10
2008
Cisco basic configuration
An article by 
There are some “standards” steps used for basic configuration on your Cisco router/switch:
- Define the hostname
- Assign the privileged level
- Secure console port
- Secure VTY lines
- Encrypt the passwords
Define hostname
It is very useful define the name of your Cisco switch/router. To do it:
Enable administrative privilege
Router>en
Enter the configuration mode:
Router#configure terminalDefine the hostname (the name router is changed to Ciscozine)
Router(config)#hostname Ciscozine
Ciscozine(config)#
Assign the privileged level secret
The enable secret password allows you to enter enable mode (sometimes referred to as privileged mode or privileged-EXEC mode). To set a secret password:
Enable administrative privilege
Ciscozine>en
Enter the configuration mode:
Ciscozine#configure terminal
Define the privileged-EXEC mode password; remember to use a strong password (combine letters, numbers, nd symbols). The enable secret command uses a one-way encryption hash based on Message Digest 5 (MD5)
Ciscozine(config)#enable secret C1sc0z$n3
Secure console port
For security reasons, you must define a console password:
Enable administrative privilege
Ciscozine>en
Enter the configuration mode:
Ciscozine#configure terminalEnter in the console configuration
Ciscozine(config)#line console 0Define your console password
Ciscozine(config-line)#password g4S$%A2Enable the password defined
Ciscozine(config-line)#loginUse the “logging synchronous” command, so the messages appear only after you press Return
Ciscozine(config-line)#logging synchronous
Secure VTY lines
For security reasons, you must define a vty line password. The vty lines defines the password needed for a remote access (telnet, ssh, …)
Enable administrative privilege
Ciscozine>en
Enter the configuration mode:
Ciscozine#configure terminalEnter the vty line configuration. The “0 4″ define the “first last” line number; in this case there are 5 allowed sessions.
Ciscozine(config)#line vty 0 4Define your vty lines password
Ciscozine(config-line)#password g%S$%Aa3Enable the password
Ciscozine(config-line)#loginUse the “logging synchronous” command, so the messages appear only after you press Return
Ciscozine(config-line)#logging synchronous
Encrypt the passwords
Before you type the encrypt password command, the passwords stored in the running-config are not encrypted. To “encrypt” it:
Enable administrative privilege
Ciscozine>en
Enter the configuration mode:
Ciscozine#configure terminalThe actual encryption process occurs when the current configuration is written or when a password is configured. Password encryption (it uses Vigenere algorithm) is applied to all passwords, including username passwords, authentication key passwords, the privileged command password, console and virtual terminal line access passwords, and Border Gateway Protocol neighbor passwords. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.
Ciscozine(config)#service password-encryption
REMEMBER:The Vigenere algorithm is used to obfuscate the passwords (not really encrypt them as there is no encryption key) in order to prevent “shoulder surfing” from exposing passwords to someone who briefly looks at a running configuration. If, however, someone gets hold of the configuration they can easily retrieve the passwords using the reverse translation of the Vigenere algorithm.
You could check your current configuration with the command “show running-config”.
Ciscozine#show running-config
Building configuration...
Current configuration : 782 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Ciscozine
!
enable secret 5 $1$8PBD$5nv39GC91koQbOcxfVFIe/
!
memory-size iomem 15
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
!
!
voice call carrier capacity active
!
!
!
!
!
!
!
!
!
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip classless
ip http server
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
password 7 1410463848410B79
logging synchronous
login
line aux 0
line vty 0 4
password 7 130252214F49252B78
login
!
!
end
Ciscozine#
This is the basic configuration and… remember to save the configuration with:
Ciscozine#copy running-config startup-config
or
Ciscozine#write
1 Comment + Add Comment
Leave a comment
Archives
- February 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
[...] For the basic configuration read this article. [...]