set the telnet and enable passwords
line vty 0 4
login
password "telnet password"
exec-timeout 60 0
transport input telnet
exit
enable secret "enable password"
no enable password
|
set the services to sane levels
service password-encryption
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service tcp-small-servers
no service udp-small-servers
no ip bootp server
no ip finger
no ip http server
no ip source-route
ip classless
ip subnet-zero
|
every interface should have
int eth0
no ip directed-broadcast
no ip mroute-cache
exit
|
setup the timezone
clock timezone MST -7
clock summer-time MDT recurring
OR
clock timezone PST -8
clock summer-time PDT recurring
|
decide how to deal with DNS client config on the router
no ip domain-lookup
OR
ip domain-name firstlink.com
ip name-server 66.37.143.12
ip name-server 66.37.141.42
OR
ip domain-name yourdomain.com
ip name-server your.DNS.server.address
|
set the default route to the next router or interface upstream
This is usually the ISP router, or corporate router
ip route 0.0.0.0 0.0.0.0 192.168.253.1 250
OR
ip route 0.0.0.0 0.0.0.0 serial0/0.16 250
OR
|
setup logging
no logging console
logging 66.37.143.66 [or a more appropriate log server]
logging buffered 40960 informational
logging facility local7
logging monitor informational
logging source-interface eth0 [or whatever interface has a "well known" address]
|
setup NTP as needed. Pick three NTP servers from the list below
ntp server 130.207.244.240
ntp server 130.43.2.2
ntp server 140.142.16.34
ntp server 192.5.41.40
ntp server 192.5.41.41
ntp server 204.34.198.40
ntp server 209.38.13.254
ntp update-calendar
routers make great NTP servers!
ntp master 3
|
Frame Relay setup on CPE
interface Serial0
no ip address
no ip directed-broadcast
encapsulation frame-relay IETF
no ip route-cache
!
service-module t1 clock source line
service-module t1 framing esf
service-module t1 linecode b8zs
service-module t1 lbo none
service-module t1 timeslots 1-4 ! 256K
!
interface Serial0.16 point-to-point
description 24/YGGA/002244
ip address 192.168.253.94 255.255.255.252
no ip directed-broadcast
no ip route-cache
frame-relay interface-dlci 16 protocol ip 192.168.253.93
|
setup NAT/PAT for one address
The following will setup PAT and translate any host connected on,
or behind fastethernet0, with IP address 10.10.199.*, to 66.37.129.153.
This setup is useful for outgoing traffic, but does not allow generic
incoming traffic.
access-list 10 permit 10.10.199.0 0.0.0.255
ip nat pool SOMENAME 66.37.129.153 66.37.129.153 netmask 255.255.255.252
ip nat inside source list 10 pool SOMENAME overload
int serial0.16
ip nat outside
int fast0
ip nat inside
setup static NAT
ip nat inside source static 10.10.199.2 66.37.129.152 no-alias
|