In previous post we discussed about benefits & what auto secure command does on Cisco devices.
In this post we will see the configuration and it’s output.
— AutoSecure Configuration —
*** AutoSecure configuration enhances the security of
the router, but it will not make it absolutely resistant
to all security attacks ***
VLAN is a group of devices/users physically connected to one or more switches, but they are logically separated. All devices in a single VLAN receive broadcast sent by a device in that respective VLAN. By default, all interfaces of switch are in a single VLAN or single broadcast domain.
It’s a very simple job to configure VLANs on few switches; you just have to manually access every switch and configure VLANs. But it will be a very tedious job to configure VLANs manually on each and every switch in the large network.
AutoSecure is a simple security configuration process that disables nonessential system services and enables a basic set of recommended security policies to ensure secure networking services. AutoSecure disables certain features that are enabled by default that could be exploited for security holes.
Benefits of AutoSecure
Hostnames must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens. Names must be 63 characters or fewer. If you establish sessions to multiple devices, the hostname helps you keep track of where you enter commands. Creating an all numeric hostname is not recommended but the name will be accepted after an error is returned.
To provide an additional layer of security, particularly for passwords that cross the network, this allow you to establish an encrypted password that users must enter to access enable mode (the default), or any privilege level you specify.Read More »
As we know, the main purpose of private IP address range (RFC 1918) is that they are used only for internal network (LAN). Therefore private IP address range should not be advertised on internet cloud.
Another IP address range is organization’s own public IP pool, purchased from IANA or provided by ISP, which is used for NAT. That range normally used for web server, mail server, LAN users etc. Hence this unique IP address range should not be seen as a source IP address on outside interface of the gateway router.
Trunk links have a capability to carry multiple VLANs on a single link and should be used for interconnecting switches. By default, switch interfaces can carry only one VLAN data.
As in Figure 1, there are two VLANs on SW-A, VLAN 2 and 3. User A-1 is in VLAN 2 and User A-2 is in VLAN 3. Same way there is two VLANs on SW-B. User B-1 is in VLAN 3 and User B-2 is in VLAN 3.