Saturday, September 21, 2013

Spanning Tree Protocol (STP) Lab

At last, I got my 8-port Catalyst 2940 switch. This would be the final piece to complete my switching lab. This is the baby brother of the Catalyst 2950, which is the most deployed and practical switch in both production and lab environments. I just can't help not buying this cute and awesome device.

 
 
Since I've gathered all my switches, I'm now able to create Spanning-Tree Protocol (STP) and VLAN Trunking Protocol (VTP) lab using the famous "switch triangle" topology. This topology makes more meaningful and challenging STP and VTP lab as compared to a single or switch pair topology.


We start by configuring the EtherChannel and trunk links on the C3560 first, on the C2960 and finally on the C2940.

Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname SW1
SW1(config)#do show interface status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        notconnect   1            auto   auto 10/100BaseTX
Fa0/2                        notconnect   1            auto   auto 10/100BaseTX
Fa0/3                        notconnect   1            auto   auto 10/100BaseTX
Fa0/4                        notconnect   1            auto   auto 10/100BaseTX
Fa0/5                        notconnect   1            auto   auto 10/100BaseTX
Fa0/6                        notconnect   1            auto   auto 10/100BaseTX
Fa0/7                        notconnect   1            auto   auto 10/100BaseTX
Fa0/8                        notconnect   1            auto   auto 10/100BaseTX
Gi0/1                        notconnect   1            auto   auto Not Present
SW1(config)#interface range fastethernet0/1-2
SW1(config-if-range)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
// THIS ERROR HAPPENS TO APPEAR IN 3560
SW1(config-if-range)#switchport trunk encapsulation ?
  dot1q      Interface uses only 802.1q trunking encapsulation when trunking
  isl        Interface uses only ISL trunking encapsulation when trunking
  negotiate  Device will negotiate trunking encapsulation with peer on
             interface
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#end

----

Switch#configure terminal
*Mar  1 00:02:43.854: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname SW3
SW3(config)#do show interface status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        notconnect   1            auto   auto 10/100BaseTX
Fa0/2                        notconnect   1            auto   auto 10/100BaseTX
Fa0/3                        notconnect   1            auto   auto 10/100BaseTX
Fa0/4                        notconnect   1            auto   auto 10/100BaseTX
Fa0/5                        notconnect   1            auto   auto 10/100BaseTX
Fa0/6                        notconnect   1            auto   auto 10/100BaseTX
Fa0/7                        notconnect   1            auto   auto 10/100BaseTX
Fa0/8                        notconnect   1            auto   auto 10/100BaseTX
Gi0/1                        notconnect   1            auto   auto 10/100/1000BaseTX
SW3(config)#interface range fastethernet0/1-2
SW3(config-if-range)#switchport mode trunk
SW3(config-if-range)#end

----

Switch#configure terminal
00:02:36: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname SW2
SW2(config)#do sh int status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        notconnect   1            auto   auto 10/100BaseTX
Fa0/2                        notconnect   1            auto   auto 10/100BaseTX
Fa0/3                        notconnect   1            auto   auto 10/100BaseTX
Fa0/4                        notconnect   1            auto   auto 10/100BaseTX
Fa0/5                        notconnect   1            auto   auto 10/100BaseTX
Fa0/6                        notconnect   1            auto   auto 10/100BaseTX
Fa0/7                        notconnect   1            auto   auto 10/100BaseTX
Fa0/8                        notconnect   1            auto   auto 10/100BaseTX
Gi0/1                        notconnect   1            auto   auto 10/100/1000BaseTX
SW2(config)#interface range fastethernet0/1-2
                                           ^
% Invalid input detected at '^' marker.    // 2940 NEEDS A SPACE ON INTERFACE RANGE COMMAND

SW2(config)#interface range fastethernet0/1 - 2
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#end


STP is enabled by default on switches (for VLAN 1) and we can quickly verify its operation by using the show spanning-tree command. From here we could see the Bridge ID (priority and MAC address) and the elected root bridge. All switches have a default priority of 32768 and the lower value has the highest priority (which in this case a value of 1).

If all switches have the same priority and extended system ID, the one with the lowest MAC address will be considered the root bridge. Notice that SW1's F0/2 port state is blocked (BLK) since it has the highest MAC address. It also considered this port to be redundant towards the root bridge.

SW2 (C2940) became the root bridge since it has the lowest MAC address compared to the other switches. Also noticed all of its ports are in the forwarding (FWD) state, which is the reward for a root bridge.

