Cisco Network Device Configuration: Security, VLANs, Routing

Classified in Training and Employment Advise

Written on in English with a size of 6.54 KB

Basic Switch Security Configuration

These commands establish fundamental security measures on a Cisco switch (S1).

S1(config)# enable secret class

Sets an encrypted password for privileged EXEC mode.

S1(config)# line con 0
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# exit

Configures a password for console access.

S1(config)# banner motd #AUTHORIZED ACCESS ONLY#

Displays a Message of the Day banner upon login.

VTY Line Access Setup

Configures Virtual Teletype (VTY) lines for remote access.

S1(config)# line vty 0 4
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# end

Enable Password Encryption

Encrypts all plaintext passwords in the configuration.

R1(config)# service password-encryption

IPv6 Router Configuration

Configures IPv6 on a router interface and enables global unicast routing.

R1(config)# interface g0/0
R1(config-if)# ipv6 address fe80::1 link-local
R1(config)# ipv6 unicast-routing

Secure Shell (SSH) and User Management

Steps to secure remote access using SSH and manage local user accounts.

Router(config)# hostname R1

Sets the device hostname.

R1(config)# ip domain-name ccna-lab.com

Required for SSH key generation.

R1(config)# crypto key generate rsa modulus 1024

Generates RSA keys for SSH.

R1(config)# username admin privilege 15 secret adminpass

Creates a local user with full administrative privileges.

R1(config)# line vty 0 4
R1(config-line)# transport input telnet ssh
R1(config-line)# login local
R1(config-line)# end

Configures VTY lines to accept both Telnet and SSH, using local authentication.

VLAN and Switched Virtual Interface (SVI) Setup

Configuring VLAN 99 and its corresponding SVI on the switch.

S1(config)# vlan 99
S1(config-vlan)# exit
S1(config)# interface vlan99

Note: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to down (Informational message)

S1(config-if)# ip address 192.168.1.2 255.255.255.0
S1(config-if)# no shutdown

Assigning Access Ports to VLAN 99

Assigns a range of FastEthernet and GigabitEthernet ports to VLAN 99.

S1(config)# interface range f0/1 – 24,g0/1 - 2
S1(config-if-range)# switchport access vlan 99
S1(config-if-range)# exit

Enhanced Console Line Configuration

Further configures the console line, adding synchronous logging.

S1(config)# line con 0
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# logging synchronous
S1(config-line)# exit

Extended VTY Line Configuration

Extends VTY line configuration to a broader range of lines.

S1(config)# line vty 0 15
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# end

MAC Address Table Management

Commands for viewing and configuring MAC address table entries.

S1# show mac address-table dynamic

Displays dynamically learned MAC addresses.

S1(config)# mac address-table static 0050.56BE.6C89 vlan 99 interface fastethernet 0/6

Adds a static MAC address entry to the table.

Shutting Down Interface Range

Disables a range of FastEthernet interfaces.

S1(config)# interface range f0/1 – 4
S1(config-if-range)# shutdown

Switch Port Security Implementation

Configures port security on an interface to control MAC addresses.

S1(config)# interface f0/5
S1(config-if)# switchport port-security
S1(config-if)# switchport port-security mac-address xxxx.xxxx.xxxx
S1(config-if)# switchport port-security mac-address sticky

Enables port security, specifies a static MAC, and enables sticky learning.

S1# show port-security
S1# show port-security address

Verification commands for port security status.

VLAN Creation and Naming

Creates new VLANs and assigns names for better organization.

S1(config)# vlan 10
S1(config-vlan)# name Student
S1(config-vlan)# vlan 20
S1(config-vlan)# end

Assigning Port F0/6 to VLAN 10

Configures FastEthernet 0/6 as an access port in VLAN 10.

S1(config)# interface f0/6
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10

Assigning Port Range F0/11-24 to VLAN 10

Configures a range of FastEthernet ports as access ports in VLAN 10.

S1(config)# interface range f0/11-24
S1(config-if-range)# switchport mode access
S1(config-if-range)# switchport access vlan 10
S1(config-if-range)# end

Inter-VLAN Routing: Router-on-a-Stick

Configuring a router for inter-VLAN communication using a single physical interface.

Router-on-a-Stick Subinterface Setup

Creates a subinterface for VLAN 1 and configures its IP address.

R1(config)# interface g0/1.1
R1(config-subif)# encapsulation dot1Q 1
R1(config-subif)# ip address 192.168.1.1 255.255.255.0

Static Route Configuration

Defines a static route on the router to reach a specific network.

R1(config)# ip route 192.168.1.0 255.255.255.0 10.1.1.2
Karma: 6%
Visits: 0

Related entries:

Tags:
network configuration port security VLANs IPv6 Router-on-a-Stick SSH inter-VLAN routing Cisco IOS switch setup router setup static routes