Working with Cisco Switches and Routers

Thursday, December 8, 2011

NTP and Timestamps

So the first thing to do is to set the switch to update its internal clock with a network time server. Let’s assume we’ve added a server to our network that among other things is a network time server and its IP address is 192.168.10.10. In addition to the network time server IP address, we need to know what timezone the switch lives in and whether or not daylight savings time is observed. The switch we are working on is in the US Central Time Zone and daylight savings time occurs every summer. Log in to the switch and enter global config mode. From there we type three commands, ntp server 192.168.10.10, clock timezone CST -6, and clock summer-time CDT recurring:

Switch(config)#ntp server 192.168.10.10
Switch(config)#clock timezone CST -6
Switch(config)#clock summer-time CDT recurring
Switch(config)#

In the above example, the timezones CST and CDT are for display purposes only. I could have used the word ‘time’ in both instances or the word ‘elephant’ for that matter. It is there simply to show you which timezone offset that is referenced by the number following the name of the time zone. The important part of the clock timezone command is the ‘hours offset from GMT’ number, in this case -6. Internal time is kept in GMT time and timestamps are logged using the offset number of hours.

Now that our clock is set to sync with our network time server, let’s make sure the switch is using the current time when it makes a log entry. By default the switch makes log entries not with the time of day that the log entry occurred but rather the time elapsed since the switch booted. Here’s what the log entries currently look like:

Switch#show log
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 17 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 17 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Trap logging: level informational, 20 message lines logged

Log Buffer (4096 bytes):

00:00:43: %STACKMGR-4-SWITCH_ADDED: Switch 1 has been ADDED to the stack
00:00:45: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
00:00:45: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
00:00:47: %SYS-5-CONFIG_I: Configured from memory by console
00:00:47: %STACKMGR-5-SWITCH_READY: Switch 1 is READY
00:00:47: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state DOWN
00:00:47: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN
00:00:47: %STACKMGR-5-MASTER_READY: Master Switch 1 is READY
00:00:48: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(25)SEE1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 22-May-06 04:34 by yenanh
00:00:49: %LINK-3-UPDOWN: Interface FastEthernet1/0/11, changed state to up
00:00:49: %LINK-3-UPDOWN: Interface FastEthernet1/0/23, changed state to up
00:00:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/11, changed state to up
00:00:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to up
00:01:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
00:01:55: %SYS-6-CLOCKUPDATE: System clock has been updated from 19:29:32 UTC Fri Jan 4 2008 to 13:29:32 CST Fri Jan 4 2008, configured from console by console.
00:02:43: %SYS-6-CLOCKUPDATE: System clock has been updated from 13:30:20 CST Fri Jan 4 2008 to 13:30:20 CST Fri Jan 4 2008, configured from console by console.
00:03:15: %SYS-5-CONFIG_I: Configured from console by console
Switch#

The last log entry was made 3 minutes, 15 seconds after the switch booted. Lets correct the time used for the log entries so that it shows the time of day the entry was made. While still at the global config prompt, enter the following:

Switch(config)#service timestamps debug datetime localtime
Switch(config)#service timestamps log datetime localtime

Exit out to EXEC mode and type show log. You’ll see the last entry has the time of day instead of elapsed time since boot up:

Switch#show log
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 18 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 18 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Trap logging: level informational, 21 message lines logged

Log Buffer (4096 bytes):

00:00:43: %STACKMGR-4-SWITCH_ADDED: Switch 1 has been ADDED to the stack
00:00:45: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
00:00:45: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
00:00:47: %SYS-5-CONFIG_I: Configured from memory by console
00:00:47: %STACKMGR-5-SWITCH_READY: Switch 1 is READY
00:00:47: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state DOWN
00:00:47: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN
00:00:47: %STACKMGR-5-MASTER_READY: Master Switch 1 is READY
00:00:48: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(25)SEE1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 22-May-06 04:34 by yenanh
00:00:49: %LINK-3-UPDOWN: Interface FastEthernet1/0/11, changed state to up
00:00:49: %LINK-3-UPDOWN: Interface FastEthernet1/0/23, changed state to up
00:00:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/11, changed state to up
00:00:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to up
00:01:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
00:01:55: %SYS-6-CLOCKUPDATE: System clock has been updated from 19:29:32 UTC Fri Jan 4 2008 to 13:29:32 CST Fri Jan 4 2008, configured from console by console.
00:02:43: %SYS-6-CLOCKUPDATE: System clock has been updated from 13:30:20 CST Fri Jan 4 2008 to 13:30:20 CST Fri Jan 4 2008, configured from console by console.
00:03:15: %SYS-5-CONFIG_I: Configured from console by console
Jan 4 13:37:03: %SYS-5-CONFIG_I: Configured from console by console
Switch#

From now on all log entries will have the time of day the entry occurred.

Password Security

There are four common places to use passwords in Cisco’s IOS. You can assign a password for console login, telnet login, an enable password and/or an enable secret password. In today’s security conscious world, a good password scheme is mandatory. To allow for easier reading and to not be confusing, the passwords I use in this article will be simple and not what should be considered strong passwords. Your passwords should be as lengthy as possible and use a combination of uppercase letters, lowercase letters and special characters such as !, @, #, $, % and *. Any printable character can be used. Ideally, each should be different from the other three.

In order to be able to telnet to the switch and make changes, we already set a password for telnet login and we set an enable secret password to let us in to EXEC mode. I mentioned that there was an ‘enable’ password and ‘enable secret’ password. You might be wondering “What’s the difference?” The difference lies in how the password is displayed when you type ‘show run’ and press return. Here’s how it currently looks:

Switch#show run
Building configuration...

Current configuration : 1371 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$HkRl$LkvWMGqhk2n5pvW7DSJzd.
!

You’ll notice that the enable secret password is encrypted so you can’t tell what it is. Let’s add a plain ole enable password and show the listing to see how it show’s under the same circumstances. After logging in I enter EXEC mode by typing in the current enable secret password then I enter global config mode:

Switch>enable
Password:
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#

For the enable secret password I used ‘secure’. For the enable password I’ll use ‘notsosecure’. I’ll then exit out to EXEC mode and show the running config

Switch(config)#enable password notsosecure
Switch(config)#exit
Switch#show run
Building configuration...

Current configuration : 1399 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$HkRl$LkvWMGqhk2n5pvW7DSJzd.
enable password notsosecure
!
no aaa new-model
switch 1 provision ws-c3750-24ts
ip subnet-zero
!
!

See the difference? If someone were looking over your shoulder while you were verifying configuration information or you kept backup copies of your configuration files on a tftp server, the passwords would be exposed. Both the enable password and the enable secret password get you into EXEC mode but the enable secret password is by default encrypted so you can’t tell what it is when viewing the running config or the backup text file. Normally, only the enable secret password is used since both passwords get you into EXEC mode and because it’s encrypted.

We’ve already set the telnet login password, so for added security let’s add a console password. Since we’re already in EXEC mode we just enter global config mode, then enter the console interface config mode. The console port is referred to as ‘line con 0’.

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line con 0
Switch(config-line)#

Just like the telnet configuration, we add a password by typing the command ‘password’ and the word we want to use as the password. Here I assign the word ‘switch’ for the console login password and enable password checking by typing login:

Switch(config-line)#password switch
Switch(config-line)#login
Switch(config-line)#exit
Switch(config)#exit
Switch#

To show all the passwords, I’ll show the running configuration by typing show run after backing out to EXEC mode. I’ve shortened the listing to just show the appropriate parts:

Switch#show run
Building configuration...

Current configuration : 1416 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$HkRl$LkvWMGqhk2n5pvW7DSJzd.
enable password notsosecure
!
no aaa new-model
switch 1 provision ws-c3750-24ts
ip subnet-zero
!

!
line con 0
password switch
login
line vty 0 4
password cisco
login
line vty 5 15
no login
!
end

Switch#

As you can see, the console and telnet passwords have been assigned but we have the same problem as we do with the enable password…you can SEE them! But that can be fixed. You’ll notice that near the top of the configuration file is the no service password-encryption command. This command was discussed in chapter 2, The Default Configuration. It disables password encryption. We can re-enable it simply by typing service password-encryption in global configuration mode. Let’s do that and then show the running config to see the difference.

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#service password-encryption
Switch(config)#exit
Switch#show run
Building configuration...

Current configuration : 1447 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Switch
!
enable secret 5 $1$HkRl$LkvWMGqhk2n5pvW7DSJzd.
enable password 7 151C0418172538212B262727
!
no aaa new-model
switch 1 provision ws-c3750-24ts
ip subnet-zero
!

