BASIC CHEATSHEET

TO CISCO CATOS

by nrozs
CATOS

I would like to introduce an old CLI solution to you.

This is a great and powerful CLI but we are not so

familiar with it. It is pretty old but we have a lot of
devices using this solution. We should deal with these
devices, however, it is EOL @2013.01.27.
CATOS

We will go through some configuration steps how to do

things in this world can comparing the steps to the IOS
world what we know better.

Okay, let’s start!

To see the config -- show config

To see the config of a module -- show config <mod>
To see ALL config (even defaults) -- show config all
 Some show commands

CatOS IOS
2900/4000/5000/6000 2900XL/3500XL

show cdp neighbors >show cdp neighbors

show module >show module

show version >show version

show config -or- #show config/show start

write terminal

show arp >show arp

show cam dynamic #show mac-address-table

show port #show interfaces

#show interface status

show port counters

show counters <mod | mod/port>

show ip dns

show netstat

show snmp

show mac-address-table address 00:04:dd:b6:5c:c2

CATOS

Similar, isn’t it?

Okay, let’s see some system and interface configuratons:

CatOS IOS
2900/4000/5000/6000 2900XL/3500XL

set password (config)#line console 0

(config-line)#password donna

set enablepass (config)#enable password donna

set system name sw2900

set prompt sw2900 (config)#hostname sw3512xl

set time monday 11/25/02 07:00:00

#clock set 07:00:00 25 nov 02

set interface sc0 1 <IP> <netmask>

(config)#interface vlan1
(config-if)#ip address <IP> <mask>

show interface #show interface vlan1

set port name 1/1 hosta (config)#interface fa0/1
(config-if)#description fa0/1 hosta

set port speed 2/4-5 10 (config)#interface range fa0/4 – 5

set port speed 2/3 100 (config-if)#speed 10
(config-if)#speed 100

set port duplex 1/1 full (config-if)#duplex full

Set port disable 1/1 (config-if)#shut

set port enable 1/1 (config-if)#no shut

set port qos 8/1 trust trust-cos/trust-dscp

show port #show interfaces

show port status #show interface status
#show ip interface brief

set module enable 2 #hw-module start 2

set module disable 2 #hw-module stop 2

show module #show module

set trunk <mod/port> on dot1q <vlan-nums>

set trunk 1/1-2 on (config)#interface fa x/y
(config-if)#switchport mode trunk

show trunk #sh interfaces trunk

#show interface fa x/y switchport
set vlan <vlan-id> <mod/port> int <intf type> <mod/port>
switchport mode access
switchport access vlan <vlan-id>

Port securty

set port security mod#/port# enable mac-addr

(config)#interface fa0/1
(config-if)switchport mode access
(config-if)switchport port-security mac-address mac-addr
(config-if)switchport port-security

set port security mod# / port# maximum value

(config-if)switchport port-security maximum value

set port security mod#/port# violation ?

(config-if)switchport port-security violation ?

(config-if)end
show port security #show port-security ?

clear port security mod#/port# ?

(config-if)no switchport port-security
 Spanning tree

set spantree portfast 2/4-5 enable (config)#interface rangfe fa2/4 - 5

(config-if)#spanning-tree portfast

show spantree 1 #show spanning-tree vlan 1

show port spantree 2/4 #show spanning-tree interface fa0/1
#show spanning-tree

set spantree portfast bpdu-guard enable

(config)#spanning-tree portfast bpduguard

show spantree summary #show spanning-tree summary totals

set spantree priority 100 1 (primary) (config)#spanning-tree priority 100

set spantree priority 200 1 (backup) (config)#spanning-tree priority 200
set spantree root (macro)
 Logging and management commands

set logging timestamp enable (config)#service timestamps log ?

