Home > Cloud Computing > Cloud Security

Security reinforcement for Cisco4506 Switches

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Security reinforcement for Cisco4506
1. Start SSH Login
Ct1__snl_00006in (config) # ip domain-name n4506
Ct1__snl_00006in (config) # ip ssh time-out 60
Ct10000_snl_rj6in (config) # ip ssh authentication-retries 5
Ct1__snl_00006in (config) # access-list 1302 permit 134.96.82.250 log
Ct1__snl_rj6in (config) # access-list 1302 permit 192.98.100.45
Ct10000_snl_rj6in (config) # access-list 1302 permit 192.96.70.48
Ct1__snl_rj6in (config) # access-list 1302 permit 192.96.70.49
Ct1__snl_00006in (config) # line vty 0 4
Ct1__snl_00006in (config-line) # transport input ssh
Ct1__snl_00006in (config-line) # login
Ct1__snl_00006in (config-line) # end
Ct10000_snl_rj6in (config) # aaa new-model
Ct10000_snl_rj6in (config) # aaa authentication login default local
Ct1__snl_rj6in (config) # username hx10 pass asei4n123a98w4
Ct1__snl_00006in (config) # line vty
Ct1__snl_00006in (config) # line vty 0 4
Ct1__snl_00006in (config-line) # login authentication default
Ct1__snl_00006in (config-line) # access-class 1302 in
Ct1__snl_00006in (config-line) # end
Ct1__snl_00006in (config) # no ip source-route
Ct10000_snl_rj6in (config) # no ip http server
Ct1__snl_rj6in (config) # no cdp run
Ct1__snl_00006in (config) # ntp server 192.168.0.22
Ct10000_snl_rj6in (config) # no service tcp-small-servers
Ct10000_snl_rj6in (config) # no service udp-small-servers
Ct10000_snl_rj6in (config) # no service finger
Ct10000_snl_rj6in (config) # banner exec c
Enter TEXT message. End with the character 'C '.
Your IP Address has been logged, if you are not administrator, please leave now !!! C

Ct1__snl_rj6in (config) # int range vlan 5, vlan 10, vlan 25, vlan 30
Ct1__snl_00006in (config-if-range) # no ip directed-broadcast
Ct1__snl_rj6in (config-if-range) # no ip proxy-arp
Logging on
Logging facility local7
Logging 192.168.0.121
3750 if the vswitch does not have ssh, you can enable the AAA and source address logon restrictions.
Login block-for 60 attempts 5 within 60 network device lock settings
Spanning-tree vlan xx root primary switch device stp Optimization

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More