Syed Jahanzaib Personal Blog to Share Knowledge !

November 8, 2016

Personnel Short Notes for Cisco Switches/Routers


This post contains some personnel short notes on various configuration related to Cisco Switches/Routers. I wrote this post so that I can find my day to day usage commands from this centralized location.

Regard’s
Syed Jahanzaib

 


> Method#0 – Erase setting while you are have already access on the switch

write erase
delete flash:vlan.dat
reload

After this switch will reload its OS, and will come back with default switch settings. Recommended to use Serial console cable.


> Method#1 – Reset Everything – Factory Default

Following is a quick method to reset Cisco switch to factory default settings. This method can also be used to recover password.

Requirements:

  • Cisco Switch
  • Console Cable
  • PC/Laptop with Serial Port

 

  • Connect your console cable from the switch Console port to PC/Laptop serial Port.
  • Open the Hyper Terminal application, and select settings as per your hardware.Following is configuration for Cisco 3750 G Model.
    Bits per second: 115200
    Data bits: 8
    Parity: None
    Stop bits: 1
    Flow control: Xon / Xoff
  • Following is configuration for Cisco 3850 / 3560 G Model
    Bits per second: 9600
    Data bits: 8
    Parity: None
    Stop bits: 1
    Flow control: None
  • Different switches connect with different Bits per Second setting . For Cisco 2950 Model try to lower it at 9600.

hyperterminal.PNG

  • Power Off the switch / Now hold the MODE button on the switch and power ON the switch.

sw-power.jpg

  • Once the switch initialize itself (may take 1 minute for 3750, and for 2950 it generally requires 5-6 seconds to hold mode button. ), This will interrupt the boot process before the Flash file system can initialize, and after a short while (continue holding the “mode” button) you will see the following prompt:

sw-1

Once you see the

The password-recovery mechanism is enabled.

you can release the Mode button.

  • Press enter few times to make sure you get the prompt. Now issue following commands to initialize flash and delete files which contains the switch configuration

flash_init
del flash:config.text
del flash:vlan.dat

Th eoutput may look a like following

switch:

switch: del flash:config.text
Are you sure you want to delete "flash:config.text" (y/n)?y
File "flash:config.text" deleted

switch: del flash:vlan.dat
Are you sure you want to delete "flash:vlan.dat" (y/n)?y
File "flash:vlan.dat" not deleted -- no such file or directory

switch:

Once its done, you may continue booting the switch which will allow you to do any configuration of your choice.

boot

This will continue booting the & after a while it will ask you following

Would you like to enter the initial configuration dialog? [yes/no]:

Type no and continue with below ..


Adding IP to default Vlan 1 interface

To add ip use following

en
config t
hostname zaib-switch
interface vlan 1
ip address 101.11.100.1 255.0.0.0
ip default-gateway 101.11.100.255

# Following is important, as vlan1 may be in shut status after ip config, so enable it
no shut

# configure ENABLE password
enable secret zaib1234

# configure telnet access
line vty 0 15
transport input telnet
password zaibtelnetpass
login

# configure SSH access
ip domain-name zaib.com
# Generate the RSA Keys
crypto key generate rsa
# It will ask "How many bits in the modulus [512]: 1024", just press enter

# Set Up the Line VTY configurations
transport input ssh
login local
password zaib1234

*** Set the console line
line console 0
logging synchronous
login local

*** Create the username password
username zaib password zaib1234
enable secret zaib1234
service password-encryption

exit
exit
copy running-config startup-config
# When it will ask "Destination filename [startup-config]?" just press ENTER
wr

Connect ethernet cable to the switch port and see the ping result.

ping.PNG

Now you will be able to connect with the switch using IP.

Cisco configuration assistant software is the best GUI tool to configure the switch with ease and it will save you from remembering all the commands. Although command is more powerful in most cases but still GUI is feasible for most beginners.

cisco-network-gui

You can download Cisco Network Assistant and Hyper-Terminal it from my google drive.

https://drive.google.com/drive/folders/0B8B_P2ljEc2xQlpvRUQ2QWVfR0E


TIPS:


General Commands:

Show ALL Interfaces Status

at ENABLE section, use this command to get all ports status

show interfaces status


To show Ip addresses and interface status

show ip interface brief

To show vlan details (via enable mode)

show vlan

Add ENABLE section Password

en
config t
enable secret zaib1234
exit
wr


Reboot Switch

reload


Port is Down/Shutdown / Vlan1 is administratively down, line protocol is down

en
config t
interface vlan 1
no shut


Enable TELNET access

en
config t
line vty 0 15
transport input telnet
password zaibtelnetpass
login
exit
exit
wr


Enable SSH access

#Set hostname and domain-name
config t
hostname cisco-switch
ip domain-name zaib.com

# Generate the RSA Keys
crypto key generate rsa
# “How many bits in the modulus [512]: 1024″# Press Enter

*** Set Up the Line VTY configurations
line vty 0 4
transport input ssh
login local
password zaib1234

# Set the console line
line console 0
logging synchronous
login local

# Create the username password (within conf t)
username zaib password zaib1234
enable secret zaib1234
service password-encryption

exit
wr


Method#2 – Password Recovery Only:
(While Keeping existing running configuration intact)

  • Connect Hyperterminal with the switch using console cable. [as mentioned in the beginning of this guide]
  • Power ON the switch while pressing mode button, one you see the “The password-recovery mechanism is enabled.”

