Example C5 NOC Router Configuration Example

version 12.0

service nagle no service pad service tcp-keepalives-in service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption !

hostname NOC-router !

boot system flash logging buffered 16384 debugging aaa new-model aaa authentication login default tacacs+ enable aaa authentication enable default tacacs+ enable aaa accounting exec default start-stop tacacs+ aaa accounting commands 15 default start-stop tacacs+

enable secret shhhhhthisisasecret !

clock timezone GMT 0 ip subnet-zero no ip source-route no ip finger ip telnet source-interface Loopback0 ip tftp source-interface Loopback0 ip ftp source-interface Loopback0 ip ftp username cisco ip ftp password shhhhsecret no ip bootp server ip domain-name net.galaxy ip name-server 220.144.159.1 ip name-server 220.144.159.2

ip name-server 219.10.2.1 !

! SSH support ip ssh time-out 120

ip ssh authentication-retries 3 !

partition flash 2 8 8 !

interface Loopback0 description Loopback interface on NOC ip address 220.144.159.199 255.255.255.255 no ip directed-broadcast

interface FastEthernet0/0 description Core Ethernet (SW1 vlan1 port 6) ip address 220.144.159.103 255.255.255.240 no ip redirects no ip directed-broadcast no ip proxy-arp

interface FastEthernet0/1 description Core Ethernet (SW2 vlan2 port 15) ip address 220.144.159.119 255.255.255.240 no ip redirects no ip directed-broadcast no ip proxy-arp

interface FastEthernet1/0 description NOC Ethernet ip address 220.144.159.190 255.255.255.192

ip access-group 130 in ip access-group 131 out no ip redirects no ip directed-broadcast no ip proxy-arp

router ospf 100 network 220.144.159.96 0.0.0.15 area 0 network 220.144.159.112 0.0.0.15 area 0 network 220.144 159.199 0.0.0.0 area 0 network 220.144.159.128 0.0.0.63 area 0 passive-interface FastEthernet1/0 passive-interface Loopback0 log-adjacency-changes

ip classless ip route 10.0.0.0 255.0.0.0 Null0 ip route 172.16.0.0 255.240.0.0 Null0 ip route 192.168.0.0 255.255.0.0 Null0 ip route 220.144.128.0 255.255.224.0 Null0 ip tacacs source-interface Loopback0

ip bgp-community new-format !

no logging console logging trap debugging logging source-interface Loopback0

logging 220.144.159.129

access-list 1 permit 220.144.159.129

access-list 1 permit 220.144.159.130

access-list 1 deny any log access-list 130 permit ip 220.144.159.128 0.0.0.63 any ! WHAT GETS

access-list 130 deny ip any any log access-list 131 permit icmp any 220.144.159.128 0.0.0.63 ! WHAT GETS IN

access-list 131 permit tcp any 220.144.159.128 0.0.0.63 eq ident access-list 131 permit tcp any 220.144.159.128 0 ! 220.144.159.129 is LOGHOST, TACACS+, FTP-dumps access-list 131 permit udp 220.144.159.192 0.0.0

220.144.159.129 eq syslog access-list 131 permit udp 220.144.159.192 0.0.0.63 host

220.144.159.129 eq tftp access-list 131 permit tcp 220.144.159.192 0.0.0.63 host

220.144.159.129 eq ftp access-list 131 permit tcp 220.144.159.192 0.0.0.63 host

220.144.159.129 eq ftp-data access-list 131 permit tcp 220.144.159.192 0.0.0.63 host

220.144.159.129 eq tacacs

! 220.144.159.130 is NOC MGMT Workstation access-list 131 permit udp 220.144.159.192 0.0.0.63 host

220.144.159.130 eq snmp access-list 131 permit udp 220.144.159.192 0.0.0.63 host

220.144.159.130 eq snmptrap

0.0.63 established

TFTP 63 host

I 220.144.159.131 is SSH gateway access-list 131 permit tcp any host 220.144.159.131 eq 22 I 220.144.159.132 is DIAL Radius server (NT running Cisco Secure) access-list 131 permit udp host 220.144.159.200 host 220.144.159.132 eq

1645

access-list 131 permit udp host 220.144.159.200 host 220.144.159.132 eq

1646

I 220.144.159.180 is Primary DNS

access-list 131 permit udp any host 220.144.159.180 eq domain access-list 131 permit tcp any host 220.144.159.180 eq domain access-list 131 deny ip any any log I VTY access-list - NOC

access-list 198 permit ip 220.144.159.128 0.0.0.63 any access-list 198 permit ip 220.144.159.192 0.0.0.63 any I Router loopbacks access-list 198 deny ip any any log access-list 199 deny ip any any log I

tacacs-server host 220.144.159.129 tacacs-server key SecretToo snmp-server community NotTelling RO 1 snmp-server location Somewhere snmp-server contact Network Operations Center <[email protected]>

snmp-server enable traps snmp snmp-server host 220.144.159.130 SecretToo banner login A

Authorized Access Only

This system is the property of Galaxy Internet Disconnect IMMEDIATELY if you are not an authorized userI

Contact [email protected] +98 765 4321 for help. A

line con 0 exec-timeout 3 0 transport preferred none transport input none transport output telnet line aux 0 transport preferred none transport input telnet transport output telnet line vty 0 4 access-class 198 in exec-timeout 0 0 transport preferred none transport input telnet ssh transport output telnet

exception protocol ftp exception dump 220.144.159.129

ntp authentication-key 1 md5 secretAlso ntp authenticate ntp trusted-key 1

ntp source Loopback0

ntp server 220.144.159.193 key 1 ntp server 220.144.159.194 key 1 end

Was this article helpful?

0 0

Post a comment