Академический Документы
Профессиональный Документы
Культура Документы
//AAA
aaa radius-server NPS01 host 10.208.1.31 key FM1040
aaa authentication http NPS01 local
aaa accounting vlan NPS01 local
//Appropriate banners shall be configured during login or for message of the day
(MOTD)
"Two steps are rquired to change the login banner. These steps are listed here:
� Create a text file that contains the banner you want to display in the
switch�s /flash/switch directory.
� Enable the text file by entering the session banner CLI command followed by the
filename.
To create the text file containing the banner text, you may use the vi text editor
in the switch. This
method allows you to create the file in the /flash/switch directory without leaving
the CLI console
session. You can also create the text file using a text editing software package
(such as MS Wordpad) and
transfer the file to the switch�s /flash/switch directory
If you want the login banner in the text file to apply to FTP switch sessions,
execute the following CLI
command where the text filename is firstbanner.txt.
-> session banner ftp /flash/switch/firstbanner.txt
If you want the login banner in the text file to apply to CLI switch sessions,
execute the following CLI
command where the text filename is secondbanner.txt.
-> session banner cli /flash/switch/secondbanner.txt"
using FTP
Snipp- save "Hardening", "3-1h" before transfer
Snipp- save "Hardening", "3-2h" after transfer
Command:-
session banner cli /flash/switch/banner.txt
session banner http /flash/switch/banner.txt
session banner ftp /flash/switch/banner.txt
Note:- Assuming that the banner file is banner.txt
//Timeout for Login Sessions
session login-timeout 240
session timeout cli 5
show system
//Clock Timezone
system timezone zp8
//correct the time
system time hh:mm:ss
show system
//System Logging
swlog
swlog appid bridge level warning
//Logging Buffer-ok
swlog output flash file-size 128000
show swlog
show ip config
Snipp- save "Hardening", "7h"
===================================================================
//create management vlan 10.232.x.224/28 -pool ////"X" is the existing pool
====================================================================
Commands:-
vlan 510 name "management"
vlan 510 enable
ip interface MANAGEMENT address 10.232.x.228/28 vlan 510
vlan 510 port default <port_number> // assign vlan 510 to one interface [note down
the interface].
show ip interface
password
switch
HCL@dm1n
HCL@dm1n
======================================================================
write memory
copy working certified
Snipp- save "Final Test", "Console/FTP/HTTP/SSH and Telnet and FTP Mngt/HTTP
Mngt/SSH and Telnet Mngt"
Notes:-
note down the unused interfaces.
note down in which interface the management vlan is assigned by you.
collect all logs.
collect screenshots.
you may encounter "Low Flash Memory Issue" hence after updating AOS Delete 2 files
inside "Working directory"
Check your boot.cfg to see if all configs are set on the router before backup and
doing certify. Screenshot needed as well.
you need to have 4 backup copies of boot.cfg
Boot1 : before AOS update
Boot2 : after AOS update
Boot3 : after hardening
Final : copy form certified folder