no service pad ! no X.25 PAD service
no service finger ! Don't allow users to check other's user names
no ip source-route ! Don't allow packets with predefined routes
no ip http server ! No HTTP access *** !!! ***
no service tcp-small-servers ! No access to minor TCP/IP services
no service udp-small-servers ! No access to minor UDP services
no ip bootp server ! Don't provide config for unknown systems
service nagle ! Enable the Nagle congestion control algorithm for Telnet
(reduces number of packets sent during Telnet ses-sion)
no enable password ! Don't use weak password encryption
service password-encryption
enable secret ! Use "secret" passwords - not possible to decrypt
no cdp advertise-v2
no cdp run
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
logging 10.10.10.10 ! Logging to the log-server
logging buffered 128000 debugging
logging trap notifications
logging source-interface Loopback
line vty 0 x
exec time-out 3 0
transport input telnet ! Only Telnet is allowed to use
transport output none ! No nested transport FROM the router
transport preferred none ! Don't try to use telnet for unknown command
snmp-server enable traps snmp ! SNMP traps
snmp-server enable traps config ! Config traps
snmp-server enable traps vlan-membership ! Entity traps
snmp-server enable traps vtp ! Environmental monitor traps
snmp-server community ??? RO 21 ! ??? is the community to use
snmp-server community ??? RW 26 ! ??? RW community string
access-list 26 remark - RW SNMP access by
access-list 26 permit x.y.z.a
access-list 26 remark - RW more hosts to access
access-list 26 permit x.y.z.a 0.0.0.b
