Device configuration for MupsBox
Device Configuration
Introduction
This section is not a tutorial on configuration different manufacturers. Here you will find the minimum settings in the CLI (for access from MUPSBOX to devices).
Vendor Configuration
Cisco - IOS v15
Minimum* configuration:
BASIC ETHERNET CONFIGURATION - SUMMARY STEPS
1. Router> enable
2. Router# configure terminal
3. Router(config)# interface gigabitethernet 0/0
4. Router(config-if)# ip adress 10.9.90.201 255.255.255.0
5. Router(config-if)# ipv6 address 2001:db8:B40:4000::101/64
6. Router(config-if)# no shutdown
7. Router(config-if)# exit
8. Router(config)# ip route 0.0.0.0 0.0.0.0 10.9.90.1
9. Router(config)# ipv6 route ::/0 2001:db8:B40:4000::1
BASIC SSH CONFIGURATION - SUMMARY STEPS
10. Router(config)# ip domain name domain.local
11. Router(config)# hostname MBRouter
12. MBRouter(config)# crypto key generate rsa modulus 1024
13. MBRouter(config)# username root privilege 15 secret PassW0rd
14. MBRouter(config)# aaa new-model
15. MBRouter(config)# line vty 0 4
16. MBRouter(config-line)# transport input ssh
MBRouter(config-line)# exit
ADDITIONAL CONFIGURATION - SUMMARY STEPS
17. MBRouter(config)# enable secret PassW0rd
18. MBRouter(config)# service password-encryption
19. MBRouter(config)# end
20. MBRouter# copy running-config startup-config
Cisco - IOS L2 v12
Minimum* configuration:
BASIC ETHERNET CONFIGURATION - SUMMARY STEPS
1. Switch> enable
2. Switch# configure terminal
3. Switch(config)# interface vlan 1
4. Switch(config-if)# ip adress 172.17.33.5 255.255.255.0
7. Switch(config-if)# exit
8. Switch(config)# ip default-gateway 172.17.33.1
BASIC SSH CONFIGURATION - SUMMARY STEPS
10. Switch(config)# ip domain name domain.local
11. Switch(config)# hostname MBSwitch
12. MBSwitch(config)# crypto key generate rsa modulus 1024
13. MBSwitch(config)# username root privilege 15 secret PassW0rd
14. MBSwitch(config)# aaa new-model
15. MBSwitch(config)# line vty 0 4
16. MBSwitch(config-line)# transport input ssh
MBSwitch(config-line)# exit
ADDITIONAL CONFIGURATION - SUMMARY STEPS
17. MBSwitch(config)# enable secret PassW0rd
18. MBSwitch(config)# service password-encryption
19. MBSwitch(config)# snmp-server community public RO
19. MBSwitch(config)# end
20. MBSwitch# copy running-config startup-config
Cisco - ASA
Minimum* configuration. ASA Version 8.2(5):
BASIC ETHERNET CONFIGURATION - SUMMARY STEPS
1. ciscoasa> enable
2. ciscoasa# configure terminal
(config)# enable password mtigroup
3. ciscoasa(config)# hostname MBCiscoasa
MBCiscoasa11(config)# interface gigabitEthernet 0/0
MBCiscoasa11(config-if)# nameif inside
7. MBCiscoasa11(config-if)# ip address 172.18.11.11 255.255.255.0
MBCiscoasa11(config-if)# no shutdown
exit
MBCiscoasa11(config)# route inside 0.0.0.0 0.0.0.0 172.18.11.1
BASIC SSH CONFIGURATION - SUMMARY STEPS
MBCiscoasa11(config)# ssh 172.31.10.0 255.255.255.0 inside
MBCiscoasa11(config)# username mupsbox password PassW0rd privilege 15
MBCiscoasa11(config)# aaa authentication ssh console LOCAL
write
ADDITIONAL CONFIGURATION - SUMMARY STEPS
MikroTik
Minimum configuration for RouterOS V6 (with "zero" configuration)
BASIC ETHERNET CONFIGURATION - SUMMARY STEPS
1. [admin@MikroTik] > ip address add address=172.17.22.4/24 interface=ether1
2. [admin@MikroTik] > ip route add gateway=172.17.22.1
3. [admin@MikroTik] > ipv6 address add address=2001:db8:b40:4002::4/64 interface=ether1
4. [admin@MikroTik] > ipv6 route add gateway=2001:db8:b40:4002::1
5. [admin@MikroTik] > system identity set name=MBMikroTik
6. [admin@MBMikroTik] > ip service disable telnet,ftp,www,api
7. [admin@MBMikroTik] > user add name=mupsbox password=PassW0rd group=full
8. [admin@MBMikroTik] > user remove admin
DLink DGS
Minimum* configuration:
BASIC ETHERNET CONFIGURATION - SUMMARY STEPS
1. DGS-1210-28MP/ME:5# config ipif System ipaddress 172.17.22.2/24
2. DGS-1210-28MP/ME:5#config ipif System ipv6 ipv6address 2001:db8:b40:4002::2/64
3. DGS-1210-28MP/ME:5# create iproute default 172.17.22.1
4. DGS-1210-28MP/ME:5# create ipv6route default 2001:db8:b40:4002::1
5. DGS-1210-28MP/ME:5# enable ssh
6. DGS-1210-28MP/ME:5# enable password encryption
7. DGS-1210-28MP/ME:5# create account admin mupsbox
8. DGS-1210-28MP/ME:5# save
Huawei AR100
Minimum* configuration:
BASIC ETHERNET CONFIGURATION - SUMMARY STEPS
1. <Huawei> system-view
2. [Huawei] interface GigabitEthernet 0/0/0
3. [Huawei-GigabitEthernet0/0/0] undo portswitch
4. [Huawei-GigabitEthernet0/0/0] ip address 172.17.22.5 255.255.255.0
5. [Huawei-GigabitEthernet0/0/0] quit
6. [Huawei] ip route-static 0.0.0.0 0.0.0.0 172.17.22.1
7. [Huawei] save
[Huawei]aaa
[Huawei-aaa]local-user mupsbox password cipher PassW0rd
[Huawei-aaa] local-user admin privilege level 15
[Huawei-aaa] local-user admin service-type ssh
[Huawei-aaa] quit
[Huawei] quit save
[Huawei]stelnet server enable
Huawei Quidway 2000,3000,5000
Minimum* configuration:
BASIC ETHERNET CONFIGURATION - SUMMARY STEPS
1. <Quidway> system-view
2.[Quidway]management-vlan 1
3. [Quidway]interface Vlan-interface 1
4. [Quidway-Vlan-interface1]ip address 172.17.55.7 255.255.255.0
5. [[Quidway-Vlan-interface1]quit
6. [Quidway] ip route-static 0.0.0.0 0.0.0.0 172.17.22.1
7. [Quidway] save
BASIC SSH CONFIGURATION - SUMMARY STEPS
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] authentication-mode scheme
[Quidway-ui-vty0-4] protocol inbound ssh
[Quidway] local-user mupsbox
[Quidway-luser-mupsbox] password simple PassS0rd
[Quidway-luser-mupsbox] service-type ssh
[Quidway] ssh user mupsbox authentication-type password
[Quidway]rsa local-key-pair create
HP Procurve
Minimum* configuration:
BASIC ETHERNET CONFIGURATION - SUMMARY STEPS
1. ProCurve Switch 2510-48# config
2. ProCurve Switch 2510-48(config)# hostname MBHP-2510
3. MBHP-2510(config)# vlan 1
4. MBHP-2510(vlan-1)# ip address 172.17.44.2/24
5. MBHP-2510(vlan-1)# exit
6. MBHP-2510(config)# ip default-gateway 172.17.44.1
BASIC SSH CONFIGURATION - SUMMARY STEPS
7. MBHP-2510(config)# ip ssh
8. MBHP-2510(config)# crypto key generate ssh
9. MBHP-2510(config)# password manager
10. MBHP-2510(config)# aaa authentication login privilege-mode
11. MBHP-2510(config)# aaa authentication ssh login tacacs local
12. MBHP-2510(config)# aaa authentication ssh enable tacacs local
13. MBHP-2510(config)# write memory
Juniper SRX
Minimum* configuration:
BASIC CONFIGURATION - SUMMARY STEPS
1. root@% cli
2. root> configure
3. root# set system host-name MBSRX100b
4. root# set system root-authentication plain-text-password
New password: password
Retype new password: password
5. root# set system login user mupsbox class super-user authentication plain-text-password
6. root# commit
BASIC ETHERNET CONFIGURATION - SUMMARY STEPS
7. root@MBSRX100b# set interfaces fe-0/0/0 unit 0 family inet address 172.17.44.4/24
8. root@MBSRX100b# set routing-options static route 0.0.0.0/0 next-hop 172.17.44.1
9. root@MBSRX100b# delete security zones security-zone untrust interfaces fe-0/0/0
10. root@MBSRX100b# set security zones security-zone internal interfaces fe-0/0/0 host-inbound-traffic system-services ping
11. root@MBSRX100b# set security zones security-zone internal interfaces fe-0/0/0 host-inbound-traffic system-services ssh
set system services ssh
set system services ssh root-login allow
12. root@MBSRX100b# commit
Juniper ES
Minimum* configuration:
BASIC CONFIGURATION - SUMMARY STEPS
1. root@% cli
2. root> configure
3. root# set system host-name MBSRX100b
4. root# set system root-authentication plain-text-password
New password: password
Retype new password: password
5. root# set system login user mupsbox class super-user authentication plain-text-password
6. root# commit
BASIC ETHERNET CONFIGURATION - SUMMARY STEPS
11. root@MBSRX100b# delete interface ge-0/0/0 unit 0 family ethernet-switching
7. root@MBSRX100b# set interfaces ge-0/0/0 unit 0 family inet address 172.17.44.4/24
8. root@MBSRX100b# set routing-options static route 0.0.0.0/0 next-hop 172.17.44.1
9. root@MBSRX100b# set system services ssh
10. root@MBSRX100b# set system services ssh connection-limit 10 rate-limit 4
12. root@MBSRX100b# commit
Juniper SSG
Minimum* configuration:
BASIC CONFIGURATION - SUMMARY STEPS
1. root-> set hostname MBSSG5
2.MBSSG5-> set admin name mupsbox
3. MBSSG5-> set admin password PassW0rd
4. MBSSG5-> set interface bgroup0 ip 172.17.44.5/24
5. MBSSG5-> set route 0.0.0.0/0 interface bgroup0 gateway 172.17.44.1
6. MBSSG5-> save
7. MBSSG5-> set interface bgroup0 manage ssh
8. MBSSG5-> set ssh enable
Eltex MES
Minimum* configuration:
BASIC CONFIGURATION - SUMMARY STEPS
1. console> enable
2. console# configure
2. console(config)# interface vlan 1
3. console(config-if)# no ip address dhcp
4. console(config-if)# ip address 172.17.55.4 255.255.255.0
5. console(config-if)# exit
6. console(config)# ip route 0.0.0.0 0.0.0.0 172.17.55.1
7. console(config)# hostname MBEltexMES
8. console(config)# ip ssh server
9.MBEltexMES(config)# username mupsbox privilege 15 password PassW0rd!
10. MBEltexMES(config)# enable password prpassword
Zyxel ZyWALL
Minimum* configuration:
BASIC CONFIGURATION - SUMMARY STEPS
1. Router> enable
2. Router# configure terminal
2. Router(config)# interface ge2
3. Router(config-if-ge)# ip address 172.17.44.7 255.255.255.0
4. Router(config-if-ge)# ip gateway 172.17.44.1
5. Router(config-if-ge)# no shutdown
6. Router(config-if-ge)# exit
7. Router(config)# username mupsbox password PassW0rd user-type admin
Qtech QSW
Minimum* configuration:
BASIC CONFIGURATION - SUMMARY STEPS
1. QSW-2850-28T-AC>enable
2. QSW-2850-28T-AC#config terminal
2. QSW-2850-28T-AC(config)#interface vlan 1
3. QSW-2850-28T-AC(config-if-vlan1)#ip address 172.17.44.8 255.255.255.0
4. QSW-2850-28T-AC(config-if-vlan1)#exit
5. QSW-2850-28T-AC(config)#ip default-gateway 172.17.44.1
6. QSW-2850-28T-AC(config)# ssh-server enable
7. QSW-2850-28T-AC(config)#username mupsbox privilege 15 password PassW0rd
8. QSW-2850-28T-AC(config)# exit
9. QSW-2850-28T-AC#copy running-config startup-config
Allied Telesis
Minimum* configuration:
BASIC CONFIGURATION - SUMMARY STEPS
1. console# config
2. console(config)# interface vlan 1
2. console(config-if)# ip address 172.17.55.9 255.255.255.0
3.console(config-if)# exit
4. console(config)# ip default-gateway 172.17.55.1
5. console(config)# username mupsbox password PassW0rd level 15
6. console(config)# ip ssh server
7. console(config)# crypto key generate rsa
Fortinet
Minimum* configuration:
BASIC CONFIGURATION - SUMMARY STEPS
1. console# config
2. console(config)# interface vlan 1
2. console(config-if)# ip address 172.17.55.9 255.255.255.0
3.console(config-if)# exit
4. console(config)# ip default-gateway 172.17.55.1
5. console(config)# username mupsbox password PassW0rd level 15
6. console(config)# ip ssh server
7. console(config)# crypto key generate rsa