Switch configuration documents

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2014 06:13 AM - edited 03-07-2019 05:20 PM
Hi Team
I need to prepare the documents for Coreswitch,Aggregation switch and Server Farm Switches in our network.. So i need what are the things must to do in these switches to securing the switches from the external attacks.. Basis configuration with explanation. So that i can pick up good points from experienced person and i can prepare the documents for it.. Every one experience person commands welcome. Below are the some commands i need some clarification why these commands was used what is advantage of it and what will be disadvantage of it(was nit used). i serach it in google and can prepare good documents.. But i think this best forum to get more technical knowledge about it from experience. when completing this documents i am also more knowledgeble from this. Let we open this forum and keep it opening until my documents was ready.
My switch details are.
Cisco catalyst 4507R+E as core switch
2960 G as Edge switch or aggregation switch
2960 S as server farm switch.
Please explain these commands. i will start from here , I will keep on Posting the some more commands once i will get clear answer for the posted commands and also u can post some more commands which will necessary for securing the network from possible attacks.
aaa authentication login default group tacacs+ line local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec ES group tacacs+
aaa authorization commands 0 default group tacacs+ none
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
flow record NFrecord
match ipv4 tos
match ipv4 dscp
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect routing forwarding-status
collect transport tcp flags
collect interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
flow monitor NFmonitor
record NFrecord
exporter NFexport1
exporter NFexport
cache timeout inactive 30
cache timeout active 60
cache entries 1000
no ip source-route
no ip domain-lookup
no ip igmp snooping vlan X
spanning-tree portfast
spanning-tree bpdufilter enable
- Labels:
-
Other Switching

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2014 09:40 AM
really surprise to see no one posted for singlecommand....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2014 10:30 PM
Dinesh,
What you need is best practice's in the network.
Regards,
Sathvik K V
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2014 09:34 PM
Look on cco for doc id 13608, guide to harden IOS devices.
Sent from Cisco Technical Support iPad App
