Cisco Catalyst Template

From RoseWiki
Revision as of 17:35, 10 October 2024 by Maeve (talk | contribs) (Created entire page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
! Enter configuration mode 
en
conf t
 
! Turn on rapid spanning tree
spanning-tree mode rapid-pvst 

! Set the hostname
hostname examplename

! Enables password encryption 
service password-encryption

! Optional. Enable secret followed by a password will require console users to provide a password before they can "enable" the switch, allowing them to edit conf mode, run show run, etc
enable secret supersecretpassword

! Create a superuser / admin. The name can be anything. 
username AdminUser priv 15 secret incrediblysecurepassword

! Set Timezone
clock timezone UTC 0 0

! Set NTP server. If DNS is functional, use one of these.
ntp server 0.north-america.pool.ntp.org
ntp server 1.north-america.pool.ntp.org
ntp server 2.north-america.pool.ntp.org
ntp server 3.north-america.pool.ntp.org
! Alternatively, if you want this device to instead pull NTP from another device in your network, supply an IP.
! ntp server 10.0.0.1 

! aaa new-model enables a suite of features that are now standard across all other Cisco devices.
aaa new-model
aaa authentication login default local
! Console connection
aaa authorization console
! SSH connection 
aaa authorization exec default local 

! Disables requirement for password on the console. If enabled, this would be one step behind enable secret. 
line con 0
no password
exit 

! This configures SSH access in the same way that we configured the above console connection. a vty is a remote connection. IOS supports 16 concurrently. 
line vty 0 15
no password
transport input ssh
exit

! Disables default interface for VLAN 1. VLAN 1 should be avoided when possible as this is the default VLAN that ports will take when reset. 
int vlan 1
no ip address
shutdown

! Define a default domain name.
!no ip domain-lookup
ip domain-name your-internal-domain-name
ip name-server your-local-dns-server
! Generates a cryptokey to enable SSH 
crypto key generate rsa modulus 4096 
ip ssh version 2
! ip ssh {timeout seconds | authentication-retries number}

! Here we add a port to VLAN 10. This assumes VLAN 10 is the VLAN you're going to use for your primary management. Adjust as appropriate. 
int te 1/0/48 
switchport access VLAN 10 
int vlan 18
ip address 192.168.10.10 255.255.255.0
ip default-gateway 192.168.10.1
exit

! Ping the device from itself to ensure the interface has come alive.
ping 192.168.10.10

! Write to memory.
wr