Professional Documents
Culture Documents
R1(config)#int Mi(H+
R1(config-if)#ip ips iosips in
Load the 1<S 1S. signature package on the /outer
copy ftp'HHftpIuser'passwordNserverI1.IaddressHsignatureIpackage idconf
show ip ips signature count
0odify Cisco 1<S 1S. signature
Router(config)ip ips signature-definition
Router(config-sigdef)signature -+*( +(
Router(config-sigdef-sig)status
Router(config-sigdef-sig-status)retired true
Router(config-sigdef-sig-status)enable true
Router(config-sigdef-sig-status)exit
Router(config-sigdef-sig)exit
R1(config)#ip ips signature-category
R1(config-is-categor()#category iosIips basic
R1(config-is-categor(-action)#retired false
R1(config-is-categor(-action)#exit
R1(config)ip ips signature-definition
R1(config-sigdef)signature -+*( +(
R1(config-sigdef-sig)engine
R1(config-sigdef-sig-engine)event-action produce-alert
R1(config-sigdef-sig-engine)event-action deny-packet-inline
R1(config-sigdef-sig-engine)event-action reset-tcp-connection
R1(config)#ip ips signature-category
R1(config-is-categor()#category iosIips basic
R1(config-is-categor(-action)#event-action produce-alert
R1(config-is-categor(-action)#event-action deny-packet-inline
R1(config-is-categor(-action)#event-action reset-tcp-connection
show ip ips all
show ip ips configuration
show ip ips interface
show ip ips signature
show ip ips statistics
Layer 6
.ort Security
switch(config-if)switchport port-security
switch(config-if)switchport port-security mac-address mac-address
switch(config-if)#switchport port-security mac-address sticky
switch(config-if)switchport port-security violation $protect % restrict % shutdown % shutdown vlan&
.ortAast
Oonly access port
switch(config)spanning-tree portfast default
switch(config-if)spanning-tree portfast
C.3; Muard
switch(config)spanning-tree portfast bpduguard default
switch#show spanning-tree summary
switch#show spanning-tree summary totals
switch(config)spanning-tree portfast bpdufilter default
/oot Muard
switch(config-if)spanning-tree guard root
switch#show spanning-tree inconsistentports
Storm control
switch(config-if)storm-control broadcast level E,7,
switch(config-if)storm-control multicast level pps 6k +k
switch(config-if)storm-control action shutdown% trap
S.A4
switch(config-if)monitor session + source interface Mi(H+
switch(config-if)monitor session + destination interface Mi(H6 encapsulation replicate
switchshow monitor session +
.rivate VLA4 Edge
switch(config-if)switchport protect
V.4
+7 Configure compatible ACL
access-list 1,$ ermit ah host 1-$!&,!1!$ host 1-$!&,!$!$
access-list 1,$ ermit es host 1-$!&,!1!$ host 1-$!&,!$!$
access-listt 1,$ ermit ud host 1-$!&,!1!$ host 1-$!&,!$!$ e. *,,
int s,/,/,
i access-grou 1,$ in
$! "onfigure 012
R1(config)#cr(to isa3m olic( 11,
R1(config-isa3m)#authentication re-share #rsa-sig
R1(config-isa3m)#encr(tion des
R1(config-isa3m)#grou +
R1(config-isa3m)#hash md* #sha
R1(config-isa3m)#lifetime 8-)(((
R1(config)#crypto isakmp key key-string address address
&! 4ransform set
crypto ipsec transform-set transform-set-name transform& transform' ( transform)
ah-md*-hmac ah-sha1-hmac es-null es-des es-&des es-aes es-aes $*5
4! "r(to +"6s
access-list 11, ermit tc 1,!,!1!, ,!,!,!$** 1,!,!$!, ,!,!,!$**
*! +l( cr(to ma
crypto map map-name se* ipsec-isakmp
crypto map 0B0A. +( ipsec-isakmp
>?match address ++(
>?set peer +E67*(7676
>?set pfs group+
>?set tranform-set 014E
>?set security-association lifetime seconds 8-)(((
int s(H(H(
>?crypto map 0B0A.
show crypto map
show crypto isakmp policy
show crypto ipsec sa
show crypto ipsec transform-set
show crypto isakmp
show crypto ipsec