Helpful Cisco Router commands

set the telnet and enable passwords
line vty 0 4 login password "telnet password" exec-timeout 60 0 transport input telnet exit enable secret "enable password" no enable password

set the services to sane levels
service password-encryption service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone no service tcp-small-servers no service udp-small-servers no ip bootp server no ip finger no ip http server no ip source-route ip classless ip subnet-zero

every interface should have
int eth0 no ip directed-broadcast no ip mroute-cache exit

setup the timezone
clock timezone MST -7 clock summer-time MDT recurring OR clock timezone PST -8 clock summer-time PDT recurring

if you want useful logs, end each of your access lists with this:
access-list 102 deny udp any gt 0 any gt 0 log
access-list 102 deny tcp any gt 0 any gt 0 log
access-list 102 deny ip any any

decide how to deal with DNS client config on the router
no ip domain-lookup OR ip domain-name ip name-server ip name-server OR ip domain-name ip name-server your.DNS.server.address

set the default route to the next router or interface upstream
This is usually the ISP router, or corporate router
ip route 250 OR ip route serial0/0.16 250 OR

setup logging
no logging console
logging [or a more appropriate log server]
logging buffered 40960 informational
logging facility local7
logging monitor informational
logging source-interface eth0 [or whatever interface has a "well known" address]

setup NTP as needed. Pick three NTP servers from the list below
ntp server ntp server ntp server ntp server ntp server ntp server ntp server ntp update-calendar routers make great NTP servers!
ntp master 3

Frame Relay setup on CPE
interface Serial0 no ip address no ip directed-broadcast encapsulation frame-relay IETF no ip route-cache ! service-module t1 clock source line service-module t1 framing esf service-module t1 linecode b8zs service-module t1 lbo none service-module t1 timeslots 1-4 ! 256K ! interface Serial0.16 point-to-point description 24/YGGA/002244 ip address no ip directed-broadcast no ip route-cache frame-relay interface-dlci 16 protocol ip
setup NAT/PAT for one address
The following will setup PAT and translate any host connected on, or behind fastethernet0, with IP address 10.10.199.*, to This setup is useful for outgoing traffic, but does not allow generic incoming traffic.
access-list 10 permit
ip nat pool SOMENAME netmask
ip nat inside source list 10 pool SOMENAME overload
int serial0.16
ip nat outside
int fast0
ip nat inside

setup static NAT
ip nat inside source static no-alias

router ospf 100
 network area 0
 redistribute static subnets
 default-information originate {always}
Troubleshooting commands
show ip route
show ip access-lists
show ip access-list #
show ip inspect name NAME
show ip inspect session -- current sessions
show ip inspect all -- both of above
show ip ospf neighbors
show processes cpu sorted
show processes memory sorted