This HowTo demonstrates how to configure some basic parameters on your Cisco Router or Cisco Switch running IOS. These commands were run on IOS version 12.4-6.T11. This is the standard stuff that I'd typically put on every Cisco Router or Cisco Switch running IOS in the network. 

**Note feel free to post any questions or comments in the Forums section on this site.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2008.10.05 08:49:41 =~=~=~=~=~=~=~=~=~=~=~=
conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Hostname Configuration

yourname(config)#hostname LinuxDynasty-Cisco_1811

SNMP Configuration (For Access from Network Management Tools)

LinuxDynasty-Cisco_1(config)#snmp-server community linux ro
LinuxDynasty-Cisco_1(config)#snmp-server community dynasty rw
LinuxDynasty-Cisco_1(config)#snmp-server ifindex persist

Service Configuration (To hide the passwords when doing a "show run", and
setting the log to show timestamps instead of uptime next to entries)

LinuxDynasty-Cisco_1(config)#service password-encryption
LinuxDynasty-Cisco_1(config)#service timestamps debug datetime msec localtime
LinuxDynasty-Cisco_1(config)#service timestamps log datetime msec localtime

Clock Settings (Configuration for Eastern Standard Time, 5 hour offset from GMT)

LinuxDynasty-Cisco_1(config)#clock timezone EST -5
LinuxDynasty-Cisco_1(config)#clock summer-time EDT recurring
*Oct  5 07:55:58.051: %SYS-6-CLOCKUPDATE: System clock has been updated from 12:55:58 UTC Sun Oct 5 2008 to 07:55:58 EST Sun Oct 5 2008, configured from console by Cisco on console.
LinuxDynasty-Cisco_1(config)#
*Oct  5 08:56:04.423: %SYS-6-CLOCKUPDATE: System clock has been updated from 07:56:04 EST Sun Oct 5 2008 to 08:56:04 EDT Sun Oct 5 2008, configured from console by Cisco on console.

                   
AAA Authentication commands

LinuxDynasty-Cisco_1(config)#aaa new-model

LinuxDynasty-Cisco_1(config)#aaa authentication login default local
LinuxDynasty-Cisco_1(config)#aaa authentication enable default enable line
LinuxDynasty-Cisco_1(config)#username linux privilege 15 password dynasty

VTY Line Authentication Commands

LinuxDynasty-Cisco_1(config)#line vty 0 15
LinuxDynasty-Cisco_1(config-line)#login authentication default
LinuxDynasty-Cisco_1(config-line)#password linux
LinuxDynasty-Cisco_1(config)#enable password dynasty
LinuxDynasty-Cisco_1(config)#enable secret dynasty

The enable secret you have chosen is the same as your enable password.
This is not recommended.  Re-enter the enable secret.

LinuxDynasty-Cisco_1(config)#enable secret dyn@sty

Create Loopback (Best interface to use for NMS's also will use to test AAA configuration)

LinuxDynasty-Cisco_1(config)#interface loopback 0
*Oct  5 09:05:25.067: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to upaddres
LinuxDynasty-Cisco_1(config-if)#ip address 10.10.10.1 255.255.255.255
LinuxDynasty-Cisco_1(config-if)#exit
LinuxDynasty-Cisco_1(config)#exit
LinuxDynasty-Cisco_1811#
*Oct  5 09:05:58.723: %SYS-5-CONFIG_I: Configured from console by Cisco on consoleping 10.10.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Telneting to check AAA configuration and passwords

LinuxDynasty-Cisco_1811#telnet 10.10.1.1
Trying 10.10.1.1 ...
% Connection refused by remote host

Uh-OHHH!!!

LinuxDynasty-Cisco_1811#sho run | begin line vty
line vty 0 4
 access-class 23 in -> AHA! Default configuration has an Access-Class.
 privilege level 15
 password 7 10420017100F
 transport input telnet ssh
line vty 5 15
 access-class 23 in -> Again with the freakin default Access-Class.
 privilege level 15
 password 7 10420017100F
 transport input telnet ssh

Removing Default Access-Class from VTY Lines

LinuxDynasty-Cisco_1811#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
LinuxDynasty-Cisco_1(config)#line vty 0 15
LinuxDynasty-Cisco_1(config-line)#no access-class 23 in
LinuxDynasty-Cisco_1(config-line)#exit
LinuxDynasty-Cisco_1(config)#exit
LinuxDynasty-Cisco_1811#
*Oct  5 09:07:05.695: %SYS-5-CONFIG_I: Configured from console by Cisco on console

Trying Telnet Again - prompt doesn't show because of the console message directly above. I just kept typing :)

telnet 10.10.1.1
Trying 10.10.1.1 ... Open

-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------


User Access Verification

Username: linux
Password:

% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to
use.
 
-----------------------------------------------------------------------

Success!!!!

LinuxDynasty-Cisco_1811#config t
Enter configuration commands, one per line.  End with CNTL/Z.

Now for a Standard Banner

LinuxDynasty-Cisco_1(config)#banner login *This device is the property of LinuxDynasty Inc.
Enter TEXT message.  End with the character '*'.
Unathorized access will be punished to the full extent of the law!*
LinuxDynasty-Cisco_1(config)#^Z
LinuxDynasty-Cisco_1811#
*Oct  5 09:44:18.747: %SYS-5-CONFIG_I: Configured from console by linux on consolexit



LinuxDynasty-Cisco_1811 con0 is now available





Press RETURN to get started.



Session Timeout during a bathroom break. :)





This device is the property of LinuxDynasty Inc.
Unathorized access will be punished to the full extent of the law!

User Access Verification

Username: linux
Password:

LinuxDynasty-Cisco_1811>en
Password:
LinuxDynasty-Cisco_1811#10.10.1.1
Trying 10.10.1.1 ... Open
This device is the property of LinuxDynasty Inc.
Unathorized access will be punished to the full extent of the law!

User Access Verification

Username: linux
Password:

LinuxDynasty-Cisco_1811#

Save your configuratiion by executing the "write memory" command. I didn't because this was a demo. Rebooting without saving will take you back to the factory configuration. Of course, this always happens when you're satisfied with the configuration, and you're off the clock in 5 minutes. hehe

Well, looks like we're good for now. To be continued.......

---

Add this page to your favorite Social Bookmarking websites