how to setup Cisco Catalyst 2960-X series switch

Recently, i got an EOL Cisco Catalyst 2960-X switch, and this is what i’ve learned about how to set it up from scratch. it seems like the community eschews these because they’re too intimidating, or maybe its just that they’re so proprietary nobody wants to deal with learning such a niche product with so few re-usable applications. i’m gonna figure out why they’re regarded that way, and hopefully overcome whatever it is people are turned off by. this will be a ongoing document as i learn stuff, i will update it here.

step 1: connect to terminal interface with serial

apparently these switches have their own OS with propriety cisco commands that we need to learn. this is probably part of the intimidation factor.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960xr/hardware/quick/guide/b_gsg_2960xr.html

https://www.cisco.com/c/en/us/support/switches/catalyst-2960-x-series-switches/products-installation-and-configuration-guides-list.html

https://www.reddit.com/r/homelab/comments/q6468i/cisco_2960x_noob_configuration_as_unmanaged_poe/

in order to connect to serial from macOS, seems like the best way is to use Screen inside of terminal. seems like step 5 is right what i’m looking for:

also, a homebrew install of putty for mac, or also SerialTools are alternative tools mentioned.

https://www.reddit.com/r/MacOS/comments/17ei5n2/brand_new_mac_user_looking_for_something_akin_to/

step 1a: how ‘screen’ works – some commands:

this is similar to TMUX.

screen -r [session number] to reattach

screen -ls to show all currently running screens

while in a screen, type ctrl+a to get into command mode,

then ctrl+\ to kill session, or,

ctrl+d to detatch screen and get back to regular terminal

step 2: factory reset

The console requires a password to login before anything can work, so if you’re working with some decomm’ed old equipment (like me), now i need to reset to factory defaults to get access.

also, it may be possible to perform a “password recovery” from the console:

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/12040-pswdrec-2900xl.html

factory reset:

https://niksec.com/how-to-reset-cisco-catalyst-2960-switches-to-factory-default

step 2.1 – reset passwords

Frrom the password reset link above, to start, you got to get it to the switch: prompt. and this needs to be done by rebooting it and prevent it from finishing the boot process. there are 4 different passwords that can be reset.

Hold down the ‘mode’ button while you plug it in. For mine here’s what it says:

Release the Mode button when the SYST LED blinks amber and then turns solid green. When you release the Mode button, the SYST LED blinks green.

so if you have a solid green SYST light, then you’re in the correct mode. so now you can go and connect the console terminal again.

type flash_init
instructions from help article say to type “load_helper” but mine says command not found, so i skipped this step. everything seems fine i guess
type dir flash:
- you should see a config.text file in there, that’s the config file that holds the passwords
- there will also be a .bin file, this is the system os, and the name is the identifier for the version revision name/number
Type rename flash:config.text flash:config.old to rename the configuration file.
- doing it this way will preserve the old stuff in case you screw up
type boot
- system will reboot.
type n
- it will ask if you want to go into the wizard, we’re saying no to that
type en
Type rename flash:config.old flash:config.text
type copy flash:config.text system:running-config

this should be the end of wiping out the old stuff, and really we put the config back in place from what we had, but now we are past the authentication and now now since we have access, we need to overwrite the config file with new passwords.

type configure terminal
- your prompt should be ‘Sw1#`
there are a several different passwords you can reset, here’s the choices:
- To overwrite existing secret password
  - Sw1(config)#enable secret <new_secret_password>
- To overwrite existing enable password
  - Sw1(config)#enable password <new_enable_password>
- To overwrite existing vty password
  - Sw1(config)#line vty 0 15
  - Sw1(config-line)#password <new_vty_password>
  - Sw1(config-line)#login
- To overwrite existing console password
  - Sw1(config-line)#line con 0
  - Sw1(config-line)#password <new_console_password>

type “exit” or “end” from any command mode to back out of it and get up one level of mode:

exit — Used to move back one level in the configuration mode hierarchy. The following screenshot shows the admin returning to Privileged Exec mode.

end — Used to immediately return to Privileged EXEC mode from any configuration mode. This is useful for quickly exiting nested configuration levels.

step 2.1.1 – note for how to stay connected throughout reboots

if you connect to a terminal session, and then reboot, the switch will continue to output stuff and you can watch it boot. seems like the switch sets data over the serial bus no matter if anything is connected or not, so you just need to make the client/console computer aware of the connection to keep watching it. its the console that forgets the connection, not the switch.