Tuesday, March 22, 2016

Default Switch Configuration

Default Switch Configuration

Enter privileged mode
Switch> enable
Switch#
Examine the current switch configuration
Switch# show running-config
Create a Basic Switch Configuration
Assign a name to a switch
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# exit
S1#
Secure access to the console line (Console Password)
S1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)# line console 0
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# exit
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
Verify that console access is secured
S1# exit
Switch con0 is now available
Press RETURN to get started.

User Access Verification
Password:
S1>
Note: If the switch did not prompt you for a password, then you did not configure the login parameter on console line

Secure privileged mode access (Privileged password)
Set the enable password to cisco1. This password protects access to privileged mode.
S1> enable
S1# configure terminal
S1(config)# enable password cisco1
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
Note: This password will not grade as correct until after you encrypt it

Configure an encrypted password to secure access to privileged mode
S1# config t
S1(config)# enable secret class
S1(config)# exit
S1#
The enable password should be replaced with the newer encrypted secret password using the enable secret command
Note: The enable secret password overrides the enable password. If both are configured on the switch, you must enter the enable secret password to enter privileged EXEC mode.
Verify that the enable secret password is added to the configuration file.
a.     Enter the show running-configuration command again to verify the new enable secret password is configured.
Note: You can abbreviate show running-configuration as
S1# show run
b.    What is displayed for the enable secret password? $1$mERr$ILwq/b7kc.7X/ejA4Aosn0
c.     Why is the enable secret password displayed differently from what we configured? The enable secret is shown in encrypted form, whereas the enable password is in plain text. 

Encrypt the enable and console passwords
S1# config t
S1(config)# service password-encryption
S1(config)# exit
The enable secret password was encrypted, but the enable and console passwords were still in plain text. We will now encrypt these plain text passwords using the service password-encryption command

Configure a MOTD Banner
S1# config t
S1(config)# banner motd "This is a secure system. Authorized Access Only!"               
S1(config)# exit
When will this banner be displayed? The message will be displayed when someone enters the switch through the console port.
Save Configuration Files to NVRAM
S1# copy running-config startup-config
Destination filename [startup-config]?[Enter]
Building configuration...
[OK]
What is the shortest, abbreviated version of the copy running-config startup-config command? cop r s