conf t interface vlan10 ip address 1.2.3.2 255.255.255.0 exit ip default-gateway 1.2.3.1
conf t vtp mode off
no cluster run
no vstack
no service dhcp
conf t no ip http server no ip http secure-server
no service tcp-small-servers no service udp-small-servers
no ip finger
no ip dhcp bootp ignore
no ip domain-lookup
no service pad
no service config
conf t interface range gigabitEthernet 0/2-48 no cdp enable no lldp transmit no lldp receive
conf t service tcp-keepalives-in service tcp-keepalives-out
conf t ntp authenticate ntp authentication-key 150 md5 ticktock ntp trusted-key 150 ntp server 1.2.3.50 key 150 ntp server 1.2.3.51 key 150 ntp source vlan10
#ntp.conf enable auth keys keys /etc/ntp.keys trustedkey 150 #ntp.keys 150 M ticktock
Using the web interface. - Go to tab 'NTP', then 'General Settings' - Local Trusted Keys: 150 - Go to 'NTP Symmetric keys', click 'Edit NTP MD5 keys' - Add: '#1 MD5 EXAMPLE 150 MD5 ticktock' - Click Save Settings.
#sh ntp associations address ref clock st when poll reach delay offset disp *~95.97.208.29 .PZF. 1 7 64 57 1.093 2.708 440.38 +~95.97.208.30 .PPS. 1 4 64 167 1.141 3.547 190.44 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured #sh ntp status Clock is synchronized, stratum 2, reference is 95.97.208.29 nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17 reference time is D7912CA6.D0C5123E (23:26:30.815 UTC Sat Aug 9 2014) clock offset is 2.7081 msec, root delay is 1.09 msec root dispersion is 7945.18 msec, peer dispersion is 440.38 msec loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000010 s/s system poll interval is 64, last update was 289 sec ago.
! NTP access control ntp access-group query-only 1 ! deny all NTP control queries ntp access-group serve 1 ! deny all NTP time and control queries by default ntp access-group peer 10 ! permit time sync to configured peer(s)/server(s) only ntp access-group serve-only 1 ! deny all sync requests ! ! access control lists (ACLs) access-list 1 remark utility ACL to block everything access-list 1 deny any ! access-list 10 remark NTP peers/servers we sync to/with access-list 10 permit 95.97.208.29 access-list 10 permit 95.97.208.30 access-list 10 deny any !
conf t clock timezone CET 1 0 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
sh clock detail .01:36:47.946 CEST Sun Aug 10 2014 Time source is NTP Summer time starts 02:00:00 CET Sun Mar 30 2014 Summer time ends 03:00:00 CEST Sun Oct 26 2014
conf t service sequence-numbers service timestamps debug datetime localtime msec show-timezone service timestamps log datetime localtime msec show-timezone
interface gigabitEthernet 0/1 no shut switchport mode access switchport access vlan 10 description Management
Per default the native VLAN is VLAN 1. Change the native VLAN to the unused VLAN 20.
conf t interface range gigabitEthernet 0/1-48 switchport trunk native vlan 20
sh interfaces gigabitEthernet 0/10 trunk Port Mode Encapsulation Status Native vlan Gi0/10 auto 802.1q other 20 Port Vlans allowed on trunk Gi0/10 none Port Vlans allowed and active in management domain Gi0/10 none Port Vlans in spanning tree forwarding state and not pruned Gi0/10 none
conf t interface vlan1 shutdown
conf t interface range gigabitEthernet 0/2-48 switchport mode access switchport access vlan 20 switchport nonegotiate shut
#show interfaces status Port Name Status Vlan Duplex Speed Type Gi0/1 Management connected 10 a-full a-1000 10/100/1000BaseTX Gi0/2 disabled 20 auto auto 10/100/1000BaseTX Gi0/3 disabled 20 auto auto 10/100/1000BaseTX Gi0/4 disabled 20 auto auto 10/100/1000BaseTX Gi0/5 disabled 20 auto auto 10/100/1000BaseTX Gi0/6 disabled 20 auto auto 10/100/1000BaseTX Gi0/7 disabled 20 auto auto 10/100/1000BaseTX Gi0/8 disabled 20 auto auto 10/100/1000BaseTX Gi0/9 disabled 20 auto auto 10/100/1000BaseTX ... <snip>
conf t enable algorithm-type sha256 secret test12345
When synchronous logging of unsolicited messages and debug command output is enabled, unsolicited device output appears on the console or printed after solicited device output appears or is printed. Unsolicited messages and debug command output appears on the console after the prompt for user input is returned. Therefore, unsolicited messages and debug command output are not interspersed with solicited device output and prompts. After the unsolicited messages appear, the console again displays the user prompt.
line console 0 logging sync login local
sh run | include hostname sh run | include domain-name
config t crypto key generate rsa How many bits in the modulus [512]: 2048
line vty 0 15 transport input ssh login local
conf t ip ssh version 2 ip ssh time-out 30 ip ssh authentication-retries 3
conf t banner login $Access for authorized users only! $ end
Thanks Dennis, for providing the correct syntax!
config t username example algorithm-type sha256 secret test1234 do sh run | i example username example secret 8 $8$yJq4f/MpacJJ.r$ZeCjRxMd6b3qKDrZ5tozyx8IJSV5B8B./LTbVAljEoA
conf t aaa new-model aaa local authentication attempts max-fail 5 aaa authentication login default local
conf t line con 0 exec-timeout 5 line vty 0 15 exec-timeout 5
conf t #no logging console
conf t logging <host> logging trap <level>
conf t archive path scp://<username>:<password>@<hostname>/<directory>/file- write-memory
ip access-list standard SNMP permit host <ip-address monitoring host> deny any log
snmp-server location <location> snmp-server contact <email address>
snmp-server view MIB-2 mib-2 included
snmp-server group READONLY v3 priv read MIB-2
snmp-server user <username> READONLY v3 auth sha <passphrase> priv aes 128 <passphrase> access SNMP