This is a common configuration for a 7206 with 1 4 port Eth card and a primary FastEthernet connection. ACLs minimize security risk from outside administration attempts. These ACLs offer bandwidth limiting functions and local administration security. version 12.3 service nagle no service pad service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname 7206Cisco ! boot system flash c7200-ik9s-mz.123-4.T3.bin logging queue-limit 100 ! ! Use your own password, this one is fake username control privilege 15 password 7 074D734220592C ip subnet-zero ! ip cef no ip domain lookup ip name-server 10.1.1.10 ! no ip bootp server ! no voice hpi capture buffer no voice hpi capture destination ! interface FastEthernet0/0 description Core DMZ interface ip address 10.1.1.1 255.255.255.192 rate-limit input access-group 11 1000000 187500 375000 conform-action transmit exceed-action drop rate-limit input access-group 13 256000 48000 96000 conform-action transmit exceed-action drop rate-limit input access-group 12 512000 96000 192000 conform-action transmit exceed-action drop rate-limit input access-group 14 1000000 187500 375000 conform-action transmit exceed-action drop rate-limit input access-group 10 512000 96000 192000 conform-action transmit exceed-action drop rate-limit output access-group 11 1000000 187500 375000 conform-action transmit exceed-action dro p rate-limit output access-group 13 256000 48000 96000 conform-action transmit exceed-action drop rate-limit output access-group 12 512000 96000 192000 conform-action transmit exceed-action drop rate-limit output access-group 14 1000000 187500 375000 conform-action transmit exceed-action dro p rate-limit output access-group 10 512000 96000 192000 conform-action transmit exceed-action drop duplex half speed 100 ! interface FastEthernet0/1 description Unused shutdown ! interface Ethernet1/0 description Upstream ip address 192.168.0.1 255.255.255.192 duplex half speed 10 no shutdown ! interface Ethernet1/1 description Unused shutdown ! interface Ethernet1/2 description Unused shutdown ! interface Ethernet1/3 description Unused shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.2 ip route 10.1.1.0 255.255.255.0 10.1.1.2 no ip http server ! ! logging 10.1.1.6 access-list 1 permit 10.1.1.0 0.0.0.255 access-list 1 permit 63.149.246.0 0.0.0.240 access-list 1 remark Router access controls for login access-list 10 permit 10.1.1.19 access-list 10 permit 0.0.0.0 10.1.1.19 access-list 10 remark User 1 co-lo rate limit ACL access-list 11 permit 10.1.1.20 access-list 11 permit 0.0.0.0 10.1.1.20 access-list 11 remark User 2 co-lo rate limit ACL access-list 12 permit 10.1.1.11 access-list 12 permit 0.0.0.0 10.1.1.11 access-list 12 remark User 3 co-lo rate-limit ACL access-list 13 permit 10.1.1.14 access-list 13 permit 0.0.0.0 10.1.1.14 access-list 13 remark User 4 co-lo rate-limit ACL access-list 14 permit 10.1.1.7 access-list 14 permit 0.0.0.0 10.1.1.7 access-list 14 remark User 5 co-lo rate-limit ACL ! snmp-server community Public RO snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2 snmp-server enable traps isdn chan-not-avail snmp-server enable traps hsrp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps frame-relay snmp-server enable traps frame-relay subif snmp-server enable traps rtr ! dial-peer cor custom ! gatekeeper shutdown ! banner motd ^CCCC ============================================= Router : 7206 =============================================^C ! line con 0 login local stopbits 1 line aux 0 access-class 1 in login local stopbits 1 line vty 0 4 access-class 1 in login local line vty 5 15 access-class 1 in login local ! ntp clock-period 17180047 ntp server 10.1.1.5 ! ! end