Cisco 2960 - Cannot set console password

jurobbins2614 · ‎08-07-2023

Note: The password given in this post is an example only.

Hello all, It is the ungodly hour of 12:59:59 AM 8/8/2023 CST at the time of writing this.

I have finally fixed most of my configuration issues and gotten the cpu usage below 99 percent ( about 6 percent was the amount last i looked)

I am now working on re configuring some vlans I had setup, and I plugged into my switch today, via console, and was suprised that I was able to go straight to user exec mode. And if I typed enable, I of course have to enter in my global config secret, and then login as a user.

Anywho, given this unit is in a non production, and really just not quite a lab, but not quite not a lab environment either, ( basically as I said non production or beta, just tinkering around, keeping my skiils sharp) ..

I am greeted by the following message whenever I tell the switch "login local" or just simply "login

S1(config-line)#password P@sw0rd2023!
S1(config-line)#login
% Incomplete command.

S1(config-line)#login local
^
% Invalid input detected at '^' marker.

S1(config-line)#

"

Can someone tell me where I went wrong ? model is the 2960 non-plus model running a standard iOS 12 Lan-Base K9 image.

A second note, only 7 ports on the unit are used overall on it. Gi0/1, Gi0/2, Fa0/1-Fa0/5

Thanks in advance!

M02@rt37 · ‎08-07-2023

Hello @jurobbins2614,

Do you have aaa configured on your Switch ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

jurobbins2614 · ‎08-08-2023

I do not. AAA is not enabled. I do have telnet and SSH enabled. And currently My DHCP pool has no internet with one device and the only fix is deleting the vlans and then re doing them and then deleting and re doing the DHCP pool.

M02@rt37 · ‎08-08-2023

OK @jurobbins2614

You have this

S1(config-line)#login
% Incomplete command.

Please do S1(config-line)#login ?
And post please the output.

Thanks.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

johnlloyd_13 · ‎08-08-2023

hi,

are you applying this in console or vty line?

identit255 · ‎08-08-2023

HI,

could you send full conf? just extract of sh run command.

jurobbins2614 · ‎08-08-2023

sure. not sure why this got selected as a solution

jurobbins2614 · ‎08-08-2023

S1(config)#do sh ru
Building configuration...

Current configuration : 11349 bytes
!
version 12.2
configuration mode exclusive manual expire 600
service exec-callback
service nagle
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
!
hostname S1
!
boot-start-marker
boot-end-marker
!
enable secret xxx
enable password xxx
!
username network privilege 15 password xxx
username cwnetadmin privilege 15 password xxx
username netops privilege 15 password xxx
username bestbuy privilege 15 secret xxx
username juler privilege 15 password xxx
username julerobb1 privilege 15 password xxx
!
!
aaa new-model
!
!
!
!
!
aaa session-id common
clock timezone CST -6
clock summer-time CDT recurring
system mtu routing 1500
vtp domain S1
vtp mode transparent
link state track 1
ip dhcp smart-relay
ip dhcp excluded-address 192.168.1.254
ip dhcp excluded-address 11.0.5.1
ip dhcp excluded-address 10.0.0.1 10.0.4.1
ip dhcp excluded-address 192.168.15.254
ip dhcp excluded-address 192.168.0.3 192.168.2.254
ip dhcp excluded-address 192.168.0.1 192.168.2.254
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 10.0.4.1 10.0.4.254
!
ip dhcp pool vpool2.memegames.net
   import all
!
ip dhcp pool vpool1
   network 11.0.0.0 255.255.240.0
   domain-name vpool01.memegames.net
   default-router 192.168.1.168
   dns-server 192.168.1.168
   lease 254
!
ip dhcp pool vpool2
   import all
   network 12.0.0.0 255.255.240.0
   default-router 192.168.1.168
   dns-server 192.168.1.168
   domain-name vpool02.memegames.net
!
!
ip dhcp snooping
ip domain-name memegames.net
ip name-server 208.67.220.220
ip name-server 255.255.255.255
ip name-server 208.67.222.222
ip name-server 192.168.15.254
ip name-server 68.94.156.1
ip dhcp-server 192.168.15.254
ip device tracking probe count 5
ip device tracking
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint TP-self-signed-2039168384
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2039168384
 revocation-check none
 rsakeypair TP-self-signed-2039168384
!
!
crypto pki certificate chain TP-self-signed-2039168384
 certificate self-signed 01
  308202A8 30820211 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  5C312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32303339 31363833 38343129 30270609 2A864886 F70D0109
  02161A62 62793030 3237356E 3030342E 6D656D65 67616D65 732E6E65 74301E17
  0D393330 33303130 30303034 375A170D 32303031 30313030 30303030 5A305C31
  2F302D06 03550403 1326494F 532D5365 6C662D53 69676E65 642D4365 72746966
  69636174 652D3230 33393136 38333834 31293027 06092A86 4886F70D 01090216
  1A626279 30303237 356E3030 342E6D65 6D656761 6D65732E 6E657430 819F300D
  06092A86 4886F70D 01010105 0003818D 00308189 02818100 BB44E132 D09B7958
  8ED50283 BB1FE75A 5A70AA18 C82290E0 82586E7E 34E5B2DD 97F775F2 32533DA4
  DBE4A616 A5BCC74E 223CB10A 30CFAFC8 4C4BF158 9A786D79 6C05865A 60650D60
  558F51D8 8FFA1CF6 7DE84127 BC963D5C 06C6856A B7F85FD8 8A3EC4E8 FF4BB178
  59D211E6 88C16FC3 3C230AB4 24EE9383 5FCC4A20 75A27B49 02030100 01A37A30
  78300F06 03551D13 0101FF04 05300301 01FF3025 0603551D 11041E30 1C821A62
  62793030 3237356E 3030342E 6D656D65 67616D65 732E6E65 74301F06 03551D23
  04183016 8014C67C 2FBE4FC1 6EB78C8E 89802401 46DBB893 A259301D 0603551D
  0E041604 14C67C2F BE4FC16E B78C8E89 80240146 DBB893A2 59300D06 092A8648
  86F70D01 01040500 03818100 2C1940E3 5B8AFC51 4FFAF641 D4069A5E 1B00CF11
  08000BC9 144FFEE4 14BA9EA3 09C33894 3DBDB263 F891E588 E25EA4DC B4DBA255
  97338C74 AE6994AB 08C47016 26AEDF3B B362E607 FB27B672 B4702A80 AA927BBA
  878ACAB8 334AA922 DBE770B1 525FE932 E44B7576 9569F500 C452B76D FCEA8D48
  E2C8F9E6 D810E9BD BE45B50D
  quit
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree uplinkfast
spanning-tree backbonefast
!
vlan internal allocation policy ascending
!
vlan 6,69,200,997,999
!
ip ftp source-interface GigabitEthernet0/1
ip ftp username juler
ip ftp password xxx
ip ssh version 2
!
!
interface FastEthernet0/1
 switchport access vlan 6
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 6
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 6
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 69
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 69
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 69
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 69
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 69
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 69
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 69
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 69
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 69
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/13
 switchport access vlan 999
 shutdown
!
interface FastEthernet0/14
 switchport access vlan 999
 shutdown
!
interface FastEthernet0/15
 switchport access vlan 999
 shutdown
!
interface FastEthernet0/16
 switchport access vlan 999
 shutdown
!
interface FastEthernet0/17
 switchport access vlan 999
 shutdown
!
interface FastEthernet0/18
 switchport access vlan 999
 shutdown
!
interface FastEthernet0/19
 switchport access vlan 999
 shutdown
!
interface FastEthernet0/20
 switchport access vlan 999
 shutdown
!
interface FastEthernet0/21
 switchport access vlan 999
 shutdown
!
interface FastEthernet0/22
 switchport access vlan 999
 shutdown
!
interface FastEthernet0/23
 switchport access vlan 999
!
interface FastEthernet0/24
 switchport access vlan 999
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description LInk to network
 switchport trunk native vlan 200
 switchport trunk allowed vlan 6,69,200,997
 switchport mode trunk
 speed 1000
 duplex full
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape 10 0 0 0
 queue-set 2
 link state group 1 upstream
 mls qos trust cos
 flowcontrol receive on
 auto qos voip trust
 spanning-tree portfast trunk
!
interface GigabitEthernet0/2
 switchport trunk native vlan 200
 switchport trunk allowed vlan 6,69,200,997
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust dscp
 macro description cisco-router
 auto qos voip trust
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 no ip address
 no ip route-cache
!
interface Vlan6
 description GeekSquad
 ip address 11.0.0.1 255.255.240.0
 no ip route-cache
!
interface Vlan69
 ip address 12.0.0.1 255.255.240.0
!
interface Vlan200
 description Uplink/Data Vlan
 ip address 192.168.1.168 255.255.255.240
 no ip route-cache
!
interface Vlan997
 no ip address
 no ip route-cache
!
interface Vlan999
 description "Unused Interfaces, Parking lot"
 no ip address
 no ip route-cache
 shutdown
!
ip http server
ip http authentication local
ip http secure-server
ip gdp eigrp
ip gdp rip
ip gdp irdp
access-list 102 permit tcp any any eq 22
no cdp run
vstack
banner login ^C^C
banner motd ^C^C
!
line con 0
 exec-timeout 0 0
 password xxx
 logging synchronous
 speed 115200
line vty 0 4
 password xxx
 vacant-message ^C Access to this unit is restricted to authorized users only! Non-Authorized Access is Prohibited and may lead to termination of employment or Termination of Contract. ^C
 width 512
 transport input all
line vty 5 15
 password xxx
 vacant-message ^C Access to this unit is restricted to authorized users only! Non-Authorized Access is Prohibited and may lead to termination of employment or Termination of Contract. ^C
 width 512
 transport input all
!
ntp clock-period 36029095
ntp source GigabitEthernet0/1
ntp server 128.138.140.211
mac address-table aging-time 0 vlan 1
end

identit255 · ‎08-08-2023

Maybe this article could help https://community.cisco.com/t5/cisco-modeling-labs-discussions/difference-between-login-and-login-local/td-p/3023646

Giuseppe Larosa · ‎08-08-2023

Hello @jurobbins2614 ,

as suggested by M02@rt37 you have to check if aaa is enabled

this means:

show run | inc aaa

if the following line appears

aaa new-model

your line is expecting the name of a list of methods of authentications to be used

if you see the line

no aaa new-model

AAA is not enabled and login would mean use the configured password and login local would mean look for a locally defined user password pair .

aaa authentication CONSOLE local

line method to be used to check the password defined on the line .

line con 0

login authentication CONSOLE

Hope to help

Giuseppe

identit255 · ‎08-09-2023

@jurobbins2614 So basically everything you need to do is to execute "no aaa new-model" in global configuration mode, I guess. Unfortunately I currently don't have access to cisco 2960 switch with IOS 12.2 so I can't make sure this works, but for me it sounds logical. Hope this will help.

identit255

jurobbins2614 · ‎02-24-2024

That fixed it, now yesterday I fully rebuilt my network, and now i have no internet connectivity through my switch. What am I doing wrong?

Here's the config.

LarryTheCucumber(config)#no ip tftp boot-interface any
LarryTheCucumber(config)#do sh ru full
Building configuration...

Current configuration : 7857 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LarryTheCucumber
!
boot-start-marker
boot-end-marker
!
!
username juler privilege 15 secret 5 $1$2Ara$w5APF6iHRy2kDnSJtUolm.
username julerobb1 privilege 15 secret 5 $1$MPrG$W4U2MIJntAX6joggpUTCF.
!
!
no aaa new-model
system mtu routing 1600
!
!
ip domain-name memegames.net
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input cos-map queue 1 threshold 2 3
mls qos srr-queue input cos-map queue 1 threshold 3 6 7
mls qos srr-queue input cos-map queue 2 threshold 1 4
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue input dscp-map queue 2 threshold 3 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
crypto pki trustpoint TP-self-signed-2039168384
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2039168384
revocation-check none
rsakeypair TP-self-signed-2039168384
!
!
crypto pki certificate chain TP-self-signed-2039168384
certificate self-signed 01
30820256 308201BF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303339 31363833 3834301E 170D3933 30333031 30313135
31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30333931
36383338 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BA34 9F84B7FC DB7B28A6 06EF4BA1 053165E8 DBCE75EC 7A4C86B6 15EF592B
2D8E0411 2D4F1005 28D8E621 92D85337 BB6333F4 3C9B833B 8588F4EB A8B14DED
B714445D 479A2588 A37F8CC3 0A82D1BC FCED80A8 91E2602C A524D0AF 4B8EAA79
E8F1444D 2F667211 36211642 2BA7B9EB 42354582 9A973AB8 8C9431F3 032E0838
03F10203 010001A3 7E307C30 0F060355 1D130101 FF040530 030101FF 30290603
551D1104 22302082 1E4C6172 72795468 65437563 756D6265 722E6D65 6D656761
6D65732E 6E657430 1F060355 1D230418 30168014 157FAC4A 3AEEDC8F E8CED1BF
B1890296 523532F3 301D0603 551D0E04 16041415 7FAC4A3A EEDC8FE8 CED1BFB1
89029652 3532F330 0D06092A 864886F7 0D010104 05000381 81002C52 3AE60521
6A640FD4 2F6D6701 60ACFBD3 76AE8DE9 F4AD620A 43245D91 86CFEBBB 1C5612C0
CFDDE35E 73B8A386 E3D0AAAF 3A56FA73 19FD9C65 9F0B3427 8F384041 6BAFC220
E4067E41 0D2B5B91 E800F269 D1AB38CC 7CE1F773 073DAFDB 9E958542 9B88699B
912AE899 113B4AEC 685A4DD5 13BA3020 5E0435C2 4B179ABD 26B0
quit
!
!
!
auto qos srnd4
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 42
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 47
switchport mode access
!
interface FastEthernet0/14
!
interface FastEthernet0/15
switchport access vlan 47
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 47
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 47
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 47
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 47
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 47
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 47
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 47
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 47
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 47
switchport mode access
!
interface GigabitEthernet0/1
description Link to AT&T
location civic-location-id none
switchport access vlan 69
switchport trunk native vlan 200
switchport trunk allowed vlan 6,69,200,997
switchport mode trunk
speed 1000
duplex full
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
link state group 1 upstream
mls qos trust cos
flowcontrol receive on
auto qos trust
spanning-tree portfast trunk
!
interface GigabitEthernet0/2
switchport trunk native vlan 42
switchport trunk allowed vlan 200
switchport mode trunk
speed 1000
duplex full
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
link state group 1 upstream
mls qos trust cos
flowcontrol receive on
auto qos trust
spanning-tree portfast trunk
!
interface Vlan1
ip address dhcp
shutdown
!
interface Vlan42
ip address 192.168.86.252 255.255.240.0
!
interface Vlan200
description attlocal.net, sbcglobal.net
ip address 192.168.1.168 255.255.240.0
!
interface Vlan999
no ip address
!
ip default-gateway 192.168.86.1
ip http server
ip http secure-server
no vstack
!
line con 0
exec-timeout 0 0
password cisco123
logging synchronous
login
transport output all
speed 115200
line vty 0 4
login
length 0
line vty 5 15
login
!
ntp clock-period 36029147
ntp source GigabitEthernet0/1
ntp access-group peer 1
ntp server 132.163.97.1
ntp peer 132.163.97.2
ntp server 162.159.200.1
ntp peer 54.236.224.171 prefer
ntp peer 216.239.35.8 prefer
ntp server 73.61.3.59 prefer
ntp peer 192.189.65.187
ntp peer 168.61.215.74
ntp server 128.138.140.211
ntp server 73.61.36.59 prefer
end

balaji.bandi · ‎02-25-2024

if the switch looking to be Layer3 not layer 2 - then change as below :

no ip default-gateway 192.168.86.1

ip routing

ip route 0.0.0.0 0.0.0.0 192.168.86.1

I assume you have uplink router have route back to 192.168.86.252 ( for the subnet 192.168.1.X) and NAT done .

testing : end device able to ping gateway IP and 8.8.8.8 before you browse anything on your browser

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jurobbins2614 · ‎02-26-2024

I dont have layer three cisco SW. I only have my Layer 2 or whatever this cisco 2960 is. I dont have any other cisco equipment. i dont even have command line access to the ISP rotuer. Though, I use to before that hole was patched in a new model. Devices connected to the swtich sometimes have ethernet connectivity, and some of those on Vlan 42 have internet access. Especially my unifi AP's and chromecast. However, my PCs do not.

It also will not copy the startup config, it says 0 bytes copied in x seconds.

jurobbins2614 · ‎02-26-2024

% Invalid input detected at '^' marker.

LarryTheCucumber>en
LarryTheCucumber#config t
Enter configuration commands, one per line. End with CNTL/Z.
LarryTheCucumber(config)#do ping google.coom

Translating "google.coom"...domain server (255.255.255.255)
% Unrecognized host or address, or protocol not running.

LarryTheCucumber(config)#vlan 42
LarryTheCucumber(config-vlan)#active
^
% Invalid input detected at '^' marker.

LarryTheCucumber(config-vlan)#set active
^
% Invalid input detected at '^' marker.

LarryTheCucumber(config-vlan)#state
% Incomplete command.

LarryTheCucumber(config-vlan)#state active
LarryTheCucumber(config-vlan)#exit
LarryTheCucumber(config)#do ping google.com

Translating "google.com"...domain server (255.255.255.255) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.136.138, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 42/139/227 ms
LarryTheCucumber(config)#do copy run
copy run
% Incomplete command.

LarryTheCucumber(config)#do copy run st
copy not allowed in config mode or submode

LarryTheCucumber(config)#
LarryTheCucumber#c
Feb 27 02:19:38.305: %SYS-5-CONFIG_I: Configured from console by console
LarryTheCucumber#copy run
LarryTheCucumber#copy running-config
LarryTheCucumber#copy running-config
LarryTheCucumber#copy running-config s
LarryTheCucumber#copy running-config st
LarryTheCucumber#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
0 bytes copied in 2.978 secs (0 bytes/sec)
LarryTheCucumber#
LarryTheCucumber#del config.text
Delete filename [config.text]?
Delete flash:config.text? [confirm]
LarryTheCucumber#del config
Delete filename [config]?
Delete flash:config? [confirm]
LarryTheCucumber#sh fla

Directory of flash:/

2 -rwx 8263 Jan 1 1970 00:20:21 +00:00 config.old-backup
3 -rwx 8263 Mar 1 1993 00:20:13 +00:00 config.old
4 -rwx 736 Feb 24 2024 19:00:37 +00:00 vlan.dat
5 -rwx 616 Feb 24 2024 01:02:25 +00:00 vlan.dat.renamed
6 -rwx 9827200 Jan 1 1970 00:35:19 +00:00 c2960-lanbasek9-mz.122-35.SE5.bin
7 -rwx 1915 Feb 27 2024 02:19:49 +00:00 private-config.text
11 -rwx 4120 Feb 27 2024 02:19:49 +00:00 multiple-fs
12 -rwx 12816 Aug 19 2023 04:17:36 +00:00 testconf_18AUG2023_2317

32514048 bytes total (22645760 bytes free)
LarryTheCucumber#del vlan.
LarryTheCucumber#del vlan.dat renamed
^
% Invalid input detected at '^' marker.

LarryTheCucumber#del vlan.dat.renamed
Delete filename [vlan.dat.renamed]?
Delete flash:vlan.dat.renamed? [confirm]d
Delete of flash:vlan.dat.renamed aborted!
LarryTheCucumber#del vlan.dat.renamed
Delete filename [vlan.dat.renamed]?
Delete flash:vlan.dat.renamed? [confirm]
LarryTheCucumber#sh fla

Directory of flash:/

2 -rwx 8263 Jan 1 1970 00:20:21 +00:00 config.old-backup
3 -rwx 8263 Mar 1 1993 00:20:13 +00:00 config.old
4 -rwx 736 Feb 24 2024 19:00:37 +00:00 vlan.dat
6 -rwx 9827200 Jan 1 1970 00:35:19 +00:00 c2960-lanbasek9-mz.122-35.SE5.bin
7 -rwx 1915 Feb 27 2024 02:19:49 +00:00 private-config.text
11 -rwx 4120 Feb 27 2024 02:19:49 +00:00 multiple-fs
12 -rwx 12816 Aug 19 2023 04:17:36 +00:00 testconf_18AUG2023_2317

32514048 bytes total (22647296 bytes free)
LarryTheCucumber#cop
LarryTheCucumber#copy RT
LarryTheCucumber#copy
LarryTheCucumber#copy R
LarryTheCucumber#copy RUNN
LarryTheCucumber#copy RUNNing-config S
LarryTheCucumber#copy RUNNing-config ST
LarryTheCucumber#copy RUNNing-config STartup-config
Destination filename [startup-config]?
Building configuration...
[OK]
0 bytes copied in 0.855 secs (0 bytes/sec)
LarryTheCucumber#