My Network Lab: 2019

Friday, November 8, 2019

Remove and Unclaim a Device in Meraki Cloud Dashboard

I needed to re-deploy a Meraki MS220-8P switch to another network or account. You'll need to remove and unclaim the device first in order to add and claim again on another account. This is a common procedure whenever doing a replacement or move the device to a different network or organization.

Here's a good link for the process of adding/removing devices in Meraki Cloud Dashboard.

To see the list of Meraki device and its serial number in your network, go to Organization > Inventory in the Meraki Cloud Dashboard.

I tried to "Unclaim" the listed device but had an error: Devices must be removed from network first.

To remove a device, in this case a Meraki MS220-8P switch, go to Switch > Monitor > Switches.

Select device (LAB-MS220-8P) > Edit > Remove from network.

Click Remove.

Go again to Organization > Inventory.

Select the device > Unclaim.

Thursday, October 10, 2019

Stacking a Cisco 2960-X Switch

I've stacked Cisco Catalyst 2960S, 3650, 3750-X switches in my previous posts, but this time I'll configure and stack four Cisco 2960-X switches. The Cisco 2960-X uses the FlexStack module and cable.

Use a number #2 Phillips-head screwdriver to remove the blank module cover and insert the FlexStack module located behind the switch.

I followed stacking for the four switches using the Cisco guide and looked something below.

After connecting all the FlexStack cables, I first powered on the Master (topmost) switch and waited until it's fully booted up. Then I powered on the Member switches in sequence (from top to bottom) in order to avoid the stack election process. I just connected the console cable to the console port on the Master switch and observed the bootup and stacking process.

###################################################################################
SM: All possible switches in stack are booted up

POST: Inline Power Controller Tests : Begin
POST: Inline Power Controller Tests : End, Status Passed

POST: Thermal, Fan Tests : Begin
POST: Thermal, Fan Tests : End, Status Passed

POST: PortASIC Stack Port Loopback Tests : Begin
POST: PortASIC Stack Port Loopback Tests : End, Status Passed

POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed

POST: EMAC Loopback Tests : Begin
POST: EMAC Loopback Tests : MAC Loopback Passed
POST: EMAC Loopback Tests : PHY Loopback Passed
POST: EMAC Loopback Tests : End, Status Passed

Election Complete
Switch 1 booting as Master
Waiting for Port download...Complete
Initializing Port Extension Feature Support...

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2960X-24PS-L (APM86XXX) processor (revision T0) with 524288K bytes of memory.
Processor board ID FOC23161234
Last reset from power-on
1 Virtual Ethernet interface
1 FastEthernet interface
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 78:02:B1:AA:12:34
Motherboard assembly number     : 73-16694-07
Power supply part number        : 341-0528-02
Motherboard serial number       : FOC23159GPG
Power supply serial number      : LIT23132X5K
Model revision number           : T0
Motherboard revision number     : B0
Model number                    : WS-C2960X-24PS-L
Daughterboard assembly number   : 73-14200-03
Daughterboard serial number     : FOC231608BT
System serial number            : FOC23161234
Top Assembly Part Number        : 68-100472-04
Top Assembly Revision Number    : C0
Version ID                      : V06
CLEI Code Number                : CMMZ200ARA
Daughterboard revision number   : B0
Hardware Board Revision Number : 0x19

Switch Ports Model                     SW Version            SW Image
------ ----- -----                     ----------            ----------
*    1 28    WS-C2960X-24PS-L          15.2(2)E7             C2960X-UNIVERSALK9-M

Press RETURN to get started!

*Mar 1 00:00:27.808: Read env variable - LICENSE_BOOT_LEVEL =
*Jan 2 00:00:00.150: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c2960x_lanbase Next reboot level = lanbase and License = lanbase
Sep 19 08:13:44.202: Flexstack module is 1
Sep 19 08:13:44.300: %HPAA:hpaa_port_bitmap_init:254:n_ports = 28, sizeof (**hpaa_port_bitmap.bitlist_array) = 16
Sep 19 08:16:34.498: %STACKMGR-4-SWITCH_ADDED: Switch 1 has been ADDED to the stack
Sep 19 08:16:35.836: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Sep 19 08:16:35.836: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down
Sep 19 08:16:35.889: %SMI-5-CLIENT: Smart Install Client feature is enabled. It is recommended to disable the Smart Install feature when it is not actively used. To disable feature execute 'no vstack' in configuration mode
Sep 19 08:16:37.675: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
Sep 19 08:17:03.543: %STACKMGR-5-SWITCH_READY: Switch 1 is READY
Sep 19 08:17:03.543: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state DOWN
Sep 19 08:17:03.543: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN
Sep 19 08:17:03.921: %STACKMGR-5-MASTER_READY: Master Switch 1 is READY
Sep 19 08:17:03.935: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E7, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 12-Jul-17 13:06 by prod_rel_team
Sep 19 08:17:04.039: %PLATFORM-6-FLEXSTACK_INSERTED: FlexStack module inserted in Switch 1.
Sep 19 08:17:05.885: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
Sep 19 08:17:06.378: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45.
Sep 19 08:17:06.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down

         --- System Configuration Dialog ---

Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the enable secret
If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>
Sep 19 08:17:56.472: SMI Director is not configured, disabling SMI
Sep 19 08:17:56.472: disable_smartinstall_operation:Disabling SMI
Switch>
Switch>show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234     1      4       Ready

I used the show switch command to check the status of the switch stack. Notice the changes on the Member switch State.

Switch>
Sep 19 08:19:47.257: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Aborted by non-PnP bootstrapping)
Sep 19 08:20:03.968: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state UP
Switch>
Switch>show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234     1      4       Ready
2       Member 0077.8db5.4567     1      6       Progressing

Sep 19 08:20:36.208: %STACKMGR-4-SWITCH_ADDED: Switch 2 has been ADDED to the stack
Switch>
Switch>show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234     1      4       Ready
2       Member 0077.8db5.4567     1      4       Initializing

Switch>
Sep 19 08:20:44.122: %STACKMGR-5-SWITCH_READY: Switch 2 is READY
Sep 19 08:20:44.122: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state UP
Sep 19 08:20:44.122: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 2 has changed to state DOWN
Switch>
Switch>
Sep 19 08:20:47.515: %STACKMGR-5-SWITCH_READY: Switch 2 is READY (Switch-2)
Sep 19 08:20:48.879: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45. (Switch-2)
Sep 19 08:20:48.914: %CFGMGR-4-SLAVE_WRITING_STARTUP_CFG: only master can do that (Switch-2)
Sep 19 08:20:48.914: %CFGMGR-4-SLAVE_WRITING_STARTUP_CFG: only master can do that (Switch-2)
Switch>
Switch>show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234     1      4       Ready
2       Member 0077.8db5.4567     1      4       Ready

Switch>
Sep 19 08:24:35.962: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state UP
Switch>
Switch>show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234     1      4       Ready
2       Member 0077.8db5.4567     1      4       Ready
3       Member 7802.b1aa.6789     0      0       Waiting

Switch>
Switch>show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234     1      4       Ready
2       Member 0077.8db5.4567     1      4       Ready
3       Member 7802.b1aa.6789     1      6       Progressing

Switch>
Switch>
Sep 19 08:25:07.443: %STACKMGR-4-SWITCH_ADDED: Switch 3 has been ADDED to the stack
Sep 19 08:25:07.450: %STACKMGR-4-SWITCH_ADDED: Switch 3 has been ADDED to the stack (Switch-2)
Switch>
Switch>show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234     1      4       Ready
2       Member 0077.8db5.4567     1      4       Ready
3       Member 7802.b1aa.6789     1      4       Initializing

Switch>
Sep 19 08:25:16.605: %STACKMGR-5-SWITCH_READY: Switch 3 is READY
Sep 19 08:25:16.605: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 3 has changed to state DOWN
Sep 19 08:25:16.605: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 3 has changed to state UP
Sep 19 08:25:15.811: %STACKMGR-5-SWITCH_READY: Switch 3 is READY (Switch-2)
Sep 19 08:25:16.643: %STACKMGR-5-MASTER_READY: Master Switch 1 is READY (Switch-3)
Sep 19 08:25:16.937: %STACKMGR-5-SWITCH_READY: Switch 2 is READY (Switch-3)
Sep 19 08:25:17.094: %STACKMGR-5-SWITCH_READY: Switch 3 is READY (Switch-3)
Switch>
Switch>show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234     1      4       Ready
2       Member 0077.8db5.4567     1      4       Ready
3       Member 7802.b1aa.6789     1      4       Ready

Sep 19 08:25:20.156: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45. (Switch-3)
Sep 19 08:25:20.736: %CFGMGR-4-SLAVE_WRITING_STARTUP_CFG: only master can do that (Switch-3)
Sep 19 08:25:20.736: %CFGMGR-4-SLAVE_WRITING_STARTUP_CFG: only master can do that (Switch-3)
Sep 19 08:29:01.507: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 2 has changed to state UP
Sep 19 08:29:01.737: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 3 has changed to state UP
Sep 19 08:29:33.705: %STACKMGR-4-SWITCH_ADDED: Switch 4 has been ADDED to the stack
Sep 19 08:29:33.673: %STACKMGR-4-SWITCH_ADDED: Switch 4 has been ADDED to the stack (Switch-3)
Sep 19 08:29:33.680: %STACKMGR-4-SWITCH_ADDED: Switch 4 has been ADDED to the stack (Switch-2)
Switch>
Switch>show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234     1      4       Ready
2       Member 0077.8db5.4567     1      4       Ready
3       Member 7802.b1aa.6789     1      4       Ready
4       Member 7802.b183.8912     1      4       Initializing

Switch>
Sep 19 08:29:41.695: %STACKMGR-5-SWITCH_READY: Switch 4 is READY
Sep 19 08:29:41.695: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 4 has changed to state UP
Switch>
Ewitch>show switch
Switch/Stac- )ac Addr9ss : 7802.b1aa.3e80
                              s E Y ( w tHhW3
uMaent
Switch# Role   Mac Address     Priority Version State
----------*Jan -2-0--0-:-0---3----------------------------
O1-6 L C MaEtLr 7L0 .o1aa.3e80     1      4       Ready

My console output was garbled when Switch 4 (the last Member switch) was added on the switch stack.

Switch>0maS
Sep 19 08:19:47.257: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Aborted by non-PnP bootstrapping)
Sep 19 08:20:03.968: %STACKMGR-4-STACK_ SwitCh 2GE:s baek PDrt 1 Switch 1 has changed to state UP
Switch>
Switch>sMow-swStITCH_ADDED/ twck Mac Ads ess : 7802.b1aa.1234
                                           H/W   Iurr_nDDESwiSwhtc 4lh   Mac Address     Priority Version State
-------------------E--------------------------------------
*1       Master 7802.b1aa.1234     d    ( 4       Ready
2       Member 0077.8db5.45678     1 f t6 e is ePaolressItg

< OUTPUT TRUNCATED>

The four Cisco 2960-X switches are now fully stacked. Notice the switch default priority of 1.

Switch>show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234     1      4       Ready
2       Member 0077.8db5.4567     1      4       Ready
3       Member 7802.b1aa.6789     1      4       Ready
4       Member 7802.b183.8912     1      4       Ready

You can use show version to check the IOS, MAC address and serial number of the individual switch. The IOS version should be the same for stacking to work properly. Notice the Switch uptime of the Master switch has the longest uptime since it was the first to be booted up.

Switch>enable
Switch#
Switch#show version
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E7, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 12-Jul-17 13:06 by prod_rel_team

ROM: Bootstrap program is C2960X boot loader
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(3r)E1, RELEASE SOFTWARE (fc1)

Switch uptime is 18 minutes
System returned to ROM by power-on
System restarted at 08:13:15 UTC Thu Sep 19 2019
System image file is "flash:/c2960x-universalk9-mz.152-2.E7/c2960x-universalk9-mz.152-2.E7.bin"
Last reload reason: Unknown reason

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2960X-24PS-L (APM86XXX) processor (revision T0) with 524288K bytes of memory.
Processor board ID FOC23161234
Last reset from power-on
1 Virtual Ethernet interface
1 FastEthernet interface
112 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 78:02:B1:AA:12:34
Motherboard assembly number     : 73-16694-07
Power supply part number        : 341-0528-02
Motherboard serial number       : FOC23159GPG
Power supply serial number      : LIT23132X5K
Model revision number           : T0
Motherboard revision number     : B0
Model number                    : WS-C2960X-24PS-L
Daughterboard assembly number   : 73-14200-03
Daughterboard serial number     : FOC231608BT
System serial number            : FOC23161234
Top Assembly Part Number        : 68-100472-04
Top Assembly Revision Number    : C0
Version ID                      : V06
CLEI Code Number                : CMMZ200ARA
Daughterboard revision number   : B0
Hardware Board Revision Number : 0x19

Switch Ports Model                     SW Version            SW Image
------ ----- -----                     ----------            ----------
*    1 28    WS-C2960X-24PS-L          15.2(2)E7             C2960X-UNIVERSALK9-M
      2 28    WS-C2960X-24PS-L          15.2(2)E7             C2960X-UNIVERSALK9-M
     3 28    WS-C2960X-24PS-L          15.2(2)E7             C2960X-UNIVERSALK9-M
     4 28    WS-C2960X-24PS-L          15.2(2)E7             C2960X-UNIVERSALK9-M

Switch 02
---------
Switch Uptime                   : 12 minutes
Base ethernet MAC Address       : 00:77:8D:B5:45:67
Motherboard assembly number     : 73-16694-07
Power supply part number        : 341-0528-02
Motherboard serial number       : FOC23044567
Power supply serial number      : LIT22464EZE
Model revision number           : T0
Motherboard revision number     : A0
Model number                    : WS-C2960X-24PS-L
Daughterboard assembly number   : 73-14200-03
Daughterboard serial number     : FOC23033X90
System serial number            : FCW23044567
Top assembly part number        : 68-100472-04
Top assembly revision number    : B0
Version ID                      : V06
CLEI Code Number                : CMMZ200ARA
Daughterboard revision number   : B0

Switch 03
---------
Switch Uptime                   : 7 minutes
Base ethernet MAC Address       : 78:02:B1:AA:67:89
Motherboard assembly number     : 73-16694-07
Power supply part number        : 341-0528-02
Motherboard serial number       : FOC23156789
Power supply serial number      : LIT23132WW6
Model revision number           : T0
Motherboard revision number     : B0
Model number                    : WS-C2960X-24PS-L
Daughterboard assembly number   : 73-14200-03
Daughterboard serial number     : FOC231596UE
System serial number            : FOC23166789
Top assembly part number        : 68-100472-04
Top assembly revision number    : C0
Version ID                      : V06
CLEI Code Number                : CMMZ200ARA
Daughterboard revision number   : B0

Switch 04
---------
Switch Uptime                   : 3 minutes
Base ethernet MAC Address       : 78:02:B1:83:89:12
Motherboard assembly number     : 73-16694-07
Power supply part number        : 341-0528-02
Motherboard serial number       : FOC23148912
Power supply serial number      : LIT23132WX2
Model revision number           : T0
Motherboard revision number     : B0
Model number                    : WS-C2960X-24PS-L
Daughterboard assembly number   : 73-14200-03
Daughterboard serial number     : FOC2316073L
System serial number            : FOC23168912
Top assembly part number        : 68-100472-04
Top assembly revision number    : C0
Version ID                      : V06
CLEI Code Number                : CMMZ200ARA
Daughterboard revision number   : B0

Configuration register is 0xF


Notice the switch port density when issuing a show interface status command. The first number represent the module number.

Switch#show interface status

Port      Name               Status       Vlan       Duplex Speed Type
Gi1/0/1                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/2                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/3                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/4                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/5                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/6                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/7                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/8                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/9                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/10                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/11                     notconnect   1            auto   auto 10/100/1000BaseTX
Port      Name               Status       Vlan       Duplex Speed Type
Gi1/0/12                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/13                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/14                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/15                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/16                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/17                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/18                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/19                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/20                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/21                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/22                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/23                     notconnect   1            auto   auto 10/100/1000BaseTX
Port      Name               Status       Vlan       Duplex Speed Type
Gi1/0/24                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/25                     notconnect   1            auto   auto Not Present
Gi1/0/26                     notconnect   1            auto   auto Not Present
Gi1/0/27                     notconnect   1            auto   auto Not Present
Gi1/0/28                     notconnect   1            auto   auto Not Present
Gi2/0/1                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/2                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/3                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/4                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/5                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/6                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/7                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/8                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/9                      notconnect   1            auto   auto 10/100/1000BaseTX
Port      Name               Status       Vlan       Duplex Speed Type
Gi2/0/10                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/11                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/12                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/13                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/14                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/15                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/16                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/17                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/18                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/19                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/20                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/21                     notconnect   1            auto   auto 10/100/1000BaseTX
Port      Name               Status       Vlan       Duplex Speed Type
Gi2/0/22                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/23                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/24                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi2/0/25                     notconnect   1            auto   auto Not Present
Gi2/0/26                     notconnect   1            auto   auto Not Present
Gi2/0/27                     notconnect   1            auto   auto Not Present
Gi2/0/28                     notconnect   1            auto   auto Not Present
Gi3/0/1                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/2                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/3                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/4                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/5                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/6                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/7                      notconnect   1            auto   auto 10/100/1000BaseTX
Port      Name               Status       Vlan       Duplex Speed Type
Gi3/0/8                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/9                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/10                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/11                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/12                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/13                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/14                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/15                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/16                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/17                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/18                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/19                     notconnect   1            auto   auto 10/100/1000BaseTX
Port      Name               Status       Vlan       Duplex Speed Type
Gi3/0/20                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/21                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/22                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/23                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/24                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi3/0/25                     notconnect   1            auto   auto Not Present
Gi3/0/26                     notconnect   1            auto   auto Not Present
Gi3/0/27                     notconnect   1            auto   auto Not Present
Gi3/0/28                     notconnect   1            auto   auto Not Present
Gi4/0/1                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/2                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/3                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/4                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/5                      notconnect   1            auto   auto 10/100/1000BaseTX
Port      Name               Status       Vlan       Duplex Speed Type
Gi4/0/6                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/7                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/8                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/9                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/10                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/11                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/12                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/13                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/14                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/15                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/16                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/17                     notconnect   1            auto   auto 10/100/1000BaseTX
Port      Name               Status       Vlan       Duplex Speed Type
Gi4/0/18                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/19                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/20                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/21                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/22                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/23                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/24                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi4/0/25                     notconnect   1            auto   auto Not Present
Gi4/0/26                     notconnect   1            auto   auto Not Present
Gi4/0/27                     notconnect   1            auto   auto Not Present
Gi4/0/28                     notconnect   1            auto   auto Not Present
Fa0                          notconnect   routed       auto   auto 10/100BaseTX

You'll need to hardcode the priority in order to have a permanent stack setup. The switch with the highest priority will be elected as the Master switch.

Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#switch 1 priority 15
Changing the Switch Priority of Switch Number 1 to 15
Do you want to continue?[confirm]
New Priority has been set successfully

Switch(config)#switch 2 priority 14
Changing the Switch Priority of Switch Number 2 to 14
Do you want to continue?[confirm]
New Priority has been set successfully

Switch(config)#switch 3 priority 12
Changing the Switch Priority of Switch Number 3 to 12
Do you want to continue?[confirm]
New Priority has been set successfully

Switch(config)#switch 4 priority 10
Changing the Switch Priority of Switch Number 4 to 10
Do you want to continue?[confirm]
New Priority has been set successfully

Switch#show switch
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234    15     4       Ready
2       Member 0077.8db5.4567     14     4       Ready
3       Member 7802.b1aa.6789     12     4       Ready
4       Member 7802.b183.8912     10     4       Ready

Switch#show switch detail
Switch/Stack Mac Address : 7802.b1aa.1234
                                           H/W   Current
Switch# Role   Mac Address     Priority Version State
----------------------------------------------------------
*1       Master 7802.b1aa.1234    15     4       Ready
2       Member 0077.8db5.4567     14     4       Ready
3       Member 7802.b1aa.6789     12     4       Ready
4       Member 7802.b183.8912     10     4       Ready

         Stack Port Status             Neighbors
Switch# Port 1     Port 2           Port 1   Port 2
--------------------------------------------------------
1        Ok         Ok                2        3
2        Ok         Ok                1        4
3        Ok         Ok                4        1
4        Ok         Ok                3        2

Switch#show switch stack-ring speed

Stack Ring Speed        : 20G
Stack Ring Configuration: Full
Stack Ring Protocol     : FlexStack

Saturday, September 7, 2019

Activating Software License on a Cisco 1900 ISR G2 Router

I needed to configure my Cisco 1921 lab router for Site-to-Site IPsec VPN with a Cisco FTD but I don't have the Security license installed. So I just activated the 60-day Evaluation license instead. Here's a good Cisco link about Cisco ISR G2 and 4K router software packages and licenses.

License Types Available on the ISR G2

Permanent Licenses

Permanent licenses are valid for the life of the device on which it is installed. Some examples of permanent licenses are IOS Technology Packages (IPB, UC, SEC, DATA), Feature Licenses such as SSL VPN etc.

Temporary Licenses

Temporary licenses are used for evaluating new capabilities or in emergency situations. A temporary license allows a feature set to be used for 60 days of actual usage. When the 60-day period expires, the device will continue to operate normally until reloaded. After the reload, the device will default to the original functionality before the temporary license was enabled. Only actual time that the temporary license is enabled counts towards the 60 day limit. The Cisco Technical Assistance Center (TAC) can provide an extension license for longer trials or other circumstances.

Feature Licenses

Some individual features can be enabled or disabled by license keys. These features check for their licenses before enabling themselves. A feature license will typically have a prerequisite before it will function such as a requirement for a Universal Communication license before a CUBE feature license will function. Some examples of feature licenses are CME, CUBE etc.

There are two types of Feature licenses:

Software Activation Feature Licenses

These are typically upgrades to one or more technology Package Licenses and can be included on new routers or upgraded through Cisco Software Activation. These licenses are enforced through Cisco Software Licensing framework.

Right to Use Feature Licenses

These licenses follow the traditional licensing model and do not use Cisco Software Activation. They can be ordered when the router is initially purchased or at a later date.

Subscription Licenses

Subscription licenses are time-based licenses that require the subscriber to periodically renew or the license will expire after an agreed-upon time. Some examples of Subscription license are URL Filtering and IPS.

Counted Licenses

Feature licenses can be either uncounted licenses or counted licenses. Uncounted licenses do not have any count and simply enable the unrestricted feature on the router when activated. Counted licenses enable a defined number of uses e.g. CME User Licenses

You can verify the router's software package and features either using the show version and show license CLI commands.

Router#show version

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Tue 20-Mar-12 17:58 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)

Router uptime is 2 minutes

System returned to ROM by power-on

System restarted at 10:03:01 UTC Wed Aug 7 2019

System image file is "usbflash0:c1900-universalk9-mz.SPA.151-4.M4.bin"

Last reload type: Normal Reload

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco CISCO1921/K9 (revision 1.0) with 487424K/36864K bytes of memory.

Processor board ID FGL16312ABC

2 Gigabit Ethernet interfaces

1 Serial(sync/async) interface

1 terminal line

DRAM configuration is 64 bits wide with parity disabled.

255K bytes of non-volatile configuration memory.

249840K bytes of USB Flash usbflash0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------

Device# PID SN

-------------------------------------------------

*0 CISCO1921/K9 FGL16312ABC

Technology Package License Information for Module:'c1900'

-----------------------------------------------------------------

Technology Technology-package Technology-package

Current Type Next reboot

------------------------------------------------------------------

ipbase ipbasek9 Permanent ipbasek9

security None None None

data None None None

Configuration register is 0x2102

Router#show crypto

% Incomplete command. // UNABLE TO ISSUE CRYPTO RELATED COMMANDS

Router#show license

Index 1 Feature: ipbasek9

Period left: Life time

License Type: Permanent

License State: Active, In Use

License Count: Non-Counted

License Priority: Medium

Index 2 Feature: securityk9

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Index 3 Feature: datak9

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Index 4 Feature: SSL_VPN

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Not in Use, EULA not accepted

License Count: 0/0 (In-use/Violation)

License Priority: None

Index 5 Feature: ios-ips-update

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Index 6 Feature: WAAS_Express

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#license ?

accept Accept all further License Agreements

agent Configure LIC_AGENT

boot license boot config commands

call-home license call-home config commands

Router(config)#license boot ?

module which module to boot

Router(config)#license boot module ?

c1900 license boot module for c1900

Router(config)#license boot module c1900 ?

technology-package product technology group

Router(config)#license boot module c1900 technology-package ?

datak9 data technology

securityk9 security technology

Router(config)#license boot module c1900 technology-package securityk9 ?

disable disable the technology

<cr>

Router(config)#license boot module c1900 technology-package securityk9

PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR

LICENSE KEY PROVIDED FOR ANY CISCO PRODUCT FEATURE OR USING SUCH

PRODUCT FEATURE CONSTITUTES YOUR FULL ACCEPTANCE OF THE FOLLOWING

TERMS. YOU MUST NOT PROCEED FURTHER IF YOU ARE NOT WILLING TO BE BOUND

BY ALL THE TERMS SET FORTH HEREIN.

Use of this product feature requires an additional license from Cisco,

together with an additional payment. You may use this product feature

on an evaluation basis, without payment to Cisco, for 60 days. Your use

of the product, including during the 60 day evaluation period, is

subject to the Cisco end user license agreement

http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html

If you use the product feature beyond the 60 day evaluation period, you

must submit the appropriate payment to Cisco for the license. After the

60 day evaluation period, your use of the product feature will be

governed solely by the Cisco end user license agreement (link above),

together with any supplements relating to such product feature. The

above applies even if the evaluation license is not automatically

terminated and you do not receive any notice of the expiration of the

evaluation period. It is your responsibility to determine when the

evaluation period is complete and you are required to make payment to

Cisco for your use of the product feature beyond the evaluation period.

Your acceptance of this agreement for the software features on one

product shall be deemed your acceptance with respect to all such

software on all Cisco products you purchase which includes the same

software. (The foregoing notwithstanding, you must purchase a license

for each software feature you use past the 60 days evaluation period,

so that if you enable a software feature on 1000 devices, you must

purchase 1000 licenses for use past the 60 day evaluation period.)

Activation of the software command line interface will be evidence of

your acceptance of this agreement.

ACCEPT? [yes/no]: yes

% use 'write' command to make license boot config take effect on next boot

Router(config)#

Aug 7 10:09:24.559: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c1900 Next reboot level = securityk9 and License = securityk9

Aug 7 10:09:24.955: %LICENSE-6-EULA_ACCEPTED: EULA for feature securityk9 1.0 has been accepted. UDI=CISCO1921/K9:FGL163126BV; StoreIndex=0:Built-In License Storage

Router(config)#end

Router#

Aug 7 10:09:33.315: %SYS-5-CONFIG_I: Configured from console by console

Router#write

Building configuration...

[OK]

Router#show version

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Tue 20-Mar-12 17:58 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)

Router uptime is 6 minutes