Безопасность на порту коммутатора — различия между версиями

Материал из wiki
Перейти к: навигация, поиск
(Новая страница: «<pre> -2014 target ------------ ip arp inspection vlan 88 ip arp inspection validate src-mac ip ip arp inspection log-buffer entries 1024 ip arp inspection log-bu…»)
 
Строка 3: Строка 3:
 
ip arp inspection vlan 88
 
ip arp inspection vlan 88
 
ip arp inspection validate src-mac ip
 
ip arp inspection validate src-mac ip
ip arp inspection log-buffer entries 1024
 
ip arp inspection log-buffer logs 50 interval 30
 
!
 
spanning-tree mode rapid-pvst
 
!
 
ip dhcp pool LAN
 
network 10.111.0.0 255.255.255.0
 
default-router 10.111.0.1
 
dns-server 212.192.64.2
 
 
!
 
!
 
!
 
!
 
ip dhcp snooping vlan 88
 
ip dhcp snooping vlan 88
 
ip dhcp snooping
 
ip dhcp snooping
no ip domain-lookup
 
!
 
 
!
 
!
interface FastEthernet0/2
+
interface range FastEthernet0/1-24
switchport access vlan 88
 
switchport mode access            !  do not receive DTP
 
 
  switchport nonegotiate            !  do not send DTP
 
  switchport nonegotiate            !  do not send DTP
 
  switchport port-security maximum 2
 
  switchport port-security maximum 2
 
  switchport port-security
 
  switchport port-security
 
  storm-control broadcast level 20.00
 
  storm-control broadcast level 20.00
storm-control unicast level 20.00
 
 
  no cdp enable
 
  no cdp enable
 
  spanning-tree bpduguard enable
 
  spanning-tree bpduguard enable
 
  ip verify source port-security
 
  ip verify source port-security
 
end
 
end
------- 2014 source default ----
 
  
username cisco password 0 cisco
 
enable secret 0 cisco
 
!
 
spanning-tree mode rapid-pvst
 
!
 
no ip domain-look
 
!
 
ip dhcp pool LAN
 
  network 10.111.0.0 255.255.255.0
 
  default-router 10.111.0.1
 
!
 
vlan 88
 
!
 
int vlan 88
 
  ip address 10.111.0.1 255.255.255.0
 
  no shut
 
!
 
int range fa 0/1-24
 
  sw acc vl 88
 
  sw mo acc
 
  spann portfast
 
!
 
line vty 0 15
 
  login local
 
  logg syn
 
!
 
!
 
 
</pre>
 
</pre>
  

Версия 03:56, 18 апреля 2014

-2014 target ------------
ip arp inspection vlan 88
ip arp inspection validate src-mac ip
!
!
ip dhcp snooping vlan 88
ip dhcp snooping
!
interface range FastEthernet0/1-24
 switchport nonegotiate            !   do not send DTP
 switchport port-security maximum 2
 switchport port-security
 storm-control broadcast level 20.00
 no cdp enable
 spanning-tree bpduguard enable
 ip verify source port-security
end