Cisco 891 Template - CLI
This is a standard template for a Cisco 891. You can use this to set up a quick and dirty internet connection and then tweak it as needed. At some point I'll go through and explain each line, for now it's a simple template. Fill in the blanks and away you go. I find this helpful when sending out a router without an identifiable information on it, then tweaking via SSH once on site.
<ENTER HOSTNAME HERE> - Type a hostname for the router (e.g. Florida-rtr01)
<ENTER PW HERE> - Randomize a password for the router's enable prompt
<Domain Name> - Enter the network's domain name if applicable. You need something here for SSH to work, so choose something
<ISP Name> - Type the name of the ISP
<WAN Static> - The static address for your WAN connection
<WAN Subnet> - The subnet mask of your WAN connection (e.g. 255.255.255.252)
<WAN Gateway> - The gateway of your WAN connection
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname <ENTER HOSTNAME HERE>
!
ip domain-name <Domain Name>
crypto key gen rsa mod 4096
logging buffered informational
!
enable secret <ENTER PW HERE>
aaa new-model
aaa local authentication attempts max-fail 3
aaa authentication login default local
aaa authentication enable default enable
aaa session-id common
clock timezone PST -8 0
no ip source-route
ip options drop
ip dhcp pool lan
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 208.67.222.222
lease 0 8
no ip bootp server
no ip domain lookup
!
ip domain name <Domain Name>
ip inspect name in2out rcmd timeout 3600
ip inspect name in2out tftp timeout 30
ip inspect name in2out udp timeout 15
ip inspect name in2out tcp timeout 3600
ip inspect name in2out realaudio timeout 3600
ip inspect name in2out vdolive
ip inspect name in2out netshow
ip inspect name in2out ftp timeout 3600
ip inspect name in2out smtp timeout 3600
ip inspect name in2out h323 timeout 3600
ip cef
login delay 2
login on-failure log
login on-success log
no ipv6 cef
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
path flash:archived-config
maximum 14
write-memory
time-period 1440
memory reserve console 4096
username install secret <ENTER PW HERE>
secure boot-image
ip tcp synwait-time 10
ip ssh source-interface GigabitEthernet8
ip ssh version 2
ip ssh dh min size 2048
vlan 2
name data
int range gig 0-7
switchport access vlan 2
no shut
interface GigabitEthernet8
no shut
!
description <ISP NAME>
!
ip address <WAN STATIC> <WAN SUBNET>
ip access-group outside-in in
no ip redirects
ip nat outside
ip inspect in2out out
ip virtual-reassembly in
duplex auto
speed auto
interface Vlan2
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list nat-out interface GigabitEthernet8 overload
!
ip route 0.0.0.0 0.0.0.0 <ISP Gateway> name <ISP Name>
ip access-list extended nat-out
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended outside-in
permit tcp any any eq 22
permit icmp any any
permit gre any any
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
deny ip any any log
no cdp run
control-plane host
management-interface GigabitEthernet8 allow ssh
management-interface Vlan2 allow ssh
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
no vstack
banner login ^C
**********************************************
**********************************************
********* WARNING *********
* THIS SYSTEM IS FOR THE USE OF AUTHORIZED *
* USERS ONLY! *
**********************************************
**********************************************
^C
line con 0
exec-timeout 5 0
password <ENTER PW HERE>
no modem enable
line aux 0
exec-timeout 0 1
no exec
transport output none
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
password <ENTER PW HERE>
transport input ssh
line vty 5 15
exec-timeout 5 0
transport input ssh
exception memory ignore overflow processor
exception memory ignore overflow io
scheduler allocate 20000 1000
ntp server 129.6.15.28
ntp server 129.6.15.29
ntp server 129.6.15.30
<ENTER HOSTNAME HERE> - Type a hostname for the router (e.g. Florida-rtr01)
<ENTER PW HERE> - Randomize a password for the router's enable prompt
<Domain Name> - Enter the network's domain name if applicable. You need something here for SSH to work, so choose something
<ISP Name> - Type the name of the ISP
<WAN Static> - The static address for your WAN connection
<WAN Subnet> - The subnet mask of your WAN connection (e.g. 255.255.255.252)
<WAN Gateway> - The gateway of your WAN connection
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname <ENTER HOSTNAME HERE>
!
ip domain-name <Domain Name>
crypto key gen rsa mod 4096
logging buffered informational
!
enable secret <ENTER PW HERE>
aaa new-model
aaa local authentication attempts max-fail 3
aaa authentication login default local
aaa authentication enable default enable
aaa session-id common
clock timezone PST -8 0
no ip source-route
ip options drop
ip dhcp pool lan
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 208.67.222.222
lease 0 8
no ip bootp server
no ip domain lookup
!
ip domain name <Domain Name>
ip inspect name in2out rcmd timeout 3600
ip inspect name in2out tftp timeout 30
ip inspect name in2out udp timeout 15
ip inspect name in2out tcp timeout 3600
ip inspect name in2out realaudio timeout 3600
ip inspect name in2out vdolive
ip inspect name in2out netshow
ip inspect name in2out ftp timeout 3600
ip inspect name in2out smtp timeout 3600
ip inspect name in2out h323 timeout 3600
ip cef
login delay 2
login on-failure log
login on-success log
no ipv6 cef
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
path flash:archived-config
maximum 14
write-memory
time-period 1440
memory reserve console 4096
username install secret <ENTER PW HERE>
secure boot-image
ip tcp synwait-time 10
ip ssh source-interface GigabitEthernet8
ip ssh version 2
ip ssh dh min size 2048
vlan 2
name data
int range gig 0-7
switchport access vlan 2
no shut
interface GigabitEthernet8
no shut
!
description <ISP NAME>
!
ip address <WAN STATIC> <WAN SUBNET>
ip access-group outside-in in
no ip redirects
ip nat outside
ip inspect in2out out
ip virtual-reassembly in
duplex auto
speed auto
interface Vlan2
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list nat-out interface GigabitEthernet8 overload
!
ip route 0.0.0.0 0.0.0.0 <ISP Gateway> name <ISP Name>
ip access-list extended nat-out
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended outside-in
permit tcp any any eq 22
permit icmp any any
permit gre any any
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
deny ip any any log
no cdp run
control-plane host
management-interface GigabitEthernet8 allow ssh
management-interface Vlan2 allow ssh
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
no vstack
banner login ^C
**********************************************
**********************************************
********* WARNING *********
* THIS SYSTEM IS FOR THE USE OF AUTHORIZED *
* USERS ONLY! *
**********************************************
**********************************************
^C
line con 0
exec-timeout 5 0
password <ENTER PW HERE>
no modem enable
line aux 0
exec-timeout 0 1
no exec
transport output none
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
password <ENTER PW HERE>
transport input ssh
line vty 5 15
exec-timeout 5 0
transport input ssh
exception memory ignore overflow processor
exception memory ignore overflow io
scheduler allocate 20000 1000
ntp server 129.6.15.28
ntp server 129.6.15.29
ntp server 129.6.15.30
Comments
Post a Comment