Standaard Cisco config

Gebaseerd op de Cisco Guide to Harden Cisco IOS Devices.

! Cisco Guide to Harden Cisco IOS Devices
! Enhanced Password Security
aaa new-model
aaa authentication login default local
username MyUsername secret MyPassword
enable secret MyPassword
! Disable Unused Services
no ip bootp server
ip dhcp bootp ignore
no mop enabled
no ip domain-lookup
no service pad
no ip http server
no ip http secure-server
no cdp run
no lldp run global
! Keepalives for TCP Sessions
service tcp-keepalive-in
service tcp-keepalive-out
! Network Time Protocol
clock timezone WET 1
clock summer-time WEST recurring last Sun Mar 3:00 last Sun Oct 2:00
ntp server
! Limit Access
ip access-list standard RemoteAccess
 deny any log
line vty 0 4
 access-class RemoteAccess in
! Set hostname and domain name
hostname myrouter
ip domain-name mydomain
! Encrypting Management Sessions
crypto key generate rsa general-keys modulus 1024
line vty 0 4
 transport input ssh
! Warning Banners
banner login )

Unauthorized access prohibited.

banner motd )

Unauthorized access prohibited.

! SNMP Community Strings
snmp-server community MyCommunity RO RemoteAccess
snmp-server ifindex persist
snmp-server contact
! Logging
logging buffered 16384
! Configure Logging Timestamps
service timestamps debug datetime msec show-timezone
service timestamps log datetime msec show-timezone
! Exclusive Configuration Change Access
configuration mode exclusive auto
! Configuration Change Notification and Logging
 log config
  logging enable
  notify syslog contenttype plaintext