When it comes to configuring a new Cisco router, most configurations depend on the type of router and what it will serve. However, each administrator has his or her own "correctly" configuration of each router's command list. The author will share with you the list of ten commands he configured his own router.
When it comes to configuring a new Cisco router, most configurations depend on the type of router and what it will serve. However, there are some things you should configure on every new Cisco router.
Is there a standard for which commands you want Cisco to use on every router? Each administrator has his or her own "correct" commands for each router.
Here is a list of ten commands that I think you should configure on each router (without a special order).
Configure a login account on the router
I highly recommend configuring a real username and password account on your router and switch. Doing so means you need users and passwords to gain access.
Apart from that, I recommend using a secret password for the username, not only a regular password. It uses MD5 encryption method to encrypt passwords and greatly improves security. As an example:
Router(config)# username root secret My$Password
After you have configured a username, you must enable the port that uses that username. For example: Router(config)# line con 0
Router(config-line)# login local
Router(config)# line aux 0
Router(config-line)# login local
Router(config)# line vty 0 4
Router(config-line)# login local
Set a hostname on the router
I guess the default hostname on the router is router. You can keep this default value, and the router will also work normally. However, it makes sense to rename the router and uniquely identify it. As an example:
Router(config)# hostname Router-Branch-23
In addition, you can configure a domain name on the router so that it knows which DNS domain it is in. As an example:
Router-Branch-23(config)# ip domain name
Set passwords for entering privileged mode
When it comes to setting passwords to enter privileged mode, many people think of using the enable password command. However, instead of using this command, I highly recommend using the enable secret command.
This command uses the MD5 encryption method to encrypt the password, so the prompt is not displayed in plain text. As an example:
Router(config)# enable secret My$Password
Encrypt router password
By default, Cisco routers do not encrypt passwords in the configuration. However, you can easily change this. As an example:
Router(config)# service password-encryption
Disable Web Services
Cisco routers also enable web services by default, which is a security risk. If you don't plan to use it, it's better to turn it off. As an example:
Router(config)# no ip http server
Configure DNS, or disable DNS lookup
Let's discuss a minor problem in Cisco routers that I personally think: By default, if a command is accidentally entered in privileged mode, the router thinks you are trying to Telnet to a remote host. However, it performs DNS lookup on what you enter.
If you do not configure DNS on your router, the command prompt will hang until the DNS lookup fails. For this reason, I recommend using one of the two methods below.
One option is to disable DNS. The method is:
Router(config)# no ip domain-lookup
Alternatively, you can correctly configure DNS to point to a real DNS server.
Router(config)# ip name-server
Configure command alias
Many network administrators know the abbreviation (that is, alias) of configuring commands on the router. As an example:
Router(config)# alias exec s sh run
This means that you can now type s without having to type in the full show running-configuration command.
Set the router clock, or configure the NTP server
Most Cisco devices do not have an internal clock. When they start, they don't know how much time is. Even if you set the time, it won't retain that information if you turn off or restart the router.
First set your time zone and daylight saving time. Examples are as follows:
Router(config)# clock timezone CST -6
Router(config)# clock summer-time CDT recurring
Then, to ensure that the router's event message displays the correct time, set the router's clock, or configure an NTP server. An example of setting the clock is as follows:
Router# clock set 10:54:00 Oct 5 2005
If you already have an NTP server on your network (or a router that can access the Internet), you can command the router to use it as a time source. This is your best choice, and when the router starts, it will set the clock through the NTP server. As an example:
Router(config)# ntp server 132.163.4.101
Don't let log messages disturb your configuration process
Another minor problem in Cisco IOS is that when I configure the router, log messages keep popping up on the console interface (probably console port, AUX port or VTY port). To prevent this, you can do so.
So on each port line, I use the log synchronization command. As an example:
Router(config)# line con 0
Router(config-line)# logging synchronous
Router(config)# line aux 0
Router(config-line)# logging synchronous
Router(config)# line vty 0 4
Router(config-line)# logging synchronous
In addition, you can modify the execution timeout of these ports on the ports. For example, let's assume that you want to disable the default ten-minute timeout on the VTY line. Use the exec-timeout 0 0 command in online configuration mode to make the router never exit.
Log system messages in router buffer or system log server
Capturing router errors and events and monitoring the console are key to solving the problem. By default, the router does not send buffered event records to the router memory.
However, you can configure the router to send buffered event records to memory. As an example:
Router(config)# logging buffered 16384
You can also send router events to a system log server. Since the server is outside the router, there is an additional advantage: Event logging will be retained even if the router is powered off
When it comes to configuring a new Cisco router, most configurations depend on the type of router and what it will serve. However, there are some things you should configure on every new Cisco router.
