Cisco Switches - Configuration Examples
* General Troubleshooting
show interfaces counters errors
show interfaces | include input err
show interfaces | include output err
show interfaces status | include connected
show standby brief
show etherchannel summary
* Enable SSH (Catalyst 4948, IOS 12.2(31)SGA9)
conf term
hostname switch1
ip domain-name foo.com
crypto key generate rsa
The name for the keys will be: switch1.foo.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys ...[OK]
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
show cry key mypubkey rsa
show ssh
* Removing Files (Catalyst 4948, IOS 12.2(31)SGA9)
switch#del bootflash:cat4500-ipbasek9-mz.122-52.SG.bin
Delete filename [cat4500-ipbasek9-mz.122-52.SG.bin]?
Delete bootflash:cat4500-ipbasek9-mz.122-52.SG.bin? [confirm]
switch#squeeze bootflash:
All deleted files will be removed. Continue? [confirm]
Squeeze operation may take a while. Continue? [confirm]
Squeeze of bootflash complete
switch#dir bootflash:
* Upgrade IOS with .bin file (Catalyst 4948, IOS 12.2(31)SGA9)
switch#write
switch#show version
switch#show bootvar
switch#dir bootflash:
switch#copy tftp: bootflash:
Address or name of remote host []? 10.1.1.25
Source filename []? cat4500-ipbasek9-mz.122-31.SGA9.bin
Destination filename [cat4500-ipbasek9-mz.122-31.SGA9.bin]?
Accessing tftp://10.1.1.25/cat4500-ipbasek9-mz.122-31.SGA9.bin...
Loading cat4500-ipbasek9-mz.122-31.SGA9.bin from 10.1.1.25 (via Vlan101): !!!!!!!!!!! (and so on...)
[OK - 12628916 bytes]
12628916 bytes copied in 71.164 secs (177462 bytes/sec)
switch#dir bootflash:
switch#conf term
switch(config)#boot system bootflash:cat4500-ipbasek9-mz.122-31.SGA9.bin
switch(config)#config-register 0x2102
switch(config)#end
switch#dir bootflash:cat4500-ipbasek9-mz.122-31.SGA9.bin
switch#write
switch#show bootvar
switch#reload
* Upgrade IOS with .bin file (Catalyst 3750, IOS 12.2(25)SEE2)
WARNING! - This procedure is only good for a standalone switch that is NOT part of a stack!
copy run start
show version
show boot
dir flash:
# If you don't have enough room for the new image, delete the old one:
del flash:c3750-ipbase-mz.122-25.SEE2.bin
# Once you have enough room, upload the new image:
copy tftp flash
Address or name of remote host [192.168.1.25]?
Source filename [c3750-ipbase-mz.122-37.SE.bin]?
Destination filename [c3750-ipbase-mz.122-37.SE.bin]?
Accessing tftp://192.168.1.25/c3750-ipbase-mz.122-37.SE.bin...
Loading c3750-ipbase-mz.122-37.SE.bin from 192.168.1.25 (via Vlan54): !!!!!!!!!!!!!! (and so on...)
[OK - 7624064 bytes]
conf term
boot system flash:c3750-ipbase-mz.122-37.SE.bin
end
dir flash:c3750-ipbase-mz.122-37.SE.bin
show boot
copy run start
reload
* Upgrade IOS with .tar file (Cat 3750, IOS 12.2(25)SEE2)
WARNING! - This procedure is only good for a standalone switch that is NOT part of a stack!
copy run start
show version
show boot
dir flash:
# If you don't have enough room for the new image, delete the old one:
del /recursive flash:c3750-ipbase-mz.122-25.SEE2
# Once you have enough room, upload the new image:
archive tar /xtract tftp://192.168.1.25//c3750-ipbase-tar.122-37.SE.tar flash:
Loading /c3750-ipbase-tar.122-37.SE.tar from 192.168.1.25 (via Vlan54): !
c3750-ipbase-mz.122-37.SE/ (directory)
extracting c3750-ipbase-mz.122-37.SE/c3750-ipbase-mz.122-37.SE.bin (7624064 bytes)!!!!!!!!!! (and so on...)
c3750-ipbase-mz.122-37.SE/html/ (directory)
extracting c3750-ipbase-mz.122-37.SE/html/forms.js (13563 bytes)!!!
extracting c3750-ipbase-mz.122-37.SE/html/sitewide.js (20829 bytes)!!!!
extracting c3750-ipbase-mz.122-37.SE/html/combo.js (9353 bytes)!!
extracting c3750-ipbase-mz.122-37.SE/html/layers.js (1616 bytes)
extracting c3750-ipbase-mz.122-37.SE/html/toolbar.js (7084 bytes)!!
(and so on...)
extracting c3750-ipbase-mz.122-37.SE/info (596 bytes)!
extracting info (103 bytes)!!
[OK - 10311680 bytes]
conf term
boot system flash:c3750-ipbase-mz.122-37.SE/c3750-ipbase-mz.122-37.SE.bin
end
dir flash:c3750-ipbase-mz.122-37.SE/c3750-ipbase-mz.122-37.SE.bin
show boot
copy run start
reload
* Upgrade NX-OS (Nexus 5010, NX-OS 4.2(1)N1(1))
# copy running-config startup-config
# show version
# show boot
# dir bootflash:
# copy tftp: bootflash:
Enter source filename: n5000-uk9-kickstart.4.2.1.N1.1.bin
Enter vrf (If no input, default vrf is considered): management
Enter hostname for the tftp server: 192.168.1.25
Trying to connect to tftp server......
Connection to Server Established.
\
TFTP get operation was successful
# copy tftp: bootflash:
Enter source filename: n5000-uk9.4.2.1.N1.1.bin
Enter vrf (If no input, default vrf is considered): management
Enter hostname for the tftp server: 192.168.1.25
Trying to connect to tftp server......
Connection to Server Established.
\
TFTP get operation was successful
# install all kickstart bootflash:n5000-uk9-kickstart.4.2.1.N1.1.bin system bootflash:n5000-uk9.4.2.1.N1.1.bin
Verifying image bootflash:/n5000-uk9-kickstart.4.2.1.N1.1.bin for boot variable "kickstart".
[####################] 100% -- SUCCESS
Verifying image bootflash:/n5000-uk9.4.2.1.N1.1.bin for boot variable "system".
[####################] 100% -- SUCCESS
Verifying image type.
[####################] 100% -- SUCCESS
Extracting "system" version from image bootflash:/n5000-uk9.4.2.1.N1.1.bin.
[####################] 100% -- SUCCESS
Extracting "kickstart" version from image bootflash:/n5000-uk9-kickstart.4.2.1.N1.1.bin.
[####################] 100% -- SUCCESS
Extracting "bios" version from image bootflash:/n5000-uk9.4.2.1.N1.1.bin.
[####################] 100% -- SUCCESS
Compatibility check is done:
Module bootable Impact Install-type Reason
------ -------- -------------- ------------ ------
1 yes disruptive reset Reset due to single supervisor
Images will be upgraded according to following table:
Module Image Running-Version New-Version Upg-Required
------ ---------- ---------------------- ---------------------- ------------
1 system 4.0(1a)N1(1) 4.2(1)N1(1) yes
1 kickstart 4.0(1a)N1(1) 4.2(1)N1(1) yes
1 bios v1.2.0(06/19/08) v1.3.0(09/08/09) yes
Switch will be reloaded for disruptive upgrade.
Do you want to continue with the installation (y/n)? [n] y
Install is in progress, please wait.
Setting boot variables.
[####################] 100% -- SUCCESS
Performing configuration copy.
[####################] 100% -- SUCCESS
Module 1: Upgrading Bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
INIT: Sending processes the TERM signal
May 26 03:46:13 %LIBSYSMGR-3-SIGTERM_FORCE_EXIT Service "ascii-cfg" (PID 2862) is forced exit.
May 26 03:46:13 snmpd: Received TERM or STOP signal... shutting down...
May 26 03:46:13 snmpd: Shutting down
May 26 03:46:13 %LIBSYSMGR-3-SIGTERM_FORCE_EXIT Service "urib" (PID 2874) is forced exit.
May 26 03:46:13 %TTYD-2-TTYD_ERROR TTYD Error ttyd bad select
May 26 May 26 03:46:14 %SYSMGR-3-SHUTDOWN_OVER The System Manager is shutting down now.
May 26 03:46:14 %SYSMGR-2-RESTART_SYSTEM_LOG We will be restarting system soon for vdc 4.
May 26 03:46:14 %SYSMGR-2-RESTART_SYSTEM_LOG We will be restarting system soon for vdc 3.
May 26 03:46:14 %SYSMGR-2-RESTART_SYSTEM_LOG We will be restarting system soon for vdc 2.
May 26 03:46:14 %SYSMGR-2-RESTART_SYSTEM_LOG We will be restarting system soon for vdc 1.
Unexporting directories for NFS kernel daemon...done.
Stopping NFS kernel daemon: rpc.mountd rpc.nfsddone.
Unexporting directories for NFS kernel daemon...
done.
Stopping portmap daemon: portmap.
Stopping kernel log daemon: klogd.
Sending all processes the TERM signal... done.
Sending all processes the KILL signal... done.
Unmounting remote filesystems... done.
Deactivating swap...done.
Unmounting local filesystems...done.
mount: you must specify the filesystem type
Starting reboot command: reboot
Rebooting...
* Etherchannel + VLAN trunking (Catalyst 4006, IOS 12.2(20)EWA)
interface Port-channel10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
channel-group 10 mode desirable
interface GigabitEthernet3/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
channel-group 10 mode desirable
* VLAN HSRP (Hot Standby Router Protocol) w/ACL (Catalyst 4006, IOS 12.2(20)EWA)
! primary unit
interface Vlan5
ip address 192.168.5.2 255.255.255.0
ip access-group in_from_prod_dmz in
standby 5 ip 192.168.5.1
standby 5 priority 105
standby 5 preempt
standby 5 authentication asdfasdf
! secondary unit
interface Vlan5
ip address 192.168.5.3 255.255.255.0
ip access-group in_from_prod_dmz in
standby 5 ip 192.168.5.1
standby 5 authentication asdfasdf
* Port Monitoring - Useful for NIDS or troubleshooting (Catalyst 4006, IOS 12.2(20)EWA)
monitor session 1 source interface Gi4/1
monitor session 1 destination interface Gi5/15
#show monitor detail
Session 1
---------
Type : Local Session
Source Ports :
RX Only : None
TX Only : None
Both : Gi4/1
Source VLANs :
RX Only : None
TX Only : None
Both : None
Source RSPAN VLAN : None
Destination Ports : Gi5/15
Encapsulation : Native
Ingress : Disabled
Learning : Disabled
Filter VLANs : None
Filter Addr Type :
RX Only : None
TX Only : None
Both : None
Filter Pkt Type :
RX Only : None
Dest RSPAN VLAN : None
IP Access-group : None