There are sample best practice commands that need to be configured in Cisco IOS-XR devices for additional security.
Global config:
nsr process-failures switchover
tcp path-mtu-discovery
tcp selective-ack
logging console disable
snmp-server ifmib stats cache
ssh server logging
no telnet vrf $vrf-name ipv4 server
ssh client source-interface $$loopback0
logging events link-status software-interfaces
Admin config:
upgrade fpd all loc all
fpd auto-upgrade
Interface config:
interface [interface name]
ipv4 unreachable disable
ipv6 unreachable disable
dampening 1 xxx yyy 1
OSPF config:
router ospf xxx
graceful-restartrouter ospfv3 xxx
graceful-restart
MPLS LDP:
mpls ldp neighbor <ip_address> password <pwd>’
AAA:
aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none
Be First to Comment