Table of Contents

Initial Switch Configuration

Let's jump straight in.

Damn table of contents bar makes this look goofy…

Setting Hostname


The hostname makes the device easy to identify, especially in large network diagrams.

Starting from User EXEC mode (Switch>) issue enable to enter Privileged EXEC mode followed by configure terminal to enter Global Config mode. Set your hostname with hostname YourNameHere.

Voila!

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname TheBigOne
TheBigOne(config)#

From this point forward shortened commands will be used. They're standard practice, so get used to seeing them.

Passwording Privileged EXEC


The first (not so secure) way to do this is with the enable password PASSWORD command. While this command does set a password on our Privileged EXEC, it does so in clear text. The command and the password you supplied are clearly visible in the output of show run. Running service password-encryption from Global Config mode will perform basic obfuscation on all? clear-text passwords configured on the device.

TheBigOne>en
TheBigOne#conf t
TheBigOne(config)#enable password cisco

The preferred method is to use the enable secret PASSWORD command. The difference between using secret and password is that secret encrypts the password immediately. In the event that enable password AND enable secret are both configured on the device, the password supplied with enable secret will supercede the password supplied with enable password.

TheBigOne>en
TheBigOne#conf t
TheBigOne(config)#enable secret cisco

MOTD Banner


Sets a 'Message of the Day' banner.

Configure with the banner motd %Your message goes here!!!% command. A thing to note with this command is the first and last characters after motd are delimiting characters. In the example I used the % character. Your banner will begin and end with that same character.

TheBigOne>en
TheBigOne#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
TheBigOne(config)#banner motd %Surely this is a very important message. BE SURE TO READ!!!%
                              ^                                                           ^


**** logging into the device after the banner is set ****


Surely this is a very important message. BE SURE TO READ!!!

TheBigOne>

Telnet / SSH and Configuring an IP Address


Remote administration is popular, allowing users from abroad to make changes when needed without having to gain console access with a rollover cable. Remote access is done with either Telnet (NOT SECURE) or SSH. We not only need to configure the device to accept Telnet or SSH traffic, we also need to give the switch an IP address from which to transmit and receive said traffic.


IP Address on interface VLAN 1:

Switch>en
Switch#conf t
Switch(config)#int vlan 1
Switch(config-if)#ip address 1.1.1.1 255.255.255.0
Switch(config-if)#no shut
%LINK-5-CHANGED: Interface Vlan1, changed state to up

Telnet:

If you don't set a password on Privileged EXEC you'll be stuck in User EXEC mode (ewww).

Things to note:

Switch#en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#enable secret cisco
Switch(config)#line vty 0 15
Switch(config-line)#password telnet

SSH:

A few more steps involved:

MySwitch(config)#username caborym secret cats
MySwitch(config)#line vty 0 15
MySwitch(config-line)#login local 
MySwitch(config-line)#exit
MySwitch(config)#ip domain-name example.com
MySwitch(config)#crypto key generate rsa 
The name for the keys will be: MySwitch.example.com
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 0:29:49.189:  RSA key size needs to be at least 768 bits for ssh version 2
*Mar 1 0:29:49.189:  %SSH-5-ENABLED: SSH 1.5 has been enabled 

Speed / Duplex


Speed and Duplex are auto-negotiated by default. These commands also work on routers. Manually configure them with:

Switch(config-if)#speed ?
  10    Force 10 Mbps operation
  100   Force 100 Mbps operation
  auto  Enable AUTO speed configuration
  
Switch(config-if)#duplex ?
  auto  Enable AUTO duplex configuration
  full  Force full duplex operation
  half  Force half-duplex operation

Re-enable auto-negotiation by removing the configured speed/duplex:

Switch(config-if)#no duplex
Switch(config-if)#no speed