Basic Cisco Configuration

Following is a list of the most common Cisco device configuration commands that I am using when setting up a router or switch from scratch, such as hostname, username, logging, vty access, ntp, snmp, syslog. For a router I am also listing some basic layer 3 interface commands, while for a switch I am listing STP and VTP examples as well as the interface settings for access and trunk ports.

This is not a detailed best practice list which can be used completely without thinking about it, but a list with the most common configurations from which to pick out the once required for the current scenario. Kind of a template. Of course with IPv6 and legacy IP.

Please note that this is not a complete security guide either. It’s a quick reference for a basic/functional device configuration. I am not listing any specific security commands in here such as denying all IPv6 extension headers, DHCP snooping or ARP inspection, etc. However, I am using strong crypto, only ssh with ACLs for the vty lines, and so on.

Also note that not all commands are implemented in all IOS versions. For example, the security passwords min-length 12  works on a Cisco router w/ IOS 15.1(4)M9 but not on a Cisco switch 15.0(2)SE9. Refer to the well-known Cisco Feature Navigator for all details.

Please leave a comment if you’re missing something important.

Basic System (Router & Switch)

The basic for all Cisco devices, regardless of router or switch:

 

Router Specific

Basic routing and layer 3 (sub-) interfaces:

 

Switch Specific

Default gateway/routes, STP, VTP, and layer 2 interfaces (access and trunk):

 

Clear Config

In order to clear the complete config of a Cisco device you can use the following two commands to delete the startup-config as well as the vlan database (only if VTP is used):

 

SSH Ciphers

To reach a Cisco device with an up-to-date OpenSSH client from Linux you must specify the outdated ciphers such as:

Otherwise you won’t be able to use SSH such as here (shell output from Ubuntu Linux):

While the error log on the Cisco device looks like:

 

Featured image: “Wiese…” by Fotos_von_Carlos is licensed under CC BY-NC-ND 2.0.

One thought on “Basic Cisco Configuration

  1. Great overview, thanks. Generally we use the same config and only a few settings vary. Additionaly we use these settings:

    no service dhcp
    logging buffered 50000
    no logging console
    ip ssh logging events
    ip ssh dh min size 2048

Leave a Reply

Your email address will not be published. Required fields are marked *