Standaard Cisco config

Gebaseerd op de Cisco Guide to Harden Cisco IOS Devices.

! Cisco Guide to Harden Cisco IOS Devices
!
! Enhanced Password Security
aaa new-model
aaa authentication login default local
username MyUsername secret MyPassword
enable secret MyPassword
!
! Disable Unused Services
no ip bootp server
ip dhcp bootp ignore
no mop enabled
no ip domain-lookup
no service pad
no ip http server
no ip http secure-server
no cdp run
no lldp run global
!
! Keepalives for TCP Sessions
service tcp-keepalive-in
service tcp-keepalive-out
!
! Network Time Protocol
clock timezone WET 1
clock summer-time WEST recurring last Sun Mar 3:00 last Sun Oct 2:00
ntp server 83.98.201.133
!
! Limit Access
ip access-list standard RemoteAccess
 permit 192.168.100.0 0.0.0.255
 deny any log
!
line vty 0 4
 access-class RemoteAccess in
!
! Set hostname and domain name
hostname myrouter
ip domain-name mydomain
!
! Encrypting Management Sessions
crypto key generate rsa general-keys modulus 1024
line vty 0 4
 transport input ssh
!
! Warning Banners
banner login )

Unauthorized access prohibited.

)
banner motd )

Unauthorized access prohibited.

)
!
! SNMP Community Strings
snmp-server community MyCommunity RO RemoteAccess
snmp-server ifindex persist
snmp-server contact user@example.com
!
! Logging
logging buffered 16384
!
! Configure Logging Timestamps
service timestamps debug datetime msec show-timezone
service timestamps log datetime msec show-timezone
!
! Exclusive Configuration Change Access
configuration mode exclusive auto
!
! Configuration Change Notification and Logging
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
!