Cisco Catalyst 6506-E Switch

Dec 13 2008   6:27AM GMT

How to configure an interface to default settings in a Cisco Switch or a Cisco Router?

Posted by: Yasir Irfan
Switches, Cisco, Routers, Switching, Routing and Switching, Cisco IOS, Routing, Cisco 2960, Cisco 2950, Cisco 6500, Cisco Tips, Cisco 3560, Cisco 3745, Cisco 3750-E, Router Troubleshooting, Cisco 877W Router, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch

This is a cool command to erase just the configuration for a particular interface in a Cisco Switch or a Cisco Router.

In the following example we will configure the interface fast Ethernet 0/9  to default configuration

Current Configuration for fast Ethernet 0/9  

ITKE-Cisco#sho running-config interface fastEthernet 0/9

Building configuration…

 

Current configuration : 85 bytes

!

interface FastEthernet0/9

 switchport access vlan 100

 switchport mode access

end

ITKE-Cisco

 

Now we will configure the fast Ethernet 0/9 to default configuration using the following command

“default interface fastEthernet 0/9” 

ITKE-Cisco#configure t

Enter configuration commands, one per line.  End with CNTL/Z.

ITKE-Cisco(config)#default interface fastEthernet 0/9

Interface FastEthernet0/6 set to default configuration

ITKE-Cisco(config)#

 

Running configuration for fast Ethernet 0/9 after configuring to default settings

ITKE-Cisco#sho running-config interface fastEthernet 0/9

Building configuration…

 

Current configuration : 68 bytes

!

interface FastEthernet0/9

 switchport mode dynamic desirable

end

 

ITKE-Cisco#

Dec 2 2008   7:30AM GMT

How to configure SPAN(Switched Port Analyzer ) feature in a Cisco Catalyst Switch

Posted by: Yasir Irfan
Switches, Cisco, Switching, Cisco IOS, Wireshark, Cisco 2960, Cisco 2950, Cisco 6500, Cisco Tips, Cisco 3560, Cisco 3745, Cisco Learning, Cisco 3750-E, Cisco 3560-E, Network Troubleshooting, Show commands, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch, SPAN, Sniifer

It’s quite important for Network Engineers and an essential network troubleshooting technique to utilize the ability of Cisco Catalyst Switches to mirror the traffic and send it to a sniffer for analysis. All Cisco Catalyst Switches support the Switched Port Analyzer (SPAN) feature. The SPAN copies traffic from the specified interface or VLANs and mirrors this traffic to a specified destination interface (SPAN interface).  Then you can connect the PC with a sniffing tool (Wireshark) installed on the destination SPAN interface to capture all the mirrored traffic.Let’s see how to configure the SPAN in Cisco Catalyst Switches.  To enable the switch SPAN mirroring feature configure the following on the catalyst switch: Configuration Example - Monitoring traffic from a specific interfaceITKEAS01#configure tITKEAS01(config) monitor session 1 source interface gigabitEthernet 0/5

ITKEAS01(config)#monitor session 1 destination interface gigabitEthernet 0/10 

The  above configuration will capture all traffic from interface gigabitEthernet 0/5  and send it to SPAN port interface gigabitEthernet 0/10 

Configuration Example - Monitoring an entire VLAN traffic
ITKEAS01(config)#monitor session 1 source vlan 100
ITKEAS01(config) monitor session 1 destination interface gigabitEthernet 0/10 The  above configuration will capture all traffic of VLAN 100 and send it to SPAN port interface gigabitEthernet 0/10

Use  show monitor session 1 to verify your configuration.

Nov 22 2008   12:56PM GMT

How to configure DHCP Snooping in a Cisco Catalyst Switches.

Posted by: Yasir Irfan
Networking, DHCP, Switches, Cisco, Switching, Routing and Switching, CCNP, Cisco IOS, Cisco 2960, Cisco 2950, HSRP, Cisco 6500, Cisco Tips, Cisco 3560, Cisco Learning, Server Security, Cisco 3750-E, Cisco 3560-E, IOS commands, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch, DHCP Snooping, Configuring DHCP Snooping, 802.1 Q, Trunk Ports

 So here we go, with the configuration of DHCP snooping on a Cisco Switch. This feature protects the network by allowing the Cisco Switches to accept DHCP response message only from the authorized servers connected to the trusted interfaces in a Cisco Switch.

All Switch to  Switch connections are configured as 802.1 1Q Trunk ports.

IP Address and HSRP Details for the Core Switches  From the above scenario we have two Cisco 6513 Series Switches as a Core/ Distribution with three VLANS one for management of Switches VLAN 50,VLAN 100 for all the servers and VLAN 101 for clients. Two Cisco 3560 Series Switches as Server Farm Switches and a Cisco 3560 Series Switch as an Access Switch.There are two DHCP servers with an IP address 10.0.1.100 and 10.0.1.101 connected with Server Farm Switches with HP NIC teaming. We configure DHCP Snooping based on above scenario. 

The first step to configure DHCP Snooping is to turn on DHCP snooping in all Cisco Switches using the “ip dhcp snooping” command. 

All Cisco Switches (config)#ip dhcp snooping  Second step is to configure the trusted interfaces, from the above scenario all trunk ports are configured as trusted ports as well as the interfaces G0/7,(ITKESF01 50.0.0.6),  G0/17,(ITKESF02 50.0.0.7),  G0/9 ITKESF01 50.0.0.6)  and G0/18 ITKESF02 50.0.0.7)  connected to DHCP servers with IP 10.0.1.100 and 10.0.1.101. Lets configure all trunk ports in ITKEBB01 

ITKEBB01(config)#interface range  gigabitEthernet 3/21 - 23

ITKEBB01 (config-if)#ip dhcp snooping trust 

Now let’s configure all trunk ports in ITKEBB02 

ITKEBB02(config)#interface range  gigabitEthernet 3/21 - 23 ITKEBB02 (config-if)#ip dhcp snooping trust 

ITKEBB02 (config)#interface gigabitEthernet 3/16

ITKEBB02 (config-if)#ip dhcp snooping trust 

Now let’s configure the trusted ports for the DHCP servers  

ITKESF01(config)#interface gigabitEthernet 0/7

ITKESF01 (config-if)#ip dhcp snooping trust 

ITKESF01(config)#interface gigabitEthernet 0/17 ITKESF01 (config-if)#ip dhcp snooping trust 

ITKESF02(config)#interface gigabitEthernet 0/9

ITKESF02 (config-if)#ip dhcp snooping trust 

ITKESF02(config)#interface gigabitEthernet 0/18 ITKESF02 (config-if)#ip dhcp snooping trust 

Now let’s configure the trunk ports  Access Switch ITKEAS01 

ITKEAS01(config)#interface range  gigabitEthernet 0/49 - 52

ITKEAS01 (config-if)#ip dhcp snooping trust 

Finally we are going to configure VLANS for DHCP snooping DHCP snooping will used on all the VLANs (VLAN 100 & 101)except management VLAN 50 . Also we will limit the requests rate received in the Access Switch (ITKEAS01)  ALL SWITCHES(config)# ip dhcp snooping VLAN 100,101 

ITKEAS01(config)#interface range  gigabitEthernet 0/1 - 48

ITKEAS01 (config-if)#ip dhcp snooping limit rate 20

Displaying the DHCP snooping  

For further reference please do check this article from Cisco about DHCP snooping.

Nov 20 2008   7:54AM GMT

What is Dynamic Host Configuration Protocol (DHCP) Snooping?

