1三、CISCO交換機常規配置

時間 2019-12-19

標籤 cisco 交換機常規配置简体版

原文原文鏈接

一、同步網絡時鐘、設置日誌格式vim

conf tbash

clock timezone GMT +8服務器

ntp server 120.25.115.20網絡

service timestamps debug datetime msec localtime show-timezonedom

service timestamps log datetime msec localtime show-timezonessh

endsocket

show clocktcp

二、搭建日誌服務器ide

vim /etc/rsyslog.confui

# Provides UDP syslog reception

$ModLoad imudp

$UDPServerRun 514

$template RemoteHost,"/home/syslog/%$YEAR%-%$MONTH%-%$DAY%/%FROMHOST-IP%.log"

*.* ?RemoteHost

# Provides TCP syslog reception

$ModLoad imtcp

$InputTCPServerRun 514

$template RemoteHost,"/home/syslog/%$YEAR%-%$MONTH%-%$DAY%/%FROMHOST-IP%.log"

*.* ?RemoteHost

三、交換機同步日誌

conf t

logging on

logging host 192.168.1.15

logging facility local7

logging trap 7

end

write

四、搭建tftp服務器

yum -y install xinetd tftp-server

vim /etc/xinetd.d/tftp

service tftp

{

socket_type = dgram

protocol = udp

wait = yes

user = root

server = /usr/sbin/in.tftpd

server_args = -s /tmp/config -c

disable = no

per_source = 11

cps = 100 2

flags = IPv4

}

chmod ugo+w /tmp/config

/etc/init.d/xinetd start

cat /home/config.sh

#!/bin/bash

dirdate=`date +%Y%m%d`

mkdir -p /home/$dirdate

mv /tmp/config/* /home/$dirdate

crontab -l

*/30 6 * * * /home/config.sh

五、自動備份到tftp

kron occurrence BAK at 6:00 recurring

policy-list BAK

kron policy-list BAK

cli show run | redirect tftp://192.168.1.1/192.168.1.2.cfg

六、設置訪問策略

access-list 1 permit 192.168.1.5

access-list 1 permit 192.168.1.1

ip domain-name test.com

enable secret Abc@123

username switch_admin password Abc@123

service password-encryption

line console 0

line vty 0 15

access-class 1 in

exec-timeout 5 0

transport input ssh

transport output ssh

crypto key generate rsa

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。