النتائج 1 إلى 7 من 7

الموضوع: Completely Clearing a Cisco Switch

  1. #1
    عضو برونزي الصورة الرمزية one-zero
    تاريخ التسجيل
    Jul 2007
    المشاركات
    8,296
    معدل تقييم المستوى
    59

    Completely Clearing a Cisco Switch



    Completely Clearing a Cisco Switch…The Easy Way!

    Clearing out a Cisco switch configuration is always a pain because VLANs are kept in a seperate file from the startup-config (NVRAM). There’s two ways to clear a switch back to the factory defaults - the easy way and the REALLY easy way:

    The easy way -

    Switch# write erase
    Switch# delete flash:vlan.dat
    Switch# reload

    The REALLY easy way -

    Hold the “mode” button on the front of the switch for 10 seconds. The lights will blink then go solid - the switch completely wipes all configuration and then reboots. Obviously, this method only works on stackable switches as the chassis based switches do not have mode buttons.

    Comments
    Umm, is it me or is this not a terribly great feature. I know physical security is part of maintaining a secure environment, but this kind of kicks that higher up the requirements chain.

    Any know of a way of disabling this ‘feature’?

    Posted by: Scared at May 20, 2007 7:21 PM

    In my experience this does not wipe the switch at all, it just renames the configfiles and reboots.

    “no setup express” disables the button.

    Posted by: ior at May 25, 2007 3:08 PM

    Let’s attempt to replicate this on a 3560 and see what happens.

    Let’s go ahead and add some vlans, vtp config, and some descriptions on the first 5 interfaces:
    Switch(config)#vtp domain CISCO
    Changing VTP domain name from NULL to CISCO
    Switch(config)#vtp mode server
    Device mode already VTP SERVER.
    Switch(config)#vtp password PASSWORD
    Setting device VLAN database password to PASSWORD
    Switch(config)#int range fa0/1 - 5
    Switch(config-if-range)#desc -> I like beer!!!
    Switch(config-if-range)#vlan 2-10,13,69
    Switch(config-vlan)#^Z
    Switch#sh vtp
    00:07:19: %SYS-5-CONFIG_I: Configured from console by consolestatus
    VTP Version : 2
    Configuration Revision : 1
    Maximum VLANs supported locally : 1005
    Number of existing VLANs : 16
    VTP Operating Mode : Server
    VTP Domain Name : CISCO
    VTP Pruning Mode : Disabled
    VTP V2 Mode : Disabled
    VTP Traps Generation : Disabled
    MD5 digest : 0×9C 0×62 0xCB 0xFE 0xB7 0×89 0×4A 0xB8
    Configuration last modified by 0.0.0.0 at 3-1-93 00:07:19
    Local updater ID is 0.0.0.0 (no valid interface found)
    Switch#sh vlan sum
    Number of existing VLANs : 16
    Number of existing VTP VLANs : 16
    Number of existing extended VLANs : 0

    Switch#sh int desc
    Interface Status Protocol Description
    Vl1 admin down down
    Fa0/1 down down -> I like beer!!!
    Fa0/2 down down -> I like beer!!!
    Fa0/3 down down -> I like beer!!!
    Fa0/4 down down -> I like beer!!!
    Fa0/5 down down -> I like beer!!!

    and the hostname

    Switch(config)#hostname sw1
    sw1(config)#^Z
    sw1#
    00:08:10: %SYS-5-CONFIG_I: Configured from console by console
    sw1#write
    Building configuration…
    [OK]

    Now let’s take a look at the flash:
    sw1#sh flash

    Directory of flash:/

    2 -rwx 1216 Mar 01 1993 00:07:19 vlan.dat
    3 -rwx 5 Mar 01 1993 00:08:26 private-config.text
    5 drwx 192 Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d
    85 -rwx 3485 Mar 01 1993 00:08:26 config.text

    15998976 bytes total (9540608 bytes free)

    Let’s go ahead and hold the mode button for 10 seconds:

    As I hold the mode button - STAT, DUPLX, SPEED, and PoE lights blink together and then go solid. I stop pushing the mode button at that point.

    Notice this message after I release the mode button:
    sw1#
    00:09:18: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of nvram
    00:09:18: %EXPRESS_SETUP-6-CONFIG_IS_RESET: The configuration is reset and the system will now reboot
    00:09:19: %SYS-5-RELOAD: Reload requested

    The switch comes back up:
    Switch uptime is 2 minutes
    System returned to ROM by power-on

    Switch#sh start
    startup-config is not present
    Switch#sh flash

    Directory of flash:/

    2 -rwx 1216 Mar 01 1993 00:07:19 vlan.dat
    3 -rwx 5 Mar 01 1993 00:08:26 private-config.text.renamed
    5 drwx 192 Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d
    85 -rwx 3485 Mar 01 1993 00:08:26 config.text.renamed

    15998976 bytes total (9540608 bytes free)

    The VTP configuration is still intact (due to vlan.dat not being deleted):
    Switch#sh vtp statu
    VTP Version : 2
    Configuration Revision : 1
    Maximum VLANs supported locally : 1005
    Number of existing VLANs : 16
    VTP Operating Mode : Server
    VTP Domain Name : CISCO
    VTP Pruning Mode : Disabled
    VTP V2 Mode : Disabled
    VTP Traps Generation : Disabled
    MD5 digest : 0×9C 0×62 0xCB 0xFE 0xB7 0×89 0×4A 0xB8
    Configuration last modified by 0.0.0.0 at 3-1-93 00:07:19
    Local updater ID is 0.0.0.0 (no valid interface found)
    Switch#sh vlan sum
    Number of existing VLANs : 16
    Number of existing VTP VLANs : 16
    Number of existing extended VLANs : 0

    Interesting. The startup-configuration is blown away but still appears in flash, albeit with “renamed” tacked on the end. The vlan.dat file is still present, so we retain our VTP settings. The private-config.text* file has also been retained, but with “renamed” appended to it as well.

    * According to this page, the private-config.text file is used by Cisco devices to store things like crypto private keys.

    Let’s remove the “renamed” portion of the config.text file and restore our startup-configuration:

    Switch#rename flash:config.text.renamed flash:config.text
    Destination filename [config.text]?

    Switch#sh start
    Using 3485 out of 524288 bytes
    !
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname sw1
    !
    !
    ip subnet-zero
    !
    !
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    !
    !
    interface FastEthernet0/1
    description -> I like beer!!!
    no ip address
    no mdix auto
    !
    interface FastEthernet0/2
    description -> I like beer!!!
    no ip address
    no mdix auto
    …..

    So the config.text.renamed is the startup config. It’s good to know that this is still around. We can just rename it and then do “copy start run”

    Switch#copy start run
    %% Non-volatile configuration memory invalid or not present

    Zoiks!!! Maybe not!

    Let’s rename the private-config file and see if that helps.

    Switch#$hrivate-config.text.renamed flashrivate-config.text
    Destination filename [private-config.text]?
    Switch#sh flash

    Directory of flash:/

    2 -rwx 1216 Mar 01 1993 00:07:19 vlan.dat
    3 -rwx 5 Mar 01 1993 00:08:26 private-config.text
    5 drwx 192 Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d
    85 -rwx 3485 Mar 01 1993 00:08:26 config.text

    15998976 bytes total (9540608 bytes free)

    Switch#copy start run
    %% Non-volatile configuration memory invalid or not present

    Nope. Interesting. Well a reload ought to do the trick

    Switch#reload
    Proceed with reload? [confirm]

    00:27:04: %SYS-5-RELOAD: Reload requested
    And it works:

    sw1>en
    sw1#sh run
    Building configuration…

    Current configuration : 3512 bytes
    !
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname sw1
    !
    !
    ip subnet-zero
    !
    !
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    !
    !
    interface FastEthernet0/1
    description -> I like beer!!!
    no ip address
    ……

    Okay. Let’s see if we can turn this behavior off by configuring “no express setup”:

    sw1(config)#no setup ?
    express Configure whether express setup mode is enabled

    sw1(config)#no setup express

    Let’s see what’s in flash and then write the config:
    sw1#sh flash

    Directory of flash:/

    2 -rwx 3378 Mar 01 1993 00:06:38 config.text
    3 -rwx 5 Mar 01 1993 00:06:38 private-config.text
    4 -rwx 976 Mar 01 1993 00:10:31 vlan.dat
    5 drwx 192 Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d

    15998976 bytes total (9541120 bytes free)
    sw1#write
    Building configuration…
    [OK]
    sw1#

    Now let’s hold the mode button and see what happens.

    Not a damned thing!!! :-) I held the mode button down and all it ever did was move the light from STAT to DUPLX.

    I would say that “no express setup” is a great command to throw into your base configuration for all of your switches. While holding down the mode button until the lights are solid will default your configuration, that configuration will not be lost and your vlan.dat file will not be deleted (your vtp configuration will persist). At least on the 3560, this is not a method that will acheive the same results as write erase, delete flash:vlan.dat, reload.

    For comparison, here’s what happens with when we do these steps:

    sw1#sh flash

    Directory of flash:/

    2 -rwx 5 Mar 01 1993 00:11:59 private-config.text
    4 -rwx 976 Mar 01 1993 00:10:31 vlan.dat
    5 drwx 192 Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d
    85 -rwx 3555 Mar 01 1993 00:11:59 config.text

    15998976 bytes total (9541120 bytes free)
    sw1#write erase
    Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
    [OK]
    Erase of nvram: complete
    sw1#sh fla
    00:16:59: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of nvram

    Write erase deletes “private-config.text” and “config.txt” from flash:
    sw1#sh flash

    Directory of flash:/

    4 -rwx 976 Mar 01 1993 00:10:31 vlan.dat
    5 drwx 192 Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d

    15998976 bytes total (9545216 bytes free)
    sw1#delete flash:vlan.dat
    Delete filename [vlan.dat]?
    Delete flash:vlan.dat? [confirm]
    sw1#sh flash

    Directory of flash:/

    5 drwx 192 Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d

    15998976 bytes total (9546240 bytes free)
    sw1#sh start
    startup-config is not present
    sw1#reload

    System configuration has been modified. Save? [yes/no]: no
    Proceed with reload? [confirm]

    00:18:44: %SYS-5-RELOAD: Reload requested
    ….

    After the reload:
    Switch>en
    Switch#sh flash

    Directory of flash:/

    5 drwx 192 Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d

    15998976 bytes total (9546240 bytes free)


    --------------------------------------------------------------------------------
    To summarize: Resetting the switch will not acheive the same result as deleting the vlan.dat, doing a “write erase”, and then reloading the switch. It will blow away your startup-configuration, but the good news is that you can easily recover that file (along with the private-config.text file) and restore your configuration by just renaming a couple of files and reloading. I would strongly recommend disabling this “feature” by using the “no express setup” command in your switch’s configuration. There is no reason to allow someone to blow away your switch’s configuration by simply pressing a button.
    [CENTER][SIZE=4]{[COLOR=red]وَإِذْ يَمْكُرُ بِكَ الَّذِينَ كَفَرُوا لِيُثْبِتُوكَ أَوْ يَقْتُلُوكَ أَوْ يُخْرِجُوكَ وَيَمْكُرُونَ وَيَمْكُرُ اللَّهُ وَاللَّهُ خَيْرُ الْمَاكِرِينَ[/COLOR]}[/SIZE][SIZE=4]…[/SIZE][SIZE=6][SIZE=4](الأنفال:30)
    [URL="http://www.facebook.com/pages/yasserauda/215036411882800"]للتواصل معي عبر الفيس بوك اضغط هنا
    [/URL][URL="http://www.youtube.com/watch?v=37LoZWjv1HE&feature=player_profilepage"][/URL][URL="http://www.facebook.com/pages/yasserauda/215036411882800"] صفحتي الخاصه على الفيس بوك
    [/URL][URL="http://www.facebook.com/pages/Mentored-Learning-New-Horizons-Dubai/234720379925819"]صفحة التعليم الارشادي على الفيس بوك
    [/URL][URL="http://www.youtube.com/user/yasserramzyauda"]قناتي على اليوتيوب
    [/URL][/SIZE][/SIZE][SIZE=3][URL="http://yasserauda.blogspot.com/"]مدونتي الخاصه[/URL][/SIZE][/CENTER]

  2. #2
    عضو فضي الصورة الرمزية ahab
    تاريخ التسجيل
    Mar 2008
    المشاركات
    2,669
    الدولة: Saudi Arabia
    معدل تقييم المستوى
    15

    رد: Completely Clearing a Cisco Switch

    ألف شكر يا باشمهندس ياسر على هذا الشرح الجميل

    بارك الله فيك وغفر لك ولوالديك

    وجزاك الله خير الجزاء .

  3. #3
    عضو الصورة الرمزية nasser23
    تاريخ التسجيل
    Jan 2007
    المشاركات
    177
    الدولة: Iraq
    معدل تقييم المستوى
    0

    رد: Completely Clearing a Cisco Switch

    شكر جزيلا
    ومجهود رائع
    ومن يهب صعود الجبال يعش ابد الدهر بين الحفر

  4. #4
    عضو
    تاريخ التسجيل
    Mar 2006
    المشاركات
    333
    معدل تقييم المستوى
    0

    رد: Completely Clearing a Cisco Switch

    thanks

  5. #5
    عضو برونزي الصورة الرمزية Nightspy
    تاريخ التسجيل
    May 2007
    المشاركات
    1,573
    معدل تقييم المستوى
    12

    رد: Completely Clearing a Cisco Switch

    يعنى اول ثلالث اوامر يخلوا السويتش كانه جديد من جمييييييييييييييييييع انواع الاوامر التى وضعت علية مسبقا ؟؟؟؟
    [SIZE=1][B][B]..||..[/B][/B][/SIZE][SIZE=1][B][B][URL="http://www.arabhardware.net/forum/showthread.php?t=125858"]حمل جميع محاضرات احمد نبيل R&S من رفعى[/URL]..||..[/B][/B][B][B][COLOR=Red][URL="http://www.arabhardware.net/forum/showthread.php?t=119516"]شرح IS-IS[/URL][/COLOR]..||..[/B][/B][B][URL="http://www.arabhardware.net/forum/showthread.php?t=108310"][B]شرح IPv6,OSPFv3 [/B][/URL][B]..||..[URL="http://www.arabhardware.net/forum/showthread.php?t=108310"].[/URL][/B][/B][URL="http://www.arabhardware.net/forum/showthread.php?t=100662"][B]شرح كامل للOSPF[/B][/URL][B][B]..||..[/B][/B][URL="http://www.arabhardware.net/forum/showthread.php?t=91625"][B]حصريا شرح الEigrp[/B][/URL][B][B]..||..[/B][/B][B][URL="http://www.arabhardware.net/forum/showthread.php?t=93682"]كن خبير لتحليل ترافيك شبكتك مع شرحWireShark[/URL][/B][B][B]..||..[/B][/B][URL="http://www.arabhardware.net/forum/showthread.php?t=94484&highlight=iptv"][B]مقال عن تقنية الIPTV[/B][B][B]..||..[/B][/B][/URL][B][URL="http://www.arabhardware.net/forum/showthread.php?t=93854"]جميع اوامر الروتنجIOS[/URL][/B][B][B]..||..[/B][/B][B][URL="http://www.arabhardware.net/forum/showthread.php?t=94813"]أفضل برنامج لرسم وتخطيط الشبكات وبدون تنصيب[/URL][/B][B][B]..||..

    [/B][/B] [URL="http://badr-call-manager.blogspot.com/"][IMG]http://muslimtech.files.wordpress.com/2010/06/blog-badr-banner.jpg[/IMG][/URL]
    [URL="http://mohammad.islamway.com/"][B]سيرة أشرف من مس هذا الكوكب بقدمه وبجميع اللغات[/B][/URL]

    [/SIZE]

  6. #6
    مخالف للقوانين
    تاريخ التسجيل
    Sep 2007
    المشاركات
    4,716
    معدل تقييم المستوى
    0

    رد: Completely Clearing a Cisco Switch

    merci

  7. #7
    NumberOne
    زائر

    رد: Completely Clearing a Cisco Switch



    ThAnKs MaN

المواضيع المتشابهه

  1. CISCO SWITCH 6500
    بواسطة nib_net2000 في المنتدى الأرشيف
    مشاركات: 3
    آخر مشاركة: 22-04-2011, 20:16
  2. Switch Simulator cisco
    بواسطة oldtown في المنتدى الأرشيف
    مشاركات: 5
    آخر مشاركة: 17-03-2011, 10:38
  3. cisco switch 3550 POE
    بواسطة wessam gharip في المنتدى الأرشيف
    مشاركات: 2
    آخر مشاركة: 04-09-2010, 21:54
  4. Cisco CCNP SWITCH 642 813 Cert Kit
    بواسطة saddiq في المنتدى الأرشيف
    مشاركات: 11
    آخر مشاركة: 12-05-2010, 22:55

الكلمات الدلالية لهذا الموضوع

المفضلات

ضوابط المشاركة

  • لا تستطيع إضافة مواضيع جديدة
  • لا تستطيع الرد على المواضيع
  • لا تستطيع إرفاق ملفات
  • لا تستطيع تعديل مشاركاتك
  •