Crash course (5 hours later: Take 2 Advil b4 entering.)

I think you may want to say no here... type en for enable and play a bit.

Maybe save the config once and reload to ensure things are ok...

?

DarbyWeaver wrote:

I think you may want to say no here... type en for enable and play a bit.

Maybe save the config once and reload to ensure things are ok...

?

I wasn't posting that to ask what I should do next. I was posting it to show that we finally got this damn thing running with an IOS.

This was an entertaining post, LOL

Hmmm, 2:21am...

Go watch the new episode of House I recorded earlier or plug in my new 2924 switch now...

House, headache, House, headache...hmmm...

seraphus wrote:

This was an entertaining post, LOL

We ain't done yet...still deciding between House or hell.

markzab wrote:

seraphus wrote:

This was an entertaining post, LOL

We ain't done yet...still deciding between House or hell.

Dude! Plug in the 2924!!!

I know but that PM you sent me - made me think it died on the table...

Then it was "ALIVE"...

Hah!!!

Steven Spielberg's got competition.

Something a little fishy with this one...

Thank god it's loading up and working but...

C2900XL Boot Loader (C2900-HBOOT-M) Version 11.2(8.1)SA6, MAINTENANCE INTERIM SO
FTWARE
Compiled Fri 14-May-99 17:42 by jchristy
starting...
Base ethernet MAC Address: 00:d0:ba:fc:a3:c0
Xmodem file system is available.
Initializing Flash...
flashfs[0]: 4 files, 1 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 3612672
flashfs[0]: Bytes used: 1821184
flashfs[0]: Bytes available: 1791488
flashfs[0]: flashfs fsck took 4 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
Loading "flash:c2900xl-c3h2s-mz.120-5.WC13.bin"...##############################
##################################################

File "flash:c2900xl-c3h2s-mz.120-5.WC13.bin" uncompressed and installed, entry p
oint: 0x3000
executing...

Initializing C2900XL flash...

flashfs[1]: 4 files, 1 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 3612672
flashfs[1]: Bytes used: 1821184
flashfs[1]: Bytes available: 1791488
flashfs[1]: flashfs fsck took 6 seconds.
flashfs[1]: Initialization complete.
...done Initializing C2900XL flash.
C2900XL POST: System Board Test: Passed
C2900XL POST: Daughter Card Test: Passed
C2900XL POST: CPU Buffer Test: Passed
C2900XL POST: CPU Notify RAM Test: Passed
C2900XL POST: CPU Interface Test: Passed
C2900XL POST: Testing Switch Core: Passed
C2900XL POST: Testing Buffer Table: Passed
C2900XL POST: Data Buffer Test: Passed
C2900XL POST: Configuring Switch Parameters: Passed

C2900XL POST: Ethernet Controller Test: Passed
C2900XL POST: MII Test: Passed
cisco WS-C2924M-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K byt
es of memory.
Processor board ID FAA0332L0AU, with hardware revision 0x03
Last reset from power-on

Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
24 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:D0:BA:FC:A3:C0
Motherboard assembly number: 73-3425-09
Power supply part number: 34-0920-01
Motherboard serial number: FAA03309NAF
Power supply serial number: PHI0324043K
Model revision number: A0
Model number: WS-C2924M-XL-EN
System serial number: FAA0332L0AU
Cannot open logging port to 138.23.10.42
Cannot open logging port to 138.23.10.15
Cannot open logging port to 138.23.10.17

Press RETURN to get started!

C2900XL INIT: Complete
*Feb 28 16:00:38: %SYS-5-CONFIG: Configured from NVRAM by console
*Feb 28 16:00:38: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC13, RELEASE SOFTWA
RE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Tue 20-Sep-05 10:47 by antonino

At that point right there I hit the RETURN and nothing happens at all. It sits there for about 20 seconds and then goes to...

User Access Verification

Password: (at which point even when I type anything in and hit enter, nothing happens)

It's almost like its going VERY slow, or not getting my key command input?

Of course it couldnt just friggin WORK!

EDIT: And then finally after a few PW timeouts it goes here...

cat2924lothb324-2 con0 is now available

Press RETURN to get started

And I can't do anything at all.

Paul Boz

I still can't crack the problem I'm having with a 2900xl and the bootloader being password protected. I can't install a copy of ios via tftp because bootloader is password protected, and I can't circumvent it at all. I'm keeping it for a rainy day at this point.

Paul Boz wrote:

I still can't crack the problem I'm having with a 2900xl and the bootloader being password protected. I can't install a copy of ios via tftp because bootloader is password protected, and I can't circumvent it at all. I'm keeping it for a rainy day at this point.

Do you get the same thing when you first boot up as I do above? If so I'm gonna find out where antonino (Compiled Tue 20-Sep-05 10:47 by antonino ) lives and beat the **** out of him.

mikej412

You can't get this kind of excitement with Boson!

mikej412 wrote:

You can't get this kind of excitement with Boson!

bastard

markzab wrote:

mikej412 wrote:

You can't get this kind of excitement with Boson!

bastard

Keep the party going!

Paul Boz

I swear, the 2900xl I've got problems with is such a turd. It doesn't have enough memory for 12.x ios so at this point I'm still fighting with it for the sake of completion

WTF, I've been staring at this for 5 minutes...

cat2924lothb324-2 con0 is now available

Press RETURN to get started.

I hit return and nothing happens...then 20 seconds later this comes up again...

User Access Verification

Password:

And I cant do anything.

Does this machine hyperterminal settings have to be set to something different than the norm???

I felt the original title to the thread needed a disclaimer after all of this...

markzab wrote:

I felt the original title to the thread needed a disclaimer after all of this...

That's what "hands on" is all about!

Nothing wrong with a "little" pain and suffering....

I just tried something out just like I did with the 2950. I rebooted the machine holding down the "mode" button and now I'm in the switch at this setting...

C2900XL Boot Loader (C2900-HBOOT-M) Version 11.2(8.1)SA6, MAINTENANCE INTERIM SOFTWARE
Compiled Fri 14-May-99 17:42 by jchristymands
starting...
Base ethernet MAC Address: 00:d0:ba:fc:a3:c0sionr image
Xmodem file system is available. Show mvr global parameters he

The system has been interrupted prior to ini
flash_init
load_helper
boot port

switch:

I can type normally here so it's not my connection to the switch. I think what I'm going to do is just delete the olf flash with a new one. Without opening the book to look, will that get rid of whatever config is on here? I have a feeling that this issues I'm having are because of the current set-up.

What do you guys think?

Ok, I'm gonna go watch house. I need a break.

EDIT: Good episode. Going to bed. If anyone has any input on the post above let me know. Thanks.

markzab wrote:

I just tried something out just like I did with the 2950. I rebooted the machine holding down the "mode" button and now I'm in the switch at this setting...

C2900XL Boot Loader (C2900-HBOOT-M) Version 11.2(8.1)SA6, MAINTENANCE INTERIM SOFTWARE
Compiled Fri 14-May-99 17:42 by jchristymands
starting...
Base ethernet MAC Address: 00:d0:ba:fc:a3:c0sionr image
Xmodem file system is available. Show mvr global parameters he

The system has been interrupted prior to ini
flash_init
load_helper
boot port

switch:

I can type normally here so it's not my connection to the switch. I think what I'm going to do is just delete the olf flash with a new one. Without opening the book to look, will that get rid of whatever config is on here? I have a feeling that this issues I'm having are because of the current set-up.

What do you guys think?

Sorry,

I bailed and got some Z's till my adoring study buddy - my maltese woke me up for a trip to the yard...

She gots needs too...

========================

OK - You know the drill you've been here before and you handled it like a pro.

Let's do it again and make come quick work out of this puppy.

Remember:

1. Flash_init

2. Load_Helper

3. Dir flash:

4. rename flash:config.text flash:config.old (I advise you do this and at least see what the old chap was up to.... I save everyone of them - sometimes I find nifty config ideas...)

5. type: boot <Enter>

6. It better come up correctly...

7. I would advise checking the config-register as well - Let me know what it is...

Later...

And I know by now you sleep like I do.

Hey -

Before anyone gets any ideas - I did not sell Mark these switches....

DarbyWeaver wrote:

Hey -

Before anyone gets any ideas - I did not sell Mark these switches....

LOL

Darthn3ss

ouch, souds like you'e had a crappy experience with switches so far.

i guess i was lucky enough to where all three of my (2924) switches just needed a quick password reset (via the method darby just posted)

I'd also email the seller and tell them that you need the password.

DarbyWeaver wrote:

markzab wrote:

I just tried something out just like I did with the 2950. I rebooted the machine holding down the "mode" button and now I'm in the switch at this setting...

C2900XL Boot Loader (C2900-HBOOT-M) Version 11.2(8.1)SA6, MAINTENANCE INTERIM SOFTWARE
Compiled Fri 14-May-99 17:42 by jchristymands
starting...
Base ethernet MAC Address: 00:d0:ba:fc:a3:c0sionr image
Xmodem file system is available. Show mvr global parameters he

The system has been interrupted prior to ini
flash_init
load_helper
boot port

switch:

I can type normally here so it's not my connection to the switch. I think what I'm going to do is just delete the olf flash with a new one. Without opening the book to look, will that get rid of whatever config is on here? I have a feeling that this issues I'm having are because of the current set-up.

What do you guys think?

Sorry,

I bailed and got some Z's till my adoring study buddy - my maltese woke me up for a trip to the yard...

She gots needs too...

========================

OK - You know the drill you've been here before and you handled it like a pro.

Let's do it again and make come quick work out of this puppy.

Remember:

1. Flash_init

2. Load_Helper

3. Dir flash:

4. rename flash:config.text flash:config.old (I advise you do this and at least see what the old chap was up to.... I save everyone of them - sometimes I find nifty config ideas...)

5. type: boot <Enter>

6. It better come up correctly...

7. I would advise checking the config-register as well - Let me know what it is...

Later...

And I know by now you sleep like I do.

Gentlemen, good morning...or should I say afternoon. See that's the difference between our sleep paterns Darby. I can stay up late as hell, but when I do, I'm sleeping late as hell the next day too.

But in regards to the above...you were correct and it's now working (what else is new).

I've got a couple easier questions now though. The first would be, if this was only a PW reset issue, what was the deal with not being able to type anything last night? I would think it would allow me to hit RETURN and then at least attempt passwords. I couldn't even get through that. And I don't know how to show you the config.old now. Remember, no TFTP yet so I can't move it. No way in hell I'm doing a reverse xmodem, NO WAY!

I don't even know if that's possible anyway.

And I havent seen this before and was just wondering what that is...

line con 0
password cisco
login
transport input none
stopbits 1

Some kind of switch mumbo-jumbo? Cause I don't think I've seen that on the console of a router before. "stopbits1" was there even before I enables a pw on that interface. The other line came up afterwards.

Gentlemen, good morning...or should I say afternoon. See that's the difference between our sleep paterns Darby. I can stay up late as hell, but when I do, I'm sleeping late as hell the next day too.

But in regards to the above...you were correct and it's now working (what else is new).

I've got a couple easier questions now though. The first would be, if this was only a PW reset issue, what was the deal with not being able to type anything last night? I would think it would allow me to hit RETURN and then at least attempt passwords. I couldn't even get through that. And I don't know how to show you the config.old now. Remember, no TFTP yet so I can't move it. No way in hell I'm doing a reverse xmodem, NO WAY! I don't even know if that's possible anyway.

And I havent seen this before and was just wondering what that is...

line con 0
password cisco
login
transport input none
stopbits 1

Some kind of switch mumbo-jumbo? Cause I don't think I've seen that on the console of a router before. "stopbits1" was there even before I enables a pw on that interface. The other line came up afterwards.

1. Transport input none - Hmmm.... in the console - I wonder why you could not type...

2. Type the command "more flash:config.old" and you will see the old config in all its glory.

So...

Get back on the horse and finish learning what you started...

Ok, here you go Darby...

This thing was no joke man. Looks like it may have been a University switch...

more flash:config.old
!
! Last configuration change at 08:13:07 PDT Thu Apr 20 2006 by nmcisco
! NVRAM config last updated at 08:13:12 PDT Thu Apr 20 2006 by nmcisco
!
version 12.0
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname cat2924lothb324-2
!
logging trap debugging
logging facility local2
logging 138.23.10.42
logging 138.23.10.15
logging 138.23.10.17
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
enable secret 5 $1$2Bof$e0d8P/ZBI9TBcIvXH2Jsi/
!
!
!
clock timezone PST -8
clock summer-time PDT recurring
!
ip subnet-zero
ip domain-name ucr.edu (University of some sort?)
ip name-server 138.23.226.101
ip name-server 138.23.201.101
vmps reconfirm 20
vmps server 138.23.61.50 primary
vmps server 138.23.61.52 (Never heard of VMPS.)
!
!
!
interface FastEthernet0/1
description UP cat2924lothb324-1 Fa0/1
duplex full
speed 100
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
no logging event link-status
switchport access vlan dynamic
spanning-tree portfast
!
(same config from fa0/2 through fa0/24)
!
interface FastEthernet0/24
no logging event link-status
switchport access vlan dynamic
spanning-tree portfast
!
interface VLAN1
no ip address
no ip directed-broadcast
no ip route-cache
shutdown (Is this saying that they shut down the administrative VLAN 1?)
!
interface VLAN60
ip address 138.23.60.41 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 138.23.60.1
no ip http server
access-list 2 permit 138.23.50.158
access-list 2 permit 138.23.69.163
access-list 2 permit 138.23.61.100
access-list 2 permit 138.23.225.0 0.0.0.255
access-list 2 permit 138.23.222.0 0.0.0.255
access-list 2 permit 138.23.226.0 0.0.0.255
access-list 2 permit 138.23.10.0 0.0.0.255
access-list 3 permit 138.23.50.158
access-list 3 permit 138.23.69.163
access-list 3 permit 138.23.61.32
access-list 3 permit 138.23.61.50
access-list 3 permit 138.23.61.52
access-list 3 permit 138.23.61.10
access-list 3 permit 138.23.61.100
access-list 3 permit 138.23.222.0 0.0.0.255
access-list 3 permit 138.23.226.0 0.0.0.255
access-list 3 permit 138.23.10.0 0.0.0.255
access-list 3 permit 138.23.2.0 0.0.0.255
snmp-server engineID local 00000009020000D0BAFCA3C0
snmp-server community MtndeW RO 3
snmp-server community public view v1default RO
snmp-server community $m0k1n RO 3
snmp-server community $ysc0-gr8 RW 3
snmp-server community ilikePIE RW 3
snmp-server location Lothian B324
snmp-server contact Network Operations
snmp-server chassis-id 0x10
snmp-server system-shutdown
snmp-server enable traps snmp authentication linkdown linkup coldstart
snmp-server enable traps vlan-membership
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps hsrp
snmp-server enable traps c2900
snmp-server enable traps vtp
snmp-server enable traps cluster
snmp-server host 138.23.10.15 trap public
tacacs-server host 138.23.1.100
tacacs-server host 138.23.226.20
tacacs-server host 138.23.201.98
tacacs-server attempts 5
tacacs-server timeout 10
tacacs-server host 138.23.1.100
tacacs-server host 138.23.226.20
tacacs-server host 138.23.201.98
tacacs-server attempts 5
tacacs-server timeout 10
tacacs-server key corstat64
rmon event 1 owner config
!
line con 0
transport input none (Yeah, I can see now why I couldn't do anything via the console. There wasn't even a pw set on it to begin with)
stopbits 1
line vty 0 4
access-class 2 in
password 7 005442554E161F0F3D24
line vty 5 15
access-class 2 in
password 7 005442554E161F0F3D24
!
ntp clock-period 22518325
ntp server 138.23.226.101
ntp server 138.23.201.101
end

So THAT's what a serious friggin config looks like.

markzab wrote:

Ok, here you go Darby...

This thing was no joke man. Looks like it may have been a University switch...

more flash:config.old
!
! Last configuration change at 08:13:07 PDT Thu Apr 20 2006 by nmcisco
! NVRAM config last updated at 08:13:12 PDT Thu Apr 20 2006 by nmcisco
!
version 12.0
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname cat2924lothb324-2
!
logging trap debugging
logging facility local2
logging 138.23.10.42
logging 138.23.10.15
logging 138.23.10.17
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
enable secret 5 $1$2Bof$e0d8P/ZBI9TBcIvXH2Jsi/
!
!
!
clock timezone PST -8
clock summer-time PDT recurring
!
ip subnet-zero
ip domain-name ucr.edu (University of some sort?)
ip name-server 138.23.226.101
ip name-server 138.23.201.101
vmps reconfirm 20
vmps server 138.23.61.50 primary
vmps server 138.23.61.52 (Never heard of VMPS.)
!
!
!
interface FastEthernet0/1
description UP cat2924lothb324-1 Fa0/1
duplex full
speed 100
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
no logging event link-status
switchport access vlan dynamic
spanning-tree portfast
!
(same config from fa0/2 through fa0/24)
!
interface FastEthernet0/24
no logging event link-status
switchport access vlan dynamic
spanning-tree portfast
!
interface VLAN1
no ip address
no ip directed-broadcast
no ip route-cache
shutdown (Is this saying that they shut down the administrative VLAN 1?)
!
interface VLAN60
ip address 138.23.60.41 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 138.23.60.1
no ip http server
access-list 2 permit 138.23.50.158
access-list 2 permit 138.23.69.163
access-list 2 permit 138.23.61.100
access-list 2 permit 138.23.225.0 0.0.0.255
access-list 2 permit 138.23.222.0 0.0.0.255
access-list 2 permit 138.23.226.0 0.0.0.255
access-list 2 permit 138.23.10.0 0.0.0.255
access-list 3 permit 138.23.50.158
access-list 3 permit 138.23.69.163
access-list 3 permit 138.23.61.32
access-list 3 permit 138.23.61.50
access-list 3 permit 138.23.61.52
access-list 3 permit 138.23.61.10
access-list 3 permit 138.23.61.100
access-list 3 permit 138.23.222.0 0.0.0.255
access-list 3 permit 138.23.226.0 0.0.0.255
access-list 3 permit 138.23.10.0 0.0.0.255
access-list 3 permit 138.23.2.0 0.0.0.255
snmp-server engineID local 00000009020000D0BAFCA3C0
snmp-server community MtndeW RO 3
snmp-server community public view v1default RO
snmp-server community $m0k1n RO 3
snmp-server community $ysc0-gr8 RW 3
snmp-server community ilikePIE RW 3
snmp-server location Lothian B324
snmp-server contact Network Operations
snmp-server chassis-id 0x10
snmp-server system-shutdown
snmp-server enable traps snmp authentication linkdown linkup coldstart
snmp-server enable traps vlan-membership
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps hsrp
snmp-server enable traps c2900
snmp-server enable traps vtp
snmp-server enable traps cluster
snmp-server host 138.23.10.15 trap public
tacacs-server host 138.23.1.100
tacacs-server host 138.23.226.20
tacacs-server host 138.23.201.98
tacacs-server attempts 5
tacacs-server timeout 10
tacacs-server host 138.23.1.100
tacacs-server host 138.23.226.20
tacacs-server host 138.23.201.98
tacacs-server attempts 5
tacacs-server timeout 10
tacacs-server key corstat64
rmon event 1 owner config
!
line con 0
transport input none (Yeah, I can see now why I couldn't do anything via the console. There wasn't even a pw set on it to begin with)
stopbits 1
line vty 0 4
access-class 2 in
password 7 005442554E161F0F3D24
line vty 5 15
access-class 2 in
password 7 005442554E161F0F3D24
!
ntp clock-period 22518325
ntp server 138.23.226.101
ntp server 138.23.201.101
end

So THAT's what a serious friggin config looks like.

PION.UCR.EDU to be exact

University of California - Riverside

PION - Probably from the physics department.

They probably have a Cisco ACS Server preforming TACAC+ and they are using Cisco VMPS to manage their VLANS.

The reason the console is disabled is because, quite frankly, they do not need it.

They have a local NTP Server with a Public IP Address...

The NTP Server is the DNS Server...

Probably Unix...

Yes VLAN 1 is not recommended actually in some schools of thought - so it is disabled.

The Admin uses an alias account to perform administration of his network - at least from Cisco Works aka nmcisco.

The admin loves mountain dew, pie and Cisco and either likes to smoke or like Carey... the actor...

Hmmm...

Now if we decrypt his passwords...

We might learn more...

However, they may be the SNMP Strings...

======================

This config is not as advanced as it could be, but then that may be why it is being replaced.

Hmmm....

Port Configuration does not seem to have been tweaked much or optimized... for that matter...

But it is not a bad config...

I just wonder why the NetOps guys did not wipe it... in the first place.

See my point?

I do not think much that they defined their network by explicitly allowing so many whole subnets in...

Almost defines their network...

Why bother performing recon, they did it for you...

Now it was good they have at least 3 Syslog Servers and 3 ACS Servers - they believe in redundancy...

Overall they are probably a well-run shop.

But I must wonder do they have a guru on-site or is this a one-time deal...

tech-airman

markzab wrote:

ip domain-name ucr.edu (University of some sort?)

ucr.edu refers to the "University of California - Riverside."

Source:

UCRiverside - http://www.ucr.edu