Standardize router configs

Answered Question

I have a network of approx 40 routers spread across the US. I would like to be able to create on standardized config excluding IP addresses that I could upload to these routers. Any ideas, hints, or solutions would be appreciated.

Correct Answer by Collin Clark about 9 years 5 months ago

David-


What I do is probably rudimentary but it works. I have a txt file with all the features, security fixes, interfaces, set. Then I simply copy-n-paste into a router. I'll share a sanitized version if you like.


HTH

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (3 ratings)
Loading.
Correct Answer
Collin Clark Wed, 12/12/2007 - 09:44
User Badges:
  • Purple, 4500 points or more

David-


What I do is probably rudimentary but it works. I have a txt file with all the features, security fixes, interfaces, set. Then I simply copy-n-paste into a router. I'll share a sanitized version if you like.


HTH

Using a text file is what I figured I needed to do. I assume that what I could do after configuring the text file to meet my needs is to access the router is to first use the "reload in 10 command" in case something goes wrong so that the router with reload back to it's original config. Then go into config mode and copy-paste the new config to the router and keep my fingers crossed. Please share the text file if you please.

Collin Clark Wed, 12/12/2007 - 10:32
User Badges:
  • Purple, 4500 points or more

no service pad

no service config

no service finger

no ip icmp redirect

no ip bootp server

no ip identd

no ip finger

no ip gratuitous-arps

no ip source-route

service sequence-numbers

service tcp-keepalives-in

service tcp-keepalives-out

no service udp-small-servers

no service tcp-small-servers

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption



username UsErNaMe secret PaSsWoRd

enable secret MySuPeRSeCrEtPaSsWoRd

no ip domain-lookup

ip domain-name {your domain name]

clock timezone CST -6

clock summer-time CDT recurring

clock summer-time CST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ntp server [server 1]

ntp server [server 2]

logging on

logging source-interface Loopback0

logging buffered 16000

logging buffered debug

no logging monitor

no logging console

logging trap notification

logging [server 1]

no ip http server

no ip http secure-server


aaa new-model

aaa authentication login TACGROUP group tacacs+ local

aaa authorization commands 15 TACGROUP group tacacs+ none

aaa accounting commands 15 TACGROUP stop-only group tacacs+

aaa accounting connection TACGROUP start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

tacacs-server host [server 1] key SeCrEtKeY

ip tacacs source loopback0


access-list 10 remark SSH Access

access-list 10 permit [PC 1]

access-list 10 permit [PC 2]

access-list 50 remark SNMP Access

access-list 50 permit [PC 1]

access-list 50 permit [PC 3]


snmp-server community SeCuReStRiNg RO 50

snmp-server ifindex persist

snmp-server trap-source Loopback0



banner login ^

********************************************************************************

This computer system and all associated network connectivity (including

Internet access) is provided only for authorized business purposes. Authorized

personnel may monitor these systems for management and data security purposes.

Use of these systems (authorized or not) constitutes acceptance of these terms.

The systems data is subject to the privacy act of 1974 (552A amended). Any

individual(s) responsible for unauthorized data disclosure or other misuse may

be subject to civil or criminal penalties.

********************************************************************************

^

crypto key generate rsa

1024

ip ssh time-out 60

ip ssh authentication-retries 2


line con 0

exec-timeout 5 0

login authentication TACGROUP

logging synchronous

line vty 0 4

access-class 10 in

login authentication TACGROUP

privilege level 15

exec-timeout 5 0

logging synchronous

transport input ssh

exit

line aux 0

no password

transport input none

no exec

exec-timeout 0 1

exit


router eigrp 123

no auto-summary

passive-interface default

exit



cisco24x7 Mon, 12/17/2007 - 19:31
User Badges:
  • Silver, 250 points or more

All of this can be done with a simple

Perl or Expect script.

shiva_ial Tue, 12/18/2007 - 01:36
User Badges:

you can try with SNMP write option

but u have to define the snmp server in config once then from server you can write the config


Actions

This Discussion