[[cisco]]
Trace: cisco
Show pagesource
AdminRecent ChangesSitemap

This is an old revision of the document! 

line console/vty x y
exec timeout 0 0
logging synchronous

kako postavis geslo za XY vmesnik: 

line console/vty/... 
login
password xxx

General security template: 

no service finger
no service pad
no service udp-small-servers
no service tcp-small-servers
no service config
no service dhcp
no service compress-config  
no ip  http server
no ip bootp server
no ip finger
no ip identd
no ip source-route  
service nagle
service timestamps debug datetime localtime show-timezone msec
service timestamps log datetime localtime show-timezone msec

ip spd enable
no cdp run
logging buffered 16384
logging trap debugging
logging 169.223.10.20
logging console warnings
ip subnet-zero
ip classless
! Deal with dead connections gracefully
service tcp-keepalives-in
service tcp-keepalives-out
! Set time for UK
clock timezone GMT 0
clock summer-time BST recurring
! Do not allow packet to specify their own route
no ip source-route
! Enable Cisco Express Forwarding technology
ip cef
ntp master
ntp update-calendar
ntp server 
no ip domain-lookup
ip domain-list domain.org
ip domain-list .
ip domain-name domain.org
ip name-server 10.0.0.1
ip name-server 10.1.0.1
line con 0
 exec-timeout 5 0
 password 7 <######>
 login authentication no_tacacs
 transport input none
line aux 0
 exec-timeout 5 0
 password 7 <#######>
 login authentication test
 modem InOut
 transport input all
 stopbits 1
 speed 19200
 flowcontrol hardware
line vty 0 4
 exec-timeout 5 0
 password 7 <########>
 login authentication test
 transport input telnet

General Interface Template: 

no ip redirect
no ip direct broadcast
no ip proxy-arp
no ip unreachables
! no ip mask-reply

General Security Template: 

service password-encryption
enable secret <removed>
no enable password
! Limit the amount of ICMP traffic (DDOS protection)
rate-limit input access-group 110 2048000 8000 8000 conform-action transmit exceed-action drop
access-list 103 deny tcp any host 10.0.0.1 established

HSRP

Router 1: 

interface ethernet 0/0
description Server LAN
ip address 169.223.10.1 255.255.255.0
standby 10 ip 169.223.10.254

Router 2: 

interface ethernet 0/0
description Service LAN
ip address 169.223.10.2 255.255.255.0
standby 10 priority 150
standby 10 preempt
standby 10 ip 169.223.10.254

The preempt directive tells router1 and router2 that router2 should be used as default gateway whenever possible.
For example, if router2 were temporarily out of service, it would take over from router1 when it is returned to normal operation.

BGP 

router bgp 200
neighbor 215.17.3.1 remote-as 210
neighbor 215.17.3.1 soft-reconfiguration in
“clear ip bgp neighbor 215.17.3.1 soft”.
bgp dampening [[route-map map-name] | [half-life-time reuse-value suppress-value maximumsuppress-time]]

* half-life-time – range is 1 – 45 minutes; current default is 15 minutes. * reuse-value – range is 1 – 20000; default is 750. * suppress-value – range is 1 – 20000; default is 2000. * max-suppress-time – maximum duration a route can be suppressed. Range is 1 – 255; default is four times half-life time (60 minutes). * show ip bgp dampened-routes – Display all the damped routes with the time remaining to unsuppress. Very useful for find out which sites are having instability problems.

cisco.1138654536.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pagesourceOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready