Just letting anyone looking to purchase the IE-1000's (any variant) about the product and its platform. We have about 80 IE-1000's so far and this is our impressions.
1) The IE-1000's DO NOT support AAA/TACACS+ (As of code 1.6). Oddly, the configuration shows up in the CLI, but it's not activated. (We have asked for a feature request, but we're not holding our breath)
Problem description: IE-1000-8P2S-LM authentication assistance.
-Informed that by architecture, these switches doesn’t support radius/tacacs authentications.
-They support only local authentications.
IE1000# IE1000# IE1000# sh aaa Authentication : console : local telnet : no ssh : local http : local Authorization : console : no, commands disabled telnet : no, commands disabled ssh : no, commands disabled Accounting : console : no, commands disabled, exec disabled telnet : no, commands disabled, exec disabled ssh : no, commands disabled, exec disabled IE1000# IE1000# IE1000# sh tacacs-server Global TACACS+ Server Timeout : 5 seconds Global TACACS+ Server Deadtime : 0 minutes Global TACACS+ Server Key : 3689...<removed>...b61b7 No servers configured! IE1000# IE1000#
2) The IE-1000's DO NOT support CDP.
Problem description: IE-1000 does not speak CDP.
Indeed, as the IE-1K documentation specifies, it is only CDP aware:
CDP-aware means that the IE1K can read CDP but does not send CDP advertisements. Upstream devices will not find the IE1K via CDP.
In the other hand, as same document specifies, it is LLDP capable, so I went to my IE-1K and configured LLDP, I was able to see it in my upstream switch after it:
C9300_lab#show lldp ne
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
IE1K1 Gi2/0/21 120 B 1
3) The IE-1000's don't seem to have a way to enter domain names other the hostname. Not the end of the world, but annoying.
4) When monitoring these devies in SolarWinds Orion we have found that when we 'discover' the resources within the device we see the 'interfaces' counter on Orion go into the thousands! We thought this was an error until we finally just let it finish. What we found was Orion seems to discover ALL 4096 VLAN's! So when you bring these into monitoring and they show as having 4,000+ interfaces it's normal (I guess).
Other than these glaring issues, we are still happy overall with the IE-1000 platform. We operate in environments that need lots of industrial/outdoor environmental equipment and having a low cost industrial switch from Cisco has been great.
If Cisco can fix the first 2 big issues we would be very appreciative.
starting with a release later this (v1.7) the IE1000 will support TACACS/RADIUS for AAA authentication of network administrators.
Release v1.7 is scheduled for summer 2018. check the IE1000 page on Cisco.com
the upcoming SW release for the IE1000 will have these new features.
the release is on track for this summer 2018. check back to the IE1000 web page on cisco.com to see when the SW release is made available. or just reply to this thread.
Hi to all ,
I upgraded an IE1000 to rel 1.7 for tacacs access .
I configured by web page , tacacs server, Key and aaa auth method
tacacs server is reachable from device
..... # ping ip 10.29.15.62
64 bytes from 10.29.15.62: icmp_seq=0, time=9ms
64 bytes from 10.29.15.62: icmp_seq=1, time=11ms
64 bytes from 10.29.15.62: icmp_seq=2, time=9ms
By cli I have :
TACACS+ Server #1:
Host name : 10.29.15.62
Port : 49
Timeout : 5 seconds
Key : 40058e9c5600dfc4734b1812d176d6cbd312c5a6dd04dcaa6a3dbf1bd94f06e76fd3ea57db08c277e9dc14327aa6cd58e126e0ad2c089e170a636ea0ceb57710
ITTO6swq153IVEfm# sh aaa
console : local
telnet : no
ssh : tacacs local
http : tacacs local
console : no, commands disabled
telnet : no, commands disabled
ssh : no, commands disabled
console : no, commands disabled, exec disabled
telnet : no, commands disabled, exec disabled
ssh : no, commands disabled, exec disabled
I don't able to login By tacacs on devices only . Are there something else to do ?