Essential Cisco IOS Commands for Network Setup

Classified in Training and Employment Advise

Written on in English with a size of 5.9 KB

Initial Device Naming and Setup

1. Set Device Hostnames

Assign unique hostnames to your network devices for easy identification. In this example, we name the switch ALS and the router HQ.

Switch Configuration (ALS)

Switch> enable
Switch# configure terminal
Switch(config)# hostname ALS
ALS(config)#

Router Configuration (HQ)

Router> enable
Router# configure terminal
Router(config)# hostname HQ
HQ(config)#

Basic Security Hardening

2. Encrypt Passwords

Use the service password-encryption command to encrypt all plaintext passwords in the running configuration.

ALS(config)# service password-encryption

3. Set a Secure Enable Password

Configure a strong, encrypted password for privileged EXEC mode using enable secret.

ALS(config)# enable secret adap$$1

4. Disable Unwanted DNS Lookups

Prevent the device from attempting to resolve mistyped commands as domain names.

ALS(config)# no ip domain-lookup

5. Configure a Login Banner (MOTD)

Set a "Message of the Day" banner to display a warning to unauthorized users upon connection.

ALS(config)# banner motd #Acceso restringido a la línea de consola#

6. Secure the Console Port

Set a password for console line access to protect the device from unauthorized physical access.

ALS(config)# line console 0
ALS(config-line)# password C1sco1
ALS(config-line)# login

7. Secure Virtual Terminal (VTY) Lines

Set a password for remote access lines (like Telnet or SSH) to secure remote management.

ALS(config)# line vty 0 14
ALS(config-line)# password C1sco2
ALS(config-line)# login

8. Enable Synchronous Logging

Prevent console messages from interrupting your command input by synchronizing log messages with the command line.

ALS(config)# line console 0
ALS(config-line)# logging synchronous

Network Interface and Connectivity Configuration

9. Configure the Switch Management Interface

Assign an IP address to a Switch Virtual Interface (SVI), typically VLAN 1, to allow for remote management. Also, set a default gateway for the switch.

ALS(config)# interface vlan 1
ALS(config-if)# ip address 192.168.1.100 255.255.255.0
ALS(config-if)# no shutdown
ALS(config-if)# exit
ALS(config)# ip default-gateway 192.168.1.1

Note: The original subnet mask 255.255.0.0 was likely a typo and has been corrected to 255.255.255.0 to match the gateway and router interface.

10. Configure the Router Interface

Assign an IP address to the router's Gigabit Ethernet interface and enable it.

HQ(config)# interface g0/1
HQ(config-if)# ip address 192.168.1.1 255.255.255.0
HQ(config-if)# no shutdown

11. Configure End Devices

Manually configure the network settings for all end devices (PCs, Servers, Access Points).

  • IP Address, Subnet Mask, and Default Gateway: Assign appropriate values for each device.
  • DNS Server: Set the DNS server to 192.168.1.254 (the server's IP address).
  • Access Point (AP): Configure the AP with a static IP address. Set both the primary and static DNS to the server's IP address (192.168.1.254).

Server and Service Configuration

12. Configure Server Services (DNS & HTTP)

On the server with the IP address 192.168.1.254, perform the following actions:

  1. Enable the DNS service.
  2. Create an 'A' record for www.inacap.cl pointing to the address 192.168.1.254.
  3. Activate the HTTP and HTTPS services to host the website.

13. Test Network Connectivity

Verify that all devices can communicate with each other. Use tools like ping to test connectivity between PCs, the server, the switch, and the router.

Advanced Configuration and Management

14. Back Up the Configuration using TFTP

Enable the TFTP service on the server and copy the switch's startup configuration to the TFTP server for backup.

ALS# copy startup-config tftp:

15. Enable Secure Shell (SSH) Access

Configure SSH for secure remote management, which is a more secure alternative to Telnet.

  1. Create a local user: Set up a username with the highest privilege level (15) and a secret password.
    ALS(config)# username cisco privilege 15 secret cisco
  2. Set a domain name: This is required to generate RSA keys.
    ALS(config)# ip domain-name Inacap.cl
  3. Generate RSA crypto keys: These keys are used for the encryption process. A key size of 1024 bits is a common choice.
    ALS(config)# crypto key generate rsa
...
1024
  4. Configure SSH settings: Enforce SSH version 2 and set parameters for authentication retries and session timeout.
    ALS(config)# ip ssh version 2
ALS(config)# ip ssh authentication-retries 3
ALS(config)# ip ssh time-out 30

16. Configure Wireless Network

Set up the wireless network on the Access Point and configure client devices.

  • On the Wireless AP:
    • Set the SSID (network name) to Redes.
    • Enable WPA2 security.
    • Set the pre-shared key (password) to 1234567890.
  • On the Notebook:
    • Ensure the correct wireless network card is installed.
    • If using DHCP, disable and re-enable the network adapter to obtain a new IP address and connect to the wireless network.
Karma: 6%
Visits: 0

Related entries:

Tags:
password encryption IP address default gateway router configuration Cisco IOS enable secret VTY security VLAN interface banner motd TFTP backup switch configuration hostname SSH configuration console security