以前に Cisco VIRL でよく使うコンフィグテンプレートをメモしました。 多少、アップデートしたので改めてメモしておきます。 あくまで検証環境用のコンフィグ・テンプレートな点はご注意を!
設定方針
- 検証用のコンフィグテンプレートなので、セキュリティ設定は度外視
- 時刻は日本 (JST +9) に設定
- 名前解決はさせない
- バナー設定は削除
- コンソール / TELNET / SSH のタイムアウト時間は長めに設定
- pager は設定しない
- 管理インターフェイスは
managementVRF にする - 管理インターフェイスを DHCP 設定にしておく
検証用コンフィグ・テンプレート
Cisco IOSv
hostname IOSv ! service timestamps debug datetime msec localtime service timestamps log datetime msec localtime ! logging buffered 65536 debugging ! clock timezone JST +9 ! ip vrf management ! no ip domain-lookup ! interface GigabitEthernet0/0 ip vrf forwarding management ip address dhcp no shutdown ! no banner exec ^C no banner incoming ^C no banner login ^C ! line con 0 exec-timeout 300 0 privilege level 15 logging synchronous length 0 ! line vty 0 4 exec-timeout 300 0 privilege level 15 logging synchronous no login length 0 transport input telnet ! scheduler allocate ! end
Cisco IOSvL2
Gi0/0 を no switchport している以外は、ほぼ IOSv と同じです。 但し scheduler allocate コマンドが (IOSv には存在するのですが) IOSvL2 には存在しないようなので設定していません。
hostname IOSvL2 ! service timestamps debug datetime msec localtime service timestamps log datetime msec localtime ! logging buffered 65536 debugging ! clock timezone JST +9 ! ip vrf management ! no ip domain-lookup ! interface GigabitEthernet0/0 ip vrf forwarding management no switchport ip address dhcp no shutdown ! no banner exec ^C no banner incoming ^C no banner login ^C ! line con 0 exec-timeout 300 0 privilege level 15 logging synchronous length 0 ! line vty 0 4 exec-timeout 300 0 privilege level 15 logging synchronous no login length 0 transport input telnet ! end
Cisco CSR1000v
デフォルトで GigabitEthernet1 が DHCP クラインアント設定になっている為、明示的に管理ポートを設定する必要がありません。 下記では念の為、Gi1 を設定しているだけです。
hostname CSR1000v ! service timestamps debug datetime msec localtime service timestamps log datetime msec localtime ! logging buffered 65536 debugging ! clock timezone JST +9 ! ip vrf management ! no ip domain-lookup ! interface GigabitEthernet1 ip vrf forwarding management ip address dhcp no shutdown ! line con 0 exec-timeout 300 0 privilege level 15 logging synchronous length 0 ! line vty 0 4 exec-timeout 300 0 privilege level 15 logging synchronous no login length 0 transport input telnet ! no ntp server pool.ntp.org no ntp server 34.208.249.133 ! end
Cisco IOS-XRv
hostname XRv ! clock timezone JST 9 service timestamps log datetime localtime msec service timestamps debug datetime localtime msec ! telnet vrf management ipv4 server max-servers 5 ! domain lookup disable ! vrf management ! line default exec-timeout 300 0 length 0 ! interface MgmtEth0/0/CPU0/0 vrf management ipv4 address dhcp no shutdown ! end
Cisco NX-OSv
評価ライセンスを有効化する為に license grace-period を設定します。 また、初期コンフィグでは Ethernet インターフェイスに余計な MAC アドレス設定が入っている為、これを削除します。
license grace-period ! hostname NX-OSv ! feature telnet ! no ip domain-lookup ! clock timezone JST 9 0 ! vrf context management ! interface mgmt0 vrf member management ! 'ip address dhcp' command not found. ! Please assign static address. ! interface Ethernet 2/1-48 no mac-address ! interface Ethernet 3/1-48 no mac-address ! interface Ethernet 4/1-48 no mac-address ! line console exec-timeout 300 terminal length 0 ! line vty exec-timeout 300 ! logging timestamp milliseconds ! end
Cisco NX-OSv 9000
hostname NX-OSv-9K ! feature telnet ! no ip domain-lookup ! clock timezone JST 9 0 ! vrf context management ! interface mgmt0 vrf member management ip address dhcp ! line console exec-timeout 300 terminal length 0 ! line vty exec-timeout 300 ! logging timestamp milliseconds ! end
