This appendix consolidates many of the concepts presented in this book into example router configurations that can be used as templates for your Cisco routers. While these examples don’t include all possible configurations, they do include the most common security configurations for both small and large organizations. The examples are created so you can type all commands directly into your router. They will be slightly different than a show running-config because of IOS version differences and command line differences.
This is a basic secure configuration that you might find at an organization with a small network with few routers and few administrators. In addition to standard security settings, this configuration will:
Disable all unneeded services. This configuration doesn’t use HTTP, SNMP, TFTP, CDP, etc.
Configure the router to use an external NTP server to set its
time, while peering with two other routers—
10.10.4.1. NTP is configured to use
authentication and to serve only clients on the internal
Configure logging to log to the syslog server
Enable an external interface—Serial 0/0—that has antispoofing ACL applied to it. This interface uses BGP, with authentication, as its routing protocol.
Enable an internal interface—Fast Ethernet 0/0—that has been configured to use RIP v2, with authentication, as its routing protocol.
Configure console access to use a line password for authentication. ...