This is an old revision of the document!
line console/vty x y exec timeout 0 0 logging synchronous
kako postavis geslo za XY vmesnik:
line console/vty/... login password xxx
General security template:
no service finger no service pad no service udp-small-servers no service tcp-small-servers no service config no service dhcp no service compress-config no ip http server no ip bootp server no ip finger no ip identd no ip source-route service nagle service timestamps debug datetime localtime show-timezone msec service timestamps log datetime localtime show-timezone msec ip spd enable no cdp run
logging buffered 16384 logging trap debugging logging 169.223.10.20 logging console warnings
ip subnet-zero ip classless ! Deal with dead connections gracefully service tcp-keepalives-in service tcp-keepalives-out
! Set time for UK clock timezone GMT 0 clock summer-time BST recurring
! Do not allow packet to specify their own route no ip source-route
! Enable Cisco Express Forwarding technology ip cef
ntp master ntp update-calendar ntp server
no ip domain-lookup ip domain-list domain.org ip domain-list . ip domain-name domain.org
ip name-server 10.0.0.1 ip name-server 10.1.0.1
line con 0 exec-timeout 5 0 password 7 <######> login authentication no_tacacs transport input none line aux 0 exec-timeout 5 0 password 7 <#######> login authentication test modem InOut transport input all stopbits 1 speed 19200 flowcontrol hardware line vty 0 4 exec-timeout 5 0 password 7 <########> login authentication test transport input telnet
General Interface Template:
no ip redirect no ip direct broadcast no ip proxy-arp no ip unreachables ! no ip mask-reply
General Security Template:
service password-encryption enable secret <removed> no enable password
! Limit the amount of ICMP traffic (DDOS protection) rate-limit input access-group 110 2048000 8000 8000 conform-action transmit exceed-action drop
access-list 103 deny tcp any host 10.0.0.1 established
HSRP
Router 1:
interface ethernet 0/0 description Server LAN ip address 169.223.10.1 255.255.255.0 standby 10 ip 169.223.10.254
Router 2:
interface ethernet 0/0 description Service LAN ip address 169.223.10.2 255.255.255.0 standby 10 priority 150 standby 10 preempt standby 10 ip 169.223.10.254
The preempt directive tells router1 and router2 that router2 should be used as default gateway whenever possible.
For example, if router2 were temporarily out of service, it would take over from router1 when it is returned to normal operation.
BGP
router bgp 200 neighbor 215.17.3.1 remote-as 210 neighbor 215.17.3.1 soft-reconfiguration in
“clear ip bgp neighbor 215.17.3.1 soft”.
bgp dampening [[route-map map-name] | [half-life-time reuse-value suppress-value maximumsuppress-time]]
* half-life-time – range is 1 – 45 minutes; current default is 15 minutes. * reuse-value – range is 1 – 20000; default is 750. * suppress-value – range is 1 – 20000; default is 2000. * max-suppress-time – maximum duration a route can be suppressed. Range is 1 – 255; default is four times half-life time (60 minutes). * show ip bgp dampened-routes – Display all the damped routes with the time remaining to unsuppress. Very useful for find out which sites are having instability problems.