SW1#show spanning-tree ?
  active             Report on active interfaces only
  backbonefast       Show spanning tree backbonefast status
  blockedports       Show blocked ports
  bridge             Status and configuration of this bridge
  detail             Detailed information
  inconsistentports  Show inconsistent ports
  interface          Spanning Tree interface status and configuration
  mst                Multiple spanning trees
  pathcost           Show Spanning pathcost options
  root               Status and configuration of the root bridge
  summary            Summary of port states
  uplinkfast         Show spanning tree uplinkfast status
  vlan               VLAN Switch Spanning Trees
  |                  Output modifiers
  <cr>

SW1#show spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     001b.0db0.8f00   // MAC ADDRESS OF C2940
             Cost        19
             Port        2 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     6416.8dec.a700    // MAC ADDRESS OF C3560
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Root FWD 19        128.2    P2p
Fa0/2            Altn BLK 19        128.3    P2p


SW3#show spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     001b.0db0.8f00
             Cost        19
             Port        2 (FastEthernet0/2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     001f.9d88.b980   // MAC ADDRESS OF C2960
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Desg FWD 19        128.1    P2p
Fa0/2               Root FWD 19        128.2    P2p


SW2#show spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     001b.0db0.8f00   // MAC ADDRESS OF C2940
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     001b.0db0.8f00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p


Since the C2940 has the lowest switching capacity, we could force the C3560 to be the primary root bridge and the C2960 as the secondary root bridge. We do this by issuing the commands spanning-tree vlan 1 root primary and spanning-tree vlan 1 root secondary in global config mode. Notice the priority for primary root and secondary root bridge became 24577 and 28673 respectively (multiples of 4096) and the C2940 F0/2 port went to a blocking state.

SW1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#spanning-tree ?
  backbonefast  Enable BackboneFast Feature
  etherchannel  Spanning tree etherchannel specific configuration
  extend        Spanning Tree 802.1t extensions
  logging       Enable Spanning tree logging
  loopguard     Spanning tree loopguard options
  mode          Spanning tree operating mode
  mst           Multiple spanning tree configuration
  pathcost      Spanning tree pathcost options
  portfast      Spanning tree portfast options
  transmit      STP transmit parameters
  uplinkfast    Enable UplinkFast Feature
  vlan          VLAN Switch Spanning Tree

SW1(config)#spanning-tree vlan ?
  WORD  vlan range, example: 1,3-5,7,9-11

SW1(config)#spanning-tree vlan 1 ?
  forward-time  Set the forward delay for the spanning tree
  hello-time    Set the hello interval for the spanning tree
  max-age       Set the max age interval for the spanning tree
  priority      Set the bridge priority for the spanning tree
  root          Configure switch as root
  <cr>

SW1(config)#spanning-tree vlan 1 root ?
  primary    Configure this switch as primary root for this spanning tree
  secondary  Configure switch as secondary root

SW1(config)#spanning-tree vlan 1 root primary
SW1(config)#end
00:14:19: %SYS-5-CONFIG_I: Configured from console by console
SW1#show spaning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    24577
             Address     6416.8dec.a700
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    24577  (priority 24576 sys-id-ext 1)
             Address     6416.8dec.a700
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 15

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.2    P2p
Fa0/2            Desg FWD 19        128.3    P2p


SW3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#spanning-tree vlan 1 root ?
  primary    Configure this switch as primary root for this spanning tree
  secondary  Configure switch as secondary root

SW3(config)#spanning-tree vlan 1 root secondary
SW3(config)#end
SW3#show spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    24577
             Address     6416.8dec.a700
             Cost        19
             Port        1 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    28673  (priority 28672 sys-id-ext 1)
             Address     001f.9d88.b980
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 15

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Root FWD 19        128.1    P2p
Fa0/2               Desg FWD 19        128.2    P2p


SW2#show spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    24577
             Address     6416.8dec.a700
             Cost        19
             Port        1 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     001b.0db0.8f00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 15

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Root FWD 19        128.1    P2p
Fa0/2            Altn BLK 19        128.2    P2p


Just for fun and be able observe an STP loop, I've disabled spanning-tree on all switches using the no spanning-tree vlan 1 command. It could be observed on the last few seconds of the video that the LED lights went fuzzy and CPU utilization shoots up in just a few seconds.

SW1#show processes cpu sorted
CPU utilization for five seconds: 41%/6%; one minute: 21%; five minutes: 8%
 PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process
 161       12391     22199        558 30.03% 13.42%  3.35%   0 Spanning Tree
 155          85       131        648  0.31%  0.07%  0.01%   0 Exec
   2           0      1060          0  0.00%  0.00%  0.00%   0 Load Meter
   1           0         3          0  0.00%  0.00%  0.00%   0 Chunk Manager
   3           0        14          0  0.00%  0.00%  0.00%   0 SpanTree Helper

Posted by at No comments:

Saturday, September 14, 2013

Cisco IOS Device Hardening

I've decided to dedicate a separate blog describing my lab and journal its upgrade. I've started to realize the value of owning real network equipment as opposed to doing remote lab or GNS3 emulation. It teaches me the intricacies of networking and a deep understanding of the technology. This also trains me to become better in network design and physical troubleshooting, which is needed if someone wants to attempt any CCIE lab exam.

I'm halfway through with FIREWALL and beginning to miss routing and switching. So I've spent a night trying to secure my 871w router. This would also serve as my CCNA Security 101 review.

Device hardening is an essential task that a networking professional must never overlook. It involves implementing methods for securing the router's administrative access using the command-line interface (CLI) as well as the web graphical user interface (GUI).

Some of these methods involve securing administrative access, including maintaining passwords, configuring enhanced virtual login features, and implementing Secure Shell (SSH). Because not all networking personnel should have the same level of access to devices, defining administrative roles is another important aspect of securing infrastructure devices.

Many of the router services are enabled by default for historical (legacy) reasons but are no longer required in today's network. Securing the management and reporting features of Cisco IOS device is also important.


Minimum Character Length

It is strongly recommended that the minimum password length be set at least 10 characters to eliminate common passwords that are short and prevalent on most networks, such as "lab" and "cisco."

871W(config)#security passwords min-length ?
  <0-16>  Minimum length of all user/enable passwords
871W(config)#security passwords min-length 10
871W(config)#enable secret cisco
% Password too short - must be at least 10 characters. Password not configured.


Disable Unattended Connections

By default, a login session stays active and logged in for 10 minutes after the last session activity. After that, the interface times out and logs out of the session.

871W(config-line)#exec-timeout ?
  <0-35791>  Timeout in minutes

871W(config-line)#exec-timeout 5


Encrypt All Passwords

By default, some passwords are shown in plaintext in the Cisco IOS software configuration. With the exception of the enable secret password, all other plaintext passwords in the configuration file can be encrypted in the configuration file using the service password-encryption command.

This is a weak encryption (type 7) and it is primarily used to prevent someone from doing a "shoulder surf" while the you're logged in to a device.

871W#show running-config
Building configuration...

Current configuration : 513 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname 871W
!
!
!
enable password ciscocisco


871W#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
871W(config)#service password-encryption
871W(config)#end

%SYS-5-CONFIG_I: Configured from console by console
871W#show running-config
Building configuration...

Current configuration : 537 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname 871W
!
!
!
enable password 7 0822455D0A16



Configuring Enhanced Security for Virtual Logins

The Cisco IOS login enhancements feature provides more security when creating a virtual connection, such as Telnet, SSH or HTTP, by slowing down dictionary attacks and stopping DoS attacks. To better configure security for virtual login connections, the login process should be configured with specific parameters:

    * Delays between successive login attempts

    * Login shutdown if DoS attacks are suspected

    * Generation of system logging messages for login detection

871W(config)#login ?
  block-for   Set quiet-mode active time period
  delay       Set delay between successive fail login
  on-failure  Set options for failed login attempt
  on-success  Set options for successful login attempt
  quiet-mode  Set quiet-mode options

871W(config)#login block-for ?
  <1-65535>  Time period in seconds

871W(config)#login block-for 30 ?
  attempts  Set max number of fail attempts

871W(config)#login block-for 30 attempts 5 ?
  within  Watch period for fail attempts

871W(config)#login block-for 30 attempts 5 within ?
  <1-65535>  Time period in seconds

871W(config)#login block-for 30 attempts 5 within 60
871W(config)#login quiet-mode ?
  access-class  Set access class

871W(config)#login quiet-mode access-class ?
  <1-199>      IP access list
  <1300-2699>  IP expanded access list
  WORD         Access-list name

871W(config)#login quiet-mode access-class 10
871W(config)#login delay ?
  <1-10>  Time period in seconds

871W(config)#login delay 5
871W(config)#login on-success log
871W(config)#login on-failure log
871W(config)#do show login
     A login delay of 5 seconds is applied.
     Quiet-Mode access list 10 is applied.
     All successful login is logged.
     All failed login is logged.

