The Catalyst 2960 G switch configuration
Is it possible to configure a Catalyst 2960 G Switch to act as / be an unmanaged (no router) switch? If so, please provide detailed and simple instructions.
Hi @lcbalogh1,
I think that these switches are not routing compatible, but one thing... What you want to do is to have the switch set in a single broadcast domain (all ports in the same VLAN), right? If so, follow these steps:
- Disable the routing features with the configuration command global "don'tno ip Routing.
- If the first command is not accepted, type the "No dsm prefer lanbase-routing.
These two steps above to disable the routing features.
OK, to mark all the ports of the members of the same VLAN, you have a few options:
- You can leave all the default ports VLAN (VLAN 1)
- Or, you can configure all ports in another VLAN different
- switchport mode access
- access switchport vlan id - vlan>
Hope this is useful for you.
Rgrds,
Martin, computer scientist
Tags: Cisco Support
Similar Questions
-
Setup
Cisco Catalyst 2960-S running 15.0.2 - SE8
Under Centos freeRadius 6.4 RADIUS server
Client (supplicant) running Windows 7
When Windows client is connected to the port (port 12 in my setup) with authentication of 802. 1 x active switch, show of Wireshark that catalyst sends ask EAP and the client responds with EAP response. But it made not the request to the Radius server. The RADIUS test utility 'aaa RADIUS testuser password new-code test group' works.
Here is my config running. Any advice would be greatly appreciated.
#show running mySwitch-
mySwitch #show running-config
Building configuration...Current configuration: 2094 bytes
!
version 12.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname myswitch
!
boot-start-marker
boot-end-marker
!
activate the password secret 5 $1$ Z1z6$ kqvVYRQdVRZ0h8aDTV5DR0 enable password!
!
!
AAA new-model
!
!
AAA dot1x group group radius aaa accounting dot1x default start-stop radius authentication group!
!
!
AAA - the id of the joint session
1 supply ws-c2960s-24ts-l switch
!
!
!
!
!
control-dot1x system-auth
pvst spanning-tree mode
spanning tree extend id-system
!
!
!
!
internal allocation policy of VLAN no ascendant interface FastEthernet0 no stop ip address!
GigabitEthernet1/0/1 interface
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
switchport mode access
Auto control of the port of authentication
dot1x EAP authenticator
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
IP 10.1.2.12 255.255.255.0
!
IP http server
IP http secure server
activate the IP sla response alerts
recording of debug trap
10.1.2.1 host connection tcp port 514 RADIUS-server host 10.1.2.1 transport auth-port 1812 acct-port 1646 timeout 3 retransmit testing123 key 3.
Line con 0
line vty 0 4
password password
line vty 5 15
password password
!
endinterface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20Have you run wireshark on the server because the request to switch? If so you make sure that there is a response from the server? For Windows network POLICY Server (I've never tried Centos), you must ensure that the request is related to a policy which then authenticates, or denies access. Usually, it is a matter of such attributes and the seller.
Regarding the configuration, it seems a bit out of the AAA. Try to remove the:
line "aaa dot1x group service radius authentication" and this by using instead:
"aaa dot1x default radius authentication group". After the dot1x word you are supposed to provide a list of the authentication or the default Word if you do not want to use a list.
-
Hello
I use a JGS524E and a GS116E. The two are connected via a 802. 1 q uplink with all defined VLANS in him.
A 802. 1 q other interfaces goes to a pfsense firewall, which serves as a router and dhcp server for each VLAN that I use.
How can I configure the switches plug are in one VLAN specific and get his IP address of the dhcp server in this VLAN?
At present, it seems to be random access: it is not predictable that range from intellectual property, it takes its IP configuration via dhcp...
How management function works internally?
Thank you
Markus
Hello
Thank you. I tried it out, but the behavior seems to be a little different:
I configured a static IP address for the switch (10.1.0.13 / 24). I have access to the switch web gui via the ip address of the host of a host directly connected (connected via a trunk port, where I put 1 VLAN on the trunk), but it is all the same, what VLAN that I use:
When it is connected to the VLAN 1 I have access, but also through 10 VLANS, VLAN 20 and so forth (assumed, I configure my computer appropriate staticly in the IP network, for example 10.1.0.20 / 24). So it seems not be limited only to the VLAN 1. You have access to each vlan, only the IP configuration must be in the same network.
I'm not sure, how it behaves when cascading the two switches, I have not tried.
If this information can be useful for other users with the same question about this switching product line.
For me, this behavior is not very well implemented from my point of view. For security reasons, you must limit access to the administration, for example by allowing access from a specific hardware port or a vlan. With the effective implementation, centralized management for a cascade topology is not easy to set up, perhaps because the behavior is not very clear and not documented in the manuals.
Mentioned on the edge: there is no available TLS/SSL encryption when accessing the web gui (not https). So the password is transmitted in clear text... not a very good idea, I think.
Thanks a lot for your help.
Best regards
markusd112
-
The virtual switch configuration
Hello
I configured Vswitch on ESX4.0 connected with a teddy bear.
There are Cisco catalyst 4503 L3 switch configured with several VLANS at the other end. I have configured the switch port trunk with dot1q encap mode that ends on the ESX4.0 server. Service console is configured with IP default VLAN, which is accessible from the other VIRTUAL networks. One of the virtual machine with Win2k3 OS is installed, but after configuration, I am not able to ping default gateway of VLAN respective or any other property intellectual VLAN.
Can anyone guide me where I go wrong and how to correct the problem?
Set the Group of ports to the VLAN specific you want the virtual machine to be on. Do not put any VLAN ID in the virtual machine, just plug it into the port group. If you have other virtual machines, or other on this virtual machine network interface cards that need to connect to the other VLAN create other Port groups for each VIRTUAL local area network required.
-
not visible on the switch Catalyst 2960 vNIC...
Dear all,
I configured the UCS chassis with 5 blades and installed the esxi on all five blades...
I created a VNIC 10 per server and by now I have ip for esxi management by combining two NICs for and YEW is connected to the switch catalyst 2960. The uplinks are 1 Gig at the END and at the end of the switch... and I made these trunk at the end of the switch, all permitted the VLAN on the trunk link
I have configured all the VLANS on during vNIC based on a model and all of those selected. vlan1 is the vlan by default & selected the same.
Please help me to solve the problem... I got tired of all the means & could not able to find a solution.
Kind regards
Gopi G
Greetings.
Please confirm you learn your esxi mgmt addresses (VMK0 will inherit mac vnic UCSM) on FI: #connect nxos
#See table of mac addresses
Do the same on your 2960 switches. You see the mac addresses on the ports of 2960 connected for the UCSM uplinks?
Your uplinks UCSM go the 2960 into a port channel?
Thank you
Kirk
-
IviSwitch loses value when sending, "configure the switch" configuration = TRUE
Hi all
We are currently assessing Teststand 4.1 with a multimeter keithley 3706 switch system.
After a first enthusiasm, thinking this tool with the meter switch fits perfectly our needs, real life seems difficult.
Between several other problems, we must say to the device, the channel "s1com1" and "s1com2" are strings of configuration.
Configure the teststand step: change the switch step IVI-> IVI, switching, configuration switch: channels "s1com1" Configuration = True
led to observable in both actions in Ni Spy:
GetAttributeViBoolean (..., "s1com1", _IS_CONFIGURATION_CHANNEL, VI_FALSE)
SetAttributeViBoolean (..., "s1com1", _IS_CONFIGURATION_CHANNEL, VI_FALSE)
manually call to this function of the interactive a CVI fp class works as expected (the VI_TRUE updated)
Is there any hint that we could do wrong? Currently, we are just before writing wrappers in cvi and jump all the wonderful Types of IVIStep in teststand.
Looking forward to any comments
David Clus
David-
This would have the same problem we discovered recently in our internal tests. For the problem that we found, we will probably include our fix in a next corrective patch. You can check if the problem persists if you change your locale in English in the control panel? If the problem no longer occurs, can you use this as a workaround for now?
-
We use the information provided in the following document: i.dell.com/.../dell-networking-n4000-series-switch-configuration-guide-for-equallogic-sans.pdf
We have two switches of N4032F which are stacked and followed almost word for Word from this document. We do not use DCB. We are trying to set up a SHIFT and follow-up step 2.11 in the document, but it seems that the SHIFT does not work.
Switch 1:
serial interface fortygigabitethernet 1/1/1-2
No spanning tree portfast
active in mode channel-group 1
Switch 2:
interface series fortygigabitethernet 2/1/1-2
No spanning tree portfast
active in mode channel-group 2
However, when it was discovered after changing these settings it shows them as being inactive.
Can someone please help?
Thank you
Jeff
Thanks for the additional information. When the switches are stacked, they act as a logical switch. Then when you plug with an OFFSET you are basically creating a loop and hook up a switch on himself. Desempilement switches and just use the OFFSET for the interconnection of the switch and you should see the GAL go active.
-
Web authentication Catalyst 2960
Hello
I am trying to configure Web authentication relief on a catalyst 2960 switch. The goal is to authenticate customers via web authentication that are consistent (the part of 802. 1 x works fine) not 802. 1 x and allow them access to the network. The problem is that the web authentication seems to fail.
The equipment about my question: switch catalyst 2960 (version: 122 - 37.SE) and a FreeRadius.
Here's what happens:
The authentication window will appear in my browser and the access request is sent to the RADIUS.
The term RADIUS replies with an Access-Accept. Debugging running on the switch show that all this information is coming properly authentication and switch outputs debug a 'status = PASS' and permission to debug outputs a 'status = PASS_ADD'. Despite this the browser on the client generates a message "authentication failure".
I have read the manual and the Cisco attribute value pairs are mentioned: ' priv-lvl = 15' and «proxyacl...»» ». They are required to make it work? Given that I'm not setting up any authentication switch connection via RADIUS.
Any suggestions?
Thanks in advance
Yes, they are mandatory.
If priv-lvl = 15 is not returned to the switch, the user will see? Authentication failed? and the access list will not apply. If the source in the statements of proxyacl field is not? everything? or there are other errors of syntax, the user will see? Successful authentication? but the access list will not apply and the user will be denied access to the network.
Not sure about the configuration of specific FreeRADIUS, but you need to set up the? [026\009\001] Cisco av pair VSA. It should look like:
Priv-lvl = 15
proxyacl #10 = ip permit a whole
Let me know if this lets you squared
-
Dot1x multidomain on Catalyst 2960
Hello
I improved my 2960 with the latest basic version of LAN 12.2 (46) which includes the authentication of domain Multi (MDA) and I tried to configure what is described here:
http://www.Cisco.com/en/us/Tech/tk389/tk814/technologies_configuration_example09186a00808abf2d.shtml
I have the following exceptions in my configuration:
(1) SE - cat 2960 with the latest version of IOS 12.2 (46) that supports the MDA;
(2) using the Win2K IAS as a server radius. and
(3) third party (Avaya) with active begging dot1x IP phone. I have a PC with ability to dot1x connected to the second port of the IP phone.
That's what I set up on the phone IP port:
interface FastEthernet0/9
switchport access vlan 221
switchport mode access
switchport voice vlan 222
dot1x EAP authenticator
self control-port dot1x
multi-domain host-mode dot1x
protect the dot1x violation-mode
dot1x reauth-deadline 30
dot1x re-authentication
spanning tree portfast
I also configured the server Radius IAS Win2K to send RADIUS 'cisco-av-pair attribute' tell the authenticator (Cisco Catalyst 2960) that a supplicant (IP phone) is authorized on the voice VLAN as described in config-notes above link.
When the supplicant IP phone starts to authenticate, he succeeds, but that the port does not allow the field of VOICE, even though the 2960 receives the attribute "cisco-av-pair" of the Radius Server RADIUS. I confirmed the reception of this attribute of debugging on the switch.
RADIUS: Receipt of id 160.2.100.74:1645 1645/64, Access-Accept, len
110
17:02:38: RADIUS: authenticator 7 d AC 50 FE 14 B4 FC DC - 3A A4 E5 3F 1E 76 62
C3
17:02:38: RADIUS: EAP-Message [79] 6
17:02:38: RADIUS: 03 05 00 04
17:02:38: RADIUS: [25] in class 32
17:02:38: RADIUS: 44 05 05 A2 00 00 01 37 00 01 A0 02 64 4A C9 01 1 33 79 52
D8 58 00 00 00 00 00 00 1 b E7 [D7dJ3yRX]
17:02:38: RADIUS: seller, Cisco [26] 34
17:02:38: RAY: Cisco-AVpair [1] 28 'device-traffic-class = voice.
17:02:38: RADIUS: Message-Authenticato [80] 18
17:02:38: RADIUS: D9 42 78 88 26 5A 65 83 68 B0 E0 C7 AF 5TH 0F 51 [B
[x & Zeh ^ Q]
17:02:38: RADIUS (00000009): receipt of id 1645/64
17:02:38: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
Cat2960 #show dot1x int fa0/9 details
Dot1x FastEthernet0/9 information
-----------------------------------
EAP AUTHENTICATOR =
PortControl = AUTO
ControlDirection = both
HostMode = MULTI_DOMAIN
Violation mode = PROTECT
A re-authentication = on
QuietPeriod = 60
ServerTimeout = 0
SuppTimeout = 30
ReAuthPeriod = 30 (configured locally)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
Dot1x authenticator customer list
-------------------------------
Domain = DATA
"Supplicant" = 0004.0d9b.46d8
AUTH State = AUTHENTICATED SM
AUTH BEND State IDLE = SM
Port status = AUTHORIZED
ReAuthPeriod = 30
ReAuthAction = is re-authenticated
TimeToNextReauth = 20
Authentication method = Dot1x
Authorized by = authentication server
Policy of VLAN = n/a
I don't think I need CDP to allow the field of voice, if the Radius server sends the attribute "cisco-av-pair".
Have I misunderstood the concept?
Thank you!
You can share the config switch?
Missing for example aaa authorization network default radius group?
-
6248 FI Cisco's UCS with Cisco catalyst 2960 connectivity
In our environment, UCS, connects the two fabric as a Cisco Nexus 9 k switch upstream with vPC and it works well. But we need to isolate some virtual servers on the blades of the UCS on an entirely separate DMZ switch which is Cisco catalyst 2960.
(1) so can we connect cables separate physical twinax of FI uplink ports to catalyst 2960 and connectivity to the servers in the DMZ keeping YEW to nexus connectivity as it is?
(2) in this case, as there are 2 switches to nexus core 1 and 2 so we will require 2 cisco catalyst 2960 for disjoint such a network? or otherwise we can connect A FI and FI B to one on his 2 numbers 2960 switch. Gig SFP ports + 10?
(3) also suggest things must be taken in charge, the best guides practice or an illustration in this context.
The assignment is static and cannot be changed.
location 1 - uplink 1
slot 2 - uplink 2...
If a property has no blade, the corresponding uplink is not used and that can not be changed!
This dedication of uplinks of IOM is of course a lot of resources: cables, ports on FI, allowed port,...
-
Aironet 1252 with catalyst 2960-8TC-L &; 1841 router compatibility
Hello
First of all they are togther a good combination?
I'll buy new ap 1252 and switch catalyst 2960-8TC-L my question can I connect the access point to 1 x 10/100/1000Base-T/SFP (mini-GBIC) (uplink) port?
because to work on ap with capacity 300 Mbps, it needs port 1000, I will use to power ap powerinjector.
It will be 15 sereve pc as a working group and 60 customers on wlan.
Concerning
Saher
Depending on the type of traffic and bandwidth customer requirements demand, you might need a couple more of ap which means you may have to settle for a switch of 24 ports. Cisco recommends 15-25 users by so, but still, you can have more if it's just e-mail and web browsing.
-
Hello
Can someone tell me a method of turning off the function of the Mode button on a catalyst 2960 to stop this reboot of the switch after being detained for 10 seconds? Even with a config full on the switch, the function "reset" always seems to bypass the config and clear/reload the switch.
Is it possible to disable this feature in the software?
Thank you very much
Charlie Read
Try the following command: no express installation
See the following link for more details on the order.
I hope this helps.
Steve
-
As redundant N3024 switch configuration
Dear all,
Hi, I just get N3024 Dell as a main switch and X 1026 access.
I try to create the topology like this:
VLAN 10: 10.10.10.xxx/24
VLAN 20: 20.20.20.xxx/24
VLAN 30: 30.30.30.xxx/24
VLAN 40: 40.40.40.xxx/24
Just try using the interface vlan each switch.
Switch:
IP routing
interface VLAN 10
10.10.10.1/24 IP address
The interface VLAN 20
20.20.20.1/24 IP address
The interface VLAN 30
30.30.30.1/24 IP address
Interface port 2
switchport mode trunk
B switch:
IP routing
interface VLAN 10
10.10.10.2/24 IP address
The interface VLAN 20
20.20.20.2/24 IP address
The interface VLAN 30
30.30.30.2/24 IP address
I think that my config is far from complete and not best practices...
My question is, what should I configure on each N3024 Dell, so all them VLAN can connected to the Internet? (can create the support for the ip address of the Sonic Wall port)
Please please need your help.
Thanks before.
-The VRRP VLAN must be the same on both switches.
-That the master switch must have control of the track in place.
-The connection between the switch and the firewall must be that it is own VLAN and does not part of VLAN VRRP.
Here is a diagram that I put in place, it could help clear up some confusion.
-
GANYMEDE + with 3560 cisco switch configuration issue
Hi Forum,
Here's my setup GANYMEDE + on my cisco 3560 switch and my question is, how can I configure the switch, if I would not type enable after I put the user name and password? with configs below, users will need to type activate whenever they connect to the switch in order to enter the user exec mode. Please let me know if there is something missing in my configs to help me avoid typing 'enable '.
Thanks in advance,
MacBookAir: ~ MacBook$ ssh [email protected]/ * /.
Password:
Switch > en
Switch #show run | include the aaa
AAA new-model
AAA server Ganymede group + mpcc
AAA authentication login default group Ganymede + local
activate the default AAA authentication no
AAA authorization exec default group Ganymede + authenticated if
AAA authorization commands 1 default group Ganymede + authenticated if
AAA authorization commands 15 default group Ganymede + authenticated if
start-stop radius group AAA accounting dot1x default
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA accounting system default start-stop Ganymede group.
AAA server RADIUS Dynamics-author
AAA - the id of the joint session
Switch #.
Hello
Add the level of privilege 15 control VTY line configuration.
line vty 0 4 [..] privilege level 15 !
Concerning
-
Cannot create the IPv4 Interface on switch SG300-20 entries
It is a brand new switch, mode of L3, and I am connected to port 5. By default, all ports are VLAN1 (management) defined as the PVID and are defined in trunk mode. I can connect without problems, and nothing else is connected to the switch.
I did a master reset (via the web interface and button reset for 20 seconds) several times, and every time I try to assign an IP address to a VIRTUAL LAN on the page located at IP Configuration > GPI and Interfaces > Interface IPv4, I lose connectivity to the switch and it should be reset.
I make no changes to the VLAN1 (management) or the port I am logged in, but the problem persists. My switch is bad? Thanks in advance.
Hello Terry,
It is done, your switch has several types of IP addresses,
-static IP address (you set this)
-dhcp (a server or router that sets)
-default (if neither of the other is defined) 192.168.1.254.
If the sg300 or 500 device has the default IP address and add another IP interface (on a virtual LAN or on a port), it will determine that static or dhcp is the management interface and the address 'by default' won't work any more.
The workaround for this is:
When you configure layer 3 routing on a sg300 or switch 500, once the switch is in mode l3, you must:
1 - give each VLAN interface a static IP from vlan1. This can be the same as the default 192.168.1.254, but I recommend to choose another address where you decide to add another switch in the future.
2 - before you set an IP address on the new VLAN, assign a port of access to the new vlan (so you can move your desktop to this vlan) management if necessary. management of VLAN--> belonging to a vlan port. Once you assign the ip address and your management interface goes far, move your pc to port on the new virtual local network, give it a static and reconnect to the new IP address.
3. use the cable from the console and CLI to configure the interface vlan, as the console port does not go down, or lose connectivity when configuring a VLAN.
Hope this helps,
Dan
Maybe you are looking for
-
Windows Update does not open a few hot flashes
I click on windows update it looks like will open then just closes
-
Error recovery Windows after Vista MS updates - Acer
I have an Acer Aspire T180 - two years, has been my daughters. We have provided factory to use ourselves and have been running for about a week. Automatic updates recommended upgrade Vista to Service Pack (I don't remember if 1 or 2 and now impossi
-
How can I not installHP deskjet 9300 in Windows 8
I have problems to install HP deskjet 9300 op my computer windows 8. What can I do
-
I had to restore my laptop running WIN 8.1 and restored but not the Assistant of printer drivers. Is it possible to reinstall/download it without reinstalling from the installation CD (which is for WIN 7)?
-
BIS - B using outside of BlackBerry Alliance program
Hello I would like to ask if it is legal to use the BIS - B connection outside of BlackBerry Alliance program settings. If somehow, I became aware of the required parameter, but I am not a member of the alliance program, could I use it? Would it be l