Cisco Cisco IPS 4520 Sensor Weißbuch
24
Firewall
August 2012 Series
24
Step 4:
Configure the device hostname to make it easy to identify the
device.
hostname
OUT-2960S
Step 5:
Configure VTP transparent mode.
vtp mode transparent
Step 6:
Configure Spanning-Tree (PVST+).
spanning-tree mode rapid-pvst
spanning-tree vlan
1-4094
root primary
Step 7:
Enable Unidirectional Link Detection (UDLD).
udld enable
Step 8:
Set EtherChannels to use the traffic source and destination IP
address.
port-channel load-balance src-dst-ip
Step 9:
Configure device management protocols.
ip domain-name
cisco.local
ip ssh version 2
no ip http server
ip http secure-server
line vty 0 15
transport input ssh
transport preferred none
Simple Network Management Protocol (SNMP) is enabled to allow the
network infrastructure devices to be managed by a Network Management
System (NMS). SNMPv2c is configured both for a read-only and a read-write
community string.
network infrastructure devices to be managed by a Network Management
System (NMS). SNMPv2c is configured both for a read-only and a read-write
community string.
snmp-server community
cisco
RO
snmp-server community
cisco123
RW
Step 10: (Optional)
In networks where network operational support is
centralized you can increase network security by using an access list to limit
the networks that can access your device. In this example, only devices on
the 10.4.48.0/24 network will be able to access the device via SSH or SNMP.
the networks that can access your device. In this example, only devices on
the 10.4.48.0/24 network will be able to access the device via SSH or SNMP.
access-list 55 permit 10.4.48.0 0.0.0.255
line vty 0 15
access-class 55 in
!
snmp-server community cisco RO 55
snmp-server community cisco123 RW 55
Step 11:
Configure DNS for host lookup.
ip name-server 10.4.48.10
Step 12:
Configure local login and password.
username admin password
c1sco123
enable secret
c1sco123
service password-encryption
aaa new-model
Step 13: (Optional)
Configure centralized user authentication.
tacacs server
TACACS-SERVER-1
address ipv4
10.4.48.15
key
SecretKey
!
aaa group server tacacs+
TACACS-SERVERS
server name
TACACS-SERVER-1
!
aaa authentication login default group
TACACS-SERVERS
local
aaa authorization exec default group
TACACS-SERVERS
local
aaa authorization console
ip http authentication aaa
Step 14:
Configure a synchronized clock.
ntp server
10.4.48.17
!
clock timezone
PST -8
clock summer-time
PDT
recurring
!
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
Step 15:
On the outside switch, configure the VLAN for the ISP.
vlan
16
name ISP-A