Device Configs

LAB‎ > ‎

Device Configs

The following represent the initial common configurations for both routers and switches.

=================routers==================

Enable secret cisco

no service pad

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

no service udp-small-servers

no service tcp-small-servers

service password-encryption

logging source-interface Loopback0

logging buffered 51200 debugging

logging 192.168.42.134

logging 192.168.42.121

ip domain-name cisco-irn.com

ip name-server 192.168.42.130

!********************************** STOP **********************************

! when generating the key use a 1024 bit key genration NOT the default 512

Crypto key generate rsa

!*************************************************************************

clock timezone PST -8

clock summer-time PSTDST recurring

ip subnet-zero

tacacs-server host 192.168.42.131

tacacs-server domain-stripping

tacacs-server key retailpci

no tacacs-server directed-request

ip ssh time-out 120

ip ssh authentication-retries 3

ip tacacs source-interface Loopback0

aaa new-model

aaa authentication login RETAIL group tacacs+ local

aaa authentication login RLOCAL local group tacacs+

aaa authentication enable default enable group tacacs+

aaa authorization exec default group tacacs+ if-authenticated

aaa accounting update newinfo

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

aaa session-id common

username cisco privilege 15 secret 5 $1$8m53$8s/ApFhHQPMBkbrNh9xhe1

router ospf 5

log-adjacency-changes

router-id (Loopback0 IP Address)

passive-interface default

ip http server

ip http access-class 23

ip http authentication RETAIL

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip classless

line con 0

exec-timeout 60 0

privilege level 15

line vty 0 4

no privilege level 15

access-class 23 in

exec-timeout 60 0

logging synchronous

transport input ssh

line vty 5 15

no privilege level 15

access-class 23 in

exec-timeout 60 0

logging synchronous

transport input ssh

scheduler allocate 20000 1000

ntp source Loopback0

ntp server 192.168.62.161

ntp server 192.168.62.162

access-list 23 permit 192.168.42.0 0.0.0.255

access-list 23 deny any log

access-list 88 permit 192.168.42.0 0.0.0.255

access-list 88 deny any log

snmp-server community ciscopublic RO 88

snmp-server community ciscoprivate RW 88

snmp-server trap-source Loopback0 !if Defined

snmp-server packetsize 8192

snmp-server trap-source Loopback0

snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

snmp-server enable traps snmp

snmp-server enable traps hsrp

snmp-server enable traps config

snmp-server enable traps entity

snmp-server enable traps rsvp

snmp-server enable traps frame-relay

snmp-server enable traps rtr

snmp-server host 192.168.42.134 retaillab

snmp-server host 192.168.42.134 version 3 priv causer

banner exec @

WARNING:

**** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail ****

**** AUTHORIZED USERS ONLY! ****

ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT

TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY

TO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER

REPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT

FURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER

CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW

ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.

UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.

banner incoming @