Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Standardize router configs

I have a network of approx 40 routers spread across the US. I would like to be able to create on standardized config excluding IP addresses that I could upload to these routers. Any ideas, hints, or solutions would be appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Standardize router configs

David-

What I do is probably rudimentary but it works. I have a txt file with all the features, security fixes, interfaces, set. Then I simply copy-n-paste into a router. I'll share a sanitized version if you like.

HTH

5 REPLIES

Re: Standardize router configs

David-

What I do is probably rudimentary but it works. I have a txt file with all the features, security fixes, interfaces, set. Then I simply copy-n-paste into a router. I'll share a sanitized version if you like.

HTH

New Member

Re: Standardize router configs

Using a text file is what I figured I needed to do. I assume that what I could do after configuring the text file to meet my needs is to access the router is to first use the "reload in 10 command" in case something goes wrong so that the router with reload back to it's original config. Then go into config mode and copy-paste the new config to the router and keep my fingers crossed. Please share the text file if you please.

Re: Standardize router configs

no service pad

no service config

no service finger

no ip icmp redirect

no ip bootp server

no ip identd

no ip finger

no ip gratuitous-arps

no ip source-route

service sequence-numbers

service tcp-keepalives-in

service tcp-keepalives-out

no service udp-small-servers

no service tcp-small-servers

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

username UsErNaMe secret PaSsWoRd

enable secret MySuPeRSeCrEtPaSsWoRd

no ip domain-lookup

ip domain-name {your domain name]

clock timezone CST -6

clock summer-time CDT recurring

clock summer-time CST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ntp server [server 1]

ntp server [server 2]

logging on

logging source-interface Loopback0

logging buffered 16000

logging buffered debug

no logging monitor

no logging console

logging trap notification

logging [server 1]

no ip http server

no ip http secure-server

aaa new-model

aaa authentication login TACGROUP group tacacs+ local

aaa authorization commands 15 TACGROUP group tacacs+ none

aaa accounting commands 15 TACGROUP stop-only group tacacs+

aaa accounting connection TACGROUP start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

tacacs-server host [server 1] key SeCrEtKeY

ip tacacs source loopback0

access-list 10 remark SSH Access

access-list 10 permit [PC 1]

access-list 10 permit [PC 2]

access-list 50 remark SNMP Access

access-list 50 permit [PC 1]

access-list 50 permit [PC 3]

snmp-server community SeCuReStRiNg RO 50

snmp-server ifindex persist

snmp-server trap-source Loopback0

banner login ^

********************************************************************************

This computer system and all associated network connectivity (including

Internet access) is provided only for authorized business purposes. Authorized

personnel may monitor these systems for management and data security purposes.

Use of these systems (authorized or not) constitutes acceptance of these terms.

The systems data is subject to the privacy act of 1974 (552A amended). Any

individual(s) responsible for unauthorized data disclosure or other misuse may

be subject to civil or criminal penalties.

********************************************************************************

^

crypto key generate rsa

1024

ip ssh time-out 60

ip ssh authentication-retries 2

line con 0

exec-timeout 5 0

login authentication TACGROUP

logging synchronous

line vty 0 4

access-class 10 in

login authentication TACGROUP

privilege level 15

exec-timeout 5 0

logging synchronous

transport input ssh

exit

line aux 0

no password

transport input none

no exec

exec-timeout 0 1

exit

router eigrp 123

no auto-summary

passive-interface default

exit

Silver

Re: Standardize router configs

All of this can be done with a simple

Perl or Expect script.

New Member

Re: Standardize router configs

you can try with SNMP write option

but u have to define the snmp server in config once then from server you can write the config

137
Views
7
Helpful
5
Replies