Standard configuration of an access layer switch (Cisco)

Over the years I have developed a number of parameters that needs to be configured on the Cisco switch. See below the features that you should consider to be enable or configured on the switch:

1. logging synchronous – this feature allows your commands not to be interrupted by syslog messages because it can be annoying when you are typing a command and in the middle of it, you get a syslog message which breaks your command line.
2. service password-encryption – this feature enables your system password to be encrypted with MD5 hash which is usually stored in the startup or running configuration file as clear text. This helps to add another layer of security for on-lookers. Although the MD5 hash password is easily reversible using google search, alteast it is not easily readable with just a glance. Note: this only encrypts password for the commands enable password, line vty and console passwords. Enable secret uses an irreversible encryption.
3. enable secret – it is best to use this privilege mode password command than using enable password since it is more secure and the password is encrypted which is irreversible as mentioned in previous point.
4. vtp mode transparent – although VLAN Trunking Protocol (VTP) is a great way of managing the vlan database for multiples switch, it can pose a problem if anything goes wrong with misconfiguration from any switches that is apart of the VTP domain.  It is also cisco’s best practice to convert all switches to transparent mode and manually manage the vlan  individually on each switches which will leave no room for error. This error can in fact cause a network outage that will take hours to reconfigure depending on the scale of your LAN.
5. transport input ssh – it is good practice to secure your connection to your switches using ssh as it prevent persons from using tools such as wireshark to get password information for protocol (telnet) which send username and password in clear text. SSH encrypts the username and password in transit from source to device. this feature can be applied at the line vty port.

As I go along, I will update this article to reflect more parameters to configure on a network device for the best performance and security.