文档介绍：以太网 LAN
了解交换机安全
物理安装的常见危胁
硬件威胁
环境危胁
电气威胁
维护威胁
设置交换机口令
配置登录标语
在用户名和口令登录提示符之前,定义和显示自定义标语。
SwitchX# banner login " Access for authorized users enter your
username and password. "
访问与 SSH 访问
最常见的访问方法
不安全
SSH 加密
!– The mand create the username and password for the SSH session
Username cisco password cisco
ip domain-name
crypto key generate rsa
ip ssh version 2
line vty 0 4
login local
transport input ssh
Cisco Catalyst 2960 系列
SwitchX(config-if)#switchport port-security [ mac-address mac-address | mac-address sticky [mac-address] | maximum value | violation {restrict | shutdown}]
SwitchX(config)#interface fa0/5
SwitchX(config-if)#switchport mode access
SwitchX(config-if)#switchport port-security
SwitchX(config-if)#switchport port-security maximum 1
SwitchX(config-if)#switchport port-security mac-address sticky
SwitchX(config-if)#switchport port-security violation shutdown
配置端口安全
SwitchX#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression]
SwitchX#show port-security interface 0/5
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 20 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address        : 
Security Violation Count   : 0
检验 Catalyst 2960 系列交换机的端口安全
SwitchX#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
--------------------------------------------------------------------------
Fa0/5 1 1 0 Shutdown
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
SwitchX#sh port-security address
Secure Mac Add