Syed Jahanzaib Personal Blog to Share Knowledge !

November 8, 2016

Cisco Switch Howto Factory Default / Password Recovery


Following is a quick method to reset Cisco switch to factory default settings. This method can also be used to recover password.

Requirements:

  • Cisco Switch
  • Console Cable
  • PC/Laptop with Serial Port

Method#1 – Reset Everything – Factory Default

  • Connect your console cable from the switch Console port to PC/Laptop serial Port.
  • Open the HyperTerminal application, and select settings as per your hardware. Following is one sample for my desktop. Different switches connect with different Bits per Second setting . Try to lower it to 9600 for some models.

hyperterminal.PNG

  • Power Off the switch / Now hold the MODE button on the switch and power ON the switch.

sw-power.jpg

  • Once the switch initialize itself (may take 1-2 minutes), This will interrupt the boot process before the Flash file system can initialize, and after a short while (continue holding the “mode” button) you will see the following prompt:

sw-1

Once you see the

The password-recovery mechanism is enabled.

you can release the Mode button.

  • Now issue following commands to initialize flash and delete files which contains the switch configuration

flash_init
del flash:config.text
del flash:vlan.dat

Once its done, you may continue booting the switch which will allow you to do any configuration of your choice.

 

boot

 

This will boot the switch and all of old / previous settings will be cleared.

If it asks
Would you like to enter the initial configuration dialog? [yes/no]:

Type no and continue with below ..

To add ip use following

en
config t
interface vlan 1
ip address 101.11.100.1 255.0.0.0
ip default-gateway 101.11.100.255
exit
exit
wr

sw-2.PNG

Connect ethernet cable to the switch port and see the ping result.

ping.PNG

 

Now you will be able to connect with the switch using IP.

Cisco configuration assistant software is the best GUI tool to configure the switch with ease and it will save you from remembering all the commands. Although command is more powerful in most cases but still GUI is feasible for most beginners.

cisco-network-gui

You can download Cisco Network Assistant it from my google drive.

https://drive.google.com/drive/folders/0B8B_P2ljEc2xQlpvRUQ2QWVfR0E


 

TIPS:


Add ENABLE section Password

en
config t
enable secret zaib1234
exit
wr

Reboot Switch

wr mem
reload


Vlan1 is administratively down, line protocol is down

en
config t
interface vlan 1
no shut


Enable TELNET access

config
line vty 0 15
transport input telnet
password zaibtelnetpass
login
exit
exit
wr


Enable SSH access

*** Set hostname and domain-name
config t
hostname cisco-switch
ip domain-name zaib.com

*** Generate the RSA Keys
crypto key generate rsa
“How many bits in the modulus [512]: 1024”

*** Set Up the Line VTY configurations
transport input ssh
login local
password zaib1234
exit

*** Set the console line
line console 0
logging synchronous
login local

*** Create the username password
config t
username zaib password zaib1234
enable secret zaib1234
service password-encryption


Method#2 – Password Recovery Only:
(While Keeping existing running configuration intact)

  • Connect Hyperterminal with the switch using console cable. [as mentioned in the beginning of this guide]
  • Power ON the switch while pressing mode button, one you see the “The password-recovery mechanism is enabled.”

More example for switch models:

sw-1

Now issue following commands one by one …

flash_init
dir flash:
rename flash:config.text flash:config.old
(The config.text file contains the password)

Now continue the boot process by following command

boot

Enter n at the prompt to abort the initial configuration dialog.

Now rename the config.old file to config.text so that we can get our existing settings restored , and still let us change the password


rename flash:config.old flash:config.text
Press enter when ask for destination file name

Now save the config in running-config so that switch must load all the settings on next boot

copy flash:config.text system:running-config
Press enter when ask for destination file name

Changing Password …

*** Overwrite the existing secret/password

conf t
enable secret zaib1234
enabled password zaib1234

*** Overwrite the existing vty password

line vty 0 15
password zaib1234

*** Overwrite the existing console password

line con 0
password zaib1234
exit
exit
wr mem
DONE !

