Tips

vlan.dat.renamed c ngha l g?
Mn mt cu hi ca mt ngi khc :
Switch#show flash:
Directory of flash:/
2 -rwx 616 Mar 1 1993 00:09:55 +00:00 vlan.dat.renamed
4 -rwx 2136 Mar 1 1993 00:09:46 +00:00 config.text.renamed
5 drwx 192 Mar 1 1993 00:08:13 +00:00 c3750-ipbasek9-mz.122-25.SED1
363 -rwx 24 Mar 1 1993 00:09:46 +00:00 private-config.text.renamed
Private-config.text
15998976 bytes total (7266816 bytes free)
Xin hi cc file in m c ngha l g?Ti sao li c cc file ny?Xin cm n!
Hm nay thy bn vui mnh cng mo mui tr li.
Sau khi mnh xa cu hnh switch bng 2 command erase start v delete vlan.dat th
nhng cu hnh ny cha thc s mt hn m n vn cn lu trong flash ca switch.
V i tn thnh vlan.dat.renamed, config.text.renamed
Vic i tn nh vy nhm i ph vi tnh hung anh IT ung ru xn hoc b b
bun qu ngi xa cu hnh switch chi.
Ngy mai tnh li thy hi hn th vn c c hi... quay u l b
Cch quay u rename flash:vlan.dat.renamed flash:vlan.dat
tng t vi cc file khc.
Cho bn , mnh a ra mt v d , bn s hiu r vn hn :
Thit b thc hin : Switch 3560
u tin trn switch mnh to rt nhiu cu hnh v VTP, VLAN ...
Switch(config)#vtp domain CISCO
Changing VTP domain name from NULL to CISCO
Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#vtp password PASSWORD
Setting device VLAN database password to PASSWORD
Switch(config)#int range fa0/1 - 5
Switch(config-if-range)#desc -> Tui thch b tui
Switch(config-if-range)#vlan 2-10,13,69
Switch(config-vlan)#^Z
Switch#sh vtp
00:07:19: %SYS-5-CONFIG_I: Configured from console by
consolestatus
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 16
VTP Operating Mode : Server
VTP Domain Name : CISCO
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 09C 062 0xCB 0xFE 0xB7 089 04A 0xB8
Configuration last modified by 0.0.0.0 at 3-1-93 00:07:19
Local updater ID is 0.0.0.0 (no valid interface found)
Switch#sh vlan sum
Number of existing VTP VLANs : 16
Number of existing extended VLANs : 0 Switch#sh int desc
Interface Status Protocol Description
Vl1 admin down down
Fa0/1 down down -> Tui thch b tui
v hostname
Switch(config)#hostname sw1
sw1(config)#^Z
sw1#
console
sw1#write
Building configuration
[OK]
Quote:
sw1#sh flash
2 -rwx 1216 Mar 01 1993 00:07:19 vlan.dat
3 -rwx 5 Mar 01 1993 00:08:26 private-config.text
5 drwx 192 Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d
85 -rwx 3485 Mar 01 1993 00:08:26 config.text
Sau mnh nhn vo nt mode trn switch 3560, khong 10s v rt ra ( dng reset
li cu hnh)
sw1#
00:09:18: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of
nvram
00:09:18: %EXPRESS_SETUP-6-CONFIG_IS_RESET: The
configuration is reset and the system will now reboot
00:09:19: %SYS-5-RELOAD: Reload requested The switch comes
back up:
Switch uptime is 2 minutes
System returned to ROM by power-on
Quote:
Switch#sh start
startup-config is not present
Code:
Switch#sh flash
2 -rwx
1216
Mar 01 1993 00:07:19 vlan.dat
3 -rwx
5
Mar 01 1993 00:08:26 privateconfig.text.renamed
5 drwx
192
Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d
85 -rwx
3485
Mar 01 1993 00:08:26 config.text.renamed
Quote:
Switch#sh vtp statu
VTP Version : 2
Switch#sh vlan sum
Number of existing extended VLANs : 0
Mnh xin gii thch tnh hung bn gp phi nh sau :
+ Sau khi bn xa ton b cu hnh bng 2 lnh :
erase start + delete vlan.dat
sau bn reload li switch v dng lnh show flash s c kt qu :
Quote:
Switch#show flash:
+ Gii thch v kt qu trn :
1) Khi bn dng lnh earse start bn xa 2 file : config.text v private-config.text ,

