Controlling ARP table entries on Windows

1. Displaying all ARP entries

arp -a

2. Adding a new ARP entry 

arp -s 99.99.99.99 11-22-33-44-55-66

To do this, make sure you run the Command Prompt as Administrator. Otherwise, this will show up:

Run as administrator as per below:

3. Deleting an ARP entry

arp -d 99.99.99.99

4. Deleting all ARP entries

arp -d -a 

How to enable telnet on Cisco Catalyst Switches?

Dear friends, we will discuss on how to enable telnet to Cisco Catalyst Switches and all other applicable devices.

1. First, we must configure the terminal lines, and we must set a password.

Switch#conf t Switch(config)#line vty 0 15 Switch(config-line)#password cisco Switch(config-line)#login Switch(config-line)#end

2. If you haven't configured the enable password for your switch, then you will need to do so. Otherwise, telnet will fail as well.

Switch#conf t Switch(config)#enable password cisco Switch(config)#end

3. Test the telnet connection using third party client such as PuTTY. Display should be as below.



I hope this post will benefit you guys. Thank you for dropping by.

- Soulpower

How to configure a VLAN Trunking Protocol (VTP) ?

Hi. Let's discuss on how to setup a basic VTP configuration.

Network setup

2 units of Cisco Catalyst 2950 are connected to each other via trunk port. SwitchA will be chosen as the VTP Server, SwitchB will be the VTP client.

Steps

1. This step is not compulsory. But to make it easier, I have reset my VLAN and VTP database to default settings. You can learn how to do it here.

SwitchA#sh vtp status VTP Version                     : 2 Configuration Revision          : 0 Maximum VLANs supported locally : 128 Number of existing VLANs        : 5 VTP Operating Mode              : Server VTP Domain Name                 : VTP Pruning Mode                : Disabled VTP V2 Mode                     : Disabled VTP Traps Generation            : Disabled MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 10.0.0.110 on interface Vl1 (lowest numbered VLAN interface found)

SwitchB#sh vtp status VTP Version                     : 2 Configuration Revision          : 0 Maximum VLANs supported locally : 128 Number of existing VLANs        : 5 VTP Operating Mode              : Server VTP Domain Name                 : VTP Pruning Mode                : Disabled VTP V2 Mode                     : Disabled VTP Traps Generation            : Disabled MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 10.0.0.111 on interface Vl1 (lowest numbered VLAN interface found)

2. Configure at least one trunk port on both switches, because VTP packets will use trunk port to communicate. In this case, I'm using port Fa0/8 on both switches as trunk port. ISL is not available on this switch, therefore, dot1q is used by default.

SwitchA(config)#int fa0/8 SwitchA(config-if)#switchport mode trunk SwitchA(config-if)#end

SwitchB(config)#int fa0/8 SwitchB(config-if)#switchport mode trunk SwitchB(config-if)#end

3. Verify your configuration. Make sure it's being set as trunk port. Catalyst 2950 is using dot1q as default trunking encapsulation, therefore, I don't need to configure it manually.

SwitchA#sh int f0/8 switchport Name: Fa0/8 Switchport: Enabled Administrative Mode: trunk Operational Mode: up Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Appliance trust: none

SwitchB#sh int f0/8 switchport Name: Fa0/8 Switchport: Enabled Administrative Mode: trunk Operational Mode: up Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Appliance trust: none

4. Now, let's configure VTP. Please make sure that the VTP domain name and VTP password is identical on both switches.

SwitchA(config)#vtp mode server Device mode already VTP SERVER. SwitchA(config)#vtp domain cisco Changing VTP domain name from NULL to cisco SwitchA(config)#vtp password cisco Setting device VLAN database password to cisco SwitchA(config)#end

SwitchB(config)#vtp mode client Setting device to VTP CLIENT mode. SwitchB(config)#vtp domain cisco Changing VTP domain name from NULL to cisco SwitchB(config)#vtp password cisco Setting device VLAN database password to cisco SwitchB(config)#end

5. Now we have configured VTP on both switches. Let's confirm that by turning on VTP debug events. I noticed that, as soon as a VLAN is added, VTP Server will send a summary packet to its VTP client, less than a second.

a) A VTP summary packet is being transmitted by SwitchA (VTP Server) via its trunk port Fa0/8 to all switches within its domain (cisco).
b) A VTP summary packet is being received by SwitchB via its trunk port Fa0/8 from SwitchA.

SwitchA#debug sw-vlan vtp events vtp events debugging is on SwitchA# SwitchA(config)#vlan 100 SwitchA(config-vlan)#name ciscovlan SwitchA(config-vlan)#end SwitchA# 00:28:56: VTP LOG RUNTIME: Transmit vtp summary, domain cisco, rev 1, followers 1, tlv blk size 5 (inc #tlv field),    MD5 digest calculated = 8D 6C F5 D2 A8 3D B0 F5 29 38 B0 A0 A7 01 6F EB 00:28:56: VTP LOG RUNTIME: Summary packet received, domain = cisco, rev = 1, followers = 1, length 77, trunk Fa0/8 00:28:56: VTP LOG RUNTIME: Summary packet rev 1 equal to domain cisco rev 1 00:28:56: VTP LOG RUNTIME: Subset packet received, domain = cisco, rev = 1, seq = 1, length = 228

SwitchB#debug sw-vlan vtp events vtp events debugging is on SwitchB# 00:50:42: VTP LOG RUNTIME: Summary packet received, domain = cisco, rev = 1, followers = 1, length 77, trunk Fa0/8 00:50:42: VTP LOG RUNTIME: Summary packet rev 1 greater than domain cisco rev 0 00:50:42: VTP LOG RUNTIME: Domain cisco currently not in updating state 00:50:42: VTP LOG RUNTIME: pdu len 77, #tlvs 1 00:50:42: VTP LOG RUNTIME: Subset packet received, domain = cisco, rev = 1, seq = 1, length = 228 00:50:42: VTP LOG RUNTIME: Transmit vtp summary, domain cisco, rev 1, followers 1, tlv blk size 5 (inc #tlv field),    MD5 digest calculated = 8D 6C F5 D2 A8 3D B0 F5 29 38 B0 A0 A7 01 6F EB

6. VTP Revision number is now increased by 1 value (from 0 to 1), and we can see VLAN 100 is also added on SwitchB which was being added on SwitchA.

SwitchA#sh vtp status VTP Version                     : 2 Configuration Revision          : 1 Maximum VLANs supported locally : 128 Number of existing VLANs        : 6 VTP Operating Mode              : Server VTP Domain Name                 : cisco VTP Pruning Mode                : Disabled VTP V2 Mode                     : Disabled VTP Traps Generation            : Disabled MD5 digest                      : 0x8D 0x6C 0xF5 0xD2 0xA8 0x3D 0xB0 0xF5 Configuration last modified by 10.0.0.110 at 3-1-93 00:28:56 Local updater ID is 10.0.0.110 on interface Vl1 (lowest numbered VLAN interface found) SwitchA#sh vlan VLAN Name                             Status    Ports ---- -------------------------------- --------- ------------------------------- 1    default                          active    Fa0/1, Fa0/5, Fa0/6, Fa0/7, Fa0/9, Fa0/10, Fa0/11, Fa0/12 100  ciscovlan                        active 1002 fddi-default                     act/unsup 1003 token-ring-default               act/unsup 1004 fddinet-default                  act/unsup 1005 trnet-default                    act/unsup VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1    enet  100001     1500  -      -      -        -    -        0      0 100  enet  100100     1500  -      -      -        -    -        0      0 1002 fddi  101002     1500  -      -      -        -    -        0      0 1003 tr    101003     1500  -      -      -        -    -        0      0 1004 fdnet 101004     1500  -      -      -        ieee -        0      0 1005 trnet 101005     1500  -      -      -        ibm  -        0      0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type              Ports ------- --------- ----------------- ------------------------------------------

