I've been translating the config of a series of routers running IOS version 12.x to brand new ones running version 15.
Out of the cardboard box, the brand new routers seem to come with a sort of a default config which, among other things, contains the following.
First, the most generic interface on the unit (in my case Gi0/0) gets a helpful IP address so you can do a remote initial setup:
Code:
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.248
duplex auto
speed auto
Then, trying even harder to be helpful, cisco incluse an access-list to restrict access to the http server to the subnet they assigned to your interface:
Code:
access-list 23 permit 10.10.10.0 0.0.0.7
.....
ip http access-class 23
And finally, because they love being secure, they apply that access list to your virtual terminal lines as well:
Code:
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
So what, you may say. But if you're in a hurry to set your router up so you blast in the new IP address for Gi0/0, slap in the rest of your config, box it up and send it to Timbuktu because the courier will be here in fifteen minutes then you will come undone. When it gets there you'll find you can't access it remotely because that access list 23, which was so helpfully applied to both your http server and VTY lines remember, now bears no resemblance to any of the IP networks configured on your router...
You have been warned!
