
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2015 01:50 PM - edited 03-03-2019 07:55 AM
Hi,
Wondering if anyone has seen a cheat sheet/checklist when initally configuring a new switch or router. For instance:
- Confiure hostname
- configure correct passwords
- configure NTP
- SNMP servers
etc., etc.
Thank you,
John
Solved! Go to Solution.
- Labels:
-
Other Networking
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2015 05:43 PM
Hi John,
Here are some basic commands for configuring Switch/Routers:
Router/Switch Hostname:
Router1>enable
Router1#configure terminal
Router1(config)# hostname JohnsRouter
Configuring passwords:
1
2 | SW1(config)# enable secret cisco ! MD5 hash SW1(config)# enable password notcisco ! Clear text |
Securing console port:
1
2
3 | SW1(config)# line con 0 SW1(config-line)# password cisco SW1(config-line)# login |
Securing terminal lines:
1
2
3 | SW1(config)# line vty 0 4 SW1(config-line)# password cisco SW1(config-line)# login |
Encrypting passwords:
1 | SW1(config)# service password-encryption |
Configuring banners:
1
2
3
4
5 | SW1(config)# banner motd $ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- UNAUTHORIZED ACCESS IS PROHIBITED -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ |
Giving the switch an IP address:
1
2
3 | SW1(config)# interface vlan 1 SW1(config-if)# ip address 172.16.1.11 255.255.255.0 ! or DHCP SW1(config-if)# no shutdown |
Setting the default gateway:
1 | SW1(config)# ip default-gateway 172.16.1.1 |
Saving configuration:
1
2
3
4
5
6
7
8
9 | SW1# copy running-config startup-config Destination filename [startup-config]? ! Press enter to confirm file name. Building configuration… [OK] ! Short for write memory. SW1# wr Building configuration… [OK] |
Working environment:
name lookup, history, exec-timeout and logging behavior…, also valid for line con 0.
1
2
3
4
5 | SW1(config)# no ip domain-lookup SW1(config)# line vty 0 4 SW1(config-line)# history size 15 SW1(config-line)# exec-timeout 10 30 SW1(config-line)# logging synchronous |
Configuring switch to use SSH:
- Configure DNS domain name:
1 | SW1(config)# ip domain-name example.com |
- Configure a username and password:
1 | SW1(config)# username admin password cisco |
- Generate encryption keys:
The size of the key modulus in the range of 360 to 2048
1
2 | SW1(config)# crypto key generate rsa How many bits in the modulus [512]: 1024 |
- Define SSH version to use:
1 | SW1(config)# ip ssh version 2 |
- Enable vty lines to use SSH:
1
2
3
4 | SW1(config)# line vty 0 4 SW1(config-line)# login local ! You can set vty lines to use only telnet or only ssh or both as in the example. SW1(config-line)# transport input telnet ssh |
Aliases:
Used to create shortcuts for long commands.
1
2
3 | SW1(config)# alias exec c configure terminal SW1(config)# alias exec s show ip interface brief SW1(config)# alias exec sr show running-config |
Description, speed and duplex:
1
2
3
4
5
6 | SW1(config)# interface fastEthernet 0/1 SW1(config-if)# description LINK TO INTERNET ROUTER SW1(config-if)# speed 100 ! Options: 10, 100, auto ! The range keyword used to set a group of interfaces at once. SW1(config)# interface range fastEthernet 0/5 – 10 SW1(config-if-range)# duplex full (options: half, full, auto) |
Router Interface Config:
Router1>enable
Router1#configure terminal
Router1(config)#interface FastEthernet0/0
Router1(config-if)#description Private LAN
Router1(config-if)#speed 100
Router1(config-if)#duplex full
Router1(config-if)#ip address 192.168.1.1 255.255.255.0 **can be Any IP
Router1(config-if)#no shutdown
Please rate if you find helpful..
Thanks,
Allen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2015 04:29 AM
for line vty recommend
access-list 30 remark === ACL VTY MGMT ===
access-list 30 permit XX.XX.XX.XX XX.XX.XX.XX
line con 0
exec-timeout 5 0
privilege level 15
login authentication NOTACACS
stopbits 1
line vty 0 4
exec-timeout 5 0
access-class 30 in
transport input ssh
line vty 5 15
access-class 30 in
transport input ssh
for access switch, for exemplo PC+phone:
switchport access vlan x
switchport mode access
switchport voice vlan y
switchport port-security maximum 2
switchport port-security
switchport port-security violation shutdown
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
storm-control broadcast level 20.00
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard loop
Please rate if you find helpful..
Thanks,
TM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2015 05:43 PM
Hi John,
Here are some basic commands for configuring Switch/Routers:
Router/Switch Hostname:
Router1>enable
Router1#configure terminal
Router1(config)# hostname JohnsRouter
Configuring passwords:
1
2 | SW1(config)# enable secret cisco ! MD5 hash SW1(config)# enable password notcisco ! Clear text |
Securing console port:
1
2
3 | SW1(config)# line con 0 SW1(config-line)# password cisco SW1(config-line)# login |
Securing terminal lines:
1
2
3 | SW1(config)# line vty 0 4 SW1(config-line)# password cisco SW1(config-line)# login |
Encrypting passwords:
1 | SW1(config)# service password-encryption |
Configuring banners:
1
2
3
4
5 | SW1(config)# banner motd $ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- UNAUTHORIZED ACCESS IS PROHIBITED -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ |
Giving the switch an IP address:
1
2
3 | SW1(config)# interface vlan 1 SW1(config-if)# ip address 172.16.1.11 255.255.255.0 ! or DHCP SW1(config-if)# no shutdown |
Setting the default gateway:
1 | SW1(config)# ip default-gateway 172.16.1.1 |
Saving configuration:
1
2
3
4
5
6
7
8
9 | SW1# copy running-config startup-config Destination filename [startup-config]? ! Press enter to confirm file name. Building configuration… [OK] ! Short for write memory. SW1# wr Building configuration… [OK] |
Working environment:
name lookup, history, exec-timeout and logging behavior…, also valid for line con 0.
1
2
3
4
5 | SW1(config)# no ip domain-lookup SW1(config)# line vty 0 4 SW1(config-line)# history size 15 SW1(config-line)# exec-timeout 10 30 SW1(config-line)# logging synchronous |
Configuring switch to use SSH:
- Configure DNS domain name:
1 | SW1(config)# ip domain-name example.com |
- Configure a username and password:
1 | SW1(config)# username admin password cisco |
- Generate encryption keys:
The size of the key modulus in the range of 360 to 2048
1
2 | SW1(config)# crypto key generate rsa How many bits in the modulus [512]: 1024 |
- Define SSH version to use:
1 | SW1(config)# ip ssh version 2 |
- Enable vty lines to use SSH:
1
2
3
4 | SW1(config)# line vty 0 4 SW1(config-line)# login local ! You can set vty lines to use only telnet or only ssh or both as in the example. SW1(config-line)# transport input telnet ssh |
Aliases:
Used to create shortcuts for long commands.
1
2
3 | SW1(config)# alias exec c configure terminal SW1(config)# alias exec s show ip interface brief SW1(config)# alias exec sr show running-config |
Description, speed and duplex:
1
2
3
4
5
6 | SW1(config)# interface fastEthernet 0/1 SW1(config-if)# description LINK TO INTERNET ROUTER SW1(config-if)# speed 100 ! Options: 10, 100, auto ! The range keyword used to set a group of interfaces at once. SW1(config)# interface range fastEthernet 0/5 – 10 SW1(config-if-range)# duplex full (options: half, full, auto) |
Router Interface Config:
Router1>enable
Router1#configure terminal
Router1(config)#interface FastEthernet0/0
Router1(config-if)#description Private LAN
Router1(config-if)#speed 100
Router1(config-if)#duplex full
Router1(config-if)#ip address 192.168.1.1 255.255.255.0 **can be Any IP
Router1(config-if)#no shutdown
Please rate if you find helpful..
Thanks,
Allen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2015 04:29 AM
for line vty recommend
access-list 30 remark === ACL VTY MGMT ===
access-list 30 permit XX.XX.XX.XX XX.XX.XX.XX
line con 0
exec-timeout 5 0
privilege level 15
login authentication NOTACACS
stopbits 1
line vty 0 4
exec-timeout 5 0
access-class 30 in
transport input ssh
line vty 5 15
access-class 30 in
transport input ssh
for access switch, for exemplo PC+phone:
switchport access vlan x
switchport mode access
switchport voice vlan y
switchport port-security maximum 2
switchport port-security
switchport port-security violation shutdown
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
storm-control broadcast level 20.00
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard loop
Please rate if you find helpful..
Thanks,
TM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2015 09:07 AM
I appreciate the information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2015 09:50 AM
This discussion has been reposted from Additional Communities to the Other Network Infrastructure Subjects community.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2015 05:53 PM
In addition for NTP, and logging:
Router(config)#logging buffered 512000
Router(config)#service timestamps debug datetime msec localtime show-timezone year
Router(config)#service timestamps log datetime msec localtime show-timezone year
Router(config)#clock timezone PDT -8
Router(config)#clock summer-time PDT recurring
Router(config)#service sequence-numbers
Router(config)#ntp server 209.151.225.100
SNMP:
Enabling SNMP
- enable privilege mode
- config terminal
snmp-server community {password} RO
- sets a community string with Read Only privilege.- or
no snmp-server community {password}
- removes a community string.
Please rate if you find helpful..
Thanks,
Allen
