Helpful Cisco Router commands


set the telnet and enable passwords

line vty 0 4
 login
 password "telnet password"
 exec-timeout 60 0
 transport input telnet
exit

enable secret "enable password"
no enable password



set the services to sane levels

service password-encryption
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service tcp-small-servers
no service udp-small-servers
no ip bootp server
no ip finger
no ip http server
no ip source-route
ip classless
ip subnet-zero



every interface should have

int eth0
 no ip directed-broadcast
 no ip mroute-cache
exit



setup the timezone

clock timezone MST -7
clock summer-time MDT recurring

    OR

clock timezone PST -8
clock summer-time PDT recurring



access-list
if you want useful logs, end each of your access lists with this:

access-list 102 deny udp any gt 0 any gt 0 log
access-list 102 deny tcp any gt 0 any gt 0 log
access-list 102 deny ip any any



decide how to deal with DNS client config on the router

no ip domain-lookup

    OR

ip domain-name firstlink.com
ip name-server 66.37.143.12
ip name-server 66.37.141.42

    OR

ip domain-name yourdomain.com
ip name-server your.DNS.server.address




set the default route to the next router or interface upstream
This is usually the ISP router, or corporate router

ip route 0.0.0.0 0.0.0.0 192.168.253.1 250
    OR
ip route 0.0.0.0 0.0.0.0 serial0/0.16 250
    OR



setup logging
no logging console
logging 66.37.143.66 [or a more appropriate log server]
logging buffered 40960 informational
logging facility local7
logging monitor informational
logging source-interface eth0 [or whatever interface has a "well known" address]




setup NTP as needed. Pick three NTP servers from the list below

ntp server 130.207.244.240
ntp server 131.216.1.218
ntp server 140.142.16.34
ntp server 192.5.41.40
ntp server 192.5.41.41
ntp server 204.34.198.40
ntp server 209.38.13.254
ntp update-calendar


routers make great NTP servers!

ntp master 3



Frame Relay setup on CPE

interface Serial0
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay IETF
 no ip route-cache
!
service-module t1 clock source line
service-module t1 framing esf
service-module t1 linecode b8zs
service-module t1 lbo none
service-module t1 timeslots 1-4          ! 256K
!
interface Serial0.16 point-to-point
 description 24/YGGA/002244
 ip address 192.168.253.94 255.255.255.252
 no ip directed-broadcast
 no ip route-cache
 frame-relay interface-dlci 16 protocol ip 192.168.253.93
setup NAT/PAT for one address
The following will setup PAT and translate any host connected on, or behind fastethernet0, with IP address 10.10.199.*, to 66.37.129.153. This setup is useful for outgoing traffic, but does not allow generic incoming traffic. 
access-list 10 permit 10.10.199.0 0.0.0.255
ip nat pool SOMENAME 66.37.129.153 66.37.129.153 netmask 255.255.255.252
ip nat inside source list 10 pool SOMENAME overload
int serial0.16
ip nat outside
int fast0
ip nat inside
setup static NAT 
ip nat inside source static 10.10.199.2 66.37.129.152 no-alias
OSPF 
router ospf 100
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
 redistribute static subnets
 default-information originate {always}
!
Troubleshooting commands 
show ip route
show ip access-lists
show ip access-list #
show ip inspect name NAME
show ip inspect session -- current sessions
show ip inspect all -- both of above
show ip ospf neighbors
show processes cpu sorted
show processes memory sorted