Re: Cisco 3650: Identify necessory files in flash to backup and remove auto qos ACLs and class-maps ...

thulandimuthu · ‎03-22-2018

Hi all,

I have facing few problems with a new cisco 3650 switch, which is running 16.3.5b sw version.

One is, I need to factory reset cisco 3650 switch. I found that there are some default ACLs and Class-maps are in running configurations. So I erased nvram and reloaded the switch. But those configurations still exists. I need to factory reset the switch by removing those ACLs and Class-maps etc. And further more, I guess one or two files in flash cause to load those ACLs and Class-maps to startup configurations. So how to remove them?

Next problem is that there are lots of file in flash. But there is no any single IOS file in flash. I guess switch is in Installation mode. And I could not identify what are necessary files to backup using TFTP server or any other way. Is there any way to bundle them together? And how?

sh version

Switch Ports Model              SW Version        SW Image              Mode
------ ----- -----              ----------        ----------            ----
*    1 28    WS-C3650-24TS      16.3.5b           CAT3K_CAA-UNIVERSALK9 INSTALL

sh flash

Switch#sh flash:
-#- --length-- ---------date/time--------- path
  2   15954556 Jan 20 2018 22:47:39.0000000000 +00:00 cat3k_caa-guestshell.16.03.05b.SPA.pkg
  3   22301472 Jan 20 2018 22:47:37.0000000000 +00:00 cat3k_caa-rpbase.16.03.05b.SPA.pkg
  4  266035828 Jan 20 2018 22:47:39.0000000000 +00:00 cat3k_caa-rpcore.16.03.05b.SPA.pkg
  5    9089660 Jan 20 2018 22:47:38.0000000000 +00:00 cat3k_caa-srdriver.16.03.05b.SPA.pkg
  6  212812400 Jan 20 2018 22:47:38.0000000000 +00:00 cat3k_caa-wcm.16.03.05b.SPA.pkg
  7   13423224 Jan 20 2018 22:47:38.0000000000 +00:00 cat3k_caa-webui.16.03.05b.SPA.pkg
  8       4748 Jan 20 2018 22:48:03.0000000000 +00:00 packages.conf
  9        296 Mar 22 2018 07:59:55.0000000000 +00:00 bootloader_evt_handle.log
 10       4096 Jan 20 2018 22:53:56.0000000000 +00:00 core
 11       4096 Jan 20 2018 22:50:41.0000000000 +00:00 core/modules
 12          1 Mar 22 2018 08:48:17.0000000000 +00:00 core/.callhome
 13       4096 Jan 20 2018 22:50:39.0000000000 +00:00 .prst_sync
 14       4096 Jan 20 2018 22:50:41.0000000000 +00:00 .rollback_timer
 15       4096 Mar 22 2018 08:00:09.0000000000 +00:00 dc_profile_dir
 16     202640 Mar 22 2018 08:00:09.0000000000 +00:00 dc_profile_dir/dc_default_profiles.txt
 17     202640 Mar 22 2018 07:51:19.0000000000 +00:00 dc_profile_dir/dc_default_profiles.txt.bkp
 18       4096 Jan 20 2018 22:50:49.0000000000 +00:00 gs_script
 19      65301 Mar 22 2018 08:00:26.0000000000 +00:00 memleak.tcl
 20       4096 Jan 20 2018 22:51:18.0000000000 +00:00 .installer
 21    2097152 Mar 22 2018 08:03:20.0000000000 +00:00 nvram_config
 22    2097152 Mar 22 2018 08:03:21.0000000000 +00:00 nvram_config_bkup
 23         35 Mar 22 2018 08:16:17.0000000000 +00:00 pnp-tech-time
 24      61540 Mar 22 2018 08:16:20.0000000000 +00:00 pnp-tech-discovery-summary
994168832 bytes available (547434496 bytes used)

lass-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
  description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any system-cpp-police-data
  description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
  description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
  description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
  description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
  description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
  description Routing control
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
!
policy-map port_child_policy
 class non-client-nrt-class
  bandwidth remaining ratio 10
policy-map system-cpp-policy
 class system-cpp-police-data
  police rate 200 pps
 class system-cpp-police-sys-data
  police rate 100 pps
 class system-cpp-police-sw-forward
  police rate 1000 pps
 class system-cpp-police-multicast
  police rate 500 pps
 class system-cpp-police-multicast-end-station
  police rate 2000 pps
 class system-cpp-police-punt-webauth
 class system-cpp-police-l2-control
 class system-cpp-police-routing-control
  police rate 1800 pps
 class system-cpp-police-control-low-priority
 class system-cpp-police-wireless-priority1
 class system-cpp-police-wireless-priority2
 class system-cpp-police-wireless-priority3-4-5
 class system-cpp-police-topology-control
 class system-cpp-police-dot1x-auth
 class system-cpp-police-protocol-snooping
 class system-cpp-police-forus
 class system-cpp-default
!
!

ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
 permit tcp any any eq 22
 permit tcp any any eq 465
 permit tcp any any eq 143
 permit tcp any any eq 993
 permit tcp any any eq 995
 permit tcp any any eq 1914
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 permit tcp any any eq smtp
 permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
 permit udp any any range 16384 32767
 permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 permit tcp any any range 6881 6999
 permit tcp any any range 28800 29100
 permit tcp any any eq 1214
 permit udp any any eq 1214
 permit tcp any any eq 3689
 permit udp any any eq 3689
 permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
 permit tcp any any range 2000 2002
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
 permit tcp any any eq 443
 permit tcp any any eq 1521
 permit udp any any eq 1521
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
 permit udp any any eq 1630
 permit tcp any any eq 1527
 permit tcp any any eq 6200
 permit tcp any any eq 3389
 permit tcp any any eq 5985
 permit tcp any any eq 8080
!
!
!

thulandimuthu · ‎03-22-2018

Anyone???

thulandimuthu · ‎03-26-2018

Anyone with any suggestion?

Owen Mould · ‎10-04-2018

You've probably got your answer already by this time, but for completeness' sake:

The switch is not in installation mode. The IOS is contained in several .pkg files. See packages.conf for details.

I wouldn't bother with the built-in ACLs and class maps. They won't do anything unless you invoke them on an interface or in a policy map and they take up no significant space.

And leave nvram_config alone, it's not hurting anything either and you may need it someday.

Cisco 3650: Identify necessory files in flash to backup and remove auto qos ACLs and class-maps etc.