Switch Control

From JCWiki
Jump to navigation Jump to search

Manuals

3750 reference http://www.cisco.com/en/US/products/hw/switches/ps5023/products_command_reference_chapter09186a00801f5ffb.html#2789851

Reset 2900 switch: http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml

Reset other switches: http://slaptijack.com/networking/blow-away-your-cisco-catalyst-configuration/

Finding which IPs are on a port

If you need to find out which IPs are on a particular port, start by finding out what mac addresses are on which port: 

switch-p1> en
switch-p1#show mac-address-table
Dynamic Address Count:                 53
Secure Address (User-defined) Count:   0
Static Address (User-defined) Count:   0
System Self Address Count:             48
Total MAC addresses:                   101
Maximum MAC addresses:                 2048
Non-static Address Table:
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
0002.b315.3201       Dynamic          1  FastEthernet0/8
0002.b3a6.f354       Dynamic          1  FastEthernet0/1
0002.b3bb.45fe       Dynamic          1  FastEthernet0/7
0002.b3e9.226b       Dynamic          1  FastEthernet0/4
0002.b3e9.868c       Dynamic          1  FastEthernet0/13
0002.b9b1.4c01       Dynamic          1  FastEthernet0/24
0004.75a1.91f1       Dynamic          1  FastEthernet0/24
0006.5b3d.80fb       Dynamic          1  FastEthernet0/1
0006.d78a.c798       Dynamic          1  FastEthernet0/1
0007.e90d.e4c9       Dynamic          1  FastEthernet0/24
0007.e95b.c645       Dynamic          1  FastEthernet0/1
000c.f1d3.a7f9       Dynamic          1  FastEthernet0/1
000c.f1dc.f1ce       Dynamic          1  FastEthernet0/3
000c.f1fa.71d7       Dynamic          1  FastEthernet0/24
000d.56fe.ad72       Dynamic          1  FastEthernet0/24
000e.0c59.c1a6       Dynamic          3  FastEthernet0/22
000f.1f64.43bc       Dynamic          1  FastEthernet0/24
0010.e002.473b       Dynamic          1  FastEthernet0/24
0011.0924.1d91       Dynamic          1  FastEthernet0/15
0011.1108.58a6       Dynamic          1  FastEthernet0/24
0011.1119.791e       Dynamic          1  FastEthernet0/24
0020.ed91.f85d       Dynamic          1  FastEthernet0/1
0030.4828.9d50       Dynamic          1  FastEthernet0/1
0030.4841.5246       Dynamic          1  FastEthernet0/5
0030.4870.8332       Dynamic          1  FastEthernet0/1
0030.4870.8898       Dynamic          1  FastEthernet0/1
0030.4871.b911       Dynamic          1  FastEthernet0/23
0050.455b.b27e       Dynamic          1  FastEthernet0/14
0050.50be.f9c8       Dynamic          3  FastEthernet0/22
0060.089a.8f70       Dynamic          1  FastEthernet0/24
0090.27f9.0abf       Dynamic          1  FastEthernet0/2
0090.27f9.1b53       Dynamic          1  FastEthernet0/24
00b0.d020.b557       Dynamic          1  FastEthernet0/9
00b0.d020.df60       Dynamic          1  FastEthernet0/1
00b0.d020.fc4a       Dynamic          1  FastEthernet0/1
00b0.d049.125b       Dynamic          1  FastEthernet0/1
00b0.d049.16a4       Dynamic          1  FastEthernet0/1
00b0.d049.98e4       Dynamic          1  FastEthernet0/24
00b0.d049.a43e       Dynamic          1  FastEthernet0/24
00b0.d049.d03c       Dynamic          1  FastEthernet0/1
00b0.d049.d61f       Dynamic          1  FastEthernet0/1
00b0.d049.e643       Dynamic          1  FastEthernet0/1
00b0.d068.1911       Dynamic          1  FastEthernet0/10
00b0.d068.490b       Dynamic          1  FastEthernet0/24
001e.c95a.d225       Dynamic          1  FastEthernet0/12
00b0.d068.7599       Dynamic          1  FastEthernet0/24
00b0.d068.8451       Dynamic          1  FastEthernet0/6
00b0.d0b0.306b       Dynamic          1  FastEthernet0/1
00b0.d0b0.4020       Dynamic          1  FastEthernet0/11
00b0.d0b0.70bd       Dynamic          1  FastEthernet0/1
00b0.d0b0.c5a4       Dynamic          1  FastEthernet0/1
00b0.d0b0.f533       Dynamic          1  FastEthernet0/24
0800.20c2.1de3       Dynamic          3  FastEthernet0/22

Let's say you want to know what IP's are on port 12. We see the mac address is 001e.c95a.d225 If we look that up in the router we can find the arp'd IP on that mac address:

Castle (3750): 

E-mon-3750>en
E-mon-3750#show arp | include 001e.c95a.d225
Internet  69.55.228.149          39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.228.137          39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.238.164          39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.228.172          38   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.228.212          40   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.238.212          39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.228.196          25   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.24           38   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.25           40   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.27           39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.30           34   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.31           26   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.16           40   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.19           39   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.236.18           38   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.236.14           23   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.14           40   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.15           42   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.3            53   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.5            40   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.6            26   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.234.57           38   001e.c95a.d225  ARPA   Vlan50
Internet  69.55.230.53           38   001e.c95a.d225  ARPA   Vlan50

And we can look at some of these IPs and we quickly realize that they all belong to jail2 and if we look at jail2 we also see the correlation with the mac (ether 00:1e:c9:5a:d2:25): 

jail2 /root# ifconfig
bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4>
        ether 00:1e:c9:5a:d2:27
        inet 10.1.4.102 netmask 0xffffff00 broadcast 10.1.4.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
bce1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4>
        ether 00:1e:c9:5a:d2:25
        inet 69.55.228.53 netmask 0xffffff00 broadcast 69.55.228.255
        inet 69.55.227.56 netmask 0xffffff00 broadcast 69.55.227.255
        inet 69.55.227.57 netmask 0xffffffff broadcast 69.55.227.57
        inet 69.55.227.58 netmask 0xffffffff broadcast 69.55.227.58
        inet 69.55.227.59 netmask 0xffffffff broadcast 69.55.227.59
        inet 69.55.227.60 netmask 0xffffffff broadcast 69.55.227.60
-SNIP-

If we are doing the lookup at i2b: 

firewall2 /usr/home/user# arp -a | grep 00:0c:29:be:0f:e3
? (69.55.229.150) at 00:0c:29:be:0f:e3 on bge1 [ethernet]
firewall2 /usr/home/user#

Note how we have to format the mac address differently than we do on a cisco switch.


The same search works in reverse. Let's say you have an IP and you want to know which port it's on. First lookup the IP:

Castle: 

E-mon-3750#show arp | include 69.55.227.4
Internet  69.55.227.4            78   0030.4828.9d50  ARPA   Vlan50
Internet  69.55.227.49            0   Incomplete      ARPA
Internet  69.55.227.48            0   Incomplete      ARPA
Internet  69.55.227.41            0   Incomplete      ARPA
Internet  69.55.227.40            0   Incomplete      ARPA
Internet  69.55.227.43            0   Incomplete      ARPA
Internet  69.55.227.42            0   Incomplete      ARPA
Internet  69.55.227.45            0   Incomplete      ARPA
Internet  69.55.227.44            0   Incomplete      ARPA
Internet  69.55.227.47          179   001e.c95a.d54f  ARPA   Vlan50
Internet  69.55.227.46            0   Incomplete      ARPA
E-mon-3750#

i2b: 

firewall2 /usr/home/user# arp -a | grep 69.55.229.156
? (69.55.229.156) at 00:15:17:da:2e:fb on bge1 [ethernet]

So we take that mac (e.x. 0030.4828.9d50) and on each of our switches we run: 

switch-p1> en
switch-p1#show mac-address-table | include 0030.4828.9d50

until we find the port. Note, some ios's may not let you run the include command, if so just run show mac-address-table without the include

