• Home
• Courses
• Tests
• Useful
• Articles
• About

Sponsored Links

Our Articles

• L2 switches with PoE.
  CE500 & Cat.2960

Search

Support us

If you are interested in supporting our work and would like to contribute, you are welcome to make a small donation. Please contact us for more details!

If you have a private blog or you are participating in some community, feel free to post a link to this site or any part of it! It will be a great help and will surely be appreciated.

Thank you!

Pure PoE L2 Switch. Catalyst Express 500 pseudo CLI. Alternatives?

Based on the consideration of Cisco for the network architecture, all services which the end user employs are based on Layer 2 connectivity. This is shown on the figure below:

There are a lot of features offered in the so called Access Layer. For example, the IP Telephony service is such a service, based on Access Layer. Still the IP Telephones need a power supply. Well, thanks to 802.3af standard, we can spare the power supply modules and their cables and power on the end devices in the Access Layer directly through the Ethernet cable.

So far, so good. Recently Cisco was offering only Layer 3 PoE switches – something, which contradicts to the design and architecture theory of a network. Why is needed to use Layer 3 devices in the Acces Layer (L2)?

In 2005 most probably Cisco realized this gap in the range of products and launched on the market the Cisco Catalyst Express 500 switch. One not bad switch, regarding the facts that it is a pure Layer 2 switch and has PoE. Compared to the cheapest L3 option from Cisco, the price of CE500 is almost half. Whatever, Cisco positioned this switch in SMB market and the biggest consumers of PoE compatible devices were forced to continue buying the higher class switches, which correspondingly are more expensive. On the other hand CE500 occurred to be one untypical Cisco product – only web interface for management, no possibility for Telnet or SSH, restricted options for security and administration.

We decided to play with such a switch, trying to squeeze the maximum out of it and make it more “Cisco friendly”, having in mind that every Cisco administrator with a good self esteem would prefer CLI to web.

As per Cisco Catalyst Express 500 Q&A:

Q. Is there a command-line interface (CLI) on the Cisco Catalyst Express 500 Series Switches?
A. No, these switches cannot be managed through a CLI.

Q. Are there plans to add a CLI or Telnet to Cisco Catalyst Express 500 Series Switches?
A. No, there are no plans to add a CLI or Telnet to these switches.

Q. Are you sure?!

If you have an IOS for such a switch, you can unpack it and take a look what is inside. One quick look through the web source files show something interesting.
For example:

<textarea style="display:none; visibility:hidden;" name="DEFAULT_GATEWAY"><!--#exec cmd="show ip default-gateway"--></textarea>

<textarea style="display:none; visibility:hidden;" name="SETUP_MODE"><!--#exec cmd="show consoleless-access platform-data"--></textarea>

<textarea style="display:none; visibility:hidden;" name="ENABLE_TELNET_STATUS"><!--#exec cmd='show running-config | inc enable secret [0-9] |line vty | password'--></textarea>

<textarea style="display:none; visibility:hidden;" name="IP_INT_DETAIL"><!--#exec cmd='show ip interface | inc line protocol is | Internet address is | Address determined'--></textarea>

<textarea style="display:none; visibility:hidden;" name="SECURE_PORT"><!--#exec cmd='show running-config | inc ip http secure-port'--></textarea>

<textarea style="display:none; visibility:hidden;" name="SERVER_PORT"><!--#exec cmd='show running-config | inc ip http port'--></textarea>

<textarea style="display:none; visibility:hidden;" name="DHCP_INT"><!--#exec cmd='show running-config | inc interface Vlan| ip address dhcp'--></textarea>

It looks like that the web interface itself doesn’t do anything else, than generate and execute commands like in CLI. Quite an interesting trick. So, busted!
Did you set up an IP address of your switch? Ok, try to load the URL into your browser like the following:

http://ip_addres_ce500/exec/

Isn’t that the well known web interface for administration of routers, switches, APs etc.? Note that the URL, which you execute, will redirect you directly in security level 15, i.e. we should have the possibility to setup everything from here :-)
It seems like that this web GUI for administration is build into the switch, because if we execute the «sh flash» command through it, the result is:

OutputCommand base-URL was: /level/15/exec/-
Complete URL was: /level/15/exec/-/sh/flash/CR
Command was: sh flash

Directory of flash:/

2 -rwx 616 Mar 1 1993 00:01:54 +00:00 vlan.dat

10579968 bytes total (10577920 bytes free)

We’ve uploaded to our switch an IOS with crypto features, which supports https. If you have a basic knowledge in JavaScript and HTML, you can play a little bit with the code of the web interface and change it, so that the interface itself will alert the generated commands which will be executed. The web GUI itself is stored in a folder into the flash. Still the strange thing is that there are a lot of comments and peaces of code, related to Telnet and SSH. We still wonder if someday there will be released a real IOS supporting CLI for this nice switch?
Here is the result of executing the «sh run» command on a brand new CE500 switch.

OutputCommand base-URL was: /level/15/exec/-
Complete URL was: /level/15/exec/-/sh/run/CR
Command was: sh run

Building configuration...

Current configuration : 1960 bytes
! THIS FILE HAS BEEN GENERATED BY THE GUI.
! ANY CHANGES TO THIS FILE MAY RESULT IN INCORRECT SWITCH BEHAVIOR.
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
no aaa new-model
vtp mode transparent
ip subnet-zero
!
ip dhcp pool mgmt_pool
network 169.254.0.0 255.255.255.248
default-router 169.254.0.1
dns-server 169.254.0.1
lease 0 0 1
!
ip arp inspection vlan 1000

ip arp inspection vlan 1000 logging dhcp-bindings none
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
no file verify auto
!
mac access-list extended nonip
permit any any 0x800 0x0
permit any any 0x806 0x0
permit any any 0x836 0x0
no mac authentication
mac authentication table version 0
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 1000
name xsetup_vlan
!
interface FastEthernet1
switchport access vlan 1000
switchport mode access
ip arp inspection trust
spanning-tree portfast
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface FastEthernet10
!
interface FastEthernet11
!
interface FastEthernet12
!
interface FastEthernet13
!
interface FastEthernet14
!
interface FastEthernet15
!
interface FastEthernet16
!
interface FastEthernet17
!
interface FastEthernet18
!
interface FastEthernet19
!
interface FastEthernet20
!
interface FastEthernet21
!
interface FastEthernet22
!
interface FastEthernet23
!
interface FastEthernet24
!
interface GigabitEthernet1
!
interface GigabitEthernet2
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan1000
ip address 169.254.0.1 255.255.255.248
no ip route-cache
!
ip http server
!
control-plane
!
!
line con 0
line vty 5 15
!
End

We even have a <con 0> interface, though without physical end. We have tried to setup the <line vty 0 4> interfaces (which are not visible here, but there are options for their setup). They appear in our configuration, but TCP port 23 did not open. Because our IOS is with crypto enabled, we have tried to setup a SSH. The hostname and the domain name were adjusted and we have generated the crypto keys. If you execute the «sh ip ssh» command, you will notice that there is a SSH server started, but if you do a port scan to the switch, TCP port 22 is not open.

Well, at least you have basic guidelines for managing (playing) with this switch and we are sure that this web base pseudo CLI will be much more convenient for most of you. Just don’t forget the warning message on the top of the generated configuration, namely:

! THIS FILE HAS BEEN GENERATED BY THE GUI.
! ANY CHANGES TO THIS FILE MAY RESULT IN INCORRECT SWITCH BEHAVIOR.

IN ADVANCE

And still if you are looking for a PoE Cisco switch, do not hurry with your decision! Here is news from the kitchen. Cisco will finally release PoE switches from the 2960 series. Most probably the following models will be launched:

• WS-C2960-24PC-L - 24-port 10/100 PoE (15.4W) + 2-port 10/100/1000 or SFP
• WS-C2960-24LT-L - 24-port 10/100 (8-port PoE, 15.4W ) + 2-port 10/100/1000
• WS-C2960PD-8TT-L - 8-port 10/100 + 1-port 10/100/1000 PoE

The listed switches are expected to appear on the market in Feb 2008, but you can order them right now, so pick up your phone and ask your local distributor for them. The most important is that 24 port 2960 PoE switch is expected at a price just $200 more expensive than the standard 24 port CE500 PoE switch.

It seems like that we fixed the disadvantages of CE500 just for little extra cash.

---------------------------------------------------------------------------------------------------
18.01.2008                                                                                          Comments