Networking Concepts – Part One Exercise 2 – Essential Switch Configuration
Exercise 2 – Essential Switch Configuration
In this exercise, you will configure some essential settings on a Cisco switch.
A switch is a networking device that connects end devices in a network. It is a multiport network bridge that forwards data based on an Ethernet address (MAC address), which is stored in the MAC address table. MAC addresses are a 48-bit long binary number, but most devices show MAC addresses as a 12-digit hexadecimal number. For example, in Cisco switches, you will see a MAC address as 0000.0C12.3456.
Most MAC addresses represent a single NIC(Network Interface Card) or Ethernet port, and it is important to remember that MAC addresses are unique. You will learn more about MAC address table in later modules.
There are two general switch types, a layer 2 (L2) switch, and a layer 3 (L3) switch.
An L2 switch only performs switching, which means that it uses the MAC address to switch a frame from source port to a destination port.
An L3 switch also performs switching like an L2 switch, but it is also capable of performing routing and inter-vlan routing based on IP addresses.
When a switch has been turned on for the first time, or when the configuration has been erased, the initial configuration dialog is displayed. Instead of using the initial configuration dialog, you will use the command line interface, or CLI, to configure the settings detailed in this module. It is uncommon that the initial configuration dialog is used in the real world. Almost all of your Cisco configurations will be done using CLI. Hence experience using CLI is vital.Note: Please refer to your course material for reference on the commands used in this exercise, or use your preferred search engine to gain an understanding of these tasks.
To put into context how and what you are accessing when using this remote lab, here is some brief information on the devices you have access to.
At the current time of writing, the lab has two different types of switches:
- Cisco 2960 24 port series – L2 switch
- Cisco 3750v2 series – L3 switch (or v1 depending on the lab) series.
The Cisco 3750 series switch has Power over Ethernet (PoE) capabilities, which enable connections to devices that are capable of drawing their power source from the network, such as a Cisco IP phone or camera, for example. As corporate and SME networks are moving towards IP telephony, providing power over the network to these devices has become very popular.
On the front of the switch are the switch interfaces where the network cables connect and a small button which changes the LED’s on the front of the switch to do various things.
Below are images of the front of both the Cisco 3750 and the Cisco 2960 series switches. These are the exact physical devices you will be accessing.
Cisco 3750 Series Switch
Below is an image showing the front of the 3750 series switch. Here you can see 24 RJ45 (commonly called copper) based network interfaces. These are capable of 10/100Mbps speeds. On the right, you can see two Small Form-factor Pluggable or SFP ports into which you can insert transceiver modules. These can provide fiber-based connectivity instead of just copper based RJ45 connections. Typically they will be used to uplink to another switch, perhaps to a distribution or core switch, but they could connect to any other compatible device.
On the far right, you can see the mounting bracket, which is used to mount the switch into a 19-inch cabinet or rack. These mounts are often called ears.
Below is an image of the left of the switch. Here you can see the mode button, which changes the LED functions. By default, LEDs of the 24 RJ45 interfaces indicate network activity. However, they can be configured to indicate various other conditions. For example, they can be configured to indicate the active duplex mode of the interface, either full or half-duplex.
On the rear of the 3750 switch is the power connector, which is not shown in the following image, and 3 other connectors, two for stacking switches together using a stack cable, and finally the console port.
The console port is very important as it is through this connection that you have initial access to the device. When you configure a physical switch in real life, you would normally have a small light blue cable that plugs into this console port and the other end into your laptop or PC. Then you would use your favorite terminal program such as Hyperterminal, Putty, or Tera Term, to name a few, to connect and make your initial configuration so that you can then complete your configuration remotely over the network.
In the lab environment, that cable is replaced by the Internet, and the terminal software is replaced by your web browser and a special client so that you can see the terminal screen. Apart from this, your experience on the platform is as it would be in the real world.
Cisco 2960 Series Switch
On the front of the Cisco 2960 switch, you can see similar connections to the 3750. You will notice that in this particular model we have 4 interfaces that are slightly different, two which are the same as the Cisco 3750 where you can insert a small transceiver, the other two are RJ45 copper-based gigabit uplinks, these provide a cost-effective way to get a gigabit uplink to the switch without requiring any further investment.
The rear of 2960 is missing the stacking capabilities but has a console port and power socket in the same way as the Cisco 3750 series.Note: Different models within the same series may have different connections and look slightly different. For example, you can get 48 port versions of these switches. They would be identical to the above images except for having more interfaces to connect your network devices.
Learning Outcomes
After completing this exercise, you will be able to:
- Configure the Switch
- Know about Startup and Running Configurations
- Manage Startup and Running Configurations
- View System Information
Your Devices
You will be using the following devices in this lab. Please power these on now.
- NYACCESS1 – (Cisco 2960-24 – Access Switch 1)
Task 1 – Configuring the Switch
For this lab, all devices are initially powered down. The devices that you will configure have no previous configuration on them. In this task, you will be configuring the devices “right out of the box.”
Step 1
You will begin by powering up the NYACCESS1 device.
When you power on the device, the command line window for the switch will appear. You will see a lot of information that you will eventually become more familiar with over time. This information includes, among other things:
- Internetwork Operating System (IOS) type, version, and available features
- Device hardware information including memory and interfaces
- Legal information about the use of software products
In addition, several syslog messages will appear that inform you of the state of interfaces. Your output should look something like the following:
Using driver version 1 for media type 1
Base ethernet MAC Address: ec:30:91:ee:bc:00
Xmodem file system is available.
The password-recovery mechanism is enabled.
Initializing Flash...
mifs[2]: 0 files, 1 directories
mifs[2]: Total bytes : 3870720
mifs[2]: Bytes used : 1024
mifs[2]: Bytes available : 3869696
mifs[2]: mifs fsck took 0 seconds.
mifs[3]: 3 files, 1 directories
mifs[3]: Total bytes : 27998208
mifs[3]: Bytes used : 18444288
mifs[3]: Bytes available : 9553920
mifs[3]: mifs fsck took 7 seconds.
...done Initializing Flash.
done.
Loading "flash:c2960-lanlitek9-mz.150-2.SE9.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File "flash:c2960-lanlitek9-mz.150-2.SE9.bin" uncompressed and installed, entry point: 0x3000
executing...
!<--OUTPUT OMITTED-->
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : EC:30:91:EE:BC:00
Motherboard assembly number : 73-11472-06
Power supply part number : 341-0097-02
Motherboard serial number : FOC134106RA
Power supply serial number : DCA13388CDX
Model revision number : D0
Motherboard revision number : B0
Model number : WS-C2960-24TC-S
System serial number : FOC1340Y1M5
Top Assembly Part Number : 800-29857-02
Top Assembly Revision Number : F0
Version ID : V03
CLEI Code Number : COMSH00ARC
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C2960-24TC-S 15.0(2)SE9 C2960-LANLITEK9-M
Press RETURN to get started!
*Mar 1 00:00:40.282: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 00:00:41.473: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Mar 1 00:00:42.471: %DC-4-FILE_OPEN_WARNING: Not able to open flash:/dc_profile_dir/dc_default_profiles.txt
*Mar 1 00:00:42.471: %DC-6-DEFAULT_INIT_INFO: Default Profiles DB not loaded.
*Mar 1 00:00:42.513: %SYS-4-VRF_TABLE_INIT_WARNING: cannot determine platform max VRFs
*Mar 1 00:01:03.099: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2960 Software (C2960-LANLITEK9-M), Version 15.0(2)SE9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Tue 01-Dec-15 07:07 by prod_rel_team
*Mar 1 00:01:05.229: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 00:01:06.236: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar 1 00:01:34.933: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
*Mar 1 00:02:24.577: %LINK-3-UPDOWN: Interface FastEthernet0/23, changed state to up
*Mar 1 00:02:25.584: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to up
*Mar 1 00:02:32.303: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up
*Mar 1 00:02:33.310: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
It may take several minutes for all the information to be displayed.
Step 2
After the switch has successfully loaded its IOS image and gone through the various boot stages, you will see a message stating Press RETURN to get started! It may be difficult to find initially, but it will be somewhere after the device hardware information and before the syslog messages indicating the status of interfaces on the device.
Go ahead and press Return (Enter), even if you don’t see a prompt in the command line interface. You should see the initial configuration dialog message:
--- System Configuration Dialog ---
Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the enable secret
If you choose not to enter the initial configuration dialog, or if you exit setup without setting the enable secret, please set an enable secret using the following CLI in configuration mode-enable secret 0
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]:
The initial configuration dialog is a menu-driven process that enables you to configure some basic switch items. Feel free to run through this at a later time, but you will not be using this to make our configuration changes in this lab.
At the [yes / no] prompt, type no to quit the setup, you will get the prompt shown below.
Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>
You will notice the prompt changes to Switch>. If you remember, the “>” symbol signifies that you are in user exec mode. The Switch text prior to the “>” symbol is the hostname of the device.
To have the correct privileges to make a configuration change, you must be in privileged executive mode, which is signified by a “#” symbol at the end of the prompt. To get to privileged executive mode, simply type enable. Some may call this mode the enable mode, however, the correct name is privileged executive mode.
Switch>
enable
Press Enter.
You will see the following output:
Switch>enable
Switch#
Note: At this point, in a production environment, a user is almost certainly prompted for an enable password when entering privileged executive mode. As the switch is yet to be configured, you will not be prompted for such a password. You will configure a password later to see this in action.
Step 3
In this step, you will configure the hostname of the switch. As the rest of the modules in this course refer to this switch as NYACCESS1, you will change the hostname to be NYACCESS1.
To do this, enter global configuration mode and use the hostname command to change the hostname. Throughout all of the tasks, the configuration will be shown in full, as shown in the output below.
Type the following commands (press Enter after each command):
Switch#
configure terminal
Switch(config)#
hostname NYACCESS1
You will see the following output:
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname NYACCESS1
NYACCESS1(config)#
Notice that as soon as you entered the hostname command that the hostname changed. This is an important point because almost all changes that you make are committed as soon as you press Enter. You do not commit the changes separately; they are committed immediately.
Step 4
Now you will configure an enable password. To do this, use the enable password command in global configuration mode as follows:Alert: When configuring passwords, make sure to configure them exactly as they are specified in the lab. If the password is not specified explicitly, you must use lower case ciscoas a password. This enables us to successfully recover the devices once you have finished.
NYACCESS1(config)#
enable password cisco1
Press Enter.
You will see the following output:
NYACCESS1(config)#enable password cisco1
NYACCESS1(config)#
Step 5
Test this configuration change by exiting privileged executive mode and connecting again.Note: When configuring Cisco switches and routers, if you are in any configuration mode, you can use the exit command to move back one level. So typing exit when you are in any Specific configuration mode would return you to global configuration mode. You can also use the shortcut CTRL+Z to exit all the way back to privileged executive mode from any configuration mode.
Type exit to get from global configuration mode back to privileged executive mode, then type disable to get back to user exec mode.
NYACCESS1(config)#
exit
Press Enter.
NYACCESS1#
disable
Press Enter.
You will see the following output:
NYACCESS1(config)#exit
NYACCESS1#disable
NYACCESS1>
*Mar 1 00:30:56.642: %SYS-5-CONFIG_I: Configured from console by console
You will notice that the switch prints a syslog message to the screen stating the switch has been configured. These log messages appear on the command line interface of any device that is connected to the console port by default.
These syslog messages can be turned off. However, it is a good idea to keep them enabled whilst you are using the labs as you will use these log messages to understand what is happening on the switch. There may be occasions where turning logging off is recommended, so just follow the guides.Note: Logging does not appear by default when using a remote access connection such as Telnet or SSH. Logging must be turned on separately, in this case, using command terminal monitor from privileged exec mode.
Step 6
Once you are in user exec mode, switch back to privileged mode using the enable command as follows (press Enter after each command):
NYACCESS1>
enable
Password:cisco1
You will see the following output:
NYACCESS1>
NYACCESS1>enable
Password:
NYACCESS1#
Notice that this time, you are prompted to enter a password, which you previously configured.Note: When typing the new password, the characters will not appear on screen.
Step 7
There is a problem, however, with the enable password. Use the show running-config command to observe the switch’s full running configuration. On the first screen of the configuration, look for the command enable password cisco1.
NYACCESS1#
show running-config
Press Enter.
You will see the following output:
NYACCESS1#show running-config
Building configuration...
Current configuration : 1325 bytes
!
! Last configuration change at 00:36:31 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NYACCESS1
!
boot-start-marker
boot-end-marker
!
enable password cisco1
!
no aaa new-model
system mtu routing 1500
!
!
!<-- Output Omitted -->
Notice that the password is printed in clear text, which is considered to be a security issue. If for example, you back up your configuration onto a server and someone gains access to this backup file, they will be able to read the password and your security will be compromised.Note: To scroll through the rest of your configuration, you can use the space bar to scroll screen by screen, or Enter to scroll line by line. You can also press q or CTRL+C or CTRL+Z to stop viewing any output that requires scrolling.
Step 8
To resolve the password security issue, configure an enable secret, and compare this to the enable password. Enter global configuration mode and use the enable secret command to set a password of ciscoas follows (press Enter after each command):
NYACCESS1#
configure terminal
NYACCESS1(config)#
enable secret cisco
You will see the following output:
NYACCESS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYACCESS1(config)#enable secret cisco
NYACCESS1(config)#
Note: The Cisco IOS will not allow you to have the same text string for both the enable password and the enable secret.
Step 9
As you did before, quit back to privileged executive mode, then type disable to exit privileged executive mode.
Type the following commands (press Enter after each command):
NYACCESS1(config)#
exit
NYACCESS1#
disable
The output will be as follows:
NYACCESS1(config)#exit
NYACCESS1#disable
NYACCESS1>
Enter privileged executive mode once again. Which password do you have to type? Try cisco1. If that doesn’t work, try cisco. There is clearly a password preference to which the switch accepts.
Type the following commands (press Enter after each command):
NYACCESS1>
enable
Password:cisco1
Password:cisco
You will see the following output:
NYACCESS1>enable
Password:
Password:
NYACCESS1#
Step 10
View the running configuration once more by entering the following command. Again find the enable password configuration line:
NYACCESS1#
show running-config
Press Enter.
You will see the following output:
NYACCESS1#show running-config
Building configuration...
Current configuration : 1373 bytes
!
! Last configuration change at 00:44:06 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NYACCESS1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$0YPF$m21ruuFYgz/mM3zW3PGl/0
enable password cisco1!
<-- Output Omitted -->
Notice that the enable secret configuration command is encrypted, and the enable password is not. Clearly, it is better to have passwords in an encrypted form in your configuration files than in cleartext.Note: The encrypted hash may be different than shown in the above output.
Step 11
It is possible to encrypt all clear text passwords that exist within the running configuration. To do this, you can use the service password-encryption in global configuration mode to encrypt clear text passwords. Configure this setting as follows.
Type the following commands (press Enter after each command):
NYACCESS1#
configure terminal
Press Enter.
NYACCESS1(config)#
service password-encryption
Press Enter.
NYACCESS1(config)#
exit
Press Enter.
You will see the following output:
NYACCESS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYACCESS1(config)#service password-encryption
NYACCESS1(config)#exit
NYACCESS1#
Step 12
To view the effect, this command has had, view the running configuration once more. This time, however, you will use a filter on the command so that you can focus on one particular element, the enable password.
There are a number of filters you can use at the end of many commands. These are invoked when you use the pipe “|” symbol. For example, the command below will filter the running configuration and show you only lines that contain the words enable password. Use this command in privileged mode:
NYACCESS1#
show running-config | include enable password
Press Enter.
You will see the following output:
NYACCESS1#show running-config | include enable password
enable password 7 13061E01080355
NYACCESS1#
You can see that the password is now encrypted.
Task 2 – Know about Startup and Running Configurations
When you make changes to a switch’s configuration, you are making changes to the running-config of the device. This configuration is stored in the RAM and is the configuration that is always in effect. When you issue new commands, these commands change the running-config and take effect immediately. However, because this configuration is in RAM, if the device is turned off, the running configuration ceases to exist.
Conversely, the startup-config is kept in Non-Volatile RAM or NVRAM, which remains intact if power is lost. When a switch initially boots up, it takes the startup-config from NVRAM and copies it to the running-config in RAM. When you make changes to the running-config, and you want those changes to be available in case of a reboot, you must copy the running-config to the startup-config.
If you do not do this, then when the device reboots, loses power, or for whatever reason fails, an older configuration may be loaded from NVRAM, which you may not have been expecting.Note: This behavior can be used to your advantage. Let’s say that you are configuring a remote device that is located in another state or country. If you make a mistake in your configuration, and you lose remote access to the device, what would you do? Worst case scenario you have to visit the device and repair the issue. The best-case scenario is that you can contact someone in the remote location to reboot the device, assuming they can access the physical location where the device is located and any changes you made, including those that caused the device to malfunction, have been eliminated. You can take this one step further and not require the aid of anyone at the remote location. You can, in fact, tell the device to reboot itself in a number of minutes or hours. It’s very common for an engineer who is configuring a device to issue this command in case the configuration goes wrong for any reason. It offers the ability to reboot to a known working state without the aid of someone on site.
Task 3 – Managing Startup and Running Configurations
In this task, you will examine different types of configuration files stored on a device.
You will learn how to save your configuration in device memory permanently.
Step 1
To view the startup configuration, you simply use the following command in privileged executive mode:
NYACCESS1#
show startup-config
Press Enter.
You will see the following output:
NYACCESS1#show startup-config
startup-config is not present
Notice that there is no startup-config yet. Remember that this switch is being configured from scratch, right out of the box, so no startup configuration exists on the device.
Step 2
However, a running configuration does exist in the RAM. This is because you have already made some changes to the device with the configuration commands that you entered in the previous section. These commands took effect immediately and were added to the running configuration.
Now you can copy the running-config to the startup-config. To do that, issue the following command. When you are asked about the destination file name, accept the default which is shown in the square brackets “[ ]” by pressing Enter:
NYACCESS1#
copy running-config startup-config
Press Enter.
Destination filename [startup-config]?
Press Enter.
The output will be as follows:
NYACCESS1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
NYACCESS1#
Note: If you choose to, it is also possible to copy the startup-config to the running-config just by switching the order of the command. This is useful when you want to revert to the startup-config without having to reboot the device.
Step 3
Re-issue the show startup-config command. If you like, you can compare this to the show running-config command. They should be the same at this point, as we have not made any additional configuration changes. Again use q or CTRL+C to stop having to page through the configuration:
NYACCESS1#
show startup-config
Press Enter.
You will see the following output:
NYACCESS1#show startup-config
Using 1390 out of 65536 bytes
!
! Last configuration change at 00:02:42 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NYACCESS1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$30Cc$Y2tG2jJ5A5FfTqbEM90e91
enable password 7 045802150C2E1D
!
no aaa new-model
system mtu routing 1500
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
!
!<-- Output Omitted -->
!
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
ip http secure-server
!
!
line con 0
line vty 5 15
!
end
NYACCESS1#
Step 4
To erase the startup configuration, you can use either the write erase or erase startup-config command. As before, when prompted, to accept the default value shown in the square brackets “[ ]” press Enter:Alert: In production, networks issue these commands with extreme caution. Never issue such commands if you have not adequately backed up your configurations.
NYACCESS1#
erase startup-config
Press Enter.
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
Press Enter.
You will see the following output:
NYACCESS1#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
NYACCESS1#
*Mar 1 00:12:50.694: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Once you have erased the startup configuration, use the show startup-config command once more, you will notice that there is no startup configuration once again.Leave the switch in its current state and move on to the next section.
Task 4 – Viewing System Information
The final command in this task enables you to view which operating system version the switch is running and a number of other technical details such as modules or interfaces that are installed in the device, memory information, processor type, and seed as well as license features.
You can have multiple operating system files stored in the device’s flash memory. In a later module, you will learn how to manage these files. However, for now, you will just view which operating system the device is currently running.
Step 1
Connect to NYACCESS1 switch. Issue the following command and examine the output:
NYACCESS1#
show version
Press Enter.
You will see the following output:
NYACCESS1#show version
Cisco IOS Software, C2960 Software (C2960-LANLITEK9-M), Version 15.0(2)SE9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Tue 01-Dec-15 07:07 by prod_rel_team
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(53r)SEY3, RELEASE SOFTWARE (fc1)
NYACCESS1 uptime is 19 minutes
System returned to ROM by power-on
System image file is "flash:/c2960-lanlitek9-mz.150-2.SE9.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco WS-C2960-24TC-S (PowerPC405) processor (revision P0) with 65536K bytes of memory.
Processor board ID FCQ1647X1S7
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 24:01:C7:58:D2:80
Motherboard assembly number : 73-12601-06
Power supply part number : 341-0097-03
Motherboard serial number : FCQ16460LUM
Power supply serial number : ALD1642B49H
Model revision number : P0
Motherboard revision number : A0
Model number : WS-C2960-24TC-S
System serial number : FCQ1647X1S7
Top Assembly Part Number : 800-32798-02
Top Assembly Revision Number : A0
Version ID : V08
CLEI Code Number : COMSH00ARE
Hardware Board Revision Number : 0x0A
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C2960-24TC-S 15.0(2)SE9 C2960-LANLITEK9-M
Configuration register is 0xF
NYACCESS1#
Alert: Depending on the hardware that you have connected to, the software version will be either 12.X or 15.x, and your output may be different.Note: You may find some of the above output familiar. The above information is always displayed as part of the switch’s boot up process.
The output displayed on your device may differ from the above output. However, see if you can find the following information about your device:
- Cisco IOS Version
- The IOS filename and location
- The uptime of the switch
- How many and what type of interfaces the switch has
- The configuration register
Comments