Standaard Cisco config

Gebaseerd op de Cisco Guide to Harden Cisco IOS Devices.

! Cisco Guide to Harden Cisco IOS Devices
!
! Enhanced Password Security
aaa new-model
aaa authentication login default local
username MyUsername secret MyPassword
enable secret MyPassword
!
! Disable Unused Services
no ip bootp server
ip dhcp bootp ignore
no mop enabled
no ip domain-lookup
no service pad
no ip http server
no ip http secure-server
no cdp run
no lldp run global
!
! Keepalives for TCP Sessions
service tcp-keepalive-in
service tcp-keepalive-out
!
! Network Time Protocol
clock timezone WET 1
clock summer-time WEST recurring last Sun Mar 3:00 last Sun Oct 2:00
ntp server 83.98.201.133
!
! Limit Access
ip access-list standard RemoteAccess
 permit 192.168.100.0 0.0.0.255
 deny any log
!
line vty 0 4
 access-class RemoteAccess in
!
! Set hostname and domain name
hostname myrouter
ip domain-name mydomain
!
! Encrypting Management Sessions
crypto key generate rsa general-keys modulus 1024
line vty 0 4
 transport input ssh
!
! Warning Banners
banner login )

Unauthorized access prohibited.

)
banner motd )

Unauthorized access prohibited.

)
!
! SNMP Community Strings
snmp-server community MyCommunity RO RemoteAccess
snmp-server ifindex persist
snmp-server contact user@example.com
!
! Logging
logging buffered 16384
!
! Configure Logging Timestamps
service timestamps debug datetime msec show-timezone
service timestamps log datetime msec show-timezone
!
! Exclusive Configuration Change Access
configuration mode exclusive auto
!
! Configuration Change Notification and Logging
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
!

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

! Cisco Guide to Harden Cisco IOS Devices

! Enhanced Password Security

aaa new-model

aaa authentication login default local

username MyUsername secret MyPassword

enable secret MyPassword

! Disable Unused Services

no ip bootp server

ip dhcp bootp ignore

no mop enabled

no ip domain-lookup

no service pad

no ip http server

no ip http secure-server

no cdp run

no lldp run global

! Keepalives for TCP Sessions

service tcp-keepalive-in

service tcp-keepalive-out

! Network Time Protocol

clock timezone WET 1

clock summer-time WEST recurring last Sun Mar 3:00 last Sun Oct 2:00

ntp server 83.98.201.133

! Limit Access

ip access-list standard RemoteAccess

permit 192.168.100.0 0.0.0.255

deny any log

line vty 0 4

access-class RemoteAccess in

! Set hostname and domain name

hostname myrouter

ip domain-name mydomain

! Encrypting Management Sessions

crypto key generate rsa general-keys modulus 1024

line vty 0 4

transport input ssh

! Warning Banners

banner login )

Unauthorized access prohibited.

)

banner motd )

Unauthorized access prohibited.

)

! SNMP Community Strings

snmp-server community MyCommunity RO RemoteAccess

snmp-server ifindex persist

snmp-server contact user@example.com

! Logging

logging buffered 16384

! Configure Logging Timestamps

service timestamps debug datetime msec show-timezone

service timestamps log datetime msec show-timezone

! Exclusive Configuration Change Access

configuration mode exclusive auto

! Configuration Change Notification and Logging