6248 FI Cisco's UCS with Cisco catalyst 2960 connectivity

Similar Questions

• Cisco Catalyst 2960-S switch configured for 802. 1 x sends a query to access the Radius Server Radius

  Setup

  Cisco Catalyst 2960-S running 15.0.2 - SE8

  Under Centos freeRadius 6.4 RADIUS server

  Client (supplicant) running Windows 7

  When Windows client is connected to the port (port 12 in my setup) with authentication of 802. 1 x active switch, show of Wireshark that catalyst sends ask EAP and the client responds with EAP response. But it made not the request to the Radius server. The RADIUS test utility 'aaa RADIUS testuser password new-code test group' works.
  Here is my config running. Any advice would be greatly appreciated.
  #show running mySwitch-
  mySwitch #show running-config
  Building configuration...

  Current configuration: 2094 bytes
  !
  version 12.2
  no service button
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  no password encryption service
  !
  hostname myswitch
  !
  boot-start-marker
  boot-end-marker
  !
  activate the password secret 5 $1$ Z1z6$ kqvVYRQdVRZ0h8aDTV5DR0 enable password!
  !
  !
  AAA new-model
  !
  !
  AAA dot1x group group radius aaa accounting dot1x default start-stop radius authentication group!
  !
  !
  AAA - the id of the joint session
  1 supply ws-c2960s-24ts-l switch
  !
  !
  !
  !
  !
  control-dot1x system-auth
  pvst spanning-tree mode
  spanning tree extend id-system
  !
  !
  !
  !
  internal allocation policy of VLAN no ascendant interface FastEthernet0 no stop ip address!
  GigabitEthernet1/0/1 interface
  !
  interface GigabitEthernet1/0/2
  !
  interface GigabitEthernet1/0/3
  !
  interface GigabitEthernet1/0/4
  !
  interface GigabitEthernet1/0/5
  !
  interface GigabitEthernet1/0/6
  !
  interface GigabitEthernet1/0/7
  !
  interface GigabitEthernet1/0/8
  !
  interface GigabitEthernet1/0/9
  !
  interface GigabitEthernet1/0/10
  !
  interface GigabitEthernet1/0/11
  !
  interface GigabitEthernet1/0/12
  switchport mode access
  Auto control of the port of authentication
  dot1x EAP authenticator
  !
  interface GigabitEthernet1/0/13
  !
  interface GigabitEthernet1/0/14
  !
  interface GigabitEthernet1/0/15
  !
  interface GigabitEthernet1/0/16
  !
  interface GigabitEthernet1/0/17
  !
  interface GigabitEthernet1/0/18
  !
  interface GigabitEthernet1/0/19
  !
  interface GigabitEthernet1/0/20
  !
  interface GigabitEthernet1/0/21
  !
  interface GigabitEthernet1/0/22
  !
  interface GigabitEthernet1/0/23
  !
  interface GigabitEthernet1/0/24
  !
  interface GigabitEthernet1/0/25
  !
  interface GigabitEthernet1/0/26
  !
  interface GigabitEthernet1/0/27
  !
  interface GigabitEthernet1/0/28
  !
  interface Vlan1
  IP 10.1.2.12 255.255.255.0
  !
  IP http server
  IP http secure server
  activate the IP sla response alerts
  recording of debug trap
  10.1.2.1 host connection tcp port 514 RADIUS-server host 10.1.2.1 transport auth-port 1812 acct-port 1646 timeout 3 retransmit testing123 key 3.
  Line con 0
  line vty 0 4
  password password
  line vty 5 15
  password password
  !
  end

  interface GigabitEthernet1/0/16
  !
  interface GigabitEthernet1/0/17
  !
  interface GigabitEthernet1/0/18
  !
  interface GigabitEthernet1/0/19
  !
  interface GigabitEthernet1/0/20

  Have you run wireshark on the server because the request to switch? If so you make sure that there is a response from the server? For Windows network POLICY Server (I've never tried Centos), you must ensure that the request is related to a policy which then authenticates, or denies access. Usually, it is a matter of such attributes and the seller.

  Regarding the configuration, it seems a bit out of the AAA. Try to remove the:

  line "aaa dot1x group service radius authentication" and this by using instead:

  "aaa dot1x default radius authentication group". After the dot1x word you are supposed to provide a list of the authentication or the default Word if you do not want to use a list.

• Dot1x multidomain on Catalyst 2960

  Hello

  I improved my 2960 with the latest basic version of LAN 12.2 (46) which includes the authentication of domain Multi (MDA) and I tried to configure what is described here:

  http://www.Cisco.com/en/us/Tech/tk389/tk814/technologies_configuration_example09186a00808abf2d.shtml

  I have the following exceptions in my configuration:

  (1) SE - cat 2960 with the latest version of IOS 12.2 (46) that supports the MDA;

  (2) using the Win2K IAS as a server radius. and

  (3) third party (Avaya) with active begging dot1x IP phone. I have a PC with ability to dot1x connected to the second port of the IP phone.

  That's what I set up on the phone IP port:

  interface FastEthernet0/9

  switchport access vlan 221

  switchport mode access

  switchport voice vlan 222

  dot1x EAP authenticator

  self control-port dot1x

  multi-domain host-mode dot1x

  protect the dot1x violation-mode

  dot1x reauth-deadline 30

  dot1x re-authentication

  spanning tree portfast

  I also configured the server Radius IAS Win2K to send RADIUS 'cisco-av-pair attribute' tell the authenticator (Cisco Catalyst 2960) that a supplicant (IP phone) is authorized on the voice VLAN as described in config-notes above link.

  When the supplicant IP phone starts to authenticate, he succeeds, but that the port does not allow the field of VOICE, even though the 2960 receives the attribute "cisco-av-pair" of the Radius Server RADIUS. I confirmed the reception of this attribute of debugging on the switch.

  RADIUS: Receipt of id 160.2.100.74:1645 1645/64, Access-Accept, len

  110

  17:02:38: RADIUS: authenticator 7 d AC 50 FE 14 B4 FC DC - 3A A4 E5 3F 1E 76 62

  C3

  17:02:38: RADIUS: EAP-Message [79] 6

  17:02:38: RADIUS: 03 05 00 04

  17:02:38: RADIUS: [25] in class 32

  17:02:38: RADIUS: 44 05 05 A2 00 00 01 37 00 01 A0 02 64 4A C9 01 1 33 79 52

  D8 58 00 00 00 00 00 00 1 b E7 [D7dJ3yRX]

  17:02:38: RADIUS: seller, Cisco [26] 34

  17:02:38: RAY: Cisco-AVpair [1] 28 'device-traffic-class = voice.

  17:02:38: RADIUS: Message-Authenticato [80] 18

  17:02:38: RADIUS: D9 42 78 88 26 5A 65 83 68 B0 E0 C7 AF 5TH 0F 51 [B

  [x & Zeh ^ Q]

  17:02:38: RADIUS (00000009): receipt of id 1645/64

  17:02:38: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes

  Cat2960 #show dot1x int fa0/9 details

  Dot1x FastEthernet0/9 information

  -----------------------------------

  EAP AUTHENTICATOR =

  PortControl = AUTO

  ControlDirection = both

  HostMode = MULTI_DOMAIN

  Violation mode = PROTECT

  A re-authentication = on

  QuietPeriod = 60

  ServerTimeout = 0

  SuppTimeout = 30

  ReAuthPeriod = 30 (configured locally)

  ReAuthMax = 2

  MaxReq = 2

  TxPeriod = 30

  RateLimitPeriod = 0

  Dot1x authenticator customer list

  -------------------------------

  Domain = DATA

  "Supplicant" = 0004.0d9b.46d8

  AUTH State = AUTHENTICATED SM

  AUTH BEND State IDLE = SM

  Port status = AUTHORIZED

  ReAuthPeriod = 30

  ReAuthAction = is re-authenticated

  TimeToNextReauth = 20

  Authentication method = Dot1x

  Authorized by = authentication server

  Policy of VLAN = n/a

  I don't think I need CDP to allow the field of voice, if the Radius server sends the attribute "cisco-av-pair".

  Have I misunderstood the concept?

  Thank you!

  You can share the config switch?

  Missing for example aaa authorization network default radius group?

• Connection Cisco UCS 6120 FI directly to Cisco Catalyst 6500?

  I watch a lot of design with the Cisco UCS solution guide and everywhere it is Cisco Nexus 5000/7000 connects to the uplink ports of Cisco UCS 6120 FI with the benefits of technology to the vPC.

  How about connect Cisco UCS 6120 FI directly to 10GE ports in Cisco Catalyst 6500 (without VSS and VSS)? It is possible to design?

  If I use C6500VSS there will be port-channel of the aggregation of the UCS Nx10GE all the bandwidth?

  And what happens if I use C6500 (without VSS) - how it will be on the many links between UCS and two boxes C6500? It will be blocked by STP? A little on the other?

  Please explain to me, because we have only C6500 switches in our data center and want to test a Cisco UCS schassis.

  Yes, you can connect the 6120 s to cat6500s with or without vs. With VSS, you get a vPC as port channel where 2 links to a single 6120 can be connected to different 2 6500 s in a port LACP-channel.

  VSS is not necessary, you can connect a 10 G uplinks / 1 G of 1 or more of a 6120 at cat6500s. I you have 2 cat6500s (non - vss) and 2 uplinks by 6120, then you want to connect 1 cat6500-1 and the other to cat6500-2. I would recommend going ahead and creating a single port-channel port so that you can easily add the uplinks in the furture without interruption of service.

  Ideally, for non - vss, I would have 4 10 uplinks by 6120; 2 in a channel port cat6500-1 and 2 in a port in cat6500-2 channel

• Problem with VLAN between Cisco Catalyst (3560G) and SG300-52

  I am having trouble with the creation of a trunk of vlan between a SG300-52 and a Cisco Catalyst 3560 G.  I have 4 VLANS (1, 2, 10 and 11) on the 3650 and I need ports on the SG300 to be able to communicate with them.

  On the 3560, port 14 is defined as:

  interface GigabitEthernet0/14

  switchport trunk encapsulation dot1q

  switchport mode trunk

  spanning tree portfast

  On the Sg300 port 52 is defined as:

  interface GigabitEthernet52

  point to point link type spanningtree

  switchport trunk allowed vlan add 1,2,10,11

  description macro switch

  Try to understand what the problem... Any help would be appreciated.

  Thank you

  Chris

  Hi Chris, the first problem is the spanning tree portfast, it shouldn't be on an interconnection network switch. You may have a mismatch of vlan native as well, but that shouldn't matter.

  A suggestion, however, the value of the port SG300 general mode and disable the input filter.

  -Tom
  Please mark replied messages useful

• PC8132F to Cisco Catalyst 3600

  Nice day

  I hope someone can help me here, I'll have questions, get a channel on port with 802. 1 q, working between a stack of 2 devices of the switches 8132F and a single Cisco Catalyst 3600, this switch series switch cannot be removed due to regulations graduates by a Government Department that works to and I need to put an effective link between the switch and our new 8132F switches (this was easy until the network was fully Cisco) but for the life of me I can't not operate. When I connect the ports (well I connect only 1 because I'm testing only at this stage, in the end, it will be two)

  Here's the configs for two switches

  Cisco:

  Interface Port-Channel 4

  Description box EtherChannel to Dell Core

  switchport trunk encapsulation dot1q

  switchport trunk allowed vlan 1-4

  switchport mode trunk

  broadcast storm control 60.00

  interface GigabitEthernet1/3

  Description box to Dell Core EtherChannel * PORT 01 *.

  switchport trunk encapsulation dot1q

  switchport trunk allowed vlan 1-4

  switchport mode trunk

  broadcast storm control 60.00

  spanning tree portfast trunk

  spanning tree guard root

  channel-group mode 4 on

  !

  interface GigabitEthernet1/4

  Description box to Dell Core EtherChannel * 02 PORT *.

  switchport trunk encapsulation dot1q

  switchport trunk allowed vlan 1-4

  switchport mode trunk

  broadcast storm control 60.00

  spanning tree portfast trunk

  spanning tree guard root

  channel-group mode 4 on

  !

