Cisco IOS configuration snippets

Collection of Cisco IOS router and switch configuration snippets

Automatic configuration backup to FTP every day

kron policy-list config-backup
 cli show running-config | redirect
kron occurrence config-backup at 13:00 recurring
 policy-list config-backup

Timezone configuration for Belgium

clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00

To display log entries in local time (IOS will show entries in the log using UTC by default):

service timestamps log datetime localtime

To add the timezone to the stamps:

service timestamps log datetime localtime show-timezone

Other timezones

Texas (CST/DST)

clock timezone CST -6 0
clock summer-time CDT recurring 2 Sun Mar 2:00 first Sun Nov 2:00

Destination NAT, 1:1

When switching IP ranges it may come in handy to temporary have the old IP’s working until everything is migrated. Example is:

  • Old server’s IP
  • New server’s IP
  • GigabitEthernet0/0: interface to the local network
interface GigabitEthernet0/0
 description *** Local network ***
 ip address
interface Loopback0
 description *** Interface for temporary addressing ***
 ip address
 ip nat enable
ip nat source static

Split horizon DNS

ip dns view example.local
 dns forwarder
ip dns view default
 dns forwarder
 dns forwarder
ip dns view-list VIEWNAME
 view example.local 10
 restrict name-group 1
 view default 20
ip dns name-list 1 permit .*example\.local
ip dns server view-group VIEWNAME
ip dns server

Enable SSH, local admin user, no telnet allowed

Choose at least modulus 1024, the standard OpenSSH client will refuse to connect to a host with a key modulus less than 1024. The larger the modulus, the more time it will take to generate the key (this is more of a problem on older Cisco routers, but even a 2600 series router calculates a 2048 modulus key within reasonable thumb twiddling time).

hostname router
ip domain-name mycompany.local
crypto key generate rsa modulus 2048
username admin privilege 15 password 0 admin
ip ssh version 2
line vty 0 4
 login local
 transport input ssh

To move SSH to another port, say 8022:

ip ssh port 8022 rotary 1
line vty 0 4
 rotary 1

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s