LAB‎ > ‎

Device Configs

The following represent the initial common configurations for both routers and switches.



=================routers==================
Enable secret cisco
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service udp-small-servers
no service tcp-small-servers
service password-encryption
!
logging source-interface Loopback0
logging buffered 51200 debugging
logging 192.168.42.134
logging 192.168.42.121
!
ip domain-name cisco-irn.com
ip name-server 192.168.42.130
!
!
!********************************** STOP **********************************
! when generating the key use a 1024 bit key genration NOT the default 512
!
Crypto key generate rsa 
!
!*************************************************************************
!
clock timezone PST -8
clock summer-time PSTDST recurring
ip subnet-zero
!
tacacs-server host 192.168.42.131
tacacs-server domain-stripping
tacacs-server key retailpci
no tacacs-server directed-request
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
ip tacacs source-interface Loopback0
!
aaa new-model
aaa authentication login RETAIL group tacacs+ local
aaa authentication login RLOCAL local group tacacs+
aaa authentication enable default enable group tacacs+
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
!
username cisco privilege 15 secret 5 $1$8m53$8s/ApFhHQPMBkbrNh9xhe1
!
router ospf 5
 log-adjacency-changes
 router-id (Loopback0 IP Address)
 passive-interface default
!
ip http server
ip http access-class 23
ip http authentication RETAIL
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!

ip classless
!
line con 0
 exec-timeout 60 0
 login authentication RLOCAL
 privilege level 15
!
line vty 0 4
 login authentication RETAIL
 no  privilege level 15
 access-class 23 in
 exec-timeout 60 0
 logging synchronous
 transport input ssh
!
line vty 5 15
 login authentication RETAIL
 no  privilege level 15
 access-class 23 in
 exec-timeout 60 0
 logging synchronous
 transport input ssh
!
scheduler allocate 20000 1000
!
ntp source Loopback0
ntp server 192.168.62.161
ntp server 192.168.62.162
!
access-list 23 permit 192.168.42.0 0.0.0.255
access-list 23 deny   any log

access-list 88 permit 192.168.42.0 0.0.0.255
access-list 88 deny   any log
!
snmp-server community ciscopublic RO 88
snmp-server community ciscoprivate RW 88
snmp-server trap-source Loopback0  !if Defined
snmp-server packetsize 8192
snmp-server trap-source Loopback0
snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server enable traps snmp
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps rsvp
snmp-server enable traps frame-relay
snmp-server enable traps rtr
snmp-server host 192.168.42.134 retaillab
snmp-server host 192.168.42.134 version 3 priv causer



banner exec @
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail ****
                    **** AUTHORIZED USERS ONLY! ****

ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.        

UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
@

banner incoming  @
WARNING:  
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail ****
                    **** AUTHORIZED USERS ONLY! ****

ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.        

UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
@

banner login @
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
@

===============/routers===============

=======Switches=======================
Enable secret cisco
ip domain-name cisco-irn.com
ip name-server 192.168.42.130

no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service udp-small-servers
no service tcp-small-servers
service password-encryption

!
logging source-interface Vlan1000
logging buffered 51200 debugging
logging 192.168.42.134
logging 192.168.42.121
!
clock timezone PST -8
clock summer-time PSTDST recurring
ip subnet-zero
!
tacacs-server host 192.168.42.131
tacacs-server key retailpci
no tacacs-server directed-request
!
ip tacacs source-interface Vlan1000
!

username cisco privilege 15 secret cisco

!
aaa new-model
aaa authentication login RETAIL group tacacs+ local
aaa authentication login RLOCAL local group tacacs+
aaa authentication enable default enable group tacacs+
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
ip http server
ip http access-class 23
ip http authentication aaa login-authentication RETAIL
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip classless
!
line con 0
 exec-timeout 60 0
 login authentication RLOCAL
 privilege level 15
!
line vty 0 4
 login authentication RETAIL
 no  privilege level 15
 access-class 23 in
 exec-timeout 60 0
 logging synchronous
 transport input ssh
!
line vty 5 15
 login authentication RETAIL
 no  privilege level 15
 access-class 23 in
 exec-timeout 60 0
 logging synchronous
 transport input ssh
!
scheduler allocate 20000 1000
!
ntp source Vlan1000
ntp server 192.168.0.1
ntp server 192.168.62.161 pre
ntp server 192.168.62.162
ntp server 192.168.42.130
!
access-list 23 permit 192.168.42.0 0.0.0.255
access-list 23 deny   any log

access-list 88 permit 192.168.42.0 0.0.0.255
access-list 88 deny   any log
!
snmp-server community ciscopublic RO 88
snmp-server community ciscoprivate RW 88
snmp-server packetsize 8192
snmp-server trap-source vlan1000
snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server enable traps snmp
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps rtr
snmp-server host 192.168.42.134 retaillab
snmp-server host 192.168.42.134 version 3 priv causer


banner exec @
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail ****
                    **** AUTHORIZED USERS ONLY! ****

ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.        

UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
@

banner incoming  @
WARNING:  
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail ****
                    **** AUTHORIZED USERS ONLY! ****

ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.        

UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
@

banner login @
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
@


==================/switches==================