When you wake up from a dream and you want to write down every thought or random fleeting memory right away, but it evaporates in front of you too quickly. Here's my list: ARP vs DNS, default clock rate set? DTE/ DCE interface, cell switched? PVC, ATM, wiring solutions between midpoints, DSLAM, TCP headers, sequence numbers, HELLO, NAT, service password-encryption, WAN, T1.
I had enough time to do the exam, but it was one of those things where I wished I could go back and change the answer to a previous question. You can't do that on these exams.
About four questions in, on the first router simulation question I didn't realize that you had to click on the console computer graphic to launch the CLI of the router to access the running-config. I kept looking through all the windows for the console login, but I just didn`t clue in. Well duh, how else would you answer the questions. Anywayz I messed up that question probably worth 30 marks and made a guess on the int fa 0/1 address and the multi-part answers were all based on that first assumption which I probably got wrong.
I only practised subnetting questions in Class C, but in real time I had to do subnetting for Class B. Not a big deal because I think I got that part right but still a bit stressful under time pressure.
Another random fact - Routers breakup broadcast domains; each interface on the router is a separate network. Routers breakup collision domains too but a layer 2 switch can do that too.
WAN is an important topic. Frame relay is not supposed to be part of ICND1 but you still had to know enough about it to get some facts straight. I will need to clarify some aspects of Permanent Virtual Circuits.
Here's the breakdown of the modules tested and my score.
Describe the operation of data networks - 71%
* Implement a small switched network - 60%
Implement an IP addressing scheme and IP services to meet network requirements for a small branch office 80%
Implement a small routed network - 67%
* Explain and select the appropriate administrative tasks required for a WLAN - 0%
Identify security threats to a network and describe general methods to mitigate those threats - 100%
Implement and verify WAN links - 75%
So I end the exam with my score of 787 out of 1000. You need 804 to pass which means I missed it by a margin of 17. That makes me knowledgeable enough to be dangerous.
It is my own fault for not passing I`m sure, but I will still launch a complaint because I noticed a couple of peculiarities with my exam experience. I felt like I was doing question 9 and then I clicked the mouse one too many times and I was on question 13. So I probably missed a four part question. I was a bit perplexed, probably should`ve said something at the time but I was like whatever. I`m wondering if those are the WLAN questions I completely skipped over. I only remember doing two questions on that whole subject and they did not adequately cover the topic of Explain and select the appropriate administrative tasks required for a WLAN.
I have the Pearson Vue 1 800 number so I may lodge a complaint and try to ask Cisco for a rebate on the retake of the exam. But do I really want to do this again after 10 days. Do I really want to re certify in 3 years and do this again. Right now though, I just feel like I want to crawl under a rock and die, but I can`t help but pulling my books to... restudy! All the kids are napping so I have 2 hours!!!
I have the difficult task of explaining to my boss that I didn't pass the exam. Hopefully if I show him the report card with the marks broken down he can see that I passed the important stuff and even got a 100% on the network security portion (comforting). However I feel that I have temporarily lost my geek status so the blog will not be named Barbie Geek Tech Bytes for now...
Showing posts with label Cisco Troubleshoot. Show all posts
Showing posts with label Cisco Troubleshoot. Show all posts
Saturday, March 10, 2012
Friday, March 9, 2012
Confreg 2142 Password Recovery and Config Wipeout
HOW TO force into ROM MON mode:
Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
An alternate break sequence is to setup the Hyperterminal session on a wrong baud rate, say 1200. About 10 to 15 seconds after power up, keep pressing the space bar (for about 10 seconds till you feel silly doing that). Close the Hyperterminal and reconnect at the correct baud rate of 9600 and you should see the ROMMON prompt.
If the break sequence does not work, refer to Standard Break Key Sequence Combinations During Password Recovery for other key combinations.
You're in ROMMON and you're really messed up. You can't even do tftpdnld because you don't have a tftp server nor a proper IOS config file. It's bad!
