Hostnames must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens. Names must be 63 characters or fewer. If you establish sessions to multiple devices, the hostname helps you keep track of where you enter commands. Creating an all numeric hostname is not recommended but the name will be accepted after an error is returned.
To provide an additional layer of security, particularly for passwords that cross the network, this allow you to establish an encrypted password that users must enter to access enable mode (the default), or any privilege level you specify.Service timestamps command
To configure the system to apply a time stamp to debugging messages or system logging messages, use the service timestamps command in global configuration mode.
no ip domain-lookup
By default, when a command in user or enable mode is entered into a router and this command is not recognized, the router believes that this is the host name of a device that the user is attempting to reach using telnet. Therefore, the router tries to resolve the unrecognized command into an IP address by doing an IP domain lookup.
When you enable aaa new-model then the default for authentication becomes local – and this generates the prompt for a user name, and will check the entered user name against any locally configured user names and passwords.
Username xxx secret xxx
Use the username command in global configuration mode to establish a username-based authentication system.
use the login authentication command in line configuration mode to enable authentication, authorization, and accounting (AAA) authentication for logins.
Restricting VTY Access by Protocol
By default, Cisco routers will allow VTY access via other protocols besides Telnet. To be safe, disable all unused protocols from accessing from VTYs. This will prevent anybody from gaining VTY access through one of these other protocols. In Ex. only allowed telnet and SSH protocols.
lat – Enables Digital LAT protocol connections
mop – Enables Maintenance Operation Protocol (MOP) transport
nasi – Enables NetWare Access Servers Interface (NASI) transport
none – Disables all input protocols
pad – Enables X.3 PAD connections
rlogin – Enables the Unix rlogin protocol
ssh – Enables the Secure Shell (SSHv1) protocol
telnet – Enables inbound Telnet connections
v120 – Enables the V.120 protocol
Login banners are mainly used to display a warning message for security purposes. Although a banner alone will not repel the crafty hacker, it will provide a certain level of legal protection. If unauthorized users suspect that organization is serious about legal action, then they are less likely to target devices.
To set the time zone for display purposes, use the clock timezone global configuration command.
To allow the software clock to be synchronized by a Network Time Protocol (NTP) time server, use the ntp server command in global configuration mode.