Cisco IOS configuration snippets

Collection of Cisco IOS router and switch configuration snippets

Automatic configuration backup to FTP every day

kron policy-list config-backup
 cli show running-config | redirect ftp://username:password@ftp.server.com/myrouter.confg
 exit
kron occurrence config-backup at 13:00 recurring
 policy-list config-backup
 exit

Timezone configuration for Belgium

clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00

To display log entries in local time (IOS will show entries in the log using UTC by default):

service timestamps log datetime localtime

To add the timezone to the stamps:

service timestamps log datetime localtime show-timezone

Other timezones

Texas (CST/DST)

clock timezone CST -6 0
clock summer-time CDT recurring 2 Sun Mar 2:00 first Sun Nov 2:00

Destination NAT, 1:1

When switching IP ranges it may come in handy to temporary have the old IP’s working until everything is migrated. Example is:

  • 192.168.1.8: Old server’s IP
  • 10.0.0.8: New server’s IP
  • GigabitEthernet0/0: interface to the local network
interface GigabitEthernet0/0
 description *** Local network ***
 ip address 10.0.0.254 255.255.255.0
interface Loopback0
 description *** Interface for temporary addressing ***
 ip address 192.168.1.8 255.255.255.0
 ip nat enable
 exit
ip nat source static 10.0.0.8 192.168.1.8

Split horizon DNS

ip dns view example.local
 dns forwarder 10.0.0.2
ip dns view default
 dns forwarder 8.8.8.8
 dns forwarder 8.8.4.4
ip dns view-list VIEWNAME
 view example.local 10
 restrict name-group 1
 view default 20
ip dns name-list 1 permit .*example\.local
ip dns server view-group VIEWNAME
ip dns server

Enable SSH, local admin user, no telnet allowed

Choose at least modulus 1024, the standard OpenSSH client will refuse to connect to a host with a key modulus less than 1024. The larger the modulus, the more time it will take to generate the key (this is more of a problem on older Cisco routers, but even a 2600 series router calculates a 2048 modulus key within reasonable thumb twiddling time).

hostname router
ip domain-name mycompany.local
crypto key generate rsa modulus 2048
username admin privilege 15 password 0 admin
ip ssh version 2
line vty 0 4
 login local
 transport input ssh
 exit

To move SSH to another port, say 8022:

ip ssh port 8022 rotary 1
line vty 0 4
 rotary 1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s