Some Security Cisco Commands

最新推荐文章于 2025-09-01 15:44:07 发布
转载 最新推荐文章于 2025-09-01 15:44:07 发布 · 318 阅读 · 0 ·
CC 4.0 BY-SA版权
原文链接:http://blog.51cto.com/zhangfang526/2434501
文章标签:

#运维

本文深入解析网络设备配置细节,涵盖日志同步、传输协议禁用、SSH登录设置、VLAN接口配置、服务质量策略及错误禁用恢复等关键操作,旨在帮助网络工程师优化设备性能与安全性。

line con 0
logging synchronous ##### 开启日志同步,如果不敲这条命令,自动弹出日志的时候如果你在配置设备,你就会发现日志信息会把你敲入的命令分隔开,影响输入。敲上这条命令之后日志信息不会分隔你敲到一半的命令行。
transport preferred none #### https://blog.51cto.com/xpvista/177844 , 线上不允许任何协议选择。系统通常假设不认识的命令为主机名。如果协议设置为none,则系统不再作这个假设,不认识的命令不能建立连接。
line vty 0 4
logging synchronous
transport preferred none
transport input ssh
line vty 5 15
password 7 045802150C2E
logging synchronous
transport input none
!
ip telnet source-interface Vlan10
ip ftp source-interface Vlan10
ip tftp source-interface Vlan10
ip ssh time-out 60
ip ssh source-interface Vlan10
ip ssh version 2
!

logging trap notifications ## https://zhidao.baidu.com/question/1733168285133876827.html ,logging trap debugging 指定日志级别,可选的级别有0-7共八个级别,0最高,7最低。这八个级别分别为:
logging source-interface Vlan10
logging host 10.50.51.

interface Vlan10
ip address 10.45.38. 255.255.255.0
no ip redirects ### https://blog.youkuaiyun.com/a9254778/article/details/7308484 ,
no ip unreachables
no ip proxy-arp
!

interface GigabitEthernet0/2
description Uplink
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
srr-queue bandwidth share 1 70 25 5
priority-queue out
udld port aggressive
mls qos trust dscp
ip dhcp snooping trust

interface FastEthernet0/48
switchport access vlan 185
switchport mode access
switchport voice vlan 186
no logging event link-status
srr-queue bandwidth share 1 70 25 5
priority-queue out
no snmp trap link-status
spanning-tree portfast
service-policy input edge_edge_edge_edge_qos_marking
!

class-map match-all video_payload
match access-group name acl_video_payload
class-map match-all voice_payload
match access-group name acl_voice_payload
class-map match-all voice_control
match access-group name acl_voice_control
!
policy-map edge_edge_edge_edge_qos_marking
class voice_control
set ip dscp cs3
police 1000000 8000 exceed-action drop
class voice_payload
set ip dscp ef
police 1000000 8000 exceed-action drop
class video_payload
set dscp 63
!
vlan internal allocation policy ascending
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval 30
!
no dot1x logging verbose
!
mls qos queue-set output 1 threshold 1 200 200 50 400
mls qos queue-set output 1 threshold 2 400 400 50 400
mls qos queue-set output 1 buffers 10 50 20 20
no mls qos rewrite ip dscp
mls qos
epm access-control Open
!
ip dhcp snooping vlan 1,185-186
no ip dhcp snooping information option
ip dhcp snooping
ip device tracking probe use-svi
ip device tracking probe delay 10
ip device tracking
!
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!

bochen8002
关注
Cisco无线局域网配置基础【2.6】
qq_43416206的博客
06-09 81
Cisco WCS 提供了多种报表功能,共分为 Clean Air、 Client、 Compliance、 Device、 Guest、Mesh、 Network Summary、 Performance 和 Security 九种功能(最新软件版本 7.0 下)。每一大类功能中包含了很多子功能的报表,例如, Device 功能下包含了 Busiest APs 和 Utilization 等子报表功能。下面我们以 Busiest APs 为例,介绍报表功能的使用。
[ZT]《让我们一起CCNA吧》系列文章四:CISCO IOS介绍
Robert's Log
03-31 1470
现在是介绍思科网络操作系统的时候了,Cisco Internetwork OperatingSystem简称IOS,它在思科的路由器和交换机上运行,它还能让你在上面执行配置操作。在本章你将能够学习到怎样通过初始安装模式和Cisco IOS command-line interface (CLI)来配置思科的路由器。这里是一些本章我们要达到的目标:·关于IOS的介绍和配置·连接一个路由器·启动路由器
交换机端口err-disable、配置速率和双工模式
weixin_34004576的博客
09-19 1396
实例:     和客户IDC机房拉了一条MSTP线路,接入到Cisco 3750x后端口灯不亮,更换了端口也是不亮,查看端口信息发现因为客户端有环路导致我们接口出现err-disable错误。故障现象:        线路不通,物理指示灯不亮,有的会显示为橙色(不同平台指示灯状态不同)解决思路:         取消环路,将端口重启排错过程:1、查看接口状态GigabitEthernet1/0/8...
logging synchronous和no ip domain-lookup
weixin_33785108的博客
06-04 695
logging synchronous是一个很有用的命令,它应该是一个默认的配置,但是它不是!它可以阻止那些烦人的控制台信息来打断你当前的输入,从而使输入信息显得更为简单易读。1.未使用此命令前Router(config)#endRouter#relo*Mar 1 00:09:54.055: %SYS-5-CONFIG_I: Configured from console b...
思科路由器的基本配置
m0_52674502的博客
11-17 4461
思科网络
Cisco3750配置(生产环境)
weixin_34362875的博客
04-09 576
!version 12.2no service padservice timestamps debug datetime localtimeservice timestamps log datetime localtimeservice password-encryption!hostname beijiao3750!boot-start-markerboot-end-marker!no logg...
Ip domain-lookup 和 Transport preferred
weixin_34387468的博客
08-15 365
Router#fdafTranslating "fdaf"...domain server (255.255.255.255) Translating "fdaf"...domain server (255.255.255.255)(255.255.255.255)Translating "fdaf"...domain server (255.255.255.255...
cisco_router_performance_field_guide.zip
08-22
learn commands to turn features on and off, but you don’t know where to locate the device or why to implement a particular application or feature. For this reason, I have written this book in the ...
40、CCNP Security Exam Preparation Guide
net55的博客
09-01 124
This blog provides a comprehensive guide for preparing for the CCNP Security exam. It covers key preparation strategies such as reviewing important topics, taking quizzes, and using the Pearson Test Prep practice test engine. The blog also offers tips for
异厂家STP对接案例剖析
weixin_36135166的博客
05-15 2085
朋友们是否经历过客户网络设备替换割接,如果被替换的设备和新设备不是一个厂商,往往在割接准备过程中会暴露出很多棘手的问题。例如,设备厂商往往有大量的私有协议,从而导致了在不同厂商设备之间无法正常互联互通。如果碰到这种情况你会怎么做?我想无外乎以下两种种可能性:修改新设备网络设计方案,针对目前旧设备做出妥协,从而避免私有协议带来的网络故障问题。寻找一个共通的标准协议,并把老设备的协议逐步替换成业界标准...
cisco IOS cookbook 中文精简版 2-23 路由器管理
河之堤
08-03 736
 2.1.  创建命令别名 提问 为常用的命令创建简洁的别名回答Router1#configure terminal Enter configuration commands, one per line.  End with CNTL/Z.Router1(config)#alias exec rt show ip routeRouter1(config)#alias exec on show ip
路由交换实验一——CISCO路由器的基本配置
热门推荐
今天怎么又下雨的博客
10-12 4万+
实验要求 初始化相关配置; 设置接口IP地址; ( F0/0 S1/0 ) 测试; ( ping 、 telnet ) 设置密码; ( console口、VTY接口和特权 ) 查看相关信息。 ( show 命令 ) 开始实验 1.初始化配置: 1.1使用PC进入配置面板:拉出一个2811路由器,以及一台PC设备,用配置线链接路由器的Console接口和PC的RS 232接口。 点击PC——选择Desktop选项卡——选择Terminal窗口——点击“确定”。 即可进入
ospf实验
qq_43562533的博客
10-21 359
实验要求: 1、R4为ISP,其上只能配置IP地址;R4与其他直连设备使用公有IP; 2、R3-----R5/6/7为MGRE环境,R3为中心站点 3、整个ospf地址为172.16.0.0/16 4、所有设备均可访问R4的环回 5、减少LSA更新量,加快收敛,保证更新安全 6、全网可达 网段划分: 配置思路: 区域0(公网区域):接口IP、环回IP-----缺省指向R4----测试物理链路连通...
Cisco 交换机端口err-disable 解决方法
weixin_34406086的博客
02-27 6640
我的一台2960GG透过多模10G SFP-10GBase-LRM光纤接核心3850交换机,今天早上之间网络不通,3850G和2960上的SFP模块指示灯都不亮,查看CISCO 2960G端口有如下提示:#show int status err-disabledPort Name Status ...
line vty 0 4 什么意思
点滴记录 不断进步
04-13 3724
转自于 http://hi.baidu.com/rxlly/blog/item/9072bc397ae18bde7c1e71f6.html line vty 0 4是不是指启用5个telnet会话的意思? 那line vty 0 0是不是只启用一个telnet会话的意思? 我在640-802教材上看到 line vty 0 1180,突然这么大,我有点想不通 line conso...
