Problem:

trying to find out which switch port a computer is connected to, the wall jack doesn’t have a label to tell the switchport.

Solutions:

Step 1 use command  terminal monitor

Step 2 disconnect/reconnect the computer from the network

The output shows the computer is connected to interface g1/0/44

Disconnection:

Mar 9 20:46:53.580 SV: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/44, changed state to down

Mar 9 20:46:54.594 SV: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/44, changed state to down

Connection:

Mar 9 20:47:02.311 SV: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/44, changed state to up
Mar 9 20:47:03.311 SV: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/44, changed state to up

• log into Cisco switch Ping device’s IP address first and

• find the mac address using show arp | include 99  (note: use include to filter the output)

• use show mac address-table | include 8cce (note: use part of the mac address to filter the result)

• Here, we know that the device is connect to port 9

Note: if the one switch is connected to another switch, we can use show cdp neighbors  and show cdp neighbors deail to find out the ip address of the connected switch  .

First, Plug in flash drive with the terminal up and pay attention what the device is identified as by runing:

show file systems

in this case we can see usbflash1 is the external USB drive

(The USB drive might need to be formatted as FAT. Can do it right within the router.  Here is the command format usbflash1: ) Please make sure to format the correct USB drive

Backup:

 copy run usbflash1:/

Restore:

copy usbflash1:/the-backup-file-name starup-config

show int transceiver detail

Problem:
restoring the switch config back to the same switch (or a different switch but same model) getting the following error:

BE53F687 895F9838 903D0EB1 CCAAE21A 9E469F58 822D81C7 71F60E02 8AA59F35
^
% Invalid input detected at ‘^’ marker.

25470847 E9CB8EA1 F41B5A59 3F68A7F2 23F23464 B889278F 1B981AA9 1C7EFD62
^
% Invalid input detected at ‘^’ marker.

F40E531C B06188A8 C32365FE C06786E8 0792BE2B 69DA5FFA 1D43E317 DD97DC84 F3
^
% Invalid input detected at ‘^’ marker.

quit
^
% Invalid input detected at ‘^’ marker.

8235 bytes copied in 85.270 secs (97 bytes/sec)

Solutions:

need to generate a new crypto key after restoring the switch

conf t

crypto key generate rsa modulus 2048

Decide Inbound or Outbound traffic?

image you are the router or switch.

Inbound: traffic arriving the router  Outbound: traffic leaving the router

An access-list applied outbound to a vlan interface filters traffic going TO machines on that vlan.

An access-list applied inbound to a vlan filters traffic coming FROM machines on that vlan.

To configure an Access List you must do the following two steps:

•    The first step is to create an Access List definition.

Standard : filters based on source  Range 1-99 or 1300-1999

Extended: filters based on source and destination protocol and port number.  Range 100-199 or 2000-2699

Access-list 110 permit/deny protocol  source address (+port number) destination address (+port number)

access-list 110 permit udp 10.0.0.0 0.0.0.255 eq bootpc  host 192.168.0.7 eq bootps

•    The second step is to apply it to an Interface.

int vlan 20

ip access-group 110 in (or out)

Show access-list

How to edit existing access control list rules

conf t

ip access-list extended 110

no 10 (order number) permit ip any any   (remove a rule)   or just no 10

15 permit ip any any ( add a rule between 10 and 20)

By default Queue 2 has the priority, 10% of the bandwidth.

This will impact ingress queue for all the ports.

cisco3750e-sw1(config)#mls qos srr-queue input priority-queue 2 bandwidth 20

this will give it 20% of the bandwidth.

Common DSCP   Values

enable

conf  t

hostname abc

banner motd ? Unauthorized access is not ok ?

no IP domain-lookup

ip domain-name abc.com

crypto key generate rsa   (use 2048)

ip ssh version 2

enable secret abc

username admin  secret 12345

(if use command “username admin privilege 15 secret 12345″, the user admin has the “enable” access right way once login to the device without typing “enable”. note: the privilege 15 is not working when using aaa new-model, aaa authentication enable default enable )

line vty 0  4

logging synchronous

login local

transport input ssh (only allow ssh connection.  To enable ssh, please run hostname, ip domain-name and crypto key generate rsa first)

transport output ssh

exec-timeout 0 0 (minutes  seconds, 0 means unlimited)

(note: in Cisco packet tracer,  using “transport input ssh telnet”  packet tracer says that telnet is invalid input. If I swap ssh and telnet, it says ssh is invalid. There must be a bug in packet tracer. “transport input ssh telnet” works on cisco switch 3750 )

line con 0

login local

logging sync

line vty 5 15

no login

vlan 10

name server

interface vlan 10

ip address 1.1.1.1 255.255.255.0

interface vlan 1

ip address 10.10.10.10  255.255.255.0

no shutdown

int g1/0/1

switchport mode access

switchport access vlan 10

interface g1/0/23

switchport trunk encapsulation dot1q  (for older switches)

switchport mode trunk

switchport nonegeotiate

int g1/0/2 (for a layer 3 switch or a router, assign a physical port ip address)
no switchport
ip address 2.2.2.2 255.255.255.0

Vtp mode transparent

Ntp server 132.246.11.227  (or use 216.239.35.4)

Clock timezone AST -4

Clock summer-time ADT recurring

No vstack

Ip default-gateway 192.168.30.111    ****** (don’t use if ip route is enabled)

* configure and verify EtherChannel (port channel)

int range g1/0/1-2

channel-group 1 mode active  (using LACP mode, the connected partner switch needs to use passive.  choose desirable/auto if prefer PAGP mode, which is Cisco proprietary protocol)

show etherchannel summary; show etherchannel port-channel; show  interfaces port-channel 1(show etherchannel status)

service password-encryption (optional, if not using secret for enable password and use line vty password)

ntp server x.x.x.x        (132.246.11.227)

(config): clock timezone cst -6 0

clock summer-time cst recurring