01-02-2014 06:13 AM - edited 03-07-2019 05:20 PM
Hi Team
I need to prepare the documents for Coreswitch,Aggregation switch and Server Farm Switches in our network.. So i need what are the things must to do in these switches to securing the switches from the external attacks.. Basis configuration with explanation. So that i can pick up good points from experienced person and i can prepare the documents for it.. Every one experience person commands welcome. Below are the some commands i need some clarification why these commands was used what is advantage of it and what will be disadvantage of it(was nit used). i serach it in google and can prepare good documents.. But i think this best forum to get more technical knowledge about it from experience. when completing this documents i am also more knowledgeble from this. Let we open this forum and keep it opening until my documents was ready.
My switch details are.
Cisco catalyst 4507R+E as core switch
2960 G as Edge switch or aggregation switch
2960 S as server farm switch.
Please explain these commands. i will start from here , I will keep on Posting the some more commands once i will get clear answer for the posted commands and also u can post some more commands which will necessary for securing the network from possible attacks.
aaa authentication login default group tacacs+ line local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec ES group tacacs+
aaa authorization commands 0 default group tacacs+ none
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
flow record NFrecord
match ipv4 tos
match ipv4 dscp
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect routing forwarding-status
collect transport tcp flags
collect interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
flow monitor NFmonitor
record NFrecord
exporter NFexport1
exporter NFexport
cache timeout inactive 30
cache timeout active 60
cache entries 1000
no ip source-route
no ip domain-lookup
no ip igmp snooping vlan X
spanning-tree portfast
spanning-tree bpdufilter enable
01-02-2014 09:40 AM
really surprise to see no one posted for singlecommand....
01-02-2014 10:30 PM
Dinesh,
What you need is best practice's in the network.
Regards,
Sathvik K V
01-03-2014 09:34 PM
Look on cco for doc id 13608, guide to harden IOS devices.
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide