How to Reset Cisco Catalyst 3560 Back to Factory Defaults

September 29, 2015 / Christopher Paquin / 4 Comments

Need to reset your Cisco Catalyst 3560 back to the factory default settings? Have you forgotten your password? Well you have come to the right place.

Note that I am assuming that you have already established a console connection to the switch using a Cisco serial cable (rollover cable).

Here are the details of my 3560G in case you were wondering…

s3560#show ver
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 21-Jul-11 01:44 by prod_rel_team

First you need to power down the switch. Once the switch is powered off, hold down the mode button, and power the switch on. The switch will boot up and you should see the switch prompt as shown below.

Now type flash_init. Your output should be similar to what you see below

switch: flash_init
Initializing Flash…
flashfs[0]: 547 files, 19 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 15487488
flashfs[0]: Bytes available: 17026560
flashfs[0]: flashfs fsck took 11 seconds.
…done Initializing Flash.

Check out the contents of flash and locate config.text and vlan.dat (if it exists).

switch: dir flash:
Directory of flash:/

2 -rwx 564       <date>               vlan.dat
3 -rwx 1914      <date>               private-config.text
5 drwx 192       <date>               c2960-lanbasek9-mz.122-58.SE2
6 -rwx 3096      <date>               multiple-fs
7 -rwx 2289      <date>               config.text

Now delete the vlan.dat and config.text.

switch: del flash:config.text
Are you sure you want to delete “flash:config.text” (y/n)?y
File “flash:config.text” deleted

switch: del flash:vlan.dat
Are you sure you want to delete “flash:vlan.dat” (y/n)?y
File “flash:vlan.dat” deleted

Note that you can also just rename the config.text and vlan.dat if you are not certain that you want to delete them.

switch: rename flash:config.text flash:config.old

Now type boot, to reboot the switch. Once the switch is rebooted you will see the System Configuration Dialog, and will have the opportunity “to enter the initial configuration dialog”.

Disk I/O Monitoring on the Asus RT-AC66U Router

December 21, 2014January 10, 2015 / Christopher Paquin / 1 Comment

The Asus RT-AC66U, like many home routers that are on the market today, allow you to connect a USB drive to one of its onboard USB ports and share this disk out to your network. Via the RT-ACC66U, you can share your NAS disk via CIFS or NFS. My configuration has a 1TB unmirrored drive used for temporary scratch storage, and as a network landing area for files that I want to backup.

Note that this is my 4th article on hacking the RT-AC66U. You can check out my other articles below if you are interested.

As you must already know, the Asus RT-AC66U runs Busybox, which is a very small but powerful embedded Linux distro. Because of this there are a lot of familiar commands available via the CLI. However, don’t get to comfortable, as this is still a very foreign land.

Note that this article assumes that you have ssh or telnet working and can log into your RT-AC66U via the CLI.

As I have stated before, you can use the ipgk command to search for and install packages. In the example below I searched for iostat, but found dstat instead. Either one was fine for my purposes…. at least initially.

admin@RT-AC66U:/tmp/home/root# ipkg list | grep iostat
dstat – 0.7.0-1 – dstat is a versatile replacement for vmstat, iostat, netstat, nfsstat, and ifstat

Now that I know what to install, I need to install it.

admin@RT-AC66U:/tmp/home/root# ipkg install dstat
Installing dstat (0.7.0-1) to /opt/…
Downloading http://ipkg.nslu2-linux.org/feeds/optware/oleg/cross/stable/dstat_0.7.0-1_mipsel.ipk
Configuring dstat
Successfully terminated.

Now that dstat is installed lets run it. The switches “rad” enable i/o stats and enable disk stats. The “-D” option allows us to specify a disk by name.

admin@RT-AC66U:/tmp/home/root# dstat -rad -D sda

The command above output what you see below.

As I mentioned above, dstat is most definitely, a very useful command. However, so far I have not been able to figure out how to get it to display the percentage utilized for a drive, which is rather easy to do with iostat.

How to Add a Static Route on the ASUS RT-AC66U

November 30, 2014November 30, 2014 / Christopher Paquin / 26 Comments

Based on the popularity of my previous ASUS RT-AC66U post regarding SNMP, I have decided to put together a simple post on how to configure static routing on the home router known as the Dark Knight.

In my humble abode, the RT-AC66U is the core of my home network, providing DHCP and Wireless to a plethora of devices. However, I am also running a small home lab which I need to be able to access from my home desktop. Hence the need for static routes.

Specifically, my home lab hosts the following networks; 10.1.0.0/24, 10.2.0.0/24, 10.3.0.0/24. The IP address of my ASUS RT-AC66U is the default one of 192.168.0.1. My desktop is on the 192.168.0.0/24 network.

In order for me to access my lab from my desktop (and from the rest of my home network), I need to tell my ASUS how to route traffic destined for my 10. networks.

In order to accomplish this, we first need to navigate to LAN on the left pane, and then selecting the Route tab.

As shown in the screenshot above, we first need to select the “YES” radio button to “Enable Static Routes”. Next we enter a network ip (or static ip — if that’s what we are up to) into the “Network/Host IP “field. Then we enter our netmask into the field that is not surprisingly labeled “Netmask”. In my case my netmask is 255.255.255.0.

Now we move on to the field labeled “Gateway”. Here we need to enter what the next network hop for that a packet that is needs to route to our lab network. In my environment, this is 192.168.0.11, which is another router.

Then select “LAN” from the drop down as all our traffic will route to the internal LAN only, and not out to the internet or WAN. Now click the plus sign to add your new route.

Now when a packet destined for one of my lab networks outlined above hits my ASUS router, it will be forwarded to 192.168.0.11, which is my lab router.

Note that you can also add static routes via the busybox command line, however I am not going to go into that today. Its simple enough to add them in the WebUI.

Install and Configure SNMP on the Asus RT-AC66U Router

November 13, 2013July 6, 2016 / Christopher Paquin

Ok first off let me start by saying that this is probably the coolest piece of home computing hardware that I have ever laid my hands on. Yes the setup was easy, and yes the thing is rock solid, and yes wireless range is awesome. But for approx $200 USD you really should not expect anything less. I’m not going to go into its specs or features, as I’ll leave that to the professionals. Read up on it here.

Anyway out of the box it supported telnet, but I wanted ssh, so I dropped the default firmware and went with Asuswrt-Merlin. It was at this point I started to explore the Busybox OS and decided I wanted to monitor the device via my HomeLab Zenoss install.

However, much to my chagrin net-snmp was not installed out of the box.

So how do you install it you ask? Would you believe via a package manager?

First, you need to find the package name

#ipkg list | grep snmp

Then install the snmp package

#ipkg install net-snmp

Then configure it to start at boot time.

#app_set_enabled.sh net-snmp yes

In order to configure it, you are going to have to search for the snmp.conf

#find / -name snmpd.conf

I found two files and one of them clearly states that you should not edit it directly. The other one does not so this is the one that I modified to include my custom rocommunity. See below.

rocommunity lab

Now I just need to figure out how to allow port 161 udp/tcp on my local LAN segment and I am in business. However, I will probably tackle that tomorrow.

Additional Info (2016)

Note, you can restart snmp as shown below.

Stopping:

admin@RT-AC66U:/tmp/home/root# app_stop.sh net-snmp
killall: dm2_transmission-daemon: no process killed
killall: asus_lighttpd: no process killed
killall: dm2_snarfmaster: no process killed
killall: dm2_nzbget: no process killed
killall: dm2_amuled: no process killed
iptables: No chain/target/match by that name
iptables: Bad rule (does a matching rule exist in that chain?)

Starting:

admin@RT-AC66U:/tmp/home/root# app_set_enabled.sh net-snmp yes
The field(Enabled) was set “yes” already.
Restarting the package…

2016 Update – Configuring SNMP via the WebUI

Figured that I would add an update to this post as it seems that there are plenty of folks who are looking to setup SNMP on their Asus routers. Note that SNMP can now be configured directly from the WebUI.

In the left pane, click on “Advanced Setting”. Then click on the “SNMP” tab. See example below. Note that the webui does not seem to pick up your configuration if you have configured it via the cli. I have not tested to see if the WebUI overwrites the CLI configuration or if it creates another configuration file.

Additional Resources

Fatmin: How to Add a Static Route on the Asus RT-AC66U

Fatmin: Install and Configure SNMP on the Asus RT-AC66U

HomeLab: Simple DHCP Service Configuration on a Cisco Router

October 15, 2013December 1, 2014 / Christopher Paquin / Leave a comment

Sometimes when I learn something new in the world of technology, I am often amazed that something that I assumed was technically advanced is rather quite simple.

Such is the case with configuring DHCP on a Cisco Router. I mean, is it just me or do network guys sometimes act as if everything that they do is takes elite technical skills and tons of experience. Don’t get me wrong, I know that networking is not exactly easy. But can we just agree to admit that once in a while some things are easier done than said. Anyway, for me this was the case with configuring a DHCP pool on a Cisco Router.

In this instance I was working on getting a new virtual machine up and running on my ESXi host. This particular appliance needed to boot via dhcp so you could access its web interface. So I jumped on my 2621xm and created the pool.

First we enable the dhcp service

r-2621-1(config)#service dhcp

Then we create a pool

r-2621-1(config)#ip dhcp pool LabPool
r-2621-1(dhcp-config)#network 10.2.0.1 255.255.255.0

Next we set a few bits and bobbles so that clients can route.

r-2621-1(dhcp-config)#dns-server 10.2.0.71
r-2621-1(dhcp-config)#default-router 10.2.0.1
r-2621-1(dhcp-config)#domain-name localdomain

In this case I wanted to exclude a bunch of ips from the range

r-2621-1(dhcp-config)#ip dhcp excluded-address 10.2.0.1 10.2.0.100

Now save your config with copy run start.

The command below shows me all my dhcp clients

r-2621-1#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
10.2.0.101 0050.569a.7dbe Oct 16 2013 11:21 PM Automatic

This handy command shows me information pertaining to my pool

r-2621-1#show ip dhcp pool

Pool LabPool :
Utilization mark (high/low)    : 100 / 0
Subnet size (first/next)       : 0 / 0
Total addresses                : 254
Leased addresses               : 1
Pending event                  : none
1 subnet is currently in the pool :
Current index        IP address range                    Leased addresses
10.2.0.102           10.2.0.1         – 10.2.0.254        1
r-2621-1#show ip dhcp conflict

HomeLab: Simple Cisco EIGRP Setup

Cisco DHCP Client Lease Time

HomeLab: Simple SSH Setup on a Cisco Router

HomeLab: Cisco 2621 Router Password Recovery/Factory Reset

Configuring InterVLAN Routing on a Layer 3 Switch and providing DHCP to multiple subnets Part 1

HomeLab: Simple Cisco EIGRP Setup

September 29, 2013November 28, 2014 / Christopher Paquin / Leave a comment

EIGRP (Enhanced Interior Gateway Routing Protocol), is a Cisco proprietary routing protocol (until recently). When a router runs EIGRP, it keeps a copy of its neighbors routing table. If I router cannot find a route it its, or its neighbor's routing table, it will query its neighbors who in turn query their neighbors.

Exactly how routing protocols work is serious business, but dont worry we are not going to go into that here. Below is the process that I used to setup EIGRP on a Cisco 2811.

Before we do anything, lets get into Configuration mode (conf t).

r-2811-1#conf t

Your first step is going to be to enable IP Routing on your device. But before you do so, make sure that you have configured a Gateway of Last Restort. I did not and had to hook up the old console cable.

The IP of this router is 10.1.0.2, and its directly connected to 10.1.0.1, which is its last resort first hop, so lets configure that .

r-2811-1(config)#ip route 0.0.0.0 0.0.0.0 10.1.0.1

Ok so now lets enable IP Routing

r-2811-1(config)#ip routing

Now lets start EIGRP and chose an AS number. Note that I used 10 on the other three routers in my setup so thats what we are going to use here.

r-2811-1(config)#router eigrp 10

Now we need to tell the router what networks are connected to it (or in this case, will be connected to it). This is the information that the router will share with its neighbors.

r-2811-1(config-router)#network 10.3.0.0

In this instance my ourside interface is on 10.1.0.0/16, and its inside interface will serve up 10.3.0.0./16.

Dont forget to save your work

r-2811-1#copy run start

HomeLab: Simple SSH Setup on a Cisco Router

HomeLab: Cisco 2621 Router Password Recovery/Factory Reset

Hour 40: OSPF the new advanced link-state protocol

Route Redistribution: Protocol Rules + EIGRP Redistribution

Eigrp

Hour 31: IGP Review EIGRP

HomeLab: Basic Syslog Configuration on Cisco Catalyst Devices

September 2, 2013November 28, 2014 / Christopher Paquin / Leave a comment

In my homelab setup I am dumping syslog on all my devices to my Linux desktop. Have not figure out what I am going to do with it yet, but I see myself either setting up Splunk or Greylog in the near future. Note, a while back I wrote a post on how to configure rsyslog on RHEL 6 – s0 if you are interested you can find that post here.

So lets get down to brass tacks and configure some freaking syslog.

In this instance we are configuring syslog redirection on a Cisco 3548xl switch. Note we are in configure terminal mode.

First we must tell our device to insert timestamps on

s-3550-1(config)#service timestamps log datetime

Now we tell the device where to send the syslog messages

s-3550-1(config)#logging 192.168.0.195

Now we tell the device which log levels to send to the syslog server. In this instance I am sending warning level messages and above. This is pretty verbose, but its a home lab so I am not worried about a slew of log messages pounding my syslog server.

s-3550-1(config)#logging trap warning

For reference I am including the logging levels below.

Emergency: 0

Alert: 1

Critical: 2

Error: 3

Warning: 4

Notice: 5

Informational: 6

Debug: 7

Now lets review what we have done with the show logging command

s-3550-1#show logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
    Console logging: level debugging, 13 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 13 messages logged
    File logging: disabled
    Trap logging: level warnings, 13 message lines logged
        Logging to 192.168.0.195, 0 message lines logged

Note that this procedure is exactly the same on my Cisco 2621 switch.