Cisco

Last Updated: May 29, 2019

Tips

hostname <name>
service password-encryption
enable secret <password>
ntp server <server-ip>
no cdp run                         # Unnecessary traffic if you don't need it.
no spanning-tree vlan 1            # Makes the switch ports load faster.
no ip domain-lookup                # Disables the Translating "<command>"...domain server (255.255.255.255) message when you get a command wrong.
lldp run                           # LLDP is off by default on some devices.
no ip http server                  # Disable web server
no ip http secure-server           # Disable web server

SNMPv2

This is pretty simple all you need to do is set these options.

Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#snmp-server community <communitystring> RO
Switch(config)#snmp-server location <location>
Switch(config)#snmp-server contact <contact>

Replace the stuff in brackets with your configuration. Also if you want read and write access replace RO with RW.

LACP / Port-channel

interface Port-channel1
 description Trunk to Switch
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/1
 description to CS3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast disable
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet1/0/2
 description to CS3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast disable
 channel-protocol lacp
 channel-group 1 mode active
!

802.1x

Useful Commands

show dot1x all summary  // Shows port status

show authentication sessions interface gi 1/0/6  // Shows logged in session

Multi-auth notes

multi-auth — Multi authentication allows one authentication on a voice VLAN and multiple authentications on the data VLAN. (Use this if you have an unmanaged switch in between).

multi-domain — Multi domain authentication allows two authentications: one on the voice VLAN and one on the data VLAN.

multi-host - Multiple hosts are allowed on an 802.1X-authorized port after a authenticating a single host.

Sample Config

Port

description "Port Name"
switchport access vlan 100
switchport mode access
switchport nonegotiate
switchport voice vlan 105
trust device cisco-phone
authentication event no-response action authorize vlan 1
authentication event server dead action authorize
authentication event server dead action authorize voice
authentication host-mode multi-domain
authentication order dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate 70
authentication violation protect
mab
dot1x pae authenticator
dot1x timeout tx-period 15
spanning-tree portfast
spannning-tree bdpuguard enable

System

aaa authentication login default group radius
aaa authentication dot1x default group radius
aaa authorization exec default group radius
aaa authorization network default group radius

radius-server host 10.0.0.2 auth-port 1812 acct-port 1813 timeout 3 retransmit 2 key <secret>
radius-server host 10.0.0.3 auth-port 1812 acct-port 1813 timeout 3 retransmit 2 key <secret>
radius-server load-balance method least-outstanding ignore-preferred-server

Tips​

SNMPv2​

LACP / Port-channel​

802.1x​

Useful Commands​

Multi-auth notes​

Sample Config​

Port​

System​