Home LAN/MAN Switch Configuration Cisco Catalyst Switch Secure Configuration Template

postheadericon Cisco Catalyst Switch Secure Configuration Template

postdateiconFriday, 19 August 2011 09:21 | postauthoriconWritten by ip Balance | Print | E-mail

Here is generic Cisco Catalyst Switch Secure Configuration Template

 

Model 3750
Data Vlan ; AAA
Voice Vlan ; BBB
Native Vlan ; CCC

 

Global Configuration

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service pt-vty-logging

!

vtp mode transparent
udld aggressiv
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree bpdufilterdefault
errdisable recovery interval 300
errdisable recovery cause bpduguard
ip dhcp snooping
ip arp inspection
 

aaa new-model
aaa group server tacacs+ ACS_NET
server x.x.x.x
!
aaa authentication username-prompt "Local Username: "
aaa authentication login default group ACS_NET local
aaa authentication login VTY_NET group ACS_NET local
aaa authentication login CON_NETgroup ACS_NET local
aaa authorization config-commands
aaa authorization exec default group ACS_NET none
aaa authorization commands 1 default group ACS_NET none
aaa authorization commands 15 default group ACS_NET none
aaa accounting commands 15 default stop-only group ACS_NET

ip subnet-zero
no ip source-route
no ip finger
no ip host-routing
no ip domain-lookup
no ip http server
ip tcp path-mtu-discovery
ip tcp

vlan internal allocation policy ascending

 

tacacs-server host 10.44.108.27
tacacs-server directed-request
tacacs-server key 7 110B1B1337425A

!
line con 0
 exec-timeout 15 0
 password 7 [pwd]
 logging synchronous
 login authentication CON_NET
 transport output none
 stopbits 1
line vty 0 15
 exec-timeout 15 0
 password 7 [pwd]
 logging synchronous
 login authentication VTY_NET
 length 0
access-class 1 in
 transport input ssh
access-class 1 in

     

Access Port on Fastethernet

interface FastEthernet x/x
switchport
switchport mode access AAA
switchport nonegotiate
switchport voice vlan BBB
no cdp enable
storm-control broadcast level 60.00 40.00
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
spanning-tree portfast
spanning-tree bpduguard enable
mls qos trust cos
auto qos voip trust
shutdown

 

 

Access Port on GigabitEthernet

interface GigabitEthernet x/x
switchport
switchport mode access AAA
switchport nonegotiate
switchport voice vlan BBB
no cdp enable
storm-control broadcast level 15.00 10.00
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
spanning-tree portfast
spanning-tree bpduguard enable
shutdown

 

Trunk Port

interface GigabitEthernet x/x
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan CCC
switchport nonegotiate
switchport trunk allowed vlan [data vlan ], [voice vlan] and [mgmt vlan]
storm-control broadcast level 15.00 10.00
spanning-tree guard loop
shutdown

 

 

 

Next >

Last Updated (Wednesday, 14 September 2011 11:50)

 
User Menu
Statistics
Content View Hits : 350991
Related Items
Community donors
Polls
Highly recommended firewall vendor?
 
Google Translation
English Arabic Chinese (Simplified) Czech Dutch French German Italian Korean Portuguese Russian Spanish Filipino Vietnamese Thai Turkish
BGP routing issue?
Banner
World Route Servers
Banner
Latest News & Articles
Popular Articles
Who's Online
We have 34 guests online
Expert Links

Copyright © 2012 ipBalance.com. All Rights Reserved.
Term of use | Privacy policy