Scribd
Upload
66 views

Cisco Upgrade

This document provides configuration examples for Cisco Catalyst switches including enabling SSH, upgrading IOS software, configuring etherchannels and VLAN trunking, setting up HSRP and ACLs on a VLAN, and configuring port monitoring. The examples show how to troubleshoot interfaces, generate keys for SSH, remove files from flash memory, upgrade between IOS versions using .bin and .tar files, create an etherchannel and trunk ports, implement HSRP with authentication and ACLs on a VLAN, and establish a monitoring session to copy traffic from one port to another.

Uploaded by

Yesid Castañeda Llanos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
66 views

Cisco Upgrade

This document provides configuration examples for Cisco Catalyst switches including enabling SSH, upgrading IOS software, configuring etherchannels and VLAN trunking, setting up HSRP and ACLs on a VLAN, and configuring port monitoring. The examples show how to troubleshoot interfaces, generate keys for SSH, remove files from flash memory, upgrade between IOS versions using .bin and .tar files, create an etherchannel and trunk ports, implement HSRP with authentication and ACLs on a VLAN, and establish a monitoring session to copy traffic from one port to another.

Uploaded by

Yesid Castañeda Llanos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Cisco Catalyst Switches - Configuration Examples

* General Troubleshooting
show
show
show
show

interfaces
interfaces
interfaces
interfaces

counters errors
| include input err
| include output err
status | include connected

show standby brief


show etherchannel summary

* Enable SSH (Catalyst 4948, IOS 12.2(31)SGA9)

conf term
hostname switch1
ip domain-name foo.com
crypto key generate rsa
The name for the keys will be: switch1.foo.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys ...[OK]
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
line vty 0
transport
line vty 5
transport

4
input ssh
15
input ssh

show cry key mypubkey rsa


show ssh

* Removing Files (Catalyst 4948, IOS 12.2(31)SGA9)


switch#del bootflash:cat4500-ipbasek9-mz.122-52.SG.bin
Delete filename [cat4500-ipbasek9-mz.122-52.SG.bin]?
Delete bootflash:cat4500-ipbasek9-mz.122-52.SG.bin? [confirm]
switch#squeeze bootflash:
All deleted files will be removed. Continue? [confirm]
Squeeze operation may take a while. Continue? [confirm]
Squeeze of bootflash complete
switch#dir bootflash:

* Upgrade IOS with .bin file (Catalyst 4948, IOS 12.2(31)SGA9)


switch#write
switch#show version
switch#show bootvar
switch#dir bootflash:
switch#copy tftp: bootflash:
Address or name of remote host []? 10.1.1.25

Source filename []? cat4500-ipbasek9-mz.122-31.SGA9.bin


Destination filename [cat4500-ipbasek9-mz.122-31.SGA9.bin]?
Accessing tftp://10.1.1.25/cat4500-ipbasek9-mz.122-31.SGA9.bin...
Loading cat4500-ipbasek9-mz.122-31.SGA9.bin from 10.1.1.25 (via
Vlan101): !!!!!!!!!!! (and so on...)
[OK - 12628916 bytes]
12628916 bytes copied in 71.164 secs (177462 bytes/sec)
switch#dir bootflash:
switch#conf term
switch(config)#boot system bootflash:cat4500-ipbasek9-mz.122-31.SGA9.bin
switch(config)#config-register 0x2102
switch(config)#end
switch#dir bootflash:cat4500-ipbasek9-mz.122-31.SGA9.bin
switch#write
switch#show bootvar
switch#reload

* Upgrade IOS with .bin file (Catalyst 3750, IOS 12.2(25)SEE2)

WARNING! - This procedure is only good for a standalone switch that is


NOT part of a stack!
copy run start
show version
show boot
dir flash:
# If you don't have enough room for the new image, delete the old one:
del flash:c3750-ipbase-mz.122-25.SEE2.bin
# Once you have enough room, upload the new image:
copy tftp flash
Address or name of remote host [192.168.1.25]?
Source filename [c3750-ipbase-mz.122-37.SE.bin]?
Destination filename [c3750-ipbase-mz.122-37.SE.bin]?
Accessing tftp://192.168.1.25/c3750-ipbase-mz.122-37.SE.bin...
Loading c3750-ipbase-mz.122-37.SE.bin from 192.168.1.25 (via
Vlan54): !!!!!!!!!!!!!! (and so on...)
[OK - 7624064 bytes]
conf term
boot system flash:c3750-ipbase-mz.122-37.SE.bin
end
dir flash:c3750-ipbase-mz.122-37.SE.bin
show boot
copy run start
reload

* Upgrade IOS with .tar file (Cat 3750, IOS 12.2(25)SEE2)

WARNING! - This procedure is only good for a standalone switch that is


NOT part of a stack!
copy run start
show version
show boot
dir flash:
# If you don't have enough room for the new image, delete the old one:
del /recursive flash:c3750-ipbase-mz.122-25.SEE2
# Once you have enough room, upload the new image:

archive tar /xtract tftp://192.168.1.25//c3750-ipbase-tar.122-37.SE.tar


flash:
Loading /c3750-ipbase-tar.122-37.SE.tar from 192.168.1.25 (via Vlan54):
!
c3750-ipbase-mz.122-37.SE/ (directory)
extracting c3750-ipbase-mz.122-37.SE/c3750-ipbase-mz.122-37.SE.bin
(7624064 bytes)!!!!!!!!!! (and so on...)
c3750-ipbase-mz.122-37.SE/html/ (directory)
extracting c3750-ipbase-mz.122-37.SE/html/forms.js (13563 bytes)!!!
extracting c3750-ipbase-mz.122-37.SE/html/sitewide.js (20829 bytes)!!!!
extracting c3750-ipbase-mz.122-37.SE/html/combo.js (9353 bytes)!!
extracting c3750-ipbase-mz.122-37.SE/html/layers.js (1616 bytes)
extracting c3750-ipbase-mz.122-37.SE/html/toolbar.js (7084 bytes)!!
(and so on...)
extracting c3750-ipbase-mz.122-37.SE/info (596 bytes)!
extracting info (103 bytes)!!
[OK - 10311680 bytes]
conf term
boot system flash:c3750-ipbase-mz.122-37.SE/c3750-ipbase-mz.122-37.SE.bin
end
dir flash:c3750-ipbase-mz.122-37.SE/c3750-ipbase-mz.122-37.SE.bin
show boot
copy run start
reload

* Etherchannel + VLAN trunking (Catalyst 4006, IOS 12.2(20)EWA)


interface Port-channel10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
channel-group 10 mode desirable
interface GigabitEthernet3/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
switchport mode trunk
no snmp trap link-status
channel-group 10 mode desirable

* VLAN HSRP (Hot Standby Router Protocol) w/ACL (Catalyst 4006, IOS
12.2(20)EWA)
! primary unit
interface Vlan5
ip address 192.168.5.2 255.255.255.0
ip access-group in_from_prod_dmz in
standby 5 ip 192.168.5.1
standby 5 priority 105
standby 5 preempt

standby 5 authentication asdfasdf


! secondary unit
interface Vlan5
ip address 192.168.5.3 255.255.255.0
ip access-group in_from_prod_dmz in
standby 5 ip 192.168.5.1
standby 5 authentication asdfasdf

* Port Monitoring - Useful for NIDS or troubleshooting (Catalyst 4006, IOS


12.2(20)EWA)
monitor session 1 source interface Gi4/1
monitor session 1 destination interface Gi5/15
#show monitor detail
Session 1
--------Type
: Local Session
Source Ports
:
RX Only
: None
TX Only
: None
Both
: Gi4/1
Source VLANs
:
RX Only
: None
TX Only
: None
Both
: None
Source RSPAN VLAN : None
Destination Ports : Gi5/15
Encapsulation : Native
Ingress : Disabled
Learning : Disabled
Filter VLANs
: None
Filter Addr Type :
RX Only
: None
TX Only
: None
Both
: None
Filter Pkt Type
:
RX Only
: None
Dest RSPAN VLAN
: None
IP Access-group
: None

You might also like