mrsmileyns
asked on
Cisco Catalyst CMS
I recently picked up a project halfway through - in looking at the Win2K DHCP server leases at our remote location I saw one client that looked a bit different than the rest - I was not sure what it was so I port scanned it and found 80 was open on it - went to it via a browser and it turns out it is the Cisco 48 port catalyst switch at the location and I can access it and manage it via the CMS web gui - when i try to telnet to it, it tells me that is enabled but no password is set - I have a few issues here:
1. All of our switches are set up in unmanaged mode, except our GBIC aggregator as it does all the Vlans - since this is a remote site might it be a good idea to leave in managed mode?
2. Which is recommended - using the CMS or the command line? I am much more familiar with the command line.
3. How would I set a password via CMS so I can now telnet to the switch and use command line?
4. It concerns me that this switch is somehow getting an IP via DHCP - I would prefer it to be static. How can I tell which port / interface on the switch is getting the IP via DHCP in the CMS?
5. Is there anything above that I must be on site to do? As I stated before this is a remote location with no IT staff.
1. All of our switches are set up in unmanaged mode, except our GBIC aggregator as it does all the Vlans - since this is a remote site might it be a good idea to leave in managed mode?
2. Which is recommended - using the CMS or the command line? I am much more familiar with the command line.
3. How would I set a password via CMS so I can now telnet to the switch and use command line?
4. It concerns me that this switch is somehow getting an IP via DHCP - I would prefer it to be static. How can I tell which port / interface on the switch is getting the IP via DHCP in the CMS?
5. Is there anything above that I must be on site to do? As I stated before this is a remote location with no IT staff.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What level of access do you have when you log into the switch? If you go to "web console" can you get yourself to level 15 (enable mode)? You'll need to know the enable password, if there is one, and enter it with no user name. If you get into level 15, click on "configure" and then you can type in any command you want and set up a vty password.
I prefer CLI as well. The switches do DHCP by default if you haven't configured an address for them. So it probably got it off the local LAN. I turn off http server on all of our devices because it's just another open port to worry about.
I don't know what you mean by "managed." Do you mean SNMP managed? We manage everything via SNMP. In fact, on a router you can configure it with the snmp write string and a tool called snmpset. But it doesn't work on 3500 switches because they lack the MIBs to do it.
I prefer CLI as well. The switches do DHCP by default if you haven't configured an address for them. So it probably got it off the local LAN. I turn off http server on all of our devices because it's just another open port to worry about.
I don't know what you mean by "managed." Do you mean SNMP managed? We manage everything via SNMP. In fact, on a router you can configure it with the snmp write string and a tool called snmpset. But it doesn't work on 3500 switches because they lack the MIBs to do it.
Oh... I don't think it matters which port is getting DHCP. The switch will be listening on all ports that are on the same VLAN as its management VLAN (1 by default). Just make it static once you get access.
ASKER
ah - when i login as level 15 i can do it - thanks
what i mean is...i have never logged in to the other cisco switches on the network - i don't know the IP's for them - I am not sure if they even have any - they are set up like - "switch hubs" pardon the term i am using - maybe they are not being used to their full functionality - i didn't set them up
what i mean is...i have never logged in to the other cisco switches on the network - i don't know the IP's for them - I am not sure if they even have any - they are set up like - "switch hubs" pardon the term i am using - maybe they are not being used to their full functionality - i didn't set them up
ASKER
i am logged into this switch via cms as level 15...but it is not like normal CLI - I am not sure how to set the vty telnet password - any ideas?
ASKER
oh...it is a catalyst 3550 48 port
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok - i can now log in...but i cannot enable - command line states no password set and i can't seem to get one set - never encountered this on routers i have worked with - any ideas? it's probably easy and i feel like a dope...but oh well
Go back to http://[your switch]/level/15/configure
ASKER
you are a very nice man - thank you - all set up now with full CLI access :) thanks guys
ASKER
so, that leaves me with the cms until i can go to florida :) how can i figure out which port is getting the IP dynamic and can i set it static in the cms? do i want to bother?