Configuration commands for Cisco routers

Source: Internet
Author: User
Tags aliases config log md5 md5 encryption system log web services

When it comes to configuring a new Cisco router, most configurations depend on the type of router and the purpose it will serve. However, each administrator has its own "correct" configuration for each router's list of commands. The author will share with you the list of 10 commands that he has configured the router for himself.

When it comes to configuring a new Cisco router, most configurations depend on the type of router and the purpose it will serve. However, there are a few things you should configure on each of the new Cisco routers.

What is the standard for a command you want Cisco to use on every router? Each administrator has its own "correct" configuration for each router's command.

This is the list of 10 commands that I think you should configure on each router (no particular order).

Configure a login account on the router

I strongly recommend that you configure a real username and password account on the router and switch. Doing so means that you need a user and password to gain access.

In addition, I recommend using a secret password for the username, not just a regular password. It uses the MD5 encryption method to encrypt passwords and greatly improves security. Examples are as follows:

Router (config) # username root Secret My$password

After you configure the user name, you must enable the port that uses the user name. Examples are as follows:

Router (config) # line con 0

Router (config-line) # Login Local

Router (config) # line aux 0

Router (config-line) # Login Local

Router (config) # line vty 0 4

Router (config-line) # Login Local
Set a host name on the router

I guess the default host name on the router is router. You can keep this default value and the router will work as well. However, it makes sense to rename the router and uniquely identify it. Examples are as follows:

Router (config) # hostname router-branch-23

In addition, you can configure a domain name on the router so that it knows which DNS domain it is in. Examples are as follows:

router-branch-23 (config) # IP domain name techrepublic.com

To set a password for access to privileged mode

When it comes to setting passwords into privileged mode, many people think of using the Enable password command. However, instead of using this command, I strongly recommend using the Enable secret command.

This command encrypts the password using the MD5 encryption method, so the prompt is not displayed in clear text. Examples are as follows:

Router (config) # enable secret My$password

Encrypt router password

Cisco routers do not encrypt passwords in the configuration by default. However, you can easily change that. Examples are as follows:

Router (config) # service password-encryption

disabling Web Services

Cisco routers also enable Web services by default, which is a security risk. If you're not going to use it, it's best to turn it off. Examples are as follows:

Router (config) # no IP HTTP Server

Configure DNS, or disable DNS lookup

Let's talk about one of the little things I personally think about Cisco routers: By default, if you mistakenly enter a command in privileged mode, the router thinks you are trying to telnet to a remote host. However, it performs a DNS lookup on what you enter.
If you do not configure DNS on the router, the command prompt hangs until the DNS lookup fails. For this reason, I recommend using one of the following two methods.

One option is to disable DNS. The procedure is:

Router (config) # no IP domain-lookup

Alternatively, you can configure DNS correctly to point to a real DNS server.

Router (config) # IP name-server

Configuring command aliases

Many network administrators know that the initials (that is, aliases) of the commands are configured on the router. Examples are as follows:

Router (config) # alias exec s SH run

This means that you can now enter s without having to enter the full show running-configuration command.

Set up a router clock, or configure an NTP server

Most Cisco devices do not have an internal clock. When they start, they don't know how much time. Even if you set the time, if you turn the router off or reboot, it will not retain the information.

First set your time zone and daylight savings. Examples are as follows:

Router (config) # clock timezone CST-6

Router (config) # clock summer-time CDT recurring

Then, to ensure that the router's event messages display the correct time, set the router's clock, or configure an NTP server. Examples of setting clocks are as follows:

router# Clock Set 10:54:00 Oct 5 2005
If you already have an NTP server (or a router that can access the Internet) on your network, you can command the router to use it as a time source. This is your best bet when the router starts, it sets the clock through the NTP server. Examples are as follows:

Router (config) # NTP server 132.163.4.101

Do not let log messages disturb your configuration process

Another thing I think about Cisco iOS is that when I configure a router, the console interface pops up log messages (possibly console port, aux port, or vty port). To prevent this, you can do so.

So on every port line, I use the Log Sync command. Examples are as follows:

Router (config) # line con 0

Router (config-line) # Logging Synchronous

Router (config) # line aux 0

Router (config-line) # Logging Synchronous

Router (config) # line vty 0 4

Router (config-line) # Logging Synchronous

In addition, you can modify the execution timeout for these ports on the port. For example, let's say you want to disable the default 10-minute timeout on the vty line. Use the exec-timeout 0 0 command in line configuration mode to make the router never quit.

Log system messages in the router buffer or the System log server

Capturing router errors and events and monitoring the console is the key to solving the problem. By default, routers do not send buffered event records to the router's memory. Www.xker.com (new passenger network)

However, you can configure the router to send buffered event records to memory. Examples are as follows:

Router (config) # logging buffered 16384

You can also send router events to a system log server. Because the server is outside the router, there is an additional advantage: The event record is preserved even if the router loses power.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.