Cisco c3750G 24TS S
Hi all
I have a cisco model c3750G-24TS - S switch.
My switch is not able to boot itself.
I'm in switch: mode.
When I flash fire of dir: command then it shows
switch: dir flash:
Are you sure you want to remove ' / force ' (y/n)? There
File ' / force ' not cancelled - no such device
Are you sure you want to remove "flash: / crashinfo" (y/n)? There
File "flash: / crashinfo" not cancelled - is a directory
2 - rwx 11494274
c3750-ipbase9 - mz.122 - 53.SE2.bin
Console in the switch and restart. After all the startup process.
In my view, that the IOS file is damaged or is not complete.
Tags: Cisco Support
Similar Questions
-
CISCO 3750: OSPF interface IP unnumbered
Hi Expert,
This is the first time that I'm working on OSPF and IP Unnumbered interfaces.
My task is to adjacencies OSPF put forward two switches CISCO 3750 connected back-to-back by IP of interfaces not numbered. I use the loopback interface to borrow the IP addresses for the interfaces not numbered on both CISCO switches. After trying so many times, OSPF is not at all to come through Unnumbered interfaces but when tried with numbered interface was fine.
I'm pasting here complete running-config. Please help me to solve the problem:
Here is the brief info put in place:
R1(Gi1/0/19) - R (article gi1/0/19)
Swicth R1:
===========
Current configuration: 2129 bytes
!
version 12.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
Switch host name
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
1 supply ws-c3750g-24ts-1u switch
mtu 1500 routing system
IP subnet zero
IP routing
!
!
!
!
!
!
!
!
!
!
pvst spanning-tree mode
spanning tree extend id-system
!
internal allocation policy of VLAN ascendant
!
!
!
!
interface Loopback1
IP 10.10.10.10 address 255.255.255.0
!
GigabitEthernet1/0/1 interface
Shutdown
!
interface GigabitEthernet1/0/2
Shutdown
!
interface GigabitEthernet1/0/3
Shutdown
!
interface GigabitEthernet1/0/4
Shutdown
!
interface GigabitEthernet1/0/5
Shutdown
!
interface GigabitEthernet1/0/6
Shutdown
!
interface GigabitEthernet1/0/7
Shutdown
!
interface GigabitEthernet1/0/8
Shutdown
!
interface GigabitEthernet1/0/9
Shutdown
!
interface GigabitEthernet1/0/10
Shutdown
!
interface GigabitEthernet1/0/11
Shutdown
!
interface GigabitEthernet1/0/12
Shutdown
!
interface GigabitEthernet1/0/13
Shutdown
!
interface GigabitEthernet1/0/14
Shutdown
!
interface GigabitEthernet1/0/15
Shutdown
!
interface GigabitEthernet1/0/16
Shutdown
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
Shutdown
!
interface GigabitEthernet1/0/19
No switchport
IP unnumbered Loopback1
IP ospf network point
!
interface GigabitEthernet1/0/20
Shutdown
!
interface GigabitEthernet1/0/21
Shutdown
!
interface GigabitEthernet1/0/22
Shutdown
!
interface GigabitEthernet1/0/23
Shutdown
!
interface GigabitEthernet1/0/24
Shutdown
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
Shutdown
!
router ospf 100
router ID - 100.100.100.100
Log-adjacency-changes
Network 10.10.10.0 0.0.0.255 area 0
!
IP classless
IP route 20.20.20.20 255.255.255.255 GigabitEthernet1/0/19
IP http server
IP http secure server
!
!
!
control plan
!
!
Line con 0
line vty 5 15
!
!
control the source session interface 1 item in gi1/0/19
control interface of destination session 1 item in gi1/0/17
end
===
The #show switch ip interface brief | include the
The #show switch ip interface brief | include the
GigabitEthernet1/0/17 no undefined upward down YES
GigabitEthernet1/0/19 10.10.10.10 YES manual up up
Loopback1 10.10.10.10 YES manual up up
==================================================
Switch R2:
==================
Switch #sho run
Switch #sho running-config
Building configuration...
Current configuration: 2079 bytes
!
version 12.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
Switch host name
!
boot-start-marker
boot-end-marker
!
!
!
!
No aaa new-model
switch 1 supply ws-c3750g-24 t
mtu 1500 routing system
allow authentication mac-move
IP subnet zero
IP routing
!
!
!
!
!
!
!
!
pvst spanning-tree mode
spanning tree etherchannel guard misconfig
spanning tree extend id-system
!
internal allocation policy of VLAN ascendant
!
!
!
!
interface Loopback1
IP 20.20.20.20 255.255.255.0
!
GigabitEthernet1/0/1 interface
Shutdown
!
interface GigabitEthernet1/0/2
Shutdown
!
interface GigabitEthernet1/0/3
Shutdown
!
interface GigabitEthernet1/0/4
Shutdown
!
interface GigabitEthernet1/0/5
Shutdown
!
interface GigabitEthernet1/0/6
Shutdown
!
interface GigabitEthernet1/0/7
Shutdown
!
interface GigabitEthernet1/0/8
Shutdown
!
interface GigabitEthernet1/0/9
Shutdown
!
interface GigabitEthernet1/0/10
Shutdown
!
interface GigabitEthernet1/0/11
Shutdown
!
interface GigabitEthernet1/0/12
Shutdown
!
interface GigabitEthernet1/0/13
Shutdown
!
interface GigabitEthernet1/0/14
Shutdown
!
interface GigabitEthernet1/0/15
Shutdown
!
interface GigabitEthernet1/0/16
Shutdown
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
Shutdown
!
interface GigabitEthernet1/0/19
No switchport
IP unnumbered Loopback1
IP ospf network point
!
interface GigabitEthernet1/0/20
Shutdown
!
interface GigabitEthernet1/0/21
Shutdown
!
interface GigabitEthernet1/0/22
Shutdown
!
interface GigabitEthernet1/0/23
Shutdown
!
interface GigabitEthernet1/0/24
Shutdown
!
interface Vlan1
no ip address
Shutdown
!
router ospf 100
router ID - 200.200.200.200
Log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
!
IP classless
Route IP 10.10.10.10 255.255.255.255 GigabitEthernet1/0/19
IP http server
IP http secure server
!
!
activate the IP sla response alerts
!
!
!
Line con 0
line vty 5 15
!
!
control the source session interface 1 item in gi1/0/19
control interface of destination session 1 item in gi1/0/17
end
====================
The #sho switch ip interface brief | include the
GigabitEthernet1/0/17 no undefined upward down YES
20.20.20.20 GigabitEthernet1/0/19 YES manual up up
Loopback1 20.20.20.20 YES manual up up
====================================
Thank you very much in advance for your answer!
Kind regards
Aerts
Hi AEK.
the IP unnumbered command does not work on multiaccess-interfaces such as Ethernet (even when you set it up as a point-to-point OSPF):
Understand and configure the IP without order number
Cisco IOS IP Addressing Services Command Reference #ip unnumberd
HTH
Rolf
[EDIT]:
... apparently, with the exception of high range as the 6 k platforms:
Order history
(...)
12.2 (18) SXF: this command has been modified to support the physical Ethernet interfaces and switched virtual interfaces (LASS).
-
Configuration of the Cisco etherchannel stack: flag stuck in stand alone
I'm putting in place an etherchannel for my stack of Cisco (switch Catalyst 3750 G x 2), with a port on each switch the etherchannel. The example of battery cross http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00806cb982.shtml using as a guide, I created my channel. However when I discovered "show etherchannel summary 6 ' it says that both my ports are stand-alone, when I want them to be in port channel grouped in. Thank you in advance for your help, I added all the information I could think.
Here is how I created the etherchannel
sailing-sw-1 #conf t
sailing-sw-1 (config) #interface gigabiteethernet 0/1/10
active in sail-sw-1(config-if) mode #channel-group 6
sailing-sw-1(config-if) #switchport trunk encapsulation dot1q
sailing-sw-1(config-if) #switchport mode trunk
sailing-sw-1(config-if) #exit
sailing-sw-1 (config) #interface gigabiteethernet 0/1/10
active in sail-sw-1(config-if) mode #channel-group 6
sailing-sw-1(config-if) #switchport trunk encapsulation dot1q
sailing-sw-1(config-if) #switchport mode trunk
sailing-sw-1(config-if) #exit
sailing-sw-1 (config) #exit
The running-config
sailing-sw-1 #show running-config
Building configuration...
Current configuration: 5390 bytes
!
version 12.2
no service button
horodateurs service debug uptime
Log service timestamps uptime
no password encryption service
!
sailing-sw-1 hostname
!
boot-start-marker
boot-end-marker
!
Select the 5 secret...
!
!
!
high-level description of the cisco-global macro
No aaa new-model
1 supply ws-c3750g-24ts switch
2 available ws-c3750g-24ts switch
mtu 1500 routing system
Uni-directional aggressive
!
!
!
MLS qos map cos-dscp 0 8 16 24 32 46 46 56
!
Crypto pki trustpoint TP-self-signed-538118016
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 538118016
revocation checking no
rsakeypair TP-self-signed-538118016
!
!
TP-self-signed-538118016 crypto pki certificate chain
certificate self-signed 01
30...
AF
quit smoking
!
!
!
errdisable recovery cause link-flap
60 errdisable recovery interval
port-channel - the balance of the load src-dst-mac
!
spanning tree mode rapid pvst
spanning tree default loopguard
No spanning tree optimize transmission of bpdus
spanning tree extend id-system
!
internal allocation policy of VLAN ascendant
!
!
!
Interface Port-channel6
!
GigabitEthernet1/0/1 interface
No auto mdix
!
interface GigabitEthernet1/0/2
No auto mdix
!
interface GigabitEthernet1/0/3
No auto mdix
!
interface GigabitEthernet1/0/4
No auto mdix
!
interface GigabitEthernet1/0/5
No auto mdix
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
No auto mdix
!
interface GigabitEthernet1/0/8
No auto mdix
!
interface GigabitEthernet1/0/9
No auto mdix
!
interface GigabitEthernet1/0/10
switchport trunk encapsulation dot1q
switchport mode trunk
No auto mdix
active in mode channel-group 6
!
interface GigabitEthernet1/0/11
No auto mdix
!
interface GigabitEthernet1/0/12
No auto mdix
!
interface GigabitEthernet1/0/13
No auto mdix
!
interface GigabitEthernet1/0/14
No auto mdix
!
interface GigabitEthernet1/0/15
No auto mdix
!
interface GigabitEthernet1/0/16
No auto mdix
!
interface GigabitEthernet1/0/17
No auto mdix
!
interface GigabitEthernet1/0/18
No auto mdix
!
interface GigabitEthernet1/0/19
No auto mdix
!
interface GigabitEthernet1/0/20
No auto mdix
!
interface GigabitEthernet1/0/21
No auto mdix
!
interface GigabitEthernet1/0/22
No auto mdix
!
interface GigabitEthernet1/0/23
No auto mdix
!
interface GigabitEthernet1/0/24
No auto mdix
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
GigabitEthernet2/0/1 interface
No auto mdix
!
interface GigabitEthernet2/0/2
No auto mdix
!
interface GigabitEthernet2/0/3
No auto mdix
!
interface GigabitEthernet2/0/4
No auto mdix
!
interface GigabitEthernet2/0/5
No auto mdix
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
No auto mdix
!
interface GigabitEthernet2/0/8
No auto mdix
!
interface GigabitEthernet2/0/9
No auto mdix
!
interface GigabitEthernet2/0/10
switchport trunk encapsulation dot1q
switchport mode trunk
No auto mdix
active in mode channel-group 6
!
interface GigabitEthernet2/0/11
No auto mdix
!
interface GigabitEthernet2/0/12
No auto mdix
!
interface GigabitEthernet2/0/13
No auto mdix
!
interface GigabitEthernet2/0/14
No auto mdix
!
interface GigabitEthernet2/0/15
No auto mdix
!
interface GigabitEthernet2/0/16
No auto mdix
!
interface GigabitEthernet2/0/17
No auto mdix
!
interface GigabitEthernet2/0/18
No auto mdix
!
interface GigabitEthernet2/0/19
No auto mdix
!
interface GigabitEthernet2/0/20
No auto mdix
!
interface GigabitEthernet2/0/21
No auto mdix
!
interface GigabitEthernet2/0/22
No auto mdix
!
interface GigabitEthernet2/0/23
No auto mdix
!
interface GigabitEthernet2/0/24
No auto mdix
!
interface GigabitEthernet2/0/25
!
interface GigabitEthernet2/0/26
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
the IP 192.168.0.1 255.255.255.0
!
default IP gateway - 192.168.76.102
IP classless
IP http server
IP http secure server
!
activate the IP sla response alerts
!
!
Line con 0
line vty 0 4
password Mil19
opening of session
line vty 5 15
password Mil19
opening of session
!
end
Interface port-channel 6
(in the example, there should be this line "identified in this channel: Gi2/article-gi1/0/10 0 / 10 ')
sailing-sw-1 #show interfaces port-channel 6
Channel6 port is down, line protocol is down (notconnect)
Material is EtherChannel, address is 0000.0000.0000 (bia 0000.0000.0000)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
KeepAlive set (10 sec)
Link auto-duplex type, automatic speed is automatic, media type is unknown
input stream control is turned off, output flow control is not supported
Type of the ARP: ARPA, ARP Timeout 04:00
Last entry, never, never hang output
Final cleaning of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 0
Strategy of queues: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bps, 0 packets/s
5 minute output rate 0 bps, 0 packets/s
0 packets input, 0 bytes, 0 no buffer
Received 0 emissions (0 multicasts)
0 Runts, 0 giants, 0 shifters
entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored
Watchdog 0, multicast 0, break 0 comments
entry packets 0 with condition of dribble detected
exit 0 packets, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, collision end 0, 0 deferred
carrier, 0 no carrier, lost 0 0 output BREAK
output buffer, the output buffers 0 permuted 0 failures
EtherChannel 6 Summary
sailing-sw-1 #show etherchannel 6 Summary
Flags: - Low P - D bundled in port-channel
I have - autonomous s - suspended
H Eve (LACP only)
R - Layer 3 S - Layer2
U - running f - cannot allocate an aggregator
M - don't use, minimum contacts not satisfied
u - unfit to tied selling
w waiting to be aggregated
d default port
Number of channels: 1
Number of aggregators: 1
Protocol for the Port-Channel port group
------+-------------+-----------+-----------------------------------------------
6 Po6 (SD) LACP Gi1/0/10 (I) Gi2/0/10 (I)
Hello
It seems that the grouping of NIC Linux box does not work properly. Please
Check on the side of Linux.
Kind regards
NT
-
Redirect WCCP and Performance hit on 3750
Maybe it's more of a "resizing" qtn more than anything else.
Yesterday, I activated wccp redirect on a stack of distribution has collapsed/3750 of base, in an office with 150users. WAI is model 612.
As soon as the configuration of the redirect has been applied, I found the network slowing significantly and received an event alert CPU of NEM, reports that CPU on 3750 stack exceeds the set threshold (65%). Put the threshold on the one hand, the cli is terribly slow and so I removed immediately redirect to the relevant interfaces. He bought the network back to normal in terms of performance.
Is this a calibration problem or maybe a bad configuration or something else...?
WAE:
EDGE-WAE-01 #show worm
Cisco Wide Area Application Services (WAAS) software
Copyright (c) 1999-2009 by Cisco Systems, Inc.
Cisco Wide Area Application Services Software Release 4.1.3 (build b55 April 18, 2009)
Version: oe612 - 4.1.3.5500:13:45 compiled April 18, 2009 by cnbuild
System has been restarted on Tue Apr 27 04:30:10 2010.
The system was 6 hours, 21 minutes, 0 seconds.EDGE-WAE-01 #show inv
PID: WAE-612-K9 VID: 0 SN: KQLLZBL
EDGE-WAE-01 #sh worm
Cisco Wide Area Application Services (WAAS) software
Copyright (c) 1999-2009 by Cisco Systems, Inc.
Cisco Wide Area Application Services Software Release 4.1.3 (build b55 April 18, 2009)
Version: oe612 - 4.1.3.5500:13:45 compiled April 18, 2009 by cnbuild
System has been restarted on Tue Apr 27 04:30:10 2010.
The system was 6 hours, 31 minutes, 8 seconds.EDGE-WAE-01 # poster run | WCCP Inc.
WCCP router-list of the 1 10.10.50.1
WCCP promiscuity of tcp router-list-num 1 l2-redirect
WCCP version 2
!
evacuation-method interception-method wccp negotiated return!
---------------------------------------------------------------------------------------
3750:
edge-cre-01 #show sdm prefer
The current model is "routing Office" model.
The chosen model optimizes resources in
the switch to sustain this level of features for
8 routed interfaces and 1024 VLANS.!
processor of WS-C3750G-24TS-1U (PowerPC405) Cisco (revision F0) with K 131072 bytes of memory.
512K bytes of memory simulated by flash not volatile configuration.
SW Version SW Image model switch ports
------ ----- ----- ---------- ----------
* WS-C3750G-24TS-1U 12.2 1 28 (50) SE3 C3750-IPSERVICESK9-M
2 28 WS-C3750G-24TS-1U 12.2 SE3 (50) C3750-IPSERVICESK9-MSwitch 02
---------------Switch availability: 3 days, 4 hours, 39 minutes
Configuration register is 0xF
edge-cre-01 # poster run | WCCP Inc.
61 TN-WAAS-OUT list redirect IP WCCP
62 TN-WAAS-IN redirect-list IP WCCP!
edge-cre-01 #show run | start the standard TN-WAAS-OUT ip access list
Standard TN-WAAS-OUT of access list IP
10.10.10.0 permit 0.0.1.255
permit 10.10.25.0 0.0.0.255
!
TN-WAAS-IN extended IP access list
permit tcp 10.20.0.0 0.1.255.255 10.10.10.0 0.0.1.255
permit tcp 10.20.0.0 0.1.255.255 10.10.25.0 0.0.0.255
permit tcp 10.128.16.0 0.0.0.255 10.10.10.0 0.0.1.255Here is a list of best practices to follow to do forwarding of wccp on hardware platforms such as the 3750. I found it in the link below.
http://www.Cisco.com/Web/services/news/ts_newsletter/tech/ChalkTalk/archives/200806.html
The following best practices should be applied to the implementation of WCCP on a hardware platform:
- L2 transfer
- Assignment of mask
- Interception of incoming traffic
- No ' exclude ip wccp redirect in.
Your configuration "output method negotiated return of interception-method wccp" will appeal to a WCCP GRE tunnel to create of the 3750 to CAI. All traffic will be then be redirected a software based on this configuration line.
"Game of negotiated return as the method of evacuation. With this specification, the Cisco WAE uses GRE to return traffic redirected to the router intercepting. Note: in this case, WCCP negotiated WCCP GRE return method. »
I'd stick to best practices that Zach has described in the link at the beginning of this post. It's a very well written on the WCCP redirect article.
Concerning
-
TrustSec caught SGT supported platforms and modules
Hi all
I have a question about how to determine if a Cisco router/switch supports inline tagging SGT.
Although I found a link (below) that shows what platforms and modules are required to support the inline SGT I can't surely determine yet if my switches support inline Sgt
http://www.Cisco.com/c/en/us/solutions/enterprise-networks/TrustSec/trustsec_matrix.html
Here are the relevant sections of my 3750's 'see the worm' (I know that IOS be 15.X version and type 'ipbase')
What is material support inline tagging?
Cisco IOS software, software C3750 (C3750-IPSERVICESK9-M), Version 12.2 (55) SE3,.
