– Correct hostname
– Set the clock / date
– Turn off “ip domain-lookup”
– Set the show history size
– Configure management ip and default gateway
– Set new passwords (Console / Telnet / Enable )
– Saving your configuration(s)
Here is my tutorial on how to perform these actions on a Cisco switch!.
First connect the serial (9 pins) or USB-To-Serial-adapter cable, for configuring the Cisco device.
| Click on image for larger picture |
Use Putty on Windows or Minicom on (L)inux/Mac to gain access to the terminal of the device.
Use the following parameter to connect to it:
| Bits Per Second | 9600 |
| Data Bits | 8 |
| Parity | None |
| Stop Bits | 1 |
| Flow Control | None |
Power-on the switch and wait till the booting is completed.
C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE SOFTWARE (fc4) Cisco WS-C2960-24TT (RC32300) processor (revision C0) with 21039K bytes of memory. 2960-24TT starting... ..........(more is listed).........
When you see the message:
Would you like to enter the initial configuration dialog [yes/no] ? CHOOSE NO!
The configuration dialog is showing old protocols and things we mostly don’t use anymore.
Go from user mode to privileged mode into global configuration mode and execute the command hostname
Switch> en Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# hostname Linuxsource-Switch1 Linuxsource-Switch1(config)# Linuxsource-Switch1(config)#exit %SYS-5-CONFIG_I: Configured from console by console Linuxsource-Switch1#
In privileged mode use the clock set command to set the time/date/year
Linuxsource-Switch1# clock set 16:00 3 march 2015 Linuxsource-Switch1# show clock *16:0:1.48 UTC Mon Mar 3 2015 Linuxsource-Switch1# Linuxsource-Switch1(config)# exit %SYS-5-CONFIG_I: Configured from console by console Linuxsource-Switch1#
The no ip domain lookup command disables the resolution of symbolic names. If you mistype a command, the device will not try to translate it into an IP address. (takes 5 seconds to time-out)
Linuxsource-Switch1# test <--- with domain-lookup, it takes time :) Translating "test"...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address
Linuxsource-Switch1(config)# no ip domain-lookup
Linuxsource-Switch1(config)# test
^
% Invalid input detected at ‘^’ marker.
Linuxsource-Switch1(config)# exit
This sets the numbers of lines that are held in the history buffer for recall. ( one for EXEC mode commands and one configuration mode commands)
You can verify with “show terminal” that history is enabled and determine the size for the console line (default is 10)
Linuxsource-Switch1# show terminal
Find the line that contains:
History is enabled, history size is 10.
Linuxsource-Switch1# terminal history size 100 L:inuxsource-Switch1# show terminal
Line now contains the following: History is enabled, history size is 100. Linuxsource-Switch1(config)# exit
Enter the configuration mode. (configure terminal)
Linuxsource-Switch1# conf t Enter configuration commands, one per line. End with CNTL/Z. Linuxsource-Switch1(config)#
– Enter the interface configuration voor VLAN 1 (Default)
Linuxsource-Switch1(config)# interface vlan 1 Linuxsource-Switch1(config-if)#
– Set the ip address and mask to the interface
Linuxsource-Switch1(config-if)# ip address 172.16.0.1 255.255.255.252 Linuxsource-Switch1(config-if)# end urce%SYS-5-CONFIG_I: Configured from console by console Linuxsource-Switch1(config-if)# end
Secure the Console access with a password!
Go from user mode to priviliged mode and then global configuration mode. Type the following:
Linuxsource-Switch1> enable Linuxsource-Switch1# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Linuxsource-Switch1(config)# line console 0 Linuxsource-Switch1(config-line)# password cisco Linuxsource-Switch1(config-line)# login Linuxsource-Switch1(config-line)# end
Don’t forget the login command, otherwise it won’t prompt you for the password!
You can also use option 0 and 7:
Linuxsource-Switch1(config-line)# password ? 0 Specifies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) line password
– Option 0 is stored viewable (unencrypted) in your running config!
– Option 7 is the encrypted password, that you can copy in encrypted format, and paste it on another router/switch. (Without knowing the real password)
For Telnet and SSH, do the following:
Linuxsource-Switch1# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Linuxsource-Switch1(config-line)# password cisco Linuxsource-Switch1(config-line)# end Linuxsource-Switch1#
You don’t have to use login here, because this is already defined without a password!
Set enable with an password:
This is the password you have to enter, when logged into the switch thru ssh/telnet/console and then try to go to priviliged mode.
To save the password unencrypted do:
Linuxsource-Switch1# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Linuxsource-Switch1(config)# enable password cisco
Better to use encryption, so do:
Linuxsource-Switch1# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Linuxsource-Switch1(config)# enable secret cisco The enable secret you have chosen is the same as your enable password. This is not recommended. Re-enter the enable secret. Linuxsource-Switch1(config)#
Beware! 🙂 the warning shown above.. .It doesn’t tell you the password hasn’t been set. (if the password is the same…!!)
Type in privileged mode the following:
Linuxsource-Switch1# copy running-config startup-config Destination filename [startup-config]? <ENTER> Building configuration... [OK] Linuxsource-Switch1#
