Let's jump straight in.

Damn table of contents bar makes this look goofy…

The hostname makes the device easy to identify, especially in large network diagrams.

Starting from User EXEC mode (Switch>) issue enable to enter Privileged EXEC mode followed by configure terminal to enter Global Config mode. Set your hostname with hostname YourNameHere.

Voila!

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname TheBigOne
TheBigOne(config)#

From this point forward shortened commands will be used. They're standard practice, so get used to seeing them.

The first (not so secure) way to do this is with the enable password PASSWORD command. While this command does set a password on our Privileged EXEC, it does so in clear text. The command and the password you supplied are clearly visible in the output of show run. Running service password-encryption from Global Config mode will perform basic obfuscation on all^? clear-text passwords configured on the device.

TheBigOne>en
TheBigOne#conf t
TheBigOne(config)#enable password cisco

The preferred method is to use the enable secret PASSWORD command. The difference between using secret and password is that secret encrypts the password immediately. In the event that enable password AND enable secret are both configured on the device, the password supplied with enable secret will supercede the password supplied with enable password.

TheBigOne>en
TheBigOne#conf t
TheBigOne(config)#enable secret cisco

Sets a 'Message of the Day' banner.

Configure with the banner motd %Your message goes here!!!% command. A thing to note with this command is the first and last characters after motd are delimiting characters. In the example I used the % character. Your banner will begin and end with that same character.

TheBigOne>en
TheBigOne#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
TheBigOne(config)#banner motd %Surely this is a very important message. BE SURE TO READ!!!%
                              ^                                                           ^


**** logging into the device after the banner is set ****


Surely this is a very important message. BE SURE TO READ!!!

TheBigOne>

Remote administration is popular, allowing users from abroad to make changes when needed without having to gain console access with a rollover cable. Remote access is done with either Telnet (NOT SECURE) or SSH. We not only need to configure the device to accept Telnet or SSH traffic, we also need to give the switch an IP address from which to transmit and receive said traffic.


IP Address on interface VLAN 1:

Switch>en
Switch#conf t
Switch(config)#int vlan 1
Switch(config-if)#ip address 1.1.1.1 255.255.255.0
Switch(config-if)#no shut
%LINK-5-CHANGED: Interface Vlan1, changed state to up

Telnet:

If you don't set a password on Privileged EXEC you'll be stuck in User EXEC mode (ewww).

Things to note:

• login command requires remote user to authenticate with the password set on the vty console.
• If login is not set, the user gets free access to the device.
• Telnet transmits in clear text. Use only when you have nothing to lose (home labs and such).

Switch#en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#enable secret cisco
Switch(config)#line vty 0 15
Switch(config-line)#password telnet

SSH:

A few more steps involved:

• Create a user on the device with username
• On vty lines: set login to use local username / password with login local
  • This option bypasses the password set under the vty lines with the username's password.
• Set a domain name: (required to generate RSA keys used for SSH security): ip domain-name example.com
• Generate RSA keys: crypto key generate rsa

MySwitch(config)#username caborym secret cats
MySwitch(config)#line vty 0 15
MySwitch(config-line)#login local 
MySwitch(config-line)#exit
MySwitch(config)#ip domain-name example.com
MySwitch(config)#crypto key generate rsa 
The name for the keys will be: MySwitch.example.com
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 0:29:49.189:  RSA key size needs to be at least 768 bits for ssh version 2
*Mar 1 0:29:49.189:  %SSH-5-ENABLED: SSH 1.5 has been enabled 

Speed and Duplex are auto-negotiated by default. These commands also work on routers. Manually configure them with:

Switch(config-if)#speed ?
  10    Force 10 Mbps operation
  100   Force 100 Mbps operation
  auto  Enable AUTO speed configuration
  
Switch(config-if)#duplex ?
  auto  Enable AUTO duplex configuration
  full  Force full duplex operation
  half  Force half-duplex operation

Re-enable auto-negotiation by removing the configured speed/duplex:

Switch(config-if)#no duplex
Switch(config-if)#no speed