Tired of putting the same commands into every switch you take out of the box? Well I was too...
I have configured 100's of switches from scratch (surely close to 1000 by now) and since they all have many of the same configs, I created a "Switch Basic Configuration" template. I had to block out the confidentials, but once you have a template like this, it makes your whole life easier and you don't have to worry about forgetting things. (Also works on routers, only you'll get a couple unrecognized command errors, which can be ignored.)
!
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
logging buffered 16384 informational
!
clock timezone MST -7
clock summer-time MDT recurring
system mtu routing 1500
vtp mode transparent
ip subnet-zero
no ip domain-lookup
!
hostname ########
enable secret ##########
username ############## privilege 15 secret ############
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan #####
name ######
exit
snmp-server community ######## RO
snmp-server community ######## RW
!
line con 0
exec-timeout 30 0
privilege level 15
password #########
login local
logging synch
line vty 0 4
session-timeout 30
privilege level 15
password #########
login local
logging synch
line vty 5 15
session-timeout 30
privilege level 15
password #########
login local
logging synch
!
ntp server XX.XX.XX.XXX
!
end
!
After testing, then here's the one for adding RADIUS (again, minus the confidentials, of course)
!
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius none
aaa authorization console
!
snmp-server community ######### RO
snmp-server community ######### RW
snmp-server enable traps license
radius-server dead-criteria time 5 tries 2
radius-server host XX.XX.XX.XXX auth-port 1645 acct-port 1646 key **************************
radius-server host XX.XX.XX.XXX auth-port 1645 acct-port 1646 key **************************
radius-server source-ports 1645-1646
radius-server retransmit 2
radius-server timeout 2
!
banner motd ^
****************************************************************
* This computer system is the property of ##### and may be *
* accessed only by authorized users. Unauthorized use of this *
* system is strictly prohibited and may be subject to criminal *
* prosecution. ##### reserves the right to monitor any *
* activity or communication on the system and may retrieve any *
* information stored within the system. By accessing and using *
* this system, you are consenting to such monitoring and *
* information retrieval for law enforcement and other purposes.*
* Users should have no expectation of privacy. *
****************************************************************
^
!
ntp server XX.XX.XX.XXX
!
I have configured 100's of switches from scratch (surely close to 1000 by now) and since they all have many of the same configs, I created a "Switch Basic Configuration" template. I had to block out the confidentials, but once you have a template like this, it makes your whole life easier and you don't have to worry about forgetting things. (Also works on routers, only you'll get a couple unrecognized command errors, which can be ignored.)
!
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
logging buffered 16384 informational
!
clock timezone MST -7
clock summer-time MDT recurring
system mtu routing 1500
vtp mode transparent
ip subnet-zero
no ip domain-lookup
!
hostname ########
enable secret ##########
username ############## privilege 15 secret ############
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan #####
name ######
exit
snmp-server community ######## RO
snmp-server community ######## RW
!
line con 0
exec-timeout 30 0
privilege level 15
password #########
login local
logging synch
line vty 0 4
session-timeout 30
privilege level 15
password #########
login local
logging synch
line vty 5 15
session-timeout 30
privilege level 15
password #########
login local
logging synch
!
ntp server XX.XX.XX.XXX
!
end
!
After testing, then here's the one for adding RADIUS (again, minus the confidentials, of course)
!
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius none
aaa authorization console
!
snmp-server community ######### RO
snmp-server community ######### RW
snmp-server enable traps license
radius-server dead-criteria time 5 tries 2
radius-server host XX.XX.XX.XXX auth-port 1645 acct-port 1646 key **************************
radius-server host XX.XX.XX.XXX auth-port 1645 acct-port 1646 key **************************
radius-server source-ports 1645-1646
radius-server retransmit 2
radius-server timeout 2
!
banner motd ^
****************************************************************
* This computer system is the property of ##### and may be *
* accessed only by authorized users. Unauthorized use of this *
* system is strictly prohibited and may be subject to criminal *
* prosecution. ##### reserves the right to monitor any *
* activity or communication on the system and may retrieve any *
* information stored within the system. By accessing and using *
* this system, you are consenting to such monitoring and *
* information retrieval for law enforcement and other purposes.*
* Users should have no expectation of privacy. *
****************************************************************
^
!
ntp server XX.XX.XX.XXX
!