) displays relay information (mode, encapsulation, allow port, trim 、... )Show interface trunk; (IOS)Show Spantree (CatOS) Displays the STP mode, type, status, and speed port of the port 、... )Show Spanning-tree; (IOS)3. Discover information about neighboring Cisco devicesCDP (Cisco Discovery Protocol) is a proprietary protocol for Cisco that identifies directly adjacent Cisco device information, and CDP works on the 2nd tier.Show
not encrypted during network transmission, strict control is required. For example, set a strong password, control the number of concurrent connections, strictly control the access address using the access list, and set user access control using AAA.8. We recommend that you use FTP instead of TFTP for iOS upgrade and backup and configuration file backup. For example:Router (config) # ip ftp Username blushinRouter (config) # ip ftp password 4tppa55w0rdRouter # copy startup-config ftp:9. Upgrade
:
• Traffic and Protocol ACLs or filters
• QoS tags and priority levels (control protocols are differentiated by corresponding service levels or DSCP values)
• Selectively disable Layer 2 protocols on untrusted ports (for example, disabling DTP on access ports)
• Configure the in-band Management port only on the dedicated VLAN
• Avoid using VLAN 1 to transmit any data traffic
Command example:
Catalyst Operating System (CatOS) software Cisco IOS o Software
UseVLAN 1Precautions
The reason why VL
Background:
1. The relationship between the IP address and the MAC address in the ARP table of the layer-3 device.
2. the forwarding bridge table of the L2 device stores the correspondence between MAC and forwarding ports.
3. CDP (Cisco Discovery Protocol) is the link layer protocol for discovering adjacent devices between Cisco devices.
4. The forwarding table in the layer-2 module of a layer-3 switch is implemented in a cam table, such as sh
1. disable CDP (Cisco Discovery Protocol ). For example:
Router (config) # No CDP run
Router (config-If) # No CDP enable
2. Disable other TCP and UDP small services.
Router (config) # No service TCP-small-servers
Router (config) # No service UDP-Samll-servers
3. Disable the Finger service.
Router (config) # No IP finger
Router (config) # No servic
connections, use Access list to strictly control access to the address, you can use AAA to set User access control.
8,ios upgrades and backups, as well as backup of configuration files suggest using FTP instead of TFTP. Such as:
Router (Config) #ip FTP username Blushin
Router (Config) #ip ftp password 4tppa55w0rd
Router#copy startup-config ftp:
9, timely upgrade and repair the iOS software.
Second, the security configuration of router "Network Service"
1, the
.
4. Prevent viewing of router diagnostic information.
Close the command as follows: No service tcp-small-servers no service udp-small-servers
5. Block the current list of users from viewing the router.
The Turn off command is: no service finger.
6. Turn off CDP services.
On the basis of the OSI two-layer protocol, which is the link layer, some configuration information of the End-to-end router can be found: device platform, operating system ver
The runners came back to Journal. This time, the destination is Nagasaki.In such a relationship is a little tense days, our group for so-and-so folk culture exchange made a fearless contributionI mean, this trip was really sweet.Before the 100 shampoo places to participate in the Shiseido Silk times on the official website of the Red photography competition did not want to fluke the first 20 earned a Japanese tourSo in the good times of the national d
1: cosmetics
Men may be skeptical. Is dabao a lucrative product? No. Cosmetics here refer to imported high-end products. SK-II's famous fairy water retail price in China is 560 yuan, and its manufacturing cost is only 6.5 Yuan. Surprised? Even if R D costs are included, the cost per ticket cannot exceed RMB 10. Shiseido 650 yuan/50 grams of eye cream even packaging costs less than 10 yuan. The cost of low-end eye cream of about 150 yuan is only abou
test Network--broadband telephone network construction;September 2001, the first large-scale value-added service on MPLS VPN--the video conference development completes, may move toward the market;October 2001, Netcom officially announced the Netcom MPLS VPN products.Careful preparation gets a return of enthusiasm. Netcom MPLS VPN was launched, it was favored by a large number of users, including the reality, as well as Shiseido, China through the ne
. Upgrade and patch IOS software in a timely manner.Ii. vro Network Service Security Configuration1. disable CDP (Cisco Discovery Protocol ). For example:Router (Config) # no cdp runRouter (Config-if) # no cdp enable2. Disable other TCP and UDP Small services.Router (Config) # no service tcp-small-serversRouter (Config) # no service udp-samll-servers3. Disable th
power failure, the system implements the "password repair process" and then logs on to the vro to completely control the vro.
3. Protect the vro password.
In the vro configuration file backed up, even if the password is stored in encrypted form, the plaintext of the password may still be cracked. Once the password is leaked, the network is completely insecure.
4. Check the router diagnostic information.
The command to disable the service is as follows: no service tcp-small-servers no service ud
username BluShinRouter (Config) # ip ftp password 4tppa55w0rdRouter # copy startup-config ftp: 9. promptly upgrade and patch IOS software. Ii. vro Network Service Security Settings 1. disable CDP (Cisco Discovery Protocol ). For example, Router (Config) # no cdp run Router (Config-if) # no cdp enable www.2cto.com 2. Disable other TCP and UDP Small services. Rout
: fastEthernet0/0 Secur Ing Management plane services... disabling service authentication service padDisabling udp tcp small serversEnabling service password Authentication service tcp-keepalives-inEnabling service tcp-keepalives-outDisabling the cdp beyond the bootp serverDisabling the http serverDisabling the finger has source already reached arpHere is a sample Security Banner To be shownat every access to device. modify it to suit yourenterprise
password is stored in encrypted form, the plaintext of the password may still be cracked. Once the password is leaked, the network is completely insecure.
4. Check the router diagnostic information.
The command to disable the service is as follows: no service tcp-small-servers no service udp-small-servers
5. The current user list of the vro is blocked.
The command to close is no service finger.
6. disable CDP.
On the basis of the OSI Layer 2 protocol
4tppa55w0rdRouter#copy startup-config ftp:
9. Upgrade and patch IOS software in a timely manner.
Ii. vro Network Service Security Configuration
1. disable CDP (Cisco Discovery Protocol ). For example:Router (Config) # no cdp runRouter (Config-if) # no cdp enable2. Disable other TCP and UDP Small services.Router (Config) # no service tcp-small-serv
I. vro Network Service Security Configuration1. disable CDP (Cisco Discovery Protocol ). For example:Router (Config) # no cdp runRouter (Config-if) # no cdp enable2. Disable other TCP and UDP Small services.Router (Config) # no service tcp-small-serversRouter (Config) # no service udp-samll-servers3. Disable the Finger service.Router (Config) # no ip fingerRouter
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.