Is there a standard for which commands you want Cisco to use on every router? Each administrator has his or her own "correct" commands for each router.
Here is a list of ten commands that I think you should configure on each router (without a special order).
Configure a login account on the router
I highly recommend configuring a real username and password account on your router and switch. Doing so means you need users and passwords to gain access.
Apart from that, I recommend using a secret password for the username, not only a regular password. It uses MD5 encryption method to encrypt passwords and greatly improves security. As an example:
Router(config)# username root secret My$Password
After you have configured a username, you must enable the port that uses that username. For example: Router(config)# line con 0
Router(config-line)# login local
Router(config)# line aux 0
Router(config-line)# login local
Router(config)# line vty 0 4
Router(config-line)# login local
Set a hostname on the router
I guess the default hostname on the router is router. You can keep this default value, and the router will also work normally. However, it makes sense to rename the router and uniquely identify it. As an example:
Router(config)# hostname Router-Branch-23
In addition, you can configure a domain name on the router so that it knows which DNS domain it is in. As an example:
Router-Branch-23(config)# ip domain name
Set passwords for entering privileged mode
When it comes to setting passwords to enter privileged mode, many people think of using the enable password command. However, instead of using this command, I highly recommend using the enable secret command.
This command uses the MD5 encryption method to encrypt the password, so the prompt is not displayed in plain text. As an example:
Router(config)# enable secret My$Password
Encrypt router password
By default, Cisco routers do not encrypt passwords in the configuration. However, you can easily change this. As an example:
Router(config)# service password-encryption
Disable Web Services
Cisco routers also enable web services by default, which is a security risk. If you don't plan to use it, it's better to turn it off. As an example:
Router(config)# no ip http server
Configure DNS, or disable DNS lookup
Let's discuss a minor problem in Cisco routers that I personally think: By default, if a command is accidentally entered in privileged mode, the router thinks you are trying to Telnet to a remote host. However, it performs DNS lookup on what you enter.
If you do not configure DNS on your router, the command prompt will hang until the DNS lookup fails. For this reason, I recommend using one of the two methods below.
One option is to disable DNS. The method is:
Router(config)# no ip domain-lookup
Alternatively, you can correctly configure DNS to point to a real DNS server.
Router(config)# ip name-server
Configure command alias
Many network administrators know the abbreviation (that is, alias) of configuring commands on the router. As an example:
Router(config)# alias exec s sh run
This means that you can now type s without having to type in the full show running-configuration command.
Set the router clock, or configure the NTP server
Most Cisco devices do not have an internal clock. When they start, they don't know how much time is. Even if you set the time, it won't retain that information if you turn off or restart the router.
First set your time zone and daylight saving time. Examples are as follows:
Router(config)# clock timezone CST -6
Router(config)# clock summer-time CDT recurring
Then, to ensure that the router's event message displays the correct time, set the router's clock, or configure an NTP server. An example of setting the clock is as follows:
Router# clock set 10:54:00 Oct 5 2005
If you already have an NTP server on your network (or a router that can access the Internet), you can command the router to use it as a time source. This is your best choice, and when the router starts, it will set the clock through the NTP server. As an example:
Router(config)# ntp server 132.163.4.101
Don't let log messages disturb your configuration process
Another minor problem in Cisco IOS is that when I configure the router, log messages keep popping up on the console interface (probably console port, AUX port or VTY port). To prevent this, you can do so.
So on each port line, I use the log synchronization command. As an example:
Router(config)# line con 0
Router(config-line)# logging synchronous
[1][2] Next page
Article entry: csh Editor in charge: csh
Router(config)# line aux 0
Router(config-line)# logging synchronous
Router(config)# line vty 0 4
Router(config-line)# logging synchronous
In addition, you can modify the execution timeout of these ports on the ports. For example, let's assume that you want to disable the default ten-minute timeout on the VTY line. Use the exec-timeout 0 0 command in online configuration mode to make the router never exit.
Log system messages in router buffer or system log server
Capturing router errors and events and monitoring the console are key to solving the problem. By default, the router does not send buffered event records to the router memory.
However, you can configure the router to send buffered event records to memory. As an example:
Router(config)# logging buffered 16384
You can also send router events to a system log server. Since the server is outside the router, there is an additional advantage: Event logging will be retained even if the router is powered off
Previous page [1][2]
Article entry: csh Editor in charge: csh