Configuration Examples

This appendix consolidates many of the concepts presented in this book into example router configurations that can be used as templates for your Cisco routers. While these examples don’t include all possible configurations, they do include the most common security configurations for both small and large organizations. The examples are created so you can type all commands directly into your router. They will be slightly different than a show running-config because of IOS version differences and command line differences | Page 149 Friday February 15 2002 2 52 PM APPENDIX D Configuration Examples This appendix consolidates many of the concepts presented in this book into example router configurations that can be used as templates for your Cisco routers. While these examples don t include all possible configurations they do include the most common security configurations for both small and large organizations. The examples are created so you can type all commands directly into your router. They will be slightly different than a show running-config because of IOS version differences and command line differences. Basic Example Configuration This is a basic secure configuration that you might find at an organization with a small network with few routers and few administrators. In addition to standard security settings this configuration will Disable all unneeded services. This configuration doesn t use HTTP SNMP TFTP CDP etc. Configure the router to use an external NTP server to set its time while peering with two other routers and . NTP is configured to use authentication and to serve only clients on the internal network. Configure logging to log to the syslog server . Enable an external interface Serial 0 0 that has antispoofing ACL applied to it. This interface uses BGP with authentication as its routing protocol. Enable an internal interface Fast Ethernet 0 0 that has been configured to use RIP v2 with authentication as its routing protocol. Configure console access to use a line password for authentication. Disable AUX access. Restrict VTY access to the IP and configure it to use only SSH Enable password encryption 149 Page 150 Friday February 15 2002 2 52 PM service password-encryption Set the privileged level password enable secret SecretEnablePassword Disable Global services protocols no service udp-small-servers no service tcp-small-servers no service finger no service pad no service config no boot network no cdp run