  Dell:

  interface port-channel 24
  Description "2 Port EtherChannel link Cisco 3600"
  switchport mode trunk
  switchport trunk allowed vlan 1-4
  dvlan-tunnel mode
  port-channel min-links 1
  output
  !
  interface Te1/0/24
  Description "2 Port EtherChannel link Cisco 3600"
  active in mode channel-group 24
  Storm-control broadcasts 60
  switchport mode trunk
  switchport trunk allowed vlan 1-4
  dvlan-tunnel mode
  output
  !
  interface Te2/0/24
  Description "2 Port EtherChannel link Cisco 3600"
  active in mode channel-group 24
  Storm-control broadcasts 60
  switchport mode trunk
  switchport trunk allowed vlan 1-4
  dvlan-tunnel mode
  output

  Any help would be appreciated more

  Concerning

  Justin

  jpsimmonds, I sent an email and look forward to your response.

• Replacement Module supervisor in Cisco Catalyst 6500 VSS 1440

  Hello forum Cisco team!

  I am trying to replace a defective supervisor (Sup720 VS 10 G) on a pair of Catalyst 6509 VSS. I received the RMA and the document Replace Module, supervisor of the Cisco Catalyst 6500 Virtual Switching System 1440 (the document is attached) with the procedure. After going through the steps, I have a few questions during the installation of the new supervisor:

  1. do all links (including the VSL) must be connected before feeding the new supervisor? It comes from before that image and the boot config is copied to the new supervisor.

  2. once the startup config and the image is copied from the active VSS switch in the new supervisor, the document said to check orders for priority switch in the copied startup config form the active VSS, but the priority of each switch is not stored in the startup configuration as far as I know. Can you please clarify this?

  My goal is to add the new supervisor engine without disrupting the current active VSS switch.

  Thank you in advanced for your support!

  Hey,.

  With regard to your questions:

  1. do all links (including the VSL) must be connected before feeding the new supervisor? It comes from before that image and the boot config is copied to the new supervisor. - Yes

  2. once the startup config and the image is copied from the active VSS switch in the new supervisor, the document said to check orders for priority switch in the copied startup config form the active VSS, but the priority of each switch is not stored in the startup configuration as far as I know. Can you please clarify this? - Once you convert the switch for VSS priorities will be stored in the startup configuration file. Please visit the following link:

  http://www.Cisco.com/c/en/us/TD/docs/switches/LAN/catalyst6500/IOS/12-2Sx/configuration/guide/book/VSS.html#wp1111770

  However, it is no longer recommended and therefore should be avoided. I suggest you not setting is not the priority.

  HTH.

  Kind regards

  RS.

• Cisco Catalyst 3750 G cable StackWise Query

  Hi everyone, I hope you can shed some light on my question.

  I have a job reserved Friday to add a switch to an existing fireplace. I was wondering at what point I need to use a longer cable to complete the ring.

  The existing stack consists of 2 x Cisco Catalyst 3750 G-24TS-24 switches are the 1.5U models and I will be adding a 3750 G-12-12 to the stack. So a total of 4U.

  So I guess my question is, do you think that the CAB-STACK - 50CM = cable supplied with the unit will be long enough, or do you think I will need to order a CAB-STACK - 1 M =? It's been a while since I've done it and I think remember me being quite stiff and bulky cables. All switches are in order without a space.

  Kind regards

  Mike

  Disclaimer

  The author of this announcement offers the information in this publication without compensation and with the understanding of the reader that there is no implicit or explicit adequacy or adaptation to any purpose. Information provided is for information purposes only and should not be interpreted as making the professional advice of any kind. Use information from this announcement is only at risk of the reader.

  RESPONSIBILITY

  Any author will be responsible for any damage that it (including, without limitation, damages for loss of use, data or profits) arising out of the use or inability to use the information in the view even if author has been advised of the possibility of such damages.

  Poster

  If you do the 'classic' connections, i.e. 1 to 2, 2 to 3, 3, 4, and 4 to 1, and the 50CM won't reach between 1 and 4, you should be able to use shorter cables as: 1-2 and 1-3 and 4-2 and 4-3.

  PS:

  BTW, remember that 12-12 can use SDM models incompatible with the 3750 G.  I.e., ensure the 12-12 has a model SDM compatible before connect you to the battery.

• Compatibility matrix for Cisco Catalyst 3012 Switch Module

  Hello

  I'm checking the compatibility of the VMware vSphere 5.5U1 Guide and an IBM switch module Part Number: 43W4401 product name: Cisco Catalyst Switch Module 3012. The search of the matrix returns Cisco 1GigE I350 LOM who seems to identify the drivers of Cisco.

  Can anyone help clarify and check if this IBM re-branded chassis switch module is supported and to a specific firmware for the switch code? Thank you all.

  L2/L3 switches are off-limit of drivers for vSphere hypervisor, so you don't find on the HCL...

  Here's IBM BladeCenter matrix interop for VMware:

  IBM ServerProven compatibility

  and here is the interoperability of the switch Cisco Catalyst 3012 with IBM BladeCenter chassis:

  IBM BladeCenter Interoperability Test program

  I hope this helps...

• PoE for Cisco Catalyst 2960PD-8TT-L

  Hello

  Will deploy this device for a small office. Just a quick question, a Cisco Catalyst 2960PD-8TT-l switch provides PoE on all its 8 ports or simply powered through his PoE uplink port.

  Read the URL below, but did not have much info. TIA!

  http://www.Cisco.com/en/us/prod/collateral/switches/ps5718/ps6406/produc...

  Sent by Cisco Support technique iPhone App

  Sorry John, my comment is not directed at you.  The link you posted, the content is very, the lack of a better term, misleading.

  http://www.Cisco.com/en/us/products/ps12200/prod_models_comparison.html

  Go to this site instead.  It shows that the model you have chosen has NO PoE.  Instead, it uses the PoE of a switch upstream to turn.

• Cisco Catalyst 6509 and 6513 goes into config race disk0: / Backup Script

  We use a Cisco Catalyst 6509 and 6513 switches in our network LAN and Man.

  Please help me and share the script to take backup of all respective running to their disk0 configuration switches: / per week.

  Double post.

• Cisco Catalyst 6509 and 6513 running config backup to their respective disk0: / Script

  We use a Cisco Catalyst 6509 and 6513 switches in our network LAN and Man.

  Please help me and share the script to take backup of all respective running to their disk0 configuration switches: / per week.

  Kind regards

  Vinay

  Double post.

• Cisco Catalyst 4503-> Cisco 3560 L3-> Cisco 2960 L2-> Cisco SMB switch

  Hi Experts,

  I am trying to add a Cisco SMB SF300 - 24 Switch to an infrastructure that has only the Cisco Catalyst switches

  The base layer is Cisco Cataylst 4503. Distribution is Cisco Catalyst 3560 and Cisco 2960 switches access layer.

  There are about 30 VLAN present in the infrastructure that is announced to all switches using VTP. Inter VLAN routing takes place at basic switches

  by creating the Interface VLAN for each VLAN of L2.

  1. the new 150 VLAN must be created on the new Cisco SMB switch. If I create a corresponding interface 150 VLAN on core switches, it will forward the other VLANs traffic just as he is currently working for Cisco 2960 Catayst switches?

  2. While they inspected, I could see that the DERIVATIVE is not supported on the Cisco SMB switches and I would need to go GVRP if I need to make advertising information to other switches VLAN. But since GVRP is only supported on CatOS and there is no inter operability between GVRP and DERIVED, I would need to manually create the VLAN on the new switch. Is this correct?

  Help, please!

  Thank you very much

  ANUP

  Good afternoon Anup Sasikumar

  Please use our forum

  My name is Johnnatan I am part of the community of support to small businesses, I saw your post and I understand that you want to configure VTP and GVRP.

  I'm afraid you will have to configure it manually each Vlan in each device CatOS GVRP, in order to keep their databases vlan in sync. As you say, VTP is support it not in CatOS

  You can try to connect the two protocols, but I encourage you do not follow this procedure.

  On your question about intervlan routing, if you create a corresponding interface 150 VLANS on switches to base it is routed, if your configuration is correct (port access, ports of junction, intervlan etc..)

  I hope that you will find this answer useful, if it was satisfactory to you, please indicate the question as answer.

