Appendix D. Configuration Examples

This appendix consolidates many of the concepts presented in this book into example router configurations that can be used as templates for your Cisco routers. While these examples don’t include all possible configurations, they do include the most common security configurations for both small and large organizations. The examples are created so you can type all commands directly into your router. They will be slightly different than a show running-config because of IOS version differences and command line differences.

Basic Example Configuration

This is a basic secure configuration that you might find at an organization with a small network with few routers and few administrators. In addition to standard security settings, this configuration will:

  • Disable all unneeded services. This configuration doesn’t use HTTP, SNMP, TFTP, CDP, etc.

  • Configure the router to use an external NTP server to set its time, while peering with two other routers— and NTP is configured to use authentication and to serve only clients on the internal network.

  • Configure logging to log to the syslog server

  • Enable an external interface—Serial 0/0—that has antispoofing ACL applied to it. This interface uses BGP, with authentication, as its routing protocol.

  • Enable an internal interface—Fast Ethernet 0/0—that has been configured to use RIP v2, with authentication, as its routing protocol.

  • Configure console access to use a line password for authentication. ...

Get Hardening Cisco Routers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.