Cisco Router and Switch Configuration

21 August 2023 · Updated 29 September 2025

Notes from the time I replaced a dead Ubiquiti EdgeRouter X at home with a spare Cisco 2800 Series router and a Cisco Catalyst 2960 PoE switch. Back to the late 2000s enterprise feel, with a very much not-silent fan.

Passwords below are shown as placeholders. Replace with your own.

Router configuration

Enter global config

enable
configure terminal

Turn off the DNS lookup on typos, which otherwise hangs the console for seconds at a time:

no ip domain lookup

Passwords and console access

Set a minimum length, encrypt stored passwords, and set the enable / console / VTY passwords from global config:

security passwords min-length 8
service password-encryption

enable secret <enable-password>

line vty 0 4
  password <vty-password>
  login
line con 0
  password <console-password>
  login

WAN interface

FastEthernet 0/0 as the WAN side, pulling an address via DHCP from the upstream modem:

interface FastEthernet0/0
  description wan
  ip address dhcp
  ip nat outside
  ip virtual-reassembly
  load-interval 30
  bandwidth 100000
  bandwidth receive 40000
  no shutdown

LAN interface

FastEthernet 0/1 as the LAN side with the router’s internal address:

interface FastEthernet0/1
  description lan
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  no shutdown

NAT and default route

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface FastEthernet0/0 overload

Port forwarding

Example: forward TCP 3000 inbound on the WAN to an internal host on the LAN:

ip nat inside source static tcp 192.168.1.194 3000 interface FastEthernet0/0 3000

Switch configuration

Catalyst 2960 running IOS 12.2 with default VLAN 1 shut down, passwords set, HTTP and HTTPS management enabled, and its default gateway pointed at the router’s LAN address. Relevant trimmed config:

hostname Switch
!
enable secret <enable-secret>
!
no ip domain-lookup
!
interface Vlan1
 no ip address
 shutdown
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
!
line con 0
 password <console-password>
 login
line vty 0 4
 password <vty-password>
 login
line vty 5 15
 login

Ports FastEthernet 0/1 through 0/24 and GigabitEthernet 0/1 and 0/2 stay on defaults. Anything customised beyond that (VLANs, trunking, port-channels) goes per-interface.

Packet Tracer

I also rebuilt this lab in Packet Tracer as a reference (Packet Tracer on Arch Linux) — useful for testing config changes without risking the actual home network.

Further reading