cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1019
Views
0
Helpful
3
Replies

Switch configuration documents

Hi Team

                     I need to prepare the documents  for Coreswitch,Aggregation switch and Server Farm Switches in our network.. So i need what are the things must to do in these switches to securing the switches from the external attacks.. Basis configuration with explanation. So that i can pick up good points from experienced person and i can prepare the documents for it.. Every one experience person commands welcome. Below are the some commands i need some clarification why these commands was used what is advantage of it and what will be disadvantage of it(was nit used). i serach it in google and can prepare good documents.. But i think this best forum to get more technical knowledge about it from experience. when completing this documents i am also more knowledgeble from this. Let we open this forum and keep it opening until my documents was ready.

My switch details are.

Cisco  catalyst 4507R+E as core switch

2960 G as Edge switch or aggregation switch

2960 S as server farm switch.

Please explain these commands. i will start from here , I will keep on Posting the some more commands once i will get clear answer for the posted commands and also u can post some more commands which will necessary for securing the network from possible attacks.

aaa authentication login default group tacacs+ line local

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec ES group tacacs+

aaa authorization commands 0 default group tacacs+ none

aaa authorization commands 1 default group tacacs+ none

aaa authorization commands 15 default group tacacs+ none

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

flow record NFrecord

match ipv4 tos

match ipv4 dscp

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

collect routing forwarding-status

collect transport tcp flags

collect interface output

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last

flow monitor NFmonitor

record NFrecord

exporter NFexport1

exporter NFexport

cache timeout inactive 30

cache timeout active 60

cache entries 1000

no ip source-route

no ip domain-lookup

no ip igmp snooping vlan X

spanning-tree portfast

spanning-tree bpdufilter enable





3 Replies 3

really surprise to see no one posted for singlecommand....

Dinesh,

What you need is best practice's in the network.

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_tech_note09186a0080094713.shtml#secconf

Regards,

Sathvik K V

Look on cco for doc id 13608, guide to harden IOS devices.

Sent from Cisco Technical Support iPad App