I had a similar issue with TFTP that was caused by the Cisco VPN client on my
laptop. There is a check box in the VPN client settings that turns the Cisco
stateful firewall on all the time even when the client isn't loaded. This will
block all incoming connections like TFTP request from a switch.
Kerry Melcher
Supervisor of Network Services
South Kitsap School District
Phone: 360-874-7031
________________________________
From: Renbarger, Nate [mailto:[email protected]]
Sent: Thu 3/10/2011 6:23 AM
To: [email protected]
Subject: Re: [Packetfence-users] Cisco 2950 Crypto Image
It sounds like there may be an issue with the tftp server on your machine, if
you can ping it from the switch you should be able to tftp. Is the windows
firewall turned on and blocking the tftp by chance? If it's not that you could
try this tftp server: http://support.3com.com/software/3cdv2r10.zip, that's the
one I like to use because it's light weight and portable so I can keep it on a
usb stick and use it on any machine. It also has FTP and syslog servers. Try
that and let me know what you find. You could also run 'netstat -noap udp' to
make sure the tftp port (port 69) is open on the machine. What version of
Windows is it running?
NATE RENBARGER
NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953
765.677.2340 | 765.677.2020 FAX
[email protected] <mailto:[email protected]>
INDWES.EDU/IT
From: Marlon Bastida [mailto:[email protected]]
Sent: Monday, March 07, 2011 4:27 PM
To: [email protected]
Subject: Re: [Packetfence-users] Cisco 2950 Crypto Image
Nate,
I download this image: c2950-i6k2l2q4-mz.121-22.EA14.bin.
But I got SolarWinds TFTP and Cisco Kits TFTP servers, and on these 2 programas
I can't get successfully doing a copy of startup-config, looking on the console
(serial). I can ping from the switch my computer but when I did the copy I got
timeout error.
Tks,
Marlon
2011/3/7 Renbarger, Nate <[email protected]>
Glad you got access to the switch again, I know that it's frustrating to get
locked out. Yes, you'll probably need the crypto version. The crypto version
will have a k2 in the name like this: flash:c2950-i6k2l2q4-mz.121-22.EA13.bin.
That will let you configure all of the encryption portions of the config. Also,
to keep yourself from getting locked out again you can set it up with a local
username and password. The command would be 'username admin privilege 15
password mypassword' where admin is your username and mypassword is the
password. Then you can use that as the username and password at the prompt and
it will authenticate locally.
NATE RENBARGER
NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953
765.677.2340 | 765.677.2020 FAX
[email protected] <mailto:[email protected]>
INDWES.EDU/IT
From: Marlon Bastida [mailto:[email protected]]
Sent: Friday, March 04, 2011 6:23 PM
To: [email protected]
Subject: Re: [Packetfence-users] Cisco 2950 Crypto Image
Nate,
Doing the show version command, bring me this:
fence0>show ver | include System image
System image file is "flash:/c2950-i6q4l2-mz.121-22.EA2.bin"
fence0>
Tks Marlon
2011/3/4 Renbarger, Nate <[email protected]>
If you didn't save the config then you can just reboot the switch and it will
roll back the changed and you should have access again. If the config is saved
and you got all of the switch config done you will have to either get the
radius piece working in PF so you can authenticate against it or run through
the password recovery procedure with the switch. Here is a link to the password
recovery documentation.
http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml
NATE RENBARGER
NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953
765.677.2340 | 765.677.2020 FAX
[email protected] <mailto:[email protected]>
INDWES.EDU/IT
From: Marlon Bastida [mailto:[email protected]]
Sent: Friday, March 04, 2011 4:41 PM
To: [email protected]
Subject: Re: [Packetfence-users] Cisco 2950 Crypto Image
Nate,
Well I did an update on PF, now I'm using PF 2.1.0.
I'm using Cisco IOS 12.1(22)EA2, but I can't enter now with show version.
I was trying to update my switch configs on my Cisco 2950 (WS-C2950-24) and I
did until radius server config. (PF Admin guide 2.1.0)
I put the RADIUS server on the same IP address (192.168.50.120) of PF VM
(CentOS 5.5) and when I tried to enter on console need a username and password
but can't enter on switch now...
Tks
2011/3/4 Renbarger, Nate <[email protected]>
Marlon,
What's the full version you are running? At the cli on the 2950 type "show ver
| include System image" and post the results. If it is that it needs crypto
(which trying to do the priv encryption it most likely does) you'll have to get
it from Cisco.com. To get that you'll need a login because you'll have to go
through a waiver process to be able to download crypto software. You may also
need to have a support contract or purchase the upgrade (I'm not sure on the
edge switches if that's the case for sure). Also that setup is incorrect, the
documentation should be updated but the collowing commands:
snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56
privpwdread
snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv des56
privpwdwrite
need to be:
snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes 128
privpwdread
snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv aes 128
privpwdwrite
otherwise it won't work.
NATE RENBARGER
NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953
765.677.2340 | 765.677.2020 FAX
[email protected] <mailto:[email protected]>
INDWES.EDU/IT
From: Marlon Bastida [mailto:[email protected]]
Sent: Friday, March 04, 2011 12:48 PM
To: PacketFence Lista
Subject: [Packetfence-users] Cisco 2950 Crypto Image
Hi,
I'm doing the steps about SNMP config. on a Cisco 2950 - (WS-C2950-24). So I
did basic reseach on the software guide and tell me about download a Software
Image for enable priv (needs to use a crypto image).
Can u point me a download link to the a right image software of this swtich
model, please?
priv commands need a software image to work...
snmp-server engineID local AA5ED139B81D4A328D18ACD1
snmp-server group readGroup v3 priv
snmp-server group writeGroup v3 priv read v1default write v1default
snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56
privpwdread
snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv des56
privpwdwrite
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
Tks,
Marlon
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
