Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Switch configuration documents

Hi Team

                     I need to prepare the documents  for Coreswitch,Aggregation switch and Server Farm Switches in our network.. So i need what are the things must to do in these switches to securing the switches from the external attacks.. Basis configuration with explanation. So that i can pick up good points from experienced person and i can prepare the documents for it.. Every one experience person commands welcome. Below are the some commands i need some clarification why these commands was used what is advantage of it and what will be disadvantage of it(was nit used). i serach it in google and can prepare good documents.. But i think this best forum to get more technical knowledge about it from experience. when completing this documents i am also more knowledgeble from this. Let we open this forum and keep it opening until my documents was ready.

My switch details are.

Cisco  catalyst 4507R+E as core switch

2960 G as Edge switch or aggregation switch

2960 S as server farm switch.

Please explain these commands. i will start from here , I will keep on Posting the some more commands once i will get clear answer for the posted commands and also u can post some more commands which will necessary for securing the network from possible attacks.

aaa authentication login default group tacacs+ line local

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec ES group tacacs+

aaa authorization commands 0 default group tacacs+ none

aaa authorization commands 1 default group tacacs+ none

aaa authorization commands 15 default group tacacs+ none

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

flow record NFrecord

match ipv4 tos

match ipv4 dscp

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

collect routing forwarding-status

collect transport tcp flags

collect interface output

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last

flow monitor NFmonitor

record NFrecord

exporter NFexport1

exporter NFexport

cache timeout inactive 30

cache timeout active 60

cache entries 1000

no ip source-route

no ip domain-lookup

no ip igmp snooping vlan X

spanning-tree portfast

spanning-tree bpdufilter enable


Switch configuration documents

really surprise to see no one posted for singlecommand....

New Member

Switch configuration documents


What you need is best practice's in the network.


Sathvik K V

Re: Switch configuration documents

Look on cco for doc id 13608, guide to harden IOS devices.

Sent from Cisco Technical Support iPad App