System image file is "flash:/c3750-ipservicesk9-mz.122-55.SE3.bin".
processor of Cisco WS-C3750G-24TS-1U (PowerPC405) (revision 01) with K 131072 bytes
memory.
Card processor ID FOC0941U2TU
Last reset of tension
3 virtual Ethernet interfaces
28 gigabit Ethernet interfaces
Password recovery mechanism is activated.512K bytes of memory simulated by flash not volatile configuration.
Basic Ethernet MAC address: 00:15:C6:F5:32:80
Motherboard set number: 10219-73-03
Power supply part number: 341-0098-01
Motherboard serial number: FOC09400WB9
Power supply serial number: AZS093800Q6
Revision of the model number: 01
Motherboard revision number: 04
Model number: WS-C3750G-24TS-S1U
System serial number: FOC0941U2TU
Top Assembly part number: 800-26859-01
Top of page revision number of the Assembly: 06
Version ID: V03
Revision number of hardware consulting: 0x02===========================================
Here are the relevant sections of my 6500's 'see the worm' (I know that IOS be 15.X version and type 'ipbase')
What is material support inline tagging?
Cisco IOS Software, s72033_rp (s72033_rp-ADVIPSERVICESK9_WAN-M), Versio
n 12.2 (33) SXI12, VERSION of the SOFTWARE (fc2)ROM: System Bootstrap, Version 12.2 S9 (14r), RELEASE SOFTWARE (fc1)
System image file is "disk0:s72033 - advipservicesk9_wan - mz.122 - 33.SXI12.bin".
processor of Cisco WS - C6506 (R7000) (version 3.0) with 458720K / 65536K bytes of mem
ORY.
Card processor ID SAL08363E5J
SR71000 pace at 600 Mhz, implemented 0 x 504, Rev 1.2, 512 KB of L2 Cache
Last reset of tension
7 virtual Ethernet interfaces
50 gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer.65536 K bytes of Flash internal SIMM (sector size of 512K).
Configuration register is 0 x 2102TIA
Restrictions and configuration notes
The guidelines and the following limitations apply to configuring Cisco TrustSec SGT and SGACL on Catalyst 3750-X and Catalyst 3560-X switches:
- You cannot statically map one IP subnet to a Sergeant you can that card to a Sgt IP addresses when you configure IP address-to-SGT mappings, the IP address prefix must be 32.
- If a port is configured as Multi-Auth mode, all hosts on this port connection must be assigned the same Sgt When a host tries to authenticate, his assigned Sergeant must be the same as Sergeant assigned to a previously authenticated host. If a host attempts to authenticate and his Sergeant is different from the previously authenticated host SGT, the port VLAN (VP) to which belong these hosts is error-disabled people.
- Cisco TrustSec execution is supported only on up to eight VLANS on a VLAN Trunk link. If there are more than eight VLANs configured on a VLAN Trunk link and Cisco TrustSec execution is enabled on VLANs, the switch ports on these links of VLAN Trunk will be error-disabled people.
- The switch can assign the SGT and apply SGACL matches from end-hosts of the SXP listen only if the end-hosts are adjacent Layer2 switch.
- Port mapping - to the-SGT can be configured only on Cisco TrustSec (i.e., switch-switch links). Port mapping - to the-SGT cannot be configured on the host-switch links.
When the port mapping - to the-SGT is configured on a port, a SGT is attributed to any circulation penetration on this port. There is no output on port traffic SGACL app.
- SGT/SGACL is supported on the network switches Cisco Catalyst 3750 - X and X-3650 which all uplink modules: C3KX-NM - 1 G, C3KX-NM - 10G, C3KX-NM-10GT and C3KX-SM - 10G. C3KX-SM - 10G is only necessary for the effect on the uplink.
- http://www.Cisco.com/c/en/us/TD/docs/switches/LAN/catalyst3750x_3560x/software/release/15-0_2_se/configuration/guide/3750x_cg/trustsec.html
-
I need to put in place a switch of distribution between the data center a police station (6509 data center) and 4507R at the office but do not know what go to fetch. 1 GB between office and data center tour will end at the distribution switch. So far, my options are WS-C3750G-24TS-E and Catalyst 3560 G-24TS. I think that the two switches can provide 32Gbps bandwidth.
Please recommend a good switch.
Yes the WS-C3750G-24TS-E Catalyst 3560 G-24TS provide 32Gbps bandwidth. Cisco Catalyst 3750 G-24TS-E will offer 32 Gbps and stacking bus at high speed and the Cisco Catalyst 3560 G-24TS switch with 32 Gbps of bandwidth transfer is a suitable choice for smaller clusters with up to 24 knots. You can go for one of these cisco switch.
-
Hello everyone, I'm trying to find a recent nat support matrix for switches catalyst, especially for the WS-C3650-24TS-L that I bought last year.
The only thing I could find was 2006 and can not find a recent. We know that this model supports the NAT? Thank you!
Hello
NAT is not supported on 3650 s.
