Cisco Catalyst Switches - Configuration Examples
* General Troubleshooting
show interfaces counters errors
show interfaces | include input err
show interfaces | include output err
show interfaces status | include connected
show standby brief
show etherchannel summary
* Enable SSH (Catalyst 4948, IOS 12.2(31)SGA9)
conf term
hostname switch1
ip domain-name foo.com
crypto key generate rsa
The name for the keys will be: switch1.foo.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys ...[OK]
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
show cry key mypubkey rsa
show ssh
* Removing Files (Catalyst 4948, IOS 12.2(31)SGA9)
switch#del bootflash:cat4500-ipbasek9-mz.122-52.SG.bin
Delete filename [cat4500-ipbasek9-mz.122-52.SG.bin]?
Delete bootflash:cat4500-ipbasek9-mz.122-52.SG.bin? [confirm]
switch#squeeze bootflash:
All deleted files will be removed. Continue? [confirm]
Squeeze operation may take a while. Continue? [confirm]
Squeeze of bootflash complete
switch#dir bootflash:
* Upgrade IOS with .bin file (Catalyst 4948, IOS 12.2(31)SGA9)
switch#write
switch#show version
switch#show bootvar
switch#dir bootflash:
switch#copy tftp: bootflash:
Address or name of remote host []? 10.1.1.25
Source filename []? cat4500-ipbasek9-mz.122-31.SGA9.bin
Destination filename [cat4500-ipbasek9-mz.122-31.SGA9.bin]?
Accessing tftp://10.1.1.25/cat4500-ipbasek9-mz.122-31.SGA9.bin...
Loading cat4500-ipbasek9-mz.122-31.SGA9.bin from 10.1.1.25 (via Vlan101): !!!!!!!!!!! (and so on...)
[OK - 12628916 bytes]
12628916 bytes copied in 71.164 secs (177462 bytes/sec)
switch#dir bootflash:
switch#conf term
switch(config)#boot system bootflash:cat4500-ipbasek9-mz.122-31.SGA9.bin
switch(config)#config-register 0x2102
switch(config)#end
switch#dir bootflash:cat4500-ipbasek9-mz.122-31.SGA9.bin
switch#write
switch#show bootvar
switch#reload
* Upgrade IOS with .bin file (Catalyst 3750, IOS 12.2(25)SEE2)
WARNING! - This procedure is only good for a standalone switch that is NOT part of a stack!
copy run start
show version
show boot
dir flash:
# If you don't have enough room for the new image, delete the old one:
del flash:c3750-ipbase-mz.122-25.SEE2.bin
# Once you have enough room, upload the new image:
copy tftp flash
Address or name of remote host [192.168.1.25]?
Source filename [c3750-ipbase-mz.122-37.SE.bin]?
Destination filename [c3750-ipbase-mz.122-37.SE.bin]?
Accessing tftp://192.168.1.25/c3750-ipbase-mz.122-37.SE.bin...
Loading c3750-ipbase-mz.122-37.SE.bin from 192.168.1.25 (via Vlan54): !!!!!!!!!!!!!! (and so on...)
[OK - 7624064 bytes]
conf term
boot system flash:c3750-ipbase-mz.122-37.SE.bin
end
dir flash:c3750-ipbase-mz.122-37.SE.bin
show boot
copy run start
reload
* Upgrade IOS with .tar file (Cat 3750, IOS 12.2(25)SEE2)
WARNING! - This procedure is only good for a standalone switch that is NOT part of a stack!
copy run start
show version
show boot
dir flash:
# If you don't have enough room for the new image, delete the old one:
del /recursive flash:c3750-ipbase-mz.122-25.SEE2
# Once you have enough room, upload the new image:
archive tar /xtract tftp://192.168.1.25//c3750-ipbase-tar.122-37.SE.tar flash:
Loading /c3750-ipbase-tar.122-37.SE.tar from 192.168.1.25 (via Vlan54): !
c3750-ipbase-mz.122-37.SE/ (directory)
extracting c3750-ipbase-mz.122-37.SE/c3750-ipbase-mz.122-37.SE.bin (7624064 bytes)!!!!!!!!!! (and so on...)
c3750-ipbase-mz.122-37.SE/html/ (directory)
extracting c3750-ipbase-mz.122-37.SE/html/forms.js (13563 bytes)!!!
extracting c3750-ipbase-mz.122-37.SE/html/sitewide.js (20829 bytes)!!!!
extracting c3750-ipbase-mz.122-37.SE/html/combo.js (9353 bytes)!!
extracting c3750-ipbase-mz.122-37.SE/html/layers.js (1616 bytes)
extracting c3750-ipbase-mz.122-37.SE/html/toolbar.js (7084 bytes)!!
(and so on...)
extracting c3750-ipbase-mz.122-37.SE/info (596 bytes)!
extracting info (103 bytes)!!
[OK - 10311680 bytes]
conf term
boot system flash:c3750-ipbase-mz.122-37.SE/c3750-ipbase-mz.122-37.SE.bin
end
dir flash:c3750-ipbase-mz.122-37.SE/c3750-ipbase-mz.122-37.SE.bin
show boot
copy run start
reload
* Etherchannel + VLAN trunking (Catalyst 4006, IOS 12.2(20)EWA)
interface Port-channel10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
channel-group 10 mode desirable
interface GigabitEthernet3/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
channel-group 10 mode desirable
* VLAN HSRP (Hot Standby Router Protocol) w/ACL (Catalyst 4006, IOS 12.2(20)EWA)
! primary unit
interface Vlan5
ip address 192.168.5.2 255.255.255.0
ip access-group in_from_prod_dmz in
standby 5 ip 192.168.5.1
standby 5 priority 105
standby 5 preempt
standby 5 authentication asdfasdf
! secondary unit
interface Vlan5
ip address 192.168.5.3 255.255.255.0
ip access-group in_from_prod_dmz in
standby 5 ip 192.168.5.1
standby 5 authentication asdfasdf
* Port Monitoring - Useful for NIDS or troubleshooting (Catalyst 4006, IOS 12.2(20)EWA)
monitor session 1 source interface Gi4/1
monitor session 1 destination interface Gi5/15
#show monitor detail
Session 1
---------
Type : Local Session
Source Ports :
RX Only : None
TX Only : None
Both : Gi4/1
Source VLANs :
RX Only : None
TX Only : None
Both : None
Source RSPAN VLAN : None
Destination Ports : Gi5/15
Encapsulation : Native
Ingress : Disabled
Learning : Disabled
Filter VLANs : None
Filter Addr Type :
RX Only : None
TX Only : None
Both : None
Filter Pkt Type :
RX Only : None
Dest RSPAN VLAN : None
IP Access-group : None
Related pages: