Configuring and Securing Network Switches
Classified in Technology
Written at on 
English with a size of 3.05 KB.
Acceso Telnet
Switch(config)#line vty 0 15
Switch(config-line)#password cisco
Switch(config-line)#login Switch(config-line)#exit
Switch(config)#
Acceso remoto por SSH
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.20.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config)#hostname S1
S1(config)#ip domain-name cisco.com
S1(config)#crypto key generate rsa
The name for the keys will be: S1.cisco.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable... [OK]
S1(config)# username usuario secret cisco *mar 1 1:13:48.23: %SSH-5-ENABLED: SSH 1.99 has been enabled
S1(config)# ip ssh version 2
S1(config)#
Habilitar líneas vty
S1(config)# line vty 0 4
S1(config-line)# login local
S1(config-line)# transport input ssh
S1(config-line)# exit S1(config)#
Modo EXEC privilegiado
Switch>enable Switch#configure terminal
Switch(config)#enable secret (contraseña)
Switch(config)#
Modo EXEC de usuario
Switch(config)#line console 0
Switch(config-line)#password (contraseña)
Switch(config-line)#login Switch(config-line)#exit
Switch(config)#
Visualizar la tabla de direcciones MAC
Switch#show mac-address-table
Borrar la tabla de direcciones MAC
Switch#clear mac-address-table
Puertos sin utilizar
Switch(config)#interface fa0/4 si (si queremos varios puertos interface range fa0/4-7)
Switch(config-if)#shutdown
Seguridad de puertos
S0(config)#interface fa0/1 (si queremos varios puertos interface range fa0/4-7)
S0(config-if)#switchport mode access
S0(config-if)#switchport port-security
S0(config-if)#
Dirección MAC segura estática
S0(config)#interface fa0/1
S0(config-if)#switchport port-security maximum 1
S0(config-if)#switchport port-security mac-address 0009.7c13.a073
Direcciones MAC segura persistente
S0(config)#interface fa0/1
S0(config-if)#switchport port-security maximum 1
S0(config-if)#switchport port-security mac-address sticky (para que se mantenga entre reinicios pondremos a continuación de sticky la mac )
Borrado de la tabla de direcciones MAC seguras
Switch#clear portsecurity all
Etherchannel
S1(config)#interface range fa0/1
S1(config-if-range)#channel-group 1 mode (desirable, auto, active,passive,on)
Creating a port-channel interface Port-channel 1
S1(config-if-range)#
Balanceo de carga
S1(config)#port-channel load-balance (src-mac - dst-ip - dst-mac - src-dst-ip - src-dst-mac - src-ip)
STP Switch Raiz/secundario
S2(config)#spanning-tree vlan 1 root primary/ secondary
STP coste de enlace
S0(config-if)#spanning-tree vlan 1 cost 7