MAC Authentication Bypass on Catalyst 2950 supported?


    Sponsored Links


  • 1. Problems changing IPX encapsulation on 3725 router.
    Hi all, I need to change the IPX encapsulation on one of our 3725 routers. So I enter the following commands; #conf t (config)#int fastethernet0/0 (config-if)#ipx encapsulation sap (config-if)#exit (config)#exit # I get no errors, so I go on to check it by typing; #sh ipx int brief And I get the following response; Interface IPX Network Encapsulation Status IPX State FastEthernet0/0 EAEB NOVELL-ETHER up [up] So the encapsulation hasn't changed at all. Anybody got any ideas why? Cheers! -- Andy Lawson (mailto: XXXX@XXXXX.COM )
  • 2. OLD CISCO ASM CSC3 - Terminal line configuration
    Hello, I dug out a very old CISCO ASM IOS8.5 router that I want to use as a terminal server. It took me long enough to find the documentation to password recover this device in the first place.. and I was hoping to find an old config on it that showed me the way.. but sadly no.. I have no problems with normal line configs but with this old beast I can't seem to open up any of the lines!.. I wanted to add an alias to one of the lines with and then at least telnet into the device... loopback12 ip host bobby-lee-bob 2001 It takes the line but when I try to connect to booby-lee we go nowhere. Anybody know where I can dig up an old 8.5 line config? Or have any ideas how I can push a connect from the CLI direct into the line? TIA JB>.
  • 3. Opinions on CISCO SOHO 97 ADSL Router ?
    I first posted this to a Cisco forum somewhere else, but nobody replied, so (if this is off-topic for the group I apologise) ... Although I never thought I`d be able to afford a Cisco router I`ve just purchased a cheap (new) Cisco SOHO 97 from an auction - the price was pretty low and I didn`t really have the option to have a long think about it. For the same money I could have bought equal functionality (in the sense of what I`d use it for) and extra features e.g. wireless, from other manufacturers. The things which tipped the balance were the opportunity to learn IOS and Cisco`s reputation. So what do you think of the '97 as a low end router ? Have I made a mistake and should I just re-auction it and go for better specified hardware from another manufacturer ? Or is learning about Cisco equipment (even at the bottom end) a right of passage that any self respecting geek should go through ? Thanks in advance.
  • 4. Limiting VPN Remote Client access
    Using client 3.x on the PIX platform I want to limit client access to a specific outside network. Is there a way to apply an access-list to the vpngroup? or the aaa authentication configuration? I would like to leave the defaults on so I do not have to allow isakmp, protocol 50, and all of that stuff, I just want to restrict by IP. Brad
  • 5. looking for used Cisco equipement for learning
    I am looking for used Cisco routers, switches for learning. I am not going for certification, just want to learn the router IOS, switch IOS. Actually hoping to find really cheap some 2501s or similar that i can put back to back. The routers are the first choice on the list. I am on a budget (my job has been downsized in half) so I don't have a lot of bucks for this... If anyone has anything, email me directly at XXXX@XXXXX.COM Thanks! Kerry -- please remove x0x0 when replying thanks

MAC Authentication Bypass on Catalyst 2950 supported?

Postby Daniel Alex » Fri, 16 May 2008 12:41:13 GMT

Hi all,

Which IOS release that supports MAC Authentication Bypass (MAB) for Catalyst 
2950 switch? Currently I have 12.1-22 EA8a version and I would like to use 
this feature.

Thanks very much.



Similar Threads:

1.Problems with Catalyst 2950 and Mac OS X 10.4 Systems


since we have replaced our Catalyst 2924XL switches with Catalyst 2950 
we get more and more problems with Apple Macintosh OS X 10.4 Systems 
with G5 processors.
The systems get their static IP addresses from two SuSE Linux 
DHCP-Servers. In our campus-LAN 76 VLANs are configured.

Normally everything works well, but sometimes some Mac OS X 10.4 systems 
lose suddenly their server mounts.
Sometimes other Mac OS X 10.4 systems dont get an IP address while 
booting. After a reboot it works regularly.
Deactivating the port-security doesnt help.
"Spanningtree portfast" and "switchport nonegotiate" is configured on 
the switchport.

Has anyone a hint on this problem?
Thanks in advance!
Kai Matthies

Our configuration:

CatXX#sh vers
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA1b, RELEASE 
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Tue 24-Aug-04 00:12 by yenanh
Image text-base: 0x80010000, data-base: 0x8055C000

ROM: Bootstrap program is C2950 boot loader

Cat76 uptime is 47 weeks, 6 days, 7 hours, 32 minutes
System returned to ROM by power-on
System restarted at 15:05:25 MESZ Tue Jun 14 2005
System image file is "flash:/c2950-i6q4l2-mz.121-22.EA1b.bin"

cisco WS-C2950G-48-EI (RC32300) processor (revision Q0) with 20873K 
bytes of memory.
Processor board ID XXXXX
Last reset from system-reset
Running Enhanced Image
48 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: xx:xx:xx:xx:xx:xx
Motherboard assembly number: 73-7409-12
Power supply part number: 34-0965-01
Motherboard serial number: XXXXX
Power supply serial number: XXXXX
Model revision number: Q0
Motherboard revision number: A0
Model number: WS-C2950G-48-EI
System serial number: XXXXXX
Configuration register is 0xF

CatXX#sh run int fast 0/22
interface FastEthernet0/22
  description XXX
  switchport access vlan 721
  switchport mode access
  switchport nonegotiate
  switchport port-security
  switchport port-security mac-address sticky
  switchport port-security mac-address sticky 0000.1111.2222
  no snmp trap link-status
  no cdp enable
  spanning-tree portfast

CatXX#sh int fast 0/22
FastEthernet0/22 is down, line protocol is down (notconnect)
   Hardware is Fast Ethernet, address is 0013.1953.xxxx (bia 0013.1953.xxxx)
   Description: XXX
   MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
      reliability 255/255, txload 1/255, rxload 1/255
   Encapsulation ARPA, loopback not set
   Keepalive set (10 sec)
   Auto-duplex, Auto-speed, media type is 100BaseTX
   input flow-control is unsupported output flow-control is unsupported
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 29w0d, output 01:18:10, output hang never
   Last clearing of "show interface" counters 3d12h
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: fifo
   Output queue: 0/40 (size/max)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
      276641 packets input, 102028305 bytes, 0 no buffer
      Received 1969 broadcasts (0 multicast)
      0 runts, 0 giants, 0 throttles
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
      0 watchdog, 1189 multicast, 0 pause input
      0 input packets with dribble condition detected
      797521 packets output, 121800493 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collision, 0 deferred
      0 lost carrier, 0 no carrier, 0 PAUSE output
      0 output buffer failures, 0 output buffers swapped out

CatXX#sh int fast 0/22 switchport
Name: Fa0/22
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 721 (XXX)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

2.anyone know about: vlan trunking with catalyst 1900 to any other ios device (catalyst 2950)

3.anyone know about: vlan trunking with catalyst 1900 to any other ios device (catalyst 2950)

4.Settinup 802.ix authentication with cisco 2950 and Micorsoft IAS

I have a project to stop rogue users form pluging onto my network. I
have seen where cisco switches can do port authentication with a radius
server. I would like to setup and IAS server on win2k3 as my radius
server. Can anyone provide me with configuration guides to configure
the switch as well as the IAS server? I would really appreciate the


5.Debug mac access-list extended 2950

Is there a way to debug extended mac access-lists?  I have not found
anything on the Cisco Web Sit or in my switch doc.

My layer2 acl is blocking everything and I do not have any way of
seeing what is happening.  show access-list does not provide a count of
deny frames.  All the debug commands I looked at are for layer3&4

Any suggestions would be appreciated.

6. 2950 switch - max mac-add table size?

7. Port-security mac address on 2950

8. 2950 empty mac address table

Return to cisco


Who is online

Users browsing this forum: No registered users and 84 guest