(config)#service timestamps debug ?

set logging console disable (config)#no logging console

set logging server 192.168.5.17 (config)#logging 192.168.5.17

set logging level all 7 (config)#logging ?

show logging ? >show logging ?

set trace ? #debug

show trace #show debug

show history >history

set span 1/1 2/5 both inpkts

(config)#interface fa0/12
(config-if)#port monitor (monitors all ports to fa0/12)
(config-if)#port monitor fa0/2 (monitors port 2 to port 12)

show span #show port monitor

#show monitor
 SNMP and RMON

set system contact X Y Z 123 (config)#snmp-server contact X Y Z 123

set system location Chicago (config)#snmp-server location Chicago

set snmp community read-only public (config)#snmp-server community public ro

set snmp trap 192.168.5.101 public (config)#snmp-server host 192.168.5.101

public

set snmp trap enable (config)#snmp enable traps snmp

show snmp #show snmp

set snmp rmon enable (config)#rmon ?

>show rmon statistics

 Configuration management

Automatic #copy run start / wr mem (save config)

write 192.168.5.101 catos.cfg #copy run tftp/wr net

configure 192.168.5.101 catos.cfg #copy tftp run/config net

Operating system management

copy flash tftp #copy flash:catios.bin tftp:

upload 192.168.5.101 catos.bin

copy tftp flash #copy tftp://<ip>/newios.bin flash:newios.bin

download 192.168.5.101 catos.bin

reset system #reload

 VLANs and VTP

#vlan database

set vtp domain donna (vlan)#vtp domain donna

vlan 2 name <name> type <ethernet>

(vlan)#vlan 2 name <name> type <ethernet>

set vtp mode transparent (vlan)#vtp transparent

show vlan (vlan)#show

clear vlan 2 (vlan)#no vlan 2 name eng media ethernet

show vtp domain #show vtp status

 L2 Channel configuration
CatOS

!--- Ports are assigned to admin-group 200. Administrative groups

!--- specify which ports can form an EtherChannel together.
!--- An administrative group can contain a maximum of eight ports. This
!--- admin-group assignment happens automatically with the configuration of
!--- the port channel. You can also assign it manually, as done in this
!--- example. However, you do not need to assign the admin-group manually.
!--- Let the switch create the admin-group automatically.
!--- Note: This configuration sets ports 4/1 through 4/4
!--- for port channel, but only configures ports 4/1-2. This is
!--- normal behavior. You can use ports 4/3 and 4/4 for any other purpose.

set port channel 4/1-4 200

!--- Default port status is enable

!--- This enables port channeling with PAgP
!--- and configures desirable silent mode.
set port channel 4/1-2 mode desirable silent

!--- To set channelprotocol use:

set channelprotocol lacp 2 -or-
set trunk 2/1 desirable dot1q -or-
set port channel 2/19-20 mode desirable -- PaGP

!--- To see the channel status issue

 L2 Channel configuration
CatOS

Example of an LACP channel config:

IOS CATOS
set port enable 4/29
interface Port-channel 20 set port enable 6/29
description ** vio5.1 Unix-Server-LAN-20 ** set port name 4/29 vio5.1-u2a
switchport
set port name 6/29 vio5.1-u2b
switchport access vlan 250
!
switchport mode access
!
! One cannot set description
! ! for the channel!
interface GigabitEthernet4/29 !
description vio5.1-u2a set vlan 250 4/29,6/29
switchport access vlan 250 !
switchport mode access set channelprotocol lacp 4
channel-protocol lacp set channelprotocol lacp 6
channel-group 20 mode active set port lacp-channel 4/29,6/29 20
!
set port lacp-channel 4/29,6/29 mode
! active
interface GigabitEthernet6/29
description vio5.1-u2b
switchport access vlan 250
switchport mode access
channel-protocol lacp
channel-group 20 mode active
 L2 Channel configuration
IOS
interface port-channel1
no ip address
switchport
!--- This command puts the interface in VLAN1, by default.
switchport mode access
!
interface FastEthernet6/1
no ip address
switchport
switchport mode access
!--- The port is a member of channel group 1 with autonegotiation
!--- that uses PAgP and silent mode.
channel-group 1 mode desirable
!
interface FastEthernet6/2
no ip address
switchport
switchport mode access
channel-group 1 mode desirable
!
!--- On the Catalyst 6500/6000, you must issue the switchport command once,
!--- without any keywords, to configure the interface as an L2 port.
!--- By default, all the ports are router ports (L3 ports).
!--- On a Catalyst 4500/4000 switch, all ports are L2 ports by default.
!
!--- To see the channel status issue
show etherchannel summary
 Verifying the config: PaGP

cat5500 (enable) show port channel

Port Status Channel Admin Ch
Mode Group Id
----- ---------- -------------------- ----- -----
4/1 connected desirable silent 200 865
4/2 connected desirable silent 200 865
----- ---------- -------------------- ----- -----

