The Best Base Configuration For A New Cisco Device.

Whenever you have to setup and deploy a new network one of the first items on your list may be to purchase a cisco router or switch from a local networking equipment store or from an online store such as AMAZON. Once you have that router / switch the next question that comes to mind is “I HAVE THE NEW ROUTER, WHAT DO I DO?” The first step we recommend is to do a base configuration on the router / switch where you do things like setting a hostname, IP addresses, adding users, passwords and enabling SSH access  for remote management of the router. Continue reading this tutorial to learn how to do these things and more.

Requirements.

In order to complete this tutorial successfully the following items are required. Please ensure to have these items available before taking implementation action on this tutorial :
1) A desktop or laptop running Windows 10, MacOS or Linux.
2) Putty SSH and TELNET client app.
3) A Cisco Router or Switch (minimum: Cisco 1800 series router or cisco catalyst 2960)
4) A serial console cable or USB cable for connecting to the console port on the Cisco router / switch.

Overview

1) Download, Install And Open PUTTY then connect to the command line interface of the cisco device using  a console USB or serial cable.
2) Set a hostname and banner message for the cisco network device.
3) Set a password for line console interface and line VTY interface.
4) Set a password to protect the transition between user mode and priviledged mode.

Step One: Open Putty And Connect To The Cisco IOS Command Line Interface.

1) Click HERE to down the PUTTY SSH and TELNET application on to your computer. Once its downloaded, open the download folder and INSTALL putty on your PC. 

2) If you are using a computer that’s running Linux Ubuntu, open the Ubuntu Terminal application using the “CNTRL + ALT + T” keyboard shortcut.

Run the following commands:
i) sudo apt-get update
ii) sudo apt-get install -y putty

To launch putty simply type “PUTTY” on the command line interface and press “ENTER”

3) The first step is to check the COM PORT that can be used to gain access to the Cisco IOS command line interface. On windows 10 press the “WINDOWS KEY + RUN” to open the RUN application. Type in “devmgmt.msc”on the text input box and press “OK”

Alternatively, simply open the Windows 10 file explorer, right click on THIS PC and select PROPERTIES and click on DEVICE MANAGER.

This will open the DEVICE MANAGER for your computer. Expand on the PORTS section and you will see the COM PORT number that can be used to connect the the Cisco IOS CLI.

 

4) Open the PUTTY SSH client installed on your computer and click on “SESSION”. Click on the “SERIAL” radio button and type in the COM PORT number on the “SERIAL LINE” text input box. Ensure that the speed is set to 9600 and click on “OPEN”

5) Power on the CISCO router / switch and you start seeing terminal output showing system bootup information. Simply wait for the cisco router to finish decompressing and loading the Cisco IOS image into memory.

5) Once the Cisco router / switch boot process completes, if the router is brand new or if its configuration was erased before you purchased it, you will be asked if you “WOULD LIKE TO ENTER INITIAL CONFIGURATION DIALOG”.  Simply type “NO” and press ENTER.

Step Two: Set A Hostname And Banner Motd.

6) The first step is to give the switch / router a host name that can be used to easily identify it in your network. To do this type “ENABLE” to enter into priviledged mode and type “CONFIGURE TERMINAL” to enter into the global configuration mode. To set the host name type “hostname yourrouterhostname

7) Proceed by adding a banner message of the day “BANNER MOTD” which can be very usefull when you need to display a notice, company policies or terms of usage for the router / switch.

Type in the following command:

i) banner # your banner message of the day (MOTD) goes here #.

Notice the hash (#) placed in between the banner message. Those are delimiting characters that tell the banner command where the message starts and ends.

An example of a notice that you can place on the banner message of the day is as follows:

“This device belongs to OURCOMPANY and is for authorized personell only. If you have not been provided with sufficient permission to access this device –  please disconnect at once!”

Step Three: Set A Password For The Line Console Port And Line VTY Port.

8) The next step is to set a password for line console port, represented by line console 0. This will has the effect of adding an extra layer of security by requesting anyone who connects to line console 0 to type in a password to gain access.

Type the following commands to set a password for line console 0

a) enable
b) configure terminal
c) line console 0
d) password yourpasswordhere
e) service password-encryption
f) login

9) Set a password for line vty 0 4 which are used as ports for remotely connecting into a cisco router / switch using TELNET or SSH. By default a cisco router will not permit a TELNET or SSH connection as long as if a password has not been set.

To set a password go back into global config mode and run the following commands:

a) line vty 0 4
b) enable password yourpasswordhere.
e) service password-encryption
d) login

What the commands above do is to set a password for VTY ports 0 to 4. You may choose to set a different password for each VTY port however for easy remote access you can just set the same password on all the VTY ports.

Step Four: Protect The Transition Between Usermode And Priviledged Mode, Enable Synchronous Logging.

10) When you exit out of global config mode, notice how Cisco IOS print out the message ” CONFIGURED FROM CONSOLE BY CONSOLE” this can be a problem as this can disrupt commands whilst you are typing them. 

A fix for this would be to enable synchronous logging so as to ensure that you do not get interrupted by Cisco IOS message logs whilst typing commands. go into global config mode and run the following commands: 

a) line console 0

b) logging synchronous  

11) Next, set a password to protect the transition between usermode and priviledged mode by running the following commads:

a) enable

b) configure terminal

c) enable secret yourprotectionpassword.

Step Five: Set IP addresses For Network Interfaces.

12) Proceed by setting IP addresses for the network interfaces on the router. To do this go into global config mode and run the following command:

a) do show ip interface brief

This command will show you the available interfaces on the router / switch. If you are setting up a router for use on a network, decide on which interface to use for your LAN and WAN. You may need to request for IP ADDRESS details to configure on the WAN interface from your internet service / access provider.

13) Once you have sufficient information set IP addresses for the interfaces by running the following commands in global config mode:

a) interface g0/0  – this command selects the gigabit ethernet 0/0 interface.

b) ip address 192.168.10.254 255.255.255.0

c) no shutdown

The above commands instruct the router to set an IP address of 192.168.10.254 and a subnet mask of 255.255.255.0. 

Every interface on a cisco router is shutdown and prevent it from having any network activity before it has been configured. The no shutdown command brings the interface from a state of being administratively down to down so that when a network cable is connected, the interface will be enabled and ready to work.

Step Six: Configure SSH Remote Access.

14)