Basic configuration on devices

Basic configuration on devices:

  • set hostname;
  • set secret password;
  • set banner motd;
  • encrypt passwords;
    • line console 0

    • set synchronous logging
    • set idle time
    • set password
    • use login
    • line vty 0 15

    • set password
    • use login
    • set history size

Below you have the commands. The hostname is at the end, because if you want to copy-paste them, you will have to modify the hostname:

enable
conf t
enable secret cisco
banner motd #AUTHORIZED ACCESS ONLY !#
service password-encryption
line console 0
logging synchronous
exec-time 0 0
password cisco
login
history size 256
line vty 0 15
password cisco
login
history size 256
exit
hostname

How to enable or disable the MORE prompt

I’ve had setup on one of the routers (R2) to show running-config without any –more– prompts. At any given time I couldn’t see the previous lines. So this configuration is not a good one.

This is how to enable the –more– prompt:

 terminal length 30

(or any number between 1 and 512, 24 is the default)

and verify:

R2#show terminal
Line 0, Location: "", Type: ""
Length: 30 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600, no parity, 2 stopbits, 8 databits
Status: PSI Enabled, Ready, Active, Automore On
Capabilities: none
Modem state: Ready

This is how to disable the –more– prompt:

 terminal length 0

and verify:

R2#show terminal
Line 0, Location: "", Type: ""
Length: 0 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600, no parity, 2 stopbits, 8 databits
Status: PSI Enabled, Ready, Active, Automore On
Capabilities: none
Modem state: Ready

CISCO CCNP TSHOOT Topology

TSHOOT 2014 Topology

TSHOOT 2014 Topology

Based on the topology modified by Khaled from GNS3 Talk I have recreated the tshoot 2014 topology in order for me to understand it. There are a few changes (interface names), but overall this not changes the topology.

I am taking the CISCO TSHOOT (642-832) exam soon enough and I wanted to be prepared for it. I’ve followed Khaled’s explanations and I am ready to pass the exam.

This topology can be found on cisco’s TSHOOT Exam’s page: https://learningnetwork.cisco.com/docs/DOC-6738 or here: CISCO TSHOOT 2014 Topology

Keep in mind that the topology will change, my guess is every 3 years. On 2011 it was a different topology, check Jeremy’s tshoot videos.
On CLN (Cisco Learning Network) there is this page that has some important stuff on now to prepare for the exam: https://learningnetwork.cisco.com/thread/64701

To have a feeling about this exam you may want to click this link: http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html

Cisco Routers 2620-XM v 2621-XM

These models are used in the CCIE training. So the difference between them is one 1 FastEthernet port more on 2621XM and of course the price is a litthe higher.

So buy a 2620XM and if you want an extra FE just buy another module but check the prices first.

I found on cisco page the next datasheet: http://www.cisco.com/c/en/us/products/collateral/routers/2600-series-multiservice-platforms/Cisco 2600 series Routers Product Data Sheet

Cisco Wireless Explorer

Play a multilevel game in arranging APs all over the place. Give aliens some probes…

Cisco Wireless Explorer

Cisco Wireless Explorer


Play Cisco’s Wireless Explorer: https://learningnetwork.cisco.com/docs/DOC-7560

see Demo Cisco SWAN: wireless_learning_summary.pdf

Beat my score and leave me a comment:

Beat My Score

Beat My Score

Packet Tracer 6.0.1 – New Features

How to set history size on routers or switches

I wanted to see more than 10 lines in time so I needed a way to have that. History can be set up on console line and/or vty lines. Here is how you will do this on a switch:

SW1>ena
SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#line con 0
SW1(config-line)#his
SW1(config-line)#history ?
  size  Set history buffer size
  

SW1(config-line)#history si
SW1(config-line)#history size ?
  <0-256>  Size of history buffer

SW1(config-line)#history size 256
SW1(config-line)#line vty 0 15
SW1(config-line)#hi
SW1(config-line)#history size
SW1(config-line)#history size 256
SW1(config-line)#exit
SW1(config)#exit
SW1#wr m
05:13:04: %SYS-5-CONFIG_I: Configured from console by console
SW1#wr mem
Building configuration...
[OK]
SW1#

It is the same configuration as for the switch:


