13、CISCO交换机常规配置

1、同步网络时钟、设置日志格式

conf t

clock timezone GMT +8

ntp server 120.25.115.20

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

end

show clock



2、搭建日志服务器

vim /etc/rsyslog.conf

# Provides UDP syslog reception

$ModLoad imudp

$UDPServerRun 514

$template RemoteHost,"/home/syslog/%$YEAR%-%$MONTH%-%$DAY%/%FROMHOST-IP%.log"   

*.*  ?RemoteHost


# Provides TCP syslog reception

$ModLoad imtcp

$InputTCPServerRun 514

$template RemoteHost,"/home/syslog/%$YEAR%-%$MONTH%-%$DAY%/%FROMHOST-IP%.log"   

*.*  ?RemoteHost


3、交换机同步日志

conf t

logging on

logging host 192.168.1.15

logging facility local7

logging trap 7

end

write


4、搭建tftp服务器

yum -y install xinetd tftp-server


vim /etc/xinetd.d/tftp 

service tftp

{

        socket_type             = dgram

        protocol                = udp

        wait                    = yes

        user                    = root

        server                  = /usr/sbin/in.tftpd

        server_args             = -s /tmp/config -c

        disable                 = no

        per_source              = 11

        cps                     = 100 2

        flags                   = IPv4

}


chmod ugo+w /tmp/config

/etc/init.d/xinetd start


cat /home/config.sh 

#!/bin/bash

#

#

dirdate=`date +%Y%m%d`

mkdir -p /home/$dirdate

mv /tmp/config/* /home/$dirdate


crontab -l

*/30 6 * * * /home/config.sh


5、自动备份到tftp


kron occurrence BAK at 6:00 recurring

 policy-list BAK

kron policy-list BAK

 cli show run | redirect tftp://192.168.1.1/192.168.1.2.cfg


6、设置访问策略


access-list 1 permit 192.168.1.5


login block-for 60 attempts 3 within 30

login quiet-mode access-class 10

login on-failure log

login on-success log


access-list 1 permit 192.168.1.1


ip domain-name test.com

enable secret Abc@123

username switch_admin password Abc@123

service password-encryption


line console 0

login local


line vty 0 15

access-class 1 in

login local

exec-timeout 5 0

transport input ssh

transport output ssh

crypto key generate rsa


上一篇:python – ssl.SSLError:tlsv1警报协议版本


下一篇:642-975 考试快报