Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Mark Krawczyk - Router Running Config Example

advertisement 
! Last configuration change at 08:29:42 EST Mon Feb 20 2014 by mwk
! NVRAM config last updated at 08:29:43 EST Mon Feb 20 2014 by mwk
!
version 12.4
no service pad
!
service tcp-keepalives-in
(Used for managing sessions)
service tcp-keepalives-out
!
service timestamps debug datetime localtime show-timezone (used for logging)
service timestamps log datetime localtime show-timezone (used for logging)
service password-encryption (encrypt all passwords)
!
hostname MK_Router
!
!
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
(enable password set)
!
!!!!!!!!!!!!!!!!!!!
TACACS+ SERVER NETWORK INFO !!!!!!!!!!!!!!!!!!!!!!
!
tacacs-server host 192.168.1.100 key 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
!
Points the router to the TACACS+ server, secret key shared by router and server
tacacs-server directed-request
!
Sends only username to TACACS+ for authentication (before @)
tacacs-server administration
!
Enables the handling of administrative messages by the TACACS+ daemon
!
!!!!!!!!!!!!!!!!!!!!!!!!! ENABLE TACACS+ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
aaa new-model
!
Enables AAA globally
!
!!!!!!!!!!!!!!!!!!!!!!!!!! DEFINE METHOD LIST !!!!!!!!!!!!!!!!!!!!!!!!!!!!
!
aaa authentication login mwkacs group tacacs+ local enable
! User must authentication with TACACS+ to login, method list mwkacs defined
!
aaa authentication enable default group tacacs+ enable
! Users must authenticate to go to privilege mode
!
aaa authorization exec mwkacs group tacacs+ local
! Ensure access only to users whose profiles are configured with administrative
access
!
aaa authorization commands 15 mwkacs group tacacs+ local none
! Define method list to authorize the execution of administrative level commands
!
aaa accounting exec mwkacs start-stop group tacacs+
!
Enables accounting of an EXEC session, method list tacacs+
!
Sends a “start accounting” notice and “stop accounting” notice for process
!
aaa accounting commands 15 mwkacs start-stop group tacacs+
!
Enable accounting of privileged commands, method list
!
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
(Disable unused services)
no ip gratuitous-arps
“”
no ip bootp server
“”
no ip domain lookup
“”
username NetAdmin secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
(create unique username)
!
interface Loopback0
ip address 10.1.3.252 255.255.255.255
!
(Defines loopback interface and assign an IP address)
!
interface Serial0/0
description *** WAN1 ***
ip address 10.1.1.26 255.255.255.252
ip access-group mark_filter out
(assign access list)
!
interface FastEthernet0/1
description *** LAN Floor 1 ***
ip address 10.25.20.9 255.255.255.0
no ip proxy-arp
duplex auto
speed auto
!
router ospf 10
(enable OSPF routing protocol, with NO authentication)
router-id 10.1.3.26
log-adjacency-changes
network 10.1.1.24 0.0.0.3 area 0
network 10.25.20.8 0.0.0.3 area 0
!
!
no ip http server
no ip http secure-server
!
ip tacacs source-interface Loopback0 (bind TACACS to Loopback address)
!
ip access-list extended mark_filter
(extended named ACL)
deny
ip host 191.164.1.1 any
permit ip any any
!
logging buffered 100000 informational (The logging buffer is circular, so newer
messages overwrite older messages after the buffer is filled)
logging trap notifications (Normal but significant conditions)
logging source-interface Loopback0
logging 192.168.5.15
logging 192.168.5.10
!
access-list 5 permit 192.168.5.0 0.0.0.255
access-list 5 permit 10.10.10.60 0.0.0.3
access-list 111 permit ip 10.254.253.0 0.0.0.255 10.24.111.0 0.0.0.3 (extended ACL)
access-list 112 permit ip host 10.254.253.1 10.24.95.0 0.0.0.3
!
snmp-server community xxxxxxxxxxxxxxxxxxxxxxxxxx RO
(SNMP community string set)
snmp-server community xxxxxxxxxxxxxxxxxxxxxxxxxx RW 5 (access-list 5)
!
no cdp run
(Turn off CDP)
!
control-plane
!
!!!!!!!! Creates a login banner !!!!!!!!!!!!!!!!!
banner motd
******************Warning!
Warning!
Warning!***********************
This system is restricted to authorized users for business purposes only.
Unauthorized access is a violation of the law. This service may be monitored for
administrative and security reasons. By proceeding you consent to this monitoring.
*******************Warning!
Warning! Warning!
***********************
!
line con 0
exec-timeout 5 0
login local
!
line aux 0
!
!!!!!!!!!!!!!!!!!!!APPLY METHOD LIST TO VTY LINE !!!!!!!!!!!!!!!!!!!!!
!
line vty 0 4
access-class 5 in
(applies access list 5)
exec-timeout 5 0
(idle time out 5 minutes)
authorization commands 15 mwkacs (method list applied)
authorization exec mwkacs
(method list applied)
accounting commands 15 mwkacs
(method list applied)
accounting exec mwkacs
(method list applied)
login authentication mwkacs
(method list applied)
transport input ssh
(allows SSH only)
transport output none
(remote to other network devices, not allowed)
!
ntp source Loopback0
(NTP settings)
ntp server 10.1.2.25
ntp server 10.1.2.24
!
End
Related documents
Cisco Switch AAA Setup
Cisco Switch AAA Setup
File
File
IPv6 Deployment for ADSL Address allocation and Configuration
IPv6 Deployment for ADSL Address allocation and Configuration
Errata - Pearsoncmg
Errata - Pearsoncmg
ISE TACACS+ Configuration Guide for Cisco IOS Based Network Devices
ISE TACACS+ Configuration Guide for Cisco IOS Based Network Devices
INSTRUCTIONAL DESIGN SEQUENCE / PROJECT OVERVIEW A
INSTRUCTIONAL DESIGN SEQUENCE / PROJECT OVERVIEW A
conclusion
conclusion
08.12.12AAA welcomes infrastructure boost.doc
08.12.12AAA welcomes infrastructure boost.doc
Final Presentation
Final Presentation
Classic Membership $61 Plus Membership:$94
Classic Membership $61 Plus Membership:$94
Automobile Computer Security
Automobile Computer Security
CS 2813 - Loyola College
CS 2813 - Loyola College
ISE TACACS+ Configuration Guide for Wireless LAN Controllers
ISE TACACS+ Configuration Guide for Wireless LAN Controllers
ISE TACACS+ Configuration Guide for Cisco NX-OS Based Network Devices
ISE TACACS+ Configuration Guide for Cisco NX-OS Based Network Devices
Cisco Unified Wireless Network TACACS+ Configuration Contents Document ID: 91631
Cisco Unified Wireless Network TACACS+ Configuration Contents Document ID: 91631
ISE TACACS+ Configuration Guide for Cisco ASA Secure Access How-to User Series
ISE TACACS+ Configuration Guide for Cisco ASA Secure Access How-to User Series
How to Configure Administrative Login using
How to Configure Administrative Login using
TACACS+ Server on E Series Broadband
TACACS+ Server on E Series Broadband
ArubaOS-CX Security Guide for 10.02
ArubaOS-CX Security Guide for 10.02
ServerIron 12000 AdminGuide
ServerIron 12000 AdminGuide
ServerIron ADX Administration Guide
ServerIron ADX Administration Guide
Download
advertisement