SwitchB#sh vtp status VTP Version                     : 2 Configuration Revision          : 1 Maximum VLANs supported locally : 128 Number of existing VLANs        : 6 VTP Operating Mode              : Client VTP Domain Name                 : cisco VTP Pruning Mode                : Disabled VTP V2 Mode                     : Disabled VTP Traps Generation            : Disabled MD5 digest                      : 0x8D 0x6C 0xF5 0xD2 0xA8 0x3D 0xB0 0xF5 SwitchB#sh vlan VLAN Name                             Status    Ports ---- -------------------------------- --------- ------------------------------- 1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/9, Fa0/10, Fa0/11, Fa0/12 100  ciscovlan                        active 1002 fddi-default                     act/unsup 1003 token-ring-default               act/unsup 1004 fddinet-default                  act/unsup 1005 trnet-default                    act/unsup VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1    enet  100001     1500  -      -      -        -    -        0      0 100  enet  100100     1500  -      -      -        -    -        0      0 1002 fddi  101002     1500  -      -      -        -    -        0      0 1003 tr    101003     1500  -      -      -        -    srb      0      0 1004 fdnet 101004     1500  -      -      -        ieee -        0      0 1005 trnet 101005     1500  -      -      -        ibm  -        0      0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type              Ports ------- --------- ----------------- ------------------------------------------

Conclusion

• We can see that our VTP has been configured correctly, and we have verified that it's working fine as it should.
• Please be advised that VTP is a layer 2 Cisco Proprietary Protocol, please do not attempt to implement this on other switches. :)

I hope this post will benefit you guys. Thank you for dropping by.

- Soulpower

How to reset passwords on a Cisco Catalyst Switch ?

Hi, today we'll discuss on how to reset all passwords on a Cisco Catalyst switches.

Steps

1. Make sure you are connected to the switch via console connection.

2. Power down the switch.

3. While the switch is turned off, press and hold "Mode" button that is located in front, on the left side of the switch. Please refer below image.



4. Next, power on the switch. Remember, you still need to hold the "Mode" button.

5. Release the "Mode" button after approximately 5 seconds when the Status (STAT) LED goes out. When you release the Mode button, the SYST LED blinks amber.

6. The console message will be displayed like this:

C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1) Compiled Mon 22-Jul-02 17:18 by antonino WS-C2950-12 starting... Base ethernet MAC Address: 00:0d:bc:01:a0:40 Xmodem file system is available. The system has been interrupted prior to initializing the flash filesystem.  The following commands will initialize the flash filesystem, and finish loading the operating system software:     flash_init     load_helper     boot switch:

7. Enter command "flash_init".

switch: flash_init Initializing Flash... flashfs[0]: 7 files, 1 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 7741440 flashfs[0]: Bytes used: 3139072 flashfs[0]: Bytes available: 4602368 flashfs[0]: flashfs fsck took 5 seconds. ...done initializing flash. Boot Sector Filesystem (bs:) installed, fsid: 3 Parameter Block Filesystem (pb:) installed, fsid: 4 switch:

8. Then, enter command "load_helper", nothing will happen next.

switch: load_helper

9. Enter "dir flash:" command. The switch file system will be displayed as below.

switch: dir flash: Directory of flash:/ 2    -rwx  660       <date>               vlan.dat 7    -rwx  2412      <date>               config.text 3    -rwx  3132319   <date>               c2950-i6q4l2-mz.121-22.EA14.bin 5    -rwx  316       <date>               env_vars 6    -rwx  5         <date>               private-config.text 21   -rwx  109       <date>               info 22   -rwx  109       <date>               info.ver 4602368 bytes available (3139072 bytes used) switch:

10. Type in rename flash:config.text flash:config.old. config.text is where the password (that you have forgotten) is stored.

switch: rename flash:config.text flash:config.old

11. Enter "boot" command. This command will reboot the switch (obviously). 

switch: boot Loading "flash:/c2950-i6q4l2-mz.121-22.EA14.bin"...##############################################################

12. When you see "Press RETURN to get started!" , type rename flash:config.old flash:config.text to rename the configuration file to its original file.

SwitchB#rename flash:config.old flash:config.text Destination filename [config.text]

13. Then, type copy flash:config.text system:running-config to copy the configuration file into the memory.

SwitchB#copy flash:config.text system:running-config Destination filename [running-config]? 840 bytes copied in 0.772 secs (1088 bytes/sec) SwitchB#

14. Finally, please configure a new password to your Switch, and please remember it. Otherwise, you'll need to repeat these steps again. :D

SwitchB(config)#enable secret xxx SwitchB(config)#enable password xxx SwitchB(config)#line vty 0 15 SwitchB(config-line)#password xxx SwitchB(config-line)#login SwitchB(config)#line con 0 SwitchB(config-line)#password xxx

15. Write the running configuration to the configuration file with the write memory command.

SwitchB# write memory

I hope this post will benefit you guys. Thank you for dropping by.

- Soulpower

How to reset VLAN and VTP to factory default settings ?

Hi guys, let's discuss on how to reset VLAN and VTP database to factory default settings. This example is made by using Cisco Catalyst 2950.

Steps

1. VLAN and VTP information are stored in vlan.dat file which is located in flash.
2. To display files in flash, enter the command dir flash: or show flash. You will see the file vlan.dat.

SwitchB#dir flash: Directory of flash:/     2  -rwx         660  Mar 01 1993 02:13:00 +00:00  vlan.dat     7  -rwx        2412  Mar 01 1993 05:11:18 +00:00  config.old     3  -rwx     3132319  Mar 01 1993 00:09:35 +00:00  c2950-i6q4l2-mz.121-22.EA14.bin     4  -rwx         840  Mar 01 1993 02:40:48 +00:00  config.text     5  -rwx         316  Mar 01 1993 00:12:13 +00:00  env_vars    21  -rwx         109  Mar 01 1993 00:05:00 +00:00  info    22  -rwx         109  Mar 01 1993 00:07:55 +00:00  info.ver     8  -rwx           5  Mar 01 1993 02:40:48 +00:00  private-config.text 7741440 bytes total (4600832 bytes free) SwitchB#show flash Directory of flash:/     2  -rwx         660  Mar 01 1993 02:13:00 +00:00  vlan.dat     7  -rwx        2412  Mar 01 1993 05:11:18 +00:00  config.old     3  -rwx     3132319  Mar 01 1993 00:09:35 +00:00  c2950-i6q4l2-mz.121-22.EA14.bin     4  -rwx         840  Mar 01 1993 02:40:48 +00:00  config.text     5  -rwx         316  Mar 01 1993 00:12:13 +00:00  env_vars    21  -rwx         109  Mar 01 1993 00:05:00 +00:00  info    22  -rwx         109  Mar 01 1993 00:07:55 +00:00  info.ver     8  -rwx           5  Mar 01 1993 02:40:48 +00:00  private-config.text 7741440 bytes total (4600832 bytes free)

4. Delete the file by following below command.

SwitchB#delete flash:/vlan.dat Delete filename [vlan.dat]? Delete flash:/vlan.dat? [confirm]

5. Reload the switch by entering below command.

SwitchB#reload Proceed with reload? [confirm]

6. After reload, the VLAN and VTP data will be set to default settings.

SwitchB#sh vlan VLAN Name                             Status    Ports ---- -------------------------------- --------- ------------------------------- 1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4                                                 Fa0/5, Fa0/6, Fa0/7, Fa0/9                                                 Fa0/10, Fa0/11, Fa0/12 1002 fddi-default                     act/unsup 1003 token-ring-default               act/unsup 1004 fddinet-default                  act/unsup 1005 trnet-default                    act/unsup VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1    enet  100001     1500  -      -      -        -    -        0      0 1002 fddi  101002     1500  -      -      -        -    -        0      0 1003 tr    101003     1500  -      -      -        -    -        0      0 1004 fdnet 101004     1500  -      -      -        ieee -        0      0 1005 trnet 101005     1500  -      -      -        ibm  -        0      0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type              Ports ------- --------- ----------------- ------------------------------------------ SwitchB#sh vtp status VTP Version                     : 2 Configuration Revision          : 0 Maximum VLANs supported locally : 128 Number of existing VLANs        : 5 VTP Operating Mode              : Server VTP Domain Name                 : VTP Pruning Mode                : Disabled VTP V2 Mode                     : Disabled VTP Traps Generation            : Disabled MD5 digest                      : 0x3F 0x17 0xC8 0xB8 0x5A 0xE3 0x01 0x66 Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

I hope this post will benefit you guys. Thank you for dropping by.

- Soulpower

How to configure Switched Port Analyzer (SPAN) ?

Dear friends. Today, let's discuss on how to configure a SPAN port on a Cisco Switch.

Network Setup

MacBook 10.0.0.152/24 -->f0/9 L2 switch --> f0/1 L2 switch --> Unifi Router 10.0.0.99/24 --> Internet

Dell 10.0.0.151/24 --> f0/5 L2 switch --> f0/1 L2 switch --> Unifi Router 10.0.0.99/24 --> Internet

Plan

Macbook will generate traffic to the internet. Dell laptop will capture all it's live traffic using WireShark.

Terms

Source interface: The interface where the traffic will be captured.

Destination interface: The interface where all the captured traffic will be mirrored to.

Steps

1. At the L2 switch, configure the span source interface. In this case, I want to capture all of the traffic generated from MacBook to Internet. Therefore, port f0/1 will be used as span source interface because all traffic will go through this port to go to the internet.

Switch(config)#monitor session 1 source interface fastEthernet 0/1

2. Configure the destination interface. All traffic that is being captured at span source interface will be mirrored to this port.

Switch(config)#monitor session 1 destination interface fastEthernet 0/5

3. Please take note that the destination span port's protocol status will be changed to down once you've configured it as destination interface.

Switch#sh int f0/5 status Port      Name               Status       Vlan       Duplex  Speed Type Fa0/5                        monitoring   1          a-full  a-100 10/100BaseTX Switch#sh int f0/5 FastEthernet0/5 is up, line protocol is down (monitoring)

4. To check on current SPAN port setup on that switch.

Switch#show monitor session 1 Session 1 --------- Type              : Local Session Source Ports      :     Both          : Fa0/1 Destination Ports : Fa0/5     Encapsulation : Native           Ingress: Disabled

5. Live traffic that is being captured at port f0/1 of the L2 switch can be seen as per below. You're only seeing ICMP traffic because I'm generating continuous ping to 4.2.2.2 from the MacBook (10.0.0.152).

I hope that this post will benefit us all. Thank you for your time.

- Soulpower

2. VLANs and VLAN Trunking

VLAN

VLAN means Virtual Local Area Network, as you guessed it. Its function is to virtually separate ethernet devices or interfaces to a different segment or broadcast domain. We need VLANs because by separating broadcast domain to a smaller group, it will reduce broadcast traffic to the entire broadcast domain (entire broadcast domain means all devices that are connected to a single switch or hub in the same segment without any layer 3 device). How VLANs reduce broadcast traffic? It's simple. Broadcast sent by a device in one VLAN will only be forwarded to the other devices in the same VLAN. Therefore, devices in other VLANs will not be receiving the broadcast traffic, at the same time reducing switch's resources and loads.

In general, there are 2 types of VLANs. L2 VLAN and L3 VLAN. L means Layer in case you don't know. :P I know you must be wondering what's the differences of both VLANs, yes? Let's start with this. L2 VLAN does not have any IP address, but L3 VLAN owns an IP address and is represented as a subnet. Yes you are right. When it is Layer 3, then of course it can be routed in an IP network using routing protocols, as well as communicating with other VLANs. Please take note that unlike L3 VLAN, L2 VLAN devices cannot talk to each other unless there's a layer 3 device such as router configured as their default gateway.

Private VLANs

Will be updated soon.

VLAN Trunking Protocol (VTP)

Why do we need VTP and what is the benefit of using VTP to our network? Imagine if we have 100 switches and all of the switches needs to have the same VLAN configuration. Isn't that a lot of work for us to configure each 100 switches again and again with the same VLAN configuration? That's when VTP come to save us. If we use VTP, it advertises VLAN configuration information to the neighbouring switches so that VLAN configuration information needs to be made to only one switch, with all other switches in the network learning the VLAN information dynamically. So, we don't need to configure all 100 switches with the same VLAN configurations. Thanks to VTP!

VTP Modes

1. Server Mode - Originates VTP adv., processes and update its VLAN configs, Forward received VTP adv., Saves VLAN in NVRAM or VLAN.dat, can create, modify or delete VLANs.
2. Client Mode - Same as Server Mode but cannot create, modify or delete VLANs.
3. Transparent Mode - Same as Server Mode but cannot originate VTP adv., and do not process adv. to update its VLAN configs.

To be continued.

-Soulpower