12-29-2017 09:34 AM - edited 03-08-2019 01:15 PM
Just letting anyone looking to purchase the IE-1000's (any variant) about the product and its platform. We have about 80 IE-1000's so far and this is our impressions.
1) The IE-1000's DO NOT support AAA/TACACS+ (As of code 1.6). Oddly, the configuration shows up in the CLI, but it's not activated. (We have asked for a feature request, but we're not holding our breath)
Cisco SR683004440
Problem description: IE-1000-8P2S-LM authentication assistance.
Resolution summary:
-Informed that by architecture, these switches doesn’t support radius/tacacs authentications.
-They support only local authentications.
IE1000# IE1000# IE1000# sh aaa Authentication : console : local telnet : no ssh : local http : local Authorization : console : no, commands disabled telnet : no, commands disabled ssh : no, commands disabled Accounting : console : no, commands disabled, exec disabled telnet : no, commands disabled, exec disabled ssh : no, commands disabled, exec disabled IE1000# IE1000# IE1000# sh tacacs-server Global TACACS+ Server Timeout : 5 seconds Global TACACS+ Server Deadtime : 0 minutes Global TACACS+ Server Key : 3689...<removed>...b61b7 No servers configured! IE1000# IE1000#
2) The IE-1000's DO NOT support CDP.
Cisco SR683689081
Problem description: IE-1000 does not speak CDP.
Resolution summary:
Indeed, as the IE-1K documentation specifies, it is only CDP aware:
CDP-aware means that the IE1K can read CDP but does not send CDP advertisements. Upstream devices will not find the IE1K via CDP.
In the other hand, as same document specifies, it is LLDP capable, so I went to my IE-1K and configured LLDP, I was able to see it in my upstream switch after it:
C9300_lab#show lldp ne
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
IE1K1 Gi2/0/21 120 B 1
3) The IE-1000's don't seem to have a way to enter domain names other the hostname. Not the end of the world, but annoying.
4) When monitoring these devies in SolarWinds Orion we have found that when we 'discover' the resources within the device we see the 'interfaces' counter on Orion go into the thousands! We thought this was an error until we finally just let it finish. What we found was Orion seems to discover ALL 4096 VLAN's! So when you bring these into monitoring and they show as having 4,000+ interfaces it's normal (I guess).
Other than these glaring issues, we are still happy overall with the IE-1000 platform. We operate in environments that need lots of industrial/outdoor environmental equipment and having a low cost industrial switch from Cisco has been great.
If Cisco can fix the first 2 big issues we would be very appreciative.
02-15-2018 03:21 PM
starting with a release later this (v1.7) the IE1000 will support TACACS/RADIUS for AAA authentication of network administrators.
Release v1.7 is scheduled for summer 2018. check the IE1000 page on Cisco.com
02-28-2018 11:30 PM
Hi Albert,
do you have a link to the IE1000 Roadmap?
I cannot find documentation regarding the 1.7 Software Release.
Regard,
Oron
03-01-2018 04:38 PM
Oron,
the upcoming SW release for the IE1000 will have these new features.
the release is on track for this summer 2018. check back to the IE1000 web page on cisco.com to see when the SW release is made available. or just reply to this thread.
ALBERT
08-14-2018 01:54 AM
Hi to all ,
I upgraded an IE1000 to rel 1.7 for tacacs access .
I configured by web page , tacacs server, Key and aaa auth method
tacacs server is reachable from device
..... # ping ip 10.29.15.62
64 bytes from 10.29.15.62: icmp_seq=0, time=9ms
64 bytes from 10.29.15.62: icmp_seq=1, time=11ms
64 bytes from 10.29.15.62: icmp_seq=2, time=9ms
By cli I have :
TACACS+ Server #1:
Host name : 10.29.15.62
Port : 49
Timeout : 5 seconds
Key : 40058e9c5600dfc4734b1812d176d6cbd312c5a6dd04dcaa6a3dbf1bd94f06e76fd3ea57db08c277e9dc14327aa6cd58e126e0ad2c089e170a636ea0ceb57710
ITTO6swq153IVEfm# sh aaa
Authentication :
console : local
telnet : no
ssh : tacacs local
http : tacacs local
Authorization :
console : no, commands disabled
telnet : no, commands disabled
ssh : no, commands disabled
Accounting :
console : no, commands disabled, exec disabled
telnet : no, commands disabled, exec disabled
ssh : no, commands disabled, exec disabled
I don't able to login By tacacs on devices only . Are there something else to do ?
Bye Paolo
10-15-2020 03:12 PM - edited 10-15-2020 03:14 PM
hi, thx for posting! am researching these switches now for a new purpose. did your company go with these because of the lower price point, compared to other IE switches? Do you know what the warranty and support is like? Need to buy smartnet for HW replacement? How have the switches been performing? Have you tried the new v1.8.2 release? And does this seem to have all the IOS-like features you need? any regrets on the choice to go with the IE1000? thx again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide