From popdata
Jump to: navigation, search

Cisco 2960 Switches

  • Cisco configuration manual
  • From Mackenzie telnet pd-{adm,dmz,rzclnt,rz,san,sre}sw
  • enable to get from "%" to "#" prompt.
  • "config term" to get to (config) prompt which allows chaning configuration, but not displaying status.
    • "end" or CTL-Z to end
    • "write" to save configuration for next reboot
    • TAB to complete current word, or "?" to list alternatives
    • up-arrow to reenter previous command; various emacs keyboard shortcuts: ESC-DEL to delete 1 word backwards; ESC
  • DHCP Logs: on Franklin /var/log/syslog (MAC addresses e.g 00:1c:c0:8b:ee:a6)
  • Switch Logs: on Mackenzie /home/logs/{YYYY-MM-DD}/{DEVICE}/
    • Find interface name (e.g gigabitethernet0/20) by looking for example for MAC address (e.g. 001c.c08b.eea6)
    • Trigger a log by unplugging interface, get "changed state to down"

Port Spanning/Monitoring

Switch% enable
Switch# config term
Switch(config)# no monitor session 1
Switch(config)# monitor session 1 source interface gigabitethernet0/1
Switch(config)# monitor session 1 destination interface gigabitethernet0/20 encapsulation replicate
Switch(config)# end

Configure Port with Macro

Switch% enable
Switch# config term
Switch(config)# interface gigabitethernet0/4
Switch(config-if)# macro apply cisco-desktop $access_vlan 25
Switch(config-if)# end

Allowing more than one MAC address on a desktop macro

Switch% enable
Switch# config term
Switch(config)# interface gigabitethernet0/3
Switch(config-if)# switchport port-security maximum 4
Switch(config-if)# end

Port security and clearing

To see address or violations:

Switch% show port-security
Switch% show port-security address
Switch% show port-security inter gi0/6

2014-09-15 this did not show security violations for gi0/11, but switch logs did.

To turn off port security (and therefore clear, E.g. to replace computer with different MAC address)

no switchport port-security
no switchport port-security violation restrict
no switchport port-security mac-address sticky
no switchport mode access

To add port security: (after connecting the device and doing: config t:)

switchport mode access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky

Old, but might still be helpful:

To clear a mac address:

Switch% enable
Swidth% clear port-security dynamic address 0019.d129.99c0
Switch% clear port-security dynamic interface gi0/7 access

For clearing sticky addresses

clear port-security sticky interface gi0/3 access

Set IP address for VLAN 99 instead of VLAN 1

Switch# config term
Switch(config)# inter vlan 1
Switch(config-if)# no ip address
Switch(config-if)# end
Switch# config term
Switch(config)# vlan 99
Switch(config)# name mgmt-vlan
Switch(config)# end
Switch# config term
Switch(config)# inter vlan 99
Switch(config-if)# description mgmt-vlan
Switch(config-if)# ip address
Switch(config-if)# no shutdown
Switch(config-if)# end

Add encrypted passwords

Switch# config term
Switch(config)# service password-encryption
Switch(config)# enable secret idon'ttell
Switch(config)# line vty 0 15
Switch(config-line)# password idon'ttell
Switch(config)# end
Switch(config)# write

Add Port Protection

Switch# config term
Switch(config)# inter range gi0/20-24
Switch(config-if-range)# switchport protected
Switch(config-if-range)# end

Clearing arp table

Switch# clear arp-cache
Switch# clear ip arp

On Netgear 10Gb switch

(M7100-24X) >enable
(M7100-24X) #clear arp-cache
(M7100-24X) #clear arp-switch