'CISCO'에 해당되는 글 2건
- 2009/07/06 Cisco Catalyst 2950 스위치 셋팅하기 ( WS-C2950T-24 )
- 2008/10/09 Cisco 3825 Router snmp Setting
Cisco Catalyst 2950 스위치 셋팅하기 ( WS-C2950T-24 )
장비 초기 셋팅할떄 조금 도움이 될듯.
Switch>en
Switch#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Switch#
Switch#reload
Proceed with reload? [confirm]
Switch>en
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#clock timezone KST 9
Switch(config)#hostname C2950
C2950(config)#
C2950(config)#enable secret cisco
C2950(config)#service password-encryption
C2950(config)#line console 0
C2950(config-line)#password password
C2950(config-line)#logging synchronous
C2950(config-line)#exit
C2950(config)#line vty 0 4
C2950(config-line)#access-class 1 in
C2950(config-line)#exec-timeout 5 0
C2950(config-line)#logging synchronous
C2950(config-line)#transport input telnet
C2950(config-line)#password cisco
C2950(config-line)#exit
C2950(config)#ip subnet-zero
C2950(config)#no ip source-route
C2950(config)#no ip domain-lookup
C2950(config)#interface vlan 1
C2950(config-if)#ip address 192.168.0.254 255.255.255.0
C2950(config-if)#no ip redirects
C2950(config-if)#no ip unreachables
C2950(config-if)#no ip proxy-arp
C2950(config-if)#no ip route-cache
C2950(config-if)#no shutdown
C2950(config-if)#description ## Switch VLAN 1 / 192.168.0.254 ##
C2950(config-if)#exit
C2950(config)#interface range FastEthernet 0/1 - 24
C2950(config-if-range)#no shutdown
C2950(config-if-range)#switchport mode access
C2950(config-if-range)#storm-control broadcast level 70.00
C2950(config-if-range)#storm-control action shutdown
C2950(config-if-range)#exit
C2950(config)#interface GigabitEthernet 0/1
C2950(config-if)#description "UPLink"
C2950(config-if)#switchport mode access
C2950(config-if)#ip access-group 101 in
C2950(config-if)#exit
C2950(config)#ip default-gateway 192.168.0.1
C2950(config)#no ip http server
C2950(config)#access-list 1 permit 192.168.0.2
C2950(config)#access-list 1 deny any
C2950(config)#access-list 11 permit 192.168.0.2
C2950(config)#access-list 11 deny any
C2950(config)#access-list 101 deny udp any any eq 1434
C2950(config)#access-list 101 deny tcp any any eq 137
C2950(config)#access-list 101 deny tcp any any eq 138
C2950(config)#access-list 101 deny tcp any any eq 139
C2950(config)#access-list 101 deny tcp any any eq 20168
C2950(config)#access-list 101 deny tcp any any eq 17300
C2950(config)#access-list 101 deny tcp any any eq 4444
C2950(config)#access-list 101 deny tcp any any eq 31031
C2950(config)#access-list 101 permit ip any any
C2950(config)#no cdp run
C2950(config)#snmp-server community public RO 11
C2950(config)#snmp-server location IDC
C2950(config)#snmp-server contact switch@umttumt.org
C2950(config)#default-value exec-character-bits 8
C2950(config)#ntp server 210.98.16.100
C2950(config)#exit
C2950#wr
Building configuration...
[OK]
C2950#reload
이올린에 북마크하기
이올린에 추천하기
Cisco 3825 Router snmp Setting
C3825#sh run | include snmp
snmp-server community public RO 11
snmp-server location C3825
snmp-server contact router@umttumt.org
C3825#sh access-lists 11
Standard IP access list 11
30 permit 10.10.10.15 (28 matches)
10 permit 10.10.10.16 (49898 matches)
20 deny any (43 matches)
C3825#
community string은 public 이고, ReadOnly로 설정. 그리고 ACL 11을 snmp에 적용.
snmp로 보내줄 정보중 location 에 관한 정보를 C3825로지정. (위치정보 입력)
이런식으로, snmp 간단하게 잡아주고,
acl로 지정된 IP에서만 접속 가능하도록
XXXXXXXXXXX
Contact: router@umttumt.org
Location: C3825
25031 SNMP packets input
0 Bad SNMP version errors
68 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
96327 Number of requested variables
0 Number of altered variables
24173 Get-request PDUs
2 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
24963 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
24963 Response PDUs
0 Trap PDUs
SNMP logging: disabled
C3825#
이정도면 끝.
