Related subreddits:

Hello Cisco Community.

Hope everyone is well.

anyone created cisco smart account recently ?!

i need some help with that, i already opened case with cisco but just wanted to see if anyone experienced that before jump onto meeting with cisco!?

I keep asking me to change my cisco profile to valid company name and my company is not listed in Cisco dropbox what should i do?

Thanks

Hi everyone, I have a question regarding an issue one of our clients is facing. When they open the IP Communicator, it keeps refreshing the registration continuously. Even when I enter the credentials, the problem persists.

after previously enjoying the simplicity of the old UI, i've now been forced onto the new netacad and hate it. how do i claim my certificates as i've completed all the assessments but no prompt or acknowledgement had popped up anywhere i can find

Hello Cisco community,

I am planning to deploy Wireless LAN controller C9800-L-C-K9 to manage my access points.

I have 75 access point i want to deploy them, my access point models are 9120AXI-E.

My question is do i need any license for activate them i heard somewhere that WLC itself dont need any license to work but it need license for access points to be able to join.

Can someone please help me with that? Thank you

Do free courses such as Introduction to Cybersecurity give certificates once i complete them.

Edit: Also if they do give certificates are they free or do i have to pay for it

Am I right in saying that if I have only a one gigabit connection from my WLC to my core switch, and then 4 WAP’s connected with gigabit to the same core switch. That all 4 of those WAP’s will have to share a one gigabit connection to the network because all there traffic has to go through the WLC? Or is the WLC just used as management?

I'm trying to access Cisco networking academy, but it keeps loading forever.

I have tried to log in with another computer in another network, it works just fine.

But with my own network and computer, it doesn't work at all.

Any help

Trying to simplify this down to the basics of what I'm trying to do. Essentially I have multiple locations connected via Comcast ENS (switch in cloud to make it simple). Each location has a Cisco 4000 series router right now. I use OSPF for the routing between sites. I need to create a network, single VLAN/Subnet, that is shared across the locations, each location will have a device, timeclock, that needs to be on this shared network. Location A in the simplified network has a route to a server these devices need to access. I was easily able to add the VLAN to my Cisco switch, apply the IP to the clock, and create a sub interface on Router A with an IP on the new subnet and route the traffic to the server. But, I've not been able to figure out how to route/share that network across the ENS circuit. I've tried several different things and done some research, but I'm not sure I know the right terms to search for. Any guidance would be appreciated.

https://preview.redd.it/lu4ayxr2siyd1.png?width=636&format=png&auto=webp&s=32da165a87ccfc893f158bed3947c2e5d7b044d8

Hi guys. I need to boot an out of box Cisco 9300L-M which came with Meraki OS. I need to configure from console and manage it locally rather than from cloud. Any ideas how to achieve this?

Hello,

i am looking to instal 3x c9300 stacked switches as core switches.

Are this switches operate as one? My question is that, i want to have lacp From access switches to the c9300 core switches.

Can i use ports from the different stacked switches to implement lacp?

Hi everybody . I am from Bangladesh. I am cse major .I really badly need a part time job in the IT sector . I am a student and need to support my family. Should I do a ccna/ccnp course ? Will that help me get a job? If yes then where can I do the course from( free if possible). Please help me with guidelines and resources I am suffering a lot.

Hello, I have problems with access via ssh on some routers. Every time they reboot, SSH access is lost until the command "crypto key generate rsa" is given again to activate SSH.


Is there a way to keep the rsa key bits after rebooting the router?

I noticed that the crypto key generate rsa command is not seen in the router's show runHello, I have problems with access via ssh on some routers. Every time they reboot, SSH access is lost until the command "crypto key generate rsa" is given again to activate SSH.


Is there a way to keep the rsa key bits after rebooting the router?

I noticed that the crypto key generate rsa command is not seen in the router's show run

hola, tengo problemas con el acceso por ssh en unos Routeres. cada vez que se reinician se pierta el acceso por ssh hasta que se les coloca el comando "crypto key generate rsa" nuevamente para activar el ssh.

existe alguna forma de mantener los bit de rsa key luego de reinicial el router?

yo e notado que el comando crypto key generate rsa no se aprecia en el show run del equipo.

esto tiene que ver con el echo de que se tenga que aplicar el comando cada vez que el router se reinicia?

