Let's jump straight in.
Damn table of contents bar makes this look goofy…
The hostname makes the device easy to identify, especially in large network diagrams.
Starting from User EXEC mode (Switch>
) issue enable
to enter Privileged EXEC mode followed by configure terminal
to enter Global Config mode. Set your hostname with hostname YourNameHere
.
Voila!
Switch>enable Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname TheBigOne TheBigOne(config)#
From this point forward shortened commands will be used. They're standard practice, so get used to seeing them.
The first (not so secure) way to do this is with the enable password PASSWORD
command. While this command does set a password on our Privileged EXEC, it does so in clear text. The command and the password you supplied are clearly visible in the output of show run
. Running service password-encryption
from Global Config mode will perform basic obfuscation on all? clear-text passwords configured on the device.
TheBigOne>en TheBigOne#conf t TheBigOne(config)#enable password cisco
The preferred method is to use the enable secret PASSWORD
command. The difference between using secret
and password
is that secret encrypts the password immediately. In the event that enable password
AND enable secret
are both configured on the device, the password supplied with enable secret
will supercede the password supplied with enable password
.
TheBigOne>en TheBigOne#conf t TheBigOne(config)#enable secret cisco
Sets a 'Message of the Day' banner.
Configure with the banner motd %Your message goes here!!!%
command. A thing to note with this command is the first and last characters after motd
are delimiting characters. In the example I used the %
character. Your banner will begin and end with that same character.
TheBigOne>en TheBigOne#conf t Enter configuration commands, one per line. End with CNTL/Z. TheBigOne(config)#banner motd %Surely this is a very important message. BE SURE TO READ!!!% ^ ^ **** logging into the device after the banner is set **** Surely this is a very important message. BE SURE TO READ!!! TheBigOne>
Remote administration is popular, allowing users from abroad to make changes when needed without having to gain console access with a rollover cable. Remote access is done with either Telnet (NOT SECURE) or SSH. We not only need to configure the device to accept Telnet or SSH traffic, we also need to give the switch an IP address from which to transmit and receive said traffic.
IP Address on interface VLAN 1:
Switch>en Switch#conf t Switch(config)#int vlan 1 Switch(config-if)#ip address 1.1.1.1 255.255.255.0 Switch(config-if)#no shut %LINK-5-CHANGED: Interface Vlan1, changed state to up
Telnet:
If you don't set a password on Privileged EXEC you'll be stuck in User EXEC mode (ewww).
Things to note:
login
command requires remote user to authenticate with the password set on the vty console.login
is not set, the user gets free access to the device.Switch#en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#enable secret cisco Switch(config)#line vty 0 15 Switch(config-line)#password telnet
SSH:
A few more steps involved:
username
login local
ip domain-name example.com
crypto key generate rsa
MySwitch(config)#username caborym secret cats MySwitch(config)#line vty 0 15 MySwitch(config-line)#login local MySwitch(config-line)#exit MySwitch(config)#ip domain-name example.com MySwitch(config)#crypto key generate rsa The name for the keys will be: MySwitch.example.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: % Generating 512 bit RSA keys, keys will be non-exportable...[OK] *Mar 1 0:29:49.189: RSA key size needs to be at least 768 bits for ssh version 2 *Mar 1 0:29:49.189: %SSH-5-ENABLED: SSH 1.5 has been enabled
Speed and Duplex are auto-negotiated by default. These commands also work on routers. Manually configure them with:
Switch(config-if)#speed ? 10 Force 10 Mbps operation 100 Force 100 Mbps operation auto Enable AUTO speed configuration Switch(config-if)#duplex ? auto Enable AUTO duplex configuration full Force full duplex operation half Force half-duplex operation
Re-enable auto-negotiation by removing the configured speed/duplex:
Switch(config-if)#no duplex Switch(config-if)#no speed