[信息与通信]cisco网六络设备以及故障排查讲解.ppt

* * * * * * * * * * * * * * * 对于CatOS设备来说，需要配置set logging console enable才能在控制台看到日志，对于buffer缺省是记录的。 注意对于4500，6500和7600系列NATIVE IOS的系统，缺省是不记录端口up/down的信息的，需要在接口下配置loggin event link-status才能开启记录功能 * 实际上并没有不存在bug的版本，所谓GD版本，也只是在调查中被广泛使用并相对稳定的版本，bug是在不断被发现的。那么我们是否一定要升级到一个GD版本呢？何况有些设备的软件并没有GD版本。建议是如果您的系统长期以来一直运行还比较正常，那么就没有必要一定升级IOS，除非您遇到了一个严重影响业务的bug 局域网攻击DHCP Snooping DHCP snooping allows the configuration of ports as trusted or untrusted. Untrusted ports cannot process DHCP replies. Configure DHCP snooping on uplinks to a DHCP server. Do not configure DHCP snooping on client ports. Securing Against DHCP Snooping Attacks Switch(config)#?ip?dhcp?snooping limit rate?[rate] Enables DHCP Option 82 data insertion Switch(config)#?ip?dhcp?snooping information?option Number of packets per second accepted on a port Enables DHCP snooping globally Switch(config)#?ip?dhcp?snooping Switch(config-if)# ip dhcp snooping?trust Configures a trusted interface Switch(config)#?ip?dhcp?snooping vlan?number?[number] Enables DHCP snooping on your VLANs Verifying DHCP Snooping Verifies the DHCP snooping configuration Switch#?show?ip?dhcp?snooping Switch#?show?ip?dhcp?snooping Switch DHCP snooping is enabled DHCP?Snooping?is?configured?on?the?following?VLANs: ????10?30-40?100?200-220 Insertion?of?option?82?information?is?enabled. Interface???????????Trusted????????Rate?limit?(pps) ---------???????????-------????????---------------- FastEthernet2/1?????yes????????????none FastEthernet2/2?????yes????????????none FastEthernet3/1?????no?????????????20 Switch#? IP source guard is configured on untrusted L2 interfaces IP Source Guard Configuring IP Source Guard on a Switch Enables DHCP snooping on a specific VLAN Switch(config)#?ip?dhcp snooping vlan number [number] Enables DHCP snooping globally Switch(config)#?ip?dhcp?snooping Switch(config-if)# ip verify source vlandhcp-snooping port-security Enables IP Source Guard, source IP, and source MAC address filter on a port 局域网攻击ARP Spoofing DAI a