Default Configs
SysAdmin4066
Member Posts: 443
in CCIE
Hey guys, I'd like to know what you guys out there are doing for default configs. You know, the stuff you configure before you configure anything else, that template you have that you apply to every router and switch in your org before applying it's specific configurations. Anyone care to post some, i'd like to see what people are doing out there.
In Progress: CCIE R&S Written Scheduled July 17th (Tentative)
Next Up: CCIE R&S Lab
Next Up: CCIE R&S Lab
Comments
-
ColbyG Member Posts: 1,264I don't do anything special. I have templates for most everything I do, so I just plug in the new info and paste. Stuff I put on every lab router is:
hostname R1
!
no ip domain-loo
!
line con 0
logging synch
!
int lo0
ip add 1.1.1.1 255.255.255.255
!
<insert some aliases> -
DevilWAH Member Posts: 2,997 ■■■■■■■■□□I have a few different one
the basic,
hostname ###
int vlan 666
ip address xxx xxx
! vlan 666 is managment vlan
user name xxx level 15 secret xxxxxx%$$%$XXXXX
aaa new model
aaa authentication default group tacus local
crypto key generate
line vty 0 -15
authentication default
trransport input ssh
logging syn
spannning tree mode rstp
vtp mode client
VTP mode server
VTP mode client
! founnd this is a simple way to set vtp revisions back to 0
vtp domain VLA
ntp server xxx.xxx.xxx.xxx
ntp server yyy.yyy.yyy.yyy
clock summer time (cant think of the command )
logging time stame date-time (again if forget the exact command)
snmp server commmuity ro <password>
ip default-gateway xxx.xxx.xxx.xxx
that about covers the basic set up, but i have it all written down on a tab of an excel spread sheet so i can copy and past.
then I have more default configs for specific tasks, most of these are only 5-10 lines of config and more to help me remember the command and make sure i keep it consistence across the network. We all know in CISCO there are a 100 ways to skin a cat, so espicaly with the less used configs no matter how simple they are its nice to have a master plan.
I work it with a spread sheet,
first sheet has switch going down the page,
then each swich has a few coloums with things like ,model, ip address, ios..
and then a series of colums, each one for a different part of the config.
ie, first is default config, then trunks, sys log, spanning tree, ntp, ether channels, vlans....
the header of each of these coloums takes you to a separate sheet with a default config for that particular part of the config, and an brief explanation to what it does (for others)
but i can then read across from a switch, ticking of the boxes as i go to make sure i carry out each step and don't miss anything.
but my default config, apart from host name and managment ip, only contains entries that will be identical on every switch on the network.
once I have the management up and running and the switch on the network I use kiwicat tools to apply a lot of the other config settings.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
SysAdmin4066 Member Posts: 443I'm more concerned with production equipment here, not lab equipment. What are you guys putting out there on your production routers as a base config, before more specifically configuring the router/switch?
Good stuff DevilWah.In Progress: CCIE R&S Written Scheduled July 17th (Tentative)
Next Up: CCIE R&S Lab -
ColbyG Member Posts: 1,264Our templates include all AAA config (tacacs), dot1x config (on switches only), VTY ACLs, SSH config and policy setups for firewalls.
-
DevilWAH Member Posts: 2,997 ■■■■■■■■□□If I had to sum up the areas I focus on for the bare minimums I would say,
Management interface addressing
local passwords / authentication
SSH/telnet access including VTY line settings.
Default gateway
NTP and logging settings (no end of help with trouble shooting later on)
SNMP settings
Why dont you get some thing like notepad ++ that can do text compare. (or any other simmler tool)
then grab 4 or 5 various config's you have and run them together through the compare tool.
Any configs that are identical across the devices are ones to consider to add to your defaults.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
CChN Member Posts: 81 ■■□□□□□□□□SysAdmin4066 wrote: »I'm more concerned with production equipment here, not lab equipment. What are you guys putting out there on your production routers as a base config, before more specifically configuring the router/switch?
Sounds like a social engineer at work! While we're at it, can you post your firewall rules and ACLs?RFCs: the other, other, white meat. -
SysAdmin4066 Member Posts: 443My purpose is to see how my default or base configs stack up and if I'm missing anything pertinent. I'd love to hear from Mr. Turgon on this one. Paging Mr. Turgon lol.
I was asked this question in an interview once, so I guess they were socially engineering me as well? What could I possibly do with base configs, security wise?
Thanks DevilWah, that's an awesome suggestion. But I know what I/we use. Just seeing if i'm missing something. Thanks Colby, congrats again on the written. When are you looking at the lab bro?In Progress: CCIE R&S Written Scheduled July 17th (Tentative)
Next Up: CCIE R&S Lab -
Sepiraph Member Posts: 179 ■■□□□□□□□□That's kind of an odd interview question because the default config. will depend on the technology and topology used, which will give you the network design. I guess your interviewer wants to ask an open-ended question to test your level of knowledge.
But the usual basic stuff will be whether it is a router or switch, then you want to:
1) Achieve connectivity first and foremost
2) Network management, this can be things like VLAN setup, SNMP setup, NTP setup, QoS setup, etc
3) Security, things like ACL, secure password, enable/disable services, AAA setup, etc
On my home lab I make use of aliases but I doubt that'd be on a production network. -
SysAdmin4066 Member Posts: 443Good stuff. Sepiraph, there are things that we all do on routers, or switches brand new out of the box, across the board so that our infrastructure starts from an identical base. We have the same thing in place for our servers. Servers are built to the same standard, the same config, everytime, then that server's role is put in place on top of the default config. Some examples of default config that would be placed on every router would be NTP settings, or SNMP setup. Possibly a hostname might be part of that checklist. A management IP address might also be on that list. We have checklists for everything, to ensure that at least to start, all of our equipment is being deployed in a uniform manner. We even have checklists for like servers/routers/switches etc, like SQL servers for instance. All SQL servers start life as a base server first, then get configured as a base SQL server, then configured for whatever specifics they require. Does that make more sense guys? Maybe I didnt explain the question right.In Progress: CCIE R&S Written Scheduled July 17th (Tentative)
Next Up: CCIE R&S Lab