Lab2
1.6
SW1 only configure "vtp pruning"
1.7
SW1
aaa new-model
aaa authentication login default none
aaa authentication dot1x default group radius
!
dot1x system-auth-control <-- enable dot1x
!
interface fastethernet0/9
switchport mode access
dot1x port-control autoip radius source-interface Loopback0
radius-server host 204.12.1.100
radius-server key CISCO
4.3 OSPF
passive-interface to stop hello packet
cannot stop LSA advertisement by ip ospf database-filter all out
Catalystmemo switch macro
conf t
macro name ping_external
do ping 200.0.0.1
do ping 200.0.1.1
@
macro global apply ping_external
6.3
interafce serial0/0
ip pim nbma-mode
Rack9R2#show ip mroute 228.28.28.28
(*, 228.28.28.28), 03:22:58/00:02:56, RP 150.9.2.2, flags: S
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Serial0/0, 132.9.0.1, Forward/Sparse, 00:03:32/00:02:56
9 Security
9.1
no ip source-route
no ip bootp serverinterface fastethernet 0/1
no ip proxy-arp
no cdp enalbe
9.3
snmp-server community public RO 1
access-list 1 deny any log
logging 132.1.33.100
10.1 Ssytem Management
rmon absolute because its 5 min average.
10.2
line vty 0 4
exec-timeout 5 0 <-- logout after 5min if its inactive
logging-warning 60 <-- warning before absolute timer
aboslute-timeout 15 <-- absolute timer
login local
10.3
username NOC secret CISCO
this is not usable for PPP PAP or CHAP.
10.4
logging trap debugging
logging trap 7
11.1
deny udp nay any eq snmp
permit icmp any any time-exceeded
permit icmp any any port-unreachable
deny icmp any any
permit ip any any