VIRL 1.5.145 の初期コンフィグ
IOSv
version 15.6 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ! ! ! ! ! ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! redundancy ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto media-type rj45 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr ! ipv6 ioam timestamp ! ! ! control-plane ! banner exec ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C banner incoming ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C banner login ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C ! line con 0 line aux 0 line vty 0 4 login transport input none ! no scheduler allocate ! end
IOSvL2
version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config ! hostname Switch ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! ! ! ! ! ! ! ! ip cef no ipv6 cef ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 media-type rj45 negotiation auto ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! ! ! ! control-plane ! banner exec ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C banner incoming ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C banner login ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C ! line con 0 line aux 0 line vty 0 4 ! ! end
Cisco CSR1000v
version 16.6
service config
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3379335776
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3379335776
revocation-check none
rsakeypair TP-self-signed-3379335776
!
!
crypto pki certificate chain TP-self-signed-3379335776
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333739 33333537 3736301E 170D3139 30343138 30363532
30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33373933
33353737 36308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100D910 E0B7EBE8 10417292 F35B1437 1E84BE64 0C08DFB0 810FD187
0B41A7F9 E50261EA DCE2F8C2 3E2D74CA C4D87DB1 96786BBE 5A5D84B0 973B666E
6592859D 59F8F3F9 0E1F846C 56AB12D1 C562200E 3F7A796C C0C5BC2D 049032B3
10C2D6AD 21ED8535 3EF2ED89 888D57BB 332FF039 E3211A57 221B7ABF 90D7049B
65166A7A 5C0E8479 3C18575B D9C2EF16 468C58BD 5FBA1B37 491073E7 A9E7556D
7870C95D F634FC65 381DAC36 59F51E85 942ED089 D7DEEB35 F99B2C29 F5576AFC
BD1D5BC4 D3F5DAD4 7B2A2C3C 8D25CB4F 3B3900B0 E09375D0 C48E6551 0505C49C
85C66128 86AE955F 832D0B58 196E3862 30D9C191 36F0B352 57D99BEB 8A31335D
A14C6E03 11F50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 1467A327 BFB3C9BB 28D68630 1C655795 8309E41C
64301D06 03551D0E 04160414 67A327BF B3C9BB28 D686301C 65579583 09E41C64
300D0609 2A864886 F70D0101 05050003 82010100 960C7678 58D336C7 EEA9BAAF
B0AABE78 8211D35B 7F83F650 5023C736 3253AE07 298204B8 92E2A041 DAC611D0
E466DE53 2828220E 90511B87 A4EA7556 6855A93D FFDD5346 BA4782ED 48DBEB00
B83B6E16 14B957BD ADB776F9 23F8F41B 43A579EE ACBD9DF9 F9919E0F A7E65500
830001C1 A174458D 5B2B809D 778A70C0 17216C9A 48D2EA66 AB064FD8 5D99928A
9857144F C3B5715B BF6384A4 C20C8F05 345A507E D1339436 0FDA0896 D78F7BBA
001DCEF6 AE34D9C3 24033575 A38D1A15 37EF3C5D 0F4A6BB6 E019D1F1 AE36361E
BA9A3295 CAF6DA74 F86AC9AE F986735C CDB3956A 6871152B 85E8D861 F026BEB4
50204719 F57544A9 B8F99480 76495D61 341211C6
quit
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9OJPFR09TRU
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
ip address dhcp
negotiation auto
no mop enabled
no mop sysid
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet1
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
stopbits 1
line vty 0
login
line vty 1
login
length 0
line vty 2 4
login
!
ntp server pool.ntp.org
ntp server 34.208.249.133
!
