Skip to main content

Cisco IOS

Cheat sheets and standard configuration for Cisco IOS devices.

warning

Make sure to change all specified passwords.

Initial configuration

This will setup a Cisco device with some standard security settings.

enable
conf t

! Typos
no ip domain-lookup

! Authorization
service password-encryption
enable secret class
banner motd "Authorized access only!"
line vty 0 15
exec-timeout 15 0
password cisco
login
transport input telnet
line console 0
exec-timeout 15 0
password cisco
login
line aux 0
exec-timeout 15 0
password cisco
login

! Hostname
hostname Device1

IP configuration

Switch

interface vlan 1
ip address 192.168.0.253 255.255.255.0
ipv6 address 2001:db8:1234:aabb::2/64
no shutdown

! Custom VLAN
interface vlan 10
...

Router

interface gi0/0/0
ip address 192.168.0.254 255.255.255.0
ipv6 address 2001:db8:1234:aabb::1/64
no shutdown

! With range
interface range gi0/0/0 - 1 , gi0/1/0
...

! Custom VLAN
interface gi0/0/0.10
...

Default gateway and DNS

ip default-gateway 192.168.0.254 255.255.255.0
ip name-server 1.1.1.1

Routing

Enable routing

ip routing
ipv6 unicast-routing

The ip default-gateway config will no longer work a default route is used instead.

Use a wildcard route as gateway

ip route 0.0.0.0 0.0.0.0 192.168.0.254
ipv6 route ::/64 fe80::1

! Specify outgoing interface
ip route 0.0.0.0 0.0.0.0 gi0/0/0

Spanning tree

! Set spanning tree mode
spanning-tree mode pvst

! Use portfast on an interface
interface fa0/0
spanning-tree portfast

...