I have a Cisco Catalyst 2940 and want to connect to it via the network. How to find its IP address?

Since my computer has not serial port, the serial cable is of no help. Does the Catalyst 2940 acquire an address via DHCP? At least my DHCP server doesn't show any address which has been requested recently.

Maybe the Catalyst has to be reset first? I bought it second hand, so I don't know how it is configured right now.

I am a total newbie to Cisco products.


Word to the wise, don't connect a second hand switch to your production network before you wipe and/or re-configure it. Doing so can cause you MAJOR headaches if your network happens to use VTP. Without getting into the gritty details, connecting it could wipe or modify the VTP database used on your network (holding list of VLANs}, and basically cause your network to stop working.

And to answer your question, exactly as ewwhite said. You can get a usb-serial cable and console in that way. If you don't know the current password you can hold the mode button at boot to enter rommon mode and either wipe the config or change the password.


First you should probably know about tab completion and the '?' key for online help in IOS.

If I'd inherited a new Catalyst, I'd...

  1. Google "Password Recovery Catalyst 2900"

  2. Connect a Light-Blue Cisco console cable to it. You can make your own, but you'll still need a USB to serial adapter, they're $15 to $20 or so.

  3. Follow the instructions to reset the password. All of them.

  4. Login, and since I intend to reset it anyway, type this:

     en
     wr mem
     reload
    

    That is, enable (become a superuser), write (the configuration to) memory, and reload (reboot). "wr mem" is an old shortcut to the more formal "copy running-config startup-config." (If I was already logged in to a configured switch, I could use "write erase" but in this particular example, we've used Password Recovery to skip the startup-config anyway, so we're saving a blank config instead of erasing a valid config.)

  5. Then, to bring it online in a barebones fashion,

     en
     conf t
     service password-encryption
     enable secret cisco
     hostname myNewSwitch
     line vty 0 4
     pass cisco
     int vlan 1
     ip addr 172.31.1.1 255.255.255.0
     desc management interface
     no shut
     exit
     wr mem
     sh runn
    

    Here we enable, enter configuration mode from the terminal, enable simple password encryption, set the password for enable mode, give it a hostname, enter the remote VTY configuration (you may have more than five, beware), set the password for telnet/ssh, assign an IP address to the virtual interface for VLAN 1, give it a description, make sure it's not shut down, exit configuration mode, save the config, and then use "show running-config" to examine our changes. Now you can hopefully "telnet 172.31.1.1" if your machine is on that same subnet.

  6. You may want to add basic security to the interface; this access-control-list will only allow the local subnet to connect.

     access-list 100 remark vty
     access-list 100 permit tcp 172.31.1.0 0.0.0.255 host 0.0.0.0 range 22 telnet log-input
     access-list 100 deny ip any any log-input
     line vty 0 4
     access-class 100 in
    
  7. Everyone wants SNMP, let's add that quickly too. We'll pretend 172.31.1.161 is your Zabbix server and your community is statistics2:

     access-list 61 permit 172.31.1.161
     access-list 61 deny   any log
     snmp-server community statistics2 RO 61
    
  8. Actually, it's simple to add a username to the vty password, let's do that too

     aaa new-model
     username root privilege 15 password cisco
    
  9. Other useful commands:

      ip name-server 4.2.2.4
      ip domain-name example.com
      ip ssh version 2
      clock timezone UTC
      service timestamps log datetime
      spanning-tree mode pvst !or rpvst, or...
      spanning-tree uplinkfast
      spanning-tree backbone fast
      sh int vlan1
      sh ip int brief
    

And so that's a start, notably missing a default route/gateway. Please don't use "cisco" as your password, and please research VLANs. Others have made good suggestions, make use of their advice.