So you have just cracked open a brand new CISCO device for your organization, and now you need to set it up. Where to begin? I have found myself in this situation many times. The initial commands you give your device will lay a foundation for how you eventually set it up.
I have found that having a standard set of initial commands for new devices speeds up and automates the setup process. Over the years i have put together a number of commands that get my devices ready quickly. These base configurations include things like host name and local user accounts. I use these same basic commands for every new router or switch i setup
I have broken them up into two main categories, check them out below.
Device Names & User Accounts
R1(config)# hostname NetworkNexusRTR
~Change device name to “NetworkNexusRTR”
NetworkNexusRTR(config)# username nexadmin privilege 15 secret strongpass
~creates local user account called “nexadmin” and gives the user highest level privileges of 15 (full administrator). the ‘secret’ key work ensures the password ( in this case strongpass) is not save in clear text
Less Secure option of above command…
NetworkNexusRTR(config)# username nexadmin privilege 15 password strongpass
~Here the password keyword will create a password and save it as clear text in the running configuration of the router.
Device Access
NetworkNexusRTR(config)# enable secret strongpass
~sets a password on the privileged mode of the device. Remember using secret is safer than using the password keyword.
NetworkNexusRTR(config)# line console 0
~set the preferences for your physical console port.
NetworkNexusRTR(config-line)# login
~tells the router to ask for a password before allowing access to the exec mode
NetworkNexusRTR(config-line)# login local
~allows you to log into via the console port using and local username and password that exists on the device
NetworkNexusRTR(config-line)# exit
NetworkNexusRTR(config)# line vty 0 4
~setup 5 virtual interfaces to allow for remote login. The vty lines are numbered from zero up to 15. A usual practice is to only set 5 vty lines. (At the end of the day you wouldn’t want 15 different sessions into your device at once)
NetworkNexusRTR(config-line)# login local
~allows local accounts to log into the device
NetworkNexusRTR(config-line)# transport input telnet
~specifies that telnet is allowed to access the vty ports
NetworkNexusRTR(config-line)# transport input ssh
~specifies that ssh is also allowed to login via the virtual ports
NetworkNexusRTR(config-line)# exit
Additional Tips
NetworkNexusRTR(config)# no ip domain lookup
~prevents the router from trying to lookup and resolve the domain name of anything you type into the CLI. This is extremely helpful in situations where you mistype something and hit enter. It prevents the router from hanging for a few seconds while it tries to lookup the domain name to ip address mapping. (trust me on this one, it’s a time saver)
NetworkNexusRTR(config)# no service password-encryption
~tells the router not to store any passwords in clear text (will store them as a hash)
To Bring it all Together
The commands above give you a great place to start as you setup your brand new device. They give you a little bit of security to protect access to your device. Apart from the items mentioned above, the following key items should be done to allow proper running of your device.
- Set a management IP address for remote access. (normally set on a loopback, VLAN or physical interface.)
- setup a SSH on your device. in today’s world, the use of telnet is something that should be discouraged because telnet transfers data in plain text. This makes your device vulnerable. SSH is more secure and recommended for remote access to your device. (P.S I will be posting an article on how to setup SSH on your CISCO device soon. Subscribe so you are alerted when it is published.)
- Set descriptions on INTERFACES, names on STATIC ROUTES, descriptions on ACCESS LISTS and names on VLAN’s. This best practice makes it easier to make sense of what’s what when you or another authorized administrator is logged into your device.
Check out one of CISCO’s official guides for router initial configuration.
For more interesting resources check out our resource page.