MAC Authentication Bypass on Catalyst 2950 supported?

cisco

    Sponsored Links

    Next

  • 1. VPN Client ---> 1841 router
    Hi, Getting a weird problem on a 1841 when trying to set up the VPN IPSec. Seems that i can connect successfully to the router; can telnet to it but cannot go beyond it. e.g can telnet to 10.163.1.253 but not to 10.163.1.1 directly. Can telnet to 10.163.1.1 only from the router. I also get the following log in the VPN client Cisco Systems VPN Client Version 5.0.01.0600 Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Windows, WinNT Running on: 5.1.2600 Service Pack 2 Config file directory: C:\Program Files\Cisco Systems\VPN Client\ 1 14:38:55.640 09/21/07 Sev=Warning/2 CVPND/0xE3400013 AddRoute failed to add a route: code 87 Destination 192.168.0.255 Netmask 255.255.255.255 Gateway 10.163.1.1 Interface 10.163.1.207 2 14:38:55.640 09/21/07 Sev=Warning/2 CM/0xA3100024 Unable to add route. Network: c0a800ff, Netmask: ffffffff, Interface: aa301cf, Gateway: aa30101. Any idea? Thanks Kailash
  • 2. Join 2 Networks
    Howdy, I have a cisco 1720 router, windows 2003 PDC, 2 2950 cisco switches 1 cisco PIX. Network1. The PDC acts as DHCP and has to authenticate all users and gives ip 192.168.0.x. Network2. Has PIX 192.168.10.x with applications behind it. I would like to join the 2 networks all clients on network 1 to communicate with network 2 without changing the current topology. I have tried vlans with no success. Please assist
  • 3. PIX object-groups automatically created named "_ref" ?
    Hi, After upgrading our PIX 525 from version 6 to 8 I noticed the access- lists and object-group command behaviour has changed - it no longer automatically creates "reference" access-groups ending with "_ref" Previously I created inbound access-lists (via PDM) referencing the inside server names and the PIX automatically created a "reference" access-lists/object-groups that matched the outside NAT'ed addresses. For example: Name 192.168.10.10 SERVER1 (inside name) object-group network INSIDE-SERVER (object -group with inside name) network-object SERVER1 255.255.255.255 object-group network INSIDE-SERVER_ref (automatically created object group matching outside NAT) network-object 10.10.10.10 255.255.255.255 access-list outside_access_in permit tcp any object-group INSIDE_SERVER_ref eq http (access-list using the _ref" version) For some reason version 8 does not do this? Any suggestions would be appreciated. Paul
  • 4. Cisco ASA Syslog Messages
    We recently purchased a piece of software that is going to inspect our syslog log files and alert us based on specific queries. The software however was not written to read Cisco syslog specifically so we have to define pretty tightly what we want to alert on. I have been reviewing the documentation regarding the ASA/PIX syslog format and it seems helpful except there are so many damn messages and message types. Does anyone have any suggestions regarding what things to specifically look for in the logs. I know this is a very vague question and I know a lot of it is based on the position and functionality of our ASAs, but what I am really more looking for perhaps are some guidelines or perhaps a sample of what others are doing. Perhaps there is some documentation other than the massive list of all messages that might lend some guidance? The problem in theory of course is that I can look through our current logs and identify items to be alerted against, but how does one anticipate what is going to be in the logs when an actual security attack/emergency occurs. Any help is greatly appreciated.

MAC Authentication Bypass on Catalyst 2950 supported?

Postby Daniel Alex » Fri, 16 May 2008 12:41:13 GMT

Hi all,

Which IOS release that supports MAC Authentication Bypass (MAB) for Catalyst 
2950 switch? Currently I have 12.1-22 EA8a version and I would like to use 
this feature.

Thanks very much.

Regards,

Daniel 


Similar Threads:

1.Problems with Catalyst 2950 and Mac OS X 10.4 Systems

Hello,

since we have replaced our Catalyst 2924XL switches with Catalyst 2950 
we get more and more problems with Apple Macintosh OS X 10.4 Systems 
with G5 processors.
The systems get their static IP addresses from two SuSE Linux 
DHCP-Servers. In our campus-LAN 76 VLANs are configured.

Normally everything works well, but sometimes some Mac OS X 10.4 systems 
lose suddenly their server mounts.
Sometimes other Mac OS X 10.4 systems dont get an IP address while 
booting. After a reboot it works regularly.
Deactivating the port-security doesnt help.
"Spanningtree portfast" and "switchport nonegotiate" is configured on 
the switchport.

Has anyone a hint on this problem?
Thanks in advance!
Kai Matthies

----
Our configuration:

CatXX#sh vers
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA1b, RELEASE 
SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Tue 24-Aug-04 00:12 by yenanh
Image text-base: 0x80010000, data-base: 0x8055C000

ROM: Bootstrap program is C2950 boot loader

Cat76 uptime is 47 weeks, 6 days, 7 hours, 32 minutes
System returned to ROM by power-on
System restarted at 15:05:25 MESZ Tue Jun 14 2005
System image file is "flash:/c2950-i6q4l2-mz.121-22.EA1b.bin"

cisco WS-C2950G-48-EI (RC32300) processor (revision Q0) with 20873K 
bytes of memory.
Processor board ID XXXXX
Last reset from system-reset
Running Enhanced Image
48 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: xx:xx:xx:xx:xx:xx
Motherboard assembly number: 73-7409-12
Power supply part number: 34-0965-01
Motherboard serial number: XXXXX
Power supply serial number: XXXXX
Model revision number: Q0
Motherboard revision number: A0
Model number: WS-C2950G-48-EI
System serial number: XXXXXX
Configuration register is 0xF

CatXX#sh run int fast 0/22
interface FastEthernet0/22
  description XXX
  switchport access vlan 721
  switchport mode access
  switchport nonegotiate
  switchport port-security
  switchport port-security mac-address sticky
  switchport port-security mac-address sticky 0000.1111.2222
  no snmp trap link-status
  no cdp enable
  spanning-tree portfast
end

CatXX#sh int fast 0/22
FastEthernet0/22 is down, line protocol is down (notconnect)
   Hardware is Fast Ethernet, address is 0013.1953.xxxx (bia 0013.1953.xxxx)
   Description: XXX
   MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
      reliability 255/255, txload 1/255, rxload 1/255
   Encapsulation ARPA, loopback not set
   Keepalive set (10 sec)
   Auto-duplex, Auto-speed, media type is 100BaseTX
   input flow-control is unsupported output flow-control is unsupported
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 29w0d, output 01:18:10, output hang never
   Last clearing of "show interface" counters 3d12h
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: fifo
   Output queue: 0/40 (size/max)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
      276641 packets input, 102028305 bytes, 0 no buffer
      Received 1969 broadcasts (0 multicast)
      0 runts, 0 giants, 0 throttles
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
      0 watchdog, 1189 multicast, 0 pause input
      0 input packets with dribble condition detected
      797521 packets output, 121800493 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collision, 0 deferred
      0 lost carrier, 0 no carrier, 0 PAUSE output
      0 output buffer failures, 0 output buffers swapped out

CatXX#sh int fast 0/22 switchport
Name: Fa0/22
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 721 (XXX)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

2.anyone know about: vlan trunking with catalyst 1900 to any other ios device (catalyst 2950)

3.anyone know about: vlan trunking with catalyst 1900 to any other ios device (catalyst 2950)

4.Settinup 802.ix authentication with cisco 2950 and Micorsoft IAS

I have a project to stop rogue users form pluging onto my network. I
have seen where cisco switches can do port authentication with a radius
server. I would like to setup and IAS server on win2k3 as my radius
server. Can anyone provide me with configuration guides to configure
the switch as well as the IAS server? I would really appreciate the
assistance.

PWM

5.Debug mac access-list extended 2950

Is there a way to debug extended mac access-lists?  I have not found
anything on the Cisco Web Sit or in my switch doc.

My layer2 acl is blocking everything and I do not have any way of
seeing what is happening.  show access-list does not provide a count of
deny frames.  All the debug commands I looked at are for layer3&4
ACL's.

Any suggestions would be appreciated.

6. 2950 switch - max mac-add table size?

7. Port-security mac address on 2950

8. 2950 empty mac address table



Return to cisco

 

Who is online

Users browsing this forum: No registered users and 29 guest