! Last Configuration Change at 08:29:42 EST Mon Feb 20 2014 by Mwk

! Last configuration change at 08:29:42 EST Mon Feb 20 2014 by mwk

! NVRAM config last updated at 08:29:43 EST Mon Feb 20 2014 by mwk

!

version 12.4

no service pad

!

servicetcp-keepalives-in (Used for managing sessions)

servicetcp-keepalives-out

!

service timestamps debug datetimelocaltime show-timezone(used for logging)

service timestamps log datetimelocaltime show-timezone (used for logging)

service password-encryption (encrypt all passwords)

!

hostnameMK_Router

!

!
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx (enable password set)

!
!!!!!!!!!!!!!!!!!!! TACACS+ SERVER NETWORK INFO !!!!!!!!!!!!!!!!!!!!!!
!

tacacs-server host 192.168.1.100 key 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
! Points the router to the TACACS+ server, secret key shared by router and server
tacacs-server directed-request
! Sends only username to TACACS+ for authentication (before @)

tacacs-server administration

! Enables the handling of administrative messages by the TACACS+ daemon
!
!!!!!!!!!!!!!!!!!!!!!!!!! ENABLE TACACS+ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

aaa new-model

! Enables AAA globally

!

!!!!!!!!!!!!!!!!!!!!!!!!!! DEFINE METHOD LIST !!!!!!!!!!!!!!!!!!!!!!!!!!!!
!

aaa authentication login mwkacs group tacacs+ local enable

! User must authentication with TACACS+ to login, method listmwkacs defined
!

aaa authentication enable default group tacacs+ enable
! Users must authenticate to go to privilege mode

!
aaa authorization exec mwkacs group tacacs+ local
! Ensure access only to users whose profiles are configured with administrative access

!

aaa authorization commands 15 mwkacs group tacacs+ local none

! Define method list to authorize the execution of administrative level commands

!

aaa accounting exec mwkacs start-stop group tacacs+

! Enables accounting of an EXEC session, method list tacacs+

! Sends a “start accounting” notice and “stop accounting” notice for process

!

aaa accounting commands 15 mwkacs start-stop group tacacs+

! Enable accounting of privileged commands, method list

!

clocktimezone EST -5

clock summer-time EDT recurring

noip source-route (Disable unused services)

noip gratuitous-arps“”

noipbootp server“”

noip domain lookup“”

usernameNetAdmin secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx (create unique username)

!

interface Loopback0

ip address 10.1.3.252 255.255.255.255

! (Defines loopback interface and assign an IP address)

!

interfaceSerial0/0

description *** WAN1 ***

ip address 10.1.1.26 255.255.255.252

ip access-group mark_filter out (assign access list)

!

interface FastEthernet0/1

description *** LAN Floor 1 ***

ip address 10.25.20.9 255.255.255.0

noip proxy-arp

duplex auto

speed auto

!

routerospf10 (enable OSPF routing protocol, with NO authentication)

router-id 10.1.3.26

log-adjacency-changes

network 10.1.1.24 0.0.0.3 area 0

network 10.25.20.8 0.0.0.3 area 0

!

!

noip http server

noip http secure-server

!

iptacacs source-interface Loopback0 (bind TACACS to Loopback address)

!

ip access-list extended mark_filter (extended named ACL)

deny ip host 191.164.1.1 any

permitip any any

!

logging buffered 100000 informational(The logging buffer is circular, so newer messages overwrite older messages after the buffer is filled)

logging trap notifications (Normal but significant conditions)

logging source-interface Loopback0

logging 192.168.5.15

logging 192.168.5.10

!

access-list 5 permit 192.168.5.0 0.0.0.255

access-list 5 permit 10.10.10.60 0.0.0.3

access-list 111 permit ip 10.254.253.0 0.0.0.255 10.24.111.0 0.0.0.3(extended ACL)

access-list 112 permit ip host 10.254.253.1 10.24.95.0 0.0.0.3

!
snmp-server community xxxxxxxxxxxxxxxxxxxxxxxxxx RO (SNMP community string set)

snmp-server community xxxxxxxxxxxxxxxxxxxxxxxxxx RW 5(access-list 5)

!

nocdp run (Turn off CDP)

!

control-plane

!

!!!!!!!! Creates a login banner !!!!!!!!!!!!!!!!!

bannermotd

******************Warning! Warning! Warning!***********************

This system is restricted to authorized users for business purposes only.

Unauthorized access is a violation of the law. This service may bemonitored for administrative and security reasons. By proceeding youconsent to this monitoring.

*******************Warning! Warning!Warning! ***********************

!

line con 0

exec-timeout 5 0

login local

!

line aux 0
!

!!!!!!!!!!!!!!!!!!!APPLY METHOD LIST TO VTY LINE !!!!!!!!!!!!!!!!!!!!!

!
linevty 0 4

access-class 5 in(applies access list 5)

exec-timeout 5 0 (idle time out 5 minutes)

authorization commands 15 mwkacs(method list applied)

authorization exec mwkacs (method list applied)

accounting commands 15 mwkacs (method list applied)

accounting exec mwkacs(method list applied)

login authentication mwkacs(method list applied)

transport input ssh (allows SSH only)

transport output none(remoteto other network devices, not allowed)

!

ntp source Loopback0 (NTP settings)

ntp server 10.1.2.25

ntp server 10.1.2.24

!

End