R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#line con 0
R2(config-line)#his
R2(config-line)#history size 256
R2(config-line)#exit
R2(config)#line vty 0 15
R2(config-line)#hi
R2(config-line)#history si
R2(config-line)#history size 256
R2(config-line)#exit
R2(config)#exit
R2#
Jun 12 17:34:34.055: %SYS-5-CONFIG_I: Configured from console by console
R2#

It is ok when you read the commands, but if you want to copy and paste them it is difficult. So here are the commands as a script:

ena
conf t
line con 0
history size 256
exit
line vty 0 15
history size 256
exit
exit
wr mem
 

(you need to copy all, so that write memory to be executed)

Total secure addresses on interface reached its max limit of

I’m trying to simulate a violation and put f0/2 to shutdown state. Everything is set up correctly but I do not know what is happening:

SW4(config-if)#do sh run int f0/2
Building configuration...

Current configuration : 254 bytes
!
interface FastEthernet0/2
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 00e0.4c8b.116f
 no ip address
 spanning-tree portfast
end

When I connect a different device instead of “err-disabled state” i get:

%Error: Cannot add secure address 5442.49f8.7b80
%Error: Total secure addresses on interface reached its max limit of 1

It seems that the switch (3550) that I’m working on can’t update the MAC address, it says configured MAC addresses: 0.

SW4(config-if)#do sh port int f0/2
Port Security : Enabled
Port status : SecureUp
Violation mode : Shutdown
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Aging time : 0 mins
Aging type : Absolute
SecureStatic address aging : Disabled
Security Violation count : 0

I wanted to see past commands that I have typed but I’ve had only 10 of them, because the history size is set to 10 by default. Here is how to set the history size !
And I have no errdisable for recovery mode:

SW4#sh errdisable recov
ErrDisable Reason    Timer Status
-----------------    --------------
udld                 Disabled
bpduguard            Disabled
channel-misconfig    Disabled
pagp-flap            Disabled
dtp-flap             Disabled
link-flap            Disabled
l2ptguard            Disabled
psecure-violation    Disabled
gbic-invalid         Disabled

Timer interval: 300 seconds

Interfaces that will be enabled at the next timeout:

Command rejected: Not eligible for secure port

If you have this error message “Command rejected: Not eligible for secure port.” it means that you first must set the port to the access mode.

SW4(config)#int f0/4
SW4(config-if)#switchport port-security
Command rejected: Not eligible for secure port.
SW4(config-if)#switchport mode access
SW4(config-if)#switchport port-security

and that’s it.

How to set the time on routers or switches

Either on a switch or a router use clock set HH:MM:SS day MON YEAR:

Device#clock set 14:20:00 12 JUN 2014

To view the time use show clock:

Device#show clock
14:22:43.531 UTC Thu Jun 12 2014

If you want to be sure that the time is approximatively exact use a syslog server (tftpd 32) to check it. I have ~2 seconds difference between the router’s time and a computer’s time.

Sys Log Time

Sys Log Time

here you will see it much clearer:

SysLog Time 02

SysLog Time 02

Using CCP (Cisco Configuration Professional) I have used the PC to synchronize the time on the deive.
These are the commands:

clock timezone PCTime 2 0
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00

On reload it will synchronize with the PCTime, which has the summer hours:

  • on march, 30th 2003 it is 3am, and
  • on octomber, 26th 2003 it is 4am.

Verify:

R2#show clock
*21:11:57.991 PCTime Sun Nov 23 2014

STP: IEEE instead of PVST

When changing STP modes back to default it shows “Spanning tree enabled protocol ieee“.
The thing is that the ping between two hosts in different vlans with router on a stick configurations is not working anymore.

Off course, then I have checked the ping from the router to the hosts and they worked. I have turned to the first host, re-pinged the second host, and it worked.
The ping from second host to the first host was working since I have changed the spanning-tree to pvst.

SW3(config-if)#spa mode pvst
SW3(config)#do sh spa vl 20

VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    32768
             Address     001f.c958.1a80
             Cost        19
             Port        22 (FastEthernet0/22)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     0019.563a.9580
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/3            Desg LRN 19        128.3    P2p
Fa0/13           Desg LRN 19        128.13   P2p
Fa0/22           Root LRN 19        128.22   P2p

read here: https://learningnetwork.cisco.com/thread/35585