I think I even tried the password recovery mode, which would erase the running config file and all that.
ROMMON 1> confreg 2142
ROMMON 2> reset
The router should boot up in the skeleton configuration with no startup or no running, factory defaults to build up from scratch.
Well that didnt' seem to work so I swapped flash cards with another unit (don't know why I had to do that) but I was desparate and it worked. Now what will happen to the unit with the wrong flash?? Whatever.
So the recovered unit is now in the state of - revert to password recovery mode. You will lose the original configuration. The router will have no login, enable password nor telnet
do show version
Most important remember to change the confreg to 0x2102 (otherwise it will go back to 2142)
reload
The factory default setting for the configuration register is 0x2102. This indicates that the router should attempt to load a Cisco IOS Software image from Flash memory and load the startup configuration with a console speed of 9600 baud. For most purposes, the factory default setting of the configuration register is the most appropriate. To change the configuration register to this setting, issue the configuration-register 0x2102 command, as shown:
Router(config)#config-register 0x2102
Monday, January 30, 2012
Cisco Troubleshoot: Password Recovery
If you have encountered the unfortunate tragedy of losing the password for your Cisco router, do the following steps in order. This post also sounds very similar to the other situation requiring the tftpnld command.
- Read the entire list of directions first.
- Boot the router but send a break signal using the Break key. In this mode halfway between heaven and hell, set the configuration register to 0x2142
- Reload the router
- The router comes up into the initial setup dialog. Hit Ctrl C, type enable
- Copy the startup config into the running config, copy start run (tricky!)
- Change the passwords and save the config file. The letters 'wr' is a legacy command that mean write configuration and is the same as copy run start.
- Reset the configuration register to the default value, which should be 0x2102
- Reload the router.
Cisco Router Configuration: Cheat Sheet for Router IOS Modes and CLI
Here are some basic commands so frequently used they're second nature and you'll only find them in your Study Notes for the CCNA Exam.
Cisco Command Line interface (CLI). I am most familiar with the CLI, however I was warned that with the newer exams it was important to be somewhat familiar with SDM.
Cisco SDM - Security Device Manager, web based management system to do router configuration. How do you know if SDM is already loaded on a router, show flash.
Several modes in the various stages of IOS
setup mode: when no valid configuration file is found in NVRAM
user mode: to view statistics and basic information. The prompt Router>
Privileged mode: type enable to view and modify the configuration. The prompt Router#
Global configuration mode: to make global changes; to access this mode from the privileged mode, type enable. The prompt Router(config)#
Interface configuration mode: to make changes to a specific interface, type conf t The prompt Router(config-if)#
The basic Cisco commands:
enable: puts you in Privileged mode
disable: takes you back to User mode
logout: completely exits the router
exit: exits the current configuration mode
conf t: shortcut for configure terminal, moves you to global configuration mode
int #: you're in the configuration mode of the specific interface by number, example int fast-ethernet 0/15
line console 0: a subcommand from global configuration mode, modifications to console access, passwords line vty 0 4: a subcommand, from global configuration mode, modifications to vty (telnet) access, passwords
line aux 0: a subcommand, from global configuration mode to modify auxilary (telnet) access, passwords
Ctrl Z, end: like logout, disable
The quick reference guide for more Cisco commands
router protocol: in global configuration mode, configure that protocol eg. router RIP
show running-config: in privileged mode, show the running configuration in RAM
show startup-config: in privileged mode, show the startup config in NVRAM
show compress
show post command when the system runs, in order to see if any port had failed a POST test
show controllers: view the hardware related info on the router/ switch interfaces. Does not show operational status of the switchport
show interface: shows detailed information regarding interfaces or specify the interface, eg. show int fa 0/15
more precisely, show interfaces fa 0/15 switchport
show history: shows the last ten commands
show version: displays hardware and software versions
show user: see who has telnet sessions to the router
clock set: clock set hh:mm:ss mmm yyyy
banner [motd | incoming | login | exec]: sets the Message of the Day banner. Incoming for users using reverse telnet, login on all terminals, exec banner used on line activation like vty.
clock rate rate: in interface configuration mode, setting the device as a DCE. The DCE end of cable must be connected and detected to use the command.
bandwidth rate: not for setting the bandwidth rate all, but used for routing protocols to choose the best path
hostname: in global configuration mode, sets the hostname of the system eg. Router1
username: Example username admin priv 15 password cisco username bob priv 7 password cisco
enable password: in global configuration mode, sets the enable password for the router
enable secret: in global configuration mode, sets the secret password. It's encrypted and overrides the enable password. Cannot be the same as the enable password or it's bad!
no ip domain-lookup: this is a handy command to include so that when you make a typo or incomplete command, the router won't assume you are trying to telnet to a hostname and try to resolve it
ip name-server name-of-DNS-server: the router will use this server for DNS
ip domin-name name: this will append the fully qualified domain name to the hostname
show ip route: will show the contents of the routing table
show ip interface: shows the IP information on interfaces (including access-lists)
encapsulation (hdlc | ppp | frame-relay): choose the encapsulation on serial interface
ppp encapsulation (pap| chap): set the password for ppp authentication
show frame-relay pvc: shows permanent virtual circuit information including the status
show frame-relay map: shows layer 3 (IP) to layer 3 (DLCI) mapping of PVC
Shortcut commands may pop up in the CCNA Exam Questions
Ctrl+ A: move cursor to beginning of line
Ctrl+ E: end
Ctrl+ Z: move back to the EXEC prompt in privileged mode
Tab: complete a partially entered command, autofill
Esc+ F: move forward one word
Esc+ B: move back one word
Ctrl+ F: move forward one character
Ctrl+ B: back
Ctrl+ D: delete a character
Backspace: delete a character
Ctrl+ U: delete everything on a line before the cursor
Ctrl+ W: delete a word
Ctrl+ P: recall the last line
Up and Down arrows: Recall previous older commands or recall more recent commands
Commands related to debug
Before running the debug command, turn on the synchronous logging first.
conf t
line con 0
logging synchronous
Use the debug command sparingly and be very specific for which item you are debugging. Never debug EVERYTHING (debug all) becuase the output buffer to the screen will fill up very quickly and you will be unable to stop it and the router will certainly crash. Privileged EXEC mode -
Add a timestamp to debug or log message
usage: service timestamps debug datetime msec
Display CPU usage
usage: show processes
Disable all debug commands
usage: undebug all (shortcut u all)
Display debug output to current vty session
usage: terminal monitor
Fancy stuff to be used only by a super geek:
conf t: configure from terminal (user input command line interface)
conf mem: merge startup configuration in NVRAM with the running config
conf network: merge startup config stored on a TFTP server with the running config
conf overwrite-network: overwrite the startup config stored in NVRAM with a configuration from the TFTP server
Cisco Command Line interface (CLI). I am most familiar with the CLI, however I was warned that with the newer exams it was important to be somewhat familiar with SDM.
Cisco SDM - Security Device Manager, web based management system to do router configuration. How do you know if SDM is already loaded on a router, show flash.