c 2 file ny u lu gi cu hnh ca switch
2) KHi dng lnh delete vlan.dat bn xa nhng thit lp v VLAN, VTP ...
=> vn t ra : ti sao nhng file y li chuyn thnh nh th ny
Code:
vlan.dat =========> vlan.dat.renamed
config.text =========> config.text.renamed
private-config.text =========> private-config.text.renamed
P/s : private-config.text c thit b ca cisco dng lu tr "crypto private keys"

( l nhng key dng trong vic chng thc ...)
Thc s bn bn xa cu hnh bng 2 lnh trn, cu hnh ca switch b remove
khi NVRAM nhng n vn cn c lu tr trn FLASH ca Switch nhng vi
tn file b i sang l .... renamed khi hin th trong cu hnh mi.
Trng hp thc t : Gi s hacker tip cn c switch v xa ht cu hnh

bng 2 lnh trn . Khi ta khi ng v thy cu hnh trng trn => hy nh rng
nhng file y cn lu trong flash
y l cc bc dng khi phc li nhng g mt :
Code:
Switch#rename flash:config.text.renamed flash:config.text
Destination filename [config.text]?
y ti th d v rename file config.text , 2 file cn li bn lm tng t
Switch#sh start
Using 3485 out of 524288 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sw1
!
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet0/1
description ->Tui thch b tui
no ip address
no mdix auto
!
description -> Tui thch b tui
no ip address
no mdix auto
..
V iu quan trng nht bn phi dng thm cu lnh ny :
Code:
Switch#copy start run
Sau khi lm 2 bc trn vi tt c 3 file chng ta th reload v xem kt qu :

Switch#reload
Proceed with reload? [confirm]
00:27:04: %SYS-5-RELOAD: Reload requested
And it works:
sw1>en
sw1#sh run
Current configuration : 3512 bytes
!
version 12.1
no service pad
!
hostname sw1
!
!
ip subnet-zero
!
!
!
!
no ip address
================================================== ===
Mt cu hi t ra tip theo cho bn :
th dng lnh sau v xem kt qu :
Code:
sw1(config)#no setup express
Cu ny gip cho hacker c th xa ht nhng file cu hnh cn lu tr trong flash.
Theo nh mnh tham kho th mt s gio trnh official ca cisco thng a ra rt chi
tit v y kin thc v cng ngh m h gii thiu , training nhng li t khi a cho
hc vin nhng ng dng thc t khi i lm .
Nhn y mnh xin demo th topic ny trong phm vi hc ca module BCMSN , mong
cc bn s cng mnh to thnh nhng ti liu tht b ch m khng c sch no c th
cung cp cho ta c v n c xy nn t "kinh nghim xng mu"
Tips 1 :
Trng hp : Chng ta lm LAB vnpro th thy rng mun xa cu hnh vlan th lm
ci cp :
Code:
Switch#delete vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
Switch#
Ri lm tip cu lnh
Code:
Switch#erase startup-config
Erasing the nvram filesystem will remove all configuration files!
Continue? [confirm]
[OK]
Erase of nvram: complete
Sau reload li v dng lnh

