some cisco commands I usually set on switches:
Only on two: spanning-tree vlan 1-4096 root primary|secondary
service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption clock timezone MET 1 clock summer-time MEST recurring last Sun Mar 2:00 last Sun Oct 3:00 system mtu routing 1500 vtp mode client vtp password ASECRET spanning-tree pathcost method long spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id spanning-tree portfast default spanning-tree portfast bpduguard default no ip http server no ip http secure-server ip sla enable reaction-alerts logging trap debugging logging 1.2.3.4 snmp-server community public RO snmp-server contact EMAIL snmp-server location room, city, country ntp server 1.2.3.4 mac address-table aging-time 14400 archive log config logging enable notify syslog contenttype plaintext hidekeys
spanning-tree guard root switchport access vlan 41 switchport mode access switchport block multicast switchport block unicastupdating IOS: archive download-sw /leave-old-sw tftp://1.2.3.4/c2960-lanbasek9-tar.150-2.SE4.tar