Rack of Ethernet switches.

How to Program Cisco and 3Com Ethernet Switches

Ethernet Switch Programming

Configuring a Cisco Catalyst 2900/3500/3550 XL switch

If the switch does not ask you about continuing with the initial configuration dialog, you must reset it to factory defaults. If the enable password is not set you can do the following. If an unknown enable password is set, then you will need to reset the password.

switch> enable 
switch#erase startup-config

Verify that it worked:

switch#show startup-config 
%% Non-volatile configuration memory is not present

Then power cycle the switch.

If you cannot get into enable mode without a password, see the section explaining how to break in on the console and reset the password.

To enter a new configuration:

  1. Enter Y at the first prompt:
    Continue with configuration dialog? [yes/no]: y
  2. Enter the switch IP address:
    Enter IP address: XXX.XXX.XXX.XXX
  3. Enter the subnet mask:
    Enter IP netmask: XXX.XXX.XXX.XXX
  4. Press <enter> to enter a default gateway:
    Would you like to enter a default gateway address? [yes]:
  5. Enter the IP address of the default gateway:
    IP address of the default gateway: XXX.XXX.XXX.XXX
  6. Enter the fully-qualified hostname for the switch:
    Enter a host name: [Switch] switchname.example.com
  7. Enter the enable secret password:
    Enter enable secret: your password here
  8. Press enter if you want a Telnet password:
    Would you like to configure a Telnet password? [yes]:
  9. Enter the Telnet password:
    Enter Telnet secret: your password here
  10. Enter no unless you really want to enable this as a cluster command switch:
    Would you like to enable as a cluster command switch? yes/no]:no
  11. It will show the initial configuration. Type yes if you got it all right, or no to re-do it.
  12. Now you need to fix the default SNMP settings, plus possibly more. Start by pressing enter to get a prompt.
  13. Get into enable mode:
    switch>enable
  14. Get into configuration mode:
    switch#configure terminal
    Note that you only need to type conf t, or you can type conf and press <tab> and then type t and press <tab> to get the IOS to auto-complete.
  15. If you want to support SNMP read-only access, set a password which is not the well-known default:
    switch(c)#snmp-server community new-snmp-password RO
  16. Definitely disable the well-known default SNMP passwords (community strings):
    switch(c)#no snmp-server community private RW
    switch(c)#no snmp-server community public RO
  17. You probably want to turn off Cisco Discovery Protocol:
    switch(c)#no cdp run
  18. When you are done making configuration changes, exit the configuration:
    switch(c)#end
    00:03:18: %SYS-5-CONFIG_I: Configured from console by console
  19. Verify that the configuration looks right:
    switch#show running-config
  20. If all looks good, save the configuration:
    switch#copy running-config startup-config

To erase an existing configuration

Get into enable mode and erase the startup configuration:

switch>enable
switch#erase startup-config

Verify that it worked:

switch#show startup-config
%% Non-volatile configuration memory is not present
Rack of Cisco Ethernet switches
Cisco Catalyst XL 2924 Ethernet switch.

Cisco Catalyst 2924 XL Ethernet switch.

Configuring a 3Com Superstack II 3000 switch

If you cannot get in with the below password, see the password recovery procedure below.

To enter a new configuration:

  1. Hit enter twice to get startup screen
  2. Login:
    Username: security
    Password: security
  3. Select SWITCH MANAGEMENT to do initial management:
    1. Hit space bar to select a Management Level of Unit
    2. Tab to SETUP and hit enter
    3. At the sysName field, type in the fully-qualified host name — like switchname.example.com
    4. Select OK and hit enter
    5. If a TX module is installed:
      1. Hit space bar to select Port
      2. Type the module number at the Port ID prompt
      3. Tab to SETUP and hit enter
      4. Set Speed/Duplex Mode to 100Mbps Full Duplex
      5. Select OK and hit enter
    6. Tab to Cancel and hit enter
  4. Select USER ACCESS LEVELS to configure the password and SNMP:
    1. Select LOCAL SECURITY
    2. Using the space bar, Disable everything except the Security column and Monitor Community SNMP settings. The result should look like this:
                      Monitor    Secure     Manager    Specialist Security
                                 Monitor
      Console port    disabled   disabled   disabled   disabled   enabled
      Remote Telnet   disabled   disabled   disabled   disabled   enabled
      Community-SNMP  enabled    disabled   disabled   disabled   enabled
      