     Router enabled to watch for login Attacks.
     If more than 5 login failures occur in 60 seconds or less,
     logins will be disabled for 30 seconds.

     Router presently in Normal-Mode.
     Current Watch Window
         Time remaining: 37 seconds.
         Login failures for current window: 0.
     Total login failures: 0.

871W(config)#do terminal monitor
871W(config)#
*May 19 23:10:17.402 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: asdf] [Source: 192.168.1.11] [localport: 23] [Reason: Login Authentication Failed - BadUser] at 23:10:17 UTC Wed May 19 2010
871W(config)#
*May 19 23:10:25.151 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: asdf] [Source: 192.168.1.11] [localport: 23] [Reason: Login Authentication Failed - BadUser] at 23:10:25 UTC Wed May 19 2010
871W(config)#
*May 19 20:10:09.241 UTC: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: admin] [Source: 192.168.1.12]  [localport: 23] at 20:10:09 UTC Wed May 19 2010
871W(config)#do show login failures
Total failed logins: 2
Detailed information about last 50 failures

Username        SourceIPAddr    lPort Count TimeStamp
asdf            192.168.1.12    23    2     20:12:03 UTC Wed May 19 2010


Banner

A device banner is generally used to warn users against unauthorized access attempts, display maintenance-related information or reminders for all administrators.

Tokens are optional and can be used within the banner message:

$(hostname) - Displays the host name for the router

$(domain) - Displays the domain name for the router

$(line) - Displays the vty or tty (asynchronous) line

$(line-desc) - Displays the description that is attached to the line


871W(config)#banner ?
  LINE            c banner-text c, where 'c' is a delimiting character
  exec            Set EXEC process creation banner
  incoming        Set incoming terminal line banner
  login           Set login banner
  motd            Set Message of the Day banner
  prompt-timeout  Set Message for login authentication timeout
  slip-ppp        Set Message for SLIP/PPP

871W(config)#banner login # This equipment $(hostname) is privately owned and access is logged. Disconnect immediately if you are not an authorized user. Violators will be prosecuted to the fullest extent of the law. #


Posted by at No comments:

Saturday, September 7, 2013

Password Recovery on Catalyst 3560 Switch

I've received my Cisco Catalyst 3560 8-port PoE multilayer switch from the mail and the first thing I did was to see its the Power On-Self Test (POST). But when I console into the switch, the old IT guy forgot to wipe out the switch config.


This was expected especially when buying Cisco devices on Ebay. So I went ahead and performed a password recovery and "factory default" the switch including the VLAN database.


<HOSTNAME> con0 is now available


Press RETURN to get started.



**********************************************************************
*                                                                    *
* THIS SYSTEM IS RESTRICTED TO <COMPANY> AUTHORIZED USERS ONLY.    *
* THE UNAUTHORIZED ACCESS, USE OR MODIFICATION OF THIS SYSTEM, DATA  *
* CONTAINED IN THIS SYSTEM OR DATA IN TRANSIT TO OR FROM THIS SYSTEM *
* IS SUBJECT TO CRIMINAL PENALTIES AND CIVIL LIABILITY.              *
*                                                                    *
**********************************************************************
^

User Access Verification

Password:
% Access denied 


----


// HOLD MODE BUTTON FOR 3 SECONDS AFTER SYS LED TURNED SOLID GREEN


Using driver version 1 for media type 1
Base ethernet MAC Address: 64:16:8d:ec:a7:00
Xmodem file system is available.
The password-recovery mechanism is enabled.

The system has been interrupted prior to initializing the
flash filesystem.  The following commands will initialize
the flash filesystem, and finish loading the operating
system software:

    flash_init
    boot


switch: flash_init
Initializing Flash...
mifs[2]: 0 files, 1 directories
mifs[2]: Total bytes     :    3870720
mifs[2]: Bytes used      :       1024
mifs[2]: Bytes available :    3869696
mifs[2]: mifs fsck took 0 seconds.
mifs[3]: 456 files, 6 directories
mifs[3]: Total bytes     :   27998208
mifs[3]: Bytes used      :    9368064
mifs[3]: Bytes available :   18630144
mifs[3]: mifs fsck took 7 seconds.
...done Initializing Flash.

switch: load_helper
Unknown cmd: load_helper    // SKIP THIS COMMAND

switch: ?
           ? -- Present list of available commands
        boot -- Load and boot an executable image
         cat -- Concatenate (type) file(s)
        copy -- Copy a file
      delete -- Delete file(s)
         dir -- List files in directories
  flash_init -- Initialize flash filesystem(s)
      format -- Format a filesystem
        fsck -- Check filesystem consistency
        help -- Present list of available commands
      memory -- Present memory heap utilization information
       mkdir -- Create dir(s)
        more -- Concatenate (display) file(s)
      rename -- Rename a file
       reset -- Reset the system
       rmdir -- Delete empty dir(s)
         set -- Set or display environment variables
      set_bs -- Set attributes on a boot sector filesystem
   set_param -- Set system parameters in flash
       sleep -- Pause (sleep) for a specified number of seconds
        type -- Concatenate (type) file(s)
 -- MORE --
       unset -- Unset one or more environment variables
     version -- Display boot loader version

switch: dir flash:
Directory of flash:/

    2  -rwx  796       <date>               vlan.dat
    3  -rwx  5         <date>               private-config.text
    4  -rwx  16258     <date>               config.text
    5  drwx  512       <date>               c3560-ipbase-mz.122-35.SE5

18630144 bytes available (9368064 bytes used)

switch: rename flash:config.text flash:config.old

switch: boot
Loading "flash:c3560-ipbase-mz.122-35.SE5/c3560-ipbase-mz.122-

35.SE5.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File "flash:c3560-ipbase-mz.122-35.SE5/c3560-ipbase-mz.122-35.SE5.bin" uncompressed and installed, entry point:

0x3000
executing...

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 19-Jul-07 18:15 by nachen
Image text-base: 0x00003000, data-base: 0x01100000

Initializing flashfs...
Using driver version 1 for media type 1
mifs[3]: 0 files, 1 directories
mifs[3]: Total bytes     : 3870720
mifs[3]: Bytes used      : 1024
mifs[3]: Bytes available : 3869696
mifs[3]: mifs fsck took 0 seconds.
mifs[3]: Initialization complete.

mifs[4]: 456 files, 6 directories
mifs[4]: Total bytes     : 27998208
mifs[4]: Bytes used      : 9368064
mifs[4]: Bytes available : 18630144
mifs[4]: mifs fsck took 0 seconds.
mifs[4]: Initialization complete.

...done Initializing flashfs.

POST: CPU MIC register Tests : Begin
POST: CPU MIC register Tests : End, Status Passed

POST: PortASIC Memory Tests : Begin
POST: PortASIC Memory Tests : End, Status Passed

POST: CPU MIC interface Loopback Tests : Begin
POST: CPU MIC interface Loopback Tests : End, Status Passed

POST: PortASIC RingLoopback Tests : Begin
POST: PortASIC RingLoopback Tests : End, Status Passed

POST: Inline Power Controller Tests : Begin
POST: Inline Power Controller Tests : End, Status Passed

POST: PortASIC CAM Subsystem Tests : Begin
POST: PortASIC CAM Subsystem Tests : End, Status Passed

POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed

Waiting for Port download...Complete

cisco WS-C3560-8PC (PowerPC405) processor (revision E0) with 122880K/8184K bytes of memory.
Processor board ID FOC1347W66L
Last reset from power-on
1 Virtual Ethernet interface
8 FastEthernet interfaces
1 Gigabit Ethernet interface
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 64:16:8D:EC:A7:00
Motherboard assembly number     : 73-10612-08
Power supply part number        : 341-0207-01
Motherboard serial number       : FOC1348042W
Power supply serial number      : LIT13421AET
Model revision number           : E0
Motherboard revision number     : B0
Model number                    : WS-C3560-8PC-S
System serial number            : FOC1347W66L
Top Assembly Part Number        : 800-28131-03
Top Assembly Revision Number    : B0
Version ID                      : V03
CLEI Code Number                : COMN400CRB
Hardware Board Revision Number  : 0x01


Switch   Ports  Model              SW Version              SW Image
------   -----  -----              ----------              ----------
*    1   9      WS-C3560-8PC       12.2(35)SE5             C3560-IPBASE-M


Press RETURN to get started!


00:00:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
00:00:31: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
00:00:52: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 19-Jul-07 18:15 by nachen

Would you like to terminate autoinstall? [yes]:


         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>enable
Switch#
00:01:10: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
Switch#write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
Switch#
00:02:24: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Switch#delete vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
Switch#reload
Proceed with reload? [confirm]

00:02:57: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.


Now I've got a nice and clean switch ready for my lab.


Switch#show running-config
Building configuration...

Current configuration : 710 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface GigabitEthernet0/1
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end

Switch#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Gi0/1
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

Posted by at 1 comment:
Subscribe to: Posts (Atom)