Skip to content

CCNA 2 – ch2

CCNA2(config)#no ip domain-lookup  :  default olarak gelen hostname translation u kapatmak için.

SSH CONFIGURATION

Switch(config)#hostname CCNA2
CCNA2(config)#ip domain-name itu.edu.tr
CCNA2(config)#crypto key generate rsa
CCNA2(config)#username admin secret abc123
CCNA2(config)#line vty 0 4
CCNA2(config-line)#transport input ssh
CCNA2(config-line)#login local

CCNA2#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3

CCNA2#sh ssh
Connection Version Mode Encryption Hmac State Username
2 1.99 IN aes128-cbc hmac-sha1 Session Started admin
2 1.99 OUT aes128-cbc hmac-sha1 Session Started admin
2 1.99 IN aes128-cbc hmac-sha1 Session Started ufuk
2 1.99 OUT aes128-cbc hmac-sha1 Session Started ufuk
%No SSHv1 server connections running.

 

Cisco Discovery Protocol (CDP) 

The Cisco Discovery Protocol (CDP) is a proprietary protocol that all Cisco devices can be configured to use.  Cisco cihaza direk bağlı cihazlar hakkında detaylı bilgi veren bir protokoldür. CDP default ta aktiftir. 60 saniyelik periyotlarla cdp bilgisi gönderilir. Holdtime 180 saniyedir. Yani 180 sn boyunca cdp den update gelmezse cdp table dan cihaz kaldırılır.

cdp yi cihazdan kaldırmak için :
SW-A(config)#no cdp run

bir interface de cdp yi kapatmak için :
CCNA2(config)#interface gi 0/1
CCNA2(config-if)#no cdp enable

Disable unused ports

CCNA2(config)#interface range fa 0/5-15,fa 0/17-24
CCNA2(config-if-range)#shutdown

DHCP snooping 

Switch(config)#ip dhcp snooping
Switch(config)#ip dhcp snooping vlan 1

Switch(config)#interface fastEthernet 0/1
Switch(config-if)#ip dhcp snooping trust
Switch#sh ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1
Insertion of option 82 is enabled
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface Trusted Rate limit (pps)
----------------------- ------- ----------------
FastEthernet0/5 no unlimited
FastEthernet0/4 no unlimited
FastEthernet0/1 yes unlimited
FastEthernet0/2 no unlimited
FastEthernet0/3 no unlimited

 

PORT SECURITY

Default ta port security aktif değildir.

Switch(config)#interface fa 0/1
Switch(config-if)#switchport port-security
Command rejected: FastEthernet0/1 is a dynamic port.
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security

bu şekilde port security yi devreye aldığımızda violation shutdown dır. dynamic olarak öğrenilen 1 tane mac adresine izin verilir.

Switch(config-if)#switchport port-security violation protect

Switch(config-if)#switchport port-security violation restrict

Switch(config-if)#switchport port-security maximum ?
<1-132> Maximum addresses
Switch(config-if)#switchport port-security maximum 2

errdisabled recovery yapmak için :

Switch(Config)#errdisable recovery cause psecure-violation

Switch(Config)#errdisable recovery interval 30 - 86400

neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtime Capability Platform Port ID
SW-A Gig 0/1 140 S 2950 Gig 0/2

CCNA2#sh cdp neighbors detail

Device ID: SW-A
Entry address(es):
IP address : 192.168.1.200
Platform: cisco 2950, Capabilities: Switch
Interface: GigabitEthernet0/1, Port ID (outgoing port): GigabitEthernet0/2
Holdtime: 121

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE(fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 18-May-05 22:31 by jharirba

advertisement version: 2
Duplex: full