SNMP Trap is a protocol function in the SNMP protocol. In many devices, we use this self-trapping function for some management. So let's talk about some SNMP Traps in Cisco today.
Configure a Cisco IOS device
In the Enable status of IOS, click config terminal to enter the global configuration status.
Enable Cdp run
Snmp-server community gsunion ro
Configure the read-only string of this vro as gsunion
Snmp-server community gsunion rw
Configu
There are three switch modes: storage forwarding, fast forwarding, and segmented forwarding.1. CSMA/CD (Multi-Channel Access for carrier listeners with conflict detection)Working principle: Listen to whether the channel is idle before sending. If it is idle, send it immediately. When sending the message, listen to it. If there is a conflict, immediately stop sending and wait for a random period of time, resend.2. CDP: When a cisco device is started,
Co-processorThe coprocessor is used to perform specific processing tasks, such as: The math coprocessor can control digital processing to reduce the burden on the processor. ARM can support up to 16 coprocessors, where CP15 is the most important one.CP15 provides 16 sets of registersAccess CP15 by providing 16 sets of registersOne, coprocessor accessARM microprocessors can support up to 16 coprocessors for various coprocessor operations, and during program execution, each coprocessor executes on
1. Basic router inspection commands
Show version
Show Processes
Show protocols
Show mem
Show IP Route
Show startup-config
Show running-config
Show flash
Show interfaces
Ii. Basic route configuration commands
Enter: config Terminal/memory/Network
Frequently Used commands for network configuration: Copy and Load
1. ID: Hostname
2. startup ID: banner startup ID
3. Interface: interface port number
4. Password: line 0 6
Login
Passwd Password
Enable password/secret password
5. interface:
1) configure
) displays relay information (mode, encapsulation, allow port, trim 、... )Show interface trunk; (IOS)Show Spantree (CatOS) Displays the STP mode, type, status, and speed port of the port 、... )Show Spanning-tree; (IOS)3. Discover information about neighboring Cisco devicesCDP (Cisco Discovery Protocol) is a proprietary protocol for Cisco that identifies directly adjacent Cisco device information, and CDP works on the 2nd tier.Show
not encrypted during network transmission, strict control is required. For example, set a strong password, control the number of concurrent connections, strictly control the access address using the access list, and set user access control using AAA.8. We recommend that you use FTP instead of TFTP for iOS upgrade and backup and configuration file backup. For example:Router (config) # ip ftp Username blushinRouter (config) # ip ftp password 4tppa55w0rdRouter # copy startup-config ftp:9. Upgrade
:
• Traffic and Protocol ACLs or filters
• QoS tags and priority levels (control protocols are differentiated by corresponding service levels or DSCP values)
• Selectively disable Layer 2 protocols on untrusted ports (for example, disabling DTP on access ports)
• Configure the in-band Management port only on the dedicated VLAN
• Avoid using VLAN 1 to transmit any data traffic
Command example:
Catalyst Operating System (CatOS) software Cisco IOS o Software
UseVLAN 1Precautions
The reason why VL
Background:
1. The relationship between the IP address and the MAC address in the ARP table of the layer-3 device.
2. the forwarding bridge table of the L2 device stores the correspondence between MAC and forwarding ports.
3. CDP (Cisco Discovery Protocol) is the link layer protocol for discovering adjacent devices between Cisco devices.
4. The forwarding table in the layer-2 module of a layer-3 switch is implemented in a cam table, such as sh
1. disable CDP (Cisco Discovery Protocol ). For example:
Router (config) # No CDP run
Router (config-If) # No CDP enable
2. Disable other TCP and UDP small services.
Router (config) # No service TCP-small-servers
Router (config) # No service UDP-Samll-servers
3. Disable the Finger service.
Router (config) # No IP finger
Router (config) # No servic
connections, use Access list to strictly control access to the address, you can use AAA to set User access control.
8,ios upgrades and backups, as well as backup of configuration files suggest using FTP instead of TFTP. Such as:
Router (Config) #ip FTP username Blushin
Router (Config) #ip ftp password 4tppa55w0rd
Router#copy startup-config ftp:
9, timely upgrade and repair the iOS software.
Second, the security configuration of router "Network Service"
1, the
.
4. Prevent viewing of router diagnostic information.
Close the command as follows: No service tcp-small-servers no service udp-small-servers
5. Block the current list of users from viewing the router.
The Turn off command is: no service finger.
6. Turn off CDP services.
On the basis of the OSI two-layer protocol, which is the link layer, some configuration information of the End-to-end router can be found: device platform, operating system ver
. Upgrade and patch IOS software in a timely manner.Ii. vro Network Service Security Configuration1. disable CDP (Cisco Discovery Protocol ). For example:Router (Config) # no cdp runRouter (Config-if) # no cdp enable2. Disable other TCP and UDP Small services.Router (Config) # no service tcp-small-serversRouter (Config) # no service udp-samll-servers3. Disable th
power failure, the system implements the "password repair process" and then logs on to the vro to completely control the vro.
3. Protect the vro password.
In the vro configuration file backed up, even if the password is stored in encrypted form, the plaintext of the password may still be cracked. Once the password is leaked, the network is completely insecure.
4. Check the router diagnostic information.
The command to disable the service is as follows: no service tcp-small-servers no service ud
username BluShinRouter (Config) # ip ftp password 4tppa55w0rdRouter # copy startup-config ftp: 9. promptly upgrade and patch IOS software. Ii. vro Network Service Security Settings 1. disable CDP (Cisco Discovery Protocol ). For example, Router (Config) # no cdp run Router (Config-if) # no cdp enable www.2cto.com 2. Disable other TCP and UDP Small services. Rout
: fastEthernet0/0 Secur Ing Management plane services... disabling service authentication service padDisabling udp tcp small serversEnabling service password Authentication service tcp-keepalives-inEnabling service tcp-keepalives-outDisabling the cdp beyond the bootp serverDisabling the http serverDisabling the finger has source already reached arpHere is a sample Security Banner To be shownat every access to device. modify it to suit yourenterprise
password is stored in encrypted form, the plaintext of the password may still be cracked. Once the password is leaked, the network is completely insecure.
4. Check the router diagnostic information.
The command to disable the service is as follows: no service tcp-small-servers no service udp-small-servers
5. The current user list of the vro is blocked.
The command to close is no service finger.
6. disable CDP.
On the basis of the OSI Layer 2 protocol
4tppa55w0rdRouter#copy startup-config ftp:
9. Upgrade and patch IOS software in a timely manner.
Ii. vro Network Service Security Configuration
1. disable CDP (Cisco Discovery Protocol ). For example:Router (Config) # no cdp runRouter (Config-if) # no cdp enable2. Disable other TCP and UDP Small services.Router (Config) # no service tcp-small-serv
I. vro Network Service Security Configuration1. disable CDP (Cisco Discovery Protocol ). For example:Router (Config) # no cdp runRouter (Config-if) # no cdp enable2. Disable other TCP and UDP Small services.Router (Config) # no service tcp-small-serversRouter (Config) # no service udp-samll-servers3. Disable the Finger service.Router (Config) # no ip fingerRouter
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.