Cisco – Automatic Port Shutdown and Quarantine VLAN Setting

Use TCL to shutdown ports after a certain amount of days. This script has been modified to additionally add the port to a “dead” or “quarantine” VLAN. It can easily be further modified to add a description to the port, such as “SHUT PER POLICY”. ๐Ÿ˜‰

Continue reading “Cisco – Automatic Port Shutdown and Quarantine VLAN Setting”

Cisco – IOS XE Password Recovery on Catalyst 3850

NOTE: Mr. Bray recommends disabling the ability to recover the password/config with one of these commands (varies):
no service password-recoveryย ย ย ย ย or
system disable password recovery switch all

Apply power to the switch. Immediately press the Mode button while the System LED is flashing. Hold the Mode button until all the system LEDs turn on and remain solid; then release it.

  1. Initialize flash
    Switch: flash_init
  2. Ignore the startup configuration
    Switch: SWITCH_IGNORE_STARTUP_CFG=1
  3. Boot packages.conf
    Switch: boot flash:packages.conf
  4. Terminate the initial configuration dialog by answering No.
    Would you like to enter the initial configuration dialog? [yes/no]: No
  5. At the switch prompt, enter privileged EXEC mode.
    Switch> enable
    Switch#
  6. Copy the startup configuration to running configuration.
    Switch# copy startup-config running-config
    Destination filename [running-config]?

    Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the password.
  7. Enter global configuration mode and change the enable password.
    Switch# configure terminal
    Switch(config)#
  8. Write the running configuration to the startup configuration file.
    Switch# copy running-config startup-config
  9. Confirm that manual boot mode is enabled.
    Switch# show boot
    BOOT variable = flash:packages.conf;
    Manual Boot = yes
    Enable Break = yes
  10. Reload the switch.
    Switch# reload
  11. Return the Bootloader parameters (previously changed in Steps 2 and 3) to their original values.
    Switch: SWITCH_DISABLE_PASSWORD_RECOVERY=1
    Switch: switch: SWITCH_IGNORE_STARTUP_CFG=0
  12. Boot the switch with the packages.conf file from flash.
    Switch: boot flash:packages.conf
  13. After the switch boots up, disable manual boot on the switch.
    Switch(config)# no boot manual

Sauce

Cisco – Loading IOS-XE on Catalyst 3850 (3E and 16.x)

Verify Mode

Be sure you’re in INSTALL mode.

Switch# show version | begin Mode

Switch Ports Model           SW Version     SW Image              Mode  
------------------           ----------     ----------            ----  
*    1 32    WS-C3850-24T    Fuji 16.9.1    CAT3K_CAA-UNIVERSALK9 INSTALL

If you’re in “Bundle Mode”, scroll down to…. “If you’re in Bundle Mode”.ย  ๐Ÿ˜›

Install Mode:

3.xE to 16.x

Switch# copy tftp://5.28.11.250/cat3k_caa-universalk9.16.09.02.SPA.bin flash:
Switch# dir flash:*.bin
Switch# software install file flash:cat3k_caa-universalk9.16.09.02.SPA.bin new force
*** Switch will reload ***
Switch# request platform software package clean switch all
*** Use "boot flash:packages.conf" if auto boot was not set ***
Switch#show version
Switch# delete flash:cat3k_caa-universalk9.16.09.02.SPA.bin

16.x to 16.x

Switch# copy tftp://5.28.11.250/cat3k_caa-universalk9.16.09.02.SPA.bin flash:
Switch# dir flash:*.bin

If you’re in Bundle Mode:

3.xE to 16.x:

Switch#copy tftp://5.28.11.250/cat3k_caa-universalk9.16.01.01.SPA.bin flash:
Switch#dir flash:*.bin
Switch# config t
Switch(config)# no boot system
Switch(config)# boot system switch all flash:cat3k_caa-universalk9.16.01.01.SPA.bin
Switch(config)# do write memory
Switch(config)# do show boot
Switch(config)# do reload
*** Switch will reload ***
*** Use "boot flash:cat3k_caa-universalk9.16.01.01.SPA.bin" if auto boot was not set ***
Switch# request platform software package clean switch all file flash:
Switch# copy tftp://5.28.11.250/cat3k_caa-universalk9.16.09.02.SPA.bin flash: 
Switch# request platform software package expand switch all file flash:image.bin auto-copy
Switch# config t
Switch(config)# no boot system
Switch(config)# boot system switch all flash:packages.conf
Switch(config)# do write memory
Switch(config)# do reload

 

16.x to 16.x:

Switch#request platform software package clean switch all file flash:
Switch# copy tftp://5.28.11.250/cat3k_caa-universalk9.16.09.02.SPA.bin flash:
Switch# request platform software package expand switch all file flash:image.bin auto-copy
Switch# config t
Switch(config)# no boot system
Switch(config)# boot system switch all flash:packages.conf
Switch(config)# do write memory
Switch(config)# do reload

Sauce

Powershell – Methods of acquiring admin privileges when working with scripts

Here are a few ways to acquire (prompt for) admin privileges when using PowerShell.

1. In-Script (best way IMO, if it ALWAYS needs to run as admin):

# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
   {
   # We are running "as Administrator" - so change the title and background color to indicate this
   $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
   $Host.UI.RawUI.BackgroundColor = "DarkBlue"
   clear-host
   }
else
   {
   # We are not running "as Administrator" - so relaunch as administrator
   # Create a new process object that starts PowerShell
    $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
   # Specify the current script path and name as a parameter
   $newProcess.Arguments = $myInvocation.MyCommand.Definition;
   # Indicate that the process should be elevated
   $newProcess.Verb = "runas";
   # Start the new process
   [System.Diagnostics.Process]::Start($newProcess);
   # Exit from the current, unelevated, process
   exit
   }

NOTE: If execution policy changes are needed, replace the arguments with the following (if erroring out and closing, add “-noexit”):

$newProcess.Arguments = '-ExecutionPolicy bypass -File "' +
							$script:MyInvocation.MyCommand.Path + '"'

Sauce

3. Within PowerShell (or another script):

Start-Process "$psHome\powershell.exe" -verb runas -ArgumentList "-file C:\scripts\script.ps1"

…also run any application as admin with this…
Start-Process cmd -verb runas
Start-Process notepad.exe -verb runas

3. With a .lnk file:

  1. Right Click your PowerShell script file and choose Create shortcut
  2. Name it as you like…
  3. Right-click the shortcut and click Properties
  4. Add powershell.exe -file at the beginning of the Target field
  5. Go to the Shortcut tab
  6. Click Advanced
  7. Check the Run as Administrator box
  8. Click OK
  9. Profit.

Fix for โ€œ%ADJ-5-RESOLVE_REQ_FAIL: Adj resolve request failed for (IP)โ€

Some high-security devices that donโ€™t respond to ping triggered the following:

%ADJ-5-RESOLVE_REQ_FAIL: Adj resolve request failed for 192.168.1.1 on GigabitEthernet1/0/1

Cisco advised me that these are not an issue, and can be safely disabled with:

no ip cef optimize neighbor resolution

This apparently used to be disabled by default, but has since been enabled.
Sauce