Best Practice Configuration for Cisco IOS-XR (Part 1)

There are sample best practice commands that need to be configured in Cisco IOS-XR devices for additional security.

Global config:

nsr process-failures switchover
tcp path-mtu-discovery
tcp selective-ack
logging console disable
snmp-server ifmib stats cache
ssh server logging
no telnet vrf $vrf-name ipv4 server
ssh client source-interface $$loopback0
logging events link-status software-interfaces

Admin config:

upgrade fpd all loc all
fpd auto-upgrade

Interface config:

interface [interface name]
ipv4 unreachable disable
ipv6 unreachable disable
dampening 1 xxx yyy 1

OSPF config:

router ospf xxx
graceful-restart

router ospfv3 xxx
graceful-restart

MPLS LDP:

mpls ldp neighbor <ip_address> password <pwd>’

AAA:

aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *