cisco

1. ##
2. R1(config)# security passwords min-length 10
3. R1(config)# enable password cisco12345
4.  
5. ###asign and encrypt
6. Router2(config)#enable password cisco12345
7. Router2(config)#enable secret password
8.  
9. ###add user in the local
10. Router(config)#username Admin01 privilege 15 secret admin01pass
11.  
12. ###Banner MOTD :
13. switch(config)# banner motd #Unauthorized access to this device is prohibited!#
14.  
15. ###Disables the HTTP server:
16. switch(config)# no feature http-server
17.  
18. ###configure ssh
19. router (config)# ip domain-name mydomain.local
20. router (Config)# crypto key generate rsa / crypto key generate rsa modules 1024
21. router (Config)# ip ssh version 2
22. router (Config)#ip ssh time-out 60
23. router (Config)#ip ssh authentication-retries 2
24.  
25. ###configure vty lives to allow ssh
26. Switch(config)#line vty 0 15
27. Switch(config-line)#transport input ssh
28.  
29. ###Configure AAA authentication:
30. R1(config)# aaa new-model
31. R1(config)# aaa authentication login default local
32. R1(config)# line console 0
33. R1(config-line)# login authentication default
34. R1(config-line)# end
35.  
36. ###NTP SERVER:
37. router# configure terminal
38. router(config)# ntp server 192.0.2.12 prefer
39. router(config)# ntp server 192.0.2.10 key 1
40. router(config-if)# exit
41. router(config)# ntp authenticate
42. router(config)# ntp authentication-key 1 md5 aNiceKey
43. router(config)# ntp trusted-key 42
44. router(config)# ntp logging
45. router(config)# copy running-config startup-config
46.  
47. ###SYS LOGGING:
48. Router-Dallas(config)#logging 192.168.0.30
49. Router-Dallas(config)#service timestamps debug datetime localtime show-timezone msec
50. Router-Dallas(config)#service timestamps log datetime localtime show-timezone msec
51. Router-Dallas(config)#logging facility local3
52. Router-Dallas(config)#logging trap warning
53. Router-Dallas(config)#end
54. Router-Dallas#show logging
55.  
56. ###Configure VLAN list (name):
57. switch(config)# vlan 2
58. switch(config-vlan)# name accounting
59.  
60. ###Configure the trunk ports:
61. switch# configure terminal
62. switch(config)# interface ethernet 3/1
63. switch(config-if)# switchport trunk native vlan 5
64. (Switch(config-if)# switchport trunk encapsulation dot1q) ???
65.  
66. ###Disable trunking:
67. S1(config)# interface f0/24
68. S1(config-if)# no switchport access vlan
69. S1(config-if)# end
70.  
71. ##BPDU and portfast
72. (host) (config) #interface f0/18
73. (host) (config-if)#spanning-tree portfast
74. (host) (config-if)#spanning-tree bpduguard enable
75.  
76. ###Basic port security:
77. Switch(config)# interface fastethernet 3/12
78. Switch(config-if)# switchport mode access
79. Switch(config-if)# switchport port-security
80. Switch(config-if)# switchport port-security maximum 5
81. Switch(config-if)# switchport port-security violation shutdown
82. Switch(config-if)# switchport port-security mac-address sticky
83.  
84. ###Disable unused ports on s2
85. S1(config)# interface range f0/2 – 5
86. S1(config-if-range)# switchport mode access
87. S1(config-if-range)# switchport access vlan 99
88.  
89. ###Loop guard:
90. Router(config)#spanning-tree loopguard default
91.  
92. ###Configure DHCP snooping:
93. Switch(config)#interface fastEthernet 0/24
94. Switch(config-if)#ip dhcp snooping trust
95. Switch(config-if)#
96. Switch(config)#ip dhcp snooping vlan 10
97. Switch(config)#ip dhcp snooping