanks,
  Chris

  Hi Chris, the lowest cost path connection will go to a discard state on the interface of the SG300 switch. So, even if the unmanage switch has 2 physical connections, the spanning tree will shut down one port to prevent this loop.
  -Tom
  Please rate helpful posts

• 2 Switches in One? [300 series] Want to have two uplinks/trunks.

  I have a 300 series switch with VLAN1 untagged, VLAN 15,5,100 tagged.  I want say ports 1-12 to use one uplink/trunk and 13-24 to use another uplink. All ports should have the same default VLAN1 and be tagged for 5,15,100.  I'm trying to ease the load on two wireless uplinks(one is a Cisco 1242AG and the other is a UBNT PowerBridge.) I don't want to add another switch. Is this possible?
  Model:
  SF 300-24P

  Hello Derek,
  Thank you for using the community forum.
  It looks like you would be creating a loop. This would cause Spanning-Tree to kick in and prevent the loop by shutting down one of the Trunk ports. You can load balance at layer 2 but it requires balancing by vlan. So you would need to send 1,5 across one trunk and 15, 100 across the other. Would this be a posibility?
  Cisco Small Business Support Center
  Randy Manthey
  CCNA, CCNA - Security