raytechnote.com

*********************************************************************************

Create Vlans

• Vlan 50

Name VLans

• name SALES

Assign Ports to Vlans

• int gi1/0/22
• switchport mode access
• switchport access vlan 50

Assign an ip address to vlan

• interface vlan 50
• ip address 10.10.10.10 255.255.255.0
• no shutdown

Note :  to assign multiple ports interface range g1/0/10-20

to avoid switchport becoming trunk port  switchport mode access

*********************************************************************************

• show vtp status 
• vtp domain abc
• vtp mode server (transparent, client)

show run command does not display the vtp info if vtp is not in transparent mode, here is the reason:

…a VLAN database was introduced into Cisco IOS Software as a method to immediately save VTP updates for VTP clients and servers. In some versions of software, this VLAN database is in the form of a separate file in NVRAM, called the vlan.dat file. You can view VTP/VLAN information that is stored in the vlan.dat file for the VTP client or VTP server if you issue the show vtp status command.

VTP server/client mode switches do not save the entire VTP/VLAN configuration to the startup config file in the NVRAM when you issue the copy running-config startup-config command on these systems. It saves the configuration in the vlan.dat file. This does not apply to systems that run as VTP transparent. VTP transparent systems save the entire VTP/VLAN configuration to the startup config file in NVRAM when you issue the copy running-config startup-config command.

Configure a trunk port

• interface g1/0/23
• switchport trunk encapsulation dot1q  (for older switches)
• switchport mode trunk
• switchport nonegeotiate

+++++++++++++++++++++++++++++++++++++++++++++++++++

To check Trunk or Vlan info

note:   show cdp neighbors

Show interface trunk

show int g1/0/10 trunk

show run

show vlan

show interfaces g1/0/23 switchport (to check a interface status, trunk, etc)

Example:

• int g1/0/24
• switchport mode access
• switchport port-security maximum 1
• switchport port-security violation shutdown (protect, restrict)

To enable the function Type:    switchport port-security

To check a port security status  type:   show port-security    (show port-security int g1/0/24 for detailed info)

To bring a port from a shutdown state:

• int g1/0/24 
• shutdown
• no shutdown

Configuring SSH on a Cisco Device

1. Create hostname                    hostname abc
2. Configure a Domain name   ip domain-name abc.com
3. Generate encryption keys     crypto key generate rsa   -> How many bits in the modulus [512]:
4. Enable SSH version 2            ip ssh version 2
5. Create local user account(s) username Peter  secret password
6. line vty 0 4
   
7. Allow telnet or ssh                  transport input telnet ssh
8. Enable local login                    login local 
9. Write mem

• Hostname 

enable

conf t

hostname abc

no IP domain-lookup

• Console password

line con 0

login

password abcd

logging sync

• Telnet password

line vty 0 4

login

password abcd

exec-timeout 0 0 (minutes  seconds, 0 means unlimited)

(exec-timeout ?  ? to set a time for admin console to log off)

or

line vty o4

login local

(this will use the local account to log into the system)

use the following command to create a local user

conf t

username John secret abc123

• Enable security password

enable secret abc (encrypted password for console and telnet to enter/enable privilege mode)

enable password abc  (clear text, no encrypted password for console and telnet to enter/enable privilege mode)

If none above enabled, a user can log into console and access the privilege mode without using a password.  A Telnet user can use the telnet password to access and enter the privilege mode.

• Management (VLAN) IP address

interface vlan 1

ip address 10.10.10.10  255.255.255.0

no shutdown

• Default gateway

switch(config)#ip default-gateway 1.1.1.1

• Shutdown (disable not used ports)

interface g3/0/24

shutdown

• Logon Banner

Banner motd  ^abc^

• Saving configurations

copy running-config startup-config

or

Write mem

note : service password-encryption  (encrypt lin con & line vty pw)

show ip interface brief

show run   (do show run)

show ip route

To remove a switch from stack, the member number of the switch must be changed back to 1 and the provision info must be removed.

Otherwise, you might see error “..Switch can not be un-provisioned when it is physically present..”

switch# show switch                (determine the member number of the switch)

switch(config)#switch 2 renumber 1 (assume the switch is member 2)

Write mem

Reload

switch(config)#no switch 2 provision

Write mem

Reload

First, configure an ip address at the switch so that it can communicate with tftp server

conf t

int vlan 1

ip address 192.168.0.254 255.255.255.0

• Backup old ios  copy flash:  tftp:   (please note, the file name is case sensitive. the source ios file can be at flash:/c3750e-universalkg-mz.122-44.SE2/c3750-universalk9-mz.122-44.SE2.bin, use sh flash: command to see first)
  

• Delete old ios files       delete  flash:c3750e-universalk9-mz.122-55.SE1.bin (old ios name)
  

or delete the old folder 

delete the old tar file (if there is one)wr

• Copy new ios bin file copy tftp: flash:

or  if you have tar file  use this command: archive tar /xtract tftp://192.168.0.2/c3750aaaaaa.tar flash:        (replace 192.168.0.2 with your tftp server ip address)

Set boot image

conf t

boot system flash:/c3750-advipservicesk9-mz.122-25.SEE1/c3750-advipservicesk9-mz.122-25.SEE1.bin

Exit

write memory 

• Confirm boot image  show boot
• reload

use the delete [/force] [/recursive] [filesystem:]/file-url privileged EXEC command

/recursive  deleting a directory and all subdirectories and the files contained in it.

/force     suppress the prompting that confirms a deletion of each file in the directory.

example:

delete folder

delete file

os 15.0

1 Connect to console

2 Boot up the switch

3 Hold the MODE button for about 20 sec, then release it.

4 When the terminal display the following prompt  switch:

5 Type flash_init

6 Type dir flash:

7 delete flash:config.text and vlan.dat if they exist

8 Type boot (reload)

One can also use the following command to erase the configuration  (however, if Vlans is configured, vlan.dat has to be deleted as VLANs are not saved in the NVRAM, but in the flash in a totally independent file named VLAN.dat, write erase will not delete Vlan.dat)

switch# write erase  (or erase starup-config)
Erasing the nvram filesystem will remove all files! Continue? [confirm]y[OK]
Erase of nvram: complete
switch#
switch# reload

Note:  private-config.text is used for the switch when it is booted outside of a cluster in standalone mode.