22 May 2009

Basic ISR Configuration

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
ip subnet-zero
no ip source-route
no ip gratuitous-arps
no ip bootp server
no ip domain-lookup
no service udp-small-servers
no service tcp-small-servers
no ip http server
no ip icmp redirect
no service finger
no ip finger
no ip identd
!
interface fastEthernet 0/0
no mop enabled
no ip unreachables
no ip redirects
no ip mask-reply
no ip directed-broadcast
no ip proxy-arp
exi
!
banner motd k

Authorized Access only!!!

k
!
security authentication failure rate 10 log
enable secret <>
username <> secret <>
login block-for 100 attempts 2 within 100
login quiet-mode access-class 1
login on-failure log
login delay 2
!
hostname <>
ip domain-name <>
crypto key generate rsa general-keys modulus 1024
ip ssh time-out 60
ip ssh version 2
ip ssh authentication-retries 2
!
logging trap warnings
logging buffered warnings
logging origin-id hostname
logging on
!
ip nat inside source list <> interface <> overload
!
snmp-server community monitor-in ro 55
!
access-list 55 remark >>SNMP ACCESS<<
access-list 55 permit host 192.168.10.10
access-list 55 deny any log
!
access-list 1 remark >>MANAGEMENT ACCESS<<
access-list 1 permit 192.168.1.42
access-list 1 deny any log
!
line con 0
logging synchronous
login local
no modem enable
line aux 0
exec-timeout 0 0
line vty 0 4
access-class 1 in
logging synchronous
login local
transport input ssh
exit
!

DHCP

ip dhcp excluded-address 192.168.22.1 192.168.22.32
!
ip dhcp pool inside
network 192.168.22.0 255.255.255.0
default-router 192.168.22.1
option 150 ip 192.168.22.1
dns-server 192.168.1.252 213.130.16.3
netbios-name-server 192.168.1.252 192.168.1.253
domain-name <>
!

NTP

clock timezone EET 2
clock summer-time EEST recurring last Sun Mar 4:00 last Sun Oct 4:00
!
ntp master 5
ntp authentication-key 1 md5 <>
ntp peer <> version 3 key 1
ntp source loopback 1
access-list 54 remark >>NTP ACCESS<<
access-list 54 permit 192.168.0.0 0.0.255.255
access-list 54 deny any log
ntp access-group serve-only 54
------------------------------------------
clock timezone EET 2
clock summer-time EEST recurring last Sun Mar 4:00 last Sun Oct 4:00
ntp authentication-key 1 md5 <>
ntp trusted-key 1
ntp server 192.168.10.11 version 3
access-list 53 remark >>NTP ACCESS<<
access-list 53 permit host 192.168.10.12
access-list 53 deny any log
ntp access-group peer 53
!
at 2:03 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)