Running Config im Config Mode anzeigen
(config) do sh run
grep
(config) do sh run | inc e
dir
dele
Translating „befehl“…domain server (255.255.255.255) abstellen
conf term
no ip domain lookup
vtp-server#dir
Directory of flash:/
2 -rwx 2624 Oct 27 2011 12:57:09 +00:00 config.text
3 -rwx 12677496 Mar 1 1993 00:17:50 +00:00 c3560-ipservicesk9-mz.122-55.SE.bin
4 -rwx 736 Oct 27 2011 12:57:00 +00:00 vlan.dat
5 -rwx 12733830 Mar 1 1993 00:21:43 +00:00 c3560-ipservicesk9-mz.122-55.SE1.bin
6 -rwx 1937 Oct 27 2011 12:57:09 +00:00 private-config.text
8 -rwx 4120 Oct 27 2011 12:57:09 +00:00 multiple-fs
Config.text ist die Startup config.
filesystem Kommando dir, dele, more
Config sollte man mit Ios Kommando anfassen.
write erase = delete conf.text
Beim Neustart wird dann keine angelegt.
config.text wird während des Starts in RAM kopiert und wird zu running config.
vtp-server#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
0 bytes copied in 1.191 secs (0 bytes/sec)
vtp-server#
startup auf running kopieren
Dies ist gefährlich, da eine Datei die running „ergänzt“ und die neue Running ein Mix auf der startup und der running config ist.
vtp-server#copy startup-config running-config
Destination filename [running-config]?
% Login disabled on line 6, until ‚password‘ is set
% Login disabled on line 7, until ‚password‘ is set
% Login disabled on line 8, until ‚password‘ is set
% Login disabled on line 9, until ‚password‘ is set
% Login disabled on line 10, until ‚password‘ is set
% Login disabled on line 11, until ‚password‘ is set
% Login disabled on line 12, until ‚password‘ is set
% Login disabled on line 13, until ‚password‘ is set
% Login disabled on line 14, until ‚password‘ is set
% Login disabled on line 15
*Mar 1 02:50:55.872: % Multiple self signed certificates in config
certificate for trust point TP-self-signed-240828416 ignored
, until ‚password‘ is set
% Login disabled on line 16, until ‚password‘ is set
2500 bytes copied in 1.644 secs (1521 bytes/sec)
Fatory sesstings = config text löschen
wr erase
dann aber NO eingeben, wenn die running geändert wurde, da ansonsten die running wieder in die startup geschrieben wird
vtp-server#reload
System configuration has been modified. Save? [yes/no]: NO
Proceed with reload? [confirm]
Nach dem Neustart erscheint
— System Configuration Dialog —
Enable secret warning
———————————-
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the enable secret
If you choose not to enter the intial configuration dialog, or if you exit setup without setting the
enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
———————————-
Would you like to enter the initial configuration dialog? [yes/no]:
Konsolen
serielle Konsole erreichbar mit dem blauen Kabel konfigurierbar mit
line con 0 (null)
virtuelle Terminals in zwei Gruppen, weiil jede Gruppe anders konfiguriert werden kann, z.b. telnet und SSH.
vty 0 4
vty 5 15
line con 0
line vty 0 4
password hugo01
login
line vty 5 15
password hugo01
login
!
end
Show Version
zeigt das Image
roman#sh ver Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc 1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Thu 02-Dec-10 07:17 by prod_rel_team Image text-base: 0x01000000, data-base: 0x02F00000 ROM: Bootstrap program is C3560 boot loader BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1) roman uptime is 8 minutes System returned to ROM by power-on System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE1.bin"
weiter
cisco WS-C3560-24TS (PowerPC405) processor (revision E0) with 131072K bytes of memory. Processor board ID CAT1120ZKYD Last reset from power-on 1 Virtual Ethernet interface 24 FastEthernet interfaces 2 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 00:1C:0E:5A:C0:00 Motherboard assembly number : 73-9897-06 Power supply part number : 341-0097-02 Motherboard serial number : CAT112057SB Power supply serial number : AZS111014YH Model revision number : E0 Motherboard revision number : B0 Model number : WS-C3560-24TS-S System serial number : CAT1120ZKYD Top Assembly Part Number : 800-26160-02 Top Assembly Revision Number : E0 Version ID : V02 CLEI Code Number : COMMG00ARB Hardware Board Revision Number : 0x01 Switch Ports Model SW Version SW Image —— —– —– ———- ———- * 1 26 WS-C3560-24TS 12.2(55)SE1 C3560-IPSERVICESK9-M sh tech dauert sh boot zeigt die boot config roman#sh boot BOOT path-list : flash:/c3560-ipservicesk9-mz.122-55.SE1.bin Config file : flash:/config.text Private Config file : flash:/private-config.text Enable Break : no Manual Boot : no HELPER path-list : Auto upgrade : yes Auto upgrade path : NVRAM/Config file buffer size: 524288 Timeout for Config Download: 0 seconds Config Download via DHCP: disabled (next boot: disabled) Von wo wird gebootet ? Wo steht meine Bin ? roman# roman#mor flash:env_vars Wo steht die config der VLANs im Flash ? in der Vlan.dat roman#dir Directory of flash:/ 2 -rwx 1385 Mar 1 1993 00:07:36 +00:00 config.text 3 -rwx 12677496 Mar 1 1993 00:17:50 +00:00 c3560-ipservicesk9-mz.122-55.SE.bin 4 -rwx 736 Oct 27 2011 12:57:00 +00:00 vlan.dat Diese Datei muss mitgesichert werden, wenn VLAN geändert werden. Bezeichnungen der IOS Versionen IoS mit K9 sind crypto Ios und erlauben SSH c3560-ipservicesk9-mz.122-55.SE.bin advanced Services enthalten VPN und mehr write mem = copy running startup-config ist gleich write mem = copy running-config startup-config wobei running-config und startup-config sind nur „Oberbegriffe“ für Filebegriffe Running in eine private config speichern copy running flash:/myconfig1.text oder copy running tftp roman#copy ? /erase Erase destination file system. /error Allow to copy error file. /noverify Don’t verify image signature before reload. /verify Verify image signature before reload. bs: Copy from bs: file system cns: Copy from cns: file system flash: Copy from flash: file system ftp: Copy from ftp: file system http: Copy from http: file system https: Copy from https: file system logging Copy logging messages null: Copy from null: file system nvram: Copy from nvram: file system rcp: Copy from rcp: file system running-config Copy from current system configuration scp: Copy from scp: file system startup-config Copy from startup configuration system: Copy from system: file system tar: Copy from tar: file system tftp: Copy from tftp: file system tmpsys: Copy from tmpsys: file system vb: Copy from vb: file system xmodem: Copy from xmodem: file system ymodem: Copy from ymodem: file system IOS Files – System .bin Bin aktualisieren : copy tftp flash:XXXXXX danach die Bootdatei ändern, damit die richitige Bin später geladen wird. Boot system flash:/c3560-ipservicesk9-mz.122-55.SE1.bin Passwort recovery Maschine mit einer leeren Konfig booten. Break im Terminal erlauben. Regiter anzeigen sh ver und dann ganz unten : Configuration register is 0xF Wie kommt man in den Bootloader ? Machmanl muss man eine Taste am Switch drücken, anstnsten einen Break via TeraTerm (alt+B) senden. Es erscheint : roman#reload Boot Sector Filesystem (bs) installed, fsid: 2 Base ethernet MAC Address: 00:1c:0e:5a:c0:00 Xmodem file system is available. The password-recovery mechanism is enabled. Initializing Flash… Boot Sector Filesystem (bs) installed, fsid: 2 Base ethernet MAC Address: 00:1c:0e:5a:c0:00 Xmodem file system is available. The password-recovery mechanism is enabled. The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software: flash_init boot switch: Dann mit confreg Unknown cmd: flash_init switch: ? ? — Present list of available commands boot — Load and boot an executable image cat — Concatenate (type) file(s) copy — Copy a file delete — Delete file(s) dir — List files in directories flash_init — Initialize flash filesystem(s) format — Format a filesystem fsck — Check filesystem consistency help — Present list of available commands memory — Present memory heap utilization information mkdir — Create dir(s) more — Concatenate (display) file(s) rename — Rename a file reset — Reset the system rmdir — Delete empty dir(s) set — Set or display environment variables set_bs — Set attributes on a boot sector filesystem set_param — Set system parameters in flash sleep — Pause (sleep) for a specified number of seconds type — Concatenate (type) file(s) — MORE — unset — Unset one or more environment variables version — Display boot loader version switch: Unknown cmd: switch: flash_init Initializing Flash… flashfs[0]: 6 files, 1 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 32514048 flashfs[0]: Bytes used: 25421312 flashfs[0]: Bytes available: 7092736 flashfs[0]: flashfs fsck took 15 seconds. …done Initializing Flash. switch: dir List of filesystems currently registered: flash[0]: (read-write) vb[1]: (read-write) bs[2]: (read-only) xmodem[3]: (read-only) null[4]: (read-write) Unknown cmd: switch: switch: dir flash unable to stat flash/: no such device Unknown cmd: switch: switch: dir flash: Directory of flash:/ 2 -rwx 3096 <date> multiple-fs 3 -rwx 12677496 <date> c3560-ipservicesk9-mz.122-55.SE.bin 4 -rwx 736 <date> vlan.dat 5 -rwx 12733830 <date> c3560-ipservicesk9-mz.122-55.SE1.bin 6 -rwx 1931 <date> private-config.text 7 -rwx 1694 <date> config.text 7092736 bytes available (25421312 bytes used) switch: Das Archive Kommando
- macht zusätzlich tar (entpacken)
- kopiert es an die richige Stelle (flash)
- wenn alles drüben, löscht das alte IOS (wenn genügend Platz ist)
- läßt alte SW stehen (/leave-old-sw)
- passt den Pfad in der boot Datei an
roman#archive download /leave-old-sw tftp://1.1.1.1/rferergegregrerg.tar Stack redundante Stromversorgung durch Niederspannungs-Schleife, damit ein Switch, der beide Netzteile verloren hatte auch seine PoE Ports weiter versorgen kann. Seine Stackpartner helfen ihm dabei. Der Wert priority 10 setzt die Prio hoch und der mit der Prio 10 wird Master. Ansonsten wird der Wert der Mac genommen. UnterschidlicheIOS Stände im Satck möglich, wenn auto upgrade enabled ist. Der Master verteilt per Archive das IOS auf andere. Switchnummer renummerieren switch 2 renumber 4 Bei 4 stacks braucht man für das Umsortieren 5 Zahlen. Zum Schluß no switch 5 provision „cisco name“ eingeben, um den fünften aus der Config zu killen. Ingterfaces Bezeichnungeng1/0/21
- Interfacetyp : g – gigabit, fe = fastethernet, s = serial (HDLC), b=BRI,
- Node, immer eine 1 es sei im Stackmodus kann es eine andrer Zahl sein
- Board (Chasisposition)
- Port
CDP Cisco Discovery Protocol = EDP bei Extreme sammelt Infos über C Geräte mehrere Interfaces ändern (config)#inter range f0/1 – 12 (kein Stack) (config)#inter range f1/0/1,3,4,5,8,9 …. (Stack Node 1) Inferfaces anzeigen sh interface clear counter sh int status
roman#sh interf status
Port Name Status Vlan Duplex Speed Type
Fa0/1 notconnect 1 auto auto 10/100BaseTX
Fa0/2 notconnect 1 auto auto 10/100BaseTX
Fa0/3 notconnect 1 auto auto 10/100BaseTX
Fa0/4 notconnect 1 auto auto 10/100BaseTX
Fa0/5 notconnect 1 auto auto 10/100BaseTX
Fa0/6 notconnect 1 auto auto 10/100BaseTX
Fa0/7 notconnect 1 auto auto 10/100BaseTX
Fa0/8 notconnect 1 auto auto 10/100BaseTX
Fa0/9 notconnect 1 auto auto 10/100BaseTX
Fa0/10 notconnect 1 auto auto 10/100BaseTX
Fa0/11 notconnect 1 auto auto 10/100BaseTX
Fa0/12 notconnect 1 auto auto 10/100BaseTX
Fa0/13 notconnect 1 auto auto 10/100BaseTX
Fa0/14 notconnect 1 auto auto 10/100BaseTX
Fa0/15 notconnect 1 auto auto 10/100BaseTX
Fa0/16 notconnect 1 auto auto 10/100BaseTX
Fa0/17 notconnect 1 auto auto 10/100BaseTX
Fa0/18 notconnect 1 auto auto 10/100BaseTX
Fa0/19 notconnect 1 auto auto 10/100BaseTX
Fa0/20 notconnect 1 auto auto 10/100BaseTX
Fa0/21 notconnect 1 auto auto 10/100BaseTX
roman#sh interf stats
Vlan1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Total 0 0 0 0
FastEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Total 0 0 0 0
FastEthernet0/2
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Total 0 0 0 0
FastEthernet0/3
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Total 0 0 0 0
FastEthernet0/4
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
--More--
Status
Fa0/19 notconnect 1 auto auto 10/100BaseTX
Fa0/20 notconnect 1 auto auto 10/100BaseTX
Fa0/21 notconnect 1 a-auto a-100 10/100BaseTX
Fa0/22 notconnect 1 auto auto 10/100BaseTX
Line con 0 - automatische Abmeldung von der Console
exec timeout 10 10 (Minuten, Sekunden)
sh clock
Banutzer anlegen
roman(config)#username admin pass hugo01
roman(config)#service password-encryption
enable secret 5 fjoewpgrnen jg rke ( Die 5 steht für Typ 5 = SHA Encryption)
enable secret 7 fjoewpgrnen jg rke ( Die 7 steht für Typ 7)
google : decrypt pass 7 password googlen
SHH Zugang anlegen
username XXXXX password yyyyy
DNS Domain name anlegen
ip domain name my.dns.name.de
key bilden
ip crypto key generate rsa
ip ssh vers 2
Terminal Konfigurieren ( 5 Sessions erlauben)
line vty 0 4
transport input ssh
login local (Der Benutzer soll aus der lokalen DB genommen werden)
line vty 5 15
password 7 020E115C04565E
login (Da gibt es dann keinen abgefragten Benutzer sondern nur das Passwort vom Typ 7 password 7 020E115C04565E)
# Umstellen auf ssh
transport input ssh
# Abschalten
transport input none
Port Channel = LACP = 802.3ad
roman(config)#inter port-channel ? <1-48> Port-channel interface number
roman(config)#inter port-channel ? <1-48> Port-channel interface number roman(config)#inter port-channel 1 roman(config-if)#description uplink wasweisichwohin roman(config-if)#
ergibt in der ru
!
interface Port-channel1
description uplink wasweisichwohin
!
roman(config)#inter port-channel 1
roman(config-if)#interface range F0/1-2 # 2 Ports nehmen
roman(config-if-range)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
roman(config-if-range)#channel-group 1 mode active # active erzwingt LACP
die Physik wird bei den physischen Eigenschaften festgelegt, die LACP
Das Ergebnis in der running
interface FastEthernet0/1
channel-group 1 mode active
!
interface FastEthernet0/2
channel-group 1 mode active
Anzeigen
roman#
roman#
roman#sh etherchannel det
Channel-group listing:
----------------------
Group: 1
----------
Group state = L2
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol: LACP
Minimum Links: 0
Ports in the group:
-------------------
Port: Fa0/1
------------
Port state = Up Mstr Assoc In-Bndl
Channel group = 1 Mode = Active Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = LACP
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Fa0/1 SA bndl 32768 0x1 0x1 0x104 0x3D
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Fa0/1 SA 32768 001c.5781.b080 0s 0x0 0x1 0x6 0x3D
Age of the port in the current state: 0d:00h:02m:42s
Port: Fa0/2
------------
Port state = Down Not-in-Bndl
Channel group = 1 Mode = Active Gcchange = -
*Mar 1 21:28:45.766: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
Port-channel = null GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = LACP
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
--More-t0/2, changed state to down
*Mar 1 21:28:46.773: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state t
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Fa0/2 SA down 32768 0x1 0x1 0x105 0x5
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Fa0/2 SP 32768 001c.5781.b080 31s 0x0 0x1 0x5 0x34
Age of the port in the current state: 0d:00h:00m:02s
Port-channels in the group:
---------------------------
Port-channel: Po1 (Primary Aggregator)
------------
Age of the Port-channel = 0d:00h:16m:39s
Logical slot/port = 2/1 Number of ports = 1
HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Fa0/1 Active 0
Time since last port bundled: 0d:00h:02m:48s Fa0/1
Time since last port Un-bundled: 0d:00h:00m:04s Fa0/2
roman#
Konsolenmeldungen in die telnet-Session reinleiten
term monitor
VLANS
VTP = VLan Trunk Protokol
Sammelt Infos über VLans,
speichert Infos in lokalen Dateien (VLAN.DAT), diese löschen, wenn sich der VTP Modus ändert
roman#del flash:/vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]
roman#
reingehen
roman#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
anlegen
roman(vlan)#vlan 100 name vlan100
VLAN 100 modified:
Name: vlan100
roman(vlan)#
VTP modi
Server Mode = kann globale VLANs erstellen/lösche
client Mode = Kann keine VLAN ändern
Transparent = kann lokale VLANs erstellen/löschen, ignoriert aber VTP Updates
Master Konfigurieren
vtp domain zgt
vtp mode server
vtp version 2
vtp pruning (alle VLANs, die angelegt werden, werden beobachtet, wo sie wirklich angelegt werden, damit sich die Broadcast Domain auf ALLE switche erweitert.
slave Konfig
roman#conf t
Enter configuration commands, one per line. End with CNTL/Z.
roman(config)#vtp mode client
Setting device to VTP Client mode for VLANS.
roman(config)#vtp domain zgt
Changing VTP domain name from NULL to zgt
roman(config)#
Mode
switchport trunk encap dot1q
switchport mode trunk
switchport trunk allowed (liste von VLANs) = wenn ich dem pruning nicht traue
roman#config t
Enter configuration commands, one per line. End with CNTL/Z.
roman(config)#inter p1
roman(config-if)#switchport trun
roman(config-if)#switchport trun enc
roman(config-if)#switchport trun encapsulation do
roman(config-if)#switchport trun encapsulation dot1q
roman(config-if)#swit
roman(config-if)#switchport mode trunk
roman(config-if)#
Enable IP Routing
kann nicht per VLAN gemacht werden,
roman#conf t
Enter configuration commands, one per line. End with CNTL/Z.
roman(config)#ip routing
roman(config)#
ip subnet-zero # erlaubt 0. als IP-Adresse
oman#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
roman(config)#vlan1
^
% Invalid input detected at ‚^‘ marker.
roman(config)#inter vlan1
roman(config-if)#ip ad
roman(config-if)#ip adre
roman(config-if)#ip
roman(config-if)#ip
roman(config-if)#ip address 10.10.9.56 255.255.255.0
Port in ein VLAN schieben
conf t
inter f0/24
switchport mode access # besser manuell umstellen, Standard ist Desired mode
roman#conf
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
roman(config)#inter f0/24
roman(config-if)#switchport mode access
roman(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dot1q-tunnel set trunking mode to TUNNEL unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
private-vlan Set private-vlan mode
trunk Set trunking mode to TRUNK unconditionally
roman(config-if)#switchport mode