Several modes in the various stages of IOS
setup mode: when no valid configuration file is found in NVRAM
user mode: to view statistics and basic information. The prompt Router>
Privileged mode: type enable to view and modify the configuration. The prompt Router#
Global configuration mode: to make global changes; to access this mode from the privileged mode, type enable. The prompt Router(config)#
Interface configuration mode: to make changes to a specific interface, type conf t The prompt Router(config-if)#
If both the enable secret and the enable password commands are configured on your router, how do you get to the # prompt? | |
Enter the enable secret command. If you try to make the enable and enable secret password the same despite the warning messages, neither will work and then you have to do Password Recovery. This happened to me! |
The basic Cisco commands:
enable: puts you in Privileged mode
disable: takes you back to User mode
logout: completely exits the router
exit: exits the current configuration mode
conf t: shortcut for configure terminal, moves you to global configuration mode
int #: you're in the configuration mode of the specific interface by number, example int fast-ethernet 0/15
line console 0: a subcommand from global configuration mode, modifications to console access, passwords line vty 0 4: a subcommand, from global configuration mode, modifications to vty (telnet) access, passwords
line aux 0: a subcommand, from global configuration mode to modify auxilary (telnet) access, passwords
Ctrl Z, end: like logout, disable
The quick reference guide for more Cisco commands
router protocol: in global configuration mode, configure that protocol eg. router RIP
show running-config: in privileged mode, show the running configuration in RAM
show startup-config: in privileged mode, show the startup config in NVRAM
show compress
show post command when the system runs, in order to see if any port had failed a POST test
show controllers: view the hardware related info on the router/ switch interfaces. Does not show operational status of the switchport
show interface: shows detailed information regarding interfaces or specify the interface, eg. show int fa 0/15
more precisely, show interfaces fa 0/15 switchport
show history: shows the last ten commands
show version: displays hardware and software versions
show user: see who has telnet sessions to the router
clock set: clock set hh:mm:ss mmm yyyy
banner [motd | incoming | login | exec]: sets the Message of the Day banner. Incoming for users using reverse telnet, login on all terminals, exec banner used on line activation like vty.
clock rate rate: in interface configuration mode, setting the device as a DCE. The DCE end of cable must be connected and detected to use the command.
bandwidth rate: not for setting the bandwidth rate all, but used for routing protocols to choose the best path
hostname: in global configuration mode, sets the hostname of the system eg. Router1
username: Example username admin priv 15 password cisco username bob priv 7 password cisco
enable password: in global configuration mode, sets the enable password for the router
enable secret: in global configuration mode, sets the secret password. It's encrypted and overrides the enable password. Cannot be the same as the enable password or it's bad!
no ip domain-lookup: this is a handy command to include so that when you make a typo or incomplete command, the router won't assume you are trying to telnet to a hostname and try to resolve it
ip name-server name-of-DNS-server: the router will use this server for DNS
ip domin-name name: this will append the fully qualified domain name to the hostname
show ip route: will show the contents of the routing table
show ip interface: shows the IP information on interfaces (including access-lists)
encapsulation (hdlc | ppp | frame-relay): choose the encapsulation on serial interface
ppp encapsulation (pap| chap): set the password for ppp authentication
show frame-relay pvc: shows permanent virtual circuit information including the status
show frame-relay map: shows layer 3 (IP) to layer 3 (DLCI) mapping of PVC
Shortcut commands may pop up in the CCNA Exam Questions
Ctrl+ A: move cursor to beginning of line
Ctrl+ E: end
Ctrl+ Z: move back to the EXEC prompt in privileged mode
Tab: complete a partially entered command, autofill
Esc+ F: move forward one word
Esc+ B: move back one word
Ctrl+ F: move forward one character
Ctrl+ B: back
Ctrl+ D: delete a character
Backspace: delete a character
Ctrl+ U: delete everything on a line before the cursor
Ctrl+ W: delete a word
Ctrl+ P: recall the last line
Up and Down arrows: Recall previous older commands or recall more recent commands
Commands related to debug
Before running the debug command, turn on the synchronous logging first.
conf t
line con 0
logging synchronous
Use the debug command sparingly and be very specific for which item you are debugging. Never debug EVERYTHING (debug all) becuase the output buffer to the screen will fill up very quickly and you will be unable to stop it and the router will certainly crash. Privileged EXEC mode -
Add a timestamp to debug or log message
usage: service timestamps debug datetime msec
Display CPU usage
usage: show processes
Disable all debug commands
usage: undebug all (shortcut u all)
Display debug output to current vty session
usage: terminal monitor
Fancy stuff to be used only by a super geek:
conf t: configure from terminal (user input command line interface)
conf mem: merge startup configuration in NVRAM with the running config
conf network: merge startup config stored on a TFTP server with the running config
conf overwrite-network: overwrite the startup config stored in NVRAM with a configuration from the TFTP server
Thursday, January 26, 2012
HOW TO Download a Cisco IOS image using tftpdnld ROM mon Command
I used to think ROM mon mode was something bad and scary, like the blue screen of death! But actually you could interupt a regular startup sequence and jump into ROM mon mode on purpose, using Ctrl-break during a Hyper Terminal session. (or try Ctrl-c or escape). Anyway, I arrived in ROM mon during a simple Cisco IOS upgrade that went bad.
WHAT WENT WRONG
Hardware: the Cisco 2800 Series
Somewhere along with the way, during a routine copy tftp flash, there was an incomplete copy of the new Cisco IOS software, and I ended up in ROM mon mode. There was no valid image in the flash, so the router would never boot beyond ROM mon so I had to the tftp transfer by tftpdnld in ROM mon mode.
I found a very useful solution on the Cisco Support website, which I can reference and make some notes for myself:
Understanding tftpdnld
Use the "set" command to view the ROMmon environment variables.
See Cisco tftpdnld Document 12714 set the correct commands for the tftpdnld
Use TFTPDNLD for extreme disaster recovery only to recover the operating system image software via tftp.
rommon 3> set
Here is the sample settings
IP_ADDRESS: 10.10.10.1 (for your router)
IP_SUBNET_MASK:255.255.255.248
DEFAULT_GATEWAY:10.10.10.6
TFTP_SERVER:10.10.10.2 (the laptop acting as the tftp server)
TFTP_FILE: c2600-is-mz.113-2.0.3.Q
TFTP_CHECKSUM = 0 (If prompted, use this as a workaround for the bug).
rommon 9> sync
Use the "sync" command to save the ROMmon environment variables to NVAM
rommon 10> tftpdnld -r
Choose the -r option if you don't want to overwrite the flash, load to DRAM only and launch
-u means upgrade the rommon, system will reboot once upgrade is complete.
There is a question, WARNING: all existing data in all partitions on flash will be lost! Do you wish to continue, say no, but the file reception will still continue.
HOW TO Upgrade the Cisco IOS by TFTP
This is what should've happened... a regular run of the mill Cisco IOS Upgrade of course! The intent was to copy a Cisco IOS from a tftp server to flash.
#show running
#conf t
(conf)# int eth 0
(conf-int-eth0)# ip address x.x.x.x y.y.y.y
set the IP address to one on the same network as the TFTP Server
#show flash
view the name of the current flash image, and make a copy to a tftp server for safekeeping
#copy flash:flashimage tftp://ipaddress/flashimage
#delete flashimage
copy tftp://ipaddress/flashimage flash:flashimage
However the flash memory was too small, which is normally not a big deal but I further damaged the flash card by accidently re-formatting on Windows and not the Cisco proprietary format.
Anyway if there are too many Cisco IOS software images on the flash, you'll have to update the following in the configuration file.
conf t
no boot system flash oldflashimagename
boot system flash flashimage
exit
ROMMON IN CONFIGURATION REGISTER
Check the value of configuration register.
The first four bits of the configuration register indicate the boot field, which defines the source of the default Cisco IOS software image (normally the flash). If it is 0 as in the configuration register value of XXX0 then at startup the system enters the ROM monitor mode prompt.
(rommon)>
Use the "confreg " command to verify the value of the configuration register and where it will look for the
Cisco IOS software image on startup to boot from.
(rommon) 2 > confreg
0 = ROM Monitor
1 = the boot helper image
2-15 = boot system
Make your choice, say 2 and issue the command to router to reset, to take effect.
(rommon) 3> reset
Looking for the Valid Image in Flash
(rommon) 1 > dir flash
(rommon) 2 > boot flash:c2600-i-mz.122-10b.bin
copy run start
wr or reload (does the same thing)
Cisco Field Notice
Months after I needed to decommission this router and do something else with it so I erased the start-up config and issued the reload command. Remember this is a new 256 MB card (not the 64MB card it came with) It went into ROM MON again, I couldn't see the flash and the confreg was set to something wierd. I believe I should've just set the confreg 0x2102 the factory default but I just swapped cards with the other router a 128MB card and it seemed fine. I fragments of a 64 MB error. I'll have to resolve this tomorrow but here's the scoop: http://www.cisco.com/en/US/ts/fn/620/fn62127.html
WHAT WENT WRONG
Hardware: the Cisco 2800 Series
Somewhere along with the way, during a routine copy tftp flash, there was an incomplete copy of the new Cisco IOS software, and I ended up in ROM mon mode. There was no valid image in the flash, so the router would never boot beyond ROM mon so I had to the tftp transfer by tftpdnld in ROM mon mode.
I found a very useful solution on the Cisco Support website, which I can reference and make some notes for myself:
- HOW TO Download a Cisco IOS image using tftpdnld ROM mon Command Document ID:12714
- ROMmon Recovery for the Cisco 2600 Series Router and the VG200 Document ID:15079
Understanding tftpdnld
Use the "set" command to view the ROMmon environment variables.
See Cisco tftpdnld Document 12714 set the correct commands for the tftpdnld
Use TFTPDNLD for extreme disaster recovery only to recover the operating system image software via tftp.
rommon 3> set
Here is the sample settings
IP_ADDRESS: 10.10.10.1 (for your router)
IP_SUBNET_MASK:255.255.255.248
DEFAULT_GATEWAY:10.10.10.6
TFTP_SERVER:10.10.10.2 (the laptop acting as the tftp server)
TFTP_FILE: c2600-is-mz.113-2.0.3.Q
TFTP_CHECKSUM = 0 (If prompted, use this as a workaround for the bug).
rommon 9> sync
Use the "sync" command to save the ROMmon environment variables to NVAM
rommon 10> tftpdnld -r
Choose the -r option if you don't want to overwrite the flash, load to DRAM only and launch
-u means upgrade the rommon, system will reboot once upgrade is complete.
There is a question, WARNING: all existing data in all partitions on flash will be lost! Do you wish to continue, say no, but the file reception will still continue.
rommon 16> reload
Reload reboots the router and you should be back in business!HOW TO Upgrade the Cisco IOS by TFTP
This is what should've happened... a regular run of the mill Cisco IOS Upgrade of course! The intent was to copy a Cisco IOS from a tftp server to flash.
#show running
#conf t
(conf)# int eth 0
(conf-int-eth0)# ip address x.x.x.x y.y.y.y
set the IP address to one on the same network as the TFTP Server
#show flash
view the name of the current flash image, and make a copy to a tftp server for safekeeping
#copy flash:flashimage tftp://ipaddress/flashimage
#delete flashimage
copy tftp://ipaddress/flashimage flash:flashimage
However the flash memory was too small, which is normally not a big deal but I further damaged the flash card by accidently re-formatting on Windows and not the Cisco proprietary format.
Anyway if there are too many Cisco IOS software images on the flash, you'll have to update the following in the configuration file.
conf t
no boot system flash oldflashimagename
boot system flash flashimage
exit
ROMMON IN CONFIGURATION REGISTER
Check the value of configuration register.
The first four bits of the configuration register indicate the boot field, which defines the source of the default Cisco IOS software image (normally the flash). If it is 0 as in the configuration register value of XXX0 then at startup the system enters the ROM monitor mode prompt.
(rommon)>
Use the "confreg " command to verify the value of the configuration register and where it will look for the
Cisco IOS software image on startup to boot from.
(rommon) 2 > confreg
0 = ROM Monitor
1 = the boot helper image
2-15 = boot system
Make your choice, say 2 and issue the command to router to reset, to take effect.
(rommon) 3> reset
Looking for the Valid Image in Flash
(rommon) 1 > dir flash
(rommon) 2 > boot flash:c2600-i-mz.122-10b.bin
copy run start
wr or reload (does the same thing)
Cisco Field Notice
Months after I needed to decommission this router and do something else with it so I erased the start-up config and issued the reload command. Remember this is a new 256 MB card (not the 64MB card it came with) It went into ROM MON again, I couldn't see the flash and the confreg was set to something wierd. I believe I should've just set the confreg 0x2102 the factory default but I just swapped cards with the other router a 128MB card and it seemed fine. I fragments of a 64 MB error. I'll have to resolve this tomorrow but here's the scoop: http://www.cisco.com/en/US/ts/fn/620/fn62127.html
Cisco Troubleshoot: Restore Switch to Factory Default
It is a bad day in paradise if you have to restore a switch to default. In an extreme emergency and you had to restore the switch to factory default, this is irecoverable and should be done in a test environment first to try it out; never live unless you are absolutely sure of the damage you might causem but actually it's not usually that bad. Well I'm only saying that because it took me four times before I decided to read the directions in the manual.
What is Normal Behaviour?
When a router first boots the following steps happen in sequence (almost the same thing for a switch).
HOW TO Reset the switch to Brand New in Box Configuration.
Cisco Switch Express Startup Mode
int fa 0/15
switchport trunk allowed vlan 1-3, 1002-1005
What is Normal Behaviour?
When a router first boots the following steps happen in sequence (almost the same thing for a switch).
- The bootstrap in ROM performs the POST (Power on Self Test)
- The Cisco IOS is loaded into memory (quiz: which type of memory?)
- The configuration file is loaded into memory from NVRAM
I guess you could do this if you could no longer recover the password and the default cisco cisco is no longer valid. Requires physical access to the switch.
- Reconfigure the console login password
- Add Vlan 2
- Enable Telnet
- Unplug everything from each port on the switch, power off or pull the plug
- Power on the Switch
- Allow POST (Power On Self Test) to complete. The System LED blinks green; RPS, Status, Duplex and Speed LED turn sold green). Wait till System LED remainds solid green and other lights go off (about 5 minutes)
- Let the IP address of Laptop be assigned by DHCP. Connect laptop to any Ethernet port on the Switch.
- Hold MODE button down for 3 to 7 seconds till the Status, Duplex, and Speed lights stay solid
- In the web browser, enter default IP address 10.0.0.1 to load the Cisco SDM
- Login with default username cisco password cisco. Note you will be required to change the default password.
- Express Startup window, Basic Settings: enter Vlan 2, enter specific IP address of the switch, subnet mask, default gateway and password with confirmation.
- Enter new hostname of the switch
- Accept the Ethernet Management port IP address 10.0.1.3
- Click Advanced Settings to enable Telnet. Set the Telnet password; against most security policies, you might as well use the local password so you won't forget it.
- When you click Submit, the new IP address of the switch will be assigned and your laptop will be disconnected. Change the IP address of the laptop in the Network Settings in teh same subnet. Launch the Cisco SDM webpage again with the new IP address of the switch.
int fa 0/15
switchport trunk allowed vlan 1-3, 1002-1005
Cisco Troubleshoot: VLAN mismatch
Hardware: Cisco Catalyst 2960 S Series Switch
Use "show version" to display the hardware configuration, Cisco IOS version, names and sources of configuration files, boot images (and boot sequences).
Symptoms:
The "show logging" displays a large volume of CDP messages potentially bogging down the network with warnings about vlan mismatch.
What is a VLAN?
Diagnosis:
Vlan mismatch could indicate that the switch does not have the VLAN 2 created on it, and is being asked to route traffic from a VLAN that is not advertised on the switch. Usually, only the default native VLAN 1 is configured by factory default, but the attached router is advertising VLAN 2.
Fix: Add VLAN 2 to the swtich
Access: Console Access or Cisco SDM (web GUI)
HOW TO Use the Cisco SDM
1) Launch the webpage http://ipaddressoftheswitch
2) Login as cisco, cisco; You will be asked to change after the first login
3) Enable Telnet access to the switch from the Advanced Settings page
4) Use the web menus and configuration tabs, Add VLAN 2 and assign all the switchports to VLAN2
If you cannot open the Cisco SDM webpage because the username login is invalid and cannot be recovered, you can resort to restore the Switch to factory default to use the default login.
Alternatively, you may login as EXEC Privileged, global configuration mode and use the Cisco commands
switch (config)# line con 0
login
password mypassword
This indicates the maximum number of 5 sessions for telnet.
Additional lines may be specified with line vty 5 15
switch (config)# line vty 0 4
password
password myTelnetpassword
Verify Telnet and Assign ports to VLAN 2
Before closing the Cisco SDM or the CLI, verify that you can telnet into the switch from another machine on the network.
switch (config)# int range fa 0/1 - 24
switchport mode acces vlan 2
no schutdown
Do a "show running" on the switch and all the switchports should be ssigned to VLAN2.
This command configures ssh (and removes Telnet access. Beware!)
line vty 0 15
login local
transport input ssh
(if you leave that blank after ssh, then there is no longer any telnet acces)
Use "show version" to display the hardware configuration, Cisco IOS version, names and sources of configuration files, boot images (and boot sequences).
Symptoms:
The "show logging" displays a large volume of CDP messages potentially bogging down the network with warnings about vlan mismatch.
What is a VLAN?
Diagnosis:
Vlan mismatch could indicate that the switch does not have the VLAN 2 created on it, and is being asked to route traffic from a VLAN that is not advertised on the switch. Usually, only the default native VLAN 1 is configured by factory default, but the attached router is advertising VLAN 2.
Fix: Add VLAN 2 to the swtich
Access: Console Access or Cisco SDM (web GUI)
- If Console login is not configured by default, user must telnet to swtich to configure the "line con 0"
- If Telnet is disabled/ not configured by default and must be enabled first through the Cisco SDM
- web GUI.
- Cisco SDM is a web interface to configure the switch as an alternative to the Command Line Interface
HOW TO Use the Cisco SDM
1) Launch the webpage http://ipaddressoftheswitch
2) Login as cisco, cisco; You will be asked to change after the first login
3) Enable Telnet access to the switch from the Advanced Settings page
4) Use the web menus and configuration tabs, Add VLAN 2 and assign all the switchports to VLAN2
If you cannot open the Cisco SDM webpage because the username login is invalid and cannot be recovered, you can resort to restore the Switch to factory default to use the default login.
Alternatively, you may login as EXEC Privileged, global configuration mode and use the Cisco commands
switch (config)# line con 0
login
password mypassword
This indicates the maximum number of 5 sessions for telnet.
Additional lines may be specified with line vty 5 15
switch (config)# line vty 0 4
password
password myTelnetpassword
Verify Telnet and Assign ports to VLAN 2
Before closing the Cisco SDM or the CLI, verify that you can telnet into the switch from another machine on the network.
switch (config)# int range fa 0/1 - 24
switchport mode acces vlan 2
no schutdown
Do a "show running" on the switch and all the switchports should be ssigned to VLAN2.
This command configures ssh (and removes Telnet access. Beware!)
line vty 0 15
login local
transport input ssh
(if you leave that blank after ssh, then there is no longer any telnet acces)
Subscribe to:
Comments (Atom)