When it comes to configuring a new Cisco router, much of the
configuration depends on what type of router it is as well as the purpose it
will serve. However, there are certain things you should configure on every new Cisco router.
Hasn’t there been a command that you wished Cisco would make
standard on every router? Every administrator has his or her own list of
commands they use to configure a router “just right.”
Here’s my list of 10 commands that I think you should
configure on every router (in no particular order). After you read through
them, post your own favorites in this article’s discussion.
Configure a login account on the router, and use it on lines
I highly recommend configuring a real username and password
account on routers and switches. By doing so, that means someone needs both a
password and a username to gain
In addition, I recommend using a secret password for the
username—not just a regular password. This encrypts the password with strong
MD5 encryption and enhances security.
Here’s an example:
Router(config)# username root secret My$Password
After you’ve configured the username, you must enable the
lines to use that name. Here’s an example:
Router(config)# line con 0 Router(config-line)# login local Router(config)# line aux 0 Router(config-line)# login local Router(config)# line vty 0 4 Router(config-line)# login local
Set a hostname on your router
The default hostname on a router is—you guessed it—router. You can leave this default, and
the router will still work. However, it only makes sense to rename the router
to something that will uniquely identify it. Here’s an example:
Router(config)# hostname Router-Branch-23
In addition, you can configure a domain name on the router
so it knows which DNS domain it’s in. Here’s an example:
Router-Branch-23(config)# ip domain name TechRepublic.com
Set a password to enter Privileged Mode
When it comes to setting a password to enter Privileged Mode,
many people think of using the enable
password command. However, instead of using this command, I highly
the enable secret command instead.
This command encrypts the password with strong MD5 encryption
so the prompt won’t display it in clear text.
Here’s an example:
Router(config)# enable secret My$Password
Encrypt router passwords
Cisco routers don’t encrypt passwords
in their configuration by default. However, you can easily change this. Here’s
Router(config)# service password-encryption
Disable the Web server
Cisco routers also enable the Web server by default, which
is a security risk. If you aren’t going to use it, it’s better to just turn it
off. Here’s an example:
Router(config)# no ip http server
Configure DNS, or disable DNS lookup
Let’s talk about one of my personal pet peeves about Cisco
routers: By default, if you mistype a command in Privileged Mode, the router thinks
you’re trying to Telnet to a remote host. So it performs a DNS lookup on what
If you haven’t configured DNS on the router, the command
prompt will hang until the DNS lookup fails. For that reason, I recommend one
of two approaches.
One option is to disable DNS. Here’s how:
Router(config)# no ip domain-lookup
Or, you can configure DNS properly to go to a real DNS
server. Here’s an example:
Router(config)# ip name-server 1.11.1
Configure command aliases
Many network administrators have standard router
command shortcuts (i.e., aliases) that they configure on every router.
Here’s an example:
Router(config)# alias exec s sh run
This means you can now enter s rather than typing the entire show
Set the router’s clock, or configure an NTP server
Most Cisco devices don’t have an internal clock. When they
boot up, they don’t know what time it is. Even if you set the time, the router
won’t retain the information if you turn it off or reload it.
First, however, set your time zone and Daylight Saving Time.
Here’s an example:
Router(config)# clock timezone CST -6 Router(config)# clock summer-time CDT recurring
Then, to ensure a router’s event messages display the right
time, either set the clock on the router, or configure an NTP
server. Here’s an example of setting the clock:
Router# clock set 10:54:00 Oct 5 2005
If you already have an NTP server on your network (or the
router has access to the Internet), you can instruct the router to use that as
the time source. This is your best option—when the router boots, it will always
set the clock by the NTP server. Here’s an example:
Router(config)# ntp server 220.127.116.11
Stop logging messages from interrupting your configuration
Another personal Cisco IOS annoyance I have is when I’m
configuring the router, and console messages just pop up on the line (which could
be a console, auxiliary, or VTY port). To prevent this, you have some options.
If you’re on the console, you can either disable console
logging with the global configuration no
logging console command. Or, you can synchronize the logging messages with
your command prompt. (I personally prefer the latter—I want to see what’s going
on with the router.)
So, on every line, I use the logging synchronous command. Here’s an example:
Router(config)# line con 0 Router(config-line)# logging synchronous Router(config)# line aux 0 Router(config-line)# logging synchronous Router(config)# line vty 0 4 Router(config-line)# logging synchronous
In addition, you can change the exec-timeout on these
interfaces while you’re at it. For example, let’s say you want to disable the
default 10-minute timeout on the VTY lines. To do so, use the exec-timeout 0 0 command when in Line Configuration
Mode. This keeps the router from disconnecting after 10 minutes of inactivity.
Log system messages to the router’s buffer or a syslog server
Capturing errors and events on a router and monitoring the
console can be critical to problem-solving. By default, the router doesn’t send
buffered logging of its events to the router’s memory.
However, you can configure the router to send buffered logging
of its events to the memory. Here’s an example:
Router(config)# logging buffered 16384
You could also send the router’s events to a syslog server. Since
it’s external to the router, there’s an added benefit: It preserves events even
if the router loses power.
Miss a column?
Check out the Cisco Routers and Switches
Archive, and catch up on David Davis’ most recent columns.
Want to learn more
about router and switch management? Automatically
sign up for our free Cisco Routers and Switches newsletter, delivered each
David Davis has worked
in the IT industry for 12 years and holds several certifications, including
CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of
systems/network administrators for a privately owned retail company and
performs networking/systems consulting on a part-time basis.