sfp huawei cisco GBIC in port has bad crc
bochen8002的博客
08-28 1717
https://www.iyunv.com/thread-9276-1-1.html the error message below: 00:15:49: %GBIC_SECURITY_CRYPT-4-VN_DATA_CRC_ERROR: GBIC in port Gi0/2 has bad crc00:15:49: %PM-4-ERR_DISABLE: gbic-invalid error de...
华为交换机链路聚合对接思科交换机链路聚合故障
网络工程师日常的博客
11-15 1945
2台华为交换机采用堆叠方式与思科交换机之间使用链路聚合,华为交换机与cisco交换机链路捆绑接口频繁UP/DOWN,业务中断。
两台3750G做双线路port-channel
Robert's Log
03-31 1316
From:http://hi.baidu.com/wen20051141/blog/item/ef20380386f95f01738b650c.html两台3750G,之前单线跑access 模式,由于有多个网段通过核心交换的需求,需要做成trunk模式,在实施单线trunk的过程中,很顺利。SW1:conf tint port-channel 1进入接口模式int port-channel 1s
# snmp_exporter ## Getting started To make it easy for you to get started with GitLab, here's a list of recommended next steps. Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)! ## Add your files - [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files - [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command: ``` cd existing_repo git remote add origin https://10.6.80.1/ops/snmp_exporter.git git branch -M main git push -uf origin main ``` ## Integrate with your tools - [ ] [Set up project integrations](https://10.6.80.1/ops/snmp_exporter/-/settings/integrations) ## Collaborate with your team - [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/) - [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html) - [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically) - [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/) - [ ] [Set auto-merge](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html) ## Test and Deploy Use the built-in continuous integration in GitLab. - [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html) - [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing (SAST)](https://docs.gitlab.com/ee/user/application_security/sast/) - [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html) - [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/) - [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html) *** # Editing this README When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thanks to [makeareadme.com](https://www.makeareadme.com/) for this template. ## Suggestions for a good README Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information. ## Name Choose a self-explaining name for your project. ## Description Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors. ## Badges On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge. ## Visuals Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method. ## Installation Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection. ## Usage Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README. ## Support Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc. ## Roadmap If you have ideas for releases in the future, it is a good idea to list them in the README. ## Contributing State if you are open to contributions and what your requirements are for accepting them. For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self. You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser. ## Authors and acknowledgment Show your appreciation to those who have contributed to the project. ## License For open source projects, say how it is licensed. ## Project status If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers. 翻译以上内容 并总结使用方法
最新发布
09-04
1. 如何为特定的网络设备(如Cisco交换机)配置snmp_exporter? 2. snmp_exporter如何支持SNMP v3协议? 3. 如何验证生成的snmp.yml配置是否正确? 4. 在无法获取MIB文件的情况下,如何手动配置snmp_exporter? 5. ...
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符  | 博主筛选后可见
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值