switch

How to Reset Cisco Catalyst 3560 Back to Factory Defaults

/ Christopher Paquin / 4 Comments


3560-2

Need to reset your Cisco Catalyst 3560 back to the factory default settings? Have you forgotten your password? Well you have come to the right place.

Note that I am assuming that you have already established a console connection to the switch using a Cisco serial cable (rollover cable).

Here are the details of my 3560G in case you were wondering…

s3560#show ver
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 21-Jul-11 01:44 by prod_rel_team

First you need to power down the switch. Once the switch is powered off, hold down the mode button, and power the switch on. The switch will boot up and you should see the switch prompt as shown below.

Connect-1

Now type flash_init. Your output should be similar to what you see below

switch: flash_init
Initializing Flash…
flashfs[0]: 547 files, 19 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 15487488
flashfs[0]: Bytes available: 17026560
flashfs[0]: flashfs fsck took 11 seconds.
…done Initializing Flash.

Check out the contents of flash and locate config.text and vlan.dat (if it exists).

switch: dir flash:
Directory of flash:/

2  -rwx  564       <date>               vlan.dat
3  -rwx  1914      <date>               private-config.text
5  drwx  192       <date>               c2960-lanbasek9-mz.122-58.SE2
6  -rwx  3096      <date>               multiple-fs
7  -rwx  2289      <date>               config.text

Now delete the vlan.dat and config.text.

switch: del flash:config.text
Are you sure you want to delete “flash:config.text” (y/n)?y
File “flash:config.text” deleted

switch: del flash:vlan.dat
Are you sure you want to delete “flash:vlan.dat” (y/n)?y
File “flash:vlan.dat” deleted

Note that you can also just rename the config.text and vlan.dat if you are not certain that you want to delete them.

switch: rename flash:config.text flash:config.old

Now type boot, to reboot the switch. Once the switch is rebooted you will see the System Configuration Dialog, and will have the opportunity “to enter the initial configuration dialog”.

HomeLab: Simple DHCP Service Configuration on a Cisco Router

/ Christopher Paquin / Leave a comment

Cartoon-golfer-009Sometimes when I learn something new in the world of technology, I am often amazed that something that I assumed was technically advanced is rather quite simple.

Such is the case with configuring DHCP on a Cisco Router. I mean, is it just me or do network guys sometimes act as if everything that they do is takes elite technical skills and tons of experience. Don’t get me wrong, I know that networking is not exactly easy. But can we just agree to admit that once in a while some things are easier done than said. Anyway, for me this was the case with configuring a DHCP pool on a Cisco Router.

In this instance I was working on getting a new virtual machine up and running on my ESXi host. This particular appliance needed to boot via dhcp so you could access its web interface. So I jumped on my 2621xm and created the pool.

First we enable the dhcp service

r-2621-1(config)#service dhcp

Then we create a pool

r-2621-1(config)#ip dhcp pool LabPool
r-2621-1(dhcp-config)#network 10.2.0.1 255.255.255.0

Next we set a few bits and bobbles so that clients can route.

r-2621-1(dhcp-config)#dns-server 10.2.0.71
r-2621-1(dhcp-config)#default-router 10.2.0.1
r-2621-1(dhcp-config)#domain-name localdomain

In this case I wanted to exclude a bunch of ips from the range

r-2621-1(dhcp-config)#ip dhcp excluded-address 10.2.0.1 10.2.0.100

Now save your config with copy run start.

The command below shows me all my dhcp clients

r-2621-1#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
Hardware address/
User name
10.2.0.101          0050.569a.7dbe          Oct 16 2013 11:21 PM    Automatic

This handy command shows me information pertaining to my pool

r-2621-1#show ip dhcp pool

Pool LabPool :
Utilization mark (high/low)    : 100 / 0
Subnet size (first/next)       : 0 / 0
Total addresses                : 254
Leased addresses               : 1
Pending event                  : none
1 subnet is currently in the pool :
Current index        IP address range                    Leased addresses
10.2.0.102           10.2.0.1         – 10.2.0.254        1
r-2621-1#show ip dhcp conflict

Related articles

HomeLab: Simple Cisco EIGRP Setup
Cisco DHCP Client Lease Time
HomeLab: Simple SSH Setup on a Cisco Router
HomeLab: Cisco 2621 Router Password Recovery/Factory Reset
Configuring InterVLAN Routing on a Layer 3 Switch and providing DHCP to multiple subnets Part 1

HomeLab: Configure a Range of Ports on a Cisco Switch

/ Christopher Paquin / Leave a comment

Kenmore-oven-stove-range-repairFirst off let me say that its really good practice to configure ports one by one, at least when you are starting out in the network world, as the repetition of typing the same thing over and over helps you to remember the proper commands. Hell this is one of the reasons that I blog the stuff that I do… I'm trying to make sure that I do not forget what I just learned.

Anyway, this is a quick and dirty one that I cannot remember to save my life.  In this instance I wanted to configure a few ports on a 2950 that I plan to use to replace my 2960, as my 2960 is destined for bigger and better things given its layer 3 capabilities.

Note the spaces between the first port in the range, the dash, and the last port in the range.

s-2950-1.localdomain(config)#interface range fastEthernet 0/9 – 16
s-2950-1.loc(config-if-range)#description vlan 1 ports
s-2950-1.loc(config-if-range)#switchport mode access
s-2950-1.loc(config-if-range)#switchport access vlan 1
s-2950-1.loc(config-if-range)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc… to this
 interface  when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION

%Portfast will be configured in 8 interfaces due to the range command
 but will only have effect when the interfaces are in a non-trunking mode.

s-2950-1.loc(config-if-range)#spanning-tree bpduguard enable
s-2950-1.loc(config-if-range)#end
s-2950-1.localdomain#copy run start

 

Related articles

HomeLab: Simple SSH Setup on a Cisco Router
HomeLab: Cisco 2621 Router Password Recovery/Factory Reset
HomeLab: Cisco 3550 Switch Software Configuration Guide
MDH Lab – Securing STP

HomeLab: Basic Syslog Configuration on Cisco Catalyst Devices

/ Christopher Paquin / Leave a comment

FrontiervilleblueoxIn my homelab setup I am dumping syslog on all my devices to my Linux desktop. Have not figure out what I am going to do with it yet, but I see myself either setting up Splunk or Greylog in the near future. Note, a while back I wrote a post on how to configure rsyslog on RHEL 6 – s0 if you are interested you can find that post here.

So lets get down to brass tacks and configure some freaking syslog.

In this instance we are configuring syslog redirection on a Cisco 3548xl switch. Note we are in configure terminal mode.

First we must tell our device to insert timestamps on

s-3550-1(config)#service timestamps log datetime

Now we tell the device where to send the syslog messages

s-3550-1(config)#logging 192.168.0.195

Now we tell the device which log levels to send to the syslog server. In this instance I am sending warning level messages and above. This is pretty verbose, but its a home lab so I am not worried about a slew of log messages pounding my syslog server.

s-3550-1(config)#logging trap warning

For reference I am including the logging levels below.

Emergency: 0

Alert: 1

Critical: 2

Error: 3

Warning: 4

Notice: 5

Informational: 6

Debug: 7

Now lets review what we have done with the show logging command

s-3550-1#show logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
    Console logging: level debugging, 13 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 13 messages logged
    File logging: disabled
    Trap logging: level warnings, 13 message lines logged
        Logging to 192.168.0.195, 0 message lines logged

 

Note that this procedure is exactly the same on my Cisco 2621 switch.

 

Related articles

HomeLab: The Cisco 3560G
HomeLab: Simple SSH Setup on a Cisco Router
HomeLab: Cisco 3550 Switch Software Configuration Guide
Using Good Old Syslog When Troubleshooting (by Tony Fortunato)
HomeLab: Configuring the NTP Client on a Cisco Catalyst Switches
[PATCH 1/9] syslog_ns: add syslog_namespace and put/get_syslog_ns

HomeLab: The Cisco 3560G

/ Christopher Paquin / Leave a comment

WS-C3560G-24TSThe Cisco Catalyst 3506G is a layer 3 switch which went end-of-life in 2009. For the home lab its a pretty nice switch to have due to its layer 3 support and gigabit speed. Mine is the model seen to the left, 24 gigabit ports and 4x1gb SFP uplinks.

 

The Cisco Catalyst 3560 is available with one of two software images:

  • IP Base software includes advanced quality of service (QoS),
    rate limiting, access control lists (ACLs), Open Shortest Path First
    (OSPF) for routed access, and IPv6 functionality.
  • IP Services software provides a broader set of
    enterprise-class features, including advanced hardware-based IP Unicast
    and IP Multicast routing, as well as policy-based routing (PBR).

Anyway, gathered here are a few manadatory resources for the Cisco Catalyst 3560G.

Related articles

Vlan Configuration between Cisco & sonicwall help
Cisco WS C3560X 24T L 3560X Catalyst Switch

XenServer Switch Ports Configuration Best Practices

/ Christopher Paquin / Leave a comment

Old_switch
Finally I have found it! Citrix's XenServer switch configuration best practices document.

While everyone in the world has blog posts and documentation regarding how to set up and configure bridged networks in Xen, they hardly ever go into the physical switch configuration required.

This is the document that you will need to pass along to your friendly Network Administrator, as they will more than likely not be familar with networking for Xen as its much different from networking for Vmware ESX.

http://support.citrix.com/article/CTX123158

The contents of the document above are outlined below.

Change the following options on the switches for XenServer ports:

  1. Enable PortFast on XenServer connected ports.
    PortFast allows a switch port running Spanning Tree Protocol (STP) to go directly from blocking to forwarding mode by skipping the learning and listening modes. PortFast should only be enabled on ports connected to a single host. Port must be an 802.1q trunk port if you are using VLANS and the port must be in access mode.
    Ports used for storage should have PortFast enabled.
    Note    : It is important that you enable PortFast with caution, and only on ports that do not connect to multi-homed devices such as hubs or switches.
  2. Disable Port Security on XenServer connected ports.
    Port security prevents multiple MAC addresses from being presented to the same port. In a virtual environment, you see multiple MAC addresses presented from Virtual Machines to the same port. If you have enabled Port Security, it shuts down the port.
  3. Disable Spanning Tree Protocol on XenServer connected ports.
    Spanning Tree Protocol must be disabled if you are using Bonded or teamed NICs in a virtual environment. Spanning Tree Protocol should be disabled because of the nature of Bonds and NIC teaming, to avoid failover delay issues when using bonding.
  4. Disable BPDU guard on XenServer connected ports.
    BPDU is a protection setting part of the STP that prevents you from attaching a network device to a switch port. When you attach a network device, the port shuts down and has to be enabled by an administrator.
    A PortFast port should never receive configuration BPDUs.
    Note    : When BPDUs are received by a PortFast port, it indicates another bridge is connected to the port, and it indicates that there is a possibility of a bridging loop formation during the Listening and Learning phases. In a valid PortFast configuration, configuration BPDUs should never be received, so Cisco switches support a feature called PortFast BPDU Guard, which is a feature that shuts down a PortFast-enabled port in the event a BPDU is received. This feature ensures that a bridging loop is not formed, because the switch's shutting down the port removes the possibility of a loop forming.