Home / Networking
I keep most of my Cisco notes elsewhere, sorry.
An example of a full configuration for ASR 920 (IOS XE 16.9).
enable
conf t
ztp disable
no service config
no service pad
no service password-encryption
no cdp run
no ip source-route
no ipv6 source-route
no ip domain-lookup
(optional)no ip http server
no ip http secure-server
hostname <hostname>
ip domain-name <domain>
(the part after the hostname)clock timezone UTC 1 0
(Norway)clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
(Norway)clock set 10:50:00 Oct 26 2006
(example)show clock
line con 0
logging synchronous
logging buffered 16384 warnings
logging console critical
aaa new-model
enable algorithm-type scrypt secret <secret>
username <username> privilege 15 algorithm-type scrypt secret <password>
aaa authentication login default local
line con 0
login authentication default
crypto key generate rsa modulus <2048|4096>
ip ssh version 2
line vty 0 15
transport input ssh
exec-timeout <minutes> <seconds>
(e.g. 60 minutes)privilege level 15
ip name-server <addr1> <addr2> [...]
ipv6 unicast-routing
ip cef
ipv6 cef
sh cef state
(should show “enabled/running” for both IPv4 and IPv6)ip route <address> <mask> Null 0
ipv6 route <prefix> Null 0
interface GigabitEthernet 0
(example)ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 <gateway>
ip route vrf Mgmt-intf ::/0 <gateway>
desc <desc>
ip address <address> <mask>
ipv6 address <address>/<prefix-length>
ipv6 nd ra suppress all
ip verify unicast source reachable-via rx
ipv6 verify unicast source reachable-via rx
ip route 0.0.0.0 0.0.0.0 <gateway>
ip route ::/0 <gateway>
lldp run
ip access-list standard <name-v4>
permit <address> <wildcard-mask>
ipv6 access-list <name-v6>
permit <src-prefix> <dst-prefix>
access-class <name-v4> in
access-class <name-v4> in vrfname Mgmt-intf
ipv6 access-class <name-v6> in
ipv6 access-class <name-v6> in vrfname Mgmt-intf
ntp server <address>
sh ntp assoc
sh ntp status
logging host <address>
logging facility syslog
snmp-server community public ro ipv6 <acl-name-v6> <acl-name-v4>
copy run start
or write mem
copy start tftp://<host>/<path>
bridge-domain <VID>
service instance <VID> ethernet
encapsulation dot1q <VID>
rewrite ingress tag pop 1 symmetric
bridge-domain <VID>
int BDI <VID>
no shut
ipv6 nd ra suppress all
all
, it may in certain versions still send solicited advertisements.