dynamic hongyi_dynamic_map!!!Interface Ethernet0No ip addressNo ip redirectsNo ip unreachablesNo ip proxy-arpNo ip mroute-cacheHalf-duplexPppoe enablePppoe-client dial-pool-number 1No cdp enable!Interface FastEthernet0Ip address 172.16.0.10 255.255.255.0.0Ip access-group local_r0000inNo ip redirectsNo ip unreachablesNo ip proxy-arpIp nat insideIptcp adjust-mss 1452No ip mroute-cacheSpeed autoNo cdp enable!
of Cisco 2501-above
Current configuration:
!
Version 11.2:
No service udp-small-servers
No service tcp-small-servers
!
Hostname above
!
Enable secret 5 $1 $ O1aq $ Kxgp1A0Eulqug8SbCm6rdl
Enable password cisco
!
Username down password 7 095C5E19
Chat-script lab abort error abort busy abort "no answer" at h "OK" ATDT \ T"
TIMEOUT 60 CONNECT \ c
!
Interface Ethernet0
Ip address 192.192.193.1 255.255.255.0
!
Interface Serial0
Ip address 192.192.192.1 255.255.255.0
Bandwidth 64
Clockrate 64000
!
Int
MAC addresses flooding
Simulate a large number of source MAC addresses to fill the Mac table of the switch
You can solve this problem through port security.
VLAN hoppingAccess other VLANs by changing the VLAN-id of PacketStrictly set which VLANs are allowed by the trunk and put unused ports in the common VLAN (that is, vlan1)
Attacks between devices on a common VLANDevices belonging to the same VLAN can also attack each other.Solve the problem through pvlan
DHCP starvationAttackers send n
troubleshooting.Second, restrictions on the protocol. To use the layer-2 routing tracking function, you must run the CDP protocol on all switches and interfaces in the network, and the CDP protocol must work properly. CDP becomes the Cisco Discovery protocol. It is mainly used to obtain the Protocol addresses of adjacent devices and platforms for discovering the
After you open dynamic Domain name resolution, you can specify the DNS serviceRL (config) # interface serial 0 Enter serial 0 interface configuration modeRL (CONFIG-IF) # no shutdown router factory default all ports off, use this command to enable them to openRL (CONFIG-IF) # Encapsulation PPP encapsulated PPPRL (CONFIG-IF) # Clockrate 64000 If the DCE is required to set the clock rate, if it is DTE make it unnecessarySet upRL (CONFIG-IF) # Bandwidth 64 set port bandwidth to 64KRL (CONFIG-IF) #
router diagnostic information
The command to close is as follows:
The following is a reference segment: no service tcp-small-servers no service udp-small-servers
5. Check the current user list of the vro.
The close command is:
The following is a reference clip: no service finger
6. disable CDP Service
On the basis of the OSI Layer 2 protocol (link layer), you can find some configuration information of the Peer router, such as the device platform, ope
1. disable CDP (Cisco Discovery Protocol ). For example:Router (Config) # no cdp runRouter (Config-if) # no cdp enable2. Disable other TCP and UDP Small services.Router (Config) # no service tcp-small-serversRouter (Config) # no service udp-samll-servers3. Disable the Finger service.Router (Config) # no ip fingerRouter (Config) # no service finger4. We recommend
receiver of the route information. There are two authentication methods. The "plain text mode" is of low security. We recommend that you use the "MD5 mode ".
2. Physical security protection of routers
A vro control port is a port with special permissions. If an attacker attempts to physically access a vro and restarts after a power failure, the system implements the "password repair process" and then logs on to the vro to completely control the vro.
3. Protect the vro Password
In the vro config
password is stored in encrypted form, the plaintext of the password may still be cracked. Once the password is leaked, the network is completely insecure.
4. Check the router diagnostic information.
The command to disable the service is as follows: no service tcp-small-servers no service udp-small-servers
5. The current user list of the vro is blocked.
The command to close is no service finger.
6. disable CDP.
On the basis of the OSI Layer 2 protocol
information.
The command to disable the service is as follows: no service tcp-small-servers no service udp-small-servers
5. The current user list of the vro is blocked.
The command to close is no service finger.
6. disable CDP.
On the basis of the OSI Layer 2 protocol (link layer), you can find some configuration information of the Peer router, such as the device platform, operating system version, port, and IP address. You can run the command: no
diagnostic information.
The command to disable the service is as follows: no service tcp-small-servers no service udp-small-servers
5. The current user list of the vro is blocked.
The command to close is no service finger.
6. disable CDP.
On the basis of the OSI Layer 2 protocol (link layer), you can find some configuration information of the Peer router, such as the device platform, operating system version, port, and IP address. You can run the com
Fault symptomI have participated in a cabling project where one CISCO 4006 trunk switch is used as a route between VLANs. In addition, there are more than 10 C1SCO 2924 desktop switches and one CISCO 3640 egress router.The CISCO works 4.0 LAN Solution software suite (LMS 2000) is installed on a Windows NT 2.0 + IE5.5 computer ), however, when you view the network Topology in the Campus Manager Topology Serverices Layer2view, you can only see one CISCO 2924 switch, a CISCO 4006 switch, and a CISC
Hardware and Software Versions
This configuration is applicable to all Cisco IOS software versions.
DCE edge is connected by Wan DCE cable.
DTE edge is connected by Wan DTE cable.
For more information about the wan dce/DTE cable, see the serial cable documentation.Network Diagram
650) this. width = 650; "src =" 51cto.com/uploads/allianz 110909/1212454314-0.jpg "border =" 0 "/>
This article is based on the following Configuration:
In this configuration, Prasit serves as DCE and Spicey as DTE.
Co
learned. However, this method may cause network topology information leakage. It may also disrupt the routing information table that works normally on the network by sending its own routing information table to the network. In severe cases, the entire network may be paralyzed. The solution to this problem is to authenticate the route information exchanged between routers in the network. When the router is configured with an authentication method, it will identify the sender and receiver of the
SNMP Trap is a protocol function in the SNMP protocol. In many devices, we use this self-trapping function for some management. So let's talk about some SNMP Traps in Cisco today.
Configure a Cisco IOS device
In the Enable status of IOS, click config terminal to enter the global configuration status.
Enable Cdp run
Snmp-server community gsunion ro
Configure the read-only string of this vro as gsunion
Snmp-server community gsunion rw
Configu
There are three switch modes: storage forwarding, fast forwarding, and segmented forwarding.1. CSMA/CD (Multi-Channel Access for carrier listeners with conflict detection)Working principle: Listen to whether the channel is idle before sending. If it is idle, send it immediately. When sending the message, listen to it. If there is a conflict, immediately stop sending and wait for a random period of time, resend.2. CDP: When a cisco device is started,
Co-processorThe coprocessor is used to perform specific processing tasks, such as: The math coprocessor can control digital processing to reduce the burden on the processor. ARM can support up to 16 coprocessors, where CP15 is the most important one.CP15 provides 16 sets of registersAccess CP15 by providing 16 sets of registersOne, coprocessor accessARM microprocessors can support up to 16 coprocessors for various coprocessor operations, and during program execution, each coprocessor executes on
1. Basic router inspection commands
Show version
Show Processes
Show protocols
Show mem
Show IP Route
Show startup-config
Show running-config
Show flash
Show interfaces
Ii. Basic route configuration commands
Enter: config Terminal/memory/Network
Frequently Used commands for network configuration: Copy and Load
1. ID: Hostname
2. startup ID: banner startup ID
3. Interface: interface port number
4. Password: line 0 6
Login
Passwd Password
Enable password/secret password
5. interface:
1) configure
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.