Afenioux's Blog page

3am; darkness; Maintenance window closing. Safety net: rollback.

Cisco security & misc

Written by Arnaud no comments

Some basic tips, things to remove from IOS default configuration!

Prevent from source routing (ie the souce can specify the path the packet should take)

(config)#no ip source-route


Dont make your router a default gw for bad configured hosts

(config)#int gi0/0
(config-if)#no ip proxy-arp


suppress Router Advertisement messages on an interface:
(config-if)# ipv6 nd suppress-ra
! OR
(config-if)# ipv6 nd ra suppress

Use you own timeout (in minutes) for your enable session

(config)#line vty 0 4
(config-line)#exec-timeout 60 0


Don't try to resolve typo (prevent  from : Translating "xxxxxx"...domain server (xx.xx.xx.xx) )

(config)#no ip domain-lookup

Create a new user localy and add authentication to the console port (timout is 20minutes by default) :

username <USERNAME> secret <PASSWORD>
enable secret <PASSWORD>

aaa new-model
aaa authentication login MY-AUTH-LOCAL local
line console 0
 login authentication MY-AUTH-LOCAL 


And set the Clock / Timezone / Daylight Saving Time :

clock summer-time CEST recurring last Sun Mar 3:00 last Sun Oct 3:00
clock timezone CET 1
ntp server
Classified in : cisco Tags : none

Comments are closed.

Rss feed of the article's comments