Cisco administration 101: Learn 10 commands to configure on a new router

When it comes to configuring a new Cisco router, much of the configuration depends on what type of router it is as well as the purpose it will serve. However, every administrator has his or her own list of commands they use to configure every router "just right." This week, David Davis shares his own list of 10 commands to configure on every router.

When it comes to configuring a new Cisco router, much of the
configuration depends on what type of router it is as well as the purpose it
will serve. However, there are certain things you should configure on every new Cisco router.

Hasn’t there been a command that you wished Cisco would make
standard on every router? Every administrator has his or her own list of
commands they use to configure a router “just right.”

Here’s my list of 10 commands that I think you should
configure on every router (in no particular order). After you read through
them, post your own favorites in this article’s discussion.

Configure a login account on the router, and use it on lines

I highly recommend configuring a real username and password
account on routers and switches. By doing so, that means someone needs both a
password and a username to gain
access.

In addition, I recommend using a secret password for the
username—not just a regular password. This encrypts the password with strong
MD5 encryption and enhances security.

Here’s an example:

Router(config)# username root secret My$Password

After you’ve configured the username, you must enable the
lines to use that name. Here’s an example:

Router(config)# line con 0
Router(config-line)# login local
Router(config)# line aux 0
Router(config-line)# login local
Router(config)# line vty 0 4
Router(config-line)# login local

Set a hostname on your router

The default hostname on a router is—you guessed it—router. You can leave this default, and
the router will still work. However, it only makes sense to rename the router
to something that will uniquely identify it. Here’s an example:

Router(config)# hostname Router-Branch-23

In addition, you can configure a domain name on the router
so it knows which DNS domain it’s in. Here’s an example:

Router-Branch-23(config)# ip domain name TechRepublic.com

Set a password to enter Privileged Mode

When it comes to setting a password to enter Privileged Mode,
many people think of using the enable
password command. However, instead of using this command, I highly
recommend using
the enable secret command instead.

This command encrypts the password with strong MD5 encryption
so the prompt won’t display it in clear text.
Here’s an example:

Router(config)# enable secret My$Password

Encrypt router passwords

Cisco routers don’t encrypt passwords
in their configuration by default. However, you can easily change this. Here’s
an example:

Router(config)# service password-encryption

Disable the Web server

Cisco routers also enable the Web server by default, which
is a security risk. If you aren’t going to use it, it’s better to just turn it
off. Here’s an example:

Router(config)# no ip http server

Configure DNS, or disable DNS lookup

Let’s talk about one of my personal pet peeves about Cisco
routers: By default, if you mistype a command in Privileged Mode, the router thinks
you’re trying to Telnet to a remote host. So it performs a DNS lookup on what
you entered.

If you haven’t configured DNS on the router, the command
prompt will hang until the DNS lookup fails. For that reason, I recommend one
of two approaches.

One option is to disable DNS. Here’s how:

Router(config)# no ip domain-lookup

Or, you can configure DNS properly to go to a real DNS
server. Here’s an example:

Router(config)# ip name-server 1.11.1

Configure command aliases

Many network administrators have standard router
command shortcuts (i.e., aliases) that they configure on every router.
Here’s an example:

Router(config)# alias exec s sh run

This means you can now enter s rather than typing the entire show
running-configuration command.

Set the router’s clock, or configure an NTP server

Most Cisco devices don’t have an internal clock. When they
boot up, they don’t know what time it is. Even if you set the time, the router
won’t retain the information if you turn it off or reload it.

First, however, set your time zone and Daylight Saving Time.
Here’s an example:

Router(config)# clock timezone CST -6
Router(config)# clock summer-time CDT recurring

Then, to ensure a router’s event messages display the right
time, either set the clock on the router, or configure an NTP
server. Here’s an example of setting the clock:

Router# clock set 10:54:00 Oct 5 2005

If you already have an NTP server on your network (or the
router has access to the Internet), you can instruct the router to use that as
the time source. This is your best option—when the router boots, it will always
set the clock by the NTP server. Here’s an example:

Router(config)# ntp server 132.163.4.101

Stop logging messages from interrupting your configuration

Another personal Cisco IOS annoyance I have is when I’m
configuring the router, and console messages just pop up on the line (which could
be a console, auxiliary, or VTY port). To prevent this, you have some options.

If you’re on the console, you can either disable console
logging with the global configuration no
logging console command. Or, you can synchronize the logging messages with
your command prompt. (I personally prefer the latter—I want to see what’s going
on with the router.)

So, on every line, I use the logging synchronous command. Here’s an example:

Router(config)# line con 0
Router(config-line)# logging synchronous
Router(config)# line aux 0
Router(config-line)# logging synchronous
Router(config)# line vty 0 4
Router(config-line)# logging synchronous

In addition, you can change the exec-timeout on these
interfaces while you’re at it. For example, let’s say you want to disable the
default 10-minute timeout on the VTY lines. To do so, use the exec-timeout 0 0 command when in Line Configuration
Mode. This keeps the router from disconnecting after 10 minutes of inactivity.

Log system messages to the router’s buffer or a syslog server

Capturing errors and events on a router and monitoring the
console can be critical to problem-solving. By default, the router doesn’t send
buffered logging of its events to the router’s memory.

However, you can configure the router to send buffered logging
of its events to the memory. Here’s an example:

Router(config)# logging buffered 16384

You could also send the router’s events to a syslog server. Since
it’s external to the router, there’s an added benefit: It preserves events even
if the router loses power.

Miss a column?

Check out the Cisco Routers and Switches
Archive, and catch up on David Davis’ most recent columns.

Want to learn more
about router and switch management? Automatically
sign up for our free Cisco Routers and Switches newsletter, delivered each
Friday!

David Davis has worked
in the IT industry for 12 years and holds several certifications, including
CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of
systems/network administrators for a privately owned retail company and
performs networking/systems consulting on a part-time basis.

TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Research for Download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Artificial Intelligence

Microsoft’s First Generative AI Certificate Is Available for Free

Microsoft is also running a grant competition for ideas on using AI training in community building.

An image representing cloud servers. — Image: issaronow/Adobe Stock

Cloud Security

How Generative AI is a Game Changer for Cloud Security

Generative AI will be a game changer in cloud security, especially in common pain points like preventing threats, reducing toil from repetitive tasks, and bridging the cybersecurity talent gap.

Payroll

The 8 Best International Payroll Services for 2023

Does your business need a payroll provider that offers international payroll services? Use our buyer's guide to review the best solutions, from ADP to Oyster.

someone using ChatGPT on a laptop — Image: irissca/Adobe Stock

Artificial Intelligence

ChatGPT Cheat Sheet: Complete Guide for 2023

Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.

Image: monticellllo/Adobe Stock

Project Management

6 Best monday.com Competitors and Alternatives for 2023

Looking for an alternative to monday.com? Our comprehensive list covers the best monday alternatives, their key features, pricing, pros, cons and more.

Poor mental health can affect work performance in the form of burnout, absenteeism, turnover, workplace violence and substance abuse. On the other hand, when workers have good mental health, they are better able to cope with the stresses of life, realize their own abilities, learn and work well and contribute actively to their communities. The ...

As worldwide energy needs and concerns about climate change continue to increase, environmentally responsible business practices are critical for the successful future of a company and the markets in which it operates. This IT Data Center Green Energy Policy, from TechRepublic Premium, is intended to meet green standards for IT data center operations, which includes ...

Cisco administration 101: Learn 10 commands to configure on a new router