{"id":730,"date":"2024-11-20T02:04:16","date_gmt":"2024-11-19T23:04:16","guid":{"rendered":"https:\/\/itgen.itbumper.com\/?page_id=730"},"modified":"2024-11-20T09:32:44","modified_gmt":"2024-11-20T06:32:44","slug":"0016_cisco-base-configuration","status":"publish","type":"page","link":"https:\/\/itgen.itbumper.com\/?page_id=730","title":{"rendered":"0016_Cisco: base configuration"},"content":{"rendered":"

When<\/span> you<\/span> finish the basic<\/span> configuration<\/span>,<\/span> the device<\/span> will<\/span> be ready<\/span> for<\/span> installation<\/span>,<\/span> after<\/span> which<\/span> the settings<\/span> can<\/span> be<\/span> continued<\/span> via<\/span> SSH.<\/span><\/p>\n\n

\nenable\t\t\t\t\t\t\t\t\t\t\t\n\twrite erase\t\t\t\t\t\t\t\t\t\t#reset to default settings\n\tOR\n\terase startup-config\t\t\t\t\t\t\t#reset to default settings\n\t\n\treload\t\t\t\t\t\t\t\t\t\t\t#reload device \/ use options\n\n\n\tshow running config\t\t\t\t\t\t\t\t#show running config\n\t\n\tconfigure terminal\t\t\t\t\t\t\t\t#enter to global configuration mode\n\t\thostname <hostname>\t\t\t\t\t\t\t#to set hostname\n\t\n\t#SECURITY\n\t\tenable secret [0 | 5] <password | md5 hash>\t\t\t\t#use it instead #enable password. To secure enable mode. \n\t\tusername <username> privilege 15 secret <password>\t\t#to create a user with the privilege 15 (max) and the password will encrypt in the configuration\n\t\tusername <username> password <password>\t\t\t\t\t#to create a user and set a password, the password will NOT encrypt in the configuration\n\t\tusername <username> secret <password>\t\t\t\t\t#to create a user, the password will encrypt in the configuration\n\t\tusername <username> autocommand show ip interface brief #assigning a command that will be executed automatically when the user connects\n\n\t\t\t\tprivilege 0  - has access to only a few basic commands, such as logout, enable, disable, and exit. It is used for highly restricted users who only need to log out or exit a session.\n\t\t\t\tprivilege 1  \u2013 default level. It allows access to basic diagnostic commands like ping and show, enabling users to view the device's status without changing configurations.\n\t\t\t\tprivilege 15 - privileged EXEC Mode. It grants full access to all commands, including configuration and administrative functions.\n\t\t\t\tprivilege 2-14 - these intermediate levels have no predefined settings and can be customized for specific roles. \n\t\t\t\tprivilege exec level <level> <command> \/ Example: privilege exec level 5 show ip interface\n\t\t\t\t\t\t\t\n\t\taccess-list 1 [permit | deny | remark] <network address wild card mask>\t\t#create standard acl for some subnet\n\t\taccess-list 1 [permit | deny | remark] host <ip address>\t\t\t\t\t#create standard acl for some ip address\n\t\tOR ###BEST SOLUTION IS TO USE EXTENDED NUMBERED ALC (100-199) SWITCH MUST SUPPORT L3 FEATURES###\n\t\taccess-list <100-199> permit tcp < network wildcard> any eq 22\t#destination must be any\n\t\tExample:\n\t\taccess-list 100 permit tcp 172.16.50.0 0.0.0.255 any eq 22\t\t#permit access from the 172.16.50.0\/24\n\t\taccess-list 100 permit tcp host 172.16.51.100 any eq 22\t\t\t#permit access from host 172.16.51.100\n\t\tdo show access-list 100\t\t\t\t\t\t\t\t\t\t\t#show all entries in the ACL 100\n\t\tip access-list extended 100\t\t\t\t\t\t\t\t\t\t#enter to ACL config mode\n\t\t\tno <entry number>\t\t\t\t\t\t\t\t\t\t\t#will delete an entry\n\t\t\n\t\tip ssh version 2\t\t\t\t\t\t\t#set ssh version 2\n\t\tline vty 0 15\t\t\t\t\t\t\t\t#config remote connections\n\t\t\tlogin local\t\t\t\t\t\t\t\t#use local users base\n\t\t\taccess-class <acl number> in\t\t\t#apply access-list 1 for in traffic (look conf above)\n\t\t\ttransport input ssh\t\t\t\t\t\t#connection direction and protocol\n\t\t\texec-timeout <minutes>\t\t\t\t\t#\n\t\t\tlogging synchronous\t\t\t\t\t\t#to prevent system messages from interrupting your work on the console\n\t\t\texit\n\t\t\n\t\tip domain-name <your.domaim>\t\t\t\t#this is necessary to generate ssh keys\n\t\tcrypto key generate rsa -->Enter\t\t\t#input = 512\/1024\/2048 bits\n\t\t\n\t\t\n\t\tline console 0 \t\t\t\t\t\t\t\t#choose a console port\n\t\t\t\n\t\t\tpassword <your password>\t\t\t\t#set a password for the console port\n\t\t\tlogin\t\t\t\t\t\t\t\t\t#active password - no username\n\t\t\tOR\n\t\t\tlogin local\t\t\t\t\t\t\t\t#use users from local base\n\t\t\t\n\t\t\texec-timeout <minutes> <seconds>\t\t#set idle timeout \/ 0 0 to disable the timeout\n\t\t\tlogging synchronous\t\t\t\t\t\t#to prevent system messages from interrupting your work on the console\n\t\t\texit\t\t\t\t\t\t\t\t\t#\n\t\tdo show running-config | section line con\t#to check the console port configuration\n\t\tdo show ip ssh\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t==============L2 SWITCHES IP ADDRESS SET=================\n\t\t#access port,ie PC connect\n\t\tinterface vlan 100\n\t\t\tip address 172.16.50.254 255.255.255.0\n\t\t\tno shutdown\n\t\t\texit\n\t\t\tinterface f0\/1\n\t\tswitchport mode access\n\t\tswitchport access vlan 100\n\t\tno shutdown\n\t\texit\n\t\tinterface vlan 100\n\t\t\tname mgmt\n\t\t\texit\n\t\tip default-gateway <ip address>\t\t\t\t\t\t\t\t\t#see more options\n\t\t\n\t\t#trunk port, ie another SW connect\n\t\tvlan 100\n\t\t\tname mgmt\n\t\t\texit\n\t\tinterface vlan 100\n\t\t\tip address 172.16.50.253 255.255.255.0\n\t\t\tno shutdown\n\t\t\texit\n\t\tinterface g0\/1\n\t\t\tswitchport mode trunk\n\t\t\tswitchport trunk allowed vlan 100\n\t\t\tno shutdown\n\t\t\texit\n\t\tip default-gateway <ip address>\n\t\tdo write memory\n\t\tdo show ip interface brief\n\t\tdo show vlan brief\n\t\tdo show interface trunk\n\t\t\n\t\t\n\t\t\t\t\t================ROUTERS IP ADDRESS SET===================\n\t\t#access port, ie PC connect\n\t\tinterface g0\/0\n\t\t\tip address 172.16.50.250 255.255.255.0\n\t\t\tno shutdown\n\t\t\texit\n\t\t\n\t\t#vlan IP interface, ie switch connect  (trunk)\n\t\tinterface g0\/0.100\n\t\t\tencapsulation dot1Q 100\n\t\t\tip address 172.16.50.250 255.255.255.0\n\t\t\tdescription mgmt\n\t\t\tno shutdown\n\t\t\texit\n\t\tip route 0.0.0.0 0.0.0.0 <ip address>\t\t\t\t\t\t\t#see more options\n\t\t\n\tcopy running-config startup-config\t\t\t\t#save the configuration\n\twrite memory \t\t\t\t\t\t\t\t\t#save the configuration\n\t\t\n\t\t\n\t\t\t\t====================CONNNECT BY SSH===========================\t\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"
When you finish the basic configuration, the device will be ready for installation, after which the settings can be continued via SSH.<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"categories":[],"tags":[],"_links":{"self":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages\/730"}],"collection":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=730"}],"version-history":[{"count":4,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages\/730\/revisions"}],"predecessor-version":[{"id":738,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages\/730\/revisions\/738"}],"wp:attachment":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}