Show Menu
Cheatography

CISCO security Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

SSH config­uration

configure terminal
hostname SW1
hostname definition
ip domain name test.local
domain name definition
crypto key generate rsa
choose a minimum 1024 key length
ip ssh version 2
username <name> secret <password>
user and password for SSH access
line vty 0 4
select lines with SSH access
transport input telnet ssh
login local
 

switchport security

configure terminal
interface interf­ace­_name
choose interface for setting security
switchport mode access
security only available in mode access
switchport port-s­ecurity ?
list of available options
 
aging
 
mac-ad­dress
 
maximum
 
violation
switchport port-s­ecurity maximum 1
only 1 permitted device
switchport port-s­ecurity mac-ad­dress ?
list of available options
 
H.H.H allowed device mac-ad­dress
 
forbidden denied device mac-ad­dress
 
sticky memorize current connected device
switchport port-s­ecurity violation ?
list of available options
 
protect does not allow
 
restrict does not allow and log violation
 
shutdown dows not allow and turns off port
switchport port-s­ecurity
to activate after setting security
shutdown && no shutdown
The only way to restart a shutdowned port
show mac addres­s-table
display of MACs memorized by switch. MACs are erased if they do not send packages for more than 5 minutes
show port-s­ecurity
general display of port security settings
show port-s­ecurity interface e0/0
detailed display of a specific port's security
show port-s­ecurity address
show MACs memorized in security mode
copy run start
to make memorized MACs permanent between switch restarts