Answer the question
In order to leave comments, you need to log in
W
W
wegre2021-02-09 16:13:15
wegre, 2021-02-09 16:13:15
How to configure a Cisco switch?
What security issues are there in the Cisco switch configuration file? What can be added / corrected in it in order to strengthen network security?
config
hostname host.switch
!
!
enable secret 5 $1$jX8i$tC7.4rcWcrsiF.B0B9Tni1
!
!
vlan10
name management
ip address 10.10.0.0 255.255.192.0
!
!
vlan20
name it_dep
no ip address
!
!
vlan30
name hr_dep
no ip address
!
!
vlan40
name guest
no ip address
!
!
ip dhcp snooping
ip dhcp snooping vlan 30,40
!
!
interface FastEthernet0/0
description guest
switchport access vlan 40
switchport mode access
storm-control broadcast level pps 40 30
storm-control multicast level pps 40 30
storm-control action trap
ip verify source
ip dhcp snooping limit rate 10
!
!
interface FastEthernet0/1
description hr_dep
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 30,40
switchport port-security maximum 4000
storm-control broadcast level 95 100
storm-control multicast level 95 100
ip dhcp snooping trust
!
!
interface FastEthernet0/2
description it_dep
switchport trunk encapsulation dot1q
switchport mode trunk
switchport port-security maximum 4000
switchport trunk allowed vlan 10,20,30
ip dhcp snooping trust
!
!
interface FastEthernet0/3
description mangement
switchport access vlan 10
switchport mode access
!
!
line con 0
exec-timeout 0 0
privilege level 15
password cisco
logging synchronous
login
!
!
line vty 0 4
password 7 02130A530A0504204E420C573A0713181F
login
line vty 5 15
password 7 02130A642A0504204E420C483A0713181F
login
!
!
enable secret 5 $1$jX8i$tC7.4rcWcrsiF.B0B9Tni1
!
!
vlan10
name management
ip address 10.10.0.0 255.255.192.0
!
!
vlan20
name it_dep
no ip address
!
!
vlan30
name hr_dep
no ip address
!
!
vlan40
name guest
no ip address
!
!
ip dhcp snooping
ip dhcp snooping vlan 30,40
!
!
interface FastEthernet0/0
description guest
switchport access vlan 40
switchport mode access
storm-control broadcast level pps 40 30
storm-control multicast level pps 40 30
storm-control action trap
ip verify source
ip dhcp snooping limit rate 10
!
!
interface FastEthernet0/1
description hr_dep
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 30,40
switchport port-security maximum 4000
storm-control broadcast level 95 100
storm-control multicast level 95 100
ip dhcp snooping trust
!
!
interface FastEthernet0/2
description it_dep
switchport trunk encapsulation dot1q
switchport mode trunk
switchport port-security maximum 4000
switchport trunk allowed vlan 10,20,30
ip dhcp snooping trust
!
!
interface FastEthernet0/3
description mangement
switchport access vlan 10
switchport mode access
!
!
line con 0
exec-timeout 0 0
privilege level 15
password cisco
logging synchronous
login
!
!
line vty 0 4
password 7 02130A530A0504204E420C573A0713181F
login
line vty 5 15
password 7 02130A642A0504204E420C483A0713181F
login
2 answer(s)
@SLIDERWEB
V
Vladimir Pilipchuk, 2021-05-16 @SLIDERWEB
a lot of things can be done. it all depends on what you need.
start by dropping password and using secret
Similar questions
M
E
Eugene P.2015-12-14 14:33:53
How to remotely reboot all/multiple Grandstream and Cisco phones?
3Reply
A
F
O
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question