!
!
!
!
end
Cisco XRv
interface MgmtEth0/0/CPU0/0 shutdown ! end
Cisco NX-OSv
version 7.3(0)D1(1) power redundancy-mode redundant vdc switch id 1 limit-resource module-type m1 m1xl m2xl f2e allocate interface Ethernet2/1-48 allocate interface Ethernet3/1-48 allocate interface Ethernet4/1-48 limit-resource vlan minimum 16 maximum 4094 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum 768 limit-resource u4route-mem minimum 96 maximum 96 limit-resource u6route-mem minimum 24 maximum 24 limit-resource m4route-mem minimum 58 maximum 58 limit-resource m6route-mem minimum 8 maximum 8 username admin password 5 $5$Otc7T0NC$K.ulnSZnSyXLrTGNBdtLgZJXEa8EeNx.BrdZ98XyK2C role network-admin no password strength-check ip domain-lookup vlan dot1Q tag native system default switchport system jumbomtu 0 no logging event trunk-status enable copp profile strict snmp-server user admin network-admin auth md5 0x328945d53e05e8e7207f8c20b142f0b7 priv 0x328945d53e05e8e7207f8c20b142f0b7 localizedkey rmon event 1 log description FATAL(1) owner PMON@FATAL rmon event 2 log description CRITICAL(2) owner PMON@CRITICAL rmon event 3 log description ERROR(3) owner PMON@ERROR rmon event 4 log description WARNING(4) owner PMON@WARNING rmon event 5 log description INFORMATION(5) owner PMON@INFO snmp-server enable traps link vlan 1 vrf context management interface mgmt0 vrf member management interface Ethernet2/1 shutdown no switchport interface Ethernet2/2 shutdown no switchport interface Ethernet2/3 shutdown no switchport interface Ethernet2/4 shutdown no switchport interface Ethernet2/5 shutdown no switchport interface Ethernet2/6 shutdown no switchport interface Ethernet2/7 shutdown no switchport interface Ethernet2/8 shutdown no switchport interface Ethernet2/9 shutdown no switchport interface Ethernet2/10 shutdown no switchport interface Ethernet2/11 shutdown no switchport interface Ethernet2/12 shutdown no switchport interface Ethernet2/13 shutdown no switchport interface Ethernet2/14 shutdown no switchport interface Ethernet2/15 shutdown no switchport interface Ethernet2/16 shutdown no switchport interface Ethernet2/17 shutdown no switchport interface Ethernet2/18 shutdown no switchport interface Ethernet2/19 shutdown no switchport interface Ethernet2/20 shutdown no switchport interface Ethernet2/21 shutdown no switchport interface Ethernet2/22 shutdown no switchport interface Ethernet2/23 shutdown no switchport interface Ethernet2/24 shutdown no switchport interface Ethernet2/25 shutdown no switchport interface Ethernet2/26 shutdown no switchport interface Ethernet2/27 shutdown no switchport interface Ethernet2/28 shutdown no switchport interface Ethernet2/29 shutdown no switchport interface Ethernet2/30 shutdown no switchport interface Ethernet2/31 shutdown no switchport interface Ethernet2/32 shutdown no switchport interface Ethernet2/33 shutdown no switchport interface Ethernet2/34 shutdown no switchport interface Ethernet2/35 shutdown no switchport interface Ethernet2/36 shutdown no switchport interface Ethernet2/37 shutdown no switchport interface Ethernet2/38 shutdown no switchport interface Ethernet2/39 shutdown no switchport interface Ethernet2/40 shutdown no switchport interface Ethernet2/41 shutdown no switchport interface Ethernet2/42 shutdown no switchport interface Ethernet2/43 shutdown no switchport interface Ethernet2/44 shutdown no switchport interface Ethernet2/45 shutdown no switchport interface Ethernet2/46 shutdown no switchport interface Ethernet2/47 shutdown no switchport