-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathROUTER-BASE_UE_SmartTemplate.txt
281 lines (267 loc) · 6.75 KB
/
ROUTER-BASE_UE_SmartTemplate.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
mkdir flash:archive-config
conf t
no service pad
no service config
no service finger
no ip icmp redirect
no ip finger
no ip gratuitous-arps
no ip source-route
service sequence-numbers
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname [+HOSTNAME+]
ip domain-name [+DOMAIN NAME+]
crypto key generate rsa label SSH-KEY modulus 2048
!
!
logging buffered 8096 debug
logging console critical
enable secret [+SECRET PASSWORD+]
!
aaa new-model
!
!
aaa group server radius [+CUSTOMER+]-RADIUS
server-private [+RADIUS SERVER 1+] auth-port 1812 acct-port 1813 key [+AAA PSK+]
server-private [+RADIUS SERVER 2+] auth-port 1812 acct-port 1813 key [+AAA PSK+]
! ip vrf forwarding Mgmt-intf
aaa authentication login default local
aaa authentication login CONSOLE local
aaa authentication login [+CUSTOMER+]-AAA group [+CUSTOMER+]-RADIUS local
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group [+CUSTOMER+]-RADIUS
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
!
no ip source-route
no ip gratuitous-arps
ip cef
!
default ip nbar protocol-pack flash:/pp-adv-isrg2-152-4.M1-13-6.0.0.pack
!
!
!
key chain [+CUSTOMER+]-LAN-KEY
key 1
key-string [+IGP_PASSWORD_LAN+]
key chain [+CUSTOMER+]-WAN-KEY
key 1
key-string [+IGP_PASSWORD_WAN+]
!
!
!
!
no ip bootp server
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
flow record [+CUSTOMER+]Netflow
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect transport tcp flags
collect interface input
collect interface output
collect counter bytes long
collect counter packets long
collect flow direction
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect application name
!
!
flow exporter FlowExport1
destination [+NETFLOW SERVER+]
transport udp [+NETFLOW PORT+]
template data timeout 60
option application-table timeout 60
option application-attributes timeout 300
!
!
flow monitor FlowMonitor1
exporter [+CUSTOMER+]Netflow
cache timeout active 60
cache entries 32768
record FlowRecord1
!
!
ip flow-export template refresh-rate 15
ip flow-export template timeout-rate 90
ip flow-export template options export-stats
ip flow-export template options refresh-rate 25
ip flow-export template options timeout-rate 120
!
!
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
path flash:archive-config/
write-memory
time-period 86400
memory reserve critical 4096
username [+LOCAL USERNAME+] privilege 15 secret [+USER PASSWORD+]
!
!
ip tcp synwait-time 5
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
ip ssh rsa keypair-name SSH-KEY
!
!
!
interface Loopback0
description Management Interface
no ip address
!
!
interface GigabitEthernet0/0/1
ip flow monitor FlowMonitor1 input
ip flow monitor FlowMonitor1 output
no ip redirects
no ip unreachables
no ip proxy-arp
no ip information-reply
no ip mask-reply
ip address
!
!
router eigrp [+CUSTOMER+]
!
address-family ipv4 unicast autonomous-system [+AS+]
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/0/1
authentication mode md5
authentication key-chain WAN-KEY
hello-interval 20
hold-time 60
add-path 2
no passive-interface
exit-af-interface
!
!
topology base
exit-af-topology
! network 10.255.249.0 0.0.0.255
exit-address-family
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip flow-export source [+MANAGEMENT INTERFACE+]
!
!
!
access-list 10 remark ALLOWED SSH HOSTS/NETWORKS
access-list 10 permit 10.0.0.0 0.255.255.255
!
ip radius source-interface [+MANAGEMENT INTERFACE+]
kron occurrence SAVE_CONFIG_SCHED at 23:59 Fri recurring
policy-list SAVE_CONFIG_WEEKLY
kron policy-list SAVE_CONFIG_WEEKLY
cli write mem
!
logging trap warnings
logging source-interface [+MANAGEMENT INTERFACE+]
logging host [+SYSLOG SERVER+]
!
!
snmp-server user admin [+CUSTOMER+]Group v3 auth sha [+PSK 1+] priv aes 128 [+PSK 1+]
snmp-server group [+CUSTOMER+]Group v3 auth read [+CUSTOMER+]View
snmp-server view [+CUSTOMER+]View internet included
snmp-server view [+CUSTOMER+]View system included
snmp-server view [+CUSTOMER+]View interfaces included
snmp-server view [+CUSTOMER+]View chassis included
snmp-server ifindex persist
snmp-server trap-source [+MANAGEMENT INTERFACE+]
snmp-server location [+LOCATION+]
snmp-server contact [+CONTACT+]
snmp-server enable traps entity-sensor threshold
!
!
!
banner exec ^
****** Your consent to the terms listed above is acknowledged. *******
^
banner login ^
**********************************************************************
A T T E N T I O N A T T E N T I O N A T T E N T I O N
**********************************************************************
WARNING: This system is for the use of authorized clients only.
Individuals using the computer network system without authorization,
or in excess of their authorization, are subject to having all their
activity on this computer network system monitored and recorded by
system personnel. To protect the computer network system from
unauthorized use and to ensure the computer network systems is
functioning properly, system administrators monitor this system.
Anyone using this computer network system expressly consents to such
monitoring and is advised that if such monitoring reveals possible
conduct of criminal activity, system personnel may provide the
evidence of such activity to law enforcement officers.
Access is restricted to authorized users only. Unauthorized access is
a violation of state and federal, civil and criminal laws.
**********************************************************************
^
!
line con 0
login authentication CONSOLE
transport output ssh
logging synchronous
exec-timeout 10 0
line aux 0
exec-timeout 0 0
no exec
transport output none
line 2
no activation-character
no exec
exec timeout 0 0
transport preferred none
transport output none
stopbits 1
line vty 0 4
session-timeout 10
access-class 10 in
exec-timeout 30 0
privilege level 15
logging synchronous
login authentication [+CUSTOMER+]-AAA
transport input ssh
transport output ssh
!
exception memory ignore overflow processor
exception memory ignore overflow io
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp authentication-key 123 md5 [+NTP KEY+]
ntp authenticate
ntp trusted-key 123
ntp source [+MANAGEMENT INTERFACE+]
ntp server [+NTP SERVER 1+] key 123 prefer
ntp server [+NTP SERVER 2+] key 123
!