Best Practice Configuration for Cisco IOS-XR (Part 1)

There are sample best practice commands that need to be configured in Cisco IOS-XR devices for additional security.

Global config:
nsr process-failures switchover
tcp path-mtu-discovery
tcp selective-ack
logging console disable
snmp-server ifmib stats cache
ssh server logging
no telnet vrf $vrf-name ipv4 server
ssh client source-interface $$loopback0
logging events link-status software-interfaces

Admin config:
upgrade fpd all loc all
fpd auto-upgrade

Interface config:
interface name
ipv4 unreachable disable
ipv6 unreachable disable
dampening 1 xxx yyy 1

OSPF config:
router ospf xxx
graceful-restart
router ospfv3 xxx
graceful-restart

MPLS LDP:
mpls ldp neighbor <ip_address> password <pwd>’

AAA:
aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none

Be First to Comment

Leave a Reply