Default Configs

Hey guys, I'd like to know what you guys out there are doing for default configs. You know, the stuff you configure before you configure anything else, that template you have that you apply to every router and switch in your org before applying it's specific configurations. Anyone care to post some, i'd like to see what people are doing out there.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

ColbyG

I don't do anything special. I have templates for most everything I do, so I just plug in the new info and paste. Stuff I put on every lab router is:

hostname R1
!
no ip domain-loo
!
line con 0
logging synch
!
int lo0
ip add 1.1.1.1 255.255.255.255
!
<insert some aliases>

DevilWAH

I have a few different one

the basic,

hostname ###
int vlan 666
ip address xxx xxx
! vlan 666 is managment vlan

user name xxx level 15 secret xxxxxx%$$%$XXXXX

aaa new model
aaa authentication default group tacus local

crypto key generate

line vty 0 -15
authentication default
trransport input ssh
logging syn

spannning tree mode rstp

vtp mode client
VTP mode server
VTP mode client
! founnd this is a simple way to set vtp revisions back to 0
vtp domain VLA

ntp server xxx.xxx.xxx.xxx
ntp server yyy.yyy.yyy.yyy
clock summer time (cant think of the command

)

logging time stame date-time (again if forget the exact command)

snmp server commmuity ro <password>

ip default-gateway xxx.xxx.xxx.xxx

that about covers the basic set up, but i have it all written down on a tab of an excel spread sheet so i can copy and past.

then I have more default configs for specific tasks, most of these are only 5-10 lines of config and more to help me remember the command and make sure i keep it consistence across the network. We all know in CISCO there are a 100 ways to skin a cat, so espicaly with the less used configs no matter how simple they are its nice to have a master plan.

I work it with a spread sheet,

first sheet has switch going down the page,

then each swich has a few coloums with things like ,model, ip address, ios..

and then a series of colums, each one for a different part of the config.

ie, first is default config, then trunks, sys log, spanning tree, ntp, ether channels, vlans....

the header of each of these coloums takes you to a separate sheet with a default config for that particular part of the config, and an brief explanation to what it does (for others)

but i can then read across from a switch, ticking of the boxes as i go to make sure i carry out each step and don't miss anything.

but my default config, apart from host name and managment ip, only contains entries that will be identical on every switch on the network.

once I have the management up and running and the switch on the network I use kiwicat tools to apply a lot of the other config settings.

SysAdmin4066

I'm more concerned with production equipment here, not lab equipment. What are you guys putting out there on your production routers as a base config, before more specifically configuring the router/switch?

Good stuff DevilWah.

ColbyG

Our templates include all AAA config (tacacs), dot1x config (on switches only), VTY ACLs, SSH config and policy setups for firewalls.

DevilWAH

If I had to sum up the areas I focus on for the bare minimums I would say,

Management interface addressing
local passwords / authentication
SSH/telnet access including VTY line settings.
Default gateway

NTP and logging settings (no end of help with trouble shooting later on)
SNMP settings

Why dont you get some thing like notepad ++ that can do text compare. (or any other simmler tool)

then grab 4 or 5 various config's you have and run them together through the compare tool.
Any configs that are identical across the devices are ones to consider to add to your defaults.

CChN

SysAdmin4066 wrote: »

I'm more concerned with production equipment here, not lab equipment. What are you guys putting out there on your production routers as a base config, before more specifically configuring the router/switch?

Sounds like a social engineer at work! While we're at it, can you post your firewall rules and ACLs?

SysAdmin4066

My purpose is to see how my default or base configs stack up and if I'm missing anything pertinent. I'd love to hear from Mr. Turgon on this one. Paging Mr. Turgon lol.

I was asked this question in an interview once, so I guess they were socially engineering me as well? What could I possibly do with base configs, security wise?

Thanks DevilWah, that's an awesome suggestion. But I know what I/we use. Just seeing if i'm missing something. Thanks Colby, congrats again on the written. When are you looking at the lab bro?

Sepiraph

That's kind of an odd interview question because the default config. will depend on the technology and topology used, which will give you the network design. I guess your interviewer wants to ask an open-ended question to test your level of knowledge.

But the usual basic stuff will be whether it is a router or switch, then you want to:

1) Achieve connectivity first and foremost
2) Network management, this can be things like VLAN setup, SNMP setup, NTP setup, QoS setup, etc
3) Security, things like ACL, secure password, enable/disable services, AAA setup, etc

On my home lab I make use of aliases but I doubt that'd be on a production network.

SysAdmin4066

Good stuff. Sepiraph, there are things that we all do on routers, or switches brand new out of the box, across the board so that our infrastructure starts from an identical base. We have the same thing in place for our servers. Servers are built to the same standard, the same config, everytime, then that server's role is put in place on top of the default config. Some examples of default config that would be placed on every router would be NTP settings, or SNMP setup. Possibly a hostname might be part of that checklist. A management IP address might also be on that list. We have checklists for everything, to ensure that at least to start, all of our equipment is being deployed in a uniform manner. We even have checklists for like servers/routers/switches etc, like SQL servers for instance. All SQL servers start life as a base server first, then get configured as a base SQL server, then configured for whatever specifics they require. Does that make more sense guys? Maybe I didnt explain the question right.