Configure Password
——————–
1. Change to global mode: config t
2. To Set enable password: enable password “chicagotech’
3. To set secret password: enable secret “ms-mvp”
Note:
1: Enable secret password is encrypted by default. Enable password is not.
2: If both enable secret and enable password are specified, the enable secret overrides the enable password.
1. Set a console password to chicagotech
1) Router(config)#line con 0
Router(config-line)#login
Router(config-line)#password chicagotech
2. Set a telnet password to chicagotech
1) Router(config)#line vty 0 4
2) Router(config-line)#login
3) Router(config-line)#password chicagotech
=================================================
Enable SNMP on PIX
——————-
I just installed Netflow to monitor our Internet traffic rate. I have enabled snmp on our Cisco PIX515. The netflow displays ?No devices have sent NetFlow exports to the software yet?. I am not sure the problem is PIX configuration or Netflow settings. How do I test the snmp settings in PIX?
access-list outside_in permit icmp any any unreachable
access-list outside_in permit tcp any host 192.168.11.253 eq 3389
access-list outside_in permit icmp any any echo-reply
access-list outside_in permit icmp any any time-exceeded
access-list outside_in permit tcp any host 192.168.10.10 eq 3389
access-list 192_splitTunnelAcl permit ip LAN 255.255.255.0 any
access-list inside_outbound_nat0_acl permit ip LAN 255.255.255.0 VPN 255.255.255
.240
access-list inside_outbound_nat0_acl permit ip LAN 255.255.255.0 any
access-list outside_cryptomap_dyn_20 permit ip any VPN 255.255.255.240
access-list outside_cryptomap_20 permit ip LAN 255.255.255.0 any
pager lines 24
logging on
logging trap errors
logging history informational
logging device-id hostname
mtu outside 1500
mtu inside 1500
ip address outside 192.168.10.254 255.255.255.0
ip address inside 192.168.11.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPN 192.168.21.1-192.168.21.9
pdm location 192.168.11.253 255.255.255.255 inside
pdm location VPN 255.255.255.0 inside
pdm location LAN 255.255.255.0 outside
pdm location VPN 255.255.255.0 outside
pdm location LAN 255.255.255.255 inside
pdm location RDC 255.255.255.255 inside
pdm location 192.168.11.2 255.255.255.255 inside
pdm location 192.168.10.104 255.255.255.255 outside
pdm location 192.168.11.254 255.255.255.255 outside
pdm history enable
arp timeout 14400
global (outside) 2 192.168.10.250-192.168.10.253
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 192.168.11.253 192.168.11.253 netmask 255.255.255.255 0
0
static (inside,outside) 192.168.10.10 RDC netmask 255.255.255.255 0 0
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 0.0.0.0 0.0.0.0 outside
http LAN 255.255.255.255 inside
http LAN 255.255.255.0 inside
snmp-server host outside 192.168.11.254
snmp-server host inside 192.168.11.254
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps
tftp-server outside 192.168.10.115 c:\
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 206.81.53.106
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 206.81.53.106 netmask 255.255.255.255 no-xauth no-co
nfig-mode
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup 192 address-pool VPN
vpngroup 192 dns-server 4.2.2.1
vpngroup 192 split-tunnel 192_splitTunnelAcl
vpngroup 192 idle-time 1800
vpngroup 192 password ********
=====================================================
How to configure ASA to open port 3389 for TS
———————————————-
You need these two lines:
access-list outside_access_out extended permit tcp any host x.x.x.198 eq 3389
static (inside,outside) tcp interface 3389 10.0.3.2 3389 netmask 255.255.255.255
If you use ASDM, id for the Rule and if for the NAT
======================================================
How to view and save PIX/ASA configuration
——————————————
1. “copy run start” and “write terminal” to save running-config to startup-config.
2. “show startup-config to view the configuration in flash memory.
3. “show running-config” and “write terminal” to view the current running configuration .
========================================================
configure Cisco 831 router for two public IP addresse
—————————————————-
The following is the sample of NAT on 831.
ip dhcp excluded-address 172.16.5.1 172.16.5.9
ip dhcp excluded-address 172.16.5.51 172.16.5.254
!
ip dhcp pool sdm-pool1
network 172.16.5.0 255.255.255.0
default-router 172.16.5.1
dns-server 4.2.2.1
!
!
no ip bootp server
ip inspect name sdm_ins_in_100 cuseeme
ip inspect name sdm_ins_in_100 ftp
ip inspect name sdm_ins_in_100 h323
ip inspect name sdm_ins_in_100 netshow
ip inspect name sdm_ins_in_100 rcmd
ip inspect name sdm_ins_in_100 realaudio
ip inspect name sdm_ins_in_100 rtsp
ip inspect name sdm_ins_in_100 smtp
ip inspect name sdm_ins_in_100 sqlnet
ip inspect name sdm_ins_in_100 streamworks
ip inspect name sdm_ins_in_100 tftp
ip inspect name sdm_ins_in_100 tcp
ip inspect name sdm_ins_in_100 udp
ip inspect name sdm_ins_in_100 vdolive
ip inspect name sdm_ins_in_100 icmp
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
description $FW_INSIDE$$ETH-LAN$
ip address 172.16.5.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no cdp enable
!
interface Ethernet1
description $FW_OUTSIDE$$ETH-WAN$
ip address 192.168.10.70 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect sdm_ins_in_100 in
duplex auto
no cdp enable
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 172.16.5.13 3389 192.168.10.70 3389 extendable
ip nat inside source static tcp 172.16.5.13 3389 192.168.10.71 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.1 permanent
ip http server
ip http authentication local
ip http secure-server
!
access-list 1 permit 172.0.0.0 0.255.255.255
no cdp run
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
!
end
831#
===============================================
Reset a Cisco Router Back to Factory Defaults
———————————————-
chicagotech831#conf t
Enter configuration commands, one per line. End with CNTL/Z.
chicagotech831(config)#config-register 0x2102
chicagotech831(config)#end
chicagotech831#wr erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
chicagotech831#reload
System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]
======================================
Router modes
————-
User mode = Router>
Privileged mode = Router#
Global configuration mode = Router(config)#
Interface mode = Router(config-if)#
Subinterface mode = Router(config-subif)#
Line mode = Router(config-line)
Router configuration mode = Router(config-router)#
===============================================
Cisco Router Modes
——————–
Router> User mode
Router# Privileged mode (to chnage to Privileged mode, do Router> enable)
Router(config)# Global configuration mode (Router# conf t)
Router(config-if)# interafce mode (Router(config)# interafce ethernet0)
Router(config-subif)# Subinterface mode
Router(config-line)# Line mode
Router(config-router)# Router configuration mode
================================================
command lines
————–
1. To verify the operation of a routing protocol
show ip protocols
2. Display the IP routing table.
show ip route
=================================================
configure SSH for Secure Access
——————————–
ChicagoTech>En
Password:
ChicagoTech#conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
ChicagoTech(config)#hostname ChicagoTech
ChicagoTech(config)#ip domain-name howtocisco.com
ChicagoTech(config)#crypto key generate rsa
ChicagoTech(config)#ip ssh time-out 60
ChicagoTech(config)#ip ssh authentication-retries 4
ChicagoTech(config)#end
ChicagoTech#wr mem
===================================================
Create a VTP domain
———————–
chicagotech>en
password:
chicagotech#conf t
chicagotech(config)#vtp mode server
chicagotech(config)#vtp domain ms-mvps
chicagotech(config)#vtp password chicagotech
chicagotech(config)#end
chicagotech>copy running-config startup-config
==================================================
find the Switch and Port You are connecting to
———————————————
1. Find my laptop Mac address by using ipconfig /all. It is 00-16-D4-BA-D7-77
2. Telnet one of the switch and enable it.
3. Type “show mac-address-table address 00-16-D4-BA-D7-77”, it display
====================================================
Limit access #
—————
With Cisco Port Security, you can configure the port to accept certain Mac addresses and an additionl access will be denied. In this case, our maximum access # is 15.
Chicagotech>En
Chicagotech>password:
Chicagotech#conf t
Chicagotech(config)#interface fastethernet 0/9
Chicagotech(config-if)#switchport mode access
Chicagotech(config-if)#switchport port-security
Chicagotech(config-if)#switchport port-security max 15
Chicagotech(config-if)#switchport port-security violation protect
Chicagotech(config-if)#end
====================================================
setup interface
——————
Router#config
Router(config)#interface serial 1/1
Router(config-if)#ip address 10.0.0.10 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#ctrl-Z
Router#
=====================================================
shutdown multiple ports
————————
CHICAGOTECH>EN
CHICAGOTECH>PASSWORD:
CHICAGOTECH>CONF T
CHICAGOTECH(config)#inter range fastethernet 0/11 – 12
CHICAGOTECH(config-if-range)#no shutdown
CHICAGOTECH(config-if-range)#
CHICAGOTECH(config-if-range)#end
=====================================================
Interface command lines
————————–
1. to verify the status of the switch connections
show ip interface brief
2. Configure range interface
Switch(config)#interface range fastethernet 0/# – #, #, # – #
=======================================================
Configure trunking and VLAN routing
———————————–
Switch>en
password:
Switch#configure terminal
Switch(config)#interface fastethernet 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#end
====================================================
confiugre Virtual Interface on a VLAN
————————————–
Router>en
passwrod:
Router#configure terminal
Router(config)#interface fastethernet 0/0.2
Router(config-subif)#encapsulation dot1q 2
Router(config-subif)#ip address 192.168.11.2 255.255.255.0
Router(config-subif)#exit
Router(config)#router rip
Router(config-router)#network 10.0.0.0
Router(config-router)#end
======================================================
Configure VLAN Subnets
———————-
Router>en
password:
Router#configure terminal
Router(config)#interface fastethernet 0/1
Router(config-if)#ip address 192.168.11.1 255.255.255.0
Router(config-if)#end
======================================================
How to delete switchport access vlan 200 line
——————————————–
CHICAGOTECH_1#show run inter
CHICAGOTECH_1#sh run interface gi1/0/7
Building configuration…
Current configuration : 151 bytes
!
interface GigabitEthernet1/0/7
switchport access vlan 200
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
end
CHICAGOTECH_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CHICAGOTECH_1(config)#int
CHICAGOTECH_1(config)#interface gi1/0/7
CHICAGOTECH_1(config-if)#default switchport access vlan
CHICAGOTECH_1(config-if)#no spanning-tree portfast
CHICAGOTECH_1(config-if)#do sh run int
CHICAGOTECH_1(config-if)#do sh run inter
CHICAGOTECH_1(config-if)#do sh run int gi1/0/7
Building configuration…
Current configuration : 99 bytes
!
interface GigabitEthernet1/0/7
switchport trunk encapsulation dot1q
switchport mode trunk
end
====================================================
Re-configure VLAN for AP
————————-
Add or modify VLAN name
————————
chicagotech>en
password:
chicagotech#conf t
chicagotech(config)#vlan 1
chicagotech(config)#name lab1
===================================================
Situation: the client have 4 VLAN and they want to the Access Point to access all 4 VLAN. This is the show mac-address-table address 0019.3033.6a2a command result:
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0019.3033.6a2a DYNAMIC Gi1/0/22
Total Mac Addresses for this criterion: 1
Resolution: The port configuration looks l ike this (default is VLAN 1)
interface GigabitEthernet1/0/22
switchport mode access
no ip address
no mdix auto
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
Change to:
interface GigabitEthernet1/0/22
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
This is the result after changing:
show mac-address-table address 0019.3033.6a2a
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0019.3033.6a2a DYNAMIC Gi1/0/22
100 0019.3033.6a2a DYNAMIC Gi1/0/22
200 0019.3033.6a2a DYNAMIC Gi1/0/22
300 0019.3033.6a2a DYNAMIC Gi1/0/22
Total Mac Addresses for this criterion: 4
=====================================================
VLAN command lines
——————-
1. How to check last modified VTP configuration
show vtp status
2. Verify a Trunk
show interface interface switchport | trunk
3. Verify A VLAN
show vlan brief | id vln_id | name vlan_name
4. Assign switch ports to a vlan
switchport access vlan vlan# | dynamic
5. configure dot1q trunk
switchport mode trunk | access | dynamic desirable | dynamic auto
6. verify STP for a VLAN
show spanning-tree active | detail | vlan_id | summery
==========================================================
How to enable Cisco ASA Web VPN
——————————–
To enable the HTTP Service on the ASA, please follow these steps:
1. Enable the HTTP server.
2. Enable WebVPN on the outside interface.
3. Configure WebVPN group attributes.
4. Configure user authentication.
1. enable.
2. Chicagotech#conf t
3. Chicagotech(config)# http server enable
4. Chicagotech(config)# http redirect outside 80
5. Chicagotech(config)# webvpn
6. Chicagotech(config-webvpn)# enable outside
7. Chicagotech(config-webvpn)#exit
8. Chicagotech(config)# group-policy VPNGroup internal
9. Chicagotech(config)# group-policy VPNGroup attributes
10. Chicagotech(config-group-policy)# vpn-tunnel-protocol webvpn
11. Chicagotech(config-group-policy)# webvpn
12. Chicagotech(config-group-webvpn)# functions file-access file-entry file-browsing
13. Chicagotech(config-group-webvpn)# exit
14. Chicagotech(config)# username chicagotech password ms-mvps
15. Chicagotech(config)# webvpn
16. Chicagotech(config-webvpn)# authentication-server-group LOCAL
========================================================
Configure routing
——————
Configure RIP Routing
Router#configure terminal
Router(config)# router rip
Router(config-router)# network 192.168.11.0
Router(config-router)# network 192.168.22.0
Router(config-router)#end
Configure EIGRP Routing
Router#configure terminal
Router(config)#router eigrp 10
Router(config-router)#network 192.168.11.0
Router(config-router)#network 192.168.22.0
Router(config-router)#end
Configure OSPF Routing
Router#configure terminal
Router(config)#router ospf 100
Router(config-router)#network 192.168.11.0 0.0.0.255 area 0
Router(config-router)#network 192.168.22.0 0.0.0.255 area 0
Router(config-router)#end
Verify the running configuration by displaying the router status at the first line
show running-config | begin router
To dump the routing table type
clear ip route *
====================================================
Sample of configuring Cisco 2955S switch
—————————————-
The Cisco Switch 2955 basic configuration will setup IP address, Subnet, Enable secret password, Enable password, and Telnet password. This is the sample.
Would you like to enter the initial configuration dialog? [yes/no]: Y (press Enter)
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system.
Would you like to enter basic management setup? [yes/no]: Y (press Enter)
Enter host name [Switch]: chicagotech
Enter enable secret: switch
Enter enable password: cisco
Enter virtual terminal password: ms-mvps
Configure SNMP Network Management? [no]: n
Enter interface name used to connect to the
management network from the above interface summary: vlan1
Configuring interface vlan1:
Configure IP on this interface? [yes]: y
IP address for this interface: 10.0.20.51
Subnet mask for this interface [255.0.0.0]: 255.255.0.0
Would you like to enable as a cluster command switch? [yes/no]: n
The following configuration command script was created:
hostname host_name
enable secret 5 #3$Max7$Qgr2rXBhtcYJw4KK7ac650
enable password cisco
line vty 0 15 password ms-mvps
snmp-server community public
……
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
If you want to save the configuration and use it the next time the switch reboots,
save it in nonvolatile RAM (NVRAM) by selecting option 2.
Enter your selection [2]:2
=====================================================
Introduction of Cisco Network Assistant
—————————————-
Cisco Network Assistant (CNA) is a free, simple, smart, and secure graphic tool to manage your Cisco network. With CNA, you can manage all your Cisco devices such as switches, routers, PIX 515 firewalls, IP phones, and wireless access-points in one software.. To me this is the greatest benefit to using Cisco Network Assistant. the following lists some of the features the tool offers.
1. Toolbar Icons
2. Checking Total Power Usage of the IP Phones and Wireless Access Points
3. Topology View
4. Checking Link Properties from the Topology View
5. Configuring VLANs or Applying Port Configurations to Multiple Ports Across Switches
6. Cisco IOS® Software Upgrade
7. Need Help?
8. Saving and Restoring Configuration Files
9. Smartports Advisor
10. Creating a Community
=============================================================
change time in Cisco
———————
1. show time information:
chicagotech1#sh clock
chicagotech1#*20:10:59.033 UTC Fri Mar 1 2002
2. Change to Central time:
chicagotech1#1(config)#clock timezone CST -6
3. Reset to current time:
clock set 10:50:00 Oct 26 2006
===========================================================
clear configuration
—————————
1. “clear configuration all” clears the current running configuration and is reset to the default running configuration.
2. To restore the startup configuration, go “copy st run”.
3. “write erase” clears startup configuration and is reset to the factory default configuration with “reload” command.
============================================================
load a new code for ASA
————————
1. Downlaod the code first.
2. Run ASDM and then choose tools/upgrade software.
3. Select the code from Local File Path by using Browse Local Files.
4. In the Flash File System Path, type or Browse Flash: disk0:/asa722-22-8k.bin
5. Click Upload Image.
===========================================================
show and modify Cisco Wireless Bridge date and time
—————————————————
1. “show clock” to display the time and date.
2. For following are examples how to modify the time and date.
config terminal
clock set 14:20:00 31 december 2007
clock timezone central -6.
=========================================================
SHOW COMMANDS
————–
Show access-lists – all access lists on the router
Show cdp – cdp timer and holdtime frequency
Show cdp entry * – same as next
Show cdp neighbors detail – details of neighbor with ip add and ios version
Show cdp neighbors – id, local interface, holdtime, capability, platform portid
Show cdp interface – int’s running cdp and their encapsulation
Show cdp traffic – cdp packets sent and received
Show clock – displays time set on the router
Show controllers serial 0 – DTE or DCE status
Show dialer – number of times dialer string has been reached, other stats
Show flash – files in flash
Show frame-relay lmi – lmi stats
Show frame-relay map – static and dynamic maps for PVC’s
Show frame-relay pvc – pvc’s and dlci’s
Show history – commands entered
Show hosts – contents of host table
Show interface – displays statistics of all interfaces
Show int f0/26 – stats of f0/26
Show interface Ethernet 0 – show stats of Ethernet 0
Show interface brief – displays a summary of all interface, includng status and IP address assigned
Show ip – ip config of switch
Show ip access-lists – ip access-lists on switch
Show ip interface – ip config of interface
Show ip protocols – routing protocols and timers
Show ip route – Displays IP routing table
Show ipx access-lists – same, only ipx
Show ipx interfaces – RIP and SAP info being sent and received, IPX addresses
Show ipx route – ipx routes in the table
Show ipx servers – SAP table
Show ipx traffic – RIP and SAP info
Show isdn active – number with active status
Show isdn status – shows if SPIDs are valid, if connected
Show mac-address-table – contents of the dynamic table
Show protocols – routed protocols and net_addresses of interfaces
Show running-config – dram config file
Show sessions – connections via telnet to remote device
Show startup-config – nvram config file
Show terminal – shows history size
Show trunk a/b – trunk stat of port 26/27
Show users – displays all users connected to the router
Show version – ios info, uptime, address of switch
Show vlan – all configured vlan’s
Show vlan-membership – vlan assignments
Show vtp – vtp configs
=================================================
What’s it Overloading?
Overloadingis a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. Known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.
=================================================
ASA 5510 backup and restore using TFTP
————————————-
Backup:
1. Run TFTP server.
2. Run telnet to access ASA.
3. Type enable, then the password..
5. Then follow the this procedure:
chicagotechpix# copy startup-config tftp:
Address or name of remote host []? 192.168.0.2
Destination filename [startup-config]? 072406
!!!
8507 bytes copied in 0.40 secs
Restore:
1. Run TFTP server.
2. Run telnet to access ASA.
3. Enable.
5. Then follow the this procedure:
chiacgotechpix# copy tftp start
Address or name of remote host []? 192.168.0.2
Source filename []? 072306tftp
Accessing tftp://192.168.0.2/072306tftp…!!!
Writing system file…
!!!
8507 bytes copied in 0.260 secs
ciscoasa# wr mem
Note: 1. to copy TFTP file to running-config, do copy tftp run, give tftp Ip, source file name and press enter to confirm Running-config.
2. show run to display running-config.
3. show start to display start config.
===================================================
backup/restore switch configuration using TFTP
———————————————
1. Telnet the switch.
2. Issue enable command.
3. Issue copy running-config tftp: command.
This is the example.
chicagotech01#copy running-config tftp:
Address or name of remote host []? 10.0.0.11
Destination filename [chicagotech1-confg]? chicagotech1
!!
1825 bytes copied in 1.780 secs (1025 bytes/sec)
To Rstore, run copy tftp: running-configand then follow the instruction.
=============================================================
backup/restore Cisco PIX
————————-
Cisco pix backup
It depends on the PIX version. You may try the following commands.
To copy configuration to tftp
chicagotechpix (config)#configure net 10.0.0.254:/filename
Note: You may be able to do that in enable mode
or
chicagotechpix #write net 10.0.0.254:/filename
Note: You may be able to do that in config mode
or
To copy the PIX image from Flash to the TFTP server:
chicagotechpix #copy flash tftp
To copy the image from TFTP to Flash without intervention.
chicagotechpix(config)#copy tftp: flash
===========================================================
copy config.txt to Cisco switch
——————————–
1. Copy and save the configuration as config.txtx
2. Download and install TFTP32.
3. Run TFTP32 and Browse the config.txt.
4. Telnet the switch.
5. Use copy tftp: command to downalod the configuration
===========================================================
Copy configuration from TFTP
—————————-
To erase the running configuration and re-load the configuration file from FTFP, follow theses steps:
Chicagotech>en
Chicagotech>password:
Chicagotech#erase startup-config
Erasing the nvram filesystem will remove all configuration files!
Continue? [confirm]
[OK]
Erase of nvram: complete
Chicagotech#show startup-config
startup-config is not present
Chicagotech#copy tftp://192.168.2.254/Chicagotech startup-config
===============================================================
restore config.txt from tftp
—————————-
1. Run the tftpd32.
2. Browse the file and click OK.
3. Check Show Dir to make sure the config.txt is there.
4. Login the wireless router/switch and enable mode.
5. Type this command: copy tftp://ipaddress/config.txt flash: config.txt.
Note: To check the flash files, use this command: sh flash.
=================================================================
restore Cisco config from TFTP
——————————
1. Run a TFTP program.
2. Telnet to the Cisco router and enable it. Then follow these steps:
chicagotech831#copy tftp: running-config
Address or name of remote host []? 192.168.10.100
Source filename []? chicagotech831-config
Destination filename [running-config]?
Accessing tftp://192.168.10.100/chicagotech831-config…
Loading 121306-internetok from 192.168.10.100 (via Ethernet1): !
[OK – 2115 bytes]
2115 bytes copied in 10.284 secs (206 bytes/sec)
================================================================
Save cisco router configuration to TFTP
—————————————
1. Run a TFTP program.
2. Telnet to the Cisco router and enable it. Then follow these steps:
chicagotech831#copy running-config tftp:
Address or name of remote host []? 192.168.10.100
Destination filename [chicagotech831-confg]?
!!
2115 bytes copied in 1.512 secs (1399 bytes/sec)
chicagotech831#
==============================================================
Use an FTP server to restore Cisco config
—————————————–
1. Make sure the FTP is running and let you uploag.
2. Telnet to the Cisco router and enable it.
3. Configure the FTP username and password.
CHICAGOTECH831#conf t
CHICAGOTECH831(config)#ip ftp username chicagotech
CHICAGOTECH831(config)#ip ftp password chicagotech
CHICAGOTECH831(config)#end
CHICAGOTECH831#
4. Router#copy ftp: running-config
5. Address or name of remote host [192.168.10.100]?
6. Source filename [CHICAGOTECH831_confg]?
7. Destination filename [running-config]?
8. Accessing ftp:// 192.168.10.100/ CHICAGOTECH831_confg…
9. Loading CHICAGOTECH831_confg!
10. [OK – 1423/4764 bytes] 1425 bytes copied in 13.423 secs (76 bytes/sec)
================================================================
Restore config issue
Situation: the client had a Cisco consultant to setup Outdoor wireless 1310 bridge. After finishing the configuration, the consultant save the config file as word format. When the client tries to restore the config using the word file, he losses the configuration in the ridge. After rebooting it, the bridge shows hostname\par>. He can’t logon using the enable password.
Solution: Turn off the bridge and turn it on while hold esc key. That will restore to the manufacturer default settings. Then restore the config using text format instead of word format.
==============================================================
How to upgrade Cisco IOS for 2900 and 3500 Switch
————————————————
1. Check the Flash memory.
chicagotech#dir flash:
Directory of flash:/
2 drwx 704 Feb 28 1993 18:03:50 html
4 -rwx 109 Feb 28 1993 18:01:57 info
5 -rwx 1751867 Feb 28 1993 18:03:00 c3500XL-c3h2s-mz.120-5.WC3b.bin
16 -rwx 109 Feb 28 1993 18:03:50 info.ver
17 -rwx 94680 Feb 28 1993 18:04:08 c3500XL-hdiag-mz-120.5.2-XU
18 -rwx 355 Dec 31 1969 18:00:08 env_vars
19 -rwx 616 Jan 22 2008 15:21:16 vlan.dat
21 -rwx 2462 Jun 19 1993 18:02:13 config.text
3612672 bytes total (358912 bytes free)
2. Delete the existing image since the file to be loaded is larger than the available capacity.
chicagotech#delete flash:c3500XL-c3h2s-mz.120-5.WC3b.bin
Delete filename [c3500XL-c3h2s-mz.120-5.WC3b.bin]?
Delete flash:c3500XL-c3h2s-mz.120-5.WC3b.bin? [confirm]
3. Delete access to the switch HTML pages.
chicagotech#conf t
Enter configuration commands, one per line. End with CNTL/Z.
chicagotech(config)#no ip http server
chicagotech(config)#end
chicagotech#delete flash:html/*
Delete filename [html/*]?
Delete flash:html/Snmp? [confirm]
%Error deleting flash:html/Snmp (Is a directory)
Delete flash:html/homepage.htm? [confirm]
Delete flash:html/not_supported.html? [confirm]
Delete flash:html/common.js? [confirm]
Delete flash:html/cms_splash.gif? [confirm]
Delete flash:html/cms_12.html? [confirm]
Delete flash:html/cms_13.html? [confirm]
Delete flash:html/cluster.html? [confirm]
Delete flash:html/CMS.jar? [confirm]
Delete flash:html/CiscoChartPanel.jar? [confirm]
Delete flash:html/Redirect.jar? [confirm]
4. Us etar command to copy the combined .tar file to the switch.
chicagotech#tar /x tftp://10.0.0.11/c3500xl-c3h2s-tar.120-5.WC17.tar flash:
Loading c3500xl-c3h2s-tar.120-5.WC17.tar from 10.0.0.11 (via VLAN1): !
extracting c3500xl-c3h2s-mz.120-5.WC17.bin (1811552 bytes)!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!
html/ (directory)
extracting html/homepage.htm (3988 bytes)!
extracting html/not_supported.html (1392 bytes)
extracting html/common.js (9449 bytes)!!
extracting html/cms_splash.gif (22152 bytes)!!!!
extracting html/cms_13.html (1211 bytes)!
extracting html/cluster.html (2823 bytes)!
extracting html/Redirect.jar (4229 bytes)!
extracting html/c4v4_disc.sgz (9806 bytes)!!
extracting html/CMS.sgz (955595 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting html/CiscoChartPanel.sgz (58784 bytes)!!!!!!!!!!!!
extracting html/cms_boot.jar (44484 bytes)!!!!!!!!!
extracting info (109 bytes)
extracting info.ver (109 bytes)
[OK – 2938368 bytes]
chicagotech#
5. Use dir flash command to make sure the new image in the Flash.
chicagotech#dir flash:
Directory of flash:/
2 drwx 768 Jan 22 2008 16:12:20 html
4 -rwx 109 Jan 22 2008 16:12:22 info
5 -rwx 1811552 Jan 22 2008 16:11:36 c3500xl-c3h2s-mz.120-5.WC17.bin
16 -rwx 109 Jan 22 2008 16:12:22 info.ver
17 -rwx 94680 Feb 28 1993 18:04:08 c3500XL-hdiag-mz-120.5.2-XU
18 -rwx 355 Dec 31 1969 18:00:08 env_vars
19 -rwx 616 Jan 22 2008 16:12:16 vlan.dat
21 -rwx 2462 Jun 19 1993 18:02:13 config.text
3612672 bytes total (582144 bytes free)
6. Set the boot parameter so that the switch will boots with the new image after reloading.
chicagotech#conf t
Enter configuration commands, one per line. End with CNTL/Z.
chicagotech(config)#boot system flash:c3500xl-c3h2s-mz.120-5.WC17.bin
7. Re-enable access to the switch HTTP pages.
chicagotech(config)#ip http server
chicagotech(config)#end
8. Reload the new image.
chicagotech#reload
System configuration has been modified. Save? [yes/no]: y
Building configuration…
[OK]
Proceed with reload? [confirm]
===================================================================
test certificate is working using Cisco command
———————————————
The command line is
test aaa gr r username password l.
When using test aaa to test windows IAS, you may receive Event ID 2: Reason-Code = 66. That means the Cisco router is talking to the IAS server, but don’t recognize the non-domain user.
=============================================================
TROUBLESHOOT
—————
Problem: We have a used Cisco 1720 router. No one knows the password. I am trying to recover the password, but I can’t. I press Break on the terminal (windows XP, 2000) keyboard within 60 seconds while turn on the router, but the router still loads the image and asks for the password. I have tried Ctrl+Break, Shift+Break, Shift+F5. I also tried 3 computers. Any suggestions.
A: Try TeraTerm.
Q: Downloaded TeraTerm that helps me to recover the password. These are the steps:
1. Turn on the power while hold Alt+B.
2. Type confreg 0x2142 at the rommon 1>
3. Type reset at the rommon 2>
4. You will have
— System Configuration Dialog —
Would you like to enter the initial configuration dialog? [yes/no]:
5. Type yes to continue and you will see
“Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system”.
Would you like to enter basic management setup? [yes/no]:
6. Type yes to continue and follow the instruction to configure the router.
Related Topic
Password Recovery Procedures [Cisco IOS Software Releases 12.1 Mainline] – This … o Password Recovery Procedure for the Cisco 806, 827, and 837 Routers …
=======================================================
http://www.howtocisco.com/
http://www.chicagotech.net/netforums/