The following represent the initial common configurations for both routers and switches. =================routers================== Enable secret cisco no service pad service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone no service udp-small-servers no service tcp-small-servers service password-encryption ! logging source-interface Loopback0 logging buffered 51200 debugging logging 192.168.42.134 logging 192.168.42.121 ! ip domain-name cisco-irn.com ip name-server 192.168.42.130 ! ! !********************************** STOP ********************************** ! when generating the key use a 1024 bit key genration NOT the default 512 ! Crypto key generate rsa ! !************************************************************************* ! clock timezone PST -8 clock summer-time PSTDST recurring ip subnet-zero ! tacacs-server host 192.168.42.131 tacacs-server domain-stripping tacacs-server key retailpci no tacacs-server directed-request ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ip tacacs source-interface Loopback0 ! aaa new-model aaa authentication login RETAIL group tacacs+ local aaa authentication login RLOCAL local group tacacs+ aaa authentication enable default enable group tacacs+ aaa authorization exec default group tacacs+ if-authenticated aaa accounting update newinfo aaa accounting exec default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting system default start-stop group tacacs+ aaa session-id common ! username cisco privilege 15 secret 5 $1$8m53$8s/ApFhHQPMBkbrNh9xhe1 ! router ospf 5 log-adjacency-changes router-id (Loopback0 IP Address) passive-interface default ! ip http server ip http access-class 23 ip http authentication RETAIL ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip classless ! line con 0 exec-timeout 60 0 login authentication RLOCAL privilege level 15 ! line vty 0 4 login authentication RETAIL no privilege level 15 access-class 23 in exec-timeout 60 0 logging synchronous transport input ssh ! line vty 5 15 login authentication RETAIL no privilege level 15 access-class 23 in exec-timeout 60 0 logging synchronous transport input ssh ! scheduler allocate 20000 1000 ! ntp source Loopback0 ntp server 192.168.62.161 ntp server 192.168.62.162 ! access-list 23 permit 192.168.42.0 0.0.0.255 access-list 23 deny any log access-list 88 permit 192.168.42.0 0.0.0.255 access-list 88 deny any log ! snmp-server community ciscopublic RO 88 snmp-server community ciscoprivate RW 88 snmp-server trap-source Loopback0 !if Defined snmp-server packetsize 8192 snmp-server trap-source Loopback0 snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX snmp-server enable traps snmp snmp-server enable traps hsrp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps rsvp snmp-server enable traps frame-relay snmp-server enable traps rtr snmp-server host 192.168.42.134 retaillab snmp-server host 192.168.42.134 version 3 priv causer banner exec @ WARNING: **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail **** **** AUTHORIZED USERS ONLY! **** ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY TO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER REPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT FURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS. @ banner incoming @ WARNING: **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail **** **** AUTHORIZED USERS ONLY! **** ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY TO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER REPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT FURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS. @ banner login @ WARNING: THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY! @ ===============/routers=============== =======Switches======================= Enable secret cisco ip domain-name cisco-irn.com ip name-server 192.168.42.130 no service pad service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone no service udp-small-servers no service tcp-small-servers service password-encryption ! logging source-interface Vlan1000 logging buffered 51200 debugging logging 192.168.42.134 logging 192.168.42.121 ! clock timezone PST -8 clock summer-time PSTDST recurring ip subnet-zero ! tacacs-server host 192.168.42.131 tacacs-server key retailpci no tacacs-server directed-request ! ip tacacs source-interface Vlan1000 ! username cisco privilege 15 secret cisco ! aaa new-model aaa authentication login RETAIL group tacacs+ local aaa authentication login RLOCAL local group tacacs+ aaa authentication enable default enable group tacacs+ aaa authorization exec default group tacacs+ if-authenticated aaa accounting update newinfo aaa accounting exec default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting system default start-stop group tacacs+ ! ip http server ip http access-class 23 ip http authentication aaa login-authentication RETAIL ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip classless ! line con 0 exec-timeout 60 0 login authentication RLOCAL privilege level 15 ! line vty 0 4 login authentication RETAIL no privilege level 15 access-class 23 in exec-timeout 60 0 logging synchronous transport input ssh ! line vty 5 15 login authentication RETAIL no privilege level 15 access-class 23 in exec-timeout 60 0 logging synchronous transport input ssh ! scheduler allocate 20000 1000 ! ntp source Vlan1000 ntp server 192.168.0.1 ntp server 192.168.62.161 pre ntp server 192.168.62.162 ntp server 192.168.42.130 ! access-list 23 permit 192.168.42.0 0.0.0.255 access-list 23 deny any log access-list 88 permit 192.168.42.0 0.0.0.255 access-list 88 deny any log ! snmp-server community ciscopublic RO 88 snmp-server community ciscoprivate RW 88 snmp-server packetsize 8192 snmp-server trap-source vlan1000 snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX snmp-server enable traps snmp snmp-server enable traps hsrp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps rtr snmp-server host 192.168.42.134 retaillab snmp-server host 192.168.42.134 version 3 priv causer banner exec @ WARNING: **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail **** **** AUTHORIZED USERS ONLY! **** ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY TO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER REPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT FURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS. @ banner incoming @ WARNING: **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail **** **** AUTHORIZED USERS ONLY! **** ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY TO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER REPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT FURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS. @ banner login @ WARNING: THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY! @ ==================/switches================== |
LAB >