Cisco IOS // Understanding the Defaults

seen on old Catalyst 2950

Intro

check default configuration

do show running-config

weak password encryption is already disabled

!no service password-encryption

SNMP is not enabled, no need to forcilbly disable it either

!no snmp-server

Subnet-zero

ip subnet-zero

historically allows first .0 and last subnets .255

PVST

spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id

• first line enables per vlan spanning tree
• second line: something that should not even show up
• third line avoids the need for using thousand MACs for Bridge IDs

Keepalive loop

you will notice LOOP packets in wireshark, as keepalive is the default. keep it as such as it is required to determine whether an interface is up or not.

Resources

subnet-zero

What is IP Subnet Zero? - Cisco Articles & Tips https://www.petri.com/csc_ip_subnet_zero

What does ip subnet-zero command do? https://learningnetwork.cisco.com/thread/32136

keepalive

Consquences of “no keepalive” on switch port https://learningnetwork.cisco.com/thread/35077

Error - “%ETHCNTR-3-LOOP_BACK_DETECTED” Catalyst switch that runs Cisco IOS® Software https://community.cisco.com/t5/networking-documents/error-quot-ethcntr-3-loop-back-detected-quot-catalyst-switch/ta-p/3127989

Disabling keepalive in switch https://community.cisco.com/t5/switching/disabling-keepalive-in-switch/td-p/2275311