12-12-2007 08:51 AM
I have a network of approx 40 routers spread across the US. I would like to be able to create on standardized config excluding IP addresses that I could upload to these routers. Any ideas, hints, or solutions would be appreciated.
Solved! Go to Solution.
12-12-2007 09:44 AM
David-
What I do is probably rudimentary but it works. I have a txt file with all the features, security fixes, interfaces, set. Then I simply copy-n-paste into a router. I'll share a sanitized version if you like.
HTH
12-12-2007 09:44 AM
David-
What I do is probably rudimentary but it works. I have a txt file with all the features, security fixes, interfaces, set. Then I simply copy-n-paste into a router. I'll share a sanitized version if you like.
HTH
12-12-2007 10:14 AM
Using a text file is what I figured I needed to do. I assume that what I could do after configuring the text file to meet my needs is to access the router is to first use the "reload in 10 command" in case something goes wrong so that the router with reload back to it's original config. Then go into config mode and copy-paste the new config to the router and keep my fingers crossed. Please share the text file if you please.
12-12-2007 10:32 AM
no service pad
no service config
no service finger
no ip icmp redirect
no ip bootp server
no ip identd
no ip finger
no ip gratuitous-arps
no ip source-route
service sequence-numbers
service tcp-keepalives-in
service tcp-keepalives-out
no service udp-small-servers
no service tcp-small-servers
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
username UsErNaMe secret PaSsWoRd
enable secret MySuPeRSeCrEtPaSsWoRd
no ip domain-lookup
ip domain-name {your domain name]
clock timezone CST -6
clock summer-time CDT recurring
clock summer-time CST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ntp server [server 1]
ntp server [server 2]
logging on
logging source-interface Loopback0
logging buffered 16000
logging buffered debug
no logging monitor
no logging console
logging trap notification
logging [server 1]
no ip http server
no ip http secure-server
aaa new-model
aaa authentication login TACGROUP group tacacs+ local
aaa authorization commands 15 TACGROUP group tacacs+ none
aaa accounting commands 15 TACGROUP stop-only group tacacs+
aaa accounting connection TACGROUP start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
tacacs-server host [server 1] key SeCrEtKeY
ip tacacs source loopback0
access-list 10 remark SSH Access
access-list 10 permit [PC 1]
access-list 10 permit [PC 2]
access-list 50 remark SNMP Access
access-list 50 permit [PC 1]
access-list 50 permit [PC 3]
snmp-server community SeCuReStRiNg RO 50
snmp-server ifindex persist
snmp-server trap-source Loopback0
banner login ^
********************************************************************************
This computer system and all associated network connectivity (including
Internet access) is provided only for authorized business purposes. Authorized
personnel may monitor these systems for management and data security purposes.
Use of these systems (authorized or not) constitutes acceptance of these terms.
The systems data is subject to the privacy act of 1974 (552A amended). Any
individual(s) responsible for unauthorized data disclosure or other misuse may
be subject to civil or criminal penalties.
********************************************************************************
^
crypto key generate rsa
1024
ip ssh time-out 60
ip ssh authentication-retries 2
line con 0
exec-timeout 5 0
login authentication TACGROUP
logging synchronous
line vty 0 4
access-class 10 in
login authentication TACGROUP
privilege level 15
exec-timeout 5 0
logging synchronous
transport input ssh
exit
line aux 0
no password
transport input none
no exec
exec-timeout 0 1
exit
router eigrp 123
no auto-summary
passive-interface default
exit
12-17-2007 07:31 PM
All of this can be done with a simple
Perl or Expect script.
12-18-2007 01:36 AM
you can try with SNMP write option
but u have to define the snmp server in config once then from server you can write the config
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide