Lets say the switch doesn´t have an ip. It surely needs one. Perhaps a subnet and host table goes with the workbook in question That says what IP should be on that switch.
Usually they have all a common VLAN that they can interact on. Sounds that ip default-gatway would be The only thing needed in order to reach an NTP server on another subnet/vlan. Regards. Kristjan ---------------------------------------------------------------------- Message: 1 Date: Fri, 3 Jan 2014 03:50:58 +0530 From: alister magee <[email protected]> To: Davar Bajelan <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [OSL | CCIE_Wireless] NTP on 2960 switch Message-ID: <CACa=jhxqe-sfo+s6ru48y41dn6ddm_legf-ez6w503csdxx...@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Hi Davar, In my scenerio there is nothing mentioned about do not allowed to configure SVI but even it is not said you can configure any L3 interface to achieve the task :) I tried the option of ntp broadcast and ntp multicast but 2960 15.x switch do not take this commands. On Fri, Jan 3, 2014 at 3:45 AM, Davar Bajelan <[email protected]>wrote: > > > If you are not allowed to assigned IP address to your L2 switch ( not > allowed to configure SVI) then you can try to use multicast: > > > ntp multicast client [ip-address] > > > On Thu, Jan 2, 2014 at 2:03 PM, Andre Aubet <[email protected]> wrote: > >> Hi Alister, >> >> As any device, a L2 switch has to have an ip address to be able to >> reach an external resource via IP. >> >> You have to configure an SVI and a default-gateway in the vlan which >> suits you, for your 2960 to reach 1.1.1.1 >> >> Only there will you be able to sync with the NTP server. >> >> Hope this is clear enough...? >> >> >> 2014/1/2 alister magee <[email protected]> >> >>> Hi, >>> >>> I have a general question i have 6501-A connected , 6501-B connected >>> in central site >>> >>> I have 2960 switch connected with L2 there is no L3 interface on it >>> >>> Now if i need to run ntp on all the 3 switches what is the commands >>> >>> Lets assume my NTP address is 1.1.1.1 >>> >>> From 6501A/B has L3 interface and it is routeable to 1.1.1.1 so its >>> sync properly But 2960 switch is L2 interface it has no connectivity >>> or route to reach >>> 1.1.1.1 >>> >>> So what is the procedure to break this? :) >>> >>> I am sorry it is not related to IPX workbook but general design i >>> was reading somewhere and its very interesting question to understand. >>> >>> If anyone worked or working on it let me know >>> >>> Cheers. >>> >>> _______________________________________________ >>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >>> >>> iPexpert on YouTube: www.youtube.com/ipexpertinc >>> >> >> >> _______________________________________________ >> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >> >> iPexpert on YouTube: www.youtube.com/ipexpertinc >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </archives/ccie_wireless/attachments/20140103/624329cb/attachment-0001.html> ------------------------------ Message: 2 Date: Fri, 3 Jan 2014 00:21:16 +0100 From: Andre Aubet <[email protected]> To: alister magee <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [OSL | CCIE_Wireless] NTP on 2960 switch Message-ID: <CA+eR=U9qLFaxb1us8kcy4DjZvdJVf73jCE7gYacG=2q77lz...@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" I think if they don't explicitly forbid to configure a SVI for your switch. then you're free to go! The same must be applicable in the real lab I guess, Pick wisely an unused adress in your management vlan... 2014/1/2 alister magee <[email protected]> > Hi Davar, > > In my scenerio there is nothing mentioned about do not allowed to > configure SVI but even it is not said you can configure any L3 > interface to achieve the task :) > > I tried the option of ntp broadcast and ntp multicast but 2960 15.x > switch do not take this commands. > > > > > > > On Fri, Jan 3, 2014 at 3:45 AM, Davar Bajelan <[email protected]>wrote: > >> >> >> If you are not allowed to assigned IP address to your L2 switch ( not >> allowed to configure SVI) then you can try to use multicast: >> >> >> ntp multicast client [ip-address] >> >> >> On Thu, Jan 2, 2014 at 2:03 PM, Andre Aubet <[email protected]> wrote: >> >>> Hi Alister, >>> >>> As any device, a L2 switch has to have an ip address to be able to >>> reach an external resource via IP. >>> >>> You have to configure an SVI and a default-gateway in the vlan which >>> suits you, for your 2960 to reach 1.1.1.1 >>> >>> Only there will you be able to sync with the NTP server. >>> >>> Hope this is clear enough...? >>> >>> >>> 2014/1/2 alister magee <[email protected]> >>> >>>> Hi, >>>> >>>> I have a general question i have 6501-A connected , 6501-B >>>> connected in central site >>>> >>>> I have 2960 switch connected with L2 there is no L3 interface on it >>>> >>>> Now if i need to run ntp on all the 3 switches what is the commands >>>> >>>> Lets assume my NTP address is 1.1.1.1 >>>> >>>> From 6501A/B has L3 interface and it is routeable to 1.1.1.1 so its >>>> sync properly But 2960 switch is L2 interface it has no >>>> connectivity or route to reach 1.1.1.1 >>>> >>>> So what is the procedure to break this? :) >>>> >>>> I am sorry it is not related to IPX workbook but general design i >>>> was reading somewhere and its very interesting question to understand. >>>> >>>> If anyone worked or working on it let me know >>>> >>>> Cheers. >>>> >>>> _______________________________________________ >>>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >>>> >>>> iPexpert on YouTube: www.youtube.com/ipexpertinc >>>> >>> >>> >>> _______________________________________________ >>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >>> >>> iPexpert on YouTube: www.youtube.com/ipexpertinc >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: </archives/ccie_wireless/attachments/20140103/ed108cd4/attachment-0001.html> ------------------------------ Message: 3 Date: Fri, 3 Jan 2014 03:35:17 +0000 From: "Jay Killion (jakillio)" <[email protected]> To: "[email protected]" <[email protected]> Subject: [OSL | CCIE_Wireless] WB1 Lab 3.2 Message-ID: <ceeb8c12.1273e%[email protected]> Content-Type: text/plain; charset="windows-1252" Question on WB1 lab 3.2. The requirements have you creating multiple SSID's (autonomous AP), each using different EAP methods in ACS ? such as PEAP for one and TLS for another. The solution book doesn't show how this is done in ACS so I wanted to find out the correct method for this. I'm thinking the correct steps are as follows, but would appreciate any feedback. 1 ? Create an end-station filter to match on SSID 2 ? Create a new access service that only allows that specific EAP method (TLS, for example) 3 ? Create a new service selection rule that matches the end-station filter (from step 1) and returns the service created in step 2, thus only permitting that EAP method Is that correct? Thanks Jay Killion, CCIE #17873 R/S -------------- next part -------------- An HTML attachment was scrubbed... URL: </archives/ccie_wireless/attachments/20140103/74e91d26/attachment-0001.html> ------------------------------ Message: 4 Date: Fri, 3 Jan 2014 06:11:05 +0000 From: Justin Kurynny <[email protected]> To: "Jay Killion (jakillio)" <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [OSL | CCIE_Wireless] WB1 Lab 3.2 Message-ID: <[email protected]> Content-Type: text/plain; charset="Windows-1252" Jay, You're on the right track overall, but for that first step you may want to take a close look at the ACS logs to see what attributes and attribute values are included in the radius auth request packet coming from the AP. In a larger context, I found that a highly valuable exercise was to compare the radius auth requests from the following three devices. Their attributes differ depending on source and knowing those differences is key when setting up access policies in ACS: * WLC * Autonomous AP * FlexConnect AP (standalone mode) hth, Justin Disclaimer: I'm not familiar with the specific exercise you're working on--just trying to help in a general sense on your outlined first step. typd on tny kybrd. > On Jan 2, 2014, at 19:42, "Jay Killion (jakillio)" <[email protected]> wrote: > > Question on WB1 lab 3.2. The requirements have you creating multiple SSID's > (autonomous AP), each using different EAP methods in ACS ? such as PEAP for > one and TLS for another. The solution book doesn't show how this