We are always adding to, and updating the technical "how to's" contained here. 

When it comes to configuring a new Cisco router, much of the configuration depends on what type of router it is as well as the purpose it will serve. However, there are certain things you should configure on every new Cisco router. Hasn't there been a command that you wished Cisco would make standard on every router? Every administrator has his or her own list of commands they use to configure a router "just right." 

Here's a list of 10 commands that I think you should configure on every router (in no particular order).

 

Configure a login account on the router, and use it on lines

I highly recommend configuring a real username and password account on routers and switches. By doing so, that means someone needs both a password and a username to gain access. In addition, I recommend using a secret password for the username not just a regular password. This encrypts the password with strong MD5 encryption and enhances security.

Here's an example:

Router(config)# username root secret My$Password
 
After you've configured the username, you must enable the lines to use that name. Here's an example:

Router(config)# line con 0
Router(config-line)# login local
Router(config)# line aux 0
Router(config-line)# login local
Router(config)# line vty 0 4
Router(config-line)# login local 

Set a hostname on your router

The default hostname on a router is - you guessed it - router. You can leave this default, and the router will still work. However, it only makes sense to rename the router to something that will uniquely identify it. Here's an example:

Router(config)# hostname cell_pe01

In addition, you can configure a domain name on the router so it knows which DNS domain it's in. Here's an example:

cell_pe01(config)# ip domain name cellstream.com 

Encrypt router passwords

Cisco routers don't encrypt passwords in their configuration by default. However, you can easily change this. Here's an example:

Router(config)# service password-encryption 

Set a password to enter Privileged Mode

When it comes to setting a password to enter Privileged Mode, many people think of using the enable password command. However, instead of using this command, I highly recommend using the enable secret command instead.

This command encrypts the password with strong MD5 encryption so the prompt won't display it in clear text. Here's an example:

Router(config)# enable secret My$Password 

Disable the Web server

Cisco routers also enable the Web server by default, which is a security risk. If you aren't going to use it, it's better to just turn it off. Here's an example:

Router(config)# no ip http server 

Configure command aliases

Many network administrators have standard router command shortcuts (i.e., aliases) that they configure on every router. Here's an example:

Router(config)# alias exec s sh run

This means you can now enter s rather than typing the entire show running-configuration command. 

Configure DNS, or disable DNS lookup

Let's talk about one of my personal pet peeves about Cisco routers: By default, if you mistype a command in Privileged Mode, the router thinks you're trying to Telnet to a remote host. So it performs a DNS lookup on what you entered.

If you haven't configured DNS on the router, the command prompt will hang until the DNS lookup fails. For that reason, I recommend one of two approaches.

One option is to disable DNS. Here's how:

Router(config)# no ip domain-lookup

Or, you can configure DNS properly to go to a real DNS server. Here's an example:

Router(config)# ip name-server 1.1.1.1 

Set the router's clock, or configure an NTP server

Most Cisco devices don't have an internal clock. When they boot up, they don't know what time it is. Even if you set the time, the router won't retain the information if you turn it off or reload it. First, however, set your time zone and Daylight Saving Time. Here's an example:

Router(config)# clock timezone CST -6
Router(config)# clock summer-time CDT recurring

Then, to ensure a router's event messages display the right time, either set the clock on the router, or configure an NTP server. Here's an example of setting the clock:

Router# clock set 10:54:00 Oct 5 2005

If you already have an NTP server on your network (or the router has access to the Internet), you can instruct the router to use that as the time source. This is your best option when the router boots, it will always set the clock by the NTP server. Here's an example:

Router(config)# ntp server 132.163.4.101 

Stop logging messages from interrupting your configuration

Another personal Cisco IOS annoyance I have is when I'm configuring the router, and console messages just pop up on the line (which could be a console, auxiliary, or VTY port). To prevent this, you have some options.

If you're on the console, you can either disable console logging with the global configuration no logging console command. Or, you can synchronize the logging messages with your command prompt.

So, on every line, I use the logging synchronous command. Here's an example:

Router(config)# line con 0
Router(config-line)# logging synchronous
Router(config)# line aux 0
Router(config-line)# logging synchronous
Router(config)# line vty 0 4
Router(config-line)# logging synchronous

In addition, you can change the exec-timeout on these interfaces while you're at it. For example, let's say you want to disable the default 10-minute timeout on the VTY lines. To do so, use the exec-timeout 0 0 command when in Line Configuration Mode. This keeps the router from disconnecting after 10 minutes of inactivity.

Log system messages to the router's buffer or a syslog server

Capturing errors and events on a router and monitoring the console can be critical to problem-solving. By default, the router doesn't send buffered logging of its events to the router's memory.

However, you can configure the router to send buffered logging of its events to the memory. Here's an example:

Router(config)# logging buffered 16384

You could also send the router's events to a syslog server. Since it's external to the router, there's an added benefit: It preserves events even if the router loses power. 

Comments powered by CComment

Did you learn something?
Did I save you time? 

Buy me a coffeeBuy me a coffee!