Sunday 12 May 2019
Best Practice Configuration for IOS-XR (Part 1)
There are sample best practice commands that need to be configured in IOS-XR devices for additional security.
Global config:
nsr process-failures switchover
tcp path-mtu-discovery
tcp selective-ack
logging console disable
snmp-server ifmib stats cache
ssh server logging
no telnet vrf $vrf-name ipv4 server
ssh client source-interface $$loopback0
logging events link-status software-interfaces
Admin config:
upgrade fpd all loc all
fpd auto-upgrade
Interface config:
interface name
ipv4 unreachable disable
ipv6 unreachable disable
dampening 1 xxx yyy 1
OSPF config:
router ospf xxx
graceful-restart
router ospfv3 xxx
graceful-restart
MPLS LDP:
mpls ldp neighbor <ip_address> password <pwd>’
AAA:
aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none
Subscribe to:
Post Comments (Atom)
-
How to upgrade Field Programmable Device (FPD) on Cisco IOS XR As per Cisco official documentation, the definition of FPD as follows: An ...
-
SPAN mirrors receive or transmit (or both) traffic on one or more source ports to a destination port for analysis. A copy of the packets r... -
Configuration Inconsistency and Errors Verification in Cisco ASR9000 RP/0/RSP0/CPU0:ASR9K-ROUTER#show redundancy Thu Feb 14 03:06:44.176...
No comments:
Post a Comment