If you open CCNA Material in the Internet Explorer, it does always Popup the Error that it doesn't want to execute these Scripts as they might be dangerous. You can click that away and work with the Course Materials - but it just tends to go on to ones' nerves. So to disable that: Internet Explorer, Extras, Internet Options, Advanced. Look for Security and enable "Execution of Interactive Content within Files on local Computer" and "Execution of Interactive Content within CDs on local Computer".
Category: Cisco
[ATA186] How to Factory Reset / Update Firmware
Factoryreset:
- Take phone off the hook
- Press ATA Button
- Dial 322873738# ( FACTRESET#)
- Press * and again *
- Hang up
IP Adress:
- Take phone off the hook
- Press ATA Button
- Dial 80#
Version:
IP Adress:
- Take phone off the hook
- Press ATA Button
- Dial 123#
Update:
- Get Update Package
- Run ata186us -any -d1 FirmwareFilename.zup
- Take phone off the hook
- Press ATA Button
- Dial the Textstring the Program gives out
( i.e. 100#10*120*12*92*8000# -> 100#IP*in*Oct*et*Port# )
- You're done
Settings:
http://ipaddress/dev
Rooting CUCM7 & Giving BASH instead of the restricted CLI
1. Boot with gparted
2. cd /tmp
3. mkdir test
4. mount /dev/sda1 /tmp/test
5. chroot /dev/test /bin/bash
6. Change:
/etc/passwd:
root:x:0:0:root:/root:/sbin/nologin
admin:x:591:503::/home/admin:/usr/local/platform/bin/cliscript.sh
to:
root:x:0:0:root:/root:/bin/bash
admin:x:591:503::/home/admin:/bin/bash
/etc/shadow
root:!!:14657:0:99999:7:::
to:
root:$1$D2ISXWJF$urnCHPxcF20BUWWwvTZfX0:14657:0:99999:7:::
/etc/sudoers
add the Line for admin under the user privilege specification so that it looks like this:
# User privilege specification
root ALL=(ALL) ALL
admin ALL=(ALL) ALL
7. exit
8. cd /tmp
9. umount /tmp/test
10. umount /dev/sda1
11. reboot
12. login with admin and your password, you are in the bash shell, not in the cisco cli anymore
13. enter sudo su and your login password and you become root
XModem Flash Recovery of new c3560, c3560e, c3750, c3750e, etc...
Right at the moment I'm sitting in one of our wireclosets, watching an c3750 (hopefully) recovering its mind to its old function and behavior - through an XModem transfer of its current IOS. Because of an power failure on our campus the unit actually "bricked" - the flash system became corrupted and the unit did end up in the ROMMON Mode "switch:".
Thats pretty bad - but not as bad as we couldn't fix it.
1. Connect to the console port with the usual settings of 9600 Baud, 8 Bit, No Control, 1 Parity.
2. Power up the switch and hold the mode button until it comes to the ROMMON - and yeah, if you did delete the IOS or your switch is bricked like mine, it does come to this point by its own - no need to do that.
3. Before doing anything, check the file system with fsck flash: - if that gives error you should really format the flash - as it is corrupted and theres no need in flashing it a second time - because the new IOS will become bricked as well (I figured that out myself some minutes ago...). So if you don't have any important data like an non-saved config on that flash, erase it with format flash: and reboot the switch with reset. Test again with fsck, if there are still errors: Forget the switch, send it to Cisco. If not, we're going on with our mission:
4. set BAUD 115200
After that you will see nice looking stuff. Set your console to 115200 BAUD as well. Its important to do that as the download of the IOS will take 2-4 hours otherwise. But don't forget to set it back after everything is done with set BAUD 9600
5. flash_init
init the flash
6. load_helper
does load the helper. sometimes useful.
7. copy xmodem: flash:IOSFILENAME
That will start the xmodem download. In Tera Term, klick File, Transfer, Xmodem, Sene and choose the IOS binary. Yes, important: Not an tar File, only the IOS bin.
8. The Download begins, that will take 20 Minutes or so... Some sweet time, but as we know it could be really worse. So kick back, do something useful - like writing this tutorial ;-)...
9. Its done. Enter boot and it will boot. If not its bricked. Don't forget to set back with set BAUD 9600
Cisco AP1231 Autonomous LWAPP to Auto Downgrade
Downgrading an LWAPP Cisco Access Point which was used with this Wirless Controll System can be very time consuming. Can. Doesn't need to. Cisco did some nice stuff to make life easier: An auto "downgrade" function. To use this you need to get following:
- Tftpd32 Server or similar tftp Server
- An autonomous IOS File for your Access Point (i.e. for the 1231 the file c1200-k9w7-tar.123-8.JEC.tar)
1. Setup your tftpserver and give it an ip out of the range 10.0.0.2 - 10.0.0.30 with the Subnetmask 255.0.0.0
2. Copy the IOS File to the tftpserver root, mostly called tftpboot in Linux
3. Rename the file from - for example c1200-k9w7-tar.123-8.JEC.tar to c1200-k9w7-tar.default
4. Plug in the Ethernet Port on your Access Point (direct Connection from PC to AP needs an Crossover Cable!), connect the AP also to the serial console if you want.
5. Press and hold the "Mode" Button on the AP and plug in power.
6. Wait until the orange blinking middle led turns solid red (ca. 30 sec) and then release the "Mode" Button
7. The AP will start downloading the firmware and reflash itself. DO NOT TURN IT OFF OR KILL THE CONNECTION!
c3560 Cheat
Hostname:
hostname test
Image Upgrade:
del /r /f flash:c3560-ipbase-mz.122-35.SE5
copy tftp://192.168.2.1/images/c3560-ipbasek9-mz.122-46.SE.bin flash:
del - File
rm - Folder
Boot with other Image:
boot system c3560-advipservicesk9-mz.122-46.SE.bin
Portfast (on dhcpd Problems):
spanning-tree portfast
Switchport with Vlan 10:
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
description nativ
macro description NATIV
spanning-tree portfast
Description Vlan 10:
vlan 10 name testvlan
Trunkport:
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
ip dhcp snooping trust
DHCP Snooping:
Global Activate:
ip dhcp snooping vlan 1-4094
no ip dhcp snooping information option
ip dhcp snooping
Allow DHCP on Port:
ip dhcp snooping trust
ESXi Trunking:
ip dhcp snooping vlan 1-4094
no ip dhcp snooping information option
ip dhcp snooping
these are the vlans, one main, one “test” for the vm
vlan 1
name main
vlan 999
name test
normal client port
interface FastEthernet0/1
switchport access vlan 1
spanning-tree portfast
vm client port which does access vlan 999
interface FastEthernet0/3
switchport access vlan 999
spanning-tree portfast
vm server port, which does access normal vlan 1, and does trunk the rest
” ip dhcp snooping trust” means, that this port is allowed to answer dhcp requests
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1,999
switchport mode trunk
ip dhcp snooping trust
end
Routing with c3560-advipservicesk9-mz.122-46.SE.bin:
( Every Net needs a own Vlan! )
( The Vlan Ip is the Gateway )
ip routing
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
interface FastEthernet0/8
switchport access vlan 3
switchport mode access
interface Vlan2
ip address 134.96.10.1 255.255.255.0
interface Vlan3
ip address 192.168.2.1 255.255.255.0
c3560 Routing with Advanced IP Services
Problem: You got serval networks, you got an c3560 but no Router.
Solution: Get an c65e VSS
Following Problem: Insufficient Money, Power, Space,....
Solution: Get your c3560 to route these Networks with an Advanced IP Services Firmware
YOU DO NEED AN "advipservices" FIRMWARE ON YOUR c3560!
Assumption:
On f0/1 PC with 134.96.10.2 -> We want the Gateway to be 134.96.10.1
On f0/8 PC with 192.168.2.2 -> We want the Gateway to be 192.168.2.1
How to:
Easy Idea - for an normal routing process you need an Interface in the "to be routed" net.
And there for the Solution lies in the usage of vlans.
Every port that uses one net is bound to the vlan of that net.
Every net get its own vlan.
Every vlan gets an ip (the gateway ip thats entered into the pcs of this net).
Activate routing.
Done.
Configuration:
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
interface FastEthernet0/8
switchport access vlan 3
switchport mode access
interface Vlan2
ip address 134.96.10.1 255.255.255.0
interface Vlan3
ip address 192.168.2.1 255.255.255.0
ip routing
Using Cisco Vlans and Trunks on VMWare ESXi 3.5/4
Hello there,
are you one of these ppl using ESXi on a small server/pc under your desk to evaluate / develop software?
Are you one of these fitting the whole ESXi World into one machine, one one IDE / SATA drive and without any other VMWare Administrative Instances as your Vi\Vsphere Client? Are you one of these ppl that does not have one real 10 Gig Interface for each VM Machine into its server - but do desperatly need to connect an real pc to just one VM? No problem! Here we go! All we need is an Switch with vlan Trunking. I used an Cisco c3560-poe8 for this, as it is my main work switch.
So you just need these snipets on the switch side:
This is going to activate ip dhcp snooping globaly on the switch
(which means only marked ports are allowed to answer an dhcp request, thats important!)
ip dhcp snooping vlan 1-4094
no ip dhcp snooping information option
ip dhcp snooping
these are the vlans, one main, one "test" for the vm
vlan 1
name main
vlan 999
name test
normal client port
interface FastEthernet0/1
switchport access vlan 1
spanning-tree portfast
vm client port which does access vlan 999
interface FastEthernet0/3
switchport access vlan 999
spanning-tree portfast
vm server port, which does access normal vlan 1, and does trunk the rest
" ip dhcp snooping trust" means, that this port is allowed to answer dhcp requests
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1,999
switchport mode trunk
ip dhcp snooping trust
end
Thats it!
Its that easy!
Only thing you need to do on the vm machine is to start vi\vsphere client, go to configuration, network, create an new port group and insert the nic of the vmware machine you want to use on the switch port (here 3 on the c3560) - and set the port groups vlan id to 999.
And then, you can do pxe, dhcp, sunray, and allll you want!
Cheers,
Nico
c3560 DHCP Snooping
Global Activate:
ip dhcp snooping vlan 1-4094
no ip dhcp snooping information option
ip dhcp snooping
Allow DHCP on Port:
ip dhcp snooping trust
Using Spanningtree can cause Problems with DHCP, use portfast on Userside Ports, but NEVER on Trunk!