Config Register 0xf Cisco 3750
Curtis Cassel
To my best knowledge, the configuration register is unused and most probably non-existent on fixed-configuration Catalyst switches. There is even no config-register command available in the global configuration mode. I suspect that IOS just displays a fixed value to be compatible both with platforms that use the configuration register and those which do not.
As far as my experiences go, there is no confreg or similar command available in the Catalyst bootloader. Note that technically, Catalyst switches do not have ROMMON - rather, they have a basic bootloader. While the ROMMON allows for quite sophisticated debugging and tracing of the IOS operations (provided you also have developer information a particular IOS image build), the Catalyst bootloader is only capable of basic recovery functions.
Performing the password recovery on Catalyst switches is different from routers. With respect to the config register, you do not rewrite its value in the bootloader but instead, you rename the configuration file config.text stored in the FLASH (yes - these Catalysts do not have NVRAM; they only emulate it in FLASH, and the config.text file stands for startup-config) to some other name, and let the switch continue booting. The password recovery procedure on Catalysts does not involve the configuration register at all - at least on fixed-config switches.
As Joe has pointed out very correctly, the value 0xF is a correct configuration register value for a switch. In fact, I haven't seen a 29x0 or 3xx0 switch having a different configuration register value and I even have a feeling that the entire configuration register is there just for compatility with the common IOS code base and it is ignored completely.
This looks fine. I see no reason why the switch wouldn't boot directly to the 12.2(35)SE image on flash. As was statement previously, it would help to see the console output from the switch booting up.
The config register on the 3750 (and other desktop switches) is fixed at 0xF. It cannot be changed, but it is analogous to 0x2102 on other platforms in that it causes the switch to boot from flash, and load the saved config.text.
The 3550 automatically searches for a valid software image from which to boot. The search occurs even if you do not set a boot system statement. Set the boot statement anyway, as a precaution. The command to set a boot system statement is boot system flash: file_name .
Because this platform is self contained, having a config-register is superfluous. In the event of a corrupt image, password recovery, or other need to access the switch rommon-like environment, the mode button on the front of the switch can be used as documented here:
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
The configuration register can be set from configuration mode with the config-register command. From ROMmon, execute the confreg command. Issue the show version command to view the current setup of the configuration register:
The factory-default setup for the configuration register is 0x2102. This indicates that the router must attempt to load a Cisco IOS software image from Flash memory, and load the startup configuration with a console speed of 9600 baud.
If you know the value of your configuration register, you can determine its significance. For information on the configuration register, potential issues, and fixes, collect the output of the show version command, or the show tech-support command, and input into the Cisco CLI Analyzer tool.
If the configuration register value is not known, try to establish a Telnet or console session with the router. You can then check the show version output to determine the value of the configuration register:
If you cannot establish a console session, or if you see only garbage characters, a speed mismatch between the router and the terminal emulation software could be the cause. Try to change the baud rate of your terminal emulation software. Possible rates include 1200, 2400, 4800, 9600, 19200, 38400, 57600, and 115200. Once you establish a session, you can issue the show version command to determine the setup. If the router is in ROMmon mode, you can try to issue the boot command to boot the operating system manually.
I'm trying to find out how to completly default 2 3750 switches. They are 2 that we are taking over and no one can give us any information on them. I have no login in or password. I also have no software that is needed cause i dont know which one to use. I tried Cisco Network assistant but i still can not get in. Any help would be great. Thanks Jon Meeks
This happens on occasion and I have had it happen to me as well. The easiest solution is to enter the break sequence, using a console connection while the switch is powering up. This is usually ctrl+shift+6, but it can also be the actual pause/break key on your keyboard in some platforms if I recall correctly.
Once you have done this, the switch will boot into what is called ROMMON mode, and allow you to change the configuration register code to bypass the startup-config file where the username/password information is located. You can find all the confreg codes in the link below:
Once you have selected the appropriate confreg code (likely 0x2142), you can boot the device and it will be at the factory default configuration. You can either then erase the startup-configuration, or perform a 'copy start run' to load the old running-configuration options. This may be good in case you want to keep the existing configuration, but add a new user with privilege 15 and change the enable secret.
Ok I missed one post when I went to grab food for lunch. So the SW 9K is not extending the VLAN ID 50 from the FGT toward the FAP? Then DHCP on the FGT would never work for the FAP. It has to be on the same L2 network. You have to set DHCP server on the switch where FAP is connected to it via L2 network.
By the way, any FGTs don't support SVI. The vlan interface you configured on LAG interface to the 9K SW is just a subinterface of the LAG. Similar to the good old Cisco 25xx/26xx routers subinterfaces.
To verify L2 connectivity between the FGT to the switches, you can configure L3 interface on SVI (this is an SVI) on those switch then test with ping each other. If those works through the FGT-9K-3750, L2 connectivity should be there. Then needs to suspect the FAP side.
I'm assuming you're using the default config on the FAP so it's trying to pull IP via DHCP over the L2 network you just confirmed.
You can set up a mirror port on the 3750 to sniff what's going on between the FAP and the 3750.
I have created an SVI with an IP in the same range, and no ping is not working, which is bizarre as there is a path all the way through! if I take off the SVI the switch can reach the L3 interface on the Fortigate by using its MGMT ip! so im lost now!
Are you saying ping from SW to FGT works, but opposite direction doesn't work? Or somehow both directions started working?
I would still make sure those packets with "diag sniffer" on the vlan interface. Then check the FAP port with mirroring.
The switch itself (mgmt ip) can ping the Fortigate interface that does the DHCP for the APs, but an SVI on the same subnet as the Fortigate interface cannot. i cannot see any icmp traffic on the fortigate interface
Then when you run "diag sniffer packet FortiAP-MGMT 'net 10.10.50.0/24' 4 0 l" (the last letter is lower-case_'L') then pinged 10.10.50.1 from the switch SVI, you didn't see anything in the sniffing?
And then you opened another session for SSH and run "exe ping 10.10.50.x" (SW SVI's IP), you didn't see anything in the sniffing?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
It is hard to have a working centralized logging environment when you run network devices. Every vendor has his own version and understanding of syslog. Additional most did not speak any kind of structured log format. Some speak some binary format....
So, In order to fix / overwrite the source field of my incoming cisco syslog messages, i wrote the below 3 pipeline rules (per your advice on other similar posts ) and tried each of them one by one yet none of them were able to overwrite the source field. The source in the messages still continues to show as Nov (month) Can you please help what is wrong with the below pipleline rules? Do we need to reboot or run sudo graylog-ctl reconfigure after adding pipeline rules for them take effect ?
64591212e2