Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5445
Views
12
Helpful
10
Replies

Default interface security command

Go to solution
Tom Teunissen
Level 1
Level 1

‎10-16-2012 12:56 AM - edited ‎03-07-2019 09:29 AM

Hi,

I'm looking for a single interface command that sets several commands at once. And I'm not looking for 'default interface ...' or 'interface range ...' because many people I ask think I am revering to those.

I am looking for the command that sets at least 'switchport mode access', 'switchport nonegotiate' and 'switchport bpdufilter' (I think).

As I heard it during a CCNP training, I learned that Cisco reccoments to apply this on access ports. I can't find my notes on that course anywhere, so please advise.

Thanks, best regards, Tom

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Tom Teunissen

‎10-16-2012 05:10 AM

Hi,

I tried to skim through my notes and this is the closest I could find.

The other lines must be added manually. Good luck with CCNP!

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
10 Replies 10

Go to solution
ciscoamit_497
Level 1
Level 1

‎10-16-2012 01:14 AM

Hi Tom,

I didn't get you clearly, but on the behalf of my understanding,

Please refer to below links that may be help to u---

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/port_sec.pdf

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/intparam.html

Hope, This been informative to u..

Thanks.

Amit

*******Please rate the helpful posts********

Go to solution
Tom Teunissen
Level 1
Level 1
In response to ciscoamit_497

‎10-16-2012 01:31 AM

Hi Amit,

Thanks for your quick response. Though this is not  quite what I mean. I meant one specific cli command (something like  'switchport interface ...' or vice versa). When applied on a defaulted  interface, at least 'switchport mode access', 'switchport nonegotiate'  and 'spanning-tree bpduguard' are applied. It functions as a kind of  macro, but it is part of IOS.

Thanks, Tom

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎10-16-2012 01:30 AM

Hi Tom,

I am not much aware about exact default coammd to configure all security parameter by 1 deafult command:

The default interface command is a great way to reset an interface to its default configuration. You will need to be in configuration mode in order to issue this command. You can combine default interface with the interface range command on Cisco switches to set multiple interfaces to their default configuration with a single command.

i will try to find out more about this coammnd(if this is avilable).

Regards

Go to solution
Tom Teunissen
Level 1
Level 1
In response to Sandeep Choudhary

‎10-16-2012 01:32 AM

Thanks Sandeep,

But default interface isn't the command I'm looking for.

Thanks anyway!

Regards, Tom

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Tom Teunissen

‎10-16-2012 01:37 AM

Hi,

is this what you are looking for ?

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22ea/SCG/swmacro.html

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
Tom Teunissen
Level 1
Level 1
In response to cadet alain

‎10-16-2012 03:10 AM

Hi Alain,

Almost, only the 1 command I am looking for is a part of IOS. So you do not have to configure macro's...

Thanks, Tom

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Tom Teunissen

‎10-16-2012 04:46 AM

hi tom,

as per my SWITCH notes, i'm not sure whether you're referring to the 'switchport host' interface command.

Switch(config-if)#do sh run int f0/24

Building configuration...

Current configuration : 34 bytes

!

interface FastEthernet0/24

end

Switch(config-if)#switchport ?

  access         Set access mode characteristics of the interface

  host           Set port host

  mode           Set trunking mode of the interface

  nonegotiate    Device will not engage in negotiation protocol on this interface

  port-security  Security related command

  priority       Set appliance 802.1p priority

  protected      Configure an interface to be a protected port

  trunk          Set trunking characteristics of the interface

  voice          Voice appliance attributes

Switch(config-if)#switchport host ?

 

Switch(config-if)#switchport host

switchport mode will be set to access

spanning-tree portfast will be enabled

channel group will be disabled

Switch(config-if)#do sh run int f0/24

Building configuration...

Current configuration : 82 bytes

!

interface FastEthernet0/24

switchport mode access

spanning-tree portfast

end

Go to solution
Tom Teunissen
Level 1
Level 1
In response to johnlloyd_13

‎10-16-2012 05:03 AM

Hi John,

I guess that must be it. As I remember it a couple more settings were modified, but maybe I remember it wrong.

Thanks!

Regards, Tom

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Tom Teunissen

‎10-16-2012 05:10 AM

Hi,

I tried to skim through my notes and this is the closest I could find.

The other lines must be added manually. Good luck with CCNP!

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Tom Teunissen
Level 1
Level 1
In response to johnlloyd_13

‎10-16-2012 05:33 AM

Thanks John!

Best regards, Tom

0 Helpful
Customers Also Viewed These Support Documents