Regard’s
Syed Jahanzaib

 

 

 

June 1, 2016

Cisco Switch / Shot notes

Filed under: Cisco Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 10:22 AM

stml


 

3750

Disclaimer: This post is for my personal reference purpose only. It’s not aimed for professionals.


1# Howto to reset Cisco 3750 Switch to Factory Default

To reset the switch:

  1. Press and hold the Mode button.
  2. The switch LEDs will begin blinking after about 3 seconds. Continue holding down the Mode button.
  3. The LEDs stop blinking after 7 more seconds, and then the switch will reboot.
    (So you have to hold the MODE button for about 10-12 seconds max.)
  4. Once the reboot done, The switch will now behaves like an unconfigured switch. You can enter the switch IP information by using Express Setup.

EXPRESS SETUP:

Once the switch is reset to factory default, we have to configure an ip address / password.
For this purpose we should remove all ethernet cables from the switch and make sure nothing is connected with it.

  1. During Express Setup, the switch acts as a DHCP server.
  2. Make sure that nothing is connected to the switch.
  3. Power On the Switch. Wait for the switch to complete POST, which can take several minutes.
  4. When the SYST LED remains green. Press and hold the Mode button for 3 seconds. When all of the LEDs left of the Mode button turn green, release the Mode button.NOTE:  If the LEDs left of the Mode button begin to blink after you press the button, release it. Blinking LEDs mean that the switch has already been configured and cannot go into Express Setup mode. RUN THE RESET PROCESS FROM BEGINNING AGAIN.
  5. Verify that the switch is in Express Setup mode by confirming that all LEDs left of the Mode button are green.
  6. Connect your laptop / desktop ethernet cable directly to the switch
  7. It may take 1 minute to stable. The PC will take IP from switch DHCP automatically.

 

The Switch Default IP is

10.0.0.1

Start a web browser on your PC. Enter the IP address http://10.0.0.1 in the web browser, and press Enter !

 

sw1

>

sw2

Now you can browse base config which provides minimal options, or better to configure it using Cisco Network Assistant Software which is very enhance GUI application to manage the beast 🙂


2# Reset the Cisco 3750 Forgotten Password

To be continued …

 


 

Regard’s
Syed Jahanzaib

December 14, 2015

Manage Cisco Ports from PHP/VBS/BASH or incoming SMS using kannel/playSMS


linux


 

NOTE:
I am documenting this port just for references purposes. not for everyone. it do requires
some really good knowledge of bash scripting and cisco. These scripts were designed
for very specific network with very targeted requirements. It may not run in your 
network as its really customized and made exclusively for that particular 
network to facilitate terminal and SMS base execution. I will add few sections later
like php and playSMS/kannel.
Regard's
Syed Jahanzaib / 14-DEC-2015 / 1030 hours

 

Scenario:

Two Cisco 3750-E switches are installed in local area. SSH/TELNET access is enabled.
SNMP is also enabled with profile name ‘public‘.

Requirements:

Sometimes any port gets auto shut dueto flooding or manually by admin for management purposes.  It is required that admin can disable or enable any port by using BASH script. Later it should be integrated with SMS using existing KANNEL gateway via playSMS app. so that admin can send an sms to his KANNEL gateway with the parameters and then system can act upon it as directed. in ubuntu, ‘EXPECT’ package is also installed which will be required in executing helper scripts so take a note of it.

SCRIPTS:

It requires 3 scripts.

master.sh
It will act as launcher which will check for 3 variables validity.It will also check the switch availability via ping, it will check for port status before doing any action and will act accordingly.

ciscoup.sh     [helper script for master]
It will SSH to cisco switch and execute shut/noshut command to turn the PORT UP.

ciscodown.sh     [helper script for master]
It will SSH to cisco switch and execute shut command to turn the PORT DOWN.

 

SCRIPT Example

./master.sh switch_number port_number ACTION_required

./master.sh SW1 24 DOWN
./master.sh SW1 24 UP


master.sh

#!/bin/bash
# Script to manage CISCO 3750/xxxx model switch via bash script.
# It can print all errors related to script, it can perform given Action like UP/DOWN for any given port on require switch.
# Comes handy like you can integrate it with PHP  or any frontend.
# I made it for specific network where OP wanted to UP/DOWN the PORT via sending SMS to linux base system, and it will perform
# action as directed.
# Syed Jahanzaib
# aacable at hotmail dot com
# https://aacable.wordpress.com
# Created = 11-DEC-2015
# Last Mofidied = 11-DEC-2015

# Enable set -x to enable SCRIPT DEBUG mode.
#set -x

# Setting various Variables

# SWITCH IP Address VALUE
# Check VAR1 and match value with valid data
if [ "$1" != "SW1" ] && [ "$1" != "SW2" ];
then
echo "Switch Value must be SW1 or SW2
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# SWITCH IP ADDRESSES. CHANGE IT AS REQUIRED / ZAIB
SW1IP="192.168.0.1"
SW2IP="192.168.0.2"

###########################################
# MAKE SURE YOU CHANGE THIS OID AS REQUIRED. SOME SWITCHES LIKE MB/GB MAY HAVE DIFFERNT OID IN UR NETWORK.
PORTOID="1.3.6.1.2.1.2.2.1.8.101"
# To get Port description, friendly text for port
PORTDESC="1.3.6.1.2.1.31.1.1.1.18.101"

# SWITCH IP variable
# Check VAR1 and match value with valid data
if [ "$1" = "SW1" ] ; then
SWITCH="$SW1IP"
fi

if [ "$1" == "SW2" ] ; then
SWITCH="$SW2IP"
fi

# SWITCH Variable
# Check VAR1 and match value with valid data
PORT="$2"
if [[ "$PORT" =~ ^[0-9]+$ ]] && [[ "$PORT" -le 48 ]] ; then
echo
else
echo "PORT value not correct. It must be in numeric format like 01 upto max 48 etc
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# ACTION Variable
# Check VAR1 and match value with valid data
ACTION="$3"

if [ "$ACTION" != "UP" ] && [ "$ACTION" != "DOWN" ];
then
echo "Action Value not correct, it must be either UP or DONW
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# Check PING status of switch.
# Check if Mikrotik is accessibel or not, if not then EXIT immediately with error / zaib
if [[ $(ping -q -c 2 $SWITCH) == @(*100% packet loss*) ]]; then
echo "ALERT ..... $SWITCH is DOWN. cannot process further. check connectivity."
exit
else
echo "$SWITCH is accessible OK."
fi

# Port Description infor to get more accurate idea about port info
DESCR=`snmpwalk -v1 -c public $SWITCH $PORTDESC$PORT | sed -e 's/\"//' | sed -e 's/\"//' | awk '{print $4,$5,$6,$7,$8,$9}'`

# Print Data gaterhed
echo -e "Command Data Received.
SWITCH = $1 = $SWITCH
PORT = $PORT
PORT DESCR = $DESCR
REQUIRED ACTION = $ACTION"

# Query Present / Current PORT Status
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ]; then
PRESULT="UP"
echo -e "PORT Current Status = $PRESULT"
else
PRESULT="DOWN"
echo -e "PORT Current Status = $PRESULT"
fi

# Match condition. If Action required is UP and port is already UP, then NO ACTION, just exit.
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ] && [ "$ACTION" == 'UP' ];
then
echo "Port $PORT is already UP. No action is required. Exiting ..."
fi

# Match condition. If Action required is UP and port is DOWN , then run UP script.
if [ "$RESULT" == "2" ] && [ "$ACTION" == 'UP' ];
then
echo -e "PORT $PORT $PRESULT. doing UP Action..."
/temp/ciscoup.sh  $SWITCH $PORT $ACTION
#> /dev/null 2>&1
fi

# Match condition. If Action required is DOWN and port is also DOWN , then NO ACTION, Just EXIT.
if [ "$RESULT" == "2" ] && [ "$ACTION" == 'DOWN' ];
then
echo "PORT $PORT is already DOWN, no action required. Exiting ..."
fi


# Match condition. If Action required is DOWN and port is UP , then eyb UP script.
if [ "$RESULT" == "1" ] && [ "$ACTION" == 'DOWN' ];
then
echo "Doing DOWN Action..."
/temp/ciscodown.sh $SWITCH $PORT $ACTION
#> /dev/null 2>&1
fi

# PRINT Final Status (after the above actions are done, so we can have idea whats the final result)
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ]; then
echo
echo "FINAL RESULT = UP
~~~~~~~~~~~~~~~~~"

else
echo
echo "FINAL RESULT = DOWN
~~~~~~~~~~~~~~~~~"
fi

# SCRIPT END.
# EXIT
# JZ

ciscodown.sh [make sure you change username and password to match your switch credentials]

#!/usr/bin/expect -f
set timeout 20
set IPaddress [lindex $argv 0]
set Username "zaib"
set Password "zaib"
set PORT [lindex $argv 1]

spawn ssh -o "StrictHostKeyChecking no" $Username@$IPaddress

expect "*assword: "
send "$Password\r"

expect ">"

send "enable\r"
expect "*assword: "
send "$Password\r"


send "conf term\r"


send "interface gigabitEthernet 1/0/$PORT\r"
expect "#"

send "shut\r"
expect "#"

send "exit\r"
expect "#"
send "exit\r"

send "wr\r"
send "exit\r"

# Exit Script
exit

ciscoup.sh [make sure you change username and password to match your switch credentials]

#!/usr/bin/expect -f
set timeout 20
set IPaddress [lindex $argv 0]
set Username "zaib"
set Password "zaib"
set PORT [lindex $argv 1]

spawn ssh -o "StrictHostKeyChecking no" $Username@$IPaddress

expect "*assword: "
send "$Password\r"

expect ">"

send "enable\r"
expect "*assword: "
send "$Password\r"


send "conf term\r"


send "interface gigabitEthernet 1/0/$PORT\r"
expect "#"

send "shut\r"
expect "#"

send "no shut\r"
expect "#"

send "exit\r"
expect "#"
send "exit\r"

expect ">"
send "wr\r"
send "exit\r"

# Exit Script
exit

RESULTS SCREENSHOT

down-switch

 

.

UP

DONE!

T.C


 

WINDOWS VBS TO EXECUTE PORT COMMAND, EXMAPLE ONLY

create file on your windows desktop or in any folder

cisco.vbs

paste the following contents in it.


set  WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "cmd"
WScript.Sleep 300
WshShell.AppActivate "C:\Windows\system32\cmd.exe"
WScript.Sleep 300
WshShell.SendKeys "telnet 192.168.0.1{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "enable"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "configure terminal"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "interface gigabitEthernet 1/0/24"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "shut"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "wr"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

Adjust the key stroke as required. some switches access requires user name and password both, and some requires only password. SO YOU MUST SET THE CONTENTS ACCORDINGLY. best is to open command prompt and run script in cmd so that you can see the errors.  DON’T INTERRUPT after RUNNING THE FILE.

Screenshot.

vbs


 

 

Regard’s
Syed Jahanzaib

June 2, 2015

Mikrotik with Cisco VLAN made easy

Filed under: Cisco Related, Mikrotik Related — Tags: , , , , — Syed Jahanzaib / Pinochio~:) @ 3:16 PM

kick1


vlan
~!~ Mikrotik with Cisco VLAN made easy ~!~
 ~!~ For Beginners ~!~

Virtual LANs (VLANs) are a solution to allow you to separate users into individual network segments for security and other reasons. VLAN membership can be configured through software instead of physically relocating devices or connections. VLANs allow you to break up devices on your network regardless of their location.

The main advantage of VLAN are

  • Broadcast Control
  • Security / Client Isolation
  • DMZ
  • Controlled Network Management
  • Costing

It is very useful for any network including large/small offices, ISP’s, Cable.Internet services providers etc. The main problem of any large network is broadcast and specially for network operators when any single user swap his wan router LAN cable to wan cable thus broadcast his router DHCP to operator network, or single user effected with virus/trojans broadcast to whole network. VLAN can help you in many situations like these or others.


 

TASK:

To avoid broadcasting/flooding and above all for better better management +security and monitoring, we want to break the network in smaller segments.

Scenario:

Consider the following scenario

We have Mikrotik Router which is acting as a DHCP and PPPoE Server as well. and we want to isolate the different network areas by breaking them in smaller segments. Each area will get different IP series from the mikrotik dhcp server.

In this example following ports are used for

  • Mikrotik = Port 1 [as TRUNK port]
  • Dealer-1 = Port 2
  • Dealer-2 = Port 3
  • Dealer-3 = Port 4

Hardware Used in this Guide:

  1. Mikrotik RB2011
  2. Cisco 3750-E Series
  3. Two Laptops for testing

As showed in the image below …

2015-06-02 15.16.32


 

MIKROTIK CONFIG

# Create VLAN Interfaces and provide them name and VLAN#ID
/interface vlan
add interface=LAN l2mtu=1594 name=DEALER-1 vlan-id=10
add interface=LAN l2mtu=1594 name=DEALER-2 vlan-id=20
add interface=LAN l2mtu=1594 name=DEALER-3 vlan-id=30

# Assign IP addresses to the interfaces
/ip address
add address=192.168.1.1/24 interface=LAN network=192.168.1.0
add address=192.168.10.1/24 interface=DEALER-1 network=192.168.10.0
add address=192.168.20.1/24 interface=DEALER-2 network=192.168.20.0
add address=192.168.30.1/24 interface=DEALER-3 network=192.168.30.0

# Create DHCP Server and assign different Pools for the dealers
# You can DHCP wizard as well if CLI is a bit hectic
/ip dhcp-server
add address-pool=DEALER-1-POOL disabled=no interface=DEALER-1 lease-time=6h name=dhcp1
add address-pool=DEALER-2-POOL disabled=no interface=DEALER-2 lease-time=6h name=dhcp2
add address-pool=DEALER-3-POOL disabled=no interface=DEALER-3 lease-time=6h name=dhcp3

/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1

Some screenshots for the reference purpose …

mt

 

Done. Now we have to create VLANs at CISCO Switch…



CISCO VLAN CONFIGURATION

I assume that you have Cisco switch with any IP address for the management purposes.

Telnet to the switch

telnet 192.168.0.1

# Enter your Cisco switch password
User Access Verification
Password: xxxxxx

# Switch to change mode
enable
Password: xxxxxxxxx

# Enter in Config mode
config t

# Select Port number which will be connected with the Mikrotik and change encapsulation method

interface gigabitEthernet 1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk

switchport trunk allowed vlan all
switchport nonegotiate

#Create VLAN id and name for dealers/areas
vlan 10
name DEALER-1
vlan 20
name DEALER-2
vlan 30
name DEALER-3
exit

# Now Select Dealer1 interface , like port 2 and assign it with the vlan id

interface gigabitEthernet 1/0/2
# OR RANGE like interface range gigabitEthernet 1/0/1-4 (Port Range 1 to 4)
switchport mode access
switchport access vlan 10

interface gigabitEthernet 1/0/3
switchport mode access
switchport access vlan 20

interface gigabitEthernet 1/0/4
switchport mode access
switchport access vlan 30

exit
exit

# SAVE the configuration you just made above
wr

Some screenshots for reference…

1

 

3-vlan ports

 

2-VLAN

Done!

 


TEST!

Now connect your PC with the port 2 and port3 , 4

You will get different IP in each port.
As showed in the image below from mikrotik dhcp server’s

dhcp-dealers

 

Test From Dealer-1 System

dealer-1

Dealer-1 have receive 192.168.10.x series ip, exactly the one we configured in mikrotik.

Now try to ping any dealer-2 series and to the internet as well. You will see that you will be able to ping the internet and mikrotik LAN ip, but not with dealer-2 subnet or likewise.

ping result

NOTE: For the client isolation / to block communication between all VLAN’s , you must create FILTER rule as explained in TIP’s n TRICK section below …


TIP’S n TRICKS

 

1- Block communication between all or specific VLAN Subnet

It is usually required to block all communication between specific or all VLAN subnets for security or other reasons. By default mikrotik will allow communications between all vlan. You can block them by creating FILTER rules. Example is we want that users of all vlans can access internet via WAN interface but should not be able to communicate with any other VLAN subnet. use following as an example

Note: there are many other ways to achieve this either at switch level or mikrotik, i am showing just an example only here.


/ip firewall filter
add chain=forward comment="Accept traffic from VLAN subnets to WAN" out-interface=WAN

add action=reject chain=forward comment="Block Communication between all vlan subnets" reject-with=icmp-net-prohibited src-address=\
192.168.0.1-192.168.255.255

# Masquerade rule to allow internet , wan link interface
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN


 

Snapshots of Working VLAN config with pppoe server

live-vlan-pppoe-server-config

 


 

Pending work:

– Add pppoe or hotspot configuration
– Firewall configuration for isolation in pppoe/hotpost
– Few more tips n tricks with VLAN

 

Regard’s
Syed Jahanzaib

August 20, 2013

Monitor Switch Ports Up/Down Status via Mikrotik Dude – Short Notes

Filed under: Cisco Related, Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 12:51 PM

3750

final


.

Another Live Example of port monitoring with sms/email/voice alert system in DUDE.

dude

In my network, I have few Cisco switches at various departments connected via FIBER optics. Recently we were having issue of network connectivity in between various switches and devices. I already have a very good setup of Mikrotik base DUDE monitoring system, but it shows only the SWITCH availability status on the screen, I wanted to have a good visual for switch ports too.

I found few ways to accomplish this task using DUDE functions, scripts, etc, but found following method is very simple to start with . It also sends me email when any port goes Down or not in use.

Make sure your switch support SNMP , and SNMP agent is enabled at your SWITCH as well as at your DUDE to match the same. For simplicity you can use PUBLIC as a default community string in the switch. Also In this example I have used CISCO 3750 (in dual stack mode) and add only few ports just for example.

First add your switch in the map so that it can appear in the map as look like below.

As showed in the image below . . .

cisc-map

 


 

 

Adding PROBE for port monitoring

Now to add PORTS monitoring, Open Dude,
Goto PROBES and click on + sign to add new probe.
Use the following data.

Name = PORT 9
Type = SNMP
SNMP Profile = Your SNMP Profile
Oid = iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOperStatus.10109
Oid Type = integer
Comapre method = ==equal
Integer Value = 1

As showed in the image below . . .

adding-probe-in-probes

Note: Change the OID number to match the port number on your switch , for example I am monitoring port number9 which value is 10109 . You can use SNMPWALK via DUDE to check the OID’s for different ports of your switch.

Now click OK to save

.

.

Adding Switch PORT separately using IP and PROBE

Its time to add PORTs in your map so they can appear separately as showed in the title image

Go back to your MAP,
Right click and ADD new device,
Type your switch IP address, and click on Next,
Now DO NOT  click on Discover , simply click on + sign
In PROBE, Select the PORT 9 probe you created earlier
and click on Apply/OK

As showed in the image below . . .

port9

Click on Finish.

.

.

Now you will see something like below . . .

port-down-status

As you can see the port number 9 is down , so the status is shown correctly.

.

.

Now you can repeat the same procedure to add as much ports you like to monitor.

Something like below image . . .

something

.

.

.

Adding LINKS to monitor port usage

You can also add LINKS to show the port usage 🙂

As showed in the example below . . .

add link

 

 

linkx-snmp

.

.

.

After adding ports / snmp links, and other enhancements , you can see something like below image . .

.

final.

.

.

I will add more methods to monitor the ports. For more info , please read more at following links

http://forum.mikrotik.com/viewtopic.php?f=8&t=46928

http://forum.mikrotik.com/viewtopic.php?t=46419


Updated: 20th October 2015

Howto check Cisco 3750 Port Status via SNMP using BASH to format the output.

</p>
<p style="text-align: left;">PORT1Q=`snmpwalk -Oqv -v1 -c COMMUNITY_NAME IP_ADDRESS 1.3.6.1.2.1.2.2.1.8.10101`
if [ "$PORT1Q" = "1" ]; then
PORT1S="UP"
echo "$PORT1S"
else
PORT1S="DOWN"
echo "$PORT1S"
fi</p>
<p style="text-align: left;">

Regard’s
Syed Jahanzaib

July 1, 2013

Cisco ASA 5510 Backup to TFTP Server using ASDM

Filed under: Cisco Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 11:18 AM

☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺☺

This is a small howto on backup your CISCO ASA 5510 config via ASDM & TFTP running on your windows pc.

First download WINAGENTS TFTP Server application

(Its a small utility) and can be installed on any version of windows you are running. Installation is traditionally simple by clicking on Next button.

1- Install WINAGENTS TFTP SERVER
2- Start TFTP Server
3- Login to ASA using ASDM tool
4- Goto File > Save running configuration to TFTP Server
5- Type TFTP Server IP Address (where the tftp software is installed. and in Configuration File Path, Type the File name and click on SAVE CONFIGURATION.

The configuration will save in few seconds. The default path of file saved is
C:\ProgramData\WinAgents\TFTP Server 4\TFTPRoot

 

► As showed in the images below . . .

 

tftp-server-page1

 

tftp-server-page2

tftp-server-page3

 

tftp-server-page5

 

tftp-server-page4
☺♂
Regard’s
Syed Jahanzaib

December 7, 2012

Cisco 3750: Howto enable err-disabled ports

Filed under: Cisco Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 2:09 PM

Personnel Reference Guide:

3750

Errdisable is a feature that automatically disables a port on a Cisco Catalyst switch and is supported on most Catalyst switches running the Cisco IOS software.

The Errdisable error disable feature was designed to inform the administrator when there is a port problem or error.  The reasons a catalyst switch can go into Errdisable mode and shutdown a port are many and include:

  • Duplex Mismatch
  • Loopback Error
  • Link Flapping (up/down)
  • Port Security Violation
  • Broadcast Storms

When a port is in error-disabled state, it is effectively shut down and no traffic is sent or received on that port. The port LED is set to the orange color and, when you issue the show interfaces command, the port status shows as Errdisabled.

To enable err-disabled ports on Cisco 3750 switch series. Follow the below . . .

First make telnet connection with the switch

telnet 10.0.0.1

(change the ip as required,)
Enter Password to continue.

To view Disabled Ports:

show interfaces status err-disabled

e.g:

NOC_SWITCH>show int status err-disabled

Port      Name               Status                    Reason               Err-disabled Vlans
Gi2/0/10                     err-disabled         link-flap

NOC_SWITCH>

To Enable Port:

enable
config t
int G2/0/10
no switchport port-security  (< You probably dont need this line, its just to disable pot security feature, I used it to perform various tests)
shut
no shut
exit

Change the interface name to match your. In above example I had two 3750-e models in stack mode. so its showing G2, you may get G1 if you have single switch.

TIP:
Link flap means that the specific port continuously goes up and down. The port is put into the errdisabled state if it flaps more than four-five times in few seconds. The common cause of link flap is a Layer 1 issue such as a bad cable, duplex mismatch.

For more detailed and brief descriptions, please visit

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-switches/883-cisco-switches-errdisable-autorecovery.html

Regard’s
Syed Jahanzaib

Blog at WordPress.com.