Posted by: Yasir Irfan
Network Security, Security, DHCP, Switches, Cisco, Switching, Cisco 2960, Cisco 6500, Cisco Tips, Cisco 3560, Cisco 3745, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch, DHCP Snooping

Dynamic Host Configuration Protocol (DHCP) Snooping is a security feature which filters untrusted DHCP messages, this security feature can protects the devices on the network from associating with an unauthorized DHCP server. When the Dynamic Host Configuration Protocol (DHCP) Snooping feature is enabled on a Cisco Switch , the Cisco Switch builds a table of MAC address, IP address lease time , binding type and interface information. In coming posts I will try to explain to how to enable and configure the Dynamic Host Configuration Protocol (DHCP) snooping security feature in a Cisco Switch.

Nov 17 2008   5:16AM GMT

In which slot shall we install the Supervisor Engine in Cisco 6500 Series Catalyst Switches -Series2

Posted by: Yasir Irfan
Switches, Cisco, Switching, Routing and Switching, Cisco 6500, Cisco Tips, Network Troubleshooting, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco Catalyst 6506-E Switch, SUP720, Supervisor Engine

Dear Friends in one of my previous post I did explained in which slot the Supervisor Engine SUP720  to be installed in a Cisco 6500 Series Switches. Now let’s proceed further and figure out in a Cisco Catalyst 6506-E Switch, in a Cisco Catalyst 6506-E Switch the  Supervisor Engine SUP720 is either installed in slot 5 or 6.

Nov 9 2008   6:51AM GMT

Don’t panic whenever you see %IP-4-DUPADDR: Duplicate address error log in your Cisco 6500 Switches running HSRP

Posted by: Yasir Irfan
Networking, Switches, Cisco, Switching, Routing and Switching, Hot Standby Router Protocol, HSRP, Cisco 6500, Cisco Tips, Network Troubleshooting, Trojan, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch

If you are running HSRP and one of your VLAN is down and the following errors are generated in your Switch don’t panic. All this happens due the Trojans in the network.

MBGF-DAC-6500-BB01#sho log

Nov  9 07:54:21: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:54:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:55:22: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:55:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:56:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.1 256 packets

Nov  9 07:56:22: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:56:52: %IP-4-DUPADDR: Duplicate address 10.12.0.1 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:57:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.2 263 packets

Nov  9 07:57:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.7 200 packets

Nov  9 07:57:22: %IP-4-DUPADDR: Duplicate address 10.12.0.1 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:57:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

MBGF-DAC-6500-BB01#

Last week at 3 A.M I received a call from our Help Desk, stating our applications are not running in one our departments. I logged remotely to our Network and try figured out what is problem. Upon carefully looking at the logs in our Cisco 6513 core Switches I figured out a duplicate IP address is created which happens to be the Standby IP address for the Core Switch for HSRP.

I figured out the PC by looking the at mac address generated in the log and closed the network connection for that particular PC and the problem was solved.

If you face similar problems its better to change the HSRP Standby IP address in Core Switches and then try figure out the infected PC. Once the PC is figured out close the network connection and make sure the Trojans are removed. Upon cleaning the infected PC you can reconfigure the HSRP Standby IP address to the previous one.

Once I get the complete solution to fix this problem I will post it.

Oct 26 2008   5:55AM GMT

In which slot shall we install the Supervisor Engine in Cisco 6500 Series Catalyst Switches -Series1

Posted by: Yasir Irfan
Networking, Switches, Cisco, DataCenter, Cisco IOS, Cisco 6500, Cisco Tips, Module, Cisco Design, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch, Slot

Dear Friends the Cisco 6500 Series Catalyst Switch comes in different models like Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch and Cisco Catalyst 6513 Switch. But is there any specific slot assigned in these switches to install the Supervisor Engine SUP720? Yes there are specified slots assigned to install the Supervisor Engine SUP720  in any of the Cisco 6500 Series Switches.

 

Picture Courtesy: Cisco Systems

Now let’s find out these details,

The Cisco Catalyst 6503-E Switch comes with three slot chassis. In the Cisco Catalyst 6503-E Switch the first two slots are reserved for Supervisor Engine SUP720, if you have one Supervisor Engine SUP720 then you can install the Supervisor Engine SUP720 module either in slot 1 or slot 2.

I will cover these details for other models in my next post.