You can check what functionality is supported on what platform quickly and easily using the Cisco navigation feature.
http://CFN.cloudapps.Cisco.com/ITDIT/CFN/JSP/SearchBySoftware.jsp
-
Why I can't command show running on cisco switch
On a single switch, I found that some commands because they show execution or copy running-config tftp: on cisco switch WS-C2960X-24TS-L does not work it see more below. How I can use the command then show generally. Thank you.
Building1_FAA_6F_SW3 #sh run
Building configuration...Current configuration: 100 bytes
!
! No change since the last restart configuration
!
boot-start-marker
boot-end-marker
!
!
!
!
!
!
end---------------------------------------------------
Building1_FAA_6F_SW3 #copy running-config tftp:
^
Invalid entry % detected at ' ^' marker.OK, so the information you provided in your latest messages confirm that the privilege level you get via telnet/vty is different from the one you get via the console. This is due to the configuration of AAA which applies to the vty ports but not on the console port.
So if you want the same rules apply to the console port, then you must configure the port console for AAA as well.
If you don't want these rules then you need to remove the AAA configurations. The best way to remove these is by typing 'no new aaa - model' However, careful not to lock you out of the unit. Make sure you have local accounts with the privilege level 15 and you also know the active password/secret.
I hope this helps!
Thank you for evaluating useful messages!
-
Setup
Cisco Catalyst 2960-S running 15.0.2 - SE8
Under Centos freeRadius 6.4 RADIUS server
Client (supplicant) running Windows 7
When Windows client is connected to the port (port 12 in my setup) with authentication of 802. 1 x active switch, show of Wireshark that catalyst sends ask EAP and the client responds with EAP response. But it made not the request to the Radius server. The RADIUS test utility 'aaa RADIUS testuser password new-code test group' works.
Here is my config running. Any advice would be greatly appreciated.
#show running mySwitch-
mySwitch #show running-config
Building configuration...Current configuration: 2094 bytes
!
version 12.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname myswitch
!
boot-start-marker
boot-end-marker
!
activate the password secret 5 $1$ Z1z6$ kqvVYRQdVRZ0h8aDTV5DR0 enable password!
!
!
AAA new-model
!
!
AAA dot1x group group radius aaa accounting dot1x default start-stop radius authentication group!
!
!
AAA - the id of the joint session
1 supply ws-c2960s-24ts-l switch
!
!
!
!
!
control-dot1x system-auth
pvst spanning-tree mode
spanning tree extend id-system
!
!
!
!
internal allocation policy of VLAN no ascendant interface FastEthernet0 no stop ip address!
GigabitEthernet1/0/1 interface
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
switchport mode access
Auto control of the port of authentication
dot1x EAP authenticator
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
IP 10.1.2.12 255.255.255.0
!
IP http server
IP http secure server
activate the IP sla response alerts
recording of debug trap
10.1.2.1 host connection tcp port 514 RADIUS-server host 10.1.2.1 transport auth-port 1812 acct-port 1646 timeout 3 retransmit testing123 key 3.
Line con 0
line vty 0 4
password password
line vty 5 15
password password
!
endinterface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20Have you run wireshark on the server because the request to switch? If so you make sure that there is a response from the server? For Windows network POLICY Server (I've never tried Centos), you must ensure that the request is related to a policy which then authenticates, or denies access. Usually, it is a matter of such attributes and the seller.
Regarding the configuration, it seems a bit out of the AAA. Try to remove the:
line "aaa dot1x group service radius authentication" and this by using instead:
"aaa dot1x default radius authentication group". After the dot1x word you are supposed to provide a list of the authentication or the default Word if you do not want to use a list.
-
The groups C3750G and object based ACL
Hi all
East of the groups of objects based ACL Supportepar C3750G switches? I found nothing on the web site of Cisco on this subject.
Hi All,
Is Object Groups based ACLs supported on C3750G switches? I could not find anything on the Cisco web site about this.
Hello
Check out the link on the subject below Group ACL, it is supported with 12.4 (20) T realease but I do not think that it is supported with cisco 3750G switch series, what I see navigator in cisco. Hope Uncle helps!
So useful note valauble post
Ganesh.H
-
Web authentication with RSA SecureID on a Cisco Switch
Hello
I recently searched by linking in our Cisco Switch of GB 2960 S with RSA SecureID via Radius
I already managed to tie in to ssh access
but I failed to make it work for http / web access to the switch
I think it's because we use 'single use' maximum security with RSA SecureID tokens
the web interface tries to authenticate several times against the Radius server RSA SecureID part
(agreement on the first authentication, but every time after that he's going to want a different code in token)
I was wondering if anyone knew a way around this? (if there is a way to get the right switch authenticate once instead of multiple times the radius server)
FYI, the switch is a WS-C2960S-24TS-L with IOS 15.0 (1) SE2
Hello Chris,
You can test the following configuration?
AAA webtac_grp radius server group
Server
expiration of cache 1
authorization cache profile httpauth
hiding authentication profile httpauth
!