How do you guys feel about the investment in AI by Cisco? Do you think the pre-sales org in this space would be a good place to join or is it too late for Cisco to make a splash?

I am not an IT professional. I have two IE4000 switches that are preconfigured from a manufacturer. Someone factory reset one of them and it seems to have lost its configuration and who knows what else because they do have some kind of IOx running as well. I'm trying to figure out how to get that one to be identical to the working one.

I read about using console commands to copy the configuration from the working on and configure the non-working unit, so that's what I've tried. However, there are things in the configuration of the working one which I can't seem to get to work in the non-working one. For example, the working one has a section in the cofiguration as follows:

interface GigabitEthernet1/9

and all the data that follows that, but when I try and give that command to the other switch, I get the error pointing at the number 9:

invalid input detected at '^' marker

Now, the confusing thing is that these are 8 port switches, so I have no idea why there's a configuration for what appears to be port 9. They are identical model numbers (IE-4000-4TC4G-E V02) and both are even manufactured on the same date. All I know is the working switch has this section and spits it out when I ask for show config command. Does anyone know why I might have what appears to be a valid configuration for a port 9 on one but I can't do anything with it on the other?

ETA - Tough crowd. Lots of down votes from people for someone just trying to get help. I don't think people understand that this switch is inside a complete product that is sold as an off the shelf item. It's preconfigured and preloaded to do exactly what it's supposed to do and anyone who buys this product gets the exact same thing. The manufacturer of this product, of whom I am a distributor and provide authorized service for, does not offer support on a technical level for what's going on inside the switch. Sure, someone somewhere knows about it because they designed and built this product, but I have no way of contacting those people in this international company. As a distributor and authorized service provider they offer support for the product as a whole as far as how to hook up power, connect the cables, attach the sensors, etc, and that's it. Rather than pay them for a new switch that's preloaded because someone messed this one up, I don't see why I can't learn to fix this one myself given the fact I have a perfectly operational unit to get everything I need from.

Hello All, I'm looking for a quieter version of the ASR-1002-F that has four SFP cages and (hopefully) full gigabit routing. I'm not doing BGP, just a basic VRF for routing. Would the ASR-1001 with its 1U form factor be quieter? I found a few on ebay that might fit the bill if so, but I don't want to commit if it's just going to be smaller but not quieter.

I got the ASR-1002-F from work as a decom as I'm working on doing an AT&T bypass with a routed subnet but the 1002 is just mind numbingly loud, even after it's finished booting.

Thank you!

Hello everyone,

I have a Cisco AIR-CAP2702I-UXK9 access point running firmware version 15.3(3)JK7, connected to a 5520 Controller with firmware 8.10.171.0. The access point successfully connects to the controller, obtains an IP address from the correct subnet, and clients can connect to the AP without any issues. Everything seems to be working as expected.

However, I noticed the status LED on the access point cycles through green-red-off repeatedly.
After some research, I found the following Cisco documentation:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/AP_Regulatory_Domain_DG/b_universal_AP_regulatory_domain_DG.html

This document suggests that this may relate to regulatory domain settings, but it’s quite outdated, and I’ve read that the configuration utility has been removed from the Android platform.

Does anyone know how to address this LED status issue?

Hello Reddit friends,

I have a project where I need two routers, each with a full-route BGP peer, connected via iBGP. I've been considering two ASR 9001 routers, as they’re quite affordable. I know they come with 8GB of RAM and support several million routes in the RIB, but only 1 million in the FIB (I’m not sure if it’s possible to enable the L3XL profile) to reach 1.3 million routes.

Do you think these routers would be viable for my needs? Estimating an increase of 40,000 to 50,000 routes per year until reaching 1.3 million, could these routers last me 3 to 4 years?

I considered the ASR 9001 because I need DHCP and PPPoE server functionality for internet access clients. I like the Juniper MX204, but I think I’d need very expensive licenses for it.

Thank you very much!

Re: taking offense, I think some of you already see where this is headed :)

This is going to make me sound like a d*ck ... but I have to say it: Please, please, please do not respond with "you shouldn't do x, y or z" ... please

This is a LAB environment, and I am looking at RAW packet data, and I am in total control of the cabling and what is going into the switch. And if a loop did arise, well, sh*t, that would just be interesting; I don't care if it does.

Ok, I'm using NXOS: version 10.5(2) [build 10.5(1)IMG9(0.167)] [Feature Release]

I am not a network engineer, but I am an engineer.

I know I can disable spanning tree on a per vlan basis, but I'd really like it if I could just disable it entirely, so it doesn't "wake up" again after adding a new vlan. Is there any way to do this?

If I can't do this thru the usual CLI, I can run bash sudo su and mess with the running processes if need be ... is there a process down at root level I can kill?

I appreciate that STP is very important, and protects against very bad things ... but I really do not care in the least, and it's just really annoying to be having BPDU packets coming out.

If it's not possible, no worries, but I'd just really like to know if it's possible or not possible, and if it is possible, how?

Does anyone know how to reverse these Cisco type 3 BGP peer passwords (example config)?

router bgp 1
   router-id 1.1.1.1
   address-family ipv4 unicast
   neighbor 10.1.12.2 remote-as 2
      password 3 3ec66c90c104ad13

We have 3 Cisco 4500Rs with dual SUPs that are currently on version 3.11.7. We plan on switching to Meraki MS's in ~6 months before these switches go end of life. We normally update our switches once a year around this time but I am contemplating updating this year as the only change in 3.11.8-11 is the ability to use "Secure Erase".

Is there a difference between "Secure Erase" and just doing a write erase, erase startup-config, removing anything else that may be in flash, delete vlan.dat, and reload?

Guys, how do you perform disaster recovery plan testing? The operations folks simply want to run this in the production environment on the Cisco Nexus in a maintenance window.

Big question for y’all been trying to do this all day and I can’t get it to work if it can work please let me know.

How would I do ospf Okay so I have router 1 that has interface gi0/0/0 with the IP of 192.168.1.1connected to a switch which is then connected to a client with ip interface 192.168.1.2 /24 this router also has interface GI0/0/1 with ip 10.10.10.1/30 connected to router 2 interface gi0/0/1 with ip of 10.10.10.2 /30 router 2 has another interface of gi0/0/0 which has an ip of 172.168.1.1 /24 connected to a switch that has two clients connected to it 1 has another interface ip of 192.168.1.3/24 and the other client has an ip of 172.168.1.2/24 I need these to talk through a gre tunnel if that is possible give me the full configurations

Hello! I am trying to give these PCs ips with the use of DHCP which I've achieved so far but then we should turn the g0/1 port of the S9 switch into trunk. I am confused because I am doing the "interface g0/1" and the "switchport mode trunk" but I don't get the "down up" responses that I should. When I go to "show vlan brief" it shows that the g0/1 port is still acting as an access point. What am I doing wrong? Also, it says Vlan2: 172.16.128.1 and Vlan3: 172.16.64.1. should these be the ips of the vlans or their devices? Thank you for your time and assistance!

This might be a dumb question but here goes...

- I have 3 switches in a mini rack: 1 - Catalyst 3560G Series PoE-24, and 2 - Catalyst 3560X 24P PoE+

- These switches are on a small Cyberpower 750VA UPS which does nothing if the power flickers

- The DataCenter in the office has 2 much larger UPS's in a connected room. These each run to a distribution rail on the wall near the drop ceiling that have L5-30R receptacles.

- We have 4 racks, each with a PDU

Here are my questions:

1. Could I just get really long power cords (25-30ft), run them through the drop ceiling, and plug the switches into the PDU's in the racks that are supported by the larger UPS's?

2. Would a really long cord like in question 1 affect the switches?

3. Does anyone know of a small PDU that has a pigtail length of 30ft and a NEMA L5-30P plug that I could mount in the mini rack to plug the switches into?

hey guys, little late to the party but trying to setup a 5108 blade server in my home lab and so i bought the 6248up to control it....having some trouble with TLS1.0 and wanted to see if before I just folded and gave up on updating firmware with recent stuff if anyone might have a more recent software version than this is currently running, i think its 2.2(5s)? havent gotten into the ucs yet as having java tls troubles haha.

