- Copy the template to any text editor
- Read the documentation for each section to understand the configuration
- Replace the variables (these are the one within the "<>") with the correct ones in your environment.
- Paste it in the terminal session of the network device.
!##### Enter System-View mode #####
system-view
!
!##### Standardize Login Banner #####
header login #
*****************************************************************************
!!! WARNING! ONLY AUTHORIZED USERS ARE ALLOWED TO LOGIN UNDER PENALTY OF LAW !!!
<additional_banner_text_here>
*****************************************************************************
#
!
!
!##### Disable other banners not needed #####
undo copyright-info enable
undo header motd
undo header legal
undo header incoming
undo header shell
!
!
!##### Disable Unnecessary Services #####
undo ip http enable
undo telnet server enable
!
!
!##### SSH Configuration #####
ssh server enable
ssh server authentication-retries 3
ssh server authentication-timeout 60
!
!#### Optional: Generate SSH keys ####
!# WARNING! SSH keys should be created
!#if this is a pristine network device (out of the box)
public-key local create dsa
1024
!
public-key local create rsa
1024
!
!
!##### Configure Local Administrator Account #####
local-user admin
!# WARNING! The password here should be in clear text (the configuration will save it in encrypted)
password cipher <admin_password>
authorization-attribute level 3
service-type ssh terminal
quit
!
!##### Configure Super (enable) Password #####
!# WARNING! The password here should be in clear text (the configuration will save it in encrypted)
super password level 3 cipher <super_password>
!
!
!##### Define Management Access-lists (ACLs) #####
!#WARNING! These ACLs are required to restrict access to the network device
acl number 2000 name Remote-Management-ACL
rule 10 remark # Network Administrator Workstation #
rule 10 permit source <admin_workstation_ip> 0
!# place additional rules if needed
quit
!
acl number 2001 name SNMP-Management-ACL
rule 10 remark # Network Monitoring Server #
rule 10 permit source <monitoring_server_ip> 0
!# place additional rules if needed
quit
!
!
!##### Device Login Access Configuration #####
! Secure remote access (only SSH allowed)
user-interface vty 0 15
undo user privilege level
authentication-mode scheme
protocol inbound ssh
!# WARNING! Enable below ACL only when confirmed operational to prevent lockout
!acl 2000 inbound
quit
!
! Secure auxiliary access
user-interface aux 0
authentication-mode scheme
quit
!
! Secure console access
user-interface con 0
authentication-mode scheme
quit
!
!
!##### Syslog Configuration #####
info-center enable
info-center loghost <syslog_server_ip>
info-center logbuffer size 1024
info-center trapbuffer size 1024
info-center timestamp loghost no-year-date
!
!
!##### SNMP version2 Configuration #####
snmp-agent
snmp-agent sys-info version v2c
snmp-agent sys-info location <device_location>
snmp-agent sys-info contact <device_administrator_contact_information>
snmp-agent community read <snmp_read_community_string> acl 2001
snmp-agent community write <snmp_write_community_string> acl 2001
!
!##### Timezone & NTP Configuration #####
!# WARNING! Important for troubleshooting and correlating network incidents
clock timezone <time_zone_string> [add/minus] <hour_offset>
ntp-service unicast-server <ntp_server_ip>
!
!
!##### Exit System-View mode #####
return
After applying the configuration, review the configuration
display current-configuration
save force