Skip to content

Initial Device Configuration

alt text

Configure the hostname

  1. Set the hostname:
Router>en
Router#conf t
Router(config)#hostname R1
R1(config)#do wr mem

Configure the enable secret

Configure the enable secret Password1 on each router/switch. Use type 9 hashing if available; otherwise, use type 5

  1. See what options are available on the routers and access switches:
R1(config)#enable ?
  password  Assign the privileged level password
  secret    Assign the privileged level secret
  1. See what options are available on the core and distribution switches:
CSW1(config)#enable ?
  algorithm-type  Algorithm to use for hashing the plaintext 'enable' secret
  password        Assign the privileged level password
  secret          Assign the privileged level secret

Notice that there is a third option available on some devices, "algorithm-type", a hashing algorithm used to hide the enable secret in the configuration (type 9 hashing). This is preferred if available.

  1. Configure the enable secret on the routers/access switches and confirm:
R1(config)#enable secret Password1
R1(config)#do show run | include secret
enable secret 5 $1$mERr$LG1PCX0pnG7g1VqYOLG9a/
  1. Configure the enable secret on the core/distribution switches and confirm:
CSW1(config)#enable algorithm-type scrypt secret Password1
CSW1(config-line)#do show run | include secret
enable secret 9 $9$J19FIAftPZf7c3$l3koe1VkzliJg5KQU.JgBhXj4RzTxEUDZnF2s1b.Hn6

Configure the user accounts

Configure the user account cisco with secret ccna on each router/switch. Use type 9 hashing if available; otherwise, use type 5.

  1. Configure the user account on the routers/access switches. Note that there is no option for algorithm-type on these, so set the secret:
R1(config)#username cisco ?
  password   Specify the password for the user
  privilege  Set user privilege level
  secret     Specify the secret for the user
  <cr>
R1(config)#username cisco secret ccna
R1(config)#do show run | include secret
enable secret 5 $1$mERr$LG1PCX0pnG7g1VqYOLG9a/
username cisco secret 5 $1$mERr$Bok4KDfVutXOJolNq009M/
  1. Configure the user account on the core/distribution switches. Use the algorithm-type option since it is available:
CSW1(config)#username cisco ?
  algorithm-type  Algorithm to use for hashing the plaintext secret for
  password        Specify the password for the user
  privilege       Set user privilege level
  secret          Specify the secret for the user
  <cr>
CSW1(config)#username cisco algorithm-type ?
  scrypt  Encode the password using the SCRYPT hashing algorithm
CSW1(config)#username cisco algorithm-type scrypt secret ccna
CSW1(config)#do show run | include secret
enable secret 9 $9$J19FIAftPZf7c3$l3koe1VkzliJg5KQU.JgBhXj4RzTxEUDZnF2s1b.Hn6
username cisco secret 9 $9$J19FIAftPZf7c3$Mux3wTz1Kth/NxeyEk.E8.QBckaZchVfllsGnxO8/0A

Configure the console line

  1. Configure the console line to require login with a local user account. Set a 30-minute inactivity timeout. Enable synchronous logging.
CSW1(config)#line console 0
CSW1(config-line)#login local
CSW1(config-line)#exec-timeout 30
CSW1(config-line)#logging synchronous

line console 0 - configures the console line (there is only one)

login local - require login with a local user account on the console connection

exec-timeout 30 - sets a 30 minute inactivity timeout on the connection

logging synchronous - with this enabled, if a syslog message appears when in the middle of writing a command, the command will be reprinted on a new line making it easier to see

Commands that can be pasted in for the remaining devices:

Routers/Access Switches:

en
conf t
enable secret Password1
username cisco secret ccna
line console 0
login local
exec-timeout 30
logging synchronous
do wr

Core/Distribution Switches:

en
conf t
enable algorithm-type scrypt secret Password1
username cisco algorithm-type scrypt secret ccna
line console 0
login local
exec-timeout 30
logging synchronous
do wr