GANYMEDE + with 3560 cisco switch configuration issue
Hi Forum,
Here's my setup GANYMEDE + on my cisco 3560 switch and my question is, how can I configure the switch, if I would not type enable after I put the user name and password? with configs below, users will need to type activate whenever they connect to the switch in order to enter the user exec mode. Please let me know if there is something missing in my configs to help me avoid typing 'enable '.
Thanks in advance,
MacBookAir: ~ MacBook$ ssh [email protected]/ * /.
Password:
Switch > en
Switch #show run | include the aaa
AAA new-model
AAA server Ganymede group + mpcc
AAA authentication login default group Ganymede + local
activate the default AAA authentication no
AAA authorization exec default group Ganymede + authenticated if
AAA authorization commands 1 default group Ganymede + authenticated if
AAA authorization commands 15 default group Ganymede + authenticated if
start-stop radius group AAA accounting dot1x default
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA accounting system default start-stop Ganymede group.
AAA server RADIUS Dynamics-author
AAA - the id of the joint session
Switch #.
Hello
Add the level of privilege 15 control VTY line configuration.
line vty 0 4 [..] privilege level 15 !
Concerning
Tags: Cisco Network
Similar Questions
-
5508 interfaces with two different switches configuration
Hello
I have a 5508 WLC and two 4507 switches that are configured in HSRP.
Now, I want to configure 5508 interfaces:
If I want to configure management interface, I need the physical port card
Question: How can I correspond to two physical port that are connected to two different chassis?
Configuration interface AP-Manager's optional?
in this scenario, I'll have to divide AP traffic between two switches (EQ. Assume that 10 aps are, I want to connect to a switch and another 5 to another switch 5).
How to divide?
Please guide me to configure the interface in this scenario...
I have with your answer.
Hi Vinod,
Wasn't this already answered here: https://supportforums.cisco.com/thread/2052962 ?
HTH,
Tiago--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
-
Cisco 867VAE configuration issues - does no routing between LAN &; WAN
Im trying to configure a 867VAE to use our ADSL line. I can do to connect to the ISP, get an IP on their part and can ping 8.8.8.8 (Server DNS Googles) since the CLI routers but the side LAN does not work.
Im just trying to assign static addresses to the side in the 192.168.1.0 LAN range, but it does not seem to carry the traffic from one side to the other. Can it be related to not being able to assign an IP address to all four ports Fast Ethernet (switch)? I get IP addresses cannot be set up on L2 links so Ive vlan1 configuration instead, but that cannot link to any real interface
Attached is the current running config
Can as a question you please recommend a good book to learn how to do this sort of thing?
Thank you
Hi ports 800 series which are l2 may not take an ip address like you because they are pure switch ports, so if you your using several VLANS part SVI Layer 3 must be set to the router and the switchports to shared resources, if only using the vlan 1 should not no need to trunk or make changes to these default ports , they are in the vlan 1
You have a switch involved or are your PC connection directly to these ports, you set the gateway default ip address vlan 1?
The interface vlan 1 shows to the top and to the top when you run int ip see the brief
VLAN 1 is related to these ports, so when you connect to a pc with a correct address in this range him vlan will come and you should be able to ping from the local pc to the internet
You don't have to bother with books that all things CCNA are on youtube and much easier to learn videos and books as you can see it being configured
-
The ISE Cisco switch configuration
Hi experts,
I got the following network:
Devices-> switch access-->--> access switch central office switch-> ISE Server
All switches are capable IOS for the 802. 1 X and configurations of AAA for ISE to manage network devices. However, I read in the guide on the configuration of the switches in preparation for the deployment of the ISE of CIsco, but I wonder what should I configure switches for access and basic switches or only configure the switches for access to EHT?
Thanks for your time to read!
If all clients are non-DHCP clients, then no configuration is based or distribution at all.
But you may need to search different options of profiling, if the customers are not active DHCP. Access switch supports the function of detection IOS? Would be very useful to have such a that it would send important profiling information at ISE. You may need to use the right options for ISE of profiling to determine the details of the endpoint.
Concerning
Vivek
-
Hello
I would like to implement the NAC (802.1 x) in my network, but I have a lot of loose switches not lying around.
Y at - it all 8021.x enabled the office (4 or 8 ports) switches?
Thank you
Tom
Cisco 2960 - 8 and 3560-8 support 802.1 x.
-
Configuration Wireless 3G as online backup with cisco switch layer 3?
Hi all
We have an existing GPRS modems for data transfer between 2 different sites, this connection is a bit slow to no more than approximately 114 Kbps, the idea is to add a 3G modem, so the solution will be based on a two-way communication lines which are 3G network and the GPRS network.
The line GPRS will be the main and 3G will be secondary, this redundancy offers a high level of availability of communication between the two sites.
is it possible to configure this redundancy with a cisco switch layer 3? If this is the case do you have a tutorial or a link which explain how to do this work with a layer switch 3 ciso?
all information will be useful for me, thanks
Hello
The config is one provided by anisaini, but you need to change your NAT like this:
IP nat inside source MAIN interface map route x/x main interface
IP nat inside source route-map interface o/o interface secondary SCHOOL
Interior int z/z interface
IP nat inside
int x/x
NAT outside IP
int y/y
NAT outside IP
access-list 99
permit x.x.x.x y.y.y.y where x.x.x.x is your home subnet addresses and y.y.y.y is the corresponding generic mask
PRIMARY route map
match ip add 99
match interface x/x
SECONDARY route map
match ip add 99
game interface y/y
Concerning
Alain
Remember messages useful rate.
-
The incomplete 1941W Cisco router configuration
Good day all.
I was running a business of small ecommerce for the last 5 years on a Linksys wireless router. Now that I have more than 14 posts and 6 networked printers, it was time to take a step towards the top.
I bought a 1941W SRI CISCO to take us to the Gigabit speed in the next decade with a CISCO switch. I assume that the 1941W, although robust with scalability, would provide the installation of it, simple as the product Linksys (Cisco) or at least a simple 1-2-3 How to get basic connections made. I was wrong and now I find that I have some difficulty to negotiate Internet on the router again.
Included below is my config NVRAM. I hope someone could tell where I can have a few gaps in my config.
Please note: this config is derived from an example on the net that seemed simple enough, so if you find yourself asking, "why did do that?", I hope that this provides the perspective.
TEST router configuration
28/07/2010Objective: Complete the basic configuration to connect (and ping) to the internet
Problem: Cannot conect to the internet; Incomplete suspected configuration; Maybe bad config NAT or DNS issue
Comments: In the process.TEXT OF HYPERTERMINAL CONNECTION TO THE CONSOLE:
User access audit
User name: admin
Password:TESTROUTER > activate
Password:
TESTROUTER #ping 8.8.8.8Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 8.8.8.8, time-out is 2 seconds:
.....
Success rate is 0% (0/5)TESTROUTER #show config
With the help of 2615 off 262136 bytes
!
! 01:33:34 CST configuration was last modified Thursday, July 29, 2010 by admin
!
version 15.0
no service button
tcp KeepAlive-component snap-in service
a tcp-KeepAlive-quick service
horodateurs service debug datetime msec show-time zone
horodateurs service log datetime msec show-time zone
encryption password service
!
hostname TESTROUTER
!
boot-start-marker
boot-end-marker
!
logging buffered 16000
recording console critical
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXX
enable password 7 XXXXXXXXXXXXXXXX
!
AAA new-model
!
!
AAA authentication login default local
the AAA authentication enable default
!
!
!
!
!
AAA - the id of the joint session
iomem 10 memory size
clock timezone CST - 6
Service-module wlan-ap 0 autonomous bootimage
!
No ipv6 cef
no ip source route
inaccessible 2000 IP icmp rate-limit
IP icmp rate-limit unreachable DF 2000
IP cef
!
!
!
!
no ip bootp Server
no ip domain search
8.8.8.8 IP name-server
IP-server names 8.8.4.4
name of the IP-server 209.18.47.61
name of the IP-server 209.18.47.62
Authenticated MultiLink bundle-name Panel
!
!
!
license udi pid CISCO1941W-A/K9 sn XXXXXXXXXXX
ISM HW-module 0
!
!
!
admin password username 7 XXXXXXXXXXXX
!
!
!
!
!
!
interface GigabitEthernet0/Wlan-0
Description interface connecting to the AP the switch embedded internal
Shutdown
!
interface GigabitEthernet0/0
Description of connection to the internet to transfer Ethernet/fiber TWC (ISP)
address IP AA. BB. CC.149 255.255.255.0
IP access-group 115 to
no ip unreachable
no ip proxy-arp
NAT outside IP
IP virtual-reassembly
no ip-cache cef route
no ip route cache
automatic duplex
automatic speed
No cdp enable
!
wlan-ap0 interface
description of the Service interface module to manage the embedded AP
no ip address
ARP timeout 0
No mop enabled
No mop sysid
!
interface GigabitEthernet0/1
Internal description of the connection to the local network
IP 10.10.10.1 255.255.255.0
IP access-group 116 to
no ip proxy-arp
IP nat inside
IP virtual-reassembly
no ip-cache cef route
no ip route cache
automatic duplex
automatic speed
No cdp enable
No mop enabled
!
interface Vlan1
no ip address
Shutdown
!
IP forward-Protocol ND
!
no ip address of the http server
no ip http secure server
!
IP nat inside source list 1 interface GigabitEthernet0/0 overload
IP route 0.0.0.0 0.0.0.0 AA. ABM CC.1
IP route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 115 deny ip 127.0.0.0 0.255.255.255 everything
!
not run cdp!
!
control plan
!
!
Line con 0
line to 0
line 67
no activation-character
No exec
preferred no transport
transport of entry all
transport output pad rlogin lapb - your MOP v120 udptn ssh telnet
line vty 0 4
password 7 XXXXXXXXXXXXXX
!
Scheduler allocate 20000 1000
endTESTROUTER #.
END OF HYPERTERMIAL TO THE TEXT OF THE CONSOLE
Thanks in advance to those who consider a response.
Daniel
Daniel
You have a LCD 115 on the external interface and it is just a line in this acl which is a refusal. Be aware that an acl has implicit deny all the end anyway so basically that this acl blocking all incoming which responses return icmp (ping) traffic. Because you run the command ping to the router using an IP address not not a DNS then NAT or DNS name is a problem at present.
I suggest that rewrite you the acl - 115
access-list 115 permit icmp host 8.8.8.8 entire echo response
and test again with your ping. If it works then it's the acl that is the problem and you need to write your acl so that is what you want to allow before that you want to deny.
Jon
-
Web authentication with RSA SecureID on a Cisco Switch
Hello
I recently searched by linking in our Cisco Switch of GB 2960 S with RSA SecureID via Radius
I already managed to tie in to ssh access
but I failed to make it work for http / web access to the switch
I think it's because we use 'single use' maximum security with RSA SecureID tokens
the web interface tries to authenticate several times against the Radius server RSA SecureID part
(agreement on the first authentication, but every time after that he's going to want a different code in token)
I was wondering if anyone knew a way around this? (if there is a way to get the right switch authenticate once instead of multiple times the radius server)
FYI, the switch is a WS-C2960S-24TS-L with IOS 15.0 (1) SE2
Hello Chris,
You can test the following configuration?
AAA webtac_grp radius server group
Server
expiration of cache 1
authorization cache profile httpauth
hiding authentication profile httpauth
!
AAA authentication login httpauth cache webtac_grp group webtac_grp
AAA authorization exec httpauth cache webtac_grp group webtac_grp
AAA authorization network httpauth cache webtac_grp group webtac_grp
AAA cache profile httpauth
all the
IP http server
IP http authentication aaa - authentication of the connection httpauth
IP http authentication aaa exec-authorization httpauth
RADIUS server host key *.
I know for sure the above configuration works when you use GANYMEDE + instead of RADIUS in order to avoid multiple guests due to the authentication of JAVA Applets to access the GUI of the IOS. I him have not tested against RSA acting as an authentication server.
NOTE: As "aaa authorization exec" is configured the RSA should send Service-Type attribute with administrative value for it to work as expected.
If this was helpful please note.
Kind regards.
-
I would like to know if the compatibility for the storage matrix Dell is updated regularly, especially for cisco switches.
We seek to deploy a few PS6210 with 10G connectiivity and here for use with switches Cisco 4500 X series. However these are not included in the doc. There are a few cisco switches that are the end of life (4948 and some nexus switches).Hello
Yes the guide is updated regularly, usually monthly or updates are available.
Since the x 4500 is not a Nexus series switch, you looking for correct DCB support?
In this case these Dell 'Level 3' offers better support for resonable effort. I'll make sure that use you the latest firmware IOS and EQL. There are other switches catalyst IOS in the guide. Configure it in this sense would be a great place to start. Ideally, the switch dedicated for iSCSI use, not VLANd with other types of traffic.
If you can first test before production, then support can see table diagnosis and SANHQ archive for any signs of network related issues. (retransmit rate and types for example)
Kind regards
-
VSS migration to virtual Distributed Switch configuration
Hi all
I am trying to wrap my brain around that and just run into a few problems actually make things work. Please bear with me, I will try and describe the environment that I have and what I'm trying to building with like jargin little I can.
My current vmware environment consists of 3 hosts vsphere 4.x and about 6 different subnets. My primary host vSphere is home to the largest part of the virtual machine and manages 5 different subnets connected to each of 5 virtual switches separated with 1 assigned to each NETWORK adapter. Also, there is a switch of kernel VM with a connection to my NetApp iSCSI. The other vSphere hosts are simple enough, the two are connected to subnet 1 with a virtual switch for it and a switch of kernel VM with a connection to the NetApp iSCSI.
Each subnet in my lab is managed/break through the VLANS on Cisco devices, so I saw that it had to assign any settings VLAN since the power of VMware.
If you refer to the VMWare vNetwork Distributed Switch: Migration and vmware Configuration guide, I am trying to migrate a seup similar to this:
However, I'm running issues when you try to get the int hosts a vDS configuration. I could create a vDS for my root subnet, add one of my hosts vSPhere and migrate the virtual machine to the new port group in this vDS. The Service console as well as the VMKernel remain virtual switches on the host and I can't understand how these migrate to a vDS host without lose the connection.
I'm asssuming based on the number of subnets that I manage between hosts, I'll finish with about a 5-switch vritualDistributed for subnets, each with at least 1 card a vSphere host physical NETWORK link up to the appropriate subnet. In addition to this, I'm assumining I'll need to create a vDS for the Service console and VMKernel (iSCIS) traffic. The Service Console are on the same subnet, some VM most residence on that subnet, separate VSS was created on the hosts to manage separate traffic.
Any help anyone can provide on how to create vDS for SC/vmk traffic and get the associated host migrated to which would be very useful. As I said I was able to create 1 vDS and add a host computer via 1 uplink NIC with the virtual machine, but nothing beyond that seems bad connection.
Feel you please free to ask for additional details, I know it's a lot and maybe a bit confusing. Thank you.
-Bryan
Hello
If I'm correct, when the host is added the vDS and the creation of the vDS Service Console, I have to select an unused NIC and migrate the SC existing to the new group of port... or should I add a second SC for the VSS by using a NETWORK card available and who migrate to the new vDS?
Yes, select an unused physical nic so that you have a physical nic connected to the VSS and the other to connect to the uplink of vDS group and migrate the SC. existing if you have several hosts, vMotion all VM and test to see if the migration without distruption, also works to keep details of the ILO ready incase you need to connect to the console of the server.
This is a very good book white http://www.vmware.com/files/pdf/vsphere-vnetwork-ds-migration-configuration-wp.pdf that provides detailed information about the migration.
All the best.
Kind regards
ArunIf you have found this or other useful information, please consider awarding points to 'Correct' or 'useful '. Regards, Arun VCP3/4, HPCP, HP UX CSA http://kb.vmware.com/
-
The Switch configuration and Wi - fi router in the same network
Hi team,
I have here is the configuration currently as below in the image. To describe the same internet cable is connected to a Cisco switch, which is connected to the PC in LAN (wired). A switch output is connected to the entrance of the wireless router Netgear Nighthawk AC 1900 Smart model of WiFi router # R6900. Wireless devices (laptop) are connected by the router.
Each device has internet access. However, I am unable to run software LAN or unable to share any file of devices connected to the switch to the connected wireless devices. I can't ping any device the device wireless wired.
Can anyone suggest what are the settings that I should do or what are the steps I should follow that will make wireless and wired devices in the same network.
PS Plus early I tried the internet connection to the wireless router and then out of the router to pass, which has solved this problem. But slowing down my internet speed in wired devices. So, is it possible to have all devices in the network even with the current configuration?
Thanks in advance.
Best,
Hardik
I made wi - fi router reset hardware and configured in Access Point mode, that solved my problem.
-
Why I can't command show running on cisco switch
On a single switch, I found that some commands because they show execution or copy running-config tftp: on cisco switch WS-C2960X-24TS-L does not work it see more below. How I can use the command then show generally. Thank you.
Building1_FAA_6F_SW3 #sh run
Building configuration...Current configuration: 100 bytes
!
! No change since the last restart configuration
!
boot-start-marker
boot-end-marker
!
