Switch Control: Difference between revisions

From JCWiki
Jump to navigation Jump to search
← Older editNewer edit →
Line 1,589: Line 1,589:
end</pre>
end</pre>


## ONLY for p20 ##
* ## ONLY for p20 ##
<pre>int GigabitEthernet0/1
<pre>int GigabitEthernet0/1
  description Connection from i2b
  description Connection from i2b
Line 1,625: Line 1,625:
end</pre>
end</pre>


## END p20 ##
* ## END p20 ##




## normal switches ##
* ## normal switches ##


* setup ports
* setup ports
Line 1,652: Line 1,652:
end</pre>
end</pre>


## END normal switches ##
* ## END normal switches ##


* config terminal. setup timeout, priv level
* config terminal. setup timeout, priv level

Revision as of 18:24, 10 January 2013

Manuals

3750 reference http://www.cisco.com/en/US/products/hw/switches/ps5023/products_command_reference_chapter09186a00801f5ffb.html#2789851

Reset 2900 switch: http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml

Reset other switches: http://slaptijack.com/networking/blow-away-your-cisco-catalyst-configuration/

Finding which IPs are on a port

If you need to find out which IPs are on a particular port, start by finding out what mac addresses are on which port: 

switch-p1> en
switch-p1#show mac-address-table
Dynamic Address Count:                 53
Secure Address (User-defined) Count:   0
Static Address (User-defined) Count:   0
System Self Address Count:             48
Total MAC addresses:                   101
Maximum MAC addresses:                 2048
Non-static Address Table:
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
0002.b315.3201       Dynamic          1  FastEthernet0/8
0002.b3a6.f354       Dynamic          1  FastEthernet0/1
0002.b3bb.45fe       Dynamic          1  FastEthernet0/7
0002.b3e9.226b       Dynamic          1  FastEthernet0/4
0002.b3e9.868c       Dynamic          1  FastEthernet0/13
0002.b9b1.4c01       Dynamic          1  FastEthernet0/24
0004.75a1.91f1       Dynamic          1  FastEthernet0/24
0006.5b3d.80fb       Dynamic          1  FastEthernet0/1
0006.d78a.c798       Dynamic          1  FastEthernet0/1
0007.e90d.e4c9       Dynamic          1  FastEthernet0/24
0007.e95b.c645       Dynamic          1  FastEthernet0/1
000c.f1d3.a7f9       Dynamic          1  FastEthernet0/1
000c.f1dc.f1ce       Dynamic          1  FastEthernet0/3
000c.f1fa.71d7       Dynamic          1  FastEthernet0/24
000d.56fe.ad72       Dynamic          1  FastEthernet0/24
000e.0c59.c1a6       Dynamic          3  FastEthernet0/22
000f.1f64.43bc       Dynamic          1  FastEthernet0/24
0010.e002.473b       Dynamic          1  FastEthernet0/24
0011.0924.1d91       Dynamic          1  FastEthernet0/15
0011.1108.58a6       Dynamic          1  FastEthernet0/24
0011.1119.791e       Dynamic          1  FastEthernet0/24
0020.ed91.f85d       Dynamic          1  FastEthernet0/1
0030.4828.9d50       Dynamic          1  FastEthernet0/1
0030.4841.5246       Dynamic          1  FastEthernet0/5
0030.4870.8332       Dynamic          1  FastEthernet0/1
0030.4870.8898       Dynamic          1  FastEthernet0/1
0030.4871.b911       Dynamic          1  FastEthernet0/23
0050.455b.b27e       Dynamic          1  FastEthernet0/14
0050.50be.f9c8       Dynamic          3  FastEthernet0/22
0060.089a.8f70       Dynamic          1  FastEthernet0/24
0090.27f9.0abf       Dynamic          1  FastEthernet0/2
0090.27f9.1b53       Dynamic          1  FastEthernet0/24
00b0.d020.b557       Dynamic          1  FastEthernet0/9
00b0.d020.df60       Dynamic          1  FastEthernet0/1
00b0.d020.fc4a       Dynamic          1  FastEthernet0/1
00b0.d049.125b       Dynamic          1  FastEthernet0/1
00b0.d049.16a4       Dynamic          1  FastEthernet0/1
00b0.d049.98e4       Dynamic          1  FastEthernet0/24
00b0.d049.a43e       Dynamic          1  FastEthernet0/24
00b0.d049.d03c       Dynamic          1  FastEthernet0/1
00b0.d049.d61f       Dynamic          1  FastEthernet0/1
00b0.d049.e643       Dynamic          1  FastEthernet0/1
00b0.d068.1911       Dynamic          1  FastEthernet0/10
00b0.d068.490b       Dynamic          1  FastEthernet0/24
001e.c95a.d225       Dynamic          1  FastEthernet0/12
00b0.d068.7599       Dynamic          1  FastEthernet0/24
00b0.d068.8451       Dynamic          1  FastEthernet0/6
00b0.d0b0.306b       Dynamic          1  FastEthernet0/1
00b0.d0b0.4020       Dynamic          1  FastEthernet0/11
00b0.d0b0.70bd       Dynamic          1  FastEthernet0/1
00b0.d0b0.c5a4       Dynamic          1  FastEthernet0/1
00b0.d0b0.f533       Dynamic          1  FastEthernet0/24
0800.20c2.1de3       Dynamic          3  FastEthernet0/22

Let's say you want to know what IP's are on port 12. We see the mac address is 001e.c95a.d225 If we look that up in the router we can find the arp'd IP on that mac address:

Castle (3750): 

E-mon-3750>en
E-mon-3750#show arp | include 001e.c95a.d225
Internet  69.55.228.149          39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.228.137          39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.238.164          39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.228.172          38   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.228.212          40   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.238.212          39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.228.196          25   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.24           38   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.25           40   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.27           39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.30           34   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.31           26   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.16           40   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.19           39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.236.18           38   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.236.14           23   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.14           40   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.15           42   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.3            53   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.5            40   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.6            26   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.57           38   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.230.53           38   001e.c95a.d225  ARPA   Vlan50

And we can look at some of these IPs and we quickly realize that they all belong to jail2 and if we look at jail2 we also see the correlation with the mac (ether 00:1e:c9:5a:d2:25): 

jail2 /root# ifconfig
bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4>
        ether 00:1e:c9:5a:d2:27
        inet 10.1.4.102 netmask 0xffffff00 broadcast 10.1.4.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
bce1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4>
        ether 00:1e:c9:5a:d2:25
        inet 69.55.228.53 netmask 0xffffff00 broadcast 69.55.228.255
        inet 69.55.227.56 netmask 0xffffff00 broadcast 69.55.227.255
        inet 69.55.227.57 netmask 0xffffffff broadcast 69.55.227.57
        inet 69.55.227.58 netmask 0xffffffff broadcast 69.55.227.58
        inet 69.55.227.59 netmask 0xffffffff broadcast 69.55.227.59
        inet 69.55.227.60 netmask 0xffffffff broadcast 69.55.227.60
-SNIP-

If we are doing the lookup at i2b: 

firewall2 /usr/home/user# arp -a | grep 00:0c:29:be:0f:e3
? (69.55.229.150) at 00:0c:29:be:0f:e3 on bge1 [ethernet]
firewall2 /usr/home/user#

Note how we have to format the mac address differently than we do on a cisco switch.


The same search works in reverse. Let's say you have an IP and you want to know which port it's on. First lookup the IP:

Castle: 

E-mon-3750#show arp | include 69.55.227.4
Internet  69.55.227.4            78   0030.4828.9d50  ARPA   Vlan50
Internet  69.55.227.49            0   Incomplete      ARPA
Internet  69.55.227.48            0   Incomplete      ARPA
Internet  69.55.227.41            0   Incomplete      ARPA
Internet  69.55.227.40            0   Incomplete      ARPA
Internet  69.55.227.43            0   Incomplete      ARPA
Internet  69.55.227.42            0   Incomplete      ARPA
Internet  69.55.227.45            0   Incomplete      ARPA
Internet  69.55.227.44            0   Incomplete      ARPA
Internet  69.55.227.47          179   001e.c95a.d54f  ARPA   Vlan50
Internet  69.55.227.46            0   Incomplete      ARPA
E-mon-3750#

i2b: 

firewall2 /usr/home/user# arp -a | grep 69.55.229.156
? (69.55.229.156) at 00:15:17:da:2e:fb on bge1 [ethernet]

So we take that mac (e.x. 0030.4828.9d50) and on each of our switches we run: 

switch-p1> en
switch-p1#show mac-address-table | include 0030.4828.9d50

until we find the port. Note, some ios's may not let you run the include command, if so just run show mac-address-table without the include

Controlling port speed

Quick commands, speed 10Mbps: 

enable
configure terminal
interface fastEthernet 0/17
speed 10
exit
exit

Set to 100Mbps: 

enable
configure terminal
interface fastEthernet 0/12
speed 100
exit
exit

Set to Auto (default): 

enable
configure terminal
interface fastEthernet 0/12
speed auto
exit
exit

Sample output: 

switch-p1>enable
switch-p1#show interfaces fastEthernet 0/12
switch-p1#sh int FastEthernet0/12
FastEthernet0/12 is down, line protocol is down
  Hardware is Fast Ethernet, address is 0002.b9b1.4c0c (bia 0002.b9b1.4c0c)
  MTU 1500 bytes, BW 0 Kbit, DLY 0 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Auto-duplex , 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 5w6d, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1126 packets input, 1574484 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     779 packets output, 54919 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
switch-p1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch-p1(config)#interface fastEthernet 0/12
switch-p1(config-if)#speed 10
switch-p1(config-if)#exit
switch-p1(config)#exit
switch-p1#sh int FastEthernet0/12
FastEthernet0/12 is down, line protocol is down
  Hardware is Fast Ethernet, address is 0002.b9b1.4c0c (bia 0002.b9b1.4c0c)
  MTU 1500 bytes, BW 0 Kbit, DLY 0 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Auto-duplex , 10Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 5w6d, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1126 packets input, 1574484 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     779 packets output, 54919 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier

switch-p1#

Shutting down a port

Quick commands: 

enable
configure terminal
interface fastEthernet 0/17
shutdown
exit
exit

Turn back on: 

enable
configure terminal
interface fastEthernet 0/17
no shutdown
exit
exit

Sample output: 

switch-p1>enable
switch-p1#show interfaces fastEthernet 0/17
FastEthernet0/17 is down, line protocol is down
  Hardware is Fast Ethernet, address is 0050.d1d8.94d1 (bia 0050.d1d8.94d1)
  MTU 1500 bytes, BW 0 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive not set
  Duplex setting unknown, Unknown Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1 packets input, 64 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     1 packets output, 64 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
switch-p1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch-p1(config)#interface fastEthernet 0/17
switch-p1(config-if)#shutdown
%LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down
switch-p1(config-if)#no shutdown
%LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to up
%LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to down
switch-p1(config-if)#exit
switch-p1(config)#exit
switch-p1#

Show port stats

For one port: 

switch-p1> en
switch-p1#show int FastEthernet0/7
FastEthernet0/7 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0050.d1d8.94c7 (bia 0050.d1d8.94c7)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive not set
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:02, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 9000 bits/sec, 20 packets/sec
     137101258 packets input, 2869037621 bytes, 0 no buffer
     Received 326 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 26 ignored, 0 abort
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     330219386 packets output, 3304714878 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

For all ports: 

switch-p1> en
switch-p1#show interfaces
VLAN1 is up, line protocol is down
  Hardware is CPU Interface, address is 0050.d1d8.94c0 (bia 0050.d1d8.94c0)
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:10, output 00:00:10, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     137465 packets input, 10297233 bytes, 0 no buffer
     Received 89751 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 302 ignored, 0 abort
     0 input packets with dribble condition detected
     52396 packets output, 6878747 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
VLAN3 is up, line protocol is up
  Hardware is CPU Interface, address is 0050.d1d8.94c0 (bia 0050.d1d8.94c0)
  Internet address is 10.1.4.5/24
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
  Encapsulation ARPA
  ARP type: ARPA, ARP Timeout 04:00:00
FastEthernet0/1 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0050.d1d8.94c1 (bia 0050.d1d8.94c1)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 3/255
  Encapsulation ARPA, loopback not set, keepalive not set
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:37, output 00:00:53, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 4593000 bits/sec, 762 packets/sec
  5 minute output rate 1240000 bits/sec, 689 packets/sec
     260548696 packets input, 2531757155 bytes, 0 no buffer
     Received 22173 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 333 ignored, 0 abort
     0 watchdog, 2942 multicast
     0 input packets with dribble condition detected
     241281983 packets output, 3622221090 bytes, 0 underruns
     0 output errors, 0 collisions, 15 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
FastEthernet0/2 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0050.d1d8.94c2 (bia 0050.d1d8.94c2)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive not set
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:54, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 146000 bits/sec, 108 packets/sec
  5 minute output rate 98000 bits/sec, 114 packets/sec
     22830604 packets input, 905395220 bytes, 0 no buffer
     Received 9845 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 10 ignored, 0 abort
     0 watchdog, 3 multicast
     0 input packets with dribble condition detected
     23910838 packets output, 3702256298 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
 --More--

Moving a port into a vlan

switch-p3>show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16,
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/21
2    col00906                         active    Fa0/22, Fa0/23, Fa0/24
3    VLAN0003                         active    Fa0/20
4    VLAN0004                         active
5    VLAN0005                         active
6    VLAN0006                         active
7    VLAN0007                         active
...
switch-p3>en
switch-p3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch-p3(config)#int fa0/21
switch-p3(config-if)#switchport access vlan 2
switch-p3(config-if)#exit
switch-p3(config)#exit
switch-p3#show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16,
                                                Fa0/17, Fa0/18, Fa0/19
2    col00906                         active    Fa0/21, Fa0/22, Fa0/23, Fa0/24
3    VLAN0003                         active    Fa0/20
4    VLAN0004                         active
5    VLAN0005                         active
6    VLAN0006                         active
7    VLAN0007                         active
...
switch-p3#write mem
Building configuration...
switch-p3#exit

Creating vlan

switch-p12#vlan database
switch-p12(vlan)#vlan 2 name col01656
VLAN 2 added:
    Name: col01656
switch-p12(vlan)#exit
APPLY completed.
Exiting....
switch-p12#show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16,
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20,
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
2    col01656                         active
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active
switch-p12#write mem

Turning on/off spanning tree

A note about spanning tree. You want it on if there's any possibility the port will be connected to another switch. If you know this is not a concern, you may turn it off. Why turn it off? it speeds up convergence so when you plug in a new device it's almost immediately live. When spanning tree is on there's a delay of up to a minute which can be inconvenient if you're looking to quickly move cables without any disruptions.

Turnning spanning tree off: 

switch-p6#conf t
switch-p6(config)#int fa0/1
switch-p6(config-if)#spanning-tree portfast
%Warning: portfast enabled on FastEthernet0/1.
 Usually portfast should be enabled on ports connected to a single host.
 When portfast is enabled, connecting hubs, concentrators, switches, bridges,
 etc. to this interface may cause temporary spanning tree loops.
 Use with CAUTION.
switch-p6(config-if)#exit
switch-p6(config)#exit
switch-p6#write mem
Building configuration...
[OK]
switch-p6#

To turn on: 

switch-p6(config-if)#no spanning-tree portfast

To confirm: 

switch-p1#show conf
-SNIP-
!
!
interface FastEthernet0/1
 spanning-tree portfast
!         
interface FastEthernet0/2
 spanning-tree portfast
!
interface FastEthernet0/3
 spanning-tree portfast
!
interface FastEthernet0/4
 spanning-tree portfast
!
interface FastEthernet0/5
 spanning-tree portfast
!
interface FastEthernet0/6
 spanning-tree portfast
!
interface FastEthernet0/7
 spanning-tree portfast
!
interface FastEthernet0/8
 spanning-tree portfast
!
interface FastEthernet0/9

Quick Commands: 

en
conf t
int fa0/1
spanning-tree portfast
int fa0/2
spanning-tree portfast
int fa0/3
spanning-tree portfast
int fa0/4
spanning-tree portfast
int fa0/5
spanning-tree portfast
int fa0/6
spanning-tree portfast
int fa0/7
spanning-tree portfast
int fa0/8
spanning-tree portfast
int fa0/9
spanning-tree portfast
int fa0/10
spanning-tree portfast
int fa0/11
spanning-tree portfast
int fa0/12
spanning-tree portfast
int fa0/13
spanning-tree portfast
int fa0/14
spanning-tree portfast
int fa0/15
spanning-tree portfast
int fa0/16
spanning-tree portfast
int fa0/17
spanning-tree portfast
int fa0/18
spanning-tree portfast
int fa0/19
spanning-tree portfast
int fa0/20
spanning-tree portfast
int fa0/21
spanning-tree portfast
int fa0/22
spanning-tree portfast
int fa0/23
spanning-tree portfast
exit
exit
write mem


Add/remove ARP entry to 3750

Note, you'd only ever want to add a static arp if you have an issue where some customer is trying to grab the wrong IP and the 3750 is allowing the arp to exist/map to the wrong IP. If you cannot stop the bad customer from grabbing the IP, you'd want to tell the 3750 to make the arp to the right mac. Once this issue is resolved with the bad customer, you'd want to remove the static arp entry so if the IP ever goes to another customer/nic, you won't have unexplained issues with the IP not working.

Add an arp: 

E-mon-3750#conf t
E-mon-3750(config)#arp 69.55.230.6 000d.5d03.5802 arpa
E-mon-3750(config)#exit
E-mon-3750#arp 69.55.230.6 000d.5d03.5802 arpa
E-mon-3750#show arp | include 000d.5d03.5802
Internet  69.55.230.6             -   000d.5d03.5802  ARPA

To clear: 

conf t
no 69.55.230.6 000d.5d03.5802 arpa
end

Clear all arp entries on 3750

You'd only really need to do this if you had a situation where a/many IPs have moved from one piece of hardware to another and the 3750 is still caching the old arp entries. Clearing out the entire arp table will fix this as it will then rebuild the arp table with the correct mac-arp entries. The downside to doing the clear is the entire network is disrupted/unreachable for about 5sec. 

E-mon-3750>en
E-mon-3750#clear arp

Setup MRTG monitoring (SNMP)

Cisco MIBs: ftp://ftp-sj.cisco.com/pub/mibs/supportlists/wsc2900xl/wsc2900xl-supportlist.html
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=lcpu
CPU: 1.3.6.1.4.1.9.2.1.58

Configure IP on the switch: 

conf t
int vlan 1
ip address 69.55.230.245 255.255.255.0
ip default-gateway 69.55.230.1
en

Disable telnet: 

conf t
line vty 5 15
transport input none

DEPRECATED Setup web user, and enable that user to login to web: 

switch-p16(config)#username web privilege 15 password  PASS
switch-p16(config)#line vty 0 4
switch-p16(config-line)#login local
switch-p16(config-line)#en
switch-p16(config-line)#password PASS
switch-p16(config-line)#login

Disable web: 

conf t
line vty 0 4
transport input none

Setup ACL: 

conf t
access-list 1 permit 69.55.230.2
access-list 1 permit 10.1.4.5

Setup SNMP: 

conf t
no snmp-server community private RW
no snmp-server community public RO
snmp-server community jc292401 RO 1
en

On mrtg aggregator/host (i.e. mail server) run: 

/usr/local/bin/cfgmaker --if-template=template.pl --show-op-down --global "options[_]: growright,bits" --global 'WorkDir: /usr/local/www/mgmt/mrtg/data' --global 'Interval: 1' --global 'LogFormat: rrdtool' --global 'PathAdd: /usr/local/bin' --global 'LibAdd: /usr/local/lib' --host-template=host.pl jc292401@69.55.230.246 --output=switch-p14.cfg

And add new switch to crontab script: /usr/local/www/mgmt/mrtg/mrtg.sh

template.pl: 

#if(not $problem_lines)
#{
   $target_lines .= <<ECHO;

Target[$target_name]: $if_ref:$router_connect
SetEnv[$target_name]: MRTG_INT_IP="$if_ip" MRTG_INT_DESCR="$if_snmp_descr"
ECHO

   if ($directory_name) {
       $target_lines .= "Directory[$target_name]: $directory_name\n";
   }
   $target_lines .= <<ECHO;
MaxBytes[$target_name]: $if_speed
Title[$target_name]: $if_snmp_alias  -- $if_snmp_name -- $sysname
PageTop[$target_name]: <h1>$html_desc_prefix$html_if_title_desc -- $sysname</h1>
 <table>
        <tr>
                <td>System:</td>
                <td>$sysname in $html_syslocation</td>
        </tr>
        <tr>
                <td>Description:</td>
                <td>$if_snmp_alias</td>
        </tr>
        <tr>
                <td>Interface:</td>
                <td>$if_snmp_descr</td>
        </tr>
        <tr>
                <td>ifType:</td>
                <td>$html_if_type_desc ($if_type_num)</td>
        </tr>
        <tr>
                <td>ifName:</td>
                <td>$html_if_snmp_name</td>
        </tr>
ECHO


   $target_lines .= <<ECHO;
        <tr>
                <td>Max Speed:</td>
                <td>$if_speed_str</td>
        </tr>
ECHO

   $target_lines .= <<ECHO if $if_ip;
        <tr>
                <td>Ip:</td>
                <td>$if_ip ($if_dns_name)</td>
        </tr>
ECHO

   $target_lines .= <<ECHO;
 </table>
ECHO
#} else {
   #$head_lines="";
 #  $head_lines =~ s/^\# //g;
   #$problem_lines="";
  # $problem_lines =~ s/^\# //g;
   #$target_lines="";
  # $target_lines =~ s/^\# //g;
   #$separator_lines="";
  # $separator_lines =~ s/^\# //g;
#$target_lines .= "$head_lines $problem_lines$target_lines $separator_lines";
#}

host.pl: 

$head_lines .= <<ECHO;
#---------------------------------------------------------------------
ECHO

my $target_name = $router_name . ".cpu";

$target_lines .= <<ECHO;

YLegend[$target_name]: Percentage CPU load
ShortLegend[$target_name]: %
Legend1[$target_name]: CPU load in %
Legend2[$target_name]:
Legend3[$target_name]: Max Observed CPU load
Legend4[$target_name]:
LegendI[$target_name]:  CPU Load:
LegendO[$target_name]:
WithPeak[$target_name]: ywm
MaxBytes[$target_name]: 100
Options[$target_name]: growright, gauge, nopercent
Title[$target_name]: $router_name CPU load
Target[$target_name]: 1.3.6.1.4.1.9.2.1.58.0&1.3.6.1.4.1.9.2.1.58.0:$router_connect
PageTop[$target_name]: <h1>$router_name CPU load</h1>
 <table>
        <tr>
                <td>System:</td>
                <td>$router_name in $html_syslocation</td>
        </tr>
        <tr>
                <td>Maintainer:</td>
                <td>$html_syscontact</td>
        </tr>
        <tr>
                <td>Description:</td>
                <td>$html_sysdescr</td>
        </tr>
        <tr>
                <td>Resource:</td>
                <td>CPU.</td>
        </tr>
 </table>
ECHO

Update IOS for 2950

Repo: http://www.cisco.com/cisco/software/navigator.html 

Switch# archive download-sw /overwrite tftp://198.30.20.19/c2960-lanbase-tar.122-25.FX.tar

Tar archive: 

switch-p21#delete flash:c2950-i6q4l2-mz.121-13.EA1c.bin
switch-p21#delete flash:html/images/*
switch-p21#delete flash:html/help/*

switch-p21# archive tar /xtract tftp://10.1.2.1/c2950-i6k2l2q4-tar.121-22.EA13.tar flash:
!!!!!!!!!!!!!!!!!!
...
[OK - 5744640 bytes]

switch-p21#dir flash:
switch-p21#verify flash:c2950-i6k2l2q4-mz.121-22.EA13.bin
Verified flash:c2950-i6k2l2q4-mz.121-22.EA13.bin 
switch-p21#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch-p21(config)#boot system flash:c2950-i6k2l2q4-mz.121-22.EA13.bin
switch-p21(config)#end
switch-p21#sh boot
BOOT path-list:       flash:c2950-i6k2l2q4-mz.121-22.EA13.bin
Config file:          flash:/config.text
Private Config file:  flash:/private-config.text
Enable Break:         no
Manual Boot:          no
HELPER path-list:
NVRAM/Config file
      buffer size:    32768
switch-p21#wr mem
Building configuration...
[OK]
switch-p21#reload
Proceed with reload? [confirm]

Upgrading Software in Catalyst 2900XL and 3500XL Switches

Via Command Line Interface

http://www.cisco.com/en/US/products/hw/switches/ps607/products_tech_note09186a00800946e5.shtml 

switch-p23#dir flash:
Directory of flash:/

  2  -rwx     1645824   Jan 01 1970 00:40:12  c2900XL-c3h2s-mz-120.5.2-XU.bin
  3  -rwx        1877   May 06 1997 23:54:44  config.text
  4  -rwx         780   Mar 01 1993 00:17:49  vlan.dat

3612672 bytes total (1962496 bytes free)

switch-p23#delete flash:c2900XL-c3h2s-mz-120.5.2-XU.bin
Delete filename [c2900XL-c3h2s-mz-120.5.2-XU.bin]?
Delete flash:c2900XL-c3h2s-mz-120.5.2-XU.bin? [confirm]
switch-p23#tar /x tftp://10.1.2.1/c2900xl-c3h2s-tar.120-5.WC17.tar flash:
Loading c2900xl-c3h2s-tar.120-5.WC17.tar from 10.1.2.1 (via VLAN300): !
extracting c2900xl-c3h2s-mz.120-5.WC17.bin (1929757 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
switch-p23#dir flash:
Directory of flash:/

  2  -rwx     1929757   Mar 01 1993 05:19:09  c2900xl-c3h2s-mz.120-5.WC17.bin
  3  -rwx        1877   May 06 1997 23:54:44  config.text
  4  -rwx         780   Mar 01 1993 00:17:49  vlan.dat
  5  -rwx        8192   Mar 01 1993 05:19:10  e2rb.bin
  6  drwx         704   Mar 01 1993 05:20:02  html
 18  -rwx         135   Mar 01 1993 05:20:04  info
 19  -rwx         135   Mar 01 1993 05:20:04  info.ver
 20  drwx         320   Mar 01 1993 05:20:06  lre-bin

3612672 bytes total (499712 bytes free)
spare#verify flash:c2900xl-c3h2s-mz.120-5.WC17.bin
switch-p23#conf t
switch-p23(config)#boot system flash:c2900xl-c3h2s-mz.120-5.WC17.bin 
switch-p23(config)#end
switch-p23#reload

System configuration has been modified. Save? [yes/no]: y
Building configuration...

Proceed with reload? [confirm]

Via Common TFTP Procedure

This section lists the steps for the TFTP upgrade procedure on the XL switches. Note: All these commands are run from the privileged EXEC mode. 

switch>enable
switch#

If you upgrade a 2900XL switch, issue the show version command in order to confirm the amount of memory present on the switch. See the How to Determine the Amount of Memory on the Switch Using Command Line Interface section of this document for the details on how to verify the amount of memory present on the 2900XL switch.

Display the name of the running image file. 

switch#show boot
BOOT path-list:      flash:c2900XL-c3h2-mz-112.8.5-SA6.bin
Config file:         flash:config.text
Enable Break:        no
Manual Boot:         no
HELPER path-list:    
NVRAM/Config file
buffer size:   32768

!--- In this case, an upgrade from the Cisco IOS Software !--- Release 11.2(8)SA6 image to a newer release takes place.

If there is no file defined in the BOOT path-list, enter the dir flash: command in order to display the contents of Flash memory. The file with the .bin extension is your image file. 

switch#dir flash:
Directory of flash:

  2  -rwx     1162890   Mar 01 1993 00:33:22  c2900XL-c3h2-mz-112.8.5-
 SA6.bin
 17  -r--         108   Mar 01 1993 00:32:28  info
  4  dr--       13888   Mar 01 1993 00:35:23  html
226  -r--         341   Jan 01 1970 00:03:16  env_vars
227  -rwx        1203   Mar 01 1993 00:24:07  config.text
  6  -r--        8192   Mar 08 1993 00:00:23  e2rb.bin
 18  -r--         108   Mar 01 1993 00:35:24  info.ver

3612672 bytes total (1729024 bytes free)

!--- The switch only has 1.7 MB Flash available. Since this is not enough !--- to load a new image, delete files in Flash in order to !--- first free up some space.

If the size of the file to be loaded is larger than the available capacity, delete the image that exists in Flash in order to make space for a new image: Issue the delete flash: filename command. 

Switch#delete flash:current_image.bin
Delete filename [current_image.bin]?
Delete flash:current_image.bin? [confirm]

Choose Enter in order to confirm the deletion of the file. Note: Once the image in Flash is deleted, do not reboot the switch for any reason until the new image is loaded. If you attempt to reload the switch now, it fails to boot up since there is no image in Flash.

If you upgrade a 4 MB DRAM Catalyst 2900XL Switch and a file that starts with the character string c2900XL-diag-mz appears in the Flash directory, you should remove it in order to make room for the new image. This is a diagnostics file used at the factory in order to run certain tests on the switch and is never used by the customer. If you upgrade an 8 MB DRAM Catalyst 2900XL Switch or Catalyst 3500XL Switch you do not have to delete this file since you have sufficient Flash memory for the new image, but since this file is useless for you, it is advisable to delete it during the upgrade. The diagnostics file has a name in the format: c2900XL-diag-mz-version_name or c3500XL-diag-mz-version_name. The string version_name depends on the switch and software you run. Note: Sometimes this file, might or might not be displayed when you issue the dir flash: command. In this case, issue the dir flash:c2900XL-diag-mz* command. For Example: On the 2900XL switch, issue this command in order to display the diagnostics filename: 

switch# dir flash:c2900XL-diag-mz*
Directory of flash:

-rwx 80971 Sep 14 1998 03:10:38 c2900XL-diag-mz-112.0.0.11-SA2

And delete it: 

Switch#delete flash:c2900XL-diag-mz-112.0.0.11-SA2

Delete filename [c2900XL-diag-mz-112.0.0.11-SA2]?
Delete flash:c2900XL-diag-mz-112.0.0.11-SA2? [confirm]
Switch#

Enter global configuration mode: 

switch#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)#

Disable access to the switch HTML pages: 

switch(config)#no ip http server
Return to privileged EXEC mode:
switch(config)#end
Remove the HTML files, if any:
switch#delete flash:html/*

Choose Enter or y in order to confirm the deletion of each file. Note: You might or might not have an HTML directory in Flash. The HTML directory is only installed during an upgrade that uses a .tar file. Since HTML is a directory that contains all the HTML and GIF files used for the web interface, you have to choose Enter or y many times before all the files in the HTML directory are deleted. Note: Do not press any other keys during this process. If you press any other key, it aborts the deletion of that particular file and go to the next file. You have to issue the delete flash:html/* command again in order to delete the aborted file.

If you upgrade from Cisco IOS Software Release 11.2(8)SA5 or earlier, remove the files in the SNMP directory: 

switch#delete flash:html/Snmp/*

Make sure the S in Snmp is uppercase. Choose Enter or y in order to confirm the deletion of each file. Note: Do not press any other keys during this process. If you press any other key, it aborts the deletion of that particular file and goes to the next file. You have to run the delete flash:html/* command again in order to delete the aborted file.

If you run Cisco IOS Software Release 11.2(8)SA2 or earlier releases on a 4 MB DRAM Catalyst 2900XL switch, create a directory on the switch Flash memory to be used for the HTML files: Note: This step is only for 4 MB DRAM Catalyst 2900XL switches that run Cisco IOS Software Release 11.2(8)SA2 or earlier. 

switch#mkdir flash:html/Snmp

Make sure the S in Snmp is uppercase. Use the tar command in order to copy the combined .tar file to the switch. Note: DO NOT copy the .tar file with the words html in the filename, available in Cisco IOS Software Release 11.2, that uses this procedure as the .tar file includes both the image and the HTML files into a single compressed file. This command copies and automatically extracts the image .bin file as well as the necessary HTML files. Note: If the switch is unable to connect to the TFTP server, verify that you have IP connectivity to the server and check in order to make sure that the TFTP server software is setup correctly. 

switch#tar /x tftp://10.1.1.1/c2900xl-c3h2s-tar.120-5.WC8.tar flash:
Loading c2900xl-c3h2s-tar.120-5.WC8.tar from 10.1.1.1 (via VLAN1): !
extracting c2900xl-c3h2s-mz.120-5.WC8.bin (1803565 
bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting e2rb.bin (8192 bytes)!!
html/ (directory)
extracting html/homepage.htm (3988 bytes)!
extracting html/not_supported.html (1392 bytes)
. . .

!--- Output suppressed.

[OK - 2723840 bytes]

!--- The OK message means that the TFTP process passed successfully  
!--- and both .bin and html files were extracted successfully.

Note: Dependent on the TFTP Server used, you might need to enter only one slash (/) after the server_ip_address in the tar command. Note: Since Cisco IOS Software Release 12.0(5)WC5, the file with .tar extension also has tar in the filename itself. For example, c2900xl-c3h2s-tar.120-5.WC5.tar. Enter the dir flash: command in order to determine the filename of the new image in Flash. 

switch#dir flash:
Directory of flash:

  2  -rwx     1803565   Mar 01 1993 00:49:55  c2900xl-c3h2s-mz.120-5.WC8.bin
 17  -r--         108   Mar 01 1993 00:50:55  info
  4  dr--         832   Mar 01 1993 00:50:53  html
226  -r--         341   Jan 01 1970 00:03:16  env_vars
227  -rwx        1203   Mar 01 1993 00:24:07  config.text
  6  -r--        8192   Mar 01 1993 00:49:56  e2rb.bin
 18  -r--         108   Mar 01 1993 00:50:55  info.ver
	
3612672 bytes total (683520 bytes free)

Make note of the filename, it is used in the next few steps.

Enter global configuration mode: 

switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Set the boot parameters so that when the switch is reloaded after the upgrade, it boots with the new_image. Issue this command in order to set the boot parameter to the new image. This command overwrites any previous boot image settings. 

switch(config)#boot system flash:
c2900xl-c3h2s-mz.120-5.WC8.bin

Reenable access to the switch HTTP pages: 

switch(config)#ip http server

Return to privileged EXEC mode: 

switch(config)#end

Reload the new software with this command: 

switch#reload
System configuration has been modified. Save? [yes/no]:y
Proceed with reload? [confirm]

Choose Return in order to confirm the reload. After the switch reboots, use Telnet or Console login in order to access the switch and enter the privileged EXEC mode show version command in order to verify the upgrade procedure.

Upgrading Software for the 2950/2955 with the CMS image (.tar file)

In this example, the software on a 2950 is upgraded from version 12.1(12c)EA1 to version 121-13.EA1 with the CMS image (.tar file). The procedure is the same for a 2955. Issue the show version command to view the current version of software that you run. Here is a sample command output: 

2950#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1,
RELEASE SOFTWARE (fc1)

!--- The current software version is 12.1(12c)EA1.

Go to the LAN Switching Software section of the Downloads ( registered customers only) page. Select Catalyst 2950 software and locate the image you want to download. Note the size of the image in bytes. This example uses the c2950-i6q4l2-mz.121-13.EA1.tar file. The image size is 4877312 bytes, or approximately 5 MB. Download the image you want.

Issue the dir flash: command on the 2950/2955 to verify how much free memory you have for the upgrade. Here is a sample command output: 

2950#dir flash:
Directory of flash:/
  2  -rwx   2774747  Mar 01 1993 17:52:14  c2950-i6q4l2-mz.121-12c.EA1.bin
 21  -rwx   2665985  Mar 01 1993 18:02:04  c2950-i6q4l2-mz.121-11.EA1a.bin
   
!--- Two images are installed.
	
 4  -rwx       916   Mar 01 1993 03:31:05  vlan.dat
 22  -rwx      312   Mar 01 1993 18:03:19  env_vars
 7  drwx       832   Mar 01 1993 17:53:20  html
	    
!--- output suppressed ---
	
	 
!--- Notice the d in the permissions, which indicates that html is a
!--- directory that contains the CMS files extracted from the .tar image 
!--- during the upgrade.

7741440 bytes total (578048 bytes free)

!--- There is less than 1 MB of free memory in Flash, which is not enough
!--- for the upgrade. Delete one of the old IOS images (.bin files).
	
2950#

Issue the delete command to remove one of the old IOS images in order to make room for the upgrade. Here is a sample command output: 

2950#delete flash:c2950-i6q4l2-mz.121-11.EA1a.bin
Delete filename [c2950-i6q4l2-mz.121-11.EA1a.bin]?
Delete flash:c2950-i6q4l2-mz.121-11.EA1a.bin? [confirm]
2950#
2950#dir flash:
Directory of flash:/
  2  -rwx   2774747  Mar 01 1993 17:52:14  c2950-i6q4l2-mz.121-12c.EA1.bin
    
!--- You can leave one old image as a backup if you prefer.

  4  -rwx       916  Mar 01 1993 03:31:05  vlan.dat
 22  -rwx       312  Mar 01 1993 18:03:19  env_vars
  7  drwx       832  Mar 01 1993 17:53:20  html
    
!--- output suppressed ---

7741440 bytes total (3244544 bytes free)
  
!--- Even though you freed up additional memory there is still not
!--- enough free memory for the upgrade. Delete the files in the
!--- html directory.

2950#


The html directory is where the CMS files are extracted from the .tar image and installed during the upgrade. Issue the dir html command to view these files. Here is a sample command output: 

2950#dir html
Directory of flash:/html/
    3  -rwx        4010   Mar 01 1993 17:52:14  homepage.htm
    5  -rwx        1392   Mar 01 1993 17:52:14  not_supported.html
    8  -rwx        9448   Mar 01 1993 17:52:15  common.js
    9  -rwx       22152   Mar 01 1993 17:52:15  cms_splash.gif
   10  -rwx        1211   Mar 01 1993 17:52:15  cms_13.html
   11  -rwx        2823   Mar 01 1993 17:52:15  cluster.html
   
!--- output suppressed ---

   
!--- These are the files used by the CMS software.

Issue the delete flash:html/* command to delete all of these files before the upgrade. Here is a sample command output: Note: Deletion of these files disables access to the HTML pages during the upgrade. After the upgrade, access becomes available again. 

2950#delete flash:html/*
Delete filename [html/*]?
 
!--- Press ENTER or RETURN for each file.

Delete flash:html/homepage.htm? [confirm] 
Delete flash:html/not_supported.html? [confirm]
Delete flash:html/common.js? [confirm]
Delete flash:html/cms_splash.gif? [confirm]
Delete flash:html/cms_13.html? [confirm]
Delete flash:html/cluster.html? [confirm]

!--- output suppressed ---


2950#dir flash:
Directory of flash:/
    2  -rwx     2774747   Mar 01 1993 17:52:14  c2950-i6q4l2-mz.121-12c.EA1.bin
    4  -rwx         916   Mar 01 1993 03:31:05  vlan.dat
   22  -rwx         312   Mar 01 1993 18:03:19  env_vars
    7  drwx           0   Mar 01 1993 01:13:31  html
    
!--- output suppressed ---

7741440 bytes total (4960256 bytes free)
    
!--- There is now enough room to proceed with the upgrade.

Issue the archive tar command to copy over the .tar file and extract all the files. The full command syntax is archive tar /xtract tftp://<tftp server ip>/<filename> flash:. Here is a sample command output: Note: If you want to upgrade from a release earlier than 12.1(6)EA2 on a 2950, issue the tar command instead of the archive tar command. 

2950#archive tar /xtract tftp://20.20.20.2/c2950-i6q4l2-tar.121-13.EA1.tar flash:
Loading c2950-i6q4l2-tar.121-13.EA1.tar from 20.20.20.2 (via Vlan1): !

!--- The IOS image(.bin file) is being extracted into the flash: directory.

extracting c2950-i6q4l2-mz.121-13.EA1.bin (2888547 bytes)!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
html/ (directory)

!--- The CMS files are extracted into the html directory.

extracting html/homepage.htm (3994 bytes)!
extracting html/not_supported.html (1392 bytes)
extracting html/common.js (9529 bytes)!!
extracting html/cms_splash.gif (22152 bytes)!!!!!
extracting html/cms_13.html (1211 bytes)
extracting html/cluster.html (2823 bytes)!
extracting html/Redirect.jar (4195 bytes)!
extracting html/mono_disc.sgz (15899 bytes)!!!
extracting html/CMS.sgz (1344455 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting html/images.sgz (86918 bytes)!!!!!!!!!!!!!!!!!
extracting html/help.sgz (287994 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!
extracting html/CiscoChartPanel.sgz (135599 bytes)!!!!!!!!!!!!!!!!!!!!!!
extracting html/cms_boot.jar (58864 bytes)!!!!!!!!!!!!
extracting info (109 bytes)
extracting info.ver (109 bytes)
[OK - 4877312 bytes]

!--- The archive tar operation completed successfully.

2950#
2950#verify flash:c2950-i6q4l2-mz.121-13.EA1.bin
Verified flash:c2950-i6q4l2-tar.121-13.EA1.bin

!--- Issue the verify command to verify the IOS image checksum.

2950#

2950#dir flash:
Directory of flash:/
  2  -rwx  2774747  Mar 01 1993 17:52:14  c2950-i6q4l2-mz.121-12c.EA1.bin
  3  -rwx  2888547  Mar 01 1993 02:00:32  c2950-i6q4l2-mz.121-13.EA1.bin
    
!--- The new IOS image has been extracted and installed in flash:.

  4  -rwx      916  Mar 01 1993 03:31:05  vlan.dat
 22  -rwx      312  Mar 01 1993 18:03:19  env_vars
  7  drwx      832  Mar 01 1993 02:03:41  html
    
!--- output suppressed ---

7741440 bytes total (93184 bytes free)
2950#
2950#dir html
Directory of flash:/html/
    5  -rwx        3994   Mar 01 1993 02:00:32  homepage.htm
    6  -rwx        1392   Mar 01 1993 02:00:32  not_supported.html
    8  -rwx        9529   Mar 01 1993 02:00:32  common.js
    9  -rwx       22152   Mar 01 1993 02:00:33  cms_splash.gif
   10  -rwx        1211   Mar 01 1993 02:00:33  cms_13.html
    
!--- output suppressed ---
!--- The new CMS files have been extracted and installed.

Set a boot system statement so the new image boots on the next reload. Here is a sample command output: 

2950#conf t
2950(config)#boot system flash:c2950-i6q4l2-mz.121-13.EA1.bin
2950(config)#end
2950#
2950#sh boot
BOOT path-list:   flash:c2950-i6q4l2-mz.121-13.EA1.bin

!--- output suppressed ---
!--- The boot system statement does not show up in the config.
!--- Issue the show boot command to verify whether the 
!--- new image boots on the next reload of the switch.

You can set a boot system statement to boot a specific backup image if the new image fails for some reason. Otherwise, the 2950/2955 automatically attempts to boot the next valid image in the event of a failure. Here is a sample command output to configure a boot system statement for multiple images: 

2950#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
2950(config)#boot system flash:
   c2950-i6q4l2-mz.121-13.EA1.bin;c2950-i6q4l2-mz.121-12c.EA1.bin

!--- A semi-colon separates the two images - primary and backup.

2950(config)#end
2950#

2950#sh boot
BOOT path-list: flash:
   c2950-i6q4l2-mz.121-13.EA1.bin;c2950-i6q4l2-mz.121-12c.EA1.bin

!--- output suppressed ---
!--- The boot system statement does not show up in the config.
!--- Issue the show boot command to verify whether the new image
!--- boots on the next reload of the switch.

Issue the wr mem command to save your changes and reload the switch. Here is a sample command output: 

2950#wr mem
Building configuration...
[OK]
2950#reload
Proceed with reload? [confirm]

!--- Press RETURN or ENTER.

02:53:37: Bootstrap Emulator called with code 45
02:53:37: %SYS-5-RELOAD: Reload requested

!--- Press RETURN or ENTER.

Verify you run the new image with the show version command. Here is a sample command output: 

2950#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1,
RELEASE SOFTWARE

!--- You now run the new software.

(fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.

!--- output suppressed ---

System image file is "flash:c2950-i6q4l2-mz.121-13.EA1.bin"
cisco WS-C2950-24 (RC32300) processor (revision G0)
with 20839K bytes of memory.
Processor board ID FHK0650X0QY
Last reset from system-reset
Running Standard Image

!--- output suppressed ---
!--- You run the SI feature set. If this model of switch
!--- can run the EI, you see Running Enhanced Image.

This completes the upgrade procedure for a 2950 through the CMS image (.tar file).

Upgrading Software for the 2950/2955 with the IOS image (.bin file)

For this example, the software on a 2950 is upgraded from version 12.1(12c)EA1 to version 121-13.EA1 with only the IOS image (.bin file). The procedure is the same no matter which version of software you use, including the 2955. Issue the show version command to view the current version of software that you run. Here is a sample command output: 

2950#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1,
RELEASE SOFTWARE
(fc1)
	
!--- The current software version is 12.1(12c)EA1.

Go to the LAN Switching Software section of the Downloads ( registered customers only) page. Select Catalyst 2950 or 2955 software and locate the image you want to download. Note the size of the image in bytes. This example uses the c2950-i6q4l2-mz.121-13.EA1.bin file. The image size is 2888547 bytes or approximately 3 MB. Download the image you want. Issue the dir flash: command on the 2950/2955 to verify how much free memory you have for the upgrade. Here is a sample command output: 

2950#dir flash:
Directory of flash:/
   2  -rwx  2774747  Mar 02 1993 00:11:42  c2950-i6q4l2-mz.121-12c.EA1.bin
   3  -rwx        5  Mar 01 1993 00:16:08  private-config.text
   4  -rwx      916  Mar 01 1993 03:31:05  vlan.dat
  22  -rwx  2665985  Mar 02 1993 00:20:15  c2950-i6q4l2-mz.121-11.EA1a.bin

!--- Notice that two images are installed already. 

  6  -rwx     1459  Mar 01 1993 00:16:08  config.text
  7  drwx      832  Mar 02 1993 00:14:18  html

!--- output suppressed ---

7741440 bytes total (578048 bytes free)

!--- There is less than 1 MB of memory free out of the total of !--- 8 MB, which is not enough. Delete the old image !--- in order to upgrade.

2950#

Note: If you already have enough room in Flash for the upgrade, you can proceed directly to Step 5.

Issue the delete command to remove the old image in order to make room for the upgrade. Here is a sample command output: 

2950#delete flash:c2950-i6q4l2-mz.121-11.EA1a.bin
Delete filename [c2950-i6q4l2-mz.121-11.EA1a.bin]?
	
!--- Press RETURN or ENTER.

Delete flash:c2950-i6q4l2-mz.121-11.EA1a.bin? [confirm]

!--- Press RETURN or ENTER.

2950#
2950#dir flash:
Directory of flash:/
    2  -rwx     2774747   Mar 02 1993 00:11:42  c2950-i6q4l2-mz.121-12c.EA1.bin
    
!--- You can leave one old image as a backup if you prefer.

    3  -rwx           5   Mar 01 1993 00:16:08  private-config.text
    4  -rwx         916   Mar 01 1993 03:31:05  vlan.dat
    6  -rwx        1459   Mar 01 1993 00:16:08  config.text
    7  drwx         832   Mar 02 1993 00:14:18  html
    
!--- output suppressed ---

7741440 bytes total (3244544 bytes free)
     
!--- There is now over 3 MB of free Flash memory, 
!--- which is enough for the upgrade.

2950#

Perform the upgrade through the copy tftp flash: command. Here is a sample command output: 

2950#copy tftp flash:
Address or name of remote host []? 20.20.20.2

!--- Type your TFTP server IP address.
!--- Press RETURN or ENTER.

Source filename []? c2950-i6q4l2-mz.121-13.EA1.bin 

!--- Press RETURN or ENTER.

Destination filename [c2950-i6q4l2-mz.121-13.EA1.bin]? 

!--- Press RETURN or ENTER.

Accessing tftp://20.20.20.2/c2950-i6q4l2-mz.121-13.EA1.bin...
Loading c2950-i6q4l2-mz.121-13.EA1.bin from 20.20.20.2 (via Vlan1): !!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 2888547 bytes]
2888547 bytes copied in 96.188 secs (30030 bytes/sec)
2950#dir flash:
Directory of flash:/
    2  -rwx     2774747   Mar 02 1993 00:11:42  c2950-i6q4l2-mz.121-12c.EA1.bin
    3  -rwx           5   Mar 01 1993 00:16:08  private-config.text
    4  -rwx         916   Mar 01 1993 03:31:05  vlan.dat
   22  -rwx     2888547   Mar 01 1993 00:42:03  c2950-i6q4l2-mz.121-13.EA1.bin
    
!--- The new image is installed in the flash: directory.

    6  -rwx        1459   Mar 01 1993 00:16:08  config.text
    7  drwx         832   Mar 02 1993 00:14:18  html
    
!--- output suppressed ---

7741440 bytes total (355840 bytes free)
2950#verify flash:c2950-i6q4l2-mz.121-13.EA1.bin
Verified flash:c2950-i6q4l2-mz.121-13.EA1.bin

!--- Issue the verify command to verify 
!--- whether the image checksum is correct.

Set a boot system statement so the new image boots on the next reload. Here is a sample command output: 

2950#conf t
2950(config)#boot system flash:c2950-i6q4l2-mz.121-13.EA1.bin
2950(config)#end
2950#
2950#sh boot
BOOT path-list:   flash:c2950-i6q4l2-mz.121-13.EA1.bin
	
!--- output suppressed ---
!--- The boot system statement does not show up in the configuration.
!--- Issue the show boot command to verify whether the new image
!--- boots on the next reload of the switch.

Issue the wr mem command to save your changes and reload the switch. Here is a sample command output: 

2950#wr mem
Building configuration...
[OK]
2950#reload
Proceed with reload? [confirm]

!--- Press RETURN or ENTER.

00:05:05: %SYS-5-RELOAD: Reload requested

!--- output suppressed ---

Press RETURN to get started!

!--- Press RETURN or ENTER.

!--- output suppressed ---

Verify whether you run the new image through the show version command. Here is a sample command output: 

2950#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1,
RELEASE SOFTWARE (fc1)

This completes the upgrade procedure for a 2950/2955 using only the IOS image (.bin file).

Configure 2960

  • reload the config (dont paste)
write erase
delete flash:vlan.dat
reload
  • enter basic setup
  • setup pub vlan
conf t
int vlan1
no ip address
int vlan50
ip address 69.55.230.249 255.255.255.0
ip default-gateway 69.55.230.1
end
  • setup priv/mgmt vlan
conf t
int vlan300
no ip address
#ip address 10.1.4.160 255.255.255.0
ip address 10.1.4.161 255.255.255.0 #(p1b)
end
  • setup ports. into vlan, spanning-tree portfast, trunk
conf t
int range GigabitEthernet0/2 - 10
 switchport access vlan 50
 switchport mode access
 duplex full
 spanning-tree portfast
 
int GigabitEthernet0/24
 description Trunk to switch-p1a (vlan 300,50)
 switchport trunk allowed vlan 300,50
 switchport mode trunk
int GigabitEthernet0/1
 description Trunk to ASA (vlan 50)
 switchport trunk allowed vlan 50
 switchport mode trunk
int GigabitEthernet0/23
 description Private net (vlan 300)
 switchport access vlan 300
 switchport mode access
 spanning-tree portfast

int range GigabitEthernet0/11 - 20
 switchport trunk allowed vlan 50,300
 switchport mode trunk
 duplex full
end


  • REFERENCE. to setup a port for trunk or access
conf t
interface FastEthernet0/32
 switchport access vlan 210
 switchport mode dynamic desirable
 duplex full
end
  • setup rapid spanning tree
conf t
spanning-tree mode rapid-pvst
end
  • setup root, on p1a:
conf t
spanning-tree vlan 50 root primary
end
  • and on p1b:
conf t
spanning-tree vlan 50 root secondary
end
  • config terminal. setup timeout, priv level
conf t
line con 0
exec-timeout 10
line vty 0 15
exec-timeout 10
privilege level 0
end
  • setup web user
conf t
service password-encryption
username web privilege 15 password xxxxxxxx
end
  • enable http passwd checking, disable http,
conf t
ip http authentication local
no ip http server
end
  • enable ssh (disable telnet)
conf t
line vty 0 15
transport input ssh
login local
logging synchronous
transport preferred ssh
transport input ssh
transport output ssh
end
  • setup acls to restrict access to ssh on priv net
conf t
access-list 101 remark Permit SSH access from administrators
access-list 101 permit tcp host 10.1.4.1 any eq 22 log
access-list 101 deny ip any any log
line vty 0 15
access-class 101 in
end
  • setup acls to restrict access to https on pub net
conf t
access-list 10 remark Permit HTTPS access from administrators
access-list 10 permit 64.163.14.54
access-list 10 permit 69.55.233.195
access-list 10 permit 99.150.247.226
access-list 10 deny   any log
ip http access-class 10
end
  • setup SNMP
conf t
access-list 20 remark Permit SNMP 
access-list 20 permit 10.1.4.5
access-list 20 deny   any log
no snmp-server community private RW
no snmp-server community public RO
snmp-server community jc292401 RO 20
end
wr mem

Configure 2950

  • reset
write erase
reload
  • enter basic setup
conf t
int vlan300
ip address 10.1.2.52 255.255.255.0
ip default-gateway 10.1.2.1
int vlan300
no shutdown
end
  • ## ONLY for p20 ##
int GigabitEthernet0/1
 description Connection from i2b
int GigabitEthernet0/2
 description BW mirror port
 monitor session 1 source interface gi0/1
 monitor session 1 destination interface gi0/2 encapsulation dot1q
end
  • setup mgmt ports
conf t
int range fa0/1 - 10
 switchport access vlan 300
 spanning-tree portfast

int fa0/24
 description Firewall ext
 spanning-tree portfast
end
  • i2b link vlan
conf t
int range fa0/23 - 24
 switchport access vlan 200
int gi0/1
 switchport access vlan 200
end
  • setup trunk ports
conf t
 int range fa0/19 - 20
 switchport trunk allowed vlan 1,300
 switchport mode trunk 
 no spanning-tree portfast
end
  • ## END p20 ##


  • ## normal switches ##
  • setup ports
conf t
int range fa0/1 - 24
spanning-tree portfast
end
  • setup mgmt port
conf t
 interface fa0/24
 switchport access vlan 300
 description ats-2 - priv
end
  • setup trunk ports
conf t
 int gi0/1
 description Uplink to p20
 switchport trunk allowed vlan 1,300
 switchport mode trunk 
 no spanning-tree portfast
end
  • ## END normal switches ##
  • config terminal. setup timeout, priv level
conf t
line con 0
exec-timeout 10
line vty 0 15
exec-timeout 10
privilege level 0
end
  • enable ssh (disable telnet)
conf t
line vty 0 4
 privilege level 0
 logging synchronous
 transport preferred ssh
 login local
 transport input ssh
 transport output ssh

line vty 5 15
 privilege level 0
 logging synchronous
 login local
 transport preferred none
end
  • setup web user
conf t
service password-encryption
username web privilege 15 password xxxxxxxx
end
  • pass enc
conf t
service password-encryption
end
  • enable http passwd checking, disable http,
conf t
ip http authentication local
#no ip http server (only http avail on 2950)
end
  • lock down ssh/web/telnet access
conf t
no access-list 100
access-list 100 permit ip host 69.55.233.196 any
access-list 100 permit ip host 99.150.247.226 any
access-list 100 permit ip host 10.1.2.1 any
access-list 100 permit ip host 64.163.14.54 any
access-list 100 deny   tcp any any eq www
access-list 100 deny   tcp any any eq telnet
int vlan 300
ip access-group 100 in
ip access-group 100 out

end
  • enable ssh
conf t
ip domain-name johncompanies.com
crypto key generate rsa
1024
end
  • time
conf t
clock timezone PDT -7
clock summer-time PDT recurring 2 Sunday March 2:00 1 Sunday November 2:00
ntp server 10.1.2.1
service timestamps log datetime localtime show-timezone
end
  • setup SNMP
conf t
access-list 20 remark Permit SNMP 
access-list 20 permit 10.1.2.1
access-list 20 deny   any log
no snmp-server community private RW
no snmp-server community public RO
snmp-server community jc292401 RO 20
end

wr mem

Configure 2924 (i2b)

Last updated 2010-11-05

  1. reset

write erase reload

  1. enter basic setup
  1. setup vlans

conf t 

interface VLAN1
no ip address
no ip directed-broadcast
no ip route-cache
shutdown

int vlan300 ip address 10.1.2.58 255.255.255.0 ip default-gateway 10.1.2.1 int vlan300 no shutdown end

  1. setup mgmt ports

conf t 

int fa0/24
switchport access vlan 300
description ats-8 - priv
spanning-tree portfast

end

  1. setup trunk port

conf t interface FastEthernet0/1 

description Uplink to p20
duplex full
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,300,1002-1005
switchport mode trunk
no spanning-tree portfast

end

  1. setup ports

conf t interface FastEthernet0/2 

spanning-tree portfast
no desc

! interface FastEthernet0/3 

spanning-tree portfast
no desc

! interface FastEthernet0/4 

spanning-tree portfast
no desc

! interface FastEthernet0/5 

spanning-tree portfast
no desc

! interface FastEthernet0/6 

spanning-tree portfast
no desc

! interface FastEthernet0/7 

spanning-tree portfast
no desc

! interface FastEthernet0/8 

spanning-tree portfast
no desc

! interface FastEthernet0/9 

spanning-tree portfast
no desc

! interface FastEthernet0/10 

spanning-tree portfast
no desc

! interface FastEthernet0/11 

spanning-tree portfast
no desc

! interface FastEthernet0/12 

spanning-tree portfast
no desc

! interface FastEthernet0/13 

spanning-tree portfast
no desc

! interface FastEthernet0/14 

spanning-tree portfast
no desc

! interface FastEthernet0/15 

spanning-tree portfast
no desc

! interface FastEthernet0/16 

spanning-tree portfast
no desc

! interface FastEthernet0/17 

spanning-tree portfast
no desc

! interface FastEthernet0/18 

spanning-tree portfast
no desc

! interface FastEthernet0/19 

spanning-tree portfast
no desc

! interface FastEthernet0/20 

spanning-tree portfast
no desc

! interface FastEthernet0/21 

spanning-tree portfast
no desc

! interface FastEthernet0/22 

spanning-tree portfast
no desc

! interface FastEthernet0/23 

spanning-tree portfast
no desc

end

  1. config terminal. setup timeout, priv level

conf t line con 0 exec-timeout 10 line vty 0 15 exec-timeout 10 privilege level 0 end

  1. setup web user

conf t service password-encryption username web privilege 15 password xxxxxxxx end

  1. enable http passwd checking, disable http,

conf t ip http authentication local

  1. no ip http server (only http avail on 2950)

end

  1. lock down ssh/web/telnet access

conf t access-list 100 permit ip host 69.55.233.196 any access-list 100 permit ip host 99.150.247.226 any access-list 100 permit ip host 10.1.2.1 any access-list 100 permit ip host 64.163.14.54 any access-list 100 deny tcp any any eq www access-list 100 deny tcp any any eq telnet int vlan 300 ip access-group 100 in ip access-group 100 out

end


  1. time

conf t clock summer-time PDT recurring 2 Sunday March 2:00 1 Sunday November 2:00 clock timezone PST -8 ntp server 10.1.2.1 service timestamps log datetime localtime show-timezone end

conf t access-list 20 remark Permit SNMP access-list 20 permit 10.1.2.1 access-list 20 deny any log no snmp-server community private RW no snmp-server community public RO snmp-server community jc292401 RO 20 end

wr mem

Configure 2924 (castle)

Last updated 2011-01-26

  1. reset

write erase reload

  1. enter basic setup "setup"
  1. setup vlans

conf t 

interface VLAN1
no ip address
no ip directed-broadcast
no ip route-cache
shutdown

int vlan300 ip address 10.1.4.164 255.255.255.0 ip default-gateway 10.1.4.1 int vlan300 no shutdown end

  1. setup trunk port

conf t interface FastEthernet0/1 

description Uplink to p1a
duplex full
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50,300,1002-1005
switchport mode trunk
no spanning-tree portfast

end

conf t interface FastEthernet0/2 

description Uplink to p1b
duplex full
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50,300,1002-1005
switchport mode trunk
no spanning-tree portfast

end

  1. setup ports

conf t interface FastEthernet0/3 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/4 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/5 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/6 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/7 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/8 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/9 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/10 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/11 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/12 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/13 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/14 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/15 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/16 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/17 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/18 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/19 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/20 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/21 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/22 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/23 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/24 

switchport access vlan 50
spanning-tree portfast
no desc

end

  1. config terminal. setup timeout, priv level

conf t line con 0 exec-timeout 10 line vty 0 15 exec-timeout 10 privilege level 0 end

  1. setup web user

conf t service password-encryption username web privilege 15 password xxxxxxxx end

  1. enable http passwd checking, disable http,

conf t ip http authentication local

  1. no ip http server (only http avail on 2950)

end

  1. lock down ssh/web/telnet access

conf t access-list 1 permit 10.1.4.5 end


  1. time

conf t clock summer-time PDT recurring 2 Sunday March 2:00 1 Sunday November 2:00 clock timezone PST -8 ntp server 10.1.4.1 service timestamps log datetime localtime show-timezone end

conf t no snmp-server community private RW no snmp-server community public RO snmp-server community jc292401 RO 1 end

wr mem

Configure a 2924 trunk Last updated 2010-08-05

conf t interface FastEthernet0/1 

description Uplink to p1a
duplex full
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50,300,1002-1005
no spanning-tree portfast

interface FastEthernet0/2 

description Uplink to p1b
duplex full
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50,300,1002-1005
switchport mode trunk
no spanning-tree portfast

Writing commands for IOS missing "int range"

Last updated: 2010-06-04

  1. f=1; while [ $f -le 24 ]; do echo "int fa0/$f"; echo "switchport access vlan 300"; f=`expr $f + 1`; done

int fa0/1 switchport access vlan 300 int fa0/2 switchport access vlan 300 int fa0/3 switchport access vlan 300 int fa0/4 switchport access vlan 300 int fa0/5 switchport access vlan 300 int fa0/6 switchport access vlan 300 int fa0/7 switchport access vlan 300 int fa0/8 switchport access vlan 300 int fa0/9 switchport access vlan 300 int fa0/10 switchport access vlan 300 int fa0/11 switchport access vlan 300 int fa0/12 switchport access vlan 300 int fa0/13 switchport access vlan 300 int fa0/14 switchport access vlan 300 int fa0/15 switchport access vlan 300 int fa0/16 switchport access vlan 300 int fa0/17 switchport access vlan 300 int fa0/18 switchport access vlan 300 int fa0/19 switchport access vlan 300 int fa0/20 switchport access vlan 300 int fa0/21 switchport access vlan 300 int fa0/22 switchport access vlan 300 int fa0/23 switchport access vlan 300 int fa0/24 switchport access vlan 300 int gi0/1 switchport access vlan 300 int gi0/2 switchport access vlan 300

Reset secret pass

Last updated: 2010-08-05

conf t service password-encryption enable secret PASS

  1. f=1; while [ $f -le 24 ]; do echo "int fa0/$f"; echo "switchport access vlan 300"; f=`expr $f + 1`; done

int fa0/1

Retrieved from "https://wiki.jcihosting.com/index.php?title=Switch_Control&oldid=591"