已阅读5页,还剩31页未读, 继续免费阅读
版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
OptimizingandSecuringMultilayerSwitchedNetworks,Module9,OptimizingMultilayerSwitchedNetworks,2003,CiscoSystems,Inc.Allrightsreserved.,BCMSNv2.09-2,Objectives,Uponcompletingthislesson,youwillbeableto:DescribetechniquestoenhancetheperformanceofamultilayerswitchednetworkMonitorswitchportsusingSPANandVSPANMonitorswitchportsusingRSPANDescribethefeaturesandoperationofnetworkanalysismodulesonCatalystswitchestoimprovenetworktrafficmanagementVerifyandtroubleshoottheoperationofnetworkanalysismodules,EnhancingNetworkPerformance,Gatherabaseline.Performawhat-ifanalysis.Performexceptionreportingforcapacityissues.Determinethenetworkmanagementoverhead.Analyzethecapacityinformation.Periodicallyreviewcapacityinformation.Haveupgradeortuningproceduressetup.,SwitchedPortAnalyzer,ConfiguringSPAN,Switch(config)#monitorsessionsession_numsourceinterfacetype/num|vlannum,|-|rx|tx|both,ConfiguresaSPANsessiontomonitortraffic,Switch(config)#monitorsessionsession_numberdestinationinterfacetype/num,|-|vlannum,ConfiguresthedestinationforaSPANsession,RemoteSPAN,ConfiguringRSPAN,EntersconfigurationmodeforaspecificVLAN,Switch(config)#vlanvlan-number,EnablesRSPANfortheVLAN,Switch(config-vlan)#remote-span,VerifyingSPANandRSPAN,Switch#showmonitorsessionsession_numberdetail,DisplaysSPANsessioninformation,Switch#showmonitorsession2Session2-Type:RemoteSourceSessionSourcePorts:RXOnly:Fa3/1DestRSPANVLAN:901,Switch#showmonitorsession2detailSession2-Type:RemoteSourceSessionSourcePorts:RXOnly:Fa1/1-3TXOnly:NoneBoth:NoneSourceVLANs:RXOnly:NoneTXOnly:NoneBoth:NoneSourceRSPANVLAN:NoneDestinationPorts:NoneFilterVLANs:NoneDestRSPANVLAN:901,NetworkAnalysisModule,NAMInitialConfiguration,AssignparametersIPaddressSubnetmaskIPbroadcastaddressIPhostnameDefaultgatewayDomainnameDNSnameserverSNMP(MIBvariables,accesscontrol,systemgroupsettings)Startthewebserver,ConfiguringNAM,Switch(config)#interfacegi8/0Switch(config-if)#switchportaccessvlan93Switch(config-if)#endSwitch(config)#monitorsession1destinationinterfacegi8/1rootlocalhost#autostartaddressmapenable,Enablesacollectiontype,Rootlocalhost#autostartcollectionenable,VerifyingNAM,Switch#showmodule,Displaysinformationaboutinstalledmodules,Switch#showmoduleModPortsCardTypeModelSerialNo.-22Catalyst6000supervisor2(Active)WS-X6K-SUP2-2GESAD0410050B34848port10/100mbRJ-45ethernetWS-X6248-RJ-45SAD0308048552NetworkAnalysisModuleWS-X6380-NAMSAD05130AXB72IntrusionDetectionSystemWS-X6381-IDSSAD05100HPT,Switch#showinterfaceGigabitEthernetslot/1|2,DisplaysNAMinterfaceinformation,Summary,Performancemanagementmaintainsinternetworkperformanceatacceptablelevelsbymeasuringandmanagingvariousnetworkperformancevariables.SPANselectsandcopiesnetworktraffictosendtoanetworkanalyzer.RemoteSPANisavariationofSPANthatsendsmonitoredtrafficthroughanintermediateswitchratherthandirectlytothetrafficanalyzer.ANAMusesSNMPRMONinformationtomonitorandanalyzenetworktraffic.UsetheshowcommandstoverifyNAMconfiguration.,SecuringMultilayerSwitchedNetworks,2003,CiscoSystems,Inc.Allrightsreserved.,BCMSNv2.09-15,Objectives,Uponcompletingthislesson,youwillbeableto:ExplainbasicsecurityconceptsforthemultilayerswitchednetworkConfigureauthentication,authorization,andaccountingonCatalystswitchesConfigureportsecurityandport-basedauthenticationwith802.1XVerifythenetworkaccesssecurityconfigurationConfigureVLANaccesslistsVerifytheVLANaccesslistsecurityconfiguration,RecommendedSwitchSecurity,SetsystempasswordsConfigurebasicACLsSecurephysicalaccesstotheconsoleSecureaccesstoVTYsConfiguresystemwarningbannersDisableunneededservicesSSH,TrimCDPDisabletheintegratedHTTPdaemonConfigurebasicloggingSecureSNMPLimittrunkingconnectionsSecurethespanning-treetopology,AAANetworkConfiguration,AuthenticationVerifiesausersidentifyAuthorizationSpecifiesthepermittedtasksfortheuserAccountingProvidesbilling,auditing,andmonitoring,ConfiguringAuthentication,Switch(config)#aaanew-model,EnablesAAAglobally,Switch(config)#aaaauthenticationlogindefault|list-namemethod1method2.,Createsalocalauthenticationlist,Switch(config)#lineaux|console|tty|vtyline-numberending-line-number,Enterslineconfigurationmode,Switch(config-line)#loginauthenticationdefault|list-name,Appliestheauthenticationlisttoaline,ConfiguringAuthorization,Switch(config)#aaaauthorizationauth-proxy|network|exec|commandslevel|reverse-access|configuration|ipmobiledefault|list-namemethod1method2.,Createsanauthorizationmethodlistandenablesauthorization,Switch(config)#interfaceinterface-typeinterface-number,Entersinterfaceconfigurationmode,Switch(config-if)#pppauthorizationdefault|list-name,Appliesthenamedauthorizationmethodlisttotheinterface,ConfiguringAccounting,Switch(config)#aaaaccountingsystem|network|exec|connection|commandsleveldefault|list-namestart-stop|stop-only|nonemethod1method2.,Createsanaccountingmethodlistandenablesaccounting,Switch(config)#interfaceinterface-typeinterface-number,Entersinterfaceconfigurationmode,Switch(config-if)#pppaccountingdefault|list-name,Appliesthenamedaccountingmethodlisttotheinterface,PortsecurityisaMACaddresslockdownthatdisablestheportiftheMACaddressisnotvalid.,NetworkAccessPortSecurity,EnablingPortSecurity,Switch(config-if)#switchportport-securitymaximumvalueviolationprotect|restrict|shutdown,EnablesportsecurityandspecifiesthemaximumnumberofMACaddressesthatcanbesupportedbythisport,802.1XPort-BasedAuthentication,RestrictsunauthorizedclientsfromconnectingtoaLANthroughpubliclyaccessibleports,Configuring802.1XPort-BasedAuthentication,Switch(config)#aaaauthenticationdot1xdefaultmethod1method2.,Createsan802.1Xport-basedauthenticationmethodlist,Switch(config)#dot1xsystem-auth-control,Globallyenables802.1Xport-basedauthentication,Switch(config)#interfacetypeslot/port,Entersinterfaceconfigurationmode,Switch(config-if)#dot1xport-controlauto,Enables802.1Xport-basedauthenticationontheinterface,VerifyingPortSecurity,Switch#showport-security,Displayssecurityinformationforallinterfaces,Switch#showport-securitySecurePortMaxSecureAddrCurrentAddrSecurityViolationSecurityAction(Count)(Count)(Count)-Fa5/111110ShutdownFa5/51550RestrictFa5/11540Protect-TotalAddressesinSystem:21MaxAddresseslimitinSystem:128,VerifyingPortSecurity(Cont.),Switch#showport-securityinterfaceinterfacex/y,Displayssecurityinformationforaspecificinterface,Switch#showport-securityinterfacefastethernet5/1PortSecurity:EnabledPortstatus:SecureUpViolationmode:ShutdownMaximumMACAddresses:11TotalMACAddresses:11ConfiguredMACAddresses:3Agingtime:20minsAgingtype:InactivitySecureStaticaddressaging:EnabledSecurityViolationcount:0,VerifyingPortSecurity(Cont.),Switch#showport-securityaddress,DisplaysMACaddresstablesecurityinformation,Switch#showport-securityaddressSecureMacAddressTable-VlanMacAddressTypePortsRemainingAge(mins)-10001.0001.0001SecureDynamicFa5/115(I)10001.0001.0002SecureDynamicFa5/115(I)10001.0001.1111SecureConfiguredFa5/116(I)10001.0001.1112SecureConfiguredFa5/1-10001.0001.1113SecureConfiguredFa5/1-10005.0005.0001SecureConfiguredFa5/52310005.0005.0002SecureConfiguredFa5/52310005.0005.0003SecureConfiguredFa5/52310011.0011.0001SecureConfiguredFa5/1125(I)10011.0011.0002SecureConfiguredFa5/1125(I)-TotalAddressesinSystem:10MaxAddresseslimitinSystem:128,TypesofACLs,ConfiguringVACLs,Switch(config)#vlanaccess-mapmap_nameseq#,DefinesaVLANaccessmap,Switch(config-access-map)#matchipaddress1-199|1300-2699|acl_name|ipxaddress800-999|acl_name|macaddressacl_name,ConfiguresthematchclauseinaVLANaccessmapsequence,Switch(config-access-map)#actiondroplog|forwardcapture|redirecttypeslot/port|port-channelchannel_id,ConfigurestheactionclauseinaVLANaccessmapsequence,Switch(config)#vlanfiltermap_namevlan_listlist,AppliestheVLANaccessmaptothespecifiedVLANs,CustomerVLANRequirements,ISPcustomersrequireInternetaccessformultipleserversIsolationfromothercustomersCommunicationbetweenserversTraditionalsolution:oneVLANandIPsubnetpercustomerHighresourcerequirementsLimitedscalabilityHighmanagementcomplexity,PrivateVLANs,PVLANPortsandTypes,PrivateVLANports:Promiscuous:CancommunicatewithallotherportsIsolated:CanonlycommunicatewithpromiscuousportsCommunity:CancommunicatewithothermembersofcommunityandallpromiscuousportsPrivateVLANtypes:Primary:UsedbypromiscuousportstocommunicatewithallotherportsintheprivateVLANIsolated:UsedbyisolatedportstocommunicatewithpromiscuousportsCommunity:Usedbycommunityportstocommunicatewitheachotherandpromiscuousports,ConfiguringPrivateVLANs,Switch(config-vlan)#private-vlanprimary|isolated|community,ConfiguresaVLANasaprivateVLAN,Switch(config-vlan)#private-vlanassociationsecondary_vlan_list|addsvl|removesvl,AssociatessecondaryVLANswiththeprimaryVLAN,Switch#showvlanprivate-vlantype,Ver
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2025年生物化学模拟习题(含参考答案)
- 消控员证书题目及答案
- 2025房屋租赁合同的基本协议
- 曹阳二中分班考试试卷及答案
- 2025港口物流运输合同
- 藏医解剖技术考试题库及答案
- 2025终止的工程承包合同
- 仓管员的入职考试题目及答案
- 2025年基层眼科试题及答案解析
- 2025建筑工程合同样本
- 急性阑尾炎病人护理课件
- 2026年高考政治一轮复习:高考政治主观题背诵提纲汇编
- 骨科手术切口感染的预防与控制
- 电商数据分析报告顾问合同
- 电子信息类专业导论(第3版)课件全套 张有光 00 课程简介 - 12 中国大学教育:理念与实践
- 馕小屋管理办法
- (2025)全国辅警考试题库及答案
- 2025至2030全球及中国石油天然气中的人工智能行业项目调研及市场前景预测评估报告
- 钢结构设计质量保证体系及措施
- 2025年财会类考试-精算师-寿险精算实务历年参考题库含答案解析(5卷100道集合-单选题)
- 道路桥梁施工管理课件
评论
0/150
提交评论