Controlling port speed

Quick commands, speed 10Mbps: 

enable
configure terminal
interface fastEthernet 0/17
speed 10
exit
exit

Set to 100Mbps: 

enable
configure terminal
interface fastEthernet 0/12
speed 100
exit
exit

Set to Auto (default): 

enable
configure terminal
interface fastEthernet 0/12
speed auto
exit
exit

Sample output: 

switch-p1>enable
switch-p1#show interfaces fastEthernet 0/12
switch-p1#sh int FastEthernet0/12
FastEthernet0/12 is down, line protocol is down
  Hardware is Fast Ethernet, address is 0002.b9b1.4c0c (bia 0002.b9b1.4c0c)
  MTU 1500 bytes, BW 0 Kbit, DLY 0 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Auto-duplex , 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 5w6d, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1126 packets input, 1574484 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     779 packets output, 54919 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
switch-p1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch-p1(config)#interface fastEthernet 0/12
switch-p1(config-if)#speed 10
switch-p1(config-if)#exit
switch-p1(config)#exit
switch-p1#sh int FastEthernet0/12
FastEthernet0/12 is down, line protocol is down
  Hardware is Fast Ethernet, address is 0002.b9b1.4c0c (bia 0002.b9b1.4c0c)
  MTU 1500 bytes, BW 0 Kbit, DLY 0 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Auto-duplex , 10Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 5w6d, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1126 packets input, 1574484 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     779 packets output, 54919 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier

switch-p1#

Shutting down a port

Quick commands: 

enable
configure terminal
interface fastEthernet 0/17
shutdown
exit
exit

Turn back on: 

enable
configure terminal
interface fastEthernet 0/17
no shutdown
exit
exit

Sample output: 

switch-p1>enable
switch-p1#show interfaces fastEthernet 0/17
FastEthernet0/17 is down, line protocol is down
  Hardware is Fast Ethernet, address is 0050.d1d8.94d1 (bia 0050.d1d8.94d1)
  MTU 1500 bytes, BW 0 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive not set
  Duplex setting unknown, Unknown Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1 packets input, 64 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     1 packets output, 64 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
switch-p1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch-p1(config)#interface fastEthernet 0/17
switch-p1(config-if)#shutdown
%LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down
switch-p1(config-if)#no shutdown
%LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to up
%LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to down
switch-p1(config-if)#exit
switch-p1(config)#exit
switch-p1#

Show port stats

For one port: 

switch-p1> en
switch-p1#show int FastEthernet0/7
FastEthernet0/7 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0050.d1d8.94c7 (bia 0050.d1d8.94c7)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive not set
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:02, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 9000 bits/sec, 20 packets/sec
     137101258 packets input, 2869037621 bytes, 0 no buffer
     Received 326 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 26 ignored, 0 abort
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     330219386 packets output, 3304714878 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

For all ports: 

switch-p1> en
switch-p1#show interfaces
VLAN1 is up, line protocol is down
  Hardware is CPU Interface, address is 0050.d1d8.94c0 (bia 0050.d1d8.94c0)
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:10, output 00:00:10, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     137465 packets input, 10297233 bytes, 0 no buffer
     Received 89751 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 302 ignored, 0 abort
     0 input packets with dribble condition detected
     52396 packets output, 6878747 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
VLAN3 is up, line protocol is up
  Hardware is CPU Interface, address is 0050.d1d8.94c0 (bia 0050.d1d8.94c0)
  Internet address is 10.1.4.5/24
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
  Encapsulation ARPA
  ARP type: ARPA, ARP Timeout 04:00:00
FastEthernet0/1 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0050.d1d8.94c1 (bia 0050.d1d8.94c1)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 3/255
  Encapsulation ARPA, loopback not set, keepalive not set
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:37, output 00:00:53, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 4593000 bits/sec, 762 packets/sec
  5 minute output rate 1240000 bits/sec, 689 packets/sec
     260548696 packets input, 2531757155 bytes, 0 no buffer
     Received 22173 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 333 ignored, 0 abort
     0 watchdog, 2942 multicast
     0 input packets with dribble condition detected
     241281983 packets output, 3622221090 bytes, 0 underruns
     0 output errors, 0 collisions, 15 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
FastEthernet0/2 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0050.d1d8.94c2 (bia 0050.d1d8.94c2)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive not set
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:54, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 146000 bits/sec, 108 packets/sec
  5 minute output rate 98000 bits/sec, 114 packets/sec
     22830604 packets input, 905395220 bytes, 0 no buffer
     Received 9845 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 10 ignored, 0 abort
     0 watchdog, 3 multicast
     0 input packets with dribble condition detected
     23910838 packets output, 3702256298 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
 --More--

Moving a port into a vlan

switch-p3>show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16,
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/21
2    col00906                         active    Fa0/22, Fa0/23, Fa0/24
3    VLAN0003                         active    Fa0/20
4    VLAN0004                         active
5    VLAN0005                         active
6    VLAN0006                         active
7    VLAN0007                         active
...
switch-p3>en
switch-p3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch-p3(config)#int fa0/21
switch-p3(config-if)#switchport access vlan 2
switch-p3(config-if)#exit
switch-p3(config)#exit
switch-p3#show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16,
                                                Fa0/17, Fa0/18, Fa0/19
2    col00906                         active    Fa0/21, Fa0/22, Fa0/23, Fa0/24
3    VLAN0003                         active    Fa0/20
4    VLAN0004                         active
5    VLAN0005                         active
6    VLAN0006                         active
7    VLAN0007                         active
...
switch-p3#write mem
Building configuration...
switch-p3#exit

Creating vlan

Last updated: 2007-12-08

switch-p12#vlan database switch-p12(vlan)#vlan 2 name col01656 VLAN 2 added: 

   Name: col01656

switch-p12(vlan)#exit APPLY completed. Exiting.... switch-p12#show vlan VLAN Name Status Ports

-------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, 

                                               Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                               Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                               Fa0/13, Fa0/14, Fa0/15, Fa0/16,
                                               Fa0/17, Fa0/18, Fa0/19, Fa0/20,
                                               Fa0/21, Fa0/22, Fa0/23, Fa0/24

2 col01656 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active switch-p12#write mem

Turning on/off spanning tree

switch-p6#conf t switch-p6(config)#int fa0/1 switch-p6(config-if)#spanning-tree portfast %Warning: portfast enabled on FastEthernet0/1. 

Usually portfast should be enabled on ports connected to a single host.
When portfast is enabled, connecting hubs, concentrators, switches, bridges,
etc. to this interface may cause temporary spanning tree loops.
Use with CAUTION.

switch-p6(config-if)#exit switch-p6(config)#exit switch-p6#write mem Building configuration... [OK] switch-p6#

To turn on:

switch-p6(config-if)#no spanning-tree portfast

To confirm:

switch-p1#show conf Using 1798 out of 32768 bytes ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname switch-p1 ! enable secret 5 $1$cj8o$dNCgX0iUZMGGwhATxXXri. ! ! ! ! ! ! ip subnet-zero ! ! ! interface FastEthernet0/1 

spanning-tree portfast

! interface FastEthernet0/2 

spanning-tree portfast

! interface FastEthernet0/3 

spanning-tree portfast

! interface FastEthernet0/4 

spanning-tree portfast

! interface FastEthernet0/5 

spanning-tree portfast

! interface FastEthernet0/6 

spanning-tree portfast

! interface FastEthernet0/7 

spanning-tree portfast

! interface FastEthernet0/8 

spanning-tree portfast

! interface FastEthernet0/9

Quick Commands:

en conf t int fa0/1 spanning-tree portfast int fa0/2 spanning-tree portfast int fa0/3 spanning-tree portfast int fa0/4 spanning-tree portfast int fa0/5 spanning-tree portfast int fa0/6 spanning-tree portfast int fa0/7 spanning-tree portfast int fa0/8 spanning-tree portfast int fa0/9 spanning-tree portfast int fa0/10 spanning-tree portfast int fa0/11 spanning-tree portfast int fa0/12 spanning-tree portfast int fa0/13 spanning-tree portfast int fa0/14 spanning-tree portfast int fa0/15 spanning-tree portfast int fa0/16 spanning-tree portfast int fa0/17 spanning-tree portfast int fa0/18 spanning-tree portfast int fa0/19 spanning-tree portfast int fa0/20 spanning-tree portfast int fa0/21 spanning-tree portfast int fa0/22 spanning-tree portfast int fa0/23 spanning-tree portfast exit exit write mem show conf

= Add/remove ARP entry to 3750 Last updated: 2010-11-14

E-mon-3750#conf t E-mon-3750(config)#arp 69.55.230.6 000d.5d03.5802 arpa E-mon-3750(config)#exi E-mon-3750#arp 69.55.230.6 000d.5d03.5802 arpa E-mon-3750#show arp | include 000d.5d03.5802 Internet 69.55.230.6 - 000d.5d03.5802 ARPA

To clear:

conf t no 69.55.230.6 000d.5d03.5802 arpa end

Clear all arp on 3750 Last updated: 2009-08-17

E-mon-3750#clear arp

Setup MRTG monitoring (SNMP) on 2450 Last updated: 2010-04-07

Cisco MIBs: ftp://ftp-sj.cisco.com/pub/mibs/supportlists/wsc2900xl/wsc2900xl-supportlist.html http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=lcpu CPU: 1.3.6.1.4.1.9.2.1.58

Configure IP: conf t int vlan 1 ip address 69.55.230.245 255.255.255.0 ip default-gateway 69.55.230.1 en

Disable telnet: conf t line vty 5 15 transport input none

Setup web user, and enable that user to login to web:

switch-p16(config)#username web privilege 15 password k0zub!k switch-p16(config)#line vty 0 4 switch-p16(config-line)#login local switch-p16(config-line)#en

switch-p16(config-line)#password k0zub!k switch-p16(config-line)#login

Disable web: conf t line vty 0 4 transport input none

Setup ACL: conf t access-list 1 permit 69.55.230.2 access-list 1 permit 10.1.4.5

Setup SNMP: conf t no snmp-server community private RW no snmp-server community public RO snmp-server community jc292401 RO 1 en


On mail run: /usr/local/bin/cfgmaker --if-template=template.pl --show-op-down --global "options[_]: growright,bits" --global 'WorkDir: /usr/local/www/mgmt/mrtg/data' --global 'Interval: 1' --global 'LogFormat: rrdtool' --global 'PathAdd: /usr/local/bin' --global 'LibAdd: /usr/local/lib' --host-template=host.pl jc292401@69.55.230.246 --output=switch-p14.cfg

And add crontab entry

Where, template.pl:

  1. if(not $problem_lines)
  2. {
  $target_lines .= <<ECHO;

Target[$target_name]: $if_ref:$router_connect SetEnv[$target_name]: MRTG_INT_IP="$if_ip" MRTG_INT_DESCR="$if_snmp_descr" ECHO 

  if ($directory_name) {
      $target_lines .= "Directory[$target_name]: $directory_name\n";
  }
  $target_lines .= <<ECHO;

MaxBytes[$target_name]: $if_speed Title[$target_name]: $if_snmp_alias -- $if_snmp_name -- $sysname

PageTop[$target_name]:

$html_desc_prefix$html_if_title_desc -- $sysname

ECHO $target_lines .= <<ECHO; ECHO $target_lines .= <<ECHO if $if_ip; ECHO $target_lines .= <<ECHO;
System: $sysname in $html_syslocation
Description: $if_snmp_alias
Interface: $if_snmp_descr
ifType: $html_if_type_desc ($if_type_num)
ifName: $html_if_snmp_name
Max Speed: $if_speed_str
Ip: $if_ip ($if_dns_name)

ECHO

  1. } else {
  #$head_lines="";
#  $head_lines =~ s/^\# //g;
  #$problem_lines="";
 # $problem_lines =~ s/^\# //g;
  #$target_lines="";
 # $target_lines =~ s/^\# //g;
  #$separator_lines="";
 # $separator_lines =~ s/^\# //g;
  1. $target_lines .= "$head_lines $problem_lines$target_lines $separator_lines";
  2. }

And, host.pl: $head_lines .= <<ECHO;

  1. ---------------------------------------------------------------------

ECHO

my $target_name = $router_name . ".cpu";

$target_lines .= <<ECHO;

YLegend[$target_name]: Percentage CPU load ShortLegend[$target_name]: % Legend1[$target_name]: CPU load in % Legend2[$target_name]: Legend3[$target_name]: Max Observed CPU load Legend4[$target_name]: LegendI[$target_name]:  CPU Load: LegendO[$target_name]: WithPeak[$target_name]: ywm MaxBytes[$target_name]: 100 Options[$target_name]: growright, gauge, nopercent Title[$target_name]: $router_name CPU load Target[$target_name]: 1.3.6.1.4.1.9.2.1.58.0&1.3.6.1.4.1.9.2.1.58.0:$router_connect

PageTop[$target_name]:

$router_name CPU load

System: $router_name in $html_syslocation
Maintainer: $html_syscontact
Description: $html_sysdescr
Resource: CPU.

ECHO

Update IOS for 2950 Last updated 2010-11-01

Repo: http://www.cisco.com/cisco/software/navigator.html

Switch# archive download-sw /overwrite tftp://198.30.20.19/c2960-lanbase-tar.122-25.FX.tar

Tar archive:

switch-p21#delete flash:c2950-i6q4l2-mz.121-13.EA1c.bin switch-p21#delete flash:html/images/* switch-p21#delete flash:html/help/*

switch-p21# archive tar /xtract tftp://10.1.2.1/c2950-i6k2l2q4-tar.121-22.EA13.tar flash: !!!!!!!!!!!!!!!!!! ... [OK - 5744640 bytes]

switch-p21#dir flash: switch-p21#verify flash:c2950-i6k2l2q4-mz.121-22.EA13.bin Verified flash:c2950-i6k2l2q4-mz.121-22.EA13.bin switch-p21#conf t Enter configuration commands, one per line. End with CNTL/Z. switch-p21(config)#boot system flash:c2950-i6k2l2q4-mz.121-22.EA13.bin switch-p21(config)#end switch-p21#sh boot BOOT path-list: flash:c2950-i6k2l2q4-mz.121-22.EA13.bin Config file: flash:/config.text Private Config file: flash:/private-config.text Enable Break: no Manual Boot: no HELPER path-list: NVRAM/Config file 

     buffer size:    32768

switch-p21#wr mem Building configuration... [OK] switch-p21#reload Proceed with reload? [confirm]


Upgrading Software in Catalyst 2900XL and 3500XL Switches Using the Command Line Interface Last Updated: 2010-10-27

http://www.cisco.com/en/US/products/hw/switches/ps607/products_tech_note09186a00800946e5.shtml

switch-p23#dir flash: Directory of flash:/ 

 2  -rwx     1645824   Jan 01 1970 00:40:12  c2900XL-c3h2s-mz-120.5.2-XU.bin
 3  -rwx        1877   May 06 1997 23:54:44  config.text
 4  -rwx         780   Mar 01 1993 00:17:49  vlan.dat

3612672 bytes total (1962496 bytes free)

switch-p23#delete flash:c2900XL-c3h2s-mz-120.5.2-XU.bin Delete filename [c2900XL-c3h2s-mz-120.5.2-XU.bin]? Delete flash:c2900XL-c3h2s-mz-120.5.2-XU.bin? [confirm] switch-p23#tar /x tftp://10.1.2.1/c2900xl-c3h2s-tar.120-5.WC17.tar flash: Loading c2900xl-c3h2s-tar.120-5.WC17.tar from 10.1.2.1 (via VLAN300): ! extracting c2900xl-c3h2s-mz.120-5.WC17.bin (1929757 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! switch-p23#dir flash: Directory of flash:/ 

 2  -rwx     1929757   Mar 01 1993 05:19:09  c2900xl-c3h2s-mz.120-5.WC17.bin
 3  -rwx        1877   May 06 1997 23:54:44  config.text
 4  -rwx         780   Mar 01 1993 00:17:49  vlan.dat
 5  -rwx        8192   Mar 01 1993 05:19:10  e2rb.bin
 6  drwx         704   Mar 01 1993 05:20:02  html
18  -rwx         135   Mar 01 1993 05:20:04  info
19  -rwx         135   Mar 01 1993 05:20:04  info.ver
20  drwx         320   Mar 01 1993 05:20:06  lre-bin

3612672 bytes total (499712 bytes free) spare#verify flash:c2900xl-c3h2s-mz.120-5.WC17.bin switch-p23#conf t switch-p23(config)#boot system flash:c2900xl-c3h2s-mz.120-5.WC17.bin switch-p23(config)#end switch-p23#reload

System configuration has been modified. Save? [yes/no]: y Building configuration...

Proceed with reload? [confirm]

Common TFTP Procedure This section lists the steps for the TFTP upgrade procedure on the XL switches. Note: All these commands are run from the privileged EXEC mode. 1. Type enable at the switch> prompt in order to enter the privileged EXEC mode. 2. switch>enable switch# 3. If you upgrade a 2900XL switch, issue the show version command in order to confirm the amount of memory present on the switch. See the How to Determine the Amount of Memory on the Switch Using Command Line Interface section of this document for the details on how to verify the amount of memory present on the 2900XL switch. 4. Display the name of the running image file. 5. switch#show boot 6. BOOT path-list: flash:c2900XL-c3h2-mz-112.8.5-SA6.bin 7. Config file: flash:config.text 8. Enable Break: no 9. Manual Boot: no 10. HELPER path-list: 11. NVRAM/Config file 12. buffer size: 32768 13. 14. !--- In this case, an upgrade from the Cisco IOS Software 15. !--- Release 11.2(8)SA6 image to a newer release takes place. 16. 17. If there is no file defined in the BOOT path-list, enter the dir flash: command in order to display the contents of Flash memory. The file with the .bin extension is your image file. switch#dir flash: Directory of flash: 

 2  -rwx     1162890   Mar 01 1993 00:33:22  c2900XL-c3h2-mz-112.8.5-
SA6.bin
17  -r--         108   Mar 01 1993 00:32:28  info
 4  dr--       13888   Mar 01 1993 00:35:23  html

226 -r-- 341 Jan 01 1970 00:03:16 env_vars 227 -rwx 1203 Mar 01 1993 00:24:07 config.text 

 6  -r--        8192   Mar 08 1993 00:00:23  e2rb.bin
18  -r--         108   Mar 01 1993 00:35:24  info.ver

3612672 bytes total (1729024 bytes free)

!--- The switch only has 1.7 MB Flash available. Since this is not enough !--- to load a new image, delete files in Flash in order to !--- first free up some space.

18. If the size of the file to be loaded is larger than the available capacity, delete the image that exists in Flash in order to make space for a new image: a. Issue the delete flash: filename command. b. Switch#delete flash:current_image.bin c. Delete filename [current_image.bin]? Delete flash:current_image.bin? [confirm] d. Choose Enter in order to confirm the deletion of the file. Note: Once the image in Flash is deleted, do not reboot the switch for any reason until the new image is loaded. If you attempt to reload the switch now, it fails to boot up since there is no image in Flash. 19. If you upgrade a 4 MB DRAM Catalyst 2900XL Switch and a file that starts with the character string c2900XL-diag-mz appears in the Flash directory, you should remove it in order to make room for the new image. This is a diagnostics file used at the factory in order to run certain tests on the switch and is never used by the customer. If you upgrade an 8 MB DRAM Catalyst 2900XL Switch or Catalyst 3500XL Switch you do not have to delete this file since you have sufficient Flash memory for the new image, but since this file is useless for you, it is advisable to delete it during the upgrade. The diagnostics file has a name in the format: c2900XL-diag-mz-version_name or c3500XL-diag-mz-version_name. The string version_name depends on the switch and software you run. Note: Sometimes this file, might or might not be displayed when you issue the dir flash: command. In this case, issue the dir flash:c2900XL-diag-mz* command. For Example: On the 2900XL switch, issue this command in order to display the diagnostics filename: switch# dir flash:c2900XL-diag-mz* Directory of flash:

-rwx 80971 Sep 14 1998 03:10:38 c2900XL-diag-mz-112.0.0.11-SA2 And delete it: Switch#delete flash:c2900XL-diag-mz-112.0.0.11-SA2

Delete filename [c2900XL-diag-mz-112.0.0.11-SA2]? Delete flash:c2900XL-diag-mz-112.0.0.11-SA2? [confirm] Switch# 20. Enter global configuration mode: 21. switch#config terminal 22. Enter configuration commands, one per line. End with CNTL/Z. switch(config)# 23. Disable access to the switch HTML pages: 24. switch(config)#no ip http server 25. Return to privileged EXEC mode: 26. switch(config)#end 27. Remove the HTML files, if any: 28. switch#delete flash:html/* Choose Enter or y in order to confirm the deletion of each file. Note: You might or might not have an HTML directory in Flash. The HTML directory is only installed during an upgrade that uses a .tar file. Since HTML is a directory that contains all the HTML and GIF files used for the web interface, you have to choose Enter or y many times before all the files in the HTML directory are deleted. Note: Do not press any other keys during this process. If you press any other key, it aborts the deletion of that particular file and go to the next file. You have to issue the delete flash:html/* command again in order to delete the aborted file. 29. If you upgrade from Cisco IOS Software Release 11.2(8)SA5 or earlier, remove the files in the SNMP directory: 30. switch#delete flash:html/Snmp/* Make sure the S in Snmp is uppercase. Choose Enter or y in order to confirm the deletion of each file. Note: Do not press any other keys during this process. If you press any other key, it aborts the deletion of that particular file and goes to the next file. You have to run the delete flash:html/* command again in order to delete the aborted file. 31. If you run Cisco IOS Software Release 11.2(8)SA2 or earlier releases on a 4 MB DRAM Catalyst 2900XL switch, create a directory on the switch Flash memory to be used for the HTML files: Note: This step is only for 4 MB DRAM Catalyst 2900XL switches that run Cisco IOS Software Release 11.2(8)SA2 or earlier. switch#mkdir flash:html/Snmp Make sure the S in Snmp is uppercase. 32. Use the tar command in order to copy the combined .tar file to the switch. Note: DO NOT copy the .tar file with the words html in the filename, available in Cisco IOS Software Release 11.2, that uses this procedure as the .tar file includes both the image and the HTML files into a single compressed file. This command copies and automatically extracts the image .bin file as well as the necessary HTML files. Note: If the switch is unable to connect to the TFTP server, verify that you have IP connectivity to the server and check in order to make sure that the TFTP server software is setup correctly. switch#tar /x tftp://10.1.1.1/c2900xl-c3h2s-tar.120-5.WC8.tar flash: Loading c2900xl-c3h2s-tar.120-5.WC8.tar from 10.1.1.1 (via VLAN1): ! extracting c2900xl-c3h2s-mz.120-5.WC8.bin (1803565 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! extracting e2rb.bin (8192 bytes)!! html/ (directory) extracting html/homepage.htm (3988 bytes)! extracting html/not_supported.html (1392 bytes) . . .

!--- Output suppressed.

[OK - 2723840 bytes]

!--- The OK message means that the TFTP process passed successfully !--- and both .bin and html files were extracted successfully.

Note: Dependent on the TFTP Server used, you might need to enter only one slash (/) after the server_ip_address in the tar command. Note: Since Cisco IOS Software Release 12.0(5)WC5, the file with .tar extension also has tar in the filename itself. For example, c2900xl-c3h2s-tar.120-5.WC5.tar. 33. Enter the dir flash: command in order to determine the filename of the new image in Flash. 34. switch#dir flash: 35. Directory of flash: 36. 37. 2 -rwx 1803565 Mar 01 1993 00:49:55 c2900xl-c3h2s-mz.120-5. 38. WC8.bin 39. 17 -r-- 108 Mar 01 1993 00:50:55 info 40. 4 dr-- 832 Mar 01 1993 00:50:53 html 41. 226 -r-- 341 Jan 01 1970 00:03:16 env_vars 42. 227 -rwx 1203 Mar 01 1993 00:24:07 config.text 43. 6 -r-- 8192 Mar 01 1993 00:49:56 e2rb.bin 44. 18 -r-- 108 Mar 01 1993 00:50:55 info.ver 45. 3612672 bytes total (683520 bytes free) Make note of the filename, it is used in the next few steps. 46. Enter global configuration mode: 47. switch#configure terminal 48. Enter configuration commands, one per line. End with CNTL/Z. 49. Set the boot parameters so that when the switch is reloaded after the upgrade, it boots with the new_image. Issue this command in order to set the boot parameter to the new image. This command overwrites any previous boot image settings. switch(config)#boot system flash: c2900xl-c3h2s-mz.120-5.WC8.bin 50. Reenable access to the switch HTTP pages: 51. switch(config)#ip http server 52. Return to privileged EXEC mode: 53. switch(config)#end 54. Reload the new software with this command: 55. switch#reload 56. System configuration has been modified. Save? [yes/no]:y Proceed with reload? [confirm] 57. Choose Return in order to confirm the reload. 58. After the switch reboots, use Telnet or Console login in order to access the switch and enter the privileged EXEC mode show version command in order to verify the upgrade procedure.

Step-by-Step Procedure for the 2950/2955 with the CMS image (.tar file) In this example, the software on a 2950 is upgraded from version 12.1(12c)EA1 to version 121-13.EA1 with the CMS image (.tar file). The procedure is the same for a 2955. 1. Issue the show version command to view the current version of software that you run. Here is a sample command output: 2. 2950#sh ver 3. Cisco Internetwork Operating System Software 4. IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, 5. RELEASE SOFTWARE (fc1) 6. 7. !--- The current software version is 12.1(12c)EA1. 8. 9. Go to the LAN Switching Software section of the Downloads ( registered customers only) page. Select Catalyst 2950 software and locate the image you want to download. Note the size of the image in bytes. This example uses the c2950-i6q4l2-mz.121-13.EA1.tar file. The image size is 4877312 bytes, or approximately 5 MB. Download the image you want. 10. Issue the dir flash: command on the 2950/2955 to verify how much free memory you have for the upgrade. Here is a sample command output: 11. 2950#dir flash: 12. Directory of flash:/ 13. 2 -rwx 2774747 Mar 01 1993 17:52:14 c2950-i6q4l2-mz.121-12c.EA1.bin 14. 21 -rwx 2665985 Mar 01 1993 18:02:04 c2950-i6q4l2-mz.121-11.EA1a.bin 15. 16. !--- Two images are installed. 17. 18. 4 -rwx 916 Mar 01 1993 03:31:05 vlan.dat 19. 22 -rwx 312 Mar 01 1993 18:03:19 env_vars 20. 7 drwx 832 Mar 01 1993 17:53:20 html 21. 22. !--- output suppressed --- 23. 24. 25. !--- Notice the d in the permissions, which indicates that html is a 26. !--- directory that contains the CMS files extracted from the .tar image 27. !--- during the upgrade. 28. 29. 7741440 bytes total (578048 bytes free) 30. 31. !--- There is less than 1 MB of free memory in Flash, which is not enough 32. !--- for the upgrade. Delete one of the old IOS images (.bin files). 33. 2950# 34. Issue the delete command to remove one of the old IOS images in order to make room for the upgrade. Here is a sample command output: 35. 2950#delete flash:c2950-i6q4l2-mz.121-11.EA1a.bin 36. Delete filename [c2950-i6q4l2-mz.121-11.EA1a.bin]? 37. Delete flash:c2950-i6q4l2-mz.121-11.EA1a.bin? [confirm] 38. 2950# 39. 2950#dir flash: 40. Directory of flash:/ 41. 2 -rwx 2774747 Mar 01 1993 17:52:14 c2950-i6q4l2-mz.121-12c.EA1.bin 42. 43. !--- You can leave one old image as a backup if you prefer. 44. 45. 4 -rwx 916 Mar 01 1993 03:31:05 vlan.dat 46. 22 -rwx 312 Mar 01 1993 18:03:19 env_vars 47. 7 drwx 832 Mar 01 1993 17:53:20 html 48. 49. !--- output suppressed --- 50. 51. 7741440 bytes total (3244544 bytes free) 52. 53. !--- Even though you freed up additional memory there is still not 54. !--- enough free memory for the upgrade. Delete the files in the 55. !--- html directory. 56. 

 2950#

The html directory is where the CMS files are extracted from the .tar image and installed during the upgrade. Issue the dir html command to view these files. Here is a sample command output: 2950#dir html Directory of flash:/html/ 

   3  -rwx        4010   Mar 01 1993 17:52:14  homepage.htm
   5  -rwx        1392   Mar 01 1993 17:52:14  not_supported.html
   8  -rwx        9448   Mar 01 1993 17:52:15  common.js
   9  -rwx       22152   Mar 01 1993 17:52:15  cms_splash.gif
  10  -rwx        1211   Mar 01 1993 17:52:15  cms_13.html
  11  -rwx        2823   Mar 01 1993 17:52:15  cluster.html

!--- output suppressed ---


!--- These are the files used by the CMS software.

Issue the delete flash:html/* command to delete all of these files before the upgrade. Here is a sample command output: Note: Deletion of these files disables access to the HTML pages during the upgrade. After the upgrade, access becomes available again. 2950#delete flash:html/* Delete filename [html/*]?

!--- Press ENTER or RETURN for each file.

Delete flash:html/homepage.htm? [confirm] Delete flash:html/not_supported.html? [confirm] Delete flash:html/common.js? [confirm] Delete flash:html/cms_splash.gif? [confirm] Delete flash:html/cms_13.html? [confirm] Delete flash:html/cluster.html? [confirm]

!--- output suppressed ---


2950#dir flash: Directory of flash:/ 

   2  -rwx     2774747   Mar 01 1993 17:52:14  c2950-i6q4l2-mz.121-12c.EA1.bin
   4  -rwx         916   Mar 01 1993 03:31:05  vlan.dat
  22  -rwx         312   Mar 01 1993 18:03:19  env_vars
   7  drwx           0   Mar 01 1993 01:13:31  html

!--- output suppressed ---

7741440 bytes total (4960256 bytes free)

!--- There is now enough room to proceed with the upgrade.

57. Issue the archive tar command to copy over the .tar file and extract all the files. The full command syntax is archive tar /xtract tftp://<tftp server ip>/<filename> flash:. Here is a sample command output: Note: If you want to upgrade from a release earlier than 12.1(6)EA2 on a 2950, issue the tar command instead of the archive tar command. 2950#archive tar /xtract tftp://20.20.20.2/c2950-i6q4l2-tar.121-13.EA1.tar flash: Loading c2950-i6q4l2-tar.121-13.EA1.tar from 20.20.20.2 (via Vlan1): !

!--- The IOS image(.bin file) is being extracted into the flash: directory.

extracting c2950-i6q4l2-mz.121-13.EA1.bin (2888547 bytes)!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! html/ (directory)

!--- The CMS files are extracted into the html directory.

extracting html/homepage.htm (3994 bytes)! extracting html/not_supported.html (1392 bytes) extracting html/common.js (9529 bytes)!! extracting html/cms_splash.gif (22152 bytes)!!!!! extracting html/cms_13.html (1211 bytes) extracting html/cluster.html (2823 bytes)! extracting html/Redirect.jar (4195 bytes)! extracting html/mono_disc.sgz (15899 bytes)!!! extracting html/CMS.sgz (1344455 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! extracting html/images.sgz (86918 bytes)!!!!!!!!!!!!!!!!! extracting html/help.sgz (287994 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!! extracting html/CiscoChartPanel.sgz (135599 bytes)!!!!!!!!!!!!!!!!!!!!!! extracting html/cms_boot.jar (58864 bytes)!!!!!!!!!!!! extracting info (109 bytes) extracting info.ver (109 bytes) [OK - 4877312 bytes]

!--- The archive tar operation completed successfully.

2950# 2950#verify flash:c2950-i6q4l2-mz.121-13.EA1.bin Verified flash:c2950-i6q4l2-tar.121-13.EA1.bin

!--- Issue the verify command to verify the IOS image checksum.

2950#

2950#dir flash: Directory of flash:/ 

 2  -rwx  2774747  Mar 01 1993 17:52:14  c2950-i6q4l2-mz.121-12c.EA1.bin
 3  -rwx  2888547  Mar 01 1993 02:00:32  c2950-i6q4l2-mz.121-13.EA1.bin

!--- The new IOS image has been extracted and installed in flash:. 

 4  -rwx      916  Mar 01 1993 03:31:05  vlan.dat
22  -rwx      312  Mar 01 1993 18:03:19  env_vars
 7  drwx      832  Mar 01 1993 02:03:41  html

!--- output suppressed ---

7741440 bytes total (93184 bytes free) 2950# 2950#dir html Directory of flash:/html/ 

   5  -rwx        3994   Mar 01 1993 02:00:32  homepage.htm
   6  -rwx        1392   Mar 01 1993 02:00:32  not_supported.html
   8  -rwx        9529   Mar 01 1993 02:00:32  common.js
   9  -rwx       22152   Mar 01 1993 02:00:33  cms_splash.gif
  10  -rwx        1211   Mar 01 1993 02:00:33  cms_13.html

!--- output suppressed --- !--- The new CMS files have been extracted and installed.

58. Set a boot system statement so the new image boots on the next reload. Here is a sample command output: 59. 2950#conf t 60. 2950(config)#boot system flash:c2950-i6q4l2-mz.121-13.EA1.bin 61. 2950(config)#end 62. 2950# 63. 2950#sh boot 64. BOOT path-list: flash:c2950-i6q4l2-mz.121-13.EA1.bin 65. 66. !--- output suppressed --- 67. !--- The boot system statement does not show up in the config. 68. !--- Issue the show boot command to verify whether the 69. !--- new image boots on the next reload of the switch. 70. You can set a boot system statement to boot a specific backup image if the new image fails for some reason. Otherwise, the 2950/2955 automatically attempts to boot the next valid image in the event of a failure. Here is a sample command output to configure a boot system statement for multiple images: 2950#conf t Enter configuration commands, one per line. End with CNTL/Z. 2950(config)#boot system flash: 

  c2950-i6q4l2-mz.121-13.EA1.bin;c2950-i6q4l2-mz.121-12c.EA1.bin

!--- A semi-colon separates the two images - primary and backup.

2950(config)#end 2950#

2950#sh boot BOOT path-list: flash: 

  c2950-i6q4l2-mz.121-13.EA1.bin;c2950-i6q4l2-mz.121-12c.EA1.bin

!--- output suppressed --- !--- The boot system statement does not show up in the config. !--- Issue the show boot command to verify whether the new image !--- boots on the next reload of the switch.

71. Issue the wr mem command to save your changes and reload the switch. Here is a sample command output: 72. 2950#wr mem 73. Building configuration... 74. [OK] 75. 2950#reload 76. Proceed with reload? [confirm] 77. 78. !--- Press RETURN or ENTER. 79. 80. 02:53:37: Bootstrap Emulator called with code 45 81. 02:53:37: %SYS-5-RELOAD: Reload requested 82. 83. !--- Press RETURN or ENTER. 84. 85. Verify you run the new image with the show version command. Here is a sample command output: 86. 2950#sh ver 87. Cisco Internetwork Operating System Software 88. IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, 89. RELEASE SOFTWARE 90. 91. !--- You now run the new software. 92. 93. (fc1) 94. Copyright (c) 1986-2003 by cisco Systems, Inc. 95. 96. !--- output suppressed --- 97. 98. System image file is "flash:c2950-i6q4l2-mz.121-13.EA1.bin" 99. cisco WS-C2950-24 (RC32300) processor (revision G0) 100. with 20839K bytes of memory. 101. Processor board ID FHK0650X0QY 102. Last reset from system-reset 103. Running Standard Image 104. 105. !--- output suppressed --- 106. !--- You run the SI feature set. If this model of switch 107. !--- can run the EI, you see Running Enhanced Image. 108. This completes the upgrade procedure for a 2950 through the CMS image (.tar file).

Step-by-Step Procedure for the 2950/2955 with only the IOS image (.bin file) For this example, the software on a 2950 is upgraded from version 12.1(12c)EA1 to version 121-13.EA1 with only the IOS image (.bin file). The procedure is the same no matter which version of software you use, including the 2955. 1. Issue the show version command to view the current version of software that you run. Here is a sample command output: 2. 2950#sh ver 3. Cisco Internetwork Operating System Software 4. IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, 5. RELEASE SOFTWARE 6. (fc1) 7. 8. !--- The current software version is 12.1(12c)EA1. 9. 10. Go to the LAN Switching Software section of the Downloads ( registered customers only) page. Select Catalyst 2950 or 2955 software and locate the image you want to download. Note the size of the image in bytes. This example uses the c2950-i6q4l2-mz.121-13.EA1.bin file. The image size is 2888547 bytes or approximately 3 MB. Download the image you want. 11. Issue the dir flash: command on the 2950/2955 to verify how much free memory you have for the upgrade. Here is a sample command output: 12. 2950#dir flash: 13. Directory of flash:/ 14. 2 -rwx 2774747 Mar 02 1993 00:11:42 c2950-i6q4l2-mz.121-12c.EA1.bin 15. 3 -rwx 5 Mar 01 1993 00:16:08 private-config.text 16. 4 -rwx 916 Mar 01 1993 03:31:05 vlan.dat 17. 22 -rwx 2665985 Mar 02 1993 00:20:15 c2950-i6q4l2-mz.121-11.EA1a.bin 18. 19. !--- Notice that two images are installed already. 20. 21. 6 -rwx 1459 Mar 01 1993 00:16:08 config.text 22. 7 drwx 832 Mar 02 1993 00:14:18 html 23. 24. !--- output suppressed --- 25. 26. 7741440 bytes total (578048 bytes free) 27. 28. !--- There is less than 1 MB of memory free out of the total of 29. !--- 8 MB, which is not enough. Delete the old image 30. !--- in order to upgrade. 31. 2950# Note: If you already have enough room in Flash for the upgrade, you can proceed directly to Step 5. 32. Issue the delete command to remove the old image in order to make room for the upgrade. Here is a sample command output: 33. 2950#delete flash:c2950-i6q4l2-mz.121-11.EA1a.bin 34. Delete filename [c2950-i6q4l2-mz.121-11.EA1a.bin]? 35. 36. !--- Press RETURN or ENTER. 37. 38. Delete flash:c2950-i6q4l2-mz.121-11.EA1a.bin? [confirm] 39. 40. !--- Press RETURN or ENTER. 41. 42. 2950# 43. 2950#dir flash: 44. Directory of flash:/ 45. 2 -rwx 2774747 Mar 02 1993 00:11:42 c2950-i6q4l2-mz.121-12c.EA1.bin 46. 47. !--- You can leave one old image as a backup if you prefer. 48. 49. 3 -rwx 5 Mar 01 1993 00:16:08 private-config.text 50. 4 -rwx 916 Mar 01 1993 03:31:05 vlan.dat 51. 6 -rwx 1459 Mar 01 1993 00:16:08 config.text 52. 7 drwx 832 Mar 02 1993 00:14:18 html 53. 54. !--- output suppressed --- 55. 56. 7741440 bytes total (3244544 bytes free) 57. 58. !--- There is now over 3 MB of free Flash memory, 59. !--- which is enough for the upgrade. 60. 2950# 61. Perform the upgrade through the copy tftp flash: command. Here is a sample command output: 62. 2950#copy tftp flash: 63. Address or name of remote host []? 20.20.20.2 64. 65. !--- Type your TFTP server IP address. 66. !--- Press RETURN or ENTER. 67. 68. Source filename []? c2950-i6q4l2-mz.121-13.EA1.bin 69. 70. !--- Press RETURN or ENTER. 71. 72. Destination filename [c2950-i6q4l2-mz.121-13.EA1.bin]? 73. 74. !--- Press RETURN or ENTER. 75. 76. Accessing tftp://20.20.20.2/c2950-i6q4l2-mz.121-13.EA1.bin... 77. Loading c2950-i6q4l2-mz.121-13.EA1.bin from 20.20.20.2 (via Vlan1): !!!!!!!!!! 78. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 79. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 80. [OK - 2888547 bytes] 81. 2888547 bytes copied in 96.188 secs (30030 bytes/sec) 82. 2950#dir flash: 83. Directory of flash:/ 84. 2 -rwx 2774747 Mar 02 1993 00:11:42 c2950-i6q4l2-mz.121-12c.EA1.bin 85. 3 -rwx 5 Mar 01 1993 00:16:08 private-config.text 86. 4 -rwx 916 Mar 01 1993 03:31:05 vlan.dat 87. 22 -rwx 2888547 Mar 01 1993 00:42:03 c2950-i6q4l2-mz.121-13.EA1.bin 88. 89. !--- The new image is installed in the flash: directory. 90. 91. 6 -rwx 1459 Mar 01 1993 00:16:08 config.text 92. 7 drwx 832 Mar 02 1993 00:14:18 html 93. 94. !--- output suppressed --- 95. 96. 7741440 bytes total (355840 bytes free) 97. 2950#verify flash:c2950-i6q4l2-mz.121-13.EA1.bin 98. Verified flash:c2950-i6q4l2-mz.121-13.EA1.bin 99. 100. !--- Issue the verify command to verify 101. !--- whether the image checksum is correct. 102. 103. Set a boot system statement so the new image boots on the next reload. Here is a sample command output: 104. 2950#conf t 105. 2950(config)#boot system flash:c2950-i6q4l2-mz.121-13.EA1.bin 106. 2950(config)#end 107. 2950# 108. 2950#sh boot 109. BOOT path-list: flash:c2950-i6q4l2-mz.121-13.EA1.bin 110. 111. !--- output suppressed --- 112. !--- The boot system statement does not show up in the configuration. 113. !--- Issue the show boot command to verify whether the new image 114. !--- boots on the next reload of the switch. 115. 116. Issue the wr mem command to save your changes and reload the switch. Here is a sample command output: 117. 2950#wr mem 118. Building configuration... 119. [OK] 120. 2950#reload 121. Proceed with reload? [confirm] 122. 123. !--- Press RETURN or ENTER. 124. 125. 00:05:05: %SYS-5-RELOAD: Reload requested 126. 127. !--- output suppressed --- 128. 129. Press RETURN to get started! 130. 131. !--- Press RETURN or ENTER. 132. 133. 134. !--- output suppressed --- 135. 136. Verify whether you run the new image through the show version command. Here is a sample command output: 137. 2950#sh ver 138. Cisco Internetwork Operating System Software 139. IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1) This completes the upgrade procedure for a 2950/2955 using only the IOS image (.bin file).

Configure 2960 Last updated 2010-05-11


  1. reload the config (dont paste)

write erase delete flash:vlan.dat reload

  1. enter basic setup
  1. setup pub vlan

conf t int vlan1 no ip address int vlan50 ip address 69.55.230.249 255.255.255.0 ip default-gateway 69.55.230.1 end

  1. 69.55.230.251
  2. 69.55.230.253
  3. 69.55.230.254
  4. 69.55.230.250
  5. 69.55.230.252
  1. 69.55.230.249
  1. setup priv/mgmt vlan

conf t int vlan300 no ip address

  1. ip address 10.1.4.160 255.255.255.0

ip address 10.1.4.161 255.255.255.0 #(p1b) end

  1. setup ports. into vlan, spanning-tree portfast, trunk

conf t int range GigabitEthernet0/2 - 10 

switchport access vlan 50
switchport mode access
duplex full
spanning-tree portfast

int GigabitEthernet0/24 

description Trunk to switch-p1a (vlan 300,50)
switchport trunk allowed vlan 300,50
switchport mode trunk

int GigabitEthernet0/1 

description Trunk to ASA (vlan 50)
switchport trunk allowed vlan 50
switchport mode trunk

int GigabitEthernet0/23 

description Private net (vlan 300)
switchport access vlan 300
switchport mode access
spanning-tree portfast

int range GigabitEthernet0/11 - 20 

switchport trunk allowed vlan 50,300
switchport mode trunk
duplex full

end


  1. REFERENCE. to setup a port for trunk or access

conf t interface FastEthernet0/32 

switchport access vlan 210
switchport mode dynamic desirable
duplex full

end

  1. setup rapid spanning tree

conf t spanning-tree mode rapid-pvst end

  1. setup root, on p1a:

conf t spanning-tree vlan 50 root primary end

  1. and on p1b:

conf t spanning-tree vlan 50 root secondary end

  1. config terminal. setup timeout, priv level

conf t line con 0 exec-timeout 10 line vty 0 15 exec-timeout 10 privilege level 0 end

  1. setup web user

conf t service password-encryption username web privilege 15 password xxxxxxxx end

  1. enable http passwd checking, disable http,

conf t ip http authentication local no ip http server end

  1. enable ssh (disable telnet)

conf t line vty 0 15 transport input ssh login local logging synchronous transport preferred ssh transport input ssh transport output ssh end

  1. setup acls to restrict access to ssh on priv net

conf t access-list 101 remark Permit SSH access from administrators access-list 101 permit tcp host 10.1.4.1 any eq 22 log access-list 101 deny ip any any log line vty 0 15 access-class 101 in end

  1. setup acls to restrict access to https on pub net

conf t access-list 10 remark Permit HTTPS access from administrators access-list 10 permit 64.163.14.54 access-list 10 permit 69.55.233.195 access-list 10 permit 99.150.247.226 access-list 10 deny any log ip http access-class 10 end

  1. setup SNMP

conf t access-list 20 remark Permit SNMP access-list 20 permit 10.1.4.5 access-list 20 deny any log no snmp-server community private RW no snmp-server community public RO snmp-server community jc292401 RO 20 end

wr mem Configure 2950 Last updated 2010-10-06

  1. reset

write erase reload

  1. enter basic setup

conf t int vlan300 ip address 10.1.2.52 255.255.255.0 ip default-gateway 10.1.2.1 int vlan300 no shutdown end

    1. ONLY for p20 ##

int GigabitEthernet0/1 

description Connection from i2b

int GigabitEthernet0/2 

description BW mirror port
monitor session 1 source interface gi0/1
monitor session 1 destination interface gi0/2 encapsulation dot1q

end

  1. setup mgmt ports

conf t int range fa0/1 - 10 

switchport access vlan 300
spanning-tree portfast

int fa0/24 

description Firewall ext
spanning-tree portfast

end

  1. i2b link vlan

conf t int range fa0/23 - 24 

switchport access vlan 200

int gi0/1 

switchport access vlan 200

end


  1. setup trunk ports

conf t 

int range fa0/19 - 20
switchport trunk allowed vlan 1,300
switchport mode trunk 
no spanning-tree portfast

end


    1. END p20 ##


    1. normal switches ##
  1. setup ports

conf t int range fa0/1 - 24 spanning-tree portfast end

  1. setup mgmt port

conf t 

interface fa0/24
switchport access vlan 300
description ats-2 - priv

end

  1. setup trunk ports

conf t 

int gi0/1
description Uplink to p20
switchport trunk allowed vlan 1,300
switchport mode trunk 
no spanning-tree portfast

end

    1. END normal switches ##
  1. config terminal. setup timeout, priv level

conf t line con 0 exec-timeout 10 line vty 0 15 exec-timeout 10 privilege level 0 end

  1. enable ssh (disable telnet)

conf t line vty 0 4 

privilege level 0
logging synchronous
transport preferred ssh
login local
transport input ssh
transport output ssh

line vty 5 15 

privilege level 0
logging synchronous
login local
transport preferred none

end

  1. setup web user

conf t service password-encryption username web privilege 15 password xxxxxxxx end

  1. pass enc

conf t service password-encryption end

  1. enable http passwd checking, disable http,

conf t ip http authentication local

  1. no ip http server (only http avail on 2950)

end

  1. lock down ssh/web/telnet access

conf t no access-list 100 access-list 100 permit ip host 69.55.233.196 any access-list 100 permit ip host 99.150.247.226 any access-list 100 permit ip host 10.1.2.1 any access-list 100 permit ip host 64.163.14.54 any access-list 100 deny tcp any any eq www access-list 100 deny tcp any any eq telnet int vlan 300 ip access-group 100 in ip access-group 100 out

end


  1. enable ssh

conf t ip domain-name johncompanies.com crypto key generate rsa 1024 end

  1. time

conf t clock timezone PDT -7 clock summer-time PDT recurring 2 Sunday March 2:00 1 Sunday November 2:00 ntp server 10.1.2.1 service timestamps log datetime localtime show-timezone end

  1. setup SNMP

conf t access-list 20 remark Permit SNMP access-list 20 permit 10.1.2.1 access-list 20 deny any log no snmp-server community private RW no snmp-server community public RO snmp-server community jc292401 RO 20 end

wr mem

Configure 2924 (i2b) Last updated 2010-11-05

  1. reset

write erase reload

  1. enter basic setup
  1. setup vlans

conf t 

interface VLAN1
no ip address
no ip directed-broadcast
no ip route-cache
shutdown

int vlan300 ip address 10.1.2.58 255.255.255.0 ip default-gateway 10.1.2.1 int vlan300 no shutdown end

  1. setup mgmt ports

conf t 

int fa0/24
switchport access vlan 300
description ats-8 - priv
spanning-tree portfast

end

  1. setup trunk port

conf t interface FastEthernet0/1 

description Uplink to p20
duplex full
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,300,1002-1005
switchport mode trunk
no spanning-tree portfast

end

  1. setup ports

conf t interface FastEthernet0/2 

spanning-tree portfast
no desc

! interface FastEthernet0/3 

spanning-tree portfast
no desc

! interface FastEthernet0/4 

spanning-tree portfast
no desc

! interface FastEthernet0/5 

spanning-tree portfast
no desc

! interface FastEthernet0/6 

spanning-tree portfast
no desc

! interface FastEthernet0/7 

spanning-tree portfast
no desc

! interface FastEthernet0/8 

spanning-tree portfast
no desc

! interface FastEthernet0/9 

spanning-tree portfast
no desc

! interface FastEthernet0/10 

spanning-tree portfast
no desc

! interface FastEthernet0/11 

spanning-tree portfast
no desc

! interface FastEthernet0/12 

spanning-tree portfast
no desc

! interface FastEthernet0/13 

spanning-tree portfast
no desc

! interface FastEthernet0/14 

spanning-tree portfast
no desc

! interface FastEthernet0/15 

spanning-tree portfast
no desc

! interface FastEthernet0/16 

spanning-tree portfast
no desc

! interface FastEthernet0/17 

spanning-tree portfast
no desc

! interface FastEthernet0/18 

spanning-tree portfast
no desc

! interface FastEthernet0/19 

spanning-tree portfast
no desc

! interface FastEthernet0/20 

spanning-tree portfast
no desc

! interface FastEthernet0/21 

spanning-tree portfast
no desc

! interface FastEthernet0/22 

spanning-tree portfast
no desc

! interface FastEthernet0/23 

spanning-tree portfast
no desc

end

  1. config terminal. setup timeout, priv level

conf t line con 0 exec-timeout 10 line vty 0 15 exec-timeout 10 privilege level 0 end

  1. setup web user

conf t service password-encryption username web privilege 15 password xxxxxxxx end

  1. enable http passwd checking, disable http,

conf t ip http authentication local

  1. no ip http server (only http avail on 2950)

end

  1. lock down ssh/web/telnet access

conf t access-list 100 permit ip host 69.55.233.196 any access-list 100 permit ip host 99.150.247.226 any access-list 100 permit ip host 10.1.2.1 any access-list 100 permit ip host 64.163.14.54 any access-list 100 deny tcp any any eq www access-list 100 deny tcp any any eq telnet int vlan 300 ip access-group 100 in ip access-group 100 out

end


  1. time

conf t clock summer-time PDT recurring 2 Sunday March 2:00 1 Sunday November 2:00 clock timezone PST -8 ntp server 10.1.2.1 service timestamps log datetime localtime show-timezone end

conf t access-list 20 remark Permit SNMP access-list 20 permit 10.1.2.1 access-list 20 deny any log no snmp-server community private RW no snmp-server community public RO snmp-server community jc292401 RO 20 end

wr mem

Configure 2924 (castle) Last updated 2011-01-26

  1. reset

write erase reload

  1. enter basic setup "setup"
  1. setup vlans

conf t 

interface VLAN1
no ip address
no ip directed-broadcast
no ip route-cache
shutdown

int vlan300 ip address 10.1.4.164 255.255.255.0 ip default-gateway 10.1.4.1 int vlan300 no shutdown end

  1. setup trunk port

conf t interface FastEthernet0/1 

description Uplink to p1a
duplex full
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50,300,1002-1005
switchport mode trunk
no spanning-tree portfast

end

conf t interface FastEthernet0/2 

description Uplink to p1b
duplex full
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50,300,1002-1005
switchport mode trunk
no spanning-tree portfast

end

  1. setup ports

conf t interface FastEthernet0/3 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/4 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/5 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/6 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/7 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/8 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/9 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/10 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/11 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/12 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/13 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/14 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/15 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/16 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/17 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/18 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/19 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/20 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/21 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/22 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/23 

switchport access vlan 50
spanning-tree portfast
no desc

! interface FastEthernet0/24 

switchport access vlan 50
spanning-tree portfast
no desc

end

  1. config terminal. setup timeout, priv level

conf t line con 0 exec-timeout 10 line vty 0 15 exec-timeout 10 privilege level 0 end

  1. setup web user

conf t service password-encryption username web privilege 15 password xxxxxxxx end

  1. enable http passwd checking, disable http,

conf t ip http authentication local

  1. no ip http server (only http avail on 2950)

end

  1. lock down ssh/web/telnet access

conf t access-list 1 permit 10.1.4.5 end


  1. time

conf t clock summer-time PDT recurring 2 Sunday March 2:00 1 Sunday November 2:00 clock timezone PST -8 ntp server 10.1.4.1 service timestamps log datetime localtime show-timezone end

conf t no snmp-server community private RW no snmp-server community public RO snmp-server community jc292401 RO 1 end

wr mem

Configure a 2924 trunk Last updated 2010-08-05

conf t interface FastEthernet0/1 

description Uplink to p1a
duplex full
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50,300,1002-1005
no spanning-tree portfast

interface FastEthernet0/2 

description Uplink to p1b
duplex full
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50,300,1002-1005
switchport mode trunk
no spanning-tree portfast

Writing commands for IOS missing "int range" Last updated: 2010-06-04

  1. f=1; while [ $f -le 24 ]; do echo "int fa0/$f"; echo "switchport access vlan 300"; f=`expr $f + 1`; done

int fa0/1 switchport access vlan 300 int fa0/2 switchport access vlan 300 int fa0/3 switchport access vlan 300 int fa0/4 switchport access vlan 300 int fa0/5 switchport access vlan 300 int fa0/6 switchport access vlan 300 int fa0/7 switchport access vlan 300 int fa0/8 switchport access vlan 300 int fa0/9 switchport access vlan 300 int fa0/10 switchport access vlan 300 int fa0/11 switchport access vlan 300 int fa0/12 switchport access vlan 300 int fa0/13 switchport access vlan 300 int fa0/14 switchport access vlan 300 int fa0/15 switchport access vlan 300 int fa0/16 switchport access vlan 300 int fa0/17 switchport access vlan 300 int fa0/18 switchport access vlan 300 int fa0/19 switchport access vlan 300 int fa0/20 switchport access vlan 300 int fa0/21 switchport access vlan 300 int fa0/22 switchport access vlan 300 int fa0/23 switchport access vlan 300 int fa0/24 switchport access vlan 300 int gi0/1 switchport access vlan 300 int gi0/2 switchport access vlan 300

Reset secret pass Last updated: 2010-08-05

conf t service password-encryption enable secret PASS

  1. f=1; while [ $f -le 24 ]; do echo "int fa0/$f"; echo "switchport access vlan 300"; f=`expr $f + 1`; done

int fa0/1

Retrieved from "https://wiki.jcihosting.com/index.php?title=Switch_Control&oldid=577"