!
!
!
!
!
end---------------------------------------------------
Building1_FAA_6F_SW3 #copy running-config tftp:
^
Invalid entry % detected at ' ^' marker.OK, so the information you provided in your latest messages confirm that the privilege level you get via telnet/vty is different from the one you get via the console. This is due to the configuration of AAA which applies to the vty ports but not on the console port.
So if you want the same rules apply to the console port, then you must configure the port console for AAA as well.
If you don't want these rules then you need to remove the AAA configurations. The best way to remove these is by typing 'no new aaa - model' However, careful not to lock you out of the unit. Make sure you have local accounts with the privilege level 15 and you also know the active password/secret.
I hope this helps!
Thank you for evaluating useful messages!
-
Centralized deployment 3560 L3 Switch IOS
Hello
Cisco NAC Appliance switch and Wireless LAN Controller Support Guide that I found that the IOS less for 3560 L3 switch must be
Catalyst 3750/3560 (switch L3) Yes with 12.2 (25) SEE and more
I have a switch with IOS responsible c3560-ipservicesk9 - mz.122 - 55.SE.bin"t - will it support? There is a lot of difference in itself and SEE?
Thank you
Hello
Yes, it will support.
122 - 55.SE is later than the 12.2 (25) SEE, so you should have no problems.
Any IOS plus late 12.2 (25) WHAT to SEE will build-> works.
HTH,
Tiago--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
-
I guess Cisco ISE sends a redirect to URL to the switch and switch, it presents to the customer in the case of access comments get a redirect URL with acceptance of the user (guests and not wired) Page.
My question is, do we need to configure the server http and https on the switches (both pleading and authenticator)?
I don't know that it will take a confirmation, but just wanted to...
I checked the configuration for the supplicant and authenticator of ISE switches, and there no where not mentioned this part of the config.
http://www.Cisco.com/en/us/docs/security/ISE/1.0/user_guide/ise10_troubleshooting.html (a redirect to URL and possible cause problem is mentioned) - make sure that the config is necessary.
(the begging and authenticator switch configuration) - mentioned anywhere in the configuration of http/https for the two switches.
Yes, his need. The http/s server in the swtich is used to retrieve the user http traffic and redirect the traffic to the CWA portal, or a registration portal device or even for the portal of integrated Mobile Device Management (MDM). .
IP http server
IP http secure server
The info below, I caught Cisco ISE for BYOD and book secure access unified.
"Organization many want if ensure that this referral process to aid internal HTTP Server switch is dissociated from the management of the switch itself, in order to limit the risk of the user interacts with the intervace plan a switch of control and management." This can be accomplished by connecting the two following commands in global configuration mode:
active session modules IP http no
"IP http secure-active-session-modules no".
-
C300 Cisco switches when Cisco is considering additional CDP?
Dear all,
When Cisco plans to support CDP on C300 switches?
I have it configured with LLDP based on the document "Adding a Cisco Switch series of 300 Business from small to SBCS 2.0", but this isn't the perfect according to me
Kind regards
Vellum Tsekov
Vellum,
We are very close. We anticipate releasing the firmware supporting CDP, CLI and several other new features this month - June 2011.
Ivor
Maybe you are looking for
-
I have an older version of the Mac - Power Book G4 laptop. My version is Mac OS 10.4. I had FireFox and really liked. Gmail said I had to update my version of Firefox, then I am ambitious and tried to update my version on my old hardware and software
-
I'm reading a file that is in binary, and I've been uncessful, I get the following error message: error 7 has occurred to open/create/replace file in TESTEXAMPLE.viand the possible reason is: LabVIEW: file not found. The file may be in a location dif
-
Increase the speed of acquisition of a coding of LABVIEW
Hi people, I use digital USB 6509 advice to do some multiplexing. Then, I use USB-6255 boards to get some blood pressure measurements. The acquisition is a bit slow and I am trying to increase the speed. I enclose the code. If some have a few tips to
-
I got the HP Client Security software installed and running under microsoft Windows 10. It will install is no longer under Windows Version 1511 10. - Or nearby - 17 November Microsoft has released an update to Windows 10 Version 1511.The Windows Upda
-
Try to install the OS but not big enough partition?
Hello I'm a little lost... After you have reinstalled XP, I had a few problems. First of all, the program that I now have on my computer is supposed to have not passed the real thing on opening... I lost the disc, so I bought another XP (SP2) drive o