Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##
- R1(config)# security passwords min-length 10
- R1(config)# enable password cisco12345
- ###asign and encrypt
- Router2(config)#enable password cisco12345
- Router2(config)#enable secret password
- ###add user in the local
- Router(config)#username Admin01 privilege 15 secret admin01pass
- ###Banner MOTD :
- switch(config)# banner motd #Unauthorized access to this device is prohibited!#
- ###Disables the HTTP server:
- switch(config)# no feature http-server
- ###configure ssh
- router (config)# ip domain-name mydomain.local
- router (Config)# crypto key generate rsa / crypto key generate rsa modules 1024
- router (Config)# ip ssh version 2
- router (Config)#ip ssh time-out 60
- router (Config)#ip ssh authentication-retries 2
- ###configure vty lives to allow ssh
- Switch(config)#line vty 0 15
- Switch(config-line)#transport input ssh
- ###Configure AAA authentication:
- R1(config)# aaa new-model
- R1(config)# aaa authentication login default local
- R1(config)# line console 0
- R1(config-line)# login authentication default
- R1(config-line)# end
- ###NTP SERVER:
- router# configure terminal
- router(config)# ntp server 192.0.2.12 prefer
- router(config)# ntp server 192.0.2.10 key 1
- router(config-if)# exit
- router(config)# ntp authenticate
- router(config)# ntp authentication-key 1 md5 aNiceKey
- router(config)# ntp trusted-key 42
- router(config)# ntp logging
- router(config)# copy running-config startup-config
- ###SYS LOGGING:
- Router-Dallas(config)#logging 192.168.0.30
- Router-Dallas(config)#service timestamps debug datetime localtime show-timezone msec
- Router-Dallas(config)#service timestamps log datetime localtime show-timezone msec
- Router-Dallas(config)#logging facility local3
- Router-Dallas(config)#logging trap warning
- Router-Dallas(config)#end
- Router-Dallas#show logging
- ###Configure VLAN list (name):
- switch(config)# vlan 2
- switch(config-vlan)# name accounting
- ###Configure the trunk ports:
- switch# configure terminal
- switch(config)# interface ethernet 3/1
- switch(config-if)# switchport trunk native vlan 5
- (Switch(config-if)# switchport trunk encapsulation dot1q) ???
- ###Disable trunking:
- S1(config)# interface f0/24
- S1(config-if)# no switchport access vlan
- S1(config-if)# end
- ##BPDU and portfast
- (host) (config) #interface f0/18
- (host) (config-if)#spanning-tree portfast
- (host) (config-if)#spanning-tree bpduguard enable
- ###Basic port security:
- Switch(config)# interface fastethernet 3/12
- Switch(config-if)# switchport mode access
- Switch(config-if)# switchport port-security
- Switch(config-if)# switchport port-security maximum 5
- Switch(config-if)# switchport port-security violation shutdown
- Switch(config-if)# switchport port-security mac-address sticky
- ###Disable unused ports on s2
- S1(config)# interface range f0/2 – 5
- S1(config-if-range)# switchport mode access
- S1(config-if-range)# switchport access vlan 99
- ###Loop guard:
- Router(config)#spanning-tree loopguard default
- ###Configure DHCP snooping:
- Switch(config)#interface fastEthernet 0/24
- Switch(config-if)#ip dhcp snooping trust
- Switch(config-if)#
- Switch(config)#ip dhcp snooping vlan 10
- Switch(config)#ip dhcp snooping
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement