. Setting up TelnetTelnet has a version of the change. Before the PIX OS 5.0 (the version number of the PIX OS), the PIX can only be accessed via Telnet from hosts on the internal network. In PIX OS 5.0 and later versions, Telnet to PIX Access can be enabled on all interfaces. When you want to telnet to the PIX firewall from the external interface, the Telnet traffic needs to be protected with IPSec, which means that the user must configure the PIX to establish an IPSec tunnel to another pix, ro
Many junior network administrators ignore security settings when using Cisco routers, and the following three are ideal for novice users to configure network security when using Cisco routers.
One, the security configuration of the router "access control"
1, the administrator who can access the router is strictly controlled. Any maintenance needs to be document
4tppa55w0rdRouter#copy startup-config ftp:
9. Upgrade and patch IOS software in a timely manner.
Ii. vro Network Service Security Configuration
1. disable CDP (Cisco Discovery Protocol ). For example:Router (Config) # no cdp runRouter (Config-if) # no cdp enable2. Disable other TCP and UDP Small services.Router (Config) # no service tcp-small-serversRouter (Config) # no service udp-samll-ser
patch IOS software in a timely manner.
Ii. vro Network Service Security Configuration
1. disable CDP (Cisco Discovery Protocol ). For example:Router (Config) # no cdp runRouter (Config-if) # no cdp enable2. Disable other TCP and UDP Small services.Router (Config) # no service tcp-small-serversRouter (Config) # no service udp-samll-servers3. Disable the Finger service.Router (Config) # no ip fingerRouter (
devices in the same management domain.
Allocate VTP Domains
First, assign a VTP domain name (a VTP domain name). vswitches in the same management domain can learn VTP information from each other through the VTP protocol.
Cat5001> (enable) sho vtp domain
Domain Name Domain Index VTP Version Local Mode
------------------------------------------------------------------
1 1 server
Advt Interval Vlan-count Max-vlan-storage Config Revision SNMP Traps
----
Cisco Catalyst Switch configuration and maintenance method. Today's Catalyst Switch topic discusses the introduction of the History st6000 series and the introduction of the Catalyst Switch 5000 Series. There is no difficulty. Hurry into the Wireless World.
LAN switches have evolved from a HUB-based LAN shared in the traditional sense to a broader space. Take Cisco's ipvst5000 series LAN switch as an exampl
not encrypted during network transmission, strict control is required. For example, set a strong password, control the number of concurrent connections, strictly control the access address using the access list, and set user access control using AAA.8. We recommend that you use FTP instead of TFTP for iOS upgrade and backup and configuration file backup. For example:Router (config) # ip ftp Username blushinRouter (config) # ip ftp password 4tppa55w0r
domain name (a VTP domain name). vswitches in the same management domain can learn VTP information from each other through the VTP protocol.Cat5001> (enable) sho vtp domainDomain Name Domain Index VTP Version Local Mode------------------------------------------------------------------1 1 serverAdvt Interval Vlan-count Max-vlan-storage Config Revision SNMP Traps-----------------------------------------------------------------300 5 256 0 disabledLast U
The VPN configuration of the Cisco router is not important for network security, but also makes the user more convenient during use. In this experiment, we use the Cisco 2600 router and the Cisco router VPN configuration to implement the blue campus. The networks between the
Q: Are there any simple tools and methods? Run the script automatically on N or so cisco switches according to the script, and then return the result?Method 1: Download and modify the vswitch configuration file and upload it to N vswitches. Restart or copy start run.Method 2: Create a bat file under windows. The content in the file is the same as the command you used to telnet to the vswitch for modificatio
Port security Configuration for the Cisco PT Simulation Experiment (7) switchExperimental Purpose : Master the port security function of the switch, control the user's secure accessExperimental Background : The company network adopts the personal fixed IP Internet program, in order to prevent the company internal User IP address borrowing, using, unauthorized access to the switch and other violations, while
The following is a brief description of the configuration steps of 5505:1. Supervisor Engine Software Configuration:First, the Supervisor Engine Module needs an in-band (sc0) interface IP address, which is a manageable address and can be managed by telnet or SNMP for 5505. There is also an SLIPsl0 interface, which is not commonly used and is not described here.The default IP address of sc0 is 0.0.0.0, which
(Config-if) # no ip unreacheablesRouter (Config-if) # no ip redirectsRouter (Config-if) # no ip mask-reply11 we recommend that you disable the SNMP protocol service. You must delete the default configuration of some SNMP services when disabling them. For example:Router (Config) # no snmp-server community public RoRout
for Cisco only records connections to TCP and UDP protocols, the ICMP is not logged connected so the packet returns when the view ACL and the Conn table are not found corresponding entries are discarded directly.Using ACLs to allow ICMP protocolASA1 (config) # access-list permit ICMP 202.106.1.0 255.255.255.0 192.168.10.0 255.255.255.0The above mentioned that the port security level is high can access port security level is low, so only return back.
is sent to a host using TCP or UCP protocol, the host must run a SYSLOG Program . There are third-party software in UNIX and windeow systems (kiwi Syslog daemon is good ).Refer to the configuration manual for Cisco PIX Firewall and VPN to configure syslog. You can set the log message sending method, such as email, send to a file, and send to a workstation.Follow the steps below to configure the firewall to
complete, you can use the "show vlan #" command to display a specific vlan information and verify VLAN parameters. For example:Switch # show vlan 3
2. configuration of multiple switchesTo allow a VLAN to span multiple switches, you must configure the trunk (trunk) to connect to these switches. Cisco requires that trunk protocols such as ISL be used on such trunk links, so the command to enable trunk protoc
Q: Are there any simple tools and methods? Do a script, automatically execute on a script in N-around Cisco switches, and then return the results?
Method One, the switch configuration file download, modified and uploaded to the n-switch. Then restart or copy start run.
Method Two, under Windows to build a bat file, the contents and you telnet to the switch to modify the command used when the same, but the
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.