Cisco Route/Switch Checklist

BobMeadBobMead ■■■□□□□□□□Posts: 55Member ■■■□□□□□□□
Anyone have a list on steps you do to support all Cisco devices you deploy. I'm trying to build a master list of best practices for router and switch deployment. Let me know what you would add as well. Now I know some commands may not be the best security practice but a list of options for Network Engineers to deploy & tshoot cisco installations.

Cisco Router Configuration Commands



[TH="width: 214"]Requirement[/TH]
[TH="width: 262"]Cisco Command[/TH]


Set a console password to cisco
Router(config)#line con 0
Router(config-line)#login
Router(config-line)#password cisco


Set a telnet password
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password cisco


Stop console timing out
Router(config)#line con 0
Router(config-line)#exec-timeout 0 0


Set the enable password to cisco
Router(config)#enable password cisco


Set the enable secret password to peter. This password overrides the enable password and is encypted within the config file
Router(config)#enable secret peter


Enable an interface
Router(config-if)#no shutdown


To disable an interface
Router(config-if)#shutdown


Set the clock rate for a router with a DCE cable to 64K
Router(config-if)clock rate 64000


Set a logical bandwidth assignment of 64K to the serial interface
Router(config-if)bandwidth 64
Note that the zeroes are not missing


To add an IP address to a interface
Router(config-if)#ip addr 10.1.1.1 255.255.255.0


To enable RIP on all 172.16.x.y interfaces
Router(config)#router rip
Router(config-router)#network 172.16.0.0


Disable RIP
Router(config)#no router rip


To enable IRGP with a AS of 200, to all interfaces
Router(config)#router igrp 200
Router(config-router)#network 172.16.0.0


Disable IGRP
Router(config)#no router igrp 200


Static route the remote network is 172.16.1.0, with a mask of 255.255.255.0, the next hop is 172.16.2.1, at a cost of 5 hops
Router(config)#ip route 172.16.1.0 255.255.255.0 172.16.2.1 5


Disable CDP for the whole router
Router(config)#no cdp run


Enable CDP for he whole router
Router(config)#cdp run


Disable CDP on an interface
Router(config-if)#no cdp enable

Press RETURN to get started

:roll:

Comments

  • Dieg0MDieg0M Posts: 861Member
    IGRP icon_lol.gif, from what year are these "best practices"?
    Follow my CCDE journey at www.routingnull0.com
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAPosts: 4,117Mod Mod
    The IGRP one made me chuckle a little too.

    I would say that best practices should always include security if you can. Avoid telnet if you can and if you have to go that route, then create a local account and put login local under con and vty lines or use AAA.

    Same with the enable password. Just stick with enable secret.

    Don't even mention RIP. If I was making a **** sheet for newer engineers, I wouldn't want them thinking they have the option of using RIP. I would want them to forget they ever heard of RIP or IGRP.

    Might as well throw in EIGRP, OSPF, and BGP. I'd also mention that EIGRP performs auto-summarization and how to disable that. OSPF and areas. How to manually summarize for EIGRP and OSPF. Different stub types. How to perform secure authentication between IGPs. The basics of eBGP and iBGP, attributes, route filtering, etc. Redistribution basics. For legal purposes, how to configure banners on your equipment. Setting NTP, logging, SNMP traps, Netflow, DHCP, DNS, VTP transparent, NBAR, SVIs, Radius vs TACACS, DHCP snooping, IGMP snooping, STP, commonly used macros, Energywise, VLANs, etc.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • networker050184networker050184 Mod Posts: 11,962Mod Mod
    I think what you are looking for is something like the IOS Cookbook.
    An expert is a man who has made all the mistakes which can be made.
  • fredrikjjfredrikjj Posts: 879Member
    Have the intern plug in the switch and leave the rest to the controller.

    The future is now.
Sign In or Register to comment.