Configuraciones esenciales para nuevos enrutadores

Comparto algunas configuraciones esenciales al configurar enrutadores desde cero.

================

================

snmp-agent local-engineid

snmp-agent community read cipher "CONTRASEÑA"

snmp-agent sys-info version v2c

undo snmp-agent sys-info version v3

#

================

ADVERTENCIA

================

#

================

================

 hwtacacs-server authentication x.x.x.x

 hwtacacs-server authorization x.x.x.x

 hwtacacs-server accounting x.x.x.x

 hwtacacs-server shared-key cipher "CONTRASEÑA"

 hwtacacs-server timer response-timeout 10

aaa

 authentication-scheme default

  authentication-mode hwtacacs local

 authentication-scheme default0

 authentication-scheme default1

 authentication-scheme hwtacacs

  authentication-mode hwtacacs local

 authentication-scheme radius

  authentication-mode radius

 authorization-scheme default

 authorization-scheme hwtacacs

  authorization-mode hwtacacs local

  authorization-cmd 1 hwtacacs local

  authorization-cmd 2 hwtacacs local

  authorization-cmd 3 hwtacacs local

  authorization-cmd 15 hwtacacs local

 accounting-scheme default

 accounting-scheme hwtacacs

  accounting-mode hwtacacs

  accounting start-fail online

 recording-scheme hwtacacs

  recording-mode hwtacacs hwtacacs        

 cmd recording-scheme hwtacacs

 local-aaa-user password policy administrator

  password expire 0

 local-aaa-user password policy access-user

 domain default

  authentication-scheme radius

  radius-server default

 domain default_admin

  authentication-scheme hwtacacs

  accounting-scheme hwtacacs

  authorization-scheme hwtacacs

  hwtacacs-server hwtacacs

 undo local-user admin

 local-user provisorio password irreversible-cipher "CONTRASEÑA"

 local-user provisorio privilege level 15

 local-user provisorio service-type telnet terminal ssh

#

user-interface con 0

 authentication-mode password

 set authentication password cipher "CONTRASEÑA"

user-interface vty 0 4

 authentication-mode aaa

 history-command max-size 50

================

================

ssh server acl 3999

acl name SSH_FILTERING 3999

 rule 5 permit ip source "x.x.x.x" 0

 rule 10 permit ip source "x.x.x.x" 0

 rule 15 permit ip source "x.x.x.x" 0

 rule 20 permit ip source "x.x.x.x" 0

#

================

NTP+ACL - Clock timezone

================

acl number 2000

 rule 5 permit source "x.x.x.x" 0

ntp-service server disable

ntp-service access server 2000

clock timezone MEX minus 06:00:00

Saludos y Cordiales