Cisco Route/Switch Checklist
Anyone have a list on steps you do to support all Cisco devices you deploy. I'm trying to build a master list of best practices for router and switch deployment. Let me know what you would add as well. Now I know some commands may not be the best security practice but a list of options for Network Engineers to deploy & tshoot cisco installations.
Cisco Router Configuration Commands
[TH="width: 214"]Requirement[/TH]
[TH="width: 262"]Cisco Command[/TH]
Set a console password to cisco
Router(config)#line con 0
Router(config-line)#login
Router(config-line)#password cisco
Set a telnet password
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password cisco
Stop console timing out
Router(config)#line con 0
Router(config-line)#exec-timeout 0 0
Set the enable password to cisco
Router(config)#enable password cisco
Set the enable secret password to peter. This password overrides the enable password and is encypted within the config file
Router(config)#enable secret peter
Enable an interface
Router(config-if)#no shutdown
To disable an interface
Router(config-if)#shutdown
Set the clock rate for a router with a DCE cable to 64K
Router(config-if)clock rate 64000
Set a logical bandwidth assignment of 64K to the serial interface
Router(config-if)bandwidth 64
Note that the zeroes are not missing
To add an IP address to a interface
Router(config-if)#ip addr 10.1.1.1 255.255.255.0
To enable RIP on all 172.16.x.y interfaces
Router(config)#router rip
Router(config-router)#network 172.16.0.0
Disable RIP
Router(config)#no router rip
To enable IRGP with a AS of 200, to all interfaces
Router(config)#router igrp 200
Router(config-router)#network 172.16.0.0
Disable IGRP
Router(config)#no router igrp 200
Static route the remote network is 172.16.1.0, with a mask of 255.255.255.0, the next hop is 172.16.2.1, at a cost of 5 hops
Router(config)#ip route 172.16.1.0 255.255.255.0 172.16.2.1 5
Disable CDP for the whole router
Router(config)#no cdp run
Enable CDP for he whole router
Router(config)#cdp run
Disable CDP on an interface
Router(config-if)#no cdp enable
Cisco Router Configuration Commands
[TH="width: 214"]Requirement[/TH]
[TH="width: 262"]Cisco Command[/TH]
Set a console password to cisco
Router(config)#line con 0
Router(config-line)#login
Router(config-line)#password cisco
Set a telnet password
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password cisco
Stop console timing out
Router(config)#line con 0
Router(config-line)#exec-timeout 0 0
Set the enable password to cisco
Router(config)#enable password cisco
Set the enable secret password to peter. This password overrides the enable password and is encypted within the config file
Router(config)#enable secret peter
Enable an interface
Router(config-if)#no shutdown
To disable an interface
Router(config-if)#shutdown
Set the clock rate for a router with a DCE cable to 64K
Router(config-if)clock rate 64000
Set a logical bandwidth assignment of 64K to the serial interface
Router(config-if)bandwidth 64
Note that the zeroes are not missing
To add an IP address to a interface
Router(config-if)#ip addr 10.1.1.1 255.255.255.0
To enable RIP on all 172.16.x.y interfaces
Router(config)#router rip
Router(config-router)#network 172.16.0.0
Disable RIP
Router(config)#no router rip
To enable IRGP with a AS of 200, to all interfaces
Router(config)#router igrp 200
Router(config-router)#network 172.16.0.0
Disable IGRP
Router(config)#no router igrp 200
Static route the remote network is 172.16.1.0, with a mask of 255.255.255.0, the next hop is 172.16.2.1, at a cost of 5 hops
Router(config)#ip route 172.16.1.0 255.255.255.0 172.16.2.1 5
Disable CDP for the whole router
Router(config)#no cdp run
Enable CDP for he whole router
Router(config)#cdp run
Disable CDP on an interface
Router(config-if)#no cdp enable
Press RETURN to get started
:roll:
:roll:
Comments
-
Dieg0M Member Posts: 861IGRP , from what year are these "best practices"?Follow my CCDE journey at www.routingnull0.com
-
Iristheangel Mod Posts: 4,133 ModThe IGRP one made me chuckle a little too.
I would say that best practices should always include security if you can. Avoid telnet if you can and if you have to go that route, then create a local account and put login local under con and vty lines or use AAA.
Same with the enable password. Just stick with enable secret.
Don't even mention RIP. If I was making a **** sheet for newer engineers, I wouldn't want them thinking they have the option of using RIP. I would want them to forget they ever heard of RIP or IGRP.
Might as well throw in EIGRP, OSPF, and BGP. I'd also mention that EIGRP performs auto-summarization and how to disable that. OSPF and areas. How to manually summarize for EIGRP and OSPF. Different stub types. How to perform secure authentication between IGPs. The basics of eBGP and iBGP, attributes, route filtering, etc. Redistribution basics. For legal purposes, how to configure banners on your equipment. Setting NTP, logging, SNMP traps, Netflow, DHCP, DNS, VTP transparent, NBAR, SVIs, Radius vs TACACS, DHCP snooping, IGMP snooping, STP, commonly used macros, Energywise, VLANs, etc. -
networker050184 Mod Posts: 11,962 ModI think what you are looking for is something like the IOS Cookbook.An expert is a man who has made all the mistakes which can be made.
-
fredrikjj Member Posts: 879Have the intern plug in the switch and leave the rest to the controller.
The future is now.