More example for switch models:

sw-1

Now issue following commands one by one …

flash_init
dir flash:
rename flash:config.text flash:config.old
(The config.text file contains the password)

Now continue the boot process by following command

boot

When you see the following dialogue

Would you like to enter the initial configuration dialog? [yes/no]:

Enter n to abort the initial configuration dialog.

Now rename the config.old file to config.text so that we can get our existing settings restored , and still let us change the password

rename flash:config.old flash:config.text
Press enter when ask for destination file name

Now save the config in running-config so that switch must load all the settings on next boot

copy flash:config.text system:running-config
Press enter when ask for destination file name

Changing Password …

*** Overwrite the existing secret/password

en
conf t
enable secret zaib1234
enable password zaib12345

### Overwrite the existing vty password
line vty 0 15
password zaib1234

### Overwrite the existing console password
line con 0
password zaib1234
exit
exit
copy running-config startup-config
wr
DONE !

Some short notes for Cisco related command [added on 19-OCT-2017]


#SAVE Configuration
copy running-config startup-config
wr
[in cisco 3850 i used > wr memory]

#Enable interface
no shutdown
show ip route

#Reset running configuration

write erase
delete flash:vlan.dat
reload
show vlan br
show ip int brie
#To configure port 24 as TRUNK

enable
configure terminal
interface GigabitEthernet 1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk

*** FIRST Create VLAN

en
conf t
vlan 1
name Default-Vlan
exit
vlan 2
name vlan2-users
exit
vlan 3
name vlan3-users
exit
interface vlan 1
ip address 192.168.254.1 255.255.255.0
interface vlan 2
ip address 192.168.2.1 255.255.255.0
interface vlan 3
ip address 192.168.3.1 255.255.255.0

(If range then use int range f0/1 - 15 )
interface GigabitEthernet 1/0/2
switchport mode access
switchport access vlan 2

interface GigabitEthernet 1/0/3
switchport mode access
switchport access vlan 3

#
en
conf t
show ip route
#OR#
show run | include ip route
ip route 0.0.0.0 0.0.0.0 192.168.254.2
# REMOVE IP ROUTE
en
conf t
no ip route 172.16.100.0 255.255.255.0 192.168.254.2
#---------------------------------------
#remove IP on interface
en
conf t
int vlan X
no ip address
OR
no ip address 192.x.x.x 255.255.255.0
#remove VLAN
en
conf t
no int vlan 24

Backup / Restore switch config from/to TFTP Server

Download any free TFTP Server like Solarwind TFTP , install it to your local Laptop/Desktop. Start it as showed below …

tftp

Make sure that switch and your TFTP can can communicate with each other.

Now from switch issue following command to backup to TFTP server.

copy running-config tftp

It will ask you to enter IP of TFTP server, enter the IP address where TFTP is running, example your Laptop/Desktop where you install the TFTP server.

tftp uploaded.JPG

Switch config file is uploaded successfully & can be viewed in c:\TFTP-Root folder.

To restore this config file to your switch, you can download it from the TFTP using following commands

copy tftp running-config

it will ask for TFTP server IP  & file name, enter details

Address or name of remote host []? 101.11.11.161
Source filename []? switch-confg
Destination filename [running-config]?
Accessing tftp://101.11.11.161/switch-confg...
Loading switch-confg from 101.11.11.161 (via Vlan1): !
[OK - 3946 bytes]

restore from tftp


Enable Logging to Remote SYS LOG server (liek syslog-ng)

login to switch terminal, and issue


logging 101.11.11.240
logging trap informaional

# to test log sending to log server
send log Hello World


Adding NTP client setting in Cisco Switch to synchronize time from external source

enable
configure terminal
ntp server 192.168.100.1
end
show ntp associations

CISCO 3850 Short Notes:

Our company acquired few 3850 series switches in March 2018. It comes with USB Console cable. First download the USB port driver from my google drive or Cisco portal.

https://drive.google.com/drive/folders/0B8B_P2ljEc2xcEdkd2ttV1ZmNFU

and then connect USB port in switch front USB cable. now using hyper terminal connect with it using

  • Bits per second: 9600
    Data bits: 8
    Parity: None
    Stop bits: 1
    Flow control: None

Once you get it you can use its first time setup to add all the config you required.

