Comparto algunas configuraciones esenciales al configurar enrutadores desde cero.
================
================
snmp-agent local-engineid
snmp-agent community read cipher "CONTRASEÑA"
snmp-agent sys-info version v2c
undo snmp-agent sys-info version v3
#
================
ADVERTENCIA
================
#
================
================
hwtacacs-server authentication x.x.x.x
hwtacacs-server authorization x.x.x.x
hwtacacs-server accounting x.x.x.x
hwtacacs-server shared-key cipher "CONTRASEÑA"
hwtacacs-server timer response-timeout 10
aaa
authentication-scheme default
authentication-mode hwtacacs local
authentication-scheme default0
authentication-scheme default1
authentication-scheme hwtacacs
authentication-mode hwtacacs local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-scheme hwtacacs
authorization-mode hwtacacs local
authorization-cmd 1 hwtacacs local
authorization-cmd 2 hwtacacs local
authorization-cmd 3 hwtacacs local
authorization-cmd 15 hwtacacs local
accounting-scheme default
accounting-scheme hwtacacs
accounting-mode hwtacacs
accounting start-fail online
recording-scheme hwtacacs
recording-mode hwtacacs hwtacacs
cmd recording-scheme hwtacacs
local-aaa-user password policy administrator
password expire 0
local-aaa-user password policy access-user
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme hwtacacs
accounting-scheme hwtacacs
authorization-scheme hwtacacs
hwtacacs-server hwtacacs
undo local-user admin
local-user provisorio password irreversible-cipher "CONTRASEÑA"
local-user provisorio privilege level 15
local-user provisorio service-type telnet terminal ssh
#
user-interface con 0
authentication-mode password
set authentication password cipher "CONTRASEÑA"
user-interface vty 0 4
authentication-mode aaa
history-command max-size 50
================
================
ssh server acl 3999
acl name SSH_FILTERING 3999
rule 5 permit ip source "x.x.x.x" 0
rule 10 permit ip source "x.x.x.x" 0
rule 15 permit ip source "x.x.x.x" 0
rule 20 permit ip source "x.x.x.x" 0
#
================
NTP+ACL - Clock timezone
================
acl number 2000
rule 5 permit source "x.x.x.x" 0
ntp-service server disable
ntp-service access server 2000
clock timezone MEX minus 06:00:00
Saludos y Cordiales