AAA authentication login httpauth cache webtac_grp group webtac_grp
AAA authorization exec httpauth cache webtac_grp group webtac_grp
AAA authorization network httpauth cache webtac_grp group webtac_grp
AAA cache profile httpauth
all the
IP http server
IP http authentication aaa - authentication of the connection httpauth
IP http authentication aaa exec-authorization httpauth
RADIUS server host key *.
I know for sure the above configuration works when you use GANYMEDE + instead of RADIUS in order to avoid multiple guests due to the authentication of JAVA Applets to access the GUI of the IOS. I him have not tested against RSA acting as an authentication server.
NOTE: As "aaa authorization exec" is configured the RSA should send Service-Type attribute with administrative value for it to work as expected.
If this was helpful please note.
Kind regards.
-
Cisco Catalyst 3750 G cable StackWise Query
Hi everyone, I hope you can shed some light on my question.
I have a job reserved Friday to add a switch to an existing fireplace. I was wondering at what point I need to use a longer cable to complete the ring.
The existing stack consists of 2 x Cisco Catalyst 3750 G-24TS-24 switches are the 1.5U models and I will be adding a 3750 G-12-12 to the stack. So a total of 4U.
So I guess my question is, do you think that the CAB-STACK - 50CM = cable supplied with the unit will be long enough, or do you think I will need to order a CAB-STACK - 1 M =? It's been a while since I've done it and I think remember me being quite stiff and bulky cables. All switches are in order without a space.
Kind regards
Mike
Disclaimer
The author of this announcement offers the information in this publication without compensation and with the understanding of the reader that there is no implicit or explicit adequacy or adaptation to any purpose. Information provided is for information purposes only and should not be interpreted as making the professional advice of any kind. Use information from this announcement is only at risk of the reader.
RESPONSIBILITY
Any author will be responsible for any damage that it (including, without limitation, damages for loss of use, data or profits) arising out of the use or inability to use the information in the view even if author has been advised of the possibility of such damages.
Poster
If you do the 'classic' connections, i.e. 1 to 2, 2 to 3, 3, 4, and 4 to 1, and the 50CM won't reach between 1 and 4, you should be able to use shorter cables as: 1-2 and 1-3 and 4-2 and 4-3.
PS:
BTW, remember that 12-12 can use SDM models incompatible with the 3750 G. I.e., ensure the 12-12 has a model SDM compatible before connect you to the battery.
-
Issue between Cisco and ESX switch
It is a small deployment with an ESX Server running a Windows Small Business SERVER 2003.
ESX server has 2 network cards, previously a NIC was connected to a small FastEthernet Switch netgear and all workstations have been working on it.
I replaced the netgear with a Cisco WS-C2960S-24TS-S and the field still works fine, the problem is that I can't connect to the service console or the VI client from a computer connected to the switch.
I can't ping the IP switch ESX service console and also can not ping the switch since the service console.
Switch and ESX console can ping the Windows Virtual Machine and the virtual machine can ping both of them. Therefore, I can get to the VI client via Wirtual Machine (not the best scenario to manage one of its right VMS ESX host?)
I don't know what the problem is, but it sounds a lot there is a problem with the configuration of port / vlan on the cisco switch.
Can a Cisco expert help out me here?
Here are some details of the configuration.
Port group service Console and the port Vm group do not use no matter what config VLAN on the ESX Server.
CONFIG NETWORK ESX
Name PCI Driver link speed Duplex MAC address MTU Description
vmnic0 0b: 00.00 bnx2 up to 1000Mbps Full 00: 1a: 64:b6:06:92 1500 Broadcom Broadcom NetXtreme II BCM5709 1000Base-T Corporation
vmnic1 0b: 00.01 bnx2 up to 100 Mbit/s Full 00: 1a: 64:b6:06:94 1500 Broadcom Broadcom NetXtreme II BCM5709 1000Base-T Corporation
vusb0 nickname cdc_ether Up 0Mbps 02: 1a: 64:b6:06:99 half 1500 unknown unknown
Switch name Num used Ports configured Ports MTU rising ports
64 6 64 1500 vmnic0 vSwitch0
Name PortGroup VLAN ID used rising Ports
PORTS 0 1 vmnic0 VM GROUP
0 1 vmnic0 Console service
Switch name Num used Ports configured Ports MTU rising ports
64 3 64 1500 vmnic1 vSwitch1
Name PortGroup VLAN ID used rising Ports
BIG POND ADSL 0 1 vmnic1
Port Group/DVPort IP IP family name address Netmask Broadcast Enabled TYPE
vswif0 Service Console IPv4 192.168.0.100 255.255.255.0 192.168.0.255 true STATIC
Lo encap:Local Loopback link
INET addr:127.0.0.1 mask: 255.0.0.0
RACE of LOOPING 16436 Metric: 1
Dropped packets: 1310258 RX errors: 0:0 overruns: 0 frame: 0
Dropped packets: 1310258 TX errors: 0:0 overruns: 0 carrier: 0
collisions: 0 txqueuelen:0
RX bytes: 4531037961 (4.2 GiB) TX bytes: 4531037961 (4.2 GiB)
vmnic0 Link encap HWaddr 00: 1a: 64:B6:06:92
RUNNING BROADCAST MULTICAST MTU:1500 metric: 1
Dropped packets: 94579247 RX errors: 0:0 overruns: 0 frame: 0
Dropped packets: 99834049 TX errors: 0:0 overruns: 0 carrier: 0
collisions: 0 txqueuelen:1000
RX bytes: 127899970453 (119.1 GiB) TX bytes: 19056702095 (17.7 GiB)
Interruption: 209 memory: 92000000-92012100
vmnic1 Link encap HWaddr 00: 1a: 64:B6:06:94
RUNNING BROADCAST MULTICAST MTU:1500 metric: 1
Dropped packets: 3585973 RX errors: 0:0 overruns: 0 frame: 0
Dropped packets: 3018690 TX errors: 0:0 overruns: 0 carrier: 0
collisions: 0 txqueuelen:1000
RX bytes: 2304776001 (2.1 GiB) TX bytes: 1021855293 (974,5 MiB)
Interruption: 217 memory: 94000000-94012100
vswif0 Link encap HWaddr 00:50:56:45:43:6 C
INET addr:192.168.0.100 Bcast:192.168.0.255 mask: 255.255.255.0
RUNNING BROADCAST MULTICAST MTU:1500 metric: 1
Dropped packets: 367248 RX errors: 0:0 overruns: 0 frame: 0
Dropped packets: 126300 TX errors: 0:0 overruns: 0 carrier: 0
collisions: 0 txqueuelen:1000
RX bytes: 33905320 (32.3 MiB) TX bytes: 154760077 (147,5 MiB)
vusb0 Link encap HWaddr 02: 1a: 64:B6:06:99
RUNNING BROADCAST MULTICAST MTU:1500 metric: 1
Fall of RX packets: 341442 errors: 0:0 overruns: 0 frame: 0
Dropped TX packets: 0 errors: 0:0 overruns: 0 carrier: 0
collisions: 0 txqueuelen:1000
RX bytes: 26973918 (25.7 MiB) TX bytes: 0 (0.0 b)
CISCO SWITCH CONFIGURATION
Port on which the ESX nic is connected to:
interface GigabitEthernet0/1
switchport mode trunk
switchport nonegotiate
switchport port-security
aging of the switchport port security 2
security violation restrict port switchport
inactivity of aging switchport port-security type
macro description cisco-computer desk
spanning tree portfast
spanning tree enable bpduguard
!
******************************************
CONFIGURATION OF VLAN
!
interface Vlan1
IP 192.168.0.253 255.255.255.0
!
interface Vlan2
Description management Vlan
no ip address
!
interface Vlan10
Test description Vlan
IP 192.168.121.253 255.255.255.0
!
Default IP gateway 192.168.0.1
Any help would be appreciated.
Thank you
I think I've seen this before. I'm not super familiar with this switch, but I think that the problem is with cisco-computer office macro.
Try using the macro switch cisco instead since you are addressing a vSwitch on the other end. You can always check the mac address table and see if your Mac to the vswif (service console) make their appearance. If they are not then appear this is an inconsistency in the port between the Cisco Switch and vSwitch.
Louis
-
Hello
I just upgraded to macOS Sierra and built-in Cisco IPsec VPN no longer works. When you try to connect, I get a "cannot validate the certificate of the server. "Check your settings and try to reconnect" error message. I use Cisco ASA with self-signed certificates and everything worked fine with previous versions of OS X.
Please help me, I need my VPN Thx a lot
I am having the same problem with StrongSwan and help cert signed with the channel to complete certificates included in the pkcs12 file imported to the keychain. It was working properly in El Capitan, but now broken in the Sierra.
-
Cisco VPN does not work in the Sierra
I just upgraded to OS Sierra and the Cisco VPN, I had the installer does connect more. The Setup looks right into network preferences. When I click it looks like it is trying but stops without asking for a password.
Cisco VPN client may need to update or re-installed. If she uses the PPTP Protocol, it will not work. Support for PPTP was ignored, because it is no longer considered as secure.
Maybe you are looking for
-
The numbers won't let me record time
Hello I transferred my data from old iMac (mid-2010/Mavericks) numbers to a new (end 2015/El Capitan). In addition to the fact that I can't use the wonderful version of iWork and I'm stuck with a version with an annoying interface, numbers will not w
-
Is there a way to prevent resizing of the video chat?
When do a video chat with one person, said the person to see my fine video stream, which is 16:9. See display full, and all the text on both sides of the screen. Problem is when some other join in the video chat, Skype is resized or cultures my flow
-
rtexe works solo con el Panel remote
Hola, Developing application of dataloggin una estoy para UN compactRIO con driver NI 9012. Cuando hago carga del practicable in el driver not sell me any error message. El rtexe as genero lo tengo configurado para that run al arrancar el sistema, y
-
Error code: 80248009 (cannot install updates)
I can't update my pc due to the error 80248009
-
Error code 646 when installing this update of security for windows 7
I could not install after download of this security update. His identified by KB2092914. Automatic updates stopped working about 10 days ago.