07-13-2015 01:50 PM - edited 03-03-2019 07:55 AM
Hi,
Wondering if anyone has seen a cheat sheet/checklist when initally configuring a new switch or router. For instance:
etc., etc.
Thank you,
John
Solved! Go to Solution.
07-13-2015 05:43 PM
Hi John,
Here are some basic commands for configuring Switch/Routers:
Router/Switch Hostname:
Router1>enable
Router1#configure terminal
Router1(config)# hostname JohnsRouter
1
2 | SW1(config)# enable secret cisco ! MD5 hash SW1(config)# enable password notcisco ! Clear text |
1
2
3 | SW1(config)# line con 0 SW1(config-line)# password cisco SW1(config-line)# login |
1
2
3 | SW1(config)# line vty 0 4 SW1(config-line)# password cisco SW1(config-line)# login |
1 | SW1(config)# service password-encryption |
1
2
3
4
5 | SW1(config)# banner motd $ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- UNAUTHORIZED ACCESS IS PROHIBITED -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ |
1
2
3 | SW1(config)# interface vlan 1 SW1(config-if)# ip address 172.16.1.11 255.255.255.0 ! or DHCP SW1(config-if)# no shutdown |
1 | SW1(config)# ip default-gateway 172.16.1.1 |
1
2
3
4
5
6
7
8
9 | SW1# copy running-config startup-config Destination filename [startup-config]? ! Press enter to confirm file name. Building configuration… [OK] ! Short for write memory. SW1# wr Building configuration… [OK] |
name lookup, history, exec-timeout and logging behavior…, also valid for line con 0.
1
2
3
4
5 | SW1(config)# no ip domain-lookup SW1(config)# line vty 0 4 SW1(config-line)# history size 15 SW1(config-line)# exec-timeout 10 30 SW1(config-line)# logging synchronous |
1 | SW1(config)# ip domain-name example.com |
1 | SW1(config)# username admin password cisco |
The size of the key modulus in the range of 360 to 2048
1
2 | SW1(config)# crypto key generate rsa How many bits in the modulus [512]: 1024 |
1 | SW1(config)# ip ssh version 2 |
1
2
3
4 | SW1(config)# line vty 0 4 SW1(config-line)# login local ! You can set vty lines to use only telnet or only ssh or both as in the example. SW1(config-line)# transport input telnet ssh |
Used to create shortcuts for long commands.
1
2
3 | SW1(config)# alias exec c configure terminal SW1(config)# alias exec s show ip interface brief SW1(config)# alias exec sr show running-config |
1
2
3
4
5
6 | SW1(config)# interface fastEthernet 0/1 SW1(config-if)# description LINK TO INTERNET ROUTER SW1(config-if)# speed 100 ! Options: 10, 100, auto ! The range keyword used to set a group of interfaces at once. SW1(config)# interface range fastEthernet 0/5 – 10 SW1(config-if-range)# duplex full (options: half, full, auto) |
Router Interface Config:
Router1>enable
Router1#configure terminal
Router1(config)#interface FastEthernet0/0
Router1(config-if)#description Private LAN
Router1(config-if)#speed 100
Router1(config-if)#duplex full
Router1(config-if)#ip address 192.168.1.1 255.255.255.0 **can be Any IP
Router1(config-if)#no shutdown
Please rate if you find helpful..
Thanks,
Allen
07-14-2015 04:29 AM
for line vty recommend
access-list 30 remark === ACL VTY MGMT ===
access-list 30 permit XX.XX.XX.XX XX.XX.XX.XX
line con 0
exec-timeout 5 0
privilege level 15
login authentication NOTACACS
stopbits 1
line vty 0 4
exec-timeout 5 0
access-class 30 in
transport input ssh
line vty 5 15
access-class 30 in
transport input ssh
for access switch, for exemplo PC+phone:
switchport access vlan x
switchport mode access
switchport voice vlan y
switchport port-security maximum 2
switchport port-security
switchport port-security violation shutdown
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
storm-control broadcast level 20.00
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard loop
Please rate if you find helpful..
Thanks,
TM
07-13-2015 05:43 PM
Hi John,
Here are some basic commands for configuring Switch/Routers:
Router/Switch Hostname:
Router1>enable
Router1#configure terminal
Router1(config)# hostname JohnsRouter
1
2 | SW1(config)# enable secret cisco ! MD5 hash SW1(config)# enable password notcisco ! Clear text |
1
2
3 | SW1(config)# line con 0 SW1(config-line)# password cisco SW1(config-line)# login |
1
2
3 | SW1(config)# line vty 0 4 SW1(config-line)# password cisco SW1(config-line)# login |
1 | SW1(config)# service password-encryption |
1
2
3
4
5 | SW1(config)# banner motd $ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- UNAUTHORIZED ACCESS IS PROHIBITED -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ |
1
2
3 | SW1(config)# interface vlan 1 SW1(config-if)# ip address 172.16.1.11 255.255.255.0 ! or DHCP SW1(config-if)# no shutdown |
1 | SW1(config)# ip default-gateway 172.16.1.1 |
1
2
3
4
5
6
7
8
9 | SW1# copy running-config startup-config Destination filename [startup-config]? ! Press enter to confirm file name. Building configuration… [OK] ! Short for write memory. SW1# wr Building configuration… [OK] |
name lookup, history, exec-timeout and logging behavior…, also valid for line con 0.
1
2
3
4
5 | SW1(config)# no ip domain-lookup SW1(config)# line vty 0 4 SW1(config-line)# history size 15 SW1(config-line)# exec-timeout 10 30 SW1(config-line)# logging synchronous |
1 | SW1(config)# ip domain-name example.com |
1 | SW1(config)# username admin password cisco |
The size of the key modulus in the range of 360 to 2048
1
2 | SW1(config)# crypto key generate rsa How many bits in the modulus [512]: 1024 |
1 | SW1(config)# ip ssh version 2 |
1
2
3
4 | SW1(config)# line vty 0 4 SW1(config-line)# login local ! You can set vty lines to use only telnet or only ssh or both as in the example. SW1(config-line)# transport input telnet ssh |
Used to create shortcuts for long commands.
1
2
3 | SW1(config)# alias exec c configure terminal SW1(config)# alias exec s show ip interface brief SW1(config)# alias exec sr show running-config |
1
2
3
4
5
6 | SW1(config)# interface fastEthernet 0/1 SW1(config-if)# description LINK TO INTERNET ROUTER SW1(config-if)# speed 100 ! Options: 10, 100, auto ! The range keyword used to set a group of interfaces at once. SW1(config)# interface range fastEthernet 0/5 – 10 SW1(config-if-range)# duplex full (options: half, full, auto) |
Router Interface Config:
Router1>enable
Router1#configure terminal
Router1(config)#interface FastEthernet0/0
Router1(config-if)#description Private LAN
Router1(config-if)#speed 100
Router1(config-if)#duplex full
Router1(config-if)#ip address 192.168.1.1 255.255.255.0 **can be Any IP
Router1(config-if)#no shutdown
Please rate if you find helpful..
Thanks,
Allen
07-14-2015 04:29 AM
for line vty recommend
access-list 30 remark === ACL VTY MGMT ===
access-list 30 permit XX.XX.XX.XX XX.XX.XX.XX
line con 0
exec-timeout 5 0
privilege level 15
login authentication NOTACACS
stopbits 1
line vty 0 4
exec-timeout 5 0
access-class 30 in
transport input ssh
line vty 5 15
access-class 30 in
transport input ssh
for access switch, for exemplo PC+phone:
switchport access vlan x
switchport mode access
switchport voice vlan y
switchport port-security maximum 2
switchport port-security
switchport port-security violation shutdown
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
storm-control broadcast level 20.00
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard loop
Please rate if you find helpful..
Thanks,
TM
07-14-2015 09:07 AM
I appreciate the information.
08-12-2015 09:50 AM
This discussion has been reposted from Additional Communities to the Other Network Infrastructure Subjects community.
07-13-2015 05:53 PM
In addition for NTP, and logging:
Router(config)#logging buffered 512000
Router(config)#service timestamps debug datetime msec localtime show-timezone year
Router(config)#service timestamps log datetime msec localtime show-timezone year
Router(config)#clock timezone PDT -8
Router(config)#clock summer-time PDT recurring
Router(config)#service sequence-numbers
Router(config)#ntp server 209.151.225.100
SNMP:
snmp-server community {password} RO
- sets a community string with Read Only privilege.no snmp-server community {password}
- removes a community string.Please rate if you find helpful..
Thanks,
Allen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide