BCMSN09交换网络性能优化与安全.ppt
《BCMSN09交换网络性能优化与安全.ppt》由会员分享,可在线阅读,更多相关《BCMSN09交换网络性能优化与安全.ppt(36页珍藏版)》请在三一文库上搜索。
1、Optimizing and Securing Multilayer Switched Networks,Module 9,Optimizing Multilayer Switched Networks, 2003, Cisco Systems, Inc. All rights reserved.,BCMSN v2.09-2,Objectives,Upon completing this lesson, you will be able to: Describe techniques to enhance the performance of a multilayer switched net
2、work Monitor switch ports using SPAN and VSPAN Monitor switch ports using RSPAN Describe the features and operation of network analysis modules on Catalyst switches to improve network traffic management Verify and troubleshoot the operation of network analysis modules,Enhancing Network Performance,G
3、ather a baseline. Perform a what-if analysis. Perform exception reporting for capacity issues. Determine the network management overhead. Analyze the capacity information. Periodically review capacity information. Have upgrade or tuning procedures set up.,Switched Port Analyzer,Configuring SPAN,Swit
4、ch(config)#monitor session session_num source interface type/num | vlan num , | - | rx | tx |both,Configures a SPAN session to monitor traffic,Switch(config)#monitor session session_number destination interface type/num , | - | vlan num,Configures the destination for a SPAN session,Remote SPAN,Confi
5、guring RSPAN,Enters configuration mode for a specific VLAN,Switch(config)#vlan vlan-number,Enables RSPAN for the VLAN,Switch(config-vlan)#remote-span,Verifying SPAN and RSPAN,Switch#show monitor session session_number detail,Displays SPAN session information,Switch#show monitor session 2 Session 2 -
6、 Type : Remote Source Session Source Ports: RX Only: Fa3/1 Dest RSPAN VLAN: 901,Switch#show monitor session 2 detail Session 2 - Type : Remote Source Session Source Ports: RX Only: Fa1/1-3 TX Only: None Both: None Source VLANs: RX Only: None TX Only: None Both: None Source RSPAN VLAN: None Destinati
7、on Ports: None Filter VLANs: None Dest RSPAN VLAN: 901,Network Analysis Module,NAM Initial Configuration,Assign parameters IP address Subnet mask IP broadcast address IP host name Default gateway Domain name DNS name server SNMP (MIB variables, access control, system group settings) Start the web se
8、rver,Configuring NAM,Switch(config)#interface gi 8/0 Switch(config-if)#switchport access vlan 93 Switch(config-if)#end Switch(config)#monitor session 1 destination interface gi 8/1 rootlocalhost#autostart addressmap enable,Enables a collection type,Rootlocalhost#autostart collection enable,Verifying
9、 NAM,Switch#show module,Displays information about installed modules,Switch#show module Mod Ports Card Type Model Serial No. - - - - - 2 2 Catalyst 6000 supervisor 2 (Active) WS-X6K-SUP2-2GE SAD0410050B 3 48 48 port 10/100 mb RJ-45 ethernet WS-X6248-RJ-45 SAD03080485 5 2 Network Analysis Module WS-X
10、6380-NAM SAD05130AXB 7 2 Intrusion Detection System WS-X6381-IDS SAD05100HPT,Switch#show interface GigabitEthernet slot/1 | 2,Displays NAM interface information,Summary,Performance management maintains internetwork performance at acceptable levels by measuring and managing various network performanc
11、e variables. SPAN selects and copies network traffic to send to a network analyzer. Remote SPAN is a variation of SPAN that sends monitored traffic through an intermediate switch rather than directly to the traffic analyzer. A NAM uses SNMP RMON information to monitor and analyze network traffic. Us
12、e the show commands to verify NAM configuration.,Securing Multilayer Switched Networks, 2003, Cisco Systems, Inc. All rights reserved.,BCMSN v2.09-15,Objectives,Upon completing this lesson, you will be able to: Explain basic security concepts for the multilayer switched network Configure authenticat
13、ion, authorization, and accounting on Catalyst switches Configure port security and port-based authentication with 802.1X Verify the network access security configuration Configure VLAN access lists Verify the VLAN access list security configuration,Recommended Switch Security,Set system passwords C
14、onfigure basic ACLs Secure physical access to the console Secure access to VTYs Configure system warning banners Disable unneeded services SSH,Trim CDP Disable the integrated HTTP daemon Configure basic logging Secure SNMP Limit trunking connections Secure the spanning-tree topology,AAA Network Conf
15、iguration,Authentication Verifies a users identify Authorization Specifies the permitted tasks for the user Accounting Provides billing, auditing, and monitoring,Configuring Authentication,Switch(config)#aaa new-model,Enables AAA globally,Switch(config)#aaa authentication login default | list-name m
16、ethod1 method2.,Creates a local authentication list,Switch(config)#line aux | console | tty | vty line-number ending-line-number,Enters line configuration mode,Switch(config-line)#login authentication default | list-name,Applies the authentication list to a line,Configuring Authorization,Switch(conf
17、ig)#aaa authorization auth-proxy | network | exec | commands level | reverse-access | configuration | ipmobile default | list-name method1 method2.,Creates an authorization method list and enables authorization,Switch(config)#interface interface-type interface-number,Enters interface configuration m
18、ode,Switch(config-if)#ppp authorization default | list-name,Applies the named authorization method list to the interface,Configuring Accounting,Switch(config)#aaa accounting system | network | exec | connection | commands level default | list-name start-stop | stop-only | none method1 method2.,Creat
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- BCMSN09 交换 网络 性能 优化 安全
链接地址:https://www.31doc.com/p-2890157.html