When you finish the basic configuration, the device will be ready for installation, after which the settings can be continued via SSH.
enable
write erase #reset to default settings
OR
erase startup-config #reset to default settings
reload #reload device / use options
show running config #show running config
configure terminal #enter to global configuration mode
hostname <hostname> #to set hostname
#SECURITY
enable secret [0 | 5] <password | md5 hash> #use it instead #enable password. To secure enable mode.
username <username> privilege 15 secret <password> #to create a user with the privilege 15 (max) and the password will encrypt in the configuration
username <username> password <password> #to create a user and set a password, the password will NOT encrypt in the configuration
username <username> secret <password> #to create a user, the password will encrypt in the configuration
username <username> autocommand show ip interface brief #assigning a command that will be executed automatically when the user connects
privilege 0 - has access to only a few basic commands, such as logout, enable, disable, and exit. It is used for highly restricted users who only need to log out or exit a session.
privilege 1 – default level. It allows access to basic diagnostic commands like ping and show, enabling users to view the device's status without changing configurations.
privilege 15 - privileged EXEC Mode. It grants full access to all commands, including configuration and administrative functions.
privilege 2-14 - these intermediate levels have no predefined settings and can be customized for specific roles.
privilege exec level <level> <command> / Example: privilege exec level 5 show ip interface
access-list 1 [permit | deny | remark] <network address wild card mask> #create standard acl for some subnet
access-list 1 [permit | deny | remark] host <ip address> #create standard acl for some ip address
OR ###BEST SOLUTION IS TO USE EXTENDED NUMBERED ALC (100-199) SWITCH MUST SUPPORT L3 FEATURES###
access-list <100-199> permit tcp < network wildcard> any eq 22 #destination must be any
Example:
access-list 100 permit tcp 172.16.50.0 0.0.0.255 any eq 22 #permit access from the 172.16.50.0/24
access-list 100 permit tcp host 172.16.51.100 any eq 22 #permit access from host 172.16.51.100
do show access-list 100 #show all entries in the ACL 100
ip access-list extended 100 #enter to ACL config mode
no <entry number> #will delete an entry
ip ssh version 2 #set ssh version 2
line vty 0 15 #config remote connections
login local #use local users base
access-class <acl number> in #apply access-list 1 for in traffic (look conf above)
transport input ssh #connection direction and protocol
exec-timeout <minutes> #
logging synchronous #to prevent system messages from interrupting your work on the console
exit
ip domain-name <your.domaim> #this is necessary to generate ssh keys
crypto key generate rsa -->Enter #input = 512/1024/2048 bits
line console 0 #choose a console port
password <your password> #set a password for the console port
login #active password - no username
OR
login local #use users from local base
exec-timeout <minutes> <seconds> #set idle timeout / 0 0 to disable the timeout
logging synchronous #to prevent system messages from interrupting your work on the console
exit #
do show running-config | section line con #to check the console port configuration
do show ip ssh
==============L2 SWITCHES IP ADDRESS SET=================
#access port,ie PC connect
interface vlan 100
ip address 172.16.50.254 255.255.255.0
no shutdown
exit
interface f0/1
switchport mode access
switchport access vlan 100
no shutdown
exit
interface vlan 100
name mgmt
exit
ip default-gateway <ip address> #see more options
#trunk port, ie another SW connect
vlan 100
name mgmt
exit
interface vlan 100
ip address 172.16.50.253 255.255.255.0
no shutdown
exit
interface g0/1
switchport mode trunk
switchport trunk allowed vlan 100
no shutdown
exit
ip default-gateway <ip address>
do write memory
do show ip interface brief
do show vlan brief
do show interface trunk
================ROUTERS IP ADDRESS SET===================
#access port, ie PC connect
interface g0/0
ip address 172.16.50.250 255.255.255.0
no shutdown
exit
#vlan IP interface, ie switch connect (trunk)
interface g0/0.100
encapsulation dot1Q 100
ip address 172.16.50.250 255.255.255.0
description mgmt
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 <ip address> #see more options
copy running-config startup-config #save the configuration
write memory #save the configuration
====================CONNNECT BY SSH===========================