Verify Unicast Reverse-Path – Per Layer 3 Interface: * Violators are subject to dismissal and prosecution * * programs or services is a violation of policy and a * * tampering with computer, data, information, * * Unauthorized use, possession, duplication or * Login block-for 100 attempts 5 within 100 No login (older versions) (new versions use “login authentication null”) Privilege level 15 <-–allow priv access after login Login authentication console <-–See above aaa authentication commandĪccess-class 1 in OR access-class vty-access in ***********************************************************Įnable algorithm-type sha256 secret JohnDoe privilege 15 algorithm-type sha256 secret 0 Security and Disable Reverse-Telnet:Īaa authentication login console local <-–For security & local access if AAA servers are not available. Service timestamps log datetime msec localtime show-timezone No setup express <-–Not used on current switches Switchport trunk encapsulation dot1q (mostly needed on older devices). Native VLAN must match on both sides of the trunk. Switchport trunk native vlan 2 <-if not used for security and is used as a VLAN for the device on the other side which does not support tagging and is not used for security (unused VLAN), then it must be allowed with other VLANs (switchport trunk allowed vlan). Switchport trunk native vlan 2 <-for security, use a VLAN that is not used. Switchport trunk allowed vlan 10,20,50,100 Some of these can also be applied to a Cisco router. It is important to understand each command or configuration before applying it to a switch in production. Here are my notes for the basic minimum Cisco switch best practices for configuration and security. Last updated on November 17th, 2022 at 07:41 am
0 Comments
Leave a Reply. |