Code:
show vlan
kim tra:
1) Nu cp CCENT , mi ngi mt con switch th thy cu hnh sau khi reload
c a v dng default (trng lc khng c g)
2) Nu cp cao hn t, ang hc VTP v cho n chy VTP th thy m ln sau , cu
hnh VLAN cn nguyn.Sau khi c support hoc nghim th ta bit switch ang hc
t nhng thng cng mng => th l ta lm li nhng ln ny ta shutdown tt c cc
port u vi switch khc hoc rt cable
=> Thnh cng : xa ht cu hnh ca switch ri.
Trng hp : Chng ta lm cng ty "phc_p", h thng ang chy ngon lnh gi
lm sau y. Ri vn l ta c bao gi c s thit b u m rt cable hay nu
shutdown th h thng coi nh cng tiu.
Mt anh bn ny ra nh sau :
Quote:
Chng ta cng thc hin vic xa vlan.dat nhng ta chuyn switch sang mode
transparent ri mi reload .
Theo bn th n c vn g khng ?
Mng bn ang dng c th chy bnh thng khng ?
u tin Phc cm n s ng h ca mi ngi cho topic ny, vn mu cht l mng
ang hat ng v ngi qun tr khng mun n b t qun. Tuy nhin , vi trng hp
cng ty "phc_p" bn trn, admin lm nh vy liu c kh khi.
Th m hnh sau :
switch 1 (server)- switch 2(server)- switch 3 (client) cng chy VTP domain v ti switch
1 to vlan 2,3,4
Sau ta chuyn switch2 sang mode transparent. V to trn switch 1 vlan 5
Ta cm 1 PC thuc vlan 5 ca switch 1 c ip l 192.168.1.1/24 v 1 PC thuc vlan 5 ca
switch 3 c ip l 192.168.1.2/24
Cu hi t ra : 2 pc ny c ping thy nhau khng v v sao c hay v sao khng ?
Cu chuyn vui , nghe bun thm nht : " Mt anh bn ca ti, sao mt ln nhu xn
chi 2 chiu m sao tnh dy "m hi m k" qu tri.
1) Chiu 1 : hc ccna c cu lnh ny l thc nht nn dng lun " erase start". Kh ni
nu nh xy ra trng hp ny sau khi l tay th hy copy li " copy run start". AI d anh
ta qunh qun sau " chi chiu cui" => restart li ! Hic !
2) Chiu th 2 : cu lnh m anh ta quen dng lm lab VNPRO nht ngai chiu 1 l "
delete vlan.dat". Nu nh chi chiu 1 m khng c chiu 2 th khi khi ng ln " cn
cht g nh" => Nhng ti khng ng anh y chi c 2 chiu.
Mt xanh nh t chui , anh ta nhanh chng n gp ti, nu khng cu c th coi
nh anh ta " tha h nh gi v". i tht kh.
Nu nh bn v tnh lm vo trng hp trn , hy tham kho bi hng dn sau xem
Thit b thc hin : Switch 3560
u tin trn switch mnh to rt nhiu cu hnh v VTP, VLAN ...
Switch(config)#vtp domain CISCO
Changing VTP domain name from NULL to CISCO
Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#vtp password PASSWORD
Setting device VLAN database password to PASSWORD
Switch(config)#int range fa0/1 - 5
Switch(config-if-range)#desc -> Tui thch b tui
Switch(config-if-range)#vlan 2-10,13,69
Switch(config-vlan)#^Z
Switch#sh vtp
consolestatus
VTP Version : 2
Switch#sh vlan sum
Number of existing extended VLANs : 0 Switch#sh int desc
Interface Status Protocol Description
Vl1 admin down down