!
line con 0
password 7 071C36455A0A11
login
line vty 0 4
password 7 02050D480809
login
line vty 5 15
no login
!
end

Switch#

Much better! All passwords are now encrypted when displayed and when saved in a text file. Let’s save our changes by typing copy run start at the EXEC mode prompt:

Switch# copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Switch#

Thursday, December 1, 2011

Default Settings

Earlier when we were talking about the individual physical port settings, I said that although not specifically listed in the default configuration, all ports auto negotiate speed and duplex. There are many other default settings that do not show in the configuration file. If you do not configure the switch at all, the switch operates with these default settings:

• Default switch IP address, subnet mask, and default gateway is 0.0.0.0.
• Default domain name is not configured
• DHCP client is enabled, the DHCP server is enabled (only if the device acting as a DHCP server is configured and is enabled), and the DHCP relay agent is enabled (only if the device is acting as a DHCP relay agent is configured and is enabled).
• Switch stack is enabled (not configurable).
• Switch cluster is disabled.
• No passwords are defined.
• System name and prompt is Switch.
• NTP is enabled.
• DNS is enabled.
• TACACS+ is disabled.
• RADIUS is disabled.
• The standard HTTP server and Secure Socket Layer (SSL) HTTPS server are both enabled.
• IEEE 802.1x is disabled.
• Port parameters
– Operating mode is Layer 2 (switchport).
– Interface speed and duplex mode is autonegotiate.
– Auto-MDIX is enabled. Note In releases earlier than Cisco IOS Release 12.2(18)SE, the default setting for
auto-MDIX is disabled.
– Flow control is off.
– PoE is autonegotiate.
• No Smartports macros are defined.
• VLANs
– Default VLAN is VLAN 1.
– VLAN trunking setting is dynamic auto (DTP).
– Trunk encapsulation is negotiate.
– VTP mode is server.
– VTP version is Version 1.
– No private VLANs are configured.
– Voice VLAN is disabled.
• IEEE 802.1Q tunneling and Layer 2 protocol tunneling are disabled.
• For STP, PVST+ is enabled on VLAN 1.
• MSTP is disabled.
• Optional spanning-tree features are disabled.
• Flex Links are not configured.
• DHCP snooping is disabled. The DHCP snooping information option is enabled.
• IP source guard is disabled.
• Dynamic ARP inspection is disabled on all VLANs.
• IGMP snooping is enabled.
• IGMP throttling setting is deny.
• The IGMP snooping querier feature is disabled.
• MVR is disabled.
• Port-based traffic
– Broadcast, multicast, and unicast storm control is disabled.
– No protected ports are defined.
– Unicast and multicast traffic flooding is not blocked.
– No secure ports are configured.
• CDP is enabled.
• UDLD is disabled.
• SPAN and RSPAN are disabled.
• RMON is disabled.
• Syslog messages are enabled and appear on the console.
• SNMP is enabled (Version 1).
• No ACLs are configured.
• QoS is disabled.
• No EtherChannels are configured.
• IP unicast routing is disabled.
• No HSRP groups are configured.
• IP multicast routing is disabled on all interfaces.
• MSDP is disabled.
• Fallback bridging is not configured.

Most of the above items will be discussed in this document, but the more advanced options will not.

The Default Configuration Explanation, part 2

Next is no service password-encryption. What this means is that the enable, telnet and console passwords will NOT be encrypted when viewing the configuration file. From the perspective of security, this is not good. This is one of the first things we will change when we get to configuring the switch.

The following line is hostname Switch that tells us by default the name of the switch is Switch. This can be changed to just about anything, as long the name doesn’t contain spaces.

Following that is no aaa new-model. When configuring the switch for Radius or TACAS+ access and authentication, you will begin with the “aaa new-model” command. In its default configuration the switch is not configured for Radius or TACAS+ access.

Using the cables in the heavy pink plastic bags, the Catalyst 3750 can be ‘stacked’ together with up to 9 switches in the stack. The next line lists the switches currently configured in the stack. Since this is a stand-alone switch there is only one line: switch 1 provision ws-c3750-24ts. Had there been more, the list would look something like this:

switch 1 provision ws-c3750-24ts
switch 2 provision ws-c3750-24ts
switch 3 provision ws-c3750-24ts
switch 4 provision ws-c3750-24ts
switch 5 provision ws-c3750-24ts
switch 6 provision ws-c3750-24ts
switch 7 provision ws-c3750-24ts
switch 8 provision ws-c3750-24ts
switch 9 provision ws-c3750-24ts

As mentioned, up to 9 switches can be “stacked” together to form one cohesive switch manageable from one IP address. This is a very cool feature compared to the way the Catalyst 3500 series of switches ‘clustered’ together where each switch had to be accessed separately using the rcommand command to be configured.

The command ip subnet-zero allows the use of the first and last subnets in a given range. In pre CIDR (Classless Internet Domain Routing) days, if you had a large subnet the first and last subnets were reserved and not unusable. For example, if you had a class B block of IP addresses, 172.18.0.0/16, the first subnet, 172.18.0.0 and the last subnet 172.18.255.0 were not usable and IP addresses in those ranges could not be used. By using the ip subnet-zero command this limitation is over come.

