A basic Router configuration.

  http://www.w3schools.com/html/html_links.asp

A basic Router configuration with references to the commands.

The Commands.

  1. version 99.9
  2. service timestamps debug uptime
  3. service timestamps log uptime
  4. service password-encryption
  5. no service udp-small-servers
  6. no service tcp-small-servers
  7. !
  8. hostname FAKE
  9. !
  10. !
  11. ip subnet-zero
  12. ip domain-name fake.com
  13. ip name-server 170.30.18.7
  14. ipx routing 0000.0000.db7c
  15. clock timezone est -5
  16. clock summer-time edt recurring
  17. !
  18. interface Ethernet0
  19. description LAN connection to FAKE
  20. ip address 170.30.34.254 255.255.255.0
  21. ip access-group 101 in
  22. no ip redirects
  23. no ip directed-broadcast
  24. no ip route-cache
  25. ip ospf priority 5
  26. no ip mroute-cache
  27. lat enabled
  28. ipx network 1703034
  29. no mop enabled
  30. bridge-group 1
  31. !
  32. interface Ethernet1
  33. no ip address
  34. no ip directed-broadcast
  35. shutdown
  36. !
  37. interface Serial0
  38. description CONNECTION TO FAKE PLACE
  39. ip address 170.30.3.202 255.255.255.252
  40. ip access-group 101 in
  41. no ip redirects
  42. no ip directed-broadcast
  43. no ip route-cache
  44. ip ospf priority 0
  45. no ip mroute-cache
  46. lat enabled
  47. no fair-queue
  48. mop enabled
  49. bridge-group 1
  50. !
  51. interface Serial1
  52. no ip address
  53. no ip directed-broadcast
  54. shutdown
  55. !
  56. router ospf 37
  57. network 170.30.34.0 0.0.0.255 area 170.30.34.0
  58. network 170.30.3.200 0.0.0.3 area 170.30.34.0
  59. !
  60. no ip classless
  61. no logging console
  62. logging trap debugging
  63. logging 170.30.18.9
  64. access-list 101 deny   53 any any
  65. access-list 101 deny   55 any any
  66. access-list 101 deny   77 any any
  67. access-list 101 deny   103 any any
  68. access-list 101 deny   ip host 0.0.0.0 any
  69. access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
  70. access-list 101 deny   ip 192.0.2.0 0.0.0.255 any
  71. access-list 101 deny   ip 224.0.0.0 0.15.255.255 any
  72. access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
  73. access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
  74. access-list 101 permit ip any any
  75. !
  76. !
  77. !
  78. !
  79. snmp-server community private
  80. snmp-server community public
  81. snmp-server host 170.30.18.7 public
  82. bridge 1 protocol dec
  83. !
  84. line con 0
  85. line aux 0
  86. line vty 0 4
  87. !
  88. ntp clock-period 17180635
  89. ntp server 192.43.244.18 prefer
  90. end

service timestamps log uptime            

 

Back to Top

service password-encryption              Encrypts all passwords using MD5 hashing. 

 

Back to Top

no service udp-small-servers            

http://cio.cisco.com/warp/public/707/3.html#app     If the udp-small-servers command is enabled, a Cisco IOSŪ software device may reply to malformed udp echo packets with some of the contents stored in a router's memory. By repeatedly sending malformed udp echo packets and capturing the replies, an attacker can obtain portions of the data that is stored in a router's memory.

Back to Top

no service tcp-small-servers            

 

Back to Top

!                                                           Line space on the configuration

Has no effect on the configuration.

Back to Top

hostname                                            The name of the Router.

Seen by others as they log into the router. Useful to determine which router you are currently in.

Back to Top

ip subnet-zero                                    Allows the use of the first network, after subnetting is created, to be used.

http://www.cisco.com/warp/public/105/40.html      Rfc 950

Back to Top

ip domain-name fake.com                 Default domain name used to complete unqualified host names.

Any IP host name that does not contain a domain name (that is, any name without a dot) will have the dot and fake.com appended to it before being added to the host table.

Back to Top

ip name-server 170.30.18.7               The DNS server the Router will use.

Has no effect on hosts or other devices.

Back to Top

ipx routing 0000.0000.db7c                

 

Back to Top

clock timezone est -5                        The time zone that is used for the router.

This command enables the router to be able to interpret the UTC time from a Time server and adjust it to the Local Time. 

Back to Top

clock summer-time edt recurring     Enables the router to account for Daylight savings time.

You set the date to change times.

Back to Top

interface Ethernet0                            Placeholder for showing the first Ethernet port.

May also be Ethernet 0/0 for the first Eth port in the first slot. or FastEthernet 0/0

Back to Top

description LAN connection to FAKE            The label in configuration for the first Ethernet port.

Labeling all ports and the Router makes troubleshooting easier. If for example you have several providers for T1 lines, ISDN or Frame-Relay this would be a good place to put names, contact numbers or circuit numbers.

Back to Top

ip address 170.30.34.254 255.255.255.0         The ip address of the interface.

Followed by the subnet mask.

Back to Top

ip access-group 101 in                        Application of the rule specified later and direction of traffic 

                                                              in which the rule will take effect.

 

Back to Top

no ip redirects            ??? Prevents a packet from being accepted into port X and being routed out port X ???

 

Back to Top

no ip directed-broadcast                        Prevents the ability to ping the Network address.

By spoofing a legitimate ip address on a network and pinging the network address you can have the replies of every host on that network go to the spoofed host and killing its network bandwidth.

Back to Top

no ip route-cache            

 

Back to Top

ip ospf priority 5            

 

Back to Top

no ip mroute-cache            

 

Back to Top

lat enabled                                            Enables the DecNet protocol LAT

The Local Area Transport (LAT) protocol is designed to handle multiplexed terminal traffic to/from timesharing hosts. This protocol is bridged. http://www.cisco.com/warp/public/535/5.html

Back to Top

ipx network 1703034            

 

Back to Top

no mop enabled                                    Disallows DEC's Maintenance Operations Protocol

http://www.cisco.com/warp/public/535/5.html

Back to Top

bridge-group 1                                    The bridging component for LAT and MOP.

 

Back to Top

interface Ethernet1                            Placeholder for showing the second Ethernet port.

 

Back to Top

no ip address                                      This interface doesn't have an ip address associated with it.

 

Back to Top

shutdown                                            This interface is administratively shut down.

Even with a ip address associated with it, this interface will not pass traffic until the no shutdown command is issued for this interface.

Back to Top

interface Serial0                                Placeholder for showing the First Serial port.

 

Back to Top

router ospf 37                                    Area number for the OSPF routing protocol.

OSPF Open Shortest Path First

Back to Top

network            

 

Back to Top

no ip classless            

 

Back to Top

no logging console            

 

Back to Top

logging trap debugging           

 

Back to Top

logging 170.30.18.9            

 

Back to Top

access-list 101 deny 53 any any            Router rule to be applied to a specific port.

   

Back to Top

access-list 101 permit ip any any             Router rule to be applied to a specific port.

   

Back to Top

snmp-server community private            Private snmp name.

   

Back to Top

snmp-server community public            Public snmp name.

   

Back to Top

snmp-server host 170.30.18.7 public            Simple Network Management Protocol reporting destination.

Where snmp traps should be sent.

Back to Top

bridge 1 protocol dec            

   

Back to Top

line con 0                                            Console port.

   

Back to Top

line aux 0                                            Auxiliary port. Physical port on router.

   

Back to Top

line vty 0 4                                            Virtual Terminal line for Telnet.

 

Back to Top

ntp clock-period 17180635            The router compensating for the clock slippage error.

The router automatically updates this to compensate for the difference between the time on the NTP server and the router clock. The number 17180635 was generated by the router and should not be manually modified.

http://www.cisco.com/univercd/cc/td/doc/product/atm/ls1010s/11_1/cr/lscrn.htm#12035

Back to Top

ntp server 192.43.244.18 prefer            Where the router gets its NTP updates.

   

Back to Top

end            

   

Back to Top

 

Cisco Config Maker Cisco Ip Subnet Calculator

Please post corrections, comments, really good jokes or pictures of read-heads to egs@N0SPAMwebstafford.com