Enable HTTP authentication for Cisco Network Assistant & WEB GUI

I used following command to setup account so that I can login to Cisco web gui.

ip http authentication enable

Upgrade Firmware of Cisco 3850 24T-S (INSTALL MODE) by copying FW from TFTP to Switch Flash Directory

Read these first on BUNDLE vs INSTALL mode.

http://blog.qsolved.com/2014/02/what-are-methods-to-boot-and-run-ios-xe.html

http://wannabelab.blogspot.com/2015/09/cisco-catalyst-3650-ios-recovery-via-usb.html

Before Upgrading Firmware , I had following software version for new Cisco 3850 24T-S switch.

show version | b SW
-------------
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 2 32 WS-C3850-24T 16.3.5b CAT3K_CAA-UNIVERSALK9 INSTALL

 

Having tftp server and uploading the FW to tftp will give more leverage of doing various luxuries. download the switch upgraded iso and upload it to TFTP root folder.

Connect to switch by ssh/telnet or by console and issue following command

copy tftp: flash:

Address or name of remote host []? 192.168.0.1

Source file name []? cat3k_caa-universalk9.SPA.03.06.08.E.152-2.E8.bin

Destination file name []? cat3k_caa-universalk9.SPA.03.06.08.E.152-2.E8.bin

After some minutes the new IOS will be downloaded to flash dir.

# Switch to enable mode
en

#Issue command to upgrade to new firmware we just downloaded in above steps

request platform software package install switch all file flash:cat3k_caa-universalk9.SPA.03.06.08.E.152-2.E8.bin

# Switch will now start the upgrade processing ...--- Starting install local lock acquisition on switch 1 ---
Finished install local lock acquisition on switch 1Expanding image file: flash:cat3k_caa-universalk9.SPA.03.06.08.E.152-2.E8.bin
[1]: Expanding file
[1]: Finished expanding all-in-one software package in switch 1
SUCCESS: Finished expanding all-in-one software package.
[1]: Performing install
SUCCESS: install Finished
[1]: install package(s) on switch 1
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-guestshell.16.03.05b.SPA.pkg
Removed cat3k_caa-rpbase.16.03.05b.SPA.pkg
Removed cat3k_caa-rpcore.16.03.05b.SPA.pkg
Removed cat3k_caa-srdriver.16.03.05b.SPA.pkg
Removed cat3k_caa-wcm.16.03.05b.SPA.pkg
Removed cat3k_caa-webui.16.03.05b.SPA.pkg
New files list:
Added cat3k_caa-base.SPA.03.06.08E.pkg
Added cat3k_caa-drivers.SPA.03.06.08E.pkg
Added cat3k_caa-infra.SPA.03.06.08E.pkg
Added cat3k_caa-iosd-universalk9.SPA.152-2.E8.pkg
Added cat3k_caa-platform.SPA.03.06.08E.pkg
Added cat3k_caa-wcm.SPA.10.2.180.0.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[1]: Finished install successful on switch 1
Checking status of install on [1]
[1]: Finished install in switch 1
SUCCESS: Finished install: Success on [1]

Now issue reload command to restart/reload the new config.

reload
System configuration has been modified. Save? [yes/no]: yes

Continue to reboot.

After the upgrade I have now this.

Switch>show version | b SW
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 32 WS-C3850-24T 03.06.08E cat3k_caa-universalk9 INSTALLConfiguration register is 0x102
 

Enable SSH Timeout Value

#For 60 minutes timeout value for ssh session

en
conf t
line vty 0 4
# 1 Hour Time out value for ssh session
exec-timeout 60

Enable NTP Server in Cisco Switch

en
show clock
conf t

# If you are using EXTERNAL NTP server, then make sure you have defined default gateway and internet is accessible.

# ip default-gateway 101.11.11.36

#Add NTP Server
ntp server 92.223.73.5

#Enable NTP Logging if required
ntp logging

- Disable NTP Logging if required
no ntp logging


Show LOG’s time in local timezone format

en
conf t

# GMT timezone for +5
clock timezone PST +5

service timestamps log datetime localtime

Enable SNMP in Cisco Switch


en

conf t

snmp-server community public

exit

wr

 


Upgrade Cisco 3560 (WS-C3560G-24PS-S) Firmware

First download right firmware & upload it to some TFTP Server, then login to switch and issue following via ssh/telent … (it works quick, BUT this is risky method)

show boot
delete flash:c3560-ipbasek9-mz.122-55.SE11.bin
copy tftp://10.1.1.1/c3560-ipbasek9-mz.150-2.SE11.bin flash:c3560-ipbasek9-mz.150-2.SE11.bin
# CONFIRM & once its done copying , then issue reload command as below ...
reload

ERROR: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk Gi

After installing new cisco switches (3850) in data center , some of up-links ports to other switches were getting disabled and receiving below error.

ERROR: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk Gi

I had to make all uplink ports in TRUNK mode and problem solved.

Detail can be found here …

https://community.spiceworks.com/topic/2143496-cisco-3850-spantree-7-recv_1q_non_trunk-received-802-1q-bpdu-on-non-trunk-gi


Regard’s
Syed Jahanzaib

2 Comments »

  1. There is any way to recover the password without any configuration loses …?

    Like

    Comment by yssir — November 9, 2016 @ 3:07 AM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: