Cisco switch cheatsheet
As the owner of a clunky ol' Cisco Catalyst 2950, and as a DEFINITELY NOT net admin, I decided to fiddle a bit more, both as a way to learn about networking (and cisco-based management) and as a way to optimize my current home network. Since the interface has some "strange" (to me) naming conventions and choices, I chose to document "usual" operations here, for later reference.
Quick tip: At any given time, press ?
to get a list of what can be done using the current command prefix (what subcommands and such are available).
Global and hardware configuration setup
The 2950 has 24 100Mbit ports and a serial port (among other things). By default on a clean setup, the switch has the following configuration bits (nonexhaustive).
- One VLan (
Vlan1
), with no IP assigned to the switch itself - Automatic IP assignment / discovery on ethernet hotplug (like an average consumer-centric low-quality switch)
- Password:
passwd
- Telnet and SNMP disabled
- Serial baud of 9600
To reset the switch, the usual method is to press the front-left MODE
button, then power the switch while maintaining the button press.
After a few seconds, the LEDs will start to blink, and the SYST
LED will be orange-colored.
That means the flashing will be in progress.
Admin tasks
Once logged in, to su
to gain elevated privileges, the enable
command is used.
Password management
The command enable secret
allows to set the password of enable
.
However, type 5 and 7 secrets are broken, and shouldn't be used if possible (replaced by type 8 and 9 if available).
Security issues & demo of type 5 and 7 secrets
Setting the base network configuration
Keeping this "automatic VLan mode", there are some things I choose to do.
hostname {hostname}
interface Vlan1
ip address {ip} {mask}
no ip route-cache
no shutdown
!
ip default-gateway {router ip}
ip http server
In order, this is what is done.
- Sets the switch's hostname to the given value
- Open the Vlan1 interface configuration prompt
- Set the switch's IP in the Vlan 1 to what's given
- Disable the route cache
- Disable shutdown of the Vlan in case the management console dies
- Quits the prompt
- Configures the global default gateway of the switch to be my router's IP
- Enables the HTTP server interface, which will be available on
http://{ip}
with the usernameadmin
and the password I defined earlier