The administrative functions that you can configure on a router and switch are:
- Hostnames
- Banners
- Password
- Interface descriptions
None of these will make your routers or switches work better or faster, but your life will be a whole lot better if you just take the time to set these configurations on each of your network devices. That’s because doing this makes troubleshooting and maintaining your network sooooo much easier-seriously!
Hostnames
You can set the identity of the router with the hostname command. This is only locally significant, which means that it has no bearing on how the router performs name lookups or how the router works on the internetwork.
Here’s an example:
Router>
Router>en
Router#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#
Router(config)#hostn
Router(config)#hostname ?
WORD This system's network nameRouter(config)#hostname CiscoTests-BORDER
CiscoTests-BORDER(config)#
CiscoTests-BORDER(config)#
It’s definitely good idea to name the router something pertinent to the location. This is because giving it a hostname that’s somehow relevant to where the device actually lives will make finding it a whole lot easier. And it also helps you confirm that you are, indeed, configuring the right device.
Banners
A banner is more than just a little cool-one very good reason for having a banner is to give any and all who dare attempt to telnet or dial into your internetwork a little security notice. And you can create a banner to give anyone who shows up on the router exactly the information you want them to have. Make sure you’re familiar with these four available banner types: exec process creation banner, incoming terminal line banner, login banner, and message of the day banner.
Message of the day (MOTD) is the most extensively used banner. It gives a message to every person dialing into or connecting to the router via Telnet or auxiliary port, or even through a console port as seen here:
CiscoTests-BORDER>en
CiscoTests-BORDER#
CiscoTests-BORDER#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoTests-BORDER(config)#
CiscoTests-BORDER(config)#bann
CiscoTests-BORDER(config)#banner mot
CiscoTests-BORDER(config)#banner motd ?
LINE c banner-text c, where 'c' is a delimiting characterCiscoTests-BORDER(config)#banner motd #
Enter TEXT message. End with the character ‘#’.
If you are not authorized to be in CiscoTests.ORG border router,
then you must disconnect immediately!
#
CiscoTests-BORDER(config)#
CiscoTests-BORDER(config)#end
CiscoTests-BORDER#qCiscoTests-BORDER con0 is now available
Press RETURN to get started.
If you are not authorized to be in CiscoTests.ORG border router,
then you must disconnect immediately!CiscoTests-BORDER>
Passwords
Few options for enable passwords are available:
- Last-resort – Allows you to still enter the router if you set up authentication through a TACACS server and it’s not available. But it isn’t used if the TACACS server is working.
- Password – Sets the enable password on older, pre-10.3 systems, and isn’t ever used if an enable secret is set.
- Secret – Is the newer, encrypted password that overrides the enable password if it’s set.
- Use-tacacs – This tells the router to authenticate through a TACACS server.
Here’s an example of setting the enable passwords:
Router(config)#
Router(config)#ena
Router(config)#enable ?
last-resort Define enable action if no TACACS servers respond
password Assign the privileged level password
secret Assign the privileged level secret
use-tacacs Use TACACS to check enable passwordsRouter(config)#enable sec
Router(config)#enable secret cisco
Router(config)#ena
Router(config)#enable pass
Router(config)#enable password cisco
The enable password you have chosen is the same as your enable secret.
This is not recommended. Re-enter the enable password.Router(config)#
If you try to set the enable secret and enable passwords the same, the router will give you a nice, polite warning to change the second password. If you don’t have older legacy routers, don’t even bother to use the enable password.
User-mode passwords are assigned by using the line command. Here are the lines to be concerned with:
- aux – Sets the user-mode password for the auxiliary port. It’s usually used for attaching a modem to the router, but it can be used as a console as well.
- console – Sets a console user-mode password.
- vty – Sets a Telnet password on the router. If this password isn’t set, then Telnet can’t be used by default.
To configure the user-mode passwords, you configure the line you want and use either the login or no login command to tell the router to prompt for authentication. Here is the following example for Telnet:
Router(config)#
Router(config)#line vty 0 4
Router(config-line)#
Router(config-line)#login
% Login disabled on line 162, until 'password' is set
% Login disabled on line 163, until 'password' is set
% Login disabled on line 164, until 'password' is set
% Login disabled on line 165, until 'password' is set
% Login disabled on line 166, until 'password' is set
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#
Yep! This is not a bug. Cisco has begun this process of not letting you set the “login” command before a password is set on a line because if you set the login command under a line, and then don’t set a password, the line won’t be usable. And it will prompt for a password that doesn’t exist.
Because only the enable secret password is encrypted by default, you’ll need to manually configure the user-mode and enable passwords for encryption. Notice that you can see all the passwords except the enable secret when performing a show running-config on a router:
Router#
Router#
Router#sh run
Building configuration...
...!
enable secret 5 $1$jOld$fcCCX0CUm5MA2lPy5DPGx1
enable password cisco
!…
!
line con 0
password cisco
login
line aux 0
line vty 0 4
password cisco
login
!
endRouter#
To manually encrypt your passwords, use the service password-encryption command. Here’s an example of how to do it:
Router#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#service password-encryption
Router(config)#
Router(config)#end
Router#sh run
Building configuration...
...!
enable secret 5 $1$jOld$fcCCX0CUm5MA2lPy5DPGx1
enable password 7 05080F1C2243
!…
!
line con 0
password 7 045802150C2E
login
line aux 0
line vty 0 4
password 7 121A0C041104
login
!
endRouter#
Once the passwords are encrypted, you can disable the command, executing it with prefix no. All of the passwords will stay encrypted.
Descriptions
Setting descriptions on an interface is helpful to the administrator and, like the hostname, only locally significant. The description command is a helpful one because you can, for instance, use it to keep track of circuit numbers.
Here’s an example:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa 0/0
Router(config-if)#
Router(config-if)#desc to ISP - WAN
Router(config-if)#
Router(config-if)#int fa 0/1
Router(config-if)#
Router(config-if)#desc to LAN
Router(config-if)#
Router(config-if)#end
Router#sh run
Building configuration...…
!
interface FastEthernet0/0
description to ISP – WAN
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
description to LAN
no ip address
shutdown
duplex auto
speed auto
!
ip classless
!
ip http server
no ip http secure-server
!…
Our Recommended Premium CCNA Training Resources
These are the best CCNA training resources online:
Click Here to get the Cisco CCNA Gold Bootcamp, the most comprehensive and highest rated CCNA course online with a 4.8 star rating from over 30,000 public reviews. I recommend this as your primary study source to learn all the topics on the exam.
Want to take your practice tests to the next level? AlphaPreps purpose-built Cisco test engine has the largest question bank, adaptive questions, and advanced reporting which tells you exactly when you are ready to pass the real exam. Click here for your free trial.