  Please evaluate the useful messages.

  Greetings,

  Johnnatan Rodriguez Miranda.

  Support of Cisco network engineer

• Aironet 1252 with catalyst 2960-8TC-L & 1841 router compatibility

  Hello

  First of all they are togther a good combination?

  I'll buy new ap 1252 and switch catalyst 2960-8TC-L my question can I connect the access point to 1 x 10/100/1000Base-T/SFP (mini-GBIC) (uplink) port?

  because to work on ap with capacity 300 Mbps, it needs port 1000, I will use to power ap powerinjector.

  It will be 15 sereve pc as a working group and 60 customers on wlan.

  Concerning

  Saher

  Depending on the type of traffic and bandwidth customer requirements demand, you might need a couple more of ap which means you may have to settle for a switch of 24 ports. Cisco recommends 15-25 users by so, but still, you can have more if it's just e-mail and web browsing.

• PIX: Cisco VPN Client connects but no routing

  Hello

  We have a Cisco PIX 515 with software 7.1 (2). He accepts Cisco VPN Client connections with no problems, but no routing does to internal networks directly connected to the PIX. For example, my PC is affected by the IP 172.16.2.57 and then ping does not respond to internal Windows server 172.16.0.12 or trying to RDP. The most irritating thing is that these attempts are recorded in the system log, but always ended with "SYN timeout", as follows:

  2009-01-06 23:23:01 Local4.Info 217.15.42.214% 302013-6-PIX: built 3315917 for incoming TCP connections (172.16.2.57/1283) outside:172.16.2.57/1283 inside: ALAI2 / 3389 (ALAI2/3389)

  2009-01-06 23:23:31 Local4.Info 217.15.42.214% 302014-6-PIX: TCP connection disassembly 3315917 for outside:172.16.2.57/1283 inside: ALAI2 / 3389 duration 0:00:30 bytes 0 SYN Timeout

  2009-01-06 23:23:31 Local4.Debug 217.15.42.214% 7-PIX-609002: duration of disassembly-outside local host: 172.16.2.57 0:00:30

  We tried to activate and deactivate "nat-control", "permit same-security-traffic inter-interface" and "permit same-security-traffic intra-interface", but the results are the same: the VPN connection is successfully established, but remote clients cannot reach the internal servers.

  I enclose the training concerned in order to understand the problem:

  interface Ethernet0

  Speed 100

  full duplex

  nameif outside

  security-level 0

  IP address xx.yy.zz.tt 255.255.255.240

  !

  interface Ethernet1

  nameif inside

  security-level 100

  172.16.0.1 IP address 255.255.255.0

  !

  access extensive list ip 172.16.0.0 inside_nat0_outbound allow 255.255.255.0 172.16.2.56 255.255.255.248

  !

  access extensive list ip 172.16.0.0 outside_cryptomap_dyn_20 allow 255.255.255.0 172.16.2.56 255.255.255.248

  !

  VPN_client_group_splitTunnelAcl list standard access allowed 172.16.0.0 255.255.255.0

  !

  IP local pool pool_vpn_clientes 172.16.2.57 - 172.16.2.62 mask 255.255.255.248

  !

  NAT-control

  Global xx.yy.zz.tt 12 (outside)

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 12 172.16.0.12 255.255.255.255

  !

  internal VPN_clientes group strategy

  attributes of Group Policy VPN_clientes

  xxyyzz.NET value by default-field

  internal VPN_client_group group strategy

  attributes of Group Policy VPN_client_group

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list VPN_client_group_splitTunnelAcl

  xxyyzz.local value by default-field

  !

  I join all the details of the cryptographic algorithms because the VPN is successfully completed, as I said at the beginning. In addition, routing tables are irrelevant in my opinion, because the inaccessible hosts are directly connected to the internal LAN of the PIX 515.

  Thank you very much.

  can you confirm asa have NAT traversal allow otherwise, activate it in asa and vpn clients try again.

  PIX / ASA 7.1 and earlier versions

  PIX (config) #isakmp nat-traversal 20

  PIX / ASA 7.2 (1) and later versions

  PIX (config) #crypto isakmp nat-traversal 20