is done in > ACS so I wanted to find out the correct method for this. I'm thinking the > correct steps are as follows, but would appreciate any feedback. > > 1 ? Create an end-station filter to match on SSID > 2 ? Create a new access service that only allows that specific EAP > method (TLS, for example) > 3 ? Create a new service selection rule that matches the end-station > filter (from step 1) and returns the service created in step 2, thus > only permitting that EAP method > > Is that correct? > > Thanks > > Jay Killion, CCIE #17873 R/S > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc ------------------------------ Message: 5 Date: Fri, 3 Jan 2014 13:13:43 +0530 From: alister magee <[email protected]> To: Davar Bajelan <[email protected]>, "[email protected]" <[email protected]> Subject: Re: [OSL | CCIE_Wireless] NTP on 2960 switch Message-ID: <CACa=jhuzw4qaeac_-gjuy79vttkpx2cbereyhl5_lnuztqe...@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Even if you write ntp broadcast client you required L3 interface but in 2960 switch there is no L3 interface :) I waste my 40 mins to search :) no issues i believe L3 interface is the only solution for it. On Fri, Jan 3, 2014 at 4:56 AM, Davar Bajelan <[email protected]>wrote: > Hi Alister, > > As per Cisco Lab Exam v2.0 - Lab Equipment and Software list the 2960 > switch uses > > IOS Software Release 12.2 SE feature LAN BASE feature set not the > ver 15.x > > > https://learningnetwork.cisco.com/docs/DOC-5278 > > I have ver 12.2 does support broadcast. > > Davar > > > > On Thu, Jan 2, 2014 at 2:20 PM, alister magee > <[email protected]>wrote: > >> Hi Davar, >> >> In my scenerio there is nothing mentioned about do not allowed to >> configure SVI but even it is not said you can configure any L3 >> interface to achieve the task :) >> >> I tried the option of ntp broadcast and ntp multicast but 2960 15.x >> switch do not take this commands. >> >> >> >> >> >> >> On Fri, Jan 3, 2014 at 3:45 AM, Davar Bajelan <[email protected]>wrote: >> >>> >>> >>> If you are not allowed to assigned IP address to your L2 switch ( >>> not allowed to configure SVI) then you can try to use multicast: >>> >>> >>> ntp multicast client [ip-address] >>> >>> >>> On Thu, Jan 2, 2014 at 2:03 PM, Andre Aubet <[email protected]> wrote: >>> >>>> Hi Alister, >>>> >>>> As any device, a L2 switch has to have an ip address to be able to >>>> reach an external resource via IP. >>>> >>>> You have to configure an SVI and a default-gateway in the vlan >>>> which suits you, for your 2960 to reach 1.1.1.1 >>>> >>>> Only there will you be able to sync with the NTP server. >>>> >>>> Hope this is clear enough...? >>>> >>>> >>>> 2014/1/2 alister magee <[email protected]> >>>> >>>>> Hi, >>>>> >>>>> I have a general question i have 6501-A connected , 6501-B >>>>> connected in central site >>>>> >>>>> I have 2960 switch connected with L2 there is no L3 interface on >>>>> it >>>>> >>>>> Now if i need to run ntp on all the 3 switches what is the >>>>> commands >>>>> >>>>> Lets assume my NTP address is 1.1.1.1 >>>>> >>>>> From 6501A/B has L3 interface and it is routeable to 1.1.1.1 so >>>>> its sync properly But 2960 switch is L2 interface it has no >>>>> connectivity or route to reach 1.1.1.1 >>>>> >>>>> So what is the procedure to break this? :) >>>>> >>>>> I am sorry it is not related to IPX workbook but general design i >>>>> was reading somewhere and its very interesting question to understand. >>>>> >>>>> If anyone worked or working on it let me know >>>>> >>>>> Cheers. >>>>> >>>>> _______________________________________________ >>>>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security >>>>> Videos >>>>> :: >>>>> >>>>> iPexpert on YouTube: www.youtube.com/ipexpertinc >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >>>> >>>> iPexpert on YouTube: www.youtube.com/ipexpertinc >>>> >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: </archives/ccie_wireless/attachments/20140103/3525a3c0/attachment.html> ------------------------------ _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc End of CCIE_Wireless Digest, Vol 57, Issue 4 ******************************************** _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
