This is an old revision of the document!
ntp server 172.16.1.254 clock timezone MSK 3 service timestamps log datetime localtime
no ip http server
no access-list 1 ! access-list 1 permit host 192.168.X.101 access-list 1 permit host 192.168.X.10 access-list 1 deny any line vty 0 15 ! no login ! for no password access ! privilege level 15 access-class 1 in end
Вариант 1
ip domain-name corpX.un crypto key generate rsa general-keys modulus 1024 ip ssh version 2 username root privilege 15 secret cisco line vty 0 15 login local transport input ssh
Вариант 2
crypto key generate rsa label MY_KEYS modulus 1024 ip ssh rsa keypair-name MY_KEYS
ip scp server enable
root@helper:~# cat .ssh/id_rsa.pub
...
!!! Разбить вывод на несколько строк !!!
ip ssh pubkey-chain username rancid key-string ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9KLTWwi8BTLMW6r79wgrfXrUOwai/smc ... 36w0k+JeK/WqJr5X80yX7fLbP root@helper exit exit exit
ip rcmd rcp-enable ip rcmd rsh-enable
! recomend for security and DNS troubles ip host server 192.168.X.10 ip rcmd remote-host root server root enable
router# show logging router# terminal monitor
router(config)# logging console
router(config)#logging facility local0 router(config)#logging host server
router(config)# snmp-server community public RO
switch(config)# snmp-server community write RW
switch(config)# snmp-server host server writetrap
switch(config)# snmp-server enable traps snmp linkdown linkup switch(config)# snmp-server enable traps config switch(config)# snmp-server enable traps config-copy
Настройка router:
snmp-server host server writetrap rmon event 1001 log trap writetrap description "Critical out bandwith int f1/0" owner config rmon event 1002 log trap writetrap description "Ok out bandwith int f1/0" owner config rmon alarm 2002 1.3.6.1.2.1.2.2.1.16.2 8 delta rising-threshold 800000 1001 falling-threshold 300000 1002 owner config
Коментарии:
Тестирование:
gate.isp.un$ iperf -c server.corpX.un -p 5000+X -u -t 600 -b 1M server# tcpdump -i eth1 -s0 -A -n port 162
rmon event 4 log trap public description "Cpu hight load" rmon alarm 8 1.3.6.1.4.1.9.2.1.56.0 10 absolute rising-threshold 80 4 falling-threshold 6 20