    3. Select OK, hit enter
    4. Select EDIT USER
    5. Type the old password: security
    6. Type the new password at both New Password and Confirm Password
    7. Type the community string at Community String
    8. Select OK and hit enter
    9. Select MAIN MENU
  5. Select MANAGEMENT SETUP to configure the IP networking
    1. Enter the IP address at Device IP Address
    2. Enter the subnet mask at Device SubNet Mask
    3. Enter the default router's IP address at Default Router
    4. Disable BOOTP by using the space bar as needed at BOOTP Select
    5. Disable SLIP by setting SLIP Address and SLIP SubNet Mask to 0.0.0.0
    6. Disable all IPX parameters by changing the IPX Status column to all Disabled
    7. Return to the main menu by selecting OK.
  6. Select LOGOFF
  7. Label the device with name and IP address

To erase an existing configuration

  1. Login using security and the current password
  2. Select INITIALIZE. This will reset the switch to factory settings and reboot the switch. Wait until the switch completely reboots before unplugging it.

Switch configuration troubleshooting

Breaking in on the console (if needed)

Cisco Catalyst 2900/3500/3550 XL

As per Cisco's page:

  1. Unplug the switch.
  2. Press the Mode button (left side of front panel) and keep it depressed.
  3. Reconnect power.
  4. When the LED above Port 1x goes out, release the Mode button.
  5. Issue the flash_init command:
    switch: flash_init
    Initializing flash...
    (output deleted...)
  6. Issue the load_helper command:
    switch: load_helper
  7. Issue the dir flash: command (don't omit the colon):
    switch: dir flash:
  8. You should see the configuration file listed as config.text. Rename it:
    switch: rename flash:config.text flash:config.old
  9. Boot the switch with an empty configuration (that is, no config.text):
    switch: boot
    Loading "flash:c2900xl-c3h2s-mz.120-5.WC7.bin"...########
    (output deleted...)
  10. The switch should now present you with the initial configuration dialog. You are ready to configure the switch.

3Com SuperStack II 3000

Enter recover as login name and password. Then perform a "hard reset" by power cycling it within 30 seconds. It will reboot into password recovery mode and you can enter a new administrative password.

Some backdoors may exist, depending on firmware level. Try a login of 3comcso and one of these passwords:

Or, you could try re-flashing the firmware:

  1. Get the firmware from some page like this: http://www.3com.com/products/en_US/result.jsp?selected=6&sort=effdt&sku=3C16900A&order=desc
  2. Put the firmware on a TFTP server
  3. Press the switch reset button for 2 seconds, wait until the Management link light flashes three times, then press reset again for 1 second. You should see a prompt. (If this doesn't work, try waiting three seconds instead of waiting for three flashes)
  4. Issue these commands, changing the firmware file name as needed and supplying the IP address of the TFTP server:
    F ls3k3_23.six
    B TFTP-IP-Address
    (If this doesn't work, you may need to specify the factory-default password "RIP 000" between the F and B commands)
  5. If successful, a login of admin with an empty password should work. But if unsuccessful, you may render the switch unusable...

An alternative is to plug the switch into a managed stack and then reset the passwords for the entire stack.

Hardware setup

Connect to the console port

If you have a serial port, connect that to the switch. If you only have USB ports, use a USB-to-serial adaptor. Device names will be:

Serial Mac serial0
Linux /dev/ttyS0
BSD /dev/ttyC0
USB-to-Serial Mac usbserial0
Linux /dev/usb/ttyUSB0
BSD /dev/ttyU0

Install a terminal emulator (if needed)

Mac ZTerm
Linux, BSD minicom

Set the serial port:

9600 baud, 8 bits of data, no parity, 1 stop bit ("8-N-1"), hardware flow control.

Hardware debugging (if needed)

Expect to see some recognition of the USB-to-serial device. The dmesg command should show something like this:

uplcom0 at uhub0 port 2
uplcom0: Prolific Technology Inc. USB-Serial Controller, rev 1.10/3.00, addr 2
ucom0 at uplcom0 

You may need to configure the serial port to keep the switch happy. If the USB port puts the serial port into an odd state, the Cisco switch will not complete booting with a faulted console port. With minicom run minicom -s, set up the serial port, and tell minicom to initialize the port.


Other Pages