The command file verify auto is not supported on the Cisco Catalyst 3750, hence the default no file verify auto command.

The next two commands, spanning-tree mode pvst and spanning-tree extend system-id, pertain to spanning tree. The spanning-tree mode pvst statement means that ‘per-vlan spanning tree (pvst)’ is enabled and that each vlan will have it’s own spanning tree instance running to calculate the layer 2 route back to the root device. system-id is an extension of the spanning tree protocol that adds the system-id to the priority portion of the bridge id when using PVST and Rapid PVST. We’ll cover more on spanning tree later in this document.

The Cisco Catalyst 3750 can support up to 4096 vlans ( numbered 0 - 4095) organized into several ranges. Vlan 1 is the default vlan with all ports on the switch being a member of vlan 1 unless configured otherwise. Vlans 2 – 1001 can be created and deleted as needed and are propagated via VTP. Vlans 1002 – 1005 are default vlans for fddi and token ring and cannot be deleted. Vlans 1006 – 4094 are local to the switch and allocated either ascending or descending. The default of ascending is evident by the vlan internal allocation policy ascending command in the default config. Vlans in the 1006 – 4094 are considered extended range vlans and are not stored in the vlan database and are not propagated via VTP. In fact, the switch must be in transparent mode (not part of a VTP domain) in order to use vlans 1006 and above.

After that are the individual physical interface settings. You will have FastEthernet1/0/1 through FastEthernet1/0/24 and GigabitEthernet1/0/1 and GigabitEthernet1/0/2 for a Catalyst 3750-24TS switch. Other models will have different/additional physical ports. Although not specifically listed in the default configuration, all ports auto negotiate speed and duplex.

Next comes the virtual interfaces, or vlans. By default you will have interface Vlan1 of which all physical interfaces belong to until configured otherwise.

Following vlans is the ip classless statement. IP classless allows for VLSM subnetting.

The next statement, ip http server, enables the web interface of the switch. In some instances you may want to disable this with the no ip http server command. But, if you plan to use Cisco’s free management utility, Cisco Network Assistant, you’ll need to leave it enabled.

After ip http server comes control-plane. The Control Plane Policing feature allows users to configure a quality of service (QoS) filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches against reconnaissance and denial-of-service (DoS) attacks. In this way, the control plane (CP) can help maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch. It is enabled by default and cannot be disabled.

Next is line con 0 which represents the serial console port on the switch. This is the port you plug the blue cable into configure the switch. It’s default settings are 9600, 8N1 and can be changed if you so choose to do so. You can also set a password and make other changes which we will cover later.

The same goes for line vty 0 4 and line vty 5 15, although these two statements represent settings for network connections via telnet or ssh (if supported on your release of the IOS). At a minimum, a password must be set and login enabled in addition to entering appropriate ip address information under vlan1 for network access to work. By default, login via network connections is disabled by the no login substatements.

The last statement, end, indicates the end of the configuration file.

The Default Configuration Explanation, part 1

The first line, Current configuration : 1265 bytes, tells us that the current configuration uses 1265 bytes of storage in flash. Of course, as we add commands to the configuration file this number will increase.

The line version 12.2 tells us the version of the IOS that the switch has booted from. In this case, IOS version 12.2-25 SEE(1).

The next line, no service pad, means that by default the service called pad is not enabled. Pad stands for ‘packet assembler/disassembler’. The scope of this document will not cover PAD devices and access servers.

The next two lines, service timestamps debug uptime and service timestamps log uptime deal with the service called timestamps. With debug uptime and log uptime enabled, making a configuration change and then showing the log will show a timestamp of when the change occurred:

Switch#show logging
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes,
0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 10 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 10 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Trap logging: level informational, 13 message lines logged

Log Buffer (4096 bytes):

00:03:40: %SYS-5-CONFIG_I: Configured from console by console
Switch#

In this example, the change was made 3 minutes 40 seconds after the switch was booted. Had it been configured with an IP address and timeserver, the second to last line would have looked like this:

Nov 15 13:51:06: %SYS-5-CONFIG_I: Configured from console by console

That line means that on Nov 15 at 13 hundred hours 51 minutes and 6 seconds the switch configuration was changed from the console by user console. Had this been a user logged in via telnet, the line would have read:

Nov 15 13:51:06: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168.1.45)

Not only did it log the date and time, but also the vty line number (0) and IP address of the user.

Logging is important in the overall scheme of managing your network and we’ll cover more logging options later.

Default configuration

The default configuration of the Cisco 3750 switch looks like the following. The next couple of posts will go into some detail as to what each line means so you may want to open this article in a separate window so you can follow along in the next few articles:

Switch#show run
Building configuration...

Current configuration : 1265 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
switch 1 provision ws-c3750-24ts
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet1/0/1
!
interface FastEthernet1/0/2
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end

Switch#

Wednesday, November 30, 2011

Let's Get Started

To get started, we are going to begin with a new switch, in this case a Cisco 3750-24TS, power it up and see what the output looks like.

Initial Power Up

Before plugging in the power cord to power up your switch, be sure to have the blue console cable plugged into the console port on the back of the switch. Plug the other end into the serial port of your computer and launch your favorite serial communications application. Make sure it is configured for 9600 baud, 8 data bits, no parity and 1 stop bit. Terminal emulation can be set for VT100.

When your console cable is connected to the switch and your computer and your terminal application is open and configured correctly, plug in the power cord to the switch. After a few seconds you’ll see something like the following output:

Base ethernet MAC Address: 00:0a:b8:01:25:80
Xmodem file system is available.
The password-recovery mechanism is enabled.
Initializing Flash...
flashfs[0]: 447 files, 7 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 8788480
flashfs[0]: Bytes available: 7210496
flashfs[0]: flashfs fsck took 9 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs) installed, fsid: 3
done.
Loading "flash:c3750-ipbase-mz.122-25.SEE1/c3750-ipbase-mz.122-25.SEE1.bin"...@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

File "flash:c3750-ipbase-mz.122-25.SEE1/c3750-ipbase-mz.122-25.SEE1.bin" uncompr
essed and installed, entry point: 0x3000
executing...

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(25)SEE1, RELEA
SE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 22-May-06 04:34 by yenanh
Image text-base: 0x00003000, data-base: 0x00EE3668

Initializing flashfs...

flashfs[1]: 447 files, 7 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 8788480
flashfs[1]: Bytes available: 7210496
flashfs[1]: flashfs fsck took 1 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.

Checking for Bootloader upgrade.. not needed

POST: CPU MIC register Tests : Begin
POST: CPU MIC register Tests : End, Status Passed

POST: PortASIC Memory Tests : Begin
POST: PortASIC Memory Tests : End, Status Passed

POST: CPU MIC PortASIC interface Loopback Tests : Begin
POST: CPU MIC PortASIC interface Loopback Tests : End, Status Passed

POST: PortASIC RingLoopback Tests : Begin
POST: PortASIC RingLoopback Tests : End, Status Passed

Waiting for Stack Master Election (around 30 seconds)...
POST: PortASIC CAM Subsystem Tests : Begin
POST: PortASIC CAM Subsystem Tests : End, Status Passed

POST: No Cable found on stack port 1
POST: No Cable found on stack port 2

POST: PortASIC Stack Port Loopback Tests : Begin
POST: PortASIC Stack Port Loopback Tests : End, Status Passed

POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed

Election Complete
Switch 1 booting as Master
Waiting for Port download...Complete

cisco WS-C3750-24TS (PowerPC405) processor (revision L0) with 118784K/12280K byt
es of memory.
Processor board ID CAT1025ZL4K
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:0A:B8:01:25:80
Motherboard assembly number : 73-9677-10
Power supply part number : 341-0034-01
Motherboard serial number : CAT10250T7G
Power supply serial number : DTH101903NJ
Model revision number : L0
Motherboard revision number : A0
Model number : WS-C3750-24TS-S
System serial number : CAT1025ZL4K
Top Assembly Part Number : 800-25857-02
Top Assembly Revision Number : D0
Version ID : V05
CLEI Code Number : CNMV100CRE
Hardware Board Revision Number : 0x01

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C3750-24TS 12.2(25)SEE1 C3750-IPBASE-M

Press RETURN to get started!

00:00:43: %STACKMGR-4-SWITCH_ADDED: Switch 1 has been ADDED to the stack
00:00:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state t
o down
00:00:45: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
00:01:05: %STACKMGR-5-SWITCH_READY: Switch 1 is READY
00:01:05: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to st
ate DOWN
00:01:05: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to st
ate DOWN
00:01:06: %STACKMGR-5-MASTER_READY: Master Switch 1 is READY
00:01:06: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(25)SEE1, RELEA
SE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 22-May-06 04:34 by yenanh

Would you like to terminate autoinstall? [yes]: yes

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>

You’ll notice that I answered ‘yes’ to the question asking me if I wanted to terminate autoinstall and ‘no’ to the question asking if we wanted to enter the initial configuration dialog. Autoinstall and the menu driven initial configuration dialog allow for retrieving configuration files stored on a central tftp server. For now, we’ll skip this feature and manually configure the switch as if it were an addition to our current network infrastructure.