v hostname
Switch(config)#hostname sw1
sw1(config)#^Z
sw1#
console
sw1#write
[OK]
Quote:
sw1#sh flash
2 -rwx 1216 Mar 01 1993 00:07:19 vlan.dat
3 -rwx 5 Mar 01 1993 00:08:26 private-config.text
5 drwx 192 Mar 01 1993 00:05:28 c3560-i9-mz.121-19.EA1d
85 -rwx 3485 Mar 01 1993 00:08:26 config.text
Sau mnh nhn vo nt mode trn switch 3560, khong 10s v rt ra ( dng reset
li cu hnh)
sw1#
00:09:18: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of
nvram
00:09:18: %EXPRESS_SETUP-6-CONFIG_IS_RESET: The
configuration is reset and the system will now reboot
00:09:19: %SYS-5-RELOAD: Reload requested The switch comes
back up:
Switch uptime is 2 minutes
System returned to ROM by power-on
Quote:
Switch#sh start
startup-config is not present
Code:
Switch#sh flash
2 -rwx
1216
3 -rwx
5
config.text.renamed
5 drwx
192
Mar 01 1993 00:07:19 vlan.dat

Mar 01 1993 00:08:26 privateMar 01 1993 00:05:28
c3560-i9-mz.121-19.EA1d
85 -rwx
3485
Mar 01 1993 00:08:26
config.text.renamed
Quote:
Switch#sh vtp statu
VTP Version : 2
Switch#sh vlan sum
Number of existing extended VLANs : 0
Mnh xin gii thch tnh hung bn gp phi nh sau :
+ Sau khi bn xa ton b cu hnh bng 2 lnh :
erase start + delete vlan.dat
sau bn reload li switch v dng lnh show flash s c kt qu :
Quote:
Switch#show flash:
+ Gii thch v kt qu trn :
1) Khi bn dng lnh earse start bn xa 2 file : config.text v private-config.text ,

c 2 file ny u lu gi cu hnh ca switch
2) KHi dng lnh delete vlan.dat bn xa nhng thit lp v VLAN, VTP ...
=> vn t ra : ti sao nhng file y li chuyn thnh nh th ny
Code:
vlan.dat =========> vlan.dat.renamed
config.text =========> config.text.renamed
private-config.text =========> private-config.text.renamed
P/s : private-config.text c thit b ca cisco dng lu tr "crypto private keys"

( l nhng key dng trong vic chng thc ...)
Thc s bn bn xa cu hnh bng 2 lnh trn, cu hnh ca switch b remove
khi NVRAM nhng n vn cn c lu tr trn FLASH ca Switch nhng vi
tn file b i sang l .... renamed khi hin th trong cu hnh mi.
Trng hp thc t : Gi s hacker tip cn c switch v xa ht cu hnh

bng 2 lnh trn . Khi ta khi ng v thy cu hnh trng trn => hy nh rng
nhng file y cn lu trong flash
y l cc bc dng khi phc li nhng g mt :
Code:
Switch#rename flash:config.text.renamed flash:config.text
Destination filename [config.text]?
y ti th d v rename file config.text , 2 file cn li bn lm tng t
Switch#sh start
Using 3485 out of 524288 bytes
!
version 12.1
no service pad
!
hostname sw1
!
!
ip subnet-zero
!
!
!
!
description ->Tui thch b tui
no ip address
no mdix auto
!
no ip address
no mdix auto
..
V iu quan trng nht bn phi dng thm cu lnh ny :
Code:
Switch#copy start run
Sau khi lm 2 bc trn vi tt c 3 file chng ta th reload v xem kt qu :

Switch#reload
Proceed with reload? [confirm]
00:27:04: %SYS-5-RELOAD: Reload requested
And it works:
sw1>en
sw1#sh run
Current configuration : 3512 bytes
!
version 12.1
no service pad
!
hostname sw1
!
!
ip subnet-zero
!
!
!
!
no ip address
================================================== ===
Mt cu hi t ra tip theo cho bn :
th dng lnh sau v xem kt qu :
Code:
sw1(config)#no setup express
Cu ny gip cho hacker c th xa ht nhng file cu hnh cn lu tr trong flash.

SW 3550 c th dng chc nng ging Private vlan khng ???
kh lu , ti mi c th m li chui cu hi ny, v th mong y l phn qu m ti
tm c dnh tng nhng ai (khng c tin mua switch 3560) m c switch 3550 vn
c th lm iu m private vlan c th lm.
Private vlan : nm na 2 PC cng 1 vlan , cng subnet khng th truyn thng vi nhau.
nh ngha:: Private vlan cho php mt switch tc bit cc host nh th cc host ny trn
cc vlan khc nhau trong khi vn dng duy nht 1 IP subnet (trch sch BCMSN lab pro
trang 132)
Chng ta cng nhau tho lun cu lnh trn qua bi LAB sau :
Cng ty ti c mt con switch 2950, c 24 port. Yu cu ca ti l khng cho bt c user
no c truyn thng vi nhau nhng chng u c ra internet thng qua port fa0/1.
Vy chng ta s dng chc nng "switchport protected" trong interface mode m khng
cn dng ACLs vi rules nh sau :
+ Nhng port cu hnh Protected s khng th truyn thng vi nhau.
+ Nhng port cu hnh Unprotected (khng c cu hnh cu lnh "switchport protected"
trong interface mode) s c th truyn thng bnh thng vi Protected hoc
Unprotected.
Theo nh David Davis (CCIE #9369, VCP, CISSP, MCSE) , anh ta a ra mt s cu

hi v nu tr li yes trong bt k cu hi no , khi vic chn switch layer 3 cho mng
ca mnh l quyt nh ng :
Do you have a network with a lot of broadcasts that needs better performance?
Do you have subnets and/or VLANs that are currently connected via a router?
Do you need higher performance VLANs?
Do departments need their own broadcast domains for performance or security?
Are you considering implementing VLANs?
first create
squeeze log by erasing the entire device
Error squeezing flash(No space left on device)
Error on database apply 38: NV storage failure
nu l switch tht, bn gii quyt vn bng lnh

squeeze flash:
lnh ny s xa cc file c nh du l "deleted" trong flash v lm cho flash c
thm khng gian.
Sau y l cu hi lin quan n Etherchanel :

Topo :ch c tnh tham kho
Question : Nu nh bn s dng SWitch thuc nhiu hng khc nhau , chng ta s lm g

cc sn phm ny tng thch vi nhau trong khi cu hnh Etherchanel.
Trn tt c cc sn phm:
Cch 1: S dng giao thc chun LACP (802.3ad)
Cch 2: p cc interfaces thuc v 1 FEC s dng mode ON.

Tips

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tips

Uploaded by

Copyright:

Available Formats

vlan.dat.renamed c ngha l g?

1) Khi bn dng lnh earse start bn xa 2 file : config.text v private-config.text ,

P/s : private-config.text c thit b ca cisco dng lu tr "crypto private keys"

Trng hp thc t : Gi s hacker tip cn c switch v xa ht cu hnh

y ti th d v rename file config.text , 2 file cn li bn lm tng t

Sau khi lm 2 bc trn vi tt c 3 file chng ta th reload v xem kt qu :

Cu ny gip cho hacker c th xa ht nhng file cu hnh cn lu tr trong flash.

Sau reload li v dng lnh

Vl1 admin down down

Mar 01 1993 00:07:19 vlan.dat

1) Khi bn dng lnh earse start bn xa 2 file : config.text v private-config.text ,

P/s : private-config.text c thit b ca cisco dng lu tr "crypto private keys"

Trng hp thc t : Gi s hacker tip cn c switch v xa ht cu hnh

y ti th d v rename file config.text , 2 file cn li bn lm tng t

Sau khi lm 2 bc trn vi tt c 3 file chng ta th reload v xem kt qu :

Cu ny gip cho hacker c th xa ht nhng file cu hnh cn lu tr trong flash.

Theo nh David Davis (CCIE #9369, VCP, CISSP, MCSE) , anh ta a ra mt s cu

nu l switch tht, bn gii quyt vn bng lnh

Sau y l cu hi lin quan n Etherchanel :

Question : Nu nh bn s dng SWitch thuc nhiu hng khc nhau , chng ta s lm g

You might also like