##########
##########
### ROUTER COMMANDS ###
##########
##########
enable secret C1SCO
%
line con 0
password C1SCO
login
%
line aux 0
password C1SCO
login
%
line vty 0 4
login
password C1SCO
%
service password-encryption
%
username Bob secret 0 C1SCO
%
security authentication failure rate 5 log
%
line con 0
exec-timeout 2 30
%
line aux 0
exec-timeout 2 30
%
line vty 0 4
exec-timeout 2 30
%
privilege exec level 5 debug
enable secret level 5 C1SCO
%
aaa new-model
enable view
parser view HELPDESK
secret 0 C1SCO
command exec include all copy
commands exec include traceroute
commands exec include ping
%
secure boot-image
secure boot-config
%
login block-for 30 attempts 5 within 10
login quiet-mode access-class 101
login delay 3
login on-failure log
login on-success log
%
banner motd $
%
ip http server
ip http secure-server
ip http authentication local
username Bill privilege 15 secret 0 C1SCO
%
aaa authentication login default local
aaa authentication arap
aaa authentication banner
aaa authentication enable default
aaa authentication fail-message
aaa authentication local-override
aaa authentication login
aaa authentication nasi
aaa authentication password-prompt
aaa authentication ppp
aaa authentication username-prompt
%
line console 0
login authentication console-in
%
int s3/0
ppp authentication chap dial-in
%
aaa authorization commands 1 Bill local
aaa authorization commands 15 Bob local
%
aaa accounting commands 15 default stop-only group tacacs+
aaa accounting auth-proxy default start-stop group tacacs+
%
debug aaa authentication
debug aaa authorization
debug aaa accounting
%
tacacs-server host 192.168.10.75 single connection
tacacs-server key shared1
%
auto-secure
%
ip domain-name ciscopress.com
crypto key zeroise rsa
crypto key generate rsa general-keys modulus 1024
ip ssh time-out 120
ip ssh authentication-retries 4
ling vty 0 4
transport input ssh
%
show crypto key mypubkey rsa
%
access-list compiled
%
access-list 150 deny ip 12.1.1.0 0.0.0.255 any log
access-list 150 deny ip 127.0.0.0 0.255.255.255 any log
interface e0/1
ip access-group 150 in
%
access-list 114 permit icmp 12.2.1.0 0.0.0.255 any echo
access-list 114 permit icmp 12.2.1.0 0.0.0.255 any parameter-problem
access-list 114 permit icmp 12.2.1.0 0.0.0.255 any packet-too-big
access-list 114 permit icmp 12.2.1.0 0.0.0.255 any source-quech
access-list 114 deny icmp any any log
interface e0/1
ip access-group 114 out
%
access-list 90 permit host 12.2.1.3 log
access-list 90 deny any log
line vty 0 4
login authentication vty-sysadmin
transport input ssh
access-class 90 in
%
access-list 12 deny 12.2.2.0 0.0.0.255
access-list 12 permit any
router rip
distribute-list 12 out
version 2
no auto-summary
network 12.0.0.0
%
ip access-list 104 deny ip any any
ip access-list 103 permit http any any
ip inspect name FWRULE tcp
interface S0
ip access-group 103 out
ip access-group 104 in
ip inspect FWRULE out
%
crypto isakmp policy 1
authentication pre-share
hash sha
encryption aes 128
group 2
lifetime 86400
%
crypto isakmp key SECRET address 172.30.2.2
crypto ipsec transform-set MYSET esp-aes esp-sha
access-list 101 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.0.255
crypto map ROUTER1_TO_ROUTER2 ipsec-isakmp
set peer 172.30.2.2
match address 101
set transform-set MYSET
%
interface serial 1/0
crypto map ROUTER1_TO_ROUTER2
ip route 192.168.0.0 255.255.255.0 172.30.2.2
%
##########
##########
### SWITCH COMMANDS ###
##########
##########
%
interface gigabitethernet 0/3
switchport mode access
%
interface gigabitethernet 0/4
switchport trunk encapsulation dot1q
switchport mode trunk
switch nonegotiate
%
interface gigabitethernet 0/5
switchport trunk native vlan 400
%
interface gigabitethernet 0/6
spanning-tree guard root
%
interface gigabitethernet 0/7
spanning-tree portfast bpduguard
%
ip dhcp snooping
%
interface gigabitethernet 0/8
ip dhcp snooping trust
%
ip arp inspection vlan 100
%
interface gigabitethernet 0/9
ip arp inspection trust
%
monitor session 1 source interface gigabitethernet0/10
monitor session 1 destination interface gigabitethernet0/11
%
access-list 100 permit tcp any host 10.1.1.2 eq telnet
vlan access-map ALLOWTELNET 10
match ip address 100
action forward
%
vlan filter ALLOWTELNET vlan-list 1-100
%
interface gigabitethernet 0/12
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security violation protect
switchport port-security mac-address 1234.1234.1234
switchport port-security mac-address sticky
%
show port-security
%
radius-server host 192.168.10.1
radius-server key RADIUS!123
%
No comments:
Post a Comment