Wednesday, December 22, 2010

How to reset a password on cisco switch?

This is a general guideline for Catalyst switches and may very on particular models. Here are the basic steps:
1.       Unplug the power from the switch, press and hold the Mode button on the front panel until you see:
flash_init
load_helper
boot
switch:
2.       Issue the flash_init command, wait until it loads and then issue load_helper command.
Type
Switch: dir flash:
This command will show the switch files system, one of the files is called config.text. You need to rename this file to be able to log in to the switch, type the following:
Switch:rename flash:config.text flash:confing.old
At this point you can boot the switch with the following command:
Switch:boot
3.       Once booted enter n at the prompt and go to the global configuration mode:
Switch>enable
Switch#
4.       Now rename config.old back to config.text:
Switch#rename flash:config.old flash:config.text
And
copy config.text to running config
Switch#copy flash:config.text system:running-config
5.       At this point change secret or enable passwords
Switch(config)#enable  password ‘password’
or
Switch(config)#enable secret  ‘your password’
6.       Change vty and line passwords
Switch(config)#line vty 0 15
Switch(config-line)#password ‘your password’
7.       Finally copy your running-config to startup config
Switch# copy running-config startu-config
or
Switch#wr memory

Monday, December 20, 2010

How to create Etherchanel between two switches?

How to create etherchannel between two switches?
First, lets see what mode each protocol supports:

PAgP
LACP
Notes:
On
On
All ports channeling, no negotiation packets send
Auto
Passive
Waits to channel until asked
Desirable
Active
Actively asks to form a channel


Switch1:
1.       Add two interfaces, Fa0/3 and Fa0/4 to the etherchannel on Switch1:
Switch1#config t
Switch1(config)#interface range Fa0/3 – 4
2.       Choose protocol:
Switch1(config-if-range)# channel-protocol LACP
3.       Choose group and mode based on the protocol, see above table:
Switch1(config-if-range)#channel-group 1 mode active
Creating a port-channel interface Port-channel 1
Switch2:
1.       Add two interfaces, Fa0/3 and Fa0/4 to the etherchannel on Switch2:
Switch2#config t
Switch2(config)#interface range Fa0/3 – 4
2.       Choose protocol:
Switch2(config-if-range)# channel-protocol LACP
3.       Choose group and mode based on the protocol, see above table:
Switch1(config-if-range)#channel-group 1 mode passive (make sure mode is not Active)
Creating a port-channel interface Port-channel 1
Here are some basic commands to check the etherchannel status:
show etherchannel summary   shows etherchannel status on each member port
show etherchannel port             shows etherchannel status on each member port
show etherchannel detail          shows detailed status of each component
show <pagp|lacp> neighbor     shows Etherchannel neighbor on each port

How to enable SSH on Cisco switch or router?

This quick tutorial will show you how to enable SSH on cisco switches or routers. Make sure your IOS supports Crypto otherwise SSH will not be available. The easy way to find that out is to check if your IOS name contains k9 value, ex. c3560-advipservicesk9-mz.122-46.se.bin.
1. Go to global configuration mode and configure a Hostname and Domain name:
 Switch#config t
 Switch(config)#hostname MyHostname
 Switch(config)#ip domain-name MyDomainName
2. Generate RSA key pair:
 Switch(config)#crypto key generate rsa
 The name for the keys will be: MyHostname.MyDomainName
 Choose the size of the key modulus in the range of 360 to 2048 for your
 General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]: 1024
Generating RSA keys ...
[OK]
01:43:17: %SSH-5-ENABLED: SSH 1.99 has been enabled
3. At this point SSH has been enabled and is ready to use. Now you need to allow SSH connections to be accepted by a switch or a router:
 Switch(config)#line vty 0 15
 Switch(config-line)#transport input ssh
4. Save the configurations, SSH is the only way to connect remotely to your switch or router.
 Switch# copy running-config  startup-config
 Here are some other usefull commands for SSH:
This command will set the time-out period (in seconds) after which the SSH session will be terminated:
Switch(config)#ip ssh time-out 120
This command sets the maximum number of login attempts to 5:
Switch(config)#ip ssh authentication-retries 5