Cisco Systems



Modules:  1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  CS1  |  CS2  |  All  |
Module 9: Monitoring and Security
 
9.1.5 Configuring SPAN sessions

Switch(config)#no monitor session session_number
Switch(config)#monitor session session_number source interface fastEthernet module/interface
Switch(config)#monitor session session_number destination interface fastEthernet module/interface encapsulation dot1q | isl
Switch(config)#no monitor session session_number source interface interface-id global
Switch(config)#no monitor session session_number destination interface interface-id
9.1.6 VSPAN – SPAN using VLANS as monitored source

Switch(config)#monitor session session-number source vlan start-range - end-range rx
Switch(config)#monitor session session-number destination interface interface-id
Switch(config)#monitor session session-number source vlan vlan-id rx
Switch#show monitor session session-number
Switch(config)#no monitor session session_number source vlan vlan-id
Switch(config)#no monitor session session_number destination interface interface-id global configuration command is used
Switch#show monitor

9.2.2 RSPAN reflector ports

Switch(config)#monitor session_number destination remote vlan vlan_number reflector-port port_id;

9.2.5 Configuring RSPAN

Switch(config)#monitor session session-number source remote vlan remote-vlan

9.2.6 Configuring RSPAN to filter trunks for specific VLAN traffic

Switch(config)#no monitor session session_number filter
Switch(config)#monitor session session-number source interface interface-id rx
Switch(config)#monitor session session-number filter vlan start-range - end-range , vlan

9.3.5 NAM Troubleshooting

Switch#hw-mod module mod shutdown
Switch#hw-mod module mod reset

9.3.7 Configuring the Switch Fabric Module

Router(config)#[no] fabric switching-mode allow {bus-mode | {truncated [{threshold [number]}]}
Router(config)#fabric required
Router(config)#no fabric required

9.3.8 Monitoring the Switch Fabric Module

Switch#show module information
Switch#show fabric active
Switch#show fabric switching modes
Switch#show fabric status all
Switch#show fabric utilization all
Switch#show fabric error

9.4.7 Basic password protection

Switch(config)#enable secret password service password-encryption Switch(config-line)#password password

9.5.2 Advanced user name options

Switch(config)#username name secret password
Switch(config)#username name password password
Switch(config)#username name privilege level
Switch(config)#username name user-maxlinks number
Switch(config)#username name access-class access-list
9.5.6 Securing the web management interface

Switch(config)#ip http server
Switch(config)#ip http port HTTP-port
Switch(config)#ip http access-class ACL-number
9.5.7 Using access lists to restrict remote management

Switch(config-line)#access-class ACL-number in|out
Switch(config)#ip http access-class ACL-number
Switch(config)#username name access-class access-list
Switch(config)#snmp community string [ro|rw|view] access-list
Switch(config)#ntp access-group [peer|query-only|serve|serve-only] access-list

9.5.8 Additional remote management session options

Switch(config)#banner motd
Switch(config-line)#motd-banner
Switch(config-line)#vacant-message
Switch(config-line)#refuse-message
9.5.9 Configuring verifying, and troubleshooting SSH server

Switch(config)#ip domain-name domain-name
Switch(config)#username user-name secret secret-password
Switch(config)#line vty 0 15
Switch(config-line)#login local
Switch#show ip ssh
Switch#show ssh

9.6.2 Using port security, protected ports and private VLANs

Switch(config-if)#switchport port-security mac-address mac_address

9.6.7 Configuring and verifying port security

Switch(config-if)#switchport port-security
Switch(config-if)#no switchport port-security maximum number-of-addresses
Switch(config)#no switchport port-security mac-address mac_address
Switch(config-if)#no switchport port-security violation {protect | restrict |shutdown}
Switch#show port-security inteface interface-id
Switch#show port-security address
Switch#show storm-control interface-id [broadcast|multicast| unicast]
Switch#show interfaces interface-id counters [broadcast|multicast|unicast]
9.6.8 Configuring and verifying protected ports

Switch(config-if)#no switchport protected

9.6.9 Configuring and verifying access lists

switch(config-if)#ip access-group {access-list-number|name} {in}
Switch#show ip access-list [number|name]

9.7.5 Configuring AAA

Switch(config)#no aaa new-model

9.7.6 Configuring TACACS+ and RADIUS clients

Router(config)#tacacs-server host ip-address
Router(config)#tacacs-server host
Router(config)#tacacs-server key
Router(config)#tacacs-server key word
Router#show tacacs
Router(config)#radius-server host ip-address
Router(config)#radius-server key word

9.7.7 Configuring AAA authentication

Router(config)#aaa authentication
Router(config)#aaa authentication ppp {default | list-name} method1 [...[method4]]
Router(config)#aaa authentication login {default | list-name} method1 [...[method4]]
Router(config-line)#aaa login authentication
Router(config)#aaa new-model
Router(config)#radius-server host
Router(config)#radius-server key
Router(config)#aaa authentication login default local
Router(config)#aaa authentication login PASSPORT group radius local none
Router(config-line)#login authentication listname

9.7.8 Configuring AAA authorization

Router(config)#aaa authorization type {default | list-name} [method1 [...[method4]]
Router#show privilege

9.7.9 Configuring AAA accounting

Router(config)#aaa accounting command
Router(config)#aaa accounting network

9.8.3 Ports in authorized and unauthorized states

Switch(config-if)#dot1x port-control {force-authorized | force-unauthorized | auto}
9.8.6 Configuring 802.1X port-base authentication

Switch(config)#aaa authentication dot1x {default} method1 [method2…] Switch(config-if)#dot1x port-control auto
Switch#show dot1x

Close Window
All contents copyright © 2003 Cisco Systems, Inc. All rights reserved.