Enabling SSH on Cisco Device

Warning!! These are just basic SSH configurations made in a lab environment. In no way am I recommending these configurations! Please consult your security policies before implementing any security features across your network.

• First off, you must associate the device to a domain name, or FQDN for the system to generate encryption keys.
o Ip domain-name “YourDomainNameHere”
 Example: ip domain-name lab.local
• Next you need to generate the encryption keys. These keys will now be associated with your FQDN, or domain:
o “crypto key generate rsa”
o You should get a message saying keys will now be associated to your domain and should see your domain name: Switch1.lab.local
o You should now see “How many bits in the modulus [512]” This is just your encryption level. 512 is weak, 1024 is standard. More encryption equates to slower speeds. We will input 1024
• Next, we will input the command to the VTY terminals to allow SSH:
o Select the VTY lines “vty 0 4” 0 space 4 says, grab all of the lines from 0 to 4. This will program all of them at once.
o Next command: “transport input ssh” this will allow ssh only, you can also do: “transport input ssh telnet” to allow both telnet and ssh. Telnet is not recommended.
o Next do the password: “password cisco”
o Then enable login of the actual lines by typing the command: “login”. This will actually allow the logon ability.
o If you want the local user database to login: “login local” command will allow local logins from the local database. This step requires another step below in order to create accounts to SSH into the device.
• Finally, we need to create user accounts for the remote logins. You will create a user by the following steps:
o “username YourUserName secret “YourPassword”
o Example: “username user2 secret cisco”
o You can use secret, or password, but secret is more secure as password will be stored plain text.
• Now you can fully log into the device with your newly created username and password.

Warning!! These are just basic SSH configurations made in a lab environment. In no way am I recommending these configurations! Please consult your security policies before implementing any security features across your network.

Common and Basic Cisco Commands

Common and Basic Cisco Commands

This list is just a quick list of tips and commands that are only for my reference. These are just quick inputs and notes, and these are not considered a walkthrough. This list will constantly be updated over time and when I have time to update it.

·         You type in something wrong and get the “Translating “your incorrect entry” …domain server (255.255.255.255), you can stop this in the middle of it by the following:

o   Ctrl+Shift+6 will abort this process.

·         To prevent the Cisco device from trying to resolve an incorrect entry into an IP address, you can put in the following:

o   Escalate up to “configure terminal” mode

o   Enter the following command: #no ip domain-lookup

·         You can see the previous history of entered commands by typing in:

o   #show history

o   If you want to change the size of the history, perform the following:

§  Escalate to configure terminal level

§  Select console line by typing the following: #line console 0

§  Next type in #history size 50. You can put in any number from 0-256 for how many lines you want history to remember.

·         You can exit by doing Ctrl+Z or by typing #exit.

o   Typing #end will take you all the way back to the beginning of the Cisco device privilege modes.

·         You can see what is on the hard drive or flash of a Cisco device by typing in #show flash.

o   If you want to remove files on the flash, execute the following:

§  #delete flash:’filename’

§  Confirm the deletion.

o   Sometimes files can be deleted by the following command (if they are still stored and not being deleted) #squeeze flash.

·         One vital command which is helpful is the ability to reload the router through CLI. This is performed by typing the following command:

o   #reload in 5

o   This reboots the router in 5 minutes. You can have it reboot in any amount of time you designate.

o   This allows you to wipe the configuration if you have not already committed the changes and saved to the flash.

o   #reload cancel cancels the reboot.

·         #show running-config to show the current configurations which are running on the Cisco device.

·         #show startup-config to show the configurations which will be loaded into the Cisco device upon boot.

·         #copy running-config startup-config” will give you the option to save your current running configuration to the startup configuration fle.

o   #copy run startup-config and #write memory commands also save the configurations (can also just type write).

·         #write erase will allow you to erase your saved configurations in NVRAM and take you back to factory defaults.

·         To kick users from the device execute the following:

o   #show users

o   #clear line vty #

·         To show spanning-tree information for priorities, if an interface is blocked, designated, or the switch is root, and other information:
“show spanning-tree” will display the information.

Setting the Clock on Cisco Device

1. You can set the main clock from EXEC privileged mode. The following is the syntax:
a. Clock set “hh:mm:ss” “day month year”
b. Example: “clock set 22:21:20 1 June 2017”
2. After you set it, you can verify by typing “show clock”.