.22..22..1111
Subnet mask for this interface [255.0.0.0] : 225555..225555..225555..00
Class A network is 10.0.0.0, 24 subnet bits; mask is /24
Do you want to configure FastEthernet0/1 interface? [yes]: nnoo
Do you want to configure Serial0/0/0 interface? [yes]: nnoo
Do you want to configure Serial0/0/1 interface? [yes]: nnoo
CAUTION Cisco AutoSecure attempts to ensure maximum security by disabling the
services most commonly used by hackers to attack a router. However, some of these
services might be needed for successful operation in your network. For this reason, you
should not use the Cisco AutoSecure feature until you fully understand its operations and
the requirements of your network.
276 Chapter 4: LAN Connections
??” HTTP service
??” Identi?¬?cation Service
??” Cisco Discovery Protocol
??” Network Time Protocol (NTP)
??” Source routing
?– Enables these global services:
??” Password encryption service
??” Tuning of scheduler interval and allocation
??” TCP synwait time
??” TCP keepalive messages
??” Security policy database (SPD) con?¬?guration
??” Internet Control Message Protocol (ICMP) unreachable messages
?– Disables these services per interface:
??” ICMP
??” Proxy Address Resolution Protocol (ARP)
??” Directed broadcast
??” Maintenance Operation Protocol (MOP) service
??” ICMP unreachables
??” ICMP mask reply messages
?– Provides logging for security, including these functions:
??” Enables sequence numbers and timestamp
??” Provides a console log
??” Sets log buffered size
??” Provides an interactive dialogue to con?¬?gure the logging server IP
address
?– Secures access to the router, including these functions:
??” Checks for a banner and provides the ability to add text for automatic
con?¬?guration
??” Login and password
Starting a Cisco Router 277
??” Transport input and output
??” exec-timeout commands
??” Local authentication, authorization, and accounting (AAA)
??” Secure Shell (SSH) timeouts and ssh authentication-retries commands
??” Enables only SSH and Secure Copy Protocol (SCP) for access and ?¬?le
transfers to and from the router
??” Disables Simple Network Management Protocol (SNMP) if not being
used
?– Secures the forwarding plane, including these functions:
??” Enables Cisco Express Forwarding or distributed Cisco Express
Forwarding on the router, when available
??” Antispoo?¬?ng
??” Blocks all Internet Assigned Numbers Authority (IANA) reserved IP
address blocks
??” Blocks private address blocks, if customer desires
??” Installs a default route to Null0, if a default route is not being used
??” Con?¬?gures a TCP intercept for a connection timeout, if the TCP
intercept feature is available and the user desires
??” Starts an interactive con?¬?guration for Context-Based Access Control
(CBAC) on interfaces facing the Internet, when using a Cisco IOS
Firewall image
??” Enables NetFlow on software forwarding platforms
When you complete the con?¬?guration process for all installed interfaces on the router, the
setup command shows the con?¬?guration command script that was created, as shown in
Example 4-6.
Pages:
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395