Sunday, 12 May 2019
Best Practice Configuration for IOS-XR (Part 1)
There are sample best practice commands that need to be configured in IOS-XR devices for additional security.
Global config:
nsr process-failures switchover
tcp path-mtu-discovery
tcp selective-ack
logging console disable
snmp-server ifmib stats cache
ssh server logging
no telnet vrf $vrf-name ipv4 server
ssh client source-interface $$loopback0
logging events link-status software-interfaces
Admin config:
upgrade fpd all loc all
fpd auto-upgrade
Interface config:
interface name
ipv4 unreachable disable
ipv6 unreachable disable
dampening 1 xxx yyy 1
OSPF config:
router ospf xxx
graceful-restart
router ospfv3 xxx
graceful-restart
MPLS LDP:
mpls ldp neighbor <ip_address> password <pwd>’
AAA:
aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none
Subscribe to:
Post Comments (Atom)
-
Assumption: JunOS is downloaded and stored in an FTP server. Step1: Download the necessary image from the FTP server. Save it in the /var/tm...
-
1.Remote access should be via SSH and telnet is disabled IOS-XR: no telnet ipv4 server Nexus OS: no feature telnet feature ssh feature tacac...
-
Taking Cisco's Sample Legal Banner message from their Network Security Baseline page. Sample Legal Banner Notification Configuration !...
No comments:
Post a Comment