심히 걱정된다 - 2008/08/20 10:02
장비 초기화

Switch#conf t
Switch#erase startup-config
Switch#write erase                :config 설정 전체 초기화
Switch#reload                       :재부팅
장비 기본 셋팅
Switch>en
Switch#conf t
Switch(config)#clock timezone KST 9
Switch(config)#ntp server 203.248.240.103
Switch(config)#hostname 2950_A                           :호스트네임설정
2950_A(config)#enable secret 비번                         :enable 비번설정
2950_A(config)#service password-encryption           :모든 암호를 MD5 로 암호화.
2950_A(config)#line console 0                               :콘솔연결설정
2950_A(config-line)#password 비번                        :콘솔연결비번설정
2950_A(config-line)#login                                     :콘솔연결시 비번 묻는 설정
2950_A(config-line)#logging synchronous                :명령어 입력중 시스템메세지가 뜨면 자동으로 줄을
                                                                        바꾸어 입력중인 명령어를 다시표시
2950_A(config-line)#exec-timeout 0 0                   :콘솔접속시 타임아웃 없음으로 설정
2950_A(config)#exit
2950_A(config)#access-list 23 permit 1.1.1.1         :텔넷 접속 제한을 위한 acl
2950_A(config)#access-list 23 deny any
2950_A(config)#line vty 0 4
2950_A(config-line)#exec-timeout 1 0                  :텔넷접속후 1분동안 아무 입력없으면 세션 종료.
2950_A(config-line)#transport input telnet            :telnet protocol 만 허용.
2950_A(config-line)#password 비번                    :텔넷연결비번설정
2950_A(config-line)#login
2950_A(config-line)#access-class 23 in             :acl 23번 적용
2950_A(config-line)#logging synchronous
2950_A(config)#exit
2950_A(config)#interface vlan 1
2950_A(config-if)#ip address 211.233.5.75 255.255.255.240     :스위치 접속 아이피 셋팅 ,아이피대역 해당
                                                                                 서브넷마스크
2950_A(config-if)#no shutdown
2950_A(config-if)#exit
2950_A(config)#ip default-gateway 211.xxx.xxx.xxx             :Switch에서 외부와 통신이 필요한 경우
                                                                                Default-Gateway 할당하기

2950_A(config)#access-list 12 permit 211.xxx.xxx.xxx         :acl 12번에 열어줄 아이피 셋팅
2950_A(config)#access-list 12 deny any
2950_A(config)#snmp-server community nforce ro 12          :스위치snmp서버 셋팅 커뮤니티,
                                                                               ro(read only),acl 12번적용.

불필요 서비스 제거
    . 웹서비스(http) 제거
    . tcp-small service 제거
    . udp-small service 제거
    . finger, pad, source-route, bootp, domain-lookup, redirects, unreachable,
      directed-broadcast, proxy-arp, mask-rely, tftp 제거
2950_A(config)#no service tcp-small-servers
2950_A(config)#no service udp-small-servers
2950_A(config)#no service finger
2950_A(config)#no service pad
2950_A(config)#no ip source-route
2950_A(config)#no ip bootp server
2950_A(config)#no ip domain-lookup
2950_A(config)#no ip http server
2950_A(config-if)#no ip redirects
2950_A(config-if)#no ip unreachables
2950_A(config-if)#no ip directed-broadcast
2950_A(config-if)#no ip proxy-arp
2950_A(config-if)#no ip mask-relay
 
2950_A(config)#no cdp run
:원격의 시스코 장비에 대한 정보를 확인할 수 있는 CDP(Cisco Discovery Protocol)는 사용하지 않는다면 off
차후 Vlan 사용 시 Native vlan missmatch 발생 소지가 있음.
 
 
설정 자동- 복사해서 콘솔에 그냥 붙여넣기만하세요~ 비번이랑 아이피만 설정하시구요 (SecureCRT 에서)
--------------------------------------------------------------------------------------------------
en
conf t
clock timezone KST 9
ntp server 203.248.240.103
hostname C2950
enable secret 비번
service password-encryption         
line console 0                            
password 비번                      
login                                   
logging synchronous               
exec-timeout 0 0
exit 
access-list 20 permit xxx.xxx.xxx.xxx      
line vty 0 4
exec-timeout 5 0              
transport input telnet          
password 비번                  
login
access-class 20 in           
logging synchronous
exit
interface vlan 1
ip address xxx.xxx.xxx.xxx 255.255.255.0   
no shutdown
exit
ip default-gateway xxx.xxx.xxx.xxx         
access-list 30 permit xxx.xxx.xxx.xxx       
snmp-server community nforce ro 30       
no service tcp-small-servers
no service udp-small-servers
no service finger
no service pad
no ip source-route
no ip domain-lookup
no ip http server
exit
wr
----------------------------------------------------------------------------------------------
 
진보블로그 공감 버튼트위터로 리트윗하기페이스북에 공유하기딜리셔스에 북마크
TAG

Trackback Address ::

http://blog.jinbo.net/manim/trackback/27
PREV 1 2 3 4 5 6 7 ... 29 NEXT