Super easy out-of-band access to all your lab devices!

Continue reading “Raspberry Pi / Linux – Console/Terminal Server Access Point”
Super easy out-of-band access to all your lab devices!
Continue reading “Raspberry Pi / Linux – Console/Terminal Server Access Point”
Here’s a solid baseconfig.txt to have your devices start with.
“Better to have, and not need, than to need, and not have.”
– Someone that needed something and didn’t have it.
Start to Finish Setup of Cisco ACS (version 5.5 was used). Including n00b-status group and MAC Auth Bypass (MAB). Active Directory look-up will be added later. 😉
Requires “commands.txt” and “hosts.txt”
Slightly modified.
Manually updating port descriptions is a drag!
NOTE: Mr. Bray recommends disabling the ability to recover the password/config with one of these commands (varies):
no service password-recovery
or
system disable password recovery switch all
Apply power to the switch. Immediately press the Mode button while the System LED is flashing. Hold the Mode button until all the system LEDs turn on and remain solid; then release it.
Switch: flash_init
Switch: SWITCH_IGNORE_STARTUP_CFG=1
Switch: boot flash:packages.conf
Would you like to enter the initial configuration dialog? [yes/no]: No
Switch> enable
Switch#
Switch# copy startup-config running-config
Destination filename [running-config]?
Switch# configure terminal
Switch(config)#
Switch# copy running-config startup-config
Switch# show boot
BOOT variable = flash:packages.conf;
Manual Boot = yes
Enable Break = yes
Switch# reload
Switch: SWITCH_DISABLE_PASSWORD_RECOVERY=1
Switch: switch: SWITCH_IGNORE_STARTUP_CFG=0
Switch: boot flash:packages.conf
Switch(config)# no boot manual
Be sure you’re in INSTALL mode.
Switch# show version | begin Mode Switch Ports Model SW Version SW Image Mode ------------------ ---------- ---------- ---- * 1 32 WS-C3850-24T Fuji 16.9.1 CAT3K_CAA-UNIVERSALK9 INSTALL
If you’re in “Bundle Mode”, scroll down to…. “If you’re in Bundle Mode”. 😛
3.xE to 16.x
Switch# copy tftp://5.28.11.250/cat3k_caa-universalk9.16.09.02.SPA.bin flash: Switch# dir flash:*.bin Switch# software install file flash:cat3k_caa-universalk9.16.09.02.SPA.bin new force *** Switch will reload *** Switch# request platform software package clean switch all *** Use "boot flash:packages.conf" if auto boot was not set *** Switch#show version Switch# delete flash:cat3k_caa-universalk9.16.09.02.SPA.bin
16.x to 16.x
Switch# copy tftp://5.28.11.250/cat3k_caa-universalk9.16.09.02.SPA.bin flash: Switch# dir flash:*.bin
3.xE to 16.x:
Switch#copy tftp://5.28.11.250/cat3k_caa-universalk9.16.01.01.SPA.bin flash: Switch#dir flash:*.bin Switch# config t Switch(config)# no boot system Switch(config)# boot system switch all flash:cat3k_caa-universalk9.16.01.01.SPA.bin Switch(config)# do write memory Switch(config)# do show boot Switch(config)# do reload *** Switch will reload *** *** Use "boot flash:cat3k_caa-universalk9.16.01.01.SPA.bin" if auto boot was not set *** Switch# request platform software package clean switch all file flash: Switch# copy tftp://5.28.11.250/cat3k_caa-universalk9.16.09.02.SPA.bin flash: Switch# request platform software package expand switch all file flash:image.bin auto-copy Switch# config t Switch(config)# no boot system Switch(config)# boot system switch all flash:packages.conf Switch(config)# do write memory Switch(config)# do reload
16.x to 16.x:
Switch#request platform software package clean switch all file flash: Switch# copy tftp://5.28.11.250/cat3k_caa-universalk9.16.09.02.SPA.bin flash: Switch# request platform software package expand switch all file flash:image.bin auto-copy Switch# config t Switch(config)# no boot system Switch(config)# boot system switch all flash:packages.conf Switch(config)# do write memory Switch(config)# do reload
Some high-security devices that don’t respond to ping triggered the following:
%ADJ-5-RESOLVE_REQ_FAIL: Adj resolve request failed for 192.168.1.1 on GigabitEthernet1/0/1
Cisco advised me that these are not an issue, and can be safely disabled with:
no ip cef optimize neighbor resolution
This apparently used to be disabled by default, but has since been enabled.
Sauce