I have a Cisco Catalyst 2940 and want to connect to it via the network. How to find its IP address?
Since my computer has not serial port, the serial cable is of no help. Does the Catalyst 2940 acquire an address via DHCP? At least my DHCP server doesn't show any address which has been requested recently.
Maybe the Catalyst has to be reset first? I bought it second hand, so I don't know how it is configured right now.
I am a total newbie to Cisco products.
Word to the wise, don't connect a second hand switch to your production network before you wipe and/or re-configure it. Doing so can cause you MAJOR headaches if your network happens to use VTP. Without getting into the gritty details, connecting it could wipe or modify the VTP database used on your network (holding list of VLANs}, and basically cause your network to stop working.
And to answer your question, exactly as ewwhite said. You can get a usb-serial cable and console in that way. If you don't know the current password you can hold the mode button at boot to enter rommon mode and either wipe the config or change the password.
First you should probably know about tab completion and the '?' key for online help in IOS.
If I'd inherited a new Catalyst, I'd...
Google "Password Recovery Catalyst 2900"
Connect a Light-Blue Cisco console cable to it. You can make your own, but you'll still need a USB to serial adapter, they're $15 to $20 or so.
Follow the instructions to reset the password. All of them.
-
Login, and since I intend to reset it anyway, type this:
en wr mem reloadThat is, enable (become a superuser), write (the configuration to) memory, and reload (reboot). "wr mem" is an old shortcut to the more formal "copy running-config startup-config." (If I was already logged in to a configured switch, I could use "write erase" but in this particular example, we've used Password Recovery to skip the startup-config anyway, so we're saving a blank config instead of erasing a valid config.)
-
Then, to bring it online in a barebones fashion,
en conf t service password-encryption enable secret cisco hostname myNewSwitch line vty 0 4 pass cisco int vlan 1 ip addr 172.31.1.1 255.255.255.0 desc management interface no shut exit wr mem sh runnHere we enable, enter configuration mode from the terminal, enable simple password encryption, set the password for enable mode, give it a hostname, enter the remote VTY configuration (you may have more than five, beware), set the password for telnet/ssh, assign an IP address to the virtual interface for VLAN 1, give it a description, make sure it's not shut down, exit configuration mode, save the config, and then use "show running-config" to examine our changes. Now you can hopefully "telnet 172.31.1.1" if your machine is on that same subnet.
-
You may want to add basic security to the interface; this access-control-list will only allow the local subnet to connect.
access-list 100 remark vty access-list 100 permit tcp 172.31.1.0 0.0.0.255 host 0.0.0.0 range 22 telnet log-input access-list 100 deny ip any any log-input line vty 0 4 access-class 100 in -
Everyone wants SNMP, let's add that quickly too. We'll pretend 172.31.1.161 is your Zabbix server and your community is statistics2:
access-list 61 permit 172.31.1.161 access-list 61 deny any log snmp-server community statistics2 RO 61 -
Actually, it's simple to add a username to the vty password, let's do that too
aaa new-model username root privilege 15 password cisco -
Other useful commands:
ip name-server 4.2.2.4 ip domain-name example.com ip ssh version 2 clock timezone UTC service timestamps log datetime spanning-tree mode pvst !or rpvst, or... spanning-tree uplinkfast spanning-tree backbone fast sh int vlan1 sh ip int brief
And so that's a start, notably missing a default route/gateway. Please don't use "cisco" as your password, and please research VLANs. Others have made good suggestions, make use of their advice.