Port Device-ID Port-ID Platform

----- ------------------------------- ------------------------- ----------------
4/1 Switch Fa6/1 cisco Catalyst 6000
4/2 Switch Fa6/2 cisco Catalyst 6000
----- ------------------------------- ------------------------- ----------------
cat5500 (enable)
 Verifying the config: LACP

• show port lacp-channel—Displays information about LACP channels by port or module

number. Verify that the desired ports appear and the ports that are supposed to be in a
channel have the same Admin Key and desired channel mode.
• show lacp-channel mac—Displays MAC information about the LACP channel. Verify that the
channel is transmitting and receiving traffic by running the command multiple times and
verifying that the counters increment.

CatOSSwitch (enable) show port lacp-channel

Port Admin Channel LACP Port Ch Partner Oper Partner
key Mode Priority id Sys ID Port
------ ----- ------- --------- ---- -------------------------------- -------
3/33 73 passive 128 849 32768:00-50-0f-2d-40-00 65
3/34 73 passive 128 849 32768:00-50-0f-2d-40-00 1

CatOSSwitch (enable) show lacp-channel mac

Channel Rcv-Unicast Rcv-Multicast Rcv-Broadcast
-------- -------------------- -------------------- --------------------
769 143 65846 33
Channel Xmit-Unicast Xmit-Multicast Xmit-Broadcast
-------- -------------------- -------------------- --------------------
769 159 20763 123

Channel Rcv-Octet Xmit-Octet

-------- -------------------- --------------------
769 5427372 2486321

Channel Dely-Exced MTU-Exced In-Discard Lrn-Discrd In-Lost Out-Lost

-------- ---------- ---------- ---------- ---------- ---------- ----------
 Set VMPS servers

set vmps server 192.168.245.40

set vmps server 192.168.245.19 primary
set vmps server 192.168.245.18

# Remove a VMPS server & show status

clear vmps server 192.168.245.19
show vmps

# Lets make a port dynamic & ask the switch to re-authenticate all dyn ports,
# i.e. use VMPS
set port membership 2/36 dynamic
reconfirm vmps

# To switch a port back to static Vlan (if you had problems)

set port membership 2/36 static

# To verify port
show port status 2/36

# to disable/enable port (simulate cable being removed)

set port disable 2/36
set port enable 2/36

# The switch tries to contact a server 3 times by default, before stopping.

# This value can be programmed on the switch (to a maximum of 10):
set vmps server retry 5

# The switch reconfirms by default every 60 minutes, set it to 120:

 Setup SSH

set crypto key rsa 1024

show crypto key
set ip permit <IP-addr> <netmask> ssh - add an IP permit
set ip permit enable ssh
show ip permit

Upgrade CatOS

copy tftp bootflash:

clear boot system all
dir bootflash: (find the filename we want)
set boot system flash bootflash:<filename>
set boot config-register 0x2102
set boot system flash bootflash:
(tell to boot default/first file if the one we specified can't)
reset system
CATOS Useful links:

Software Configuration Guide - Catalyst 4000 Family, 2948G and 2980G

Comparison of the Cisco Catalyst and Cisco IOS Operating Systems for th
e Cisco Catalyst 6500 Series Switch

Best Practices for Catalyst 4500/4000, 5500/5000, and 6500/6000 Series S

witches Running
CatOS Configuration and Management

Best Practices for Catalyst 6500/6000 Series and Catalyst 4500/4000 Serie
s Switches Running Cisco IOS Software

Common CatOS Error Messages on Catalyst 4500/4000 Series Switches

Common CatOS Error Messages on Catalyst 5000/5500 Series Switches

Comparing Layer 2 Operations in CatOS

and Cisco IOS System Software on the Catalyst 6500/6000

Configuring EtherChannel and 802.1Q Trunking

with Catalyst 2948G-L3s and CatOS Based Switches