Senior Acquisitions Editor: Kenyon Brown Development Editor: Kim Wimpsett

no cdp run Or, you can turn off CDP on each individual interface using the following command: Lab_B(config-if)# no cdp enable

Download 11,7 Mb.

Pdf ko'rish

bet	788/792
Sana	31.03.2022
Hajmi	11,7 Mb.
	#521163

1 ... 784 785 786 787 788 789 790 791 792

Bog'liq
CCNA Routing and Switching Complete Study Guide Exam 100-105, Exam 200-105, Exam 200-125 ( PDFDrive )

no cdp run
Or, you can turn off CDP on each individual interface using the following command:
Lab_B(config-if)#
no cdp enable
Disabling the Default Forwarded UDP Protocols
When you use the
ip helper-address
command as follows on an interface, your router will forward UDP
broadcasts to the listed server or servers:
Lab_B(config)#
interface f0/0
Lab_B(config-if)#
ip helper-address 192.168.254.251
718

Lab_B(config-if)#
ip helper-address 192.168.254.251
You would generally use the
ip helper-address
command when you want to forward DHCP client requests to a
DHCP server. The problem is that not only does this forward port 67 (BootP server request), it forwards seven other
ports by default as well. To disable the unused ports, use the following commands:
Lab_B(config)#
no ip forward-protocol udp 69
Lab_B(config)#
no ip forward-protocol udp 53
Lab_B(config)#
no ip forward-protocol udp 37
Lab_B(config)#
no ip forward-protocol udp 137
Lab_B(config)#
no ip forward-protocol udp 138
Lab_B(config)#
no ip forward-protocol udp 68
Lab_B(config)#
no ip forward-protocol udp 49
Now, only the BootP server request (67) will be forwarded to the DHCP server. If you want to forward a certain port
—say, TACACS+, for example—use the following command:
Lab_B(config)#
ip forward-protocol udp 49
Cisco’s
auto secure
Okay, so ACLs seem like a lot of work and so does turning off all those services I just discussed. But you do want to
secure your router with ACLs, especially on your interface connected to the Internet. However, you are just not
sure what the best approach should be, or maybe you just don’t want to miss happy hour with your buddies
because you’re creating ACLs and turning off default services all night long.
Either way, Cisco has a solution that is a good start, and it’s darn easy to implement. The command is called
auto
secure
, and you just run it from privileged mode as shown:
R1#
auto secure
--- AutoSecure Configuration ---
*** AutoSecure configuration enhances the security of
the router, but it will not make it absolutely resistant
to all security attacks ***
AutoSecure will modify the configuration of your device.
All configuration changes will be shown. For a detailed
explanation of how the configuration changes enhance
security and any possible side effects, please refer to Cisco.com
for Autosecure documentation.
At any prompt you may enter '?' for help.
Use ctrl-c to abort this session at any prompt.
Gathering information about the router for AutoSecure
Is this router connected to internet? [no]:

Download 11,7 Mb.

Do'stlaringiz bilan baham:

1 ... 784 785 786 787 788 789 790 791 792