Cisco Catalyst: Configure a Trunk Port with a Native Vlan

October 26, 2018October 26, 2018 / Christopher Paquin / Leave a comment

data_sheet_c78-530976-1

This post will show you how to configure a trunk port with a native vlan. In this specific example I am configuring a range of ports, but the commands for an individual interface will be the same once you have entered the config for a particular port.

First enter configuration mode

s3560#conf terminal

Now we configure the range of ports. Here we are configuring the range of ports to be a trunk, using dot1q encapsulation. We are allowing vlans 96-99, and vlan 101. We are also setting vlan101 to be the native vlan (no vlan tagging required).

s3560(config)#interface range gigabitEthernet 0/13 – 24
s3560(config-if-range)#description generic trunk ports
s3560(config-if-range)#switchport trunk encapsulation dot1q
s3560(config-if-range)#switchport mode trunk
s3560(config-if-range)#switchport trunk native vlan 101
s3560(config-if-range)switchport trunk allowed vlan 96-99,101

Now we enable spanning-tree portfast and bpduguard

s3560(config-if-range)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc… to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%Portfast will be configured in 13 interfaces due to the range command
but will only have effect when the interfaces are in a non-trunking mode.

s3560(config-if-range)#spanning-tree bpduguard enable
s3560(config-if-range)#end

Save your config changes

s3560#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
0 bytes copied in 1.443 secs (0 bytes/sec)
s3560#

Cisco Catalyst: Reset/Clear Port Config

October 26, 2018 / Christopher Paquin / Leave a comment

Reset Port Config to Default for One Port

Use the command below to clear the configuration on a port.

s3560(config)#default interface gigabitEthernet 0/3
Interface GigabitEthernet0/3 set to default configuration

Use the command below to verify that the running config for the port has been reset to the default configuration.

s3560#show running-config interface gigabitEthernet0/3
Building configuration…

Current configuration : 36 bytes
!
interface GigabitEthernet0/3
end

Now write your changes to memory.

s3560#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
0 bytes copied in 1.427 secs (0 bytes/sec)

Reset Port Config to Default for a Range of Ports

Below we are going to clear/delete the config from a range of ports

s3560#conf terminal

s3560(config)#default interface range gigabitEthernet 0/13 – 24

Again, don’t forget to save your changes.

How to Reset Cisco Catalyst 3560 Back to Factory Defaults

September 29, 2015 / Christopher Paquin / 4 Comments

Need to reset your Cisco Catalyst 3560 back to the factory default settings? Have you forgotten your password? Well you have come to the right place.

Note that I am assuming that you have already established a console connection to the switch using a Cisco serial cable (rollover cable).

Here are the details of my 3560G in case you were wondering…

s3560#show ver
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 21-Jul-11 01:44 by prod_rel_team

First you need to power down the switch. Once the switch is powered off, hold down the mode button, and power the switch on. The switch will boot up and you should see the switch prompt as shown below.

Now type flash_init. Your output should be similar to what you see below

switch: flash_init
Initializing Flash…
flashfs[0]: 547 files, 19 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 15487488
flashfs[0]: Bytes available: 17026560
flashfs[0]: flashfs fsck took 11 seconds.
…done Initializing Flash.

Check out the contents of flash and locate config.text and vlan.dat (if it exists).

switch: dir flash:
Directory of flash:/

2 -rwx 564       <date>               vlan.dat
3 -rwx 1914      <date>               private-config.text
5 drwx 192       <date>               c2960-lanbasek9-mz.122-58.SE2
6 -rwx 3096      <date>               multiple-fs
7 -rwx 2289      <date>               config.text

Now delete the vlan.dat and config.text.

switch: del flash:config.text
Are you sure you want to delete “flash:config.text” (y/n)?y
File “flash:config.text” deleted

switch: del flash:vlan.dat
Are you sure you want to delete “flash:vlan.dat” (y/n)?y
File “flash:vlan.dat” deleted

Note that you can also just rename the config.text and vlan.dat if you are not certain that you want to delete them.

switch: rename flash:config.text flash:config.old

Now type boot, to reboot the switch. Once the switch is rebooted you will see the System Configuration Dialog, and will have the opportunity “to enter the initial configuration dialog”.

How to Create Non-Routable Isolated (but not Private) Vlans on a Cisco Catalyst Layer 3 Switch

April 2, 2015 / Christopher Paquin / 2 Comments

First off let’s start out by saying that Isolated VLANs and Private VLANs are two completely different things… they are not at all the same. To a network administrator, this should make perfect sense. However, a Server or Virtualization Administrator may or may not know the different. Because of this, I hear many non-network Administrators toss around the term “Private VLAN“, when they actually mean to say “Isolated Vlan“, or more specifically what they are referring to is a “Non-Routable” VLAN.

What’s confusing is that the networks that we plan to use over our newly commissioned Non-Routable VLANs can correctly be refereed to as Private networks. They are private because no traffic can get in our out without a direct lP link to this network. However the VLANs themselves are not private, just isolated, or non-routable.

I believe that you can see where the confusion comes from.

So allow me to provide a bit of context before we go any further.

In my specific case, I need to create what are commonly (however incorrectly) referred to as Private VLANs to act as a back-end network for an OpenStack deployment. I cannot tell you how often I have heard someone make this mistake. This new VLAN, or network, needs to remain isolated from the outside world, meaning that it does not need to be able to route to any other network, or out to the internet. Rather, this new VLAN needs to send isolated traffic back and forth between network nodes deployed as part of my OpenStack Deployment. What I am describing here is not a “Private VLAN”, it is a “Non-Routable”, or “Isolated VLAN”

So please let’s make sure that we are using the correct terms.

So here is how you do it.

In my case I want to create two isolated VLANS for isolated traffic between my OpenStack nodes. Note that I am using nested virtualization, so my OpenStack nodes are themselves VMs.

First lets create what I will refer to as NR-1 (non-routable-1). We will use the VLAN id 666 as its easy to remember.

s3560#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s3560(config)#vlan 666
s3560(config-vlan)#name NR-1
s3560(config-vlan)#end

Now lets create what I will refer to as NR-2. (non-routable-2)

s3560#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s3560(config)#vlan 667
s3560(config-vlan)#name NR-2
s3560(config-vlan)#end

How lets check out our vlans, starting with 666

s3560#show vlan id 666

VLAN Name Status Ports
—- ——————————– ——— ——————————-
666 NR-1 active

…trunc…

Now let’s take a look at 667

s3560#show vlan id 667

VLAN Name Status Ports
—- ——————————– ——— ——————————-
667 NR-2 active

…trunc…

Note, that if I wanted to make these VLANs routable, I would need to add a layer3 interface. We are obviously not going to do that here.

Now lets add these new VLANs to our existing virtualization server trunks. We are going to do this to a range of interfaces to save time. Note that I was already allowing VLANS 101-104 and 192 on these trunks.

s3560#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s3560(config)#interface range GigabitEthernet0/15 -18
s3560(config-if-range)#switchport trunk allowed vlan 101-104,192,666,667
s3560(config-if-range)#end

Now don’t forget to save our config.

s3560#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
0 bytes copied in 1.443 secs (0 bytes/sec)

Visio Network Stencils for Cisco Routers and Switches

December 8, 2014March 6, 2017 / Christopher Paquin / 1 Comment

27a8f-6a00e551c39e1c8834015439094705970c-pi

Looking for Cisco Visio Stencils — Access the entire Cisco Visio template library via the links below. I have tossed in a couple of extra links that should pretty much meet any of your Visio needs.

Since my last post on Cisco UCS Stencils seems to get a good deal of traffic each day, I figured I would toss another post out into the ether that pertained to Cisco and Visio Stencils:

Cisco: Visio Stencils

http://www.cisco.com/c/en/us/products/visio-stencil-listing.html

Cisco: Network Topology Icons:

http://www.cisco.com/web/about/ac50/ac47/2.html

Cisco: Visio Stencil How To Guide

http://www.cisco.com/c/en/us/products/microsoft-visio-stencils-faq.html

How to Reset Cisco Catalyst 3750 Back to Factory Defaults

December 2, 2014December 2, 2014 / Christopher Paquin / Leave a comment

Need to reset your Cisco Catalyst 3750 back to the factory default settings? Have you forgotten your password? Well you have come to the right place. Note that I am assuming that you have already established a console connection to the switch using a Cisco serial cable (rollover cable).

Now type flash_init. Your output should be similar to what you see below

switch: flash_init
Initializing Flash…
flashfs[0]: 547 files, 19 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 15487488
flashfs[0]: Bytes available: 17026560
flashfs[0]: flashfs fsck took 11 seconds.
…done Initializing Flash.

Check out the contents of flash and locate config.text and vlan.dat (if it exists).

switch: dir flash:
Directory of flash:/

2 -rwx 564       <date>               vlan.dat
3 -rwx 1914      <date>               private-config.text
5 drwx 192       <date>               c2960-lanbasek9-mz.122-58.SE2
6 -rwx 3096      <date>               multiple-fs
7 -rwx 2289      <date>               config.text

Now delete the vlan.dat and config.text.

switch: del flash:config.text
Are you sure you want to delete “flash:config.text” (y/n)?y
File “flash:config.text” deleted

switch: del flash:vlan.dat
Are you sure you want to delete “flash:vlan.dat” (y/n)?y
File “flash:vlan.dat” deleted

Note that you can also just rename the config.text and vlan.dat if you are not certain that you want to delete them.

switch: rename flash:config.text flash:config.old

Now type boot, to reboot the switch. Once the switch is rebooted you will see the System Configuration Dialog, and will have the opportunity “to enter the initial configuration dialog”.

Cisco: Principles of Application Centric Infrastructure

May 18, 2014November 28, 2014 / Christopher Paquin

Attending Cisco Live 2014 in San Francisco this week?

Well, get ready to hear a lot about ACI (Application Centric Infrastructure). It's almost here and its everywhere. And the acronyms, holy crap, get ready to get hit upside the head with of ton of those that you have never heard before. Cisco is only a close second to VMware when it comes to their love of acronyms.

Here are a couple of them that I have heard for the first time today.

APIC
VTEP
EPG

Anyway – here is Cisco's primer on ACI. Its a good read and might help you wrap your head around a few subjects before you head full bore into your sessions.