Cisco路由器auto secure命令小结

路由器命令auto secure用起来比较方便，而且可以关闭一些不安全的服务和启用一些安全的服务。这里对这个命令做了一个总结。（注：ios版本为：12.3（1）以上才支持使用）     总结如下：     1、关闭一些全局的不安全服务如下：     Finger     PAD     Small Servers     Bootp     HTTP service     Identification Service     CDP     NTP     Source Routing     2、开启一些全局的安全服务如下：     PassWord-encryption service     Tuning of scheduler interval/allocation     TCP synwait-time     TCP-keepalives-in and tcp-kepalives-out     SPD configuration     No ip unreachables for null 0    3、关闭接口的一些不安全服务如下：     ICMP     Proxy-Arp     Directed Broadcast     Disables MOP service     Disables icmp unreachables     Disables icmp mask reply messages.     4、提供日志安全如下：     Enables sequence numbers & timestamp     Provides a console log     Sets log buffered size     Provides an interactive dialogue to configure the logging server ip address.     5、保护访问路由器如下：     Checks for a banner and provides facility to add text to automatically configure：     Login and password     Transport input & output     Exec-timeout     Local AAA     SSH timeout and ssh authentication-retries to minimum number     Enable only SSH and SCP for Access and file transfer to/from the router     6、保护转发Forwarding Plane     Enables Cisco EXPress Forwarding （CEF） or distributed CEF on the router， when available     Anti-spoofing     Blocks all IANA reserved IP address blocks     Blocks private address blocks if customer desires     Installs a default route to NULL 0， if a default route is not being used     Configures TCP intercept for connection-timeout， if TCP intercept feature is available and the user is interested     Starts interactive configuration for CBAC on interfaces facing the Internet， when using a Cisco IOS Firewall p_w_picpath，     Enables NetFlow on software forwarding platforms http://pan.baidu.com/s/1bns376R(责任编辑：admin)