interface Ethernet2/48 shutdown no switchport interface Ethernet3/1 shutdown no switchport interface Ethernet3/2 shutdown no switchport interface Ethernet3/3 shutdown no switchport interface Ethernet3/4 shutdown no switchport interface Ethernet3/5 shutdown no switchport interface Ethernet3/6 shutdown no switchport interface Ethernet3/7 shutdown no switchport interface Ethernet3/8 shutdown no switchport interface Ethernet3/9 shutdown no switchport interface Ethernet3/10 shutdown no switchport interface Ethernet3/11 shutdown no switchport interface Ethernet3/12 shutdown no switchport interface Ethernet3/13 shutdown no switchport interface Ethernet3/14 shutdown no switchport interface Ethernet3/15 shutdown no switchport interface Ethernet3/16 shutdown no switchport interface Ethernet3/17 shutdown no switchport interface Ethernet3/18 shutdown no switchport interface Ethernet3/19 shutdown no switchport interface Ethernet3/20 shutdown no switchport interface Ethernet3/21 shutdown no switchport interface Ethernet3/22 shutdown no switchport interface Ethernet3/23 shutdown no switchport interface Ethernet3/24 shutdown no switchport interface Ethernet3/25 shutdown no switchport interface Ethernet3/26 shutdown no switchport interface Ethernet3/27 shutdown no switchport interface Ethernet3/28 shutdown no switchport interface Ethernet3/29 shutdown no switchport interface Ethernet3/30 shutdown no switchport interface Ethernet3/31 shutdown no switchport interface Ethernet3/32 shutdown no switchport interface Ethernet3/33 shutdown no switchport interface Ethernet3/34 shutdown no switchport interface Ethernet3/35 shutdown no switchport interface Ethernet3/36 shutdown no switchport interface Ethernet3/37 shutdown no switchport interface Ethernet3/38 shutdown no switchport interface Ethernet3/39 shutdown no switchport interface Ethernet3/40 shutdown no switchport interface Ethernet3/41 shutdown no switchport interface Ethernet3/42 shutdown no switchport interface Ethernet3/43 shutdown no switchport interface Ethernet3/44 shutdown no switchport interface Ethernet3/45 shutdown no switchport interface Ethernet3/46 shutdown no switchport interface Ethernet3/47 shutdown no switchport interface Ethernet3/48 shutdown no switchport interface Ethernet4/1 shutdown no switchport interface Ethernet4/2 shutdown no switchport interface Ethernet4/3 shutdown no switchport interface Ethernet4/4 shutdown no switchport interface Ethernet4/5 shutdown no switchport interface Ethernet4/6 shutdown no switchport interface Ethernet4/7 shutdown no switchport interface Ethernet4/8 shutdown no switchport interface Ethernet4/9 shutdown no switchport interface Ethernet4/10 shutdown no switchport interface Ethernet4/11 shutdown no switchport interface Ethernet4/12 shutdown no switchport interface Ethernet4/13 shutdown no switchport interface Ethernet4/14 shutdown no switchport interface Ethernet4/15 shutdown no switchport interface Ethernet4/16 shutdown no switchport interface Ethernet4/17 shutdown no switchport interface Ethernet4/18 shutdown no switchport interface Ethernet4/19 shutdown no switchport interface Ethernet4/20 shutdown no switchport interface Ethernet4/21 shutdown no switchport interface Ethernet4/22 shutdown no switchport interface Ethernet4/23 shutdown no switchport interface Ethernet4/24 shutdown no switchport interface Ethernet4/25 shutdown no switchport interface Ethernet4/26 shutdown no switchport interface Ethernet4/27 shutdown no switchport interface Ethernet4/28 shutdown no switchport interface Ethernet4/29 shutdown no switchport interface Ethernet4/30 shutdown no switchport interface Ethernet4/31 shutdown no switchport interface Ethernet4/32 shutdown no switchport interface Ethernet4/33 shutdown no switchport interface Ethernet4/34 shutdown no switchport interface Ethernet4/35 shutdown no switchport interface Ethernet4/36 shutdown no switchport interface Ethernet4/37 shutdown no switchport interface Ethernet4/38 shutdown no switchport interface Ethernet4/39 shutdown no switchport interface Ethernet4/40 shutdown no switchport interface Ethernet4/41 shutdown no switchport interface Ethernet4/42 shutdown no switchport interface Ethernet4/43 shutdown no switchport interface Ethernet4/44 shutdown no switchport interface Ethernet4/45 shutdown no switchport interface Ethernet4/46 shutdown no switchport interface Ethernet4/47 shutdown no switchport interface Ethernet4/48 shutdown no switchport line console line vty boot kickstart bootflash:/titanium-d1-kickstart.7.3.0.D1.1.bin boot system bootflash:/titanium-d1.7.3.0.D1.1.bin no system default switchport shutdown
Cisco NX-OSv 9000
version 7.0(3)I7(1) vdc switch id 1 limit-resource vlan minimum 16 maximum 4094 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum 511 limit-resource u4route-mem minimum 128 maximum 128 limit-resource u6route-mem minimum 96 maximum 96 limit-resource m4route-mem minimum 58 maximum 58 limit-resource m6route-mem minimum 8 maximum 8 no password strength-check username admin password 5 $5$OAFKIB$ctr6VnYaF1TSNqCT4CsuNjej0JEParpfPSY8Guf.pq0 role network-admin ip domain-lookup snmp-server user admin network-admin auth md5 0x97cc7d16ed741c879dea7df836b36054 priv 0x97cc7d16ed741c879dea7df836b36054 localizedkey rmon event 1 description FATAL(1) owner PMON@FATAL rmon event 2 description CRITICAL(2) owner PMON@CRITICAL rmon event 3 description ERROR(3) owner PMON@ERROR rmon event 4 description WARNING(4) owner PMON@WARNING rmon event 5 description INFORMATION(5) owner PMON@INFO vlan 1 vrf context management interface Ethernet1/1 interface Ethernet1/2 interface Ethernet1/3 interface Ethernet1/4 interface Ethernet1/5 interface Ethernet1/6 interface Ethernet1/7 interface Ethernet1/8 interface Ethernet1/9 interface Ethernet1/10 interface Ethernet1/11 interface Ethernet1/12 interface Ethernet1/13 interface Ethernet1/14 interface Ethernet1/15 interface Ethernet1/16 interface Ethernet1/17 interface Ethernet1/18 interface Ethernet1/19 interface Ethernet1/20 interface Ethernet1/21 interface Ethernet1/22 interface Ethernet1/23 interface Ethernet1/24 interface Ethernet1/25 interface Ethernet1/26 interface Ethernet1/27 interface Ethernet1/28 interface Ethernet1/29 interface Ethernet1/30 interface Ethernet1/31 interface Ethernet1/32 interface Ethernet1/33 interface Ethernet1/34 interface Ethernet1/35 interface Ethernet1/36 interface Ethernet1/37 interface Ethernet1/38 interface Ethernet1/39 interface Ethernet1/40 interface Ethernet1/41 interface Ethernet1/42 interface Ethernet1/43 interface Ethernet1/44 interface Ethernet1/45 interface Ethernet1/46 interface Ethernet1/47 interface Ethernet1/48 interface Ethernet1/49 interface Ethernet1/50 interface Ethernet1/51 interface Ethernet1/52 interface Ethernet1/53 interface Ethernet1/54 interface Ethernet1/55 interface Ethernet1/56 interface Ethernet1/57 interface Ethernet1/58 interface Ethernet1/59 interface Ethernet1/60 interface Ethernet1/61 interface Ethernet1/62 interface Ethernet1/63 interface Ethernet1/64 interface mgmt0 vrf member management line console line vty