Basic Device Configuration

Initial setup commands for routers and switches - hostnames, passwords, access control, and system settings.

Why Configure These Settings?

These are the FIRST commands you run on any new Cisco device to:

• Identify the device (hostname)
• Secure access (passwords)
• Enable remote management (SSH)
• Prevent accidental issues (disable DNS lookup)

Hostname

When to configure: Always. The hostname appears in the command prompt and logs, making it easy to identify which device you’re working on.

Router(config)# hostname R1

Parameters:

• R1 - Replace with a descriptive hostname like Core-Switch-1, Border-Router, or Access-SW-Floor2. Avoid spaces in hostnames.

Disable DNS Lookup

When to configure: Always. Prevents the device from trying to resolve typos as DNS queries (saves you 30+ seconds every time you mistype a command).

Router(config)# no ip domain-lookup

Enable Secret Password

When to configure: Always. This password protects privileged EXEC mode (the mode where you can make configuration changes).

Router(config)# enable secret MySecurePass123

Parameters:

• MySecurePass123 - Replace with a strong password for your environment.

Note: This password is encrypted in the configuration. Anyone with this password can make ANY change to the device.

Console Password

When to configure: Always for production devices. Protects physical console cable access.

Router(config)# line console 0
Router(config-line)# password ConPass456
Router(config-line)# login
Router(config-line)# exit

Parameters:

• ConPass456 - Replace with any password to protect console access.

VTY Password (Telnet/SSH)

When to configure: Always. Protects remote access to the device.

Router(config)# line vty 0 4
Router(config-line)# password VtyPass789
Router(config-line)# login
Router(config-line)# exit

Parameters:

• 0 4 - Configures VTY lines 0 through 4 (5 simultaneous connections). Some devices support more lines (e.g., 0 15 for 16 connections).
• VtyPass789 - Replace with any strong password.

Encrypt All Passwords

Encrypts plaintext passwords in the configuration (basic encryption, use enable secret for better security).

Router(config)# service password-encryption

Login Banner

Warning message displayed before login.

Router(config)# banner login #
Unauthorized access is prohibited!
#

Use any delimiter character (like # or b) - just use the same one to start and end.

Set Clock

Set the system date and time (useful for logs).

Router# clock set 15:30:00 Dec 15 2025

SSH Configuration

When to configure: Always for production devices. SSH encrypts your remote connections - Telnet sends everything in plain text (including passwords).

Why it matters: Without SSH, anyone sniffing network traffic can see your passwords and commands.

Router(config)# ip domain-name domain.local
Router(config)# crypto key generate rsa
How many bits in the modulus [512]: 2048
Router(config)# username admin privilege 15 secret AdminPass123
Router(config)# line vty 0 4
Router(config-line)# transport input ssh
Router(config-line)# login local
Router(config-line)# exit

Parameters:

• domain.local - Replace with your domain name (can be anything, even fake domains work).
• 2048 - RSA key size in bits. Always use 2048 or higher for security.
• admin - Replace with any username for SSH login.
• privilege 15 - Access level. 15 = full administrator access, 1-14 = limited access.
• AdminPass123 - Replace with a strong password.

SSH Version 2 only (more secure):

Router(config)# ip ssh version 2

Note: SSH version 2 is more secure than version 1. Always use version 2 if your IOS supports it (most modern versions do).

Interface IP Addressing

Assign IP addresses to physical interfaces or VLAN interfaces for connectivity and management access. This is essential for routing, ping tests, and device administration.

Physical Interface IP

When to configure: On routers or Layer 3 switches, before routing or connectivity testing.

Router(config)# interface GigabitEthernet0/0
Router(config-if)# description Link to Core Switch
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# no shutdown
Router(config-if)# exit

Parameters:

• GigabitEthernet0/0 – Replace with the interface you are configuring.
• description – Optional; adds context for documentation.
• 192.168.1.1 – Replace with the desired IP address.
• 255.255.255.0 – Subnet mask for the network.
• no shutdown – Activates the interface (interfaces are administratively down by default).

Tip: Verify interface status and IP with:

Router# show ip interface brief

Interface VLAN (SVI) IP

When to configure: On Layer 3 switches or router to enable routing or management access for a VLAN.

Switch(config)# interface vlan 10
Switch(config-if)# description Management VLAN
Switch(config-if)# ip address 10.10.10.2 255.255.255.0
Switch(config-if)# no shutdown
Switch(config-if)# exit

Parameters:

• vlan 10 – VLAN ID. Ensure the VLAN exists before assigning an IP (vlan 10).
• description – Optional; useful for documentation.
• 10.10.10.2 – Replace with the desired IP-address you want your device to have on the VLAN.
• 255.255.255.0 – Subnet mask for the VLAN.
• no shutdown – Activates the VLAN interface.

Important: At least one port must be assigned to the VLAN for the interface to be operational:

Switch(config)# vlan 10
Switch(config-vlan)# name Management
Switch(config-vlan)# exit

Verify VLAN IP configuration:

Switch# show ip interface brief
Router# show running-config | include interface
Router# ping 10.10.10.2

Save Configuration

Save running config to startup config (persists after reboot).

Router# write memory

Or use the full command:

Router# copy running-config startup-config

Verify Configuration

Router# show running-config
Router# show ip ssh
Router# show users
Router# show clock