Cisco anyconnect- connection timed out. No internet connection.

The support guy at work told me turn off SIP ALG but I see it’s turned off.

I’m using GL-AX1800 router.

Please advise.

I am attempting to update a physical Cisco ISE IBNS server running version 3.2 patch version 7 to version 3.3.

This is a standalone device operating in standalone mode. The upgrade bundle is on the device itself. I am attempting to upgrade using the CLI command "application upgrade proceed."

When i run the command, it gets to step two, "Verifying files in bundle," and after a few more lines, i get this exact error code:

% Error: Could not detect node role type. Upgrade cannot not continue.

I'd also like to add that before this one, i upgraded another ISE node in standalone mode with the same exact file and same exact steps. Both were previously paired and syn, ed so their settings and configurations are the exact same. Has anyone else run into this is? If if so, did you ever find a solution that you wouldn't mind sharing?

EDIT: 2024 NOV 1 So I decided to factory reset the ISE server with the "application reset-config" command, which set it back to version 3.2. However, now the ISE application service is stuck in the "initializing" state, and I can not access the web GUI.

I've tried stopping and starting the service, I've tried starting it in safe mode, and I've tried rebooting the thing entirely to no avail. Luckily, the server isn't actually being used. We are just learning the machine and setting it up, so im going to let it "initialize" over the weekend. If I come back Monday and its still initializing, ill admit defeat, crawl under my desk, and cry, then open a TAC case

SOLVED! Looks like we have Single Mode Fiber everywhere... .and the SFP's I have purchased are MultiMode Fiber.... We will order some new SFP's and try again!

--------------------------------------------------------------------------------------------------------------------------------

Hi Everyone, I cannot seem to connect an idf switch (Catalyst 9300) to our main MDF Nexus 5548.

I have verified light at the IDF.  I have for example light on side A of fiber going into switch, verified light on Side B coming out of switch/transceiver.  I have verified the same at the Nexus switch as well.

Do I have a configuration problem or a hardware problem?  I have tried to play with the speed command and on the Catalyst I receive configuration does not match the port capability error.

On the Nexus I can set speed 10000 but if i try auto i get:

NEXUS5548(config-if)# speed auto
ERROR: Ethernet1/31: Configuration does not match the port capability.

Hardware:
Catalyst 9300 with C9300-NM-2Y with SFP-10G-SR-X
Nexus 5548 and SFP-10G-SR-X

**CATALYST9300#**sh interfaces twentyFiveGigE 1/1/1
TwentyFiveGigE1/1/1 is down, line protocol is down (notconnect)
Hardware is Twenty Five Gigabit Ethernet, address is ccb6.c85e.ca3f (bia ccb6.c85e.ca3f)
MTU 1500 bytes, BW 25000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 10Gb/s, link type is auto, media type is SFP-10GBase-SR
input flow-control is on, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec

High Alarm High Warn Low Warn Low Alarm
Temperature Threshold Threshold Threshold Threshold
Port (Celsius) (Celsius) (Celsius) (Celsius) (Celsius)
--------- ----------------- ---------- --------- --------- ---------
Twe1/1/1 27.8 90.0 85.0 -5.0 -10.0

High Alarm High Warn Low Warn Low Alarm
Voltage Threshold Threshold Threshold Threshold
Port (Volts) (Volts) (Volts) (Volts) (Volts)
--------- ----------------- ---------- --------- --------- ---------
Twe1/1/1 3.29 3.63 3.46 3.13 2.97

High Alarm High Warn Low Warn Low Alarm
Current Threshold Threshold Threshold Threshold
Port Lane (milliamperes) (mA) (mA) (mA) (mA)
--------- ---- --------------- ---------- --------- --------- ---------
Twe1/1/1 N/A 7.3 10.5 10.5 2.5 2.5

Optical High Alarm High Warn Low Warn Low Alarm
Transmit Power Threshold Threshold Threshold Threshold
Port Lane (dBm) (dBm) (dBm) (dBm) (dBm)
--------- ---- --------------- ---------- --------- --------- ---------
Twe1/1/1 N/A -2.2 1.70 -1.30 -7.30 -11.31

Optical High Alarm High Warn Low Warn Low Alarm
Receive Power Threshold Threshold Threshold Threshold
Port Lane (dBm) (dBm) (dBm) (dBm) (dBm)
--------- ---- --------------- ---------- --------- --------- ---------
Twe1/1/1 N/A -10.3 2.00 -1.00 -9.91 -13.91

interface TwentyFiveGigE1/1/1
switchport access vlan 10
switchport trunk allowed vlan 10,20,61,62
switchport mode trunk

NEXUS5548# sh interface ethernet 1/31
Ethernet1/31 is down (Link not connected)
Dedicated Interface

Hardware: 1000/10000 Ethernet, address: 0005.73fe.98c6 (bia 0005.73fe.98c6)
Description: TEST-UPLINK
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is trunk
auto-duplex, 10 Gb/s, media type is 10G
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
EtherType is 0x8100
Last link flapped never
Last clearing of "show interface" counters 23:44:24
0 interface resets
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 0 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 0 bps, 0 pps; output rate 0 bps, 0 pps
RX
0 unicast packets 0 multicast packets 0 broadcast packets
0 input packets 0 bytes
0 jumbo packets 0 storm suppression bytes
0 runts 0 giants 0 CRC 0 no buffer
0 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
0 input with dribble 0 input discard
0 Rx pause
TX
0 unicast packets 0 multicast packets 0 broadcast packets
0 output packets 0 bytes
0 jumbo packets
0 output error 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble 0 output discard
0 Tx pause

Ethernet1/31
transceiver is present
type is 10Gbase-SR
name is CISCO-AVAGO
part number is SFBR-709ASMZ-CS1
revision is G4.1
serial number is AVD19337137
nominal bitrate is 10300 MBit/sec
Link length supported for 50/125um OM2 fiber is 82 m
Link length supported for 62.5/125um fiber is 26 m
Link length supported for 50/125um OM3 fiber is 300 m
cisco id is --
cisco extended id number is 4

SFP Detail Diagnostics Information (internal calibration)
----------------------------------------------------------------------------
Current Alarms Warnings
Measurement High Low High Low
----------------------------------------------------------------------------
Temperature 34.22 C 90.00 C -10.00 C 85.00 C -5.00 C
Voltage 3.25 V 3.63 V 2.97 V 3.46 V 3.13 V
Current 7.19 mA 10.50 mA 2.50 mA 10.50 mA 2.50 mA
Tx Power -2.31 dBm 1.69 dBm -11.30 dBm -1.30 dBm -7.30 dBm
Rx Power -11.48 dBm - 1.99 dBm -13.97 dBm -1.00 dBm -9.91 dBm
----------------------------------------------------------------------------
Note: ++ high-alarm; + high-warning; -- low-alarm; - low-warning

interface Ethernet1/31
description TEST-UPLINK
switchport mode trunk
spanning-tree port type normal

I've been tasked by our security engineer to find out if our Cisco switches (Catalyst 9k) support LDAPs, and I'm not finding much information on it. I did find that that LDAP is now an option. Due to BlastRADIUS, our CISO wants to make the jump away from RADIUS if we can.

Switch(config)#aaa authentication login default group ?
WORD Server-group name
ldap Use list of all LDAP hosts.
radius Use list of all Radius hosts.
tacacs+ Use list of all Tacacs+ hosts.

Switch(config)#aaa authentication login default group ldap ?
cache Use Cached-group
enable Use enable password for authentication
group Use Server-group
line Use line password for authentication.
local Use local username authentication.
local-case Use case-sensitive local username authentication.
none NO authentication.
radius Use RADIUS authentication.
tacacs+ Use TACACS+ authentication.
<cr> <cr>

Our Cisco rep isn't being the most helpful on this topic and I'm not sure if it's even possible. If not, I have to get together how to implement RADSec, and it doesn't tempt me.