Solved

Cisco Catalyst CMS

Posted on 2004-04-26
11
1,297 Views
Last Modified: 2008-03-03
I recently picked up a project halfway through - in looking at the Win2K DHCP server leases at our remote location I saw one client that looked a bit different than the rest - I was not sure what it was so I port scanned it and found 80 was open on it - went to it via a browser and it turns out it is the Cisco 48 port catalyst switch at the location and I can access it and manage it via the CMS web gui - when i try to telnet to it, it tells me that is enabled but no password is set - I have a few issues here:

1.  All of our switches are set up in unmanaged mode, except our GBIC aggregator as it does all the Vlans - since this is a remote site might it be a good idea to leave in managed mode?

2.  Which is recommended - using the CMS or the command line?  I am much more familiar with the command line.

3.  How would I set a password via CMS so I can now telnet to the switch and use command line?

4.  It concerns me that this switch is somehow getting an IP via DHCP - I would prefer it to be static.  How can I tell which port / interface on the switch is getting the IP via DHCP in the CMS?

5.  Is there anything above that I must be on site to do?  As I stated before this is a remote location with no IT staff.
0
Comment
Question by:mrsmileyns
  • 6
  • 4
11 Comments
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 125 total points
ID: 10920835
What is the model of the switch?

1. I would allow for remote management since it is a remote site. Otherwise you would need a terminal server to perform any managemnet remotely.

2. Command line. In fact, I usually disable the http server altogether.

3. Depends somewhat on the model of switch. But if it's an IOS platform:

Switch#config term
Switch(config)# line vty 0 4
Switch(config-line)# password <string>
Switch(config-line)# login
Switch(config-line)# end

4. Depending on the model and management VLAN, but assuming an IOS box and VLAN1, then:

Switch#config term
Switch(config)# int VLAN 1
Switch(config-if)# ip address 192.168.1.1 255.255.255.0
Switch(config-if)# end

5. If the telnet (VTY) password is not set, that will have to be set on-site. You could alway walk someone through it over the phone. That's alway exciting! :-)

-Don
0
 

Author Comment

by:mrsmileyns
ID: 10920918
lets say...walking someone through setting the passwd over the phone is not an option - it really isn't in this case - there is no machine there to console in with etc.

so, that leaves me with the cms until i can go to florida  :)  how can i figure out which port is getting the IP dynamic and can i set it static in the cms?  do i want to bother?
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10921020
What level of access do you have when you log into the switch? If you go to "web console" can you get yourself  to level 15 (enable mode)? You'll need to know the enable password, if there is one, and enter it with no user name. If you get into level 15, click on "configure" and then you can type in any command you want and set up a vty password.

I prefer CLI as well. The switches do DHCP by default if you haven't configured an address for them. So it probably got it off the local LAN. I turn off http server on all of our devices because it's just another open port to worry about.

I don't know what you mean by "managed." Do you mean SNMP managed? We manage everything via SNMP. In fact, on a router you can configure it with the snmp write string and a tool called snmpset. But it doesn't work on 3500 switches because they lack the MIBs to do it.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10921048
Oh... I don't think it matters which port is getting DHCP. The switch will be listening on all ports that are on the same VLAN as its management VLAN (1 by default). Just make it static once you get access.
0
 

Author Comment

by:mrsmileyns
ID: 10921063
ah - when i login as level 15 i can do it - thanks

what i mean is...i have never logged in to the other cisco switches on the network - i don't know the IP's for them - I am not sure if they even have any - they are set up like - "switch hubs"  pardon the term i am using - maybe they are not being used to their full functionality - i didn't set them up
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:mrsmileyns
ID: 10921109
i am logged into this switch via cms as level 15...but it is not like normal CLI - I am not sure how to set the vty telnet password - any ideas?
0
 

Author Comment

by:mrsmileyns
ID: 10921141
oh...it is a catalyst 3550 48 port
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 125 total points
ID: 10921200
Do you have the option to "configure?" I tried this earlier with Explorer on a 3548, they should be about the same. Go to
http://[your switch]/level/15/configure/-/line/vty/0/15

This will configure vty lines 0-15. You should have the whole list of vty line commands.
0
 

Author Comment

by:mrsmileyns
ID: 10921343
ok - i can now log in...but i cannot enable  -  command line states no password set and i can't seem to get one set - never encountered this on routers i have worked with - any ideas?  it's probably easy and i feel like a dope...but oh well
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10921566
Go back to http://[your switch]/level/15/configure and set your enable password from there.
0
 

Author Comment

by:mrsmileyns
ID: 10921616
you are a very nice man - thank you - all set up now with full CLI access  :)  thanks guys
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now