«
»

Cisco IOS Router Setup

February 14, 2010, 9:56 am by Lamont Granquist

I’ve been a Unix SA/SE for about 16 years and my hands-on knowledge of IOS has always been limited due to limited console time on Cisco routers. However, now I’m studying to get a CCNA. Certificates are kinda lame, but I’ve run into times when it would be useful.

This is going to be a growing list of all the global configuration commands that I come up with that are useful for setting up a router/switch first-time (or for enforcing policy on all routers/switches). It is going to start out fairly sparse.

Basic

hostname <routername>
ip domain-name <dns name>

Sets the hostname and domainname.

Convenience

line console 0
  logging synchronous

Sets synchronous output on the console.

Security

enable password foo
enable secret bar

Sets the enable password, only “enable secret” should be used since it encrypts the password in the config.

service password-encryption

Sets up weak password encryption to obscure passwords in router config.

line vty 0 4
  login
  password foo
  logging synchronous

Set synchronous output on the first 5 telnet vtys and sets a login password for the terminal.

banner login #

    Authorized uses only.  All activity may be monitored and reported.

#

Set a multi-line banner displayed before the password prompt for telnet.

banner motd #

    Authorized uses only.  All activity may be monitored and reported.

#

Set a multi-line banner displayed before the password prompt for telnet *and* on console login (better).

Logging

archive
  log config
    logging enable
    logging size 200
    notify syslog contenttype plaintext
    hidekeys

Sets an archive history of router configuration commands

Time

clock timezone UTC 0

Set the timezone of the router manually.

clock set 02:11:25 Feb 15 2010
clock update-calendar

This is not entered in configuration mode, and sets the software clock and then writes to the hardware clock.

ntp server 10.1.1.1
ntp server 10.1.1.2 prefer
ntp server 10.1.1.3
ntp update-calendar

Set the router to be an NTP client, and use NTP to sync the hardware clock.

DNS

ip nameserver 10.1.1.1
ip nameserver 10.1.1.2

Sets nameservers for DNS queries

ip domain-lookup

Enable DNS lookups. This may be disabled by NEs to avoid command typos from being looked up in DNS, but it globally disables DNS lookups inside commands as well.

Spanning Tree

spanning-tree mode rapid-pvst

Use Rapid-PVST by default everywhere.

SNMP
TACACS

MISC

ip subnet-zero

Allow subnet zero ip addresses.

system mtu jumbo 9000

Set jumbo frames on 3750/3560/49xx switches.

  • Share/Bookmark
Tags:
Category: networking  |  Comment (RSS)  |  Trackback

Leave a Reply