Cisco - network device commands usage journal for the security lab

cheat-sheet
cisco
security-lab
Tags: #<Tag:0x00007f0cac026f10> #<Tag:0x00007f0cac026b00> #<Tag:0x00007f0cac026650>

#1

I am not a Cisco guy. This usage journal is a personal reference for my security lab work. Please research whether this makes sense for your environment. Do not take these paragraphs as security recommendations, or as a guideline to setup a production environment.


##Summary:

Cisco - network device commands usage journal for the security lab

Set a basic device password and a user-mode password

Connect via serial or cross-over cable. From pre-user mode press Enter.

enable
config t
configure terminal
enable password 123cisco
enable secret cisco123password
show running-config | include enable password

Check for the enable secret line. Make sure the lines don’t contain the password.

Set a router hostname

You want a naming convention.

enable
config t
hostname coolrouter
banner #This router is 0wned by because-security. Tel: 12345678909, [email protected]#
exit

Add IP

config terminal
interface fastethernet 0/0
ip address 10.0.0.1 255.255.255.0
show interface fastethernet 0/0

Check for 10.0.0.1/24 in this case… the f0/0 is administratively down. Also line protocol is also down.

  • administratively down means it’s shut down due to config
  • down means there is something missing
  • up means we have PHY

config t
interface fastethernet 0/0
no shutdown

Check for changed state to up. line proto should be up. duplex and speed are on auto by default.

show interface fastethernet 0/0

It’s up. Cool.

Enable SSH

enable
    config t
       ip domain-name labrouter.local
       username wishi password securePassword
       crypto key generate rsa general-keys modulus 1024
       ip ssh version 2
       line vty 0 4
       login local
       transport input ssh
       exit
exit
running-config startup-config