I have downloaded the ACI simulator and want to get it up and running but you need an activation key? Do you need a support contract or is it possible for anybody to get a key via request?
It seems strange that Cisco would lock this kind of thing down. If they want more people using ACI then they should make it more accessible to people to learn and evaluate?
Thanks
... View more
Update to this, I have found out the patch versions are different which could be the issue. It seems you can't download legacy versions of ACS off the Cisco website though.
... View more
I'm trying to migrate CIsco ACS 4.2 to 5.4. I'm looking at the document on the Ciso website and one of the steps is that you need to have a migration server with the same version of ACS installed as the version you are migrating from. You need to backup the data from the current server (4.2) and import it on to your migration server (4.2) When I do this import, it starts to import the data (shows the spinning clock in the web gui) but then nothing ever seems to happen after that. I have left it for a whole day and nothing. Now none of the services will start up again after starting this process. It does warn you that the services will be stopped during the import but will be started again afterwards. I have tried rebooting and none of them will start. Clearly it's failing with something but it doesn't give any indication of where.
Cisco document:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/user/guide/acsuserguide/migrate.html#98063
Any suggestions welcome.
Thanks
... View more
Hi Jouni Thanks a lot for all the suggestions, I do have the option of putting it on a public FTP server but I was looking at ways to do it over the VPN. I will do some testing. Thank you Mark
... View more
Hello I am trying to upgrade a Cisco ASA over an IPSEC VPN tunnel. My FTP server is on the remote side of the VPN tunnel but I am initiating connections from the inside interface of the firewall. I am currently managing the Firewall over the VPN via it's inside interface (using the management-access inside) command. When I try and update via FTP, the connection is going straight out the outside interface (and not across the VPN tunnel) I have tried upgrading via TFTP but it keeps stopping randomly with (unspecified error) I normally upgrade via FTP though but it's not working in this instance. Essentially what I am asking, is is there an equivalent command for FTP that there is for TFTP: tftp-server interface ip anyconnect I need the connections to originate from the inside interface so they traverse the VPN. I am running 7.2.3 Thanks in advance.
... View more
Thanks Ivan I will raise a TAC case with Cisco and see if they can pinpoint the issue. It might be IOS related but the switches are in production so can't upgrade easily. Thanks Mark
... View more
I have a 3750X stack of 6 switches, I have a terminal server console server plugged into the console ports of all 6 switches. I am having a strange issue where I can connect to the master via the console, get a login prompt then I can log in, but when I try and connect to any of the members then I get a prompt "Press RETURN to get started" When I push return, it just loops back to the same prompt again: switch-6 con0 is now available Press RETURN to get started. switch-6 con0 is now available Press RETURN to get started. I can connect to the stack via SSH fine etc. I am running 15.0(1)SE2. The stack is configured for TACACS+ auth via Cisco ACS. Switch# Role Mac Address Priority Version State ---------------------------------------------------------- *1 Master f0f7.55ba.2700 15 1 Ready 2 Member f0f7.5541.da00 14 1 Ready 3 Member a493.4c1e.4b80 13 1 Ready 4 Member f0f7.5585.cb80 12 1 Ready 5 Member a44c.1120.8e80 11 1 Ready 6 Member a493.4cc0.fa80 10 1 Ready Any help, ideas appreciated. Thanks
... View more
Giuseppe Thanks very much for taking the time to answer. Sorry just one more thing, to confirm, are you saying that if you set the stack-mac time to 0 (indefinitely) it will still be the same mac for the stack even if the old master got removed and replaced by another switch and the whole stack got rebooted and a new master was elected for example? The reason I ask this is because on the Cisco article: http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swstack.html#wp1233369 There is a note which says: Note If the entire switch stack reloads, it acquires the MAC address of the master as the stack MAC address. Thanks Mark
... View more
I am having an issue on a Cisco 3750 stack where when the stack master is rebooted, all my lacp port-channels drop and then come back up again. After doing some investigation It seems that it is happening because of lacp using the stack master mac-address as part of the system-id, so when the stack master reboots, the stack mac changes. I see that there is the command: stack-mac persistent timer 0 http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_53_se/configuration/guide/swstack.html There is this warning about using this command: When you configure this feature, a warning message displays the consequences of your configuration. You should use this feature cautiously. Using the old master MAC address elsewhere in the domain could result in lost traffic. My question are: Are there any other consequences to using this command (apart from moving the switch/mac to another location in the network) It mentions 'If the entire switch stack reloads, it acquires the MAC address of the master as the stack MAC address' Is this still the case if you have the stack-mac persistent timer to 0? Does using channel-group mode on for the port-channels still use the same mechanism of having a system-id? (Will the channels flap using 'mode on' when rebooting the stack master. Many thanks Mark
... View more
Thanks a lot for your help Jerry. I'm assuming it can be any VLAN for the one SVI and not specific to VLAN 1 right? E.g I would want to set it up on VLAN 10. Thank you
... View more
Thanks for the reply Jerry, do you know why it says this in the link I posted in my original post? "Install the Layer 3 license" Thanks Configuring a VLAN as a Routed SVI You can configure a VLAN to be a routed switch virtual interface (SVI). Before You Begin Install the Layer 3 license. For more information, see License and Copyright Information for Cisco NX-OS Software available at the following URL:http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_0/nx-os/license_agreement/nx-ossw_lisns.html. Make sure you understand the guidelines and limitations of this feature. For information, see Guidelines and Limitations for SVIs.
... View more