system-view
#log
info-center enable
info-center loghost 10.2.0.113
info-center source default loghost level debugging
#ntp
ntp-service unicast-server 118.24.4.66
ntp-service unicast-server 10.2.1.9
clock timezone beijing add 8
clock protocl ntp
#ssh配置
ssh server enable
sftp server enable
scp server enable
#vty
line vty 0 5
authentication-mode scheme
user-role network-admin
protocol inbound ssh
quit
#user
local-user admin class manage
service-type ssh https
password simple 4DzRRu)&@FWY+>?c:9
authorization-attribute user-role network-admin
#make telnet disable
undo telnet server enable
undo tftp server enable
undo ftp server enable
undo http server enable
#snmp
snmp-agent community read simple ucoswitch
snmp-agent sys-info version all
undo snmp-agent sys-info version v1
undo snmp-agent sys-info version v3
#mvrp
mvrp globle enable
#lldp
lldp globle enable
# 关闭USB接口。
usb disable
#stp开启
Stp bpdu-protection
#disalbe ssl 3.0 &tls1.0
ssl version ssl3.0 disable
ssl version tls1.0 disable
ssl version tls1.1 disable
#关闭ssl 重协商
ssl renegotiation disable
#attack-defense
attack-defense policy uco_atk_policy
ack-flood action logging #记录所有的攻击行为到日志系统中
ack-flood detect non-specific #对所有非受保护IP地址开启ACK flood攻击防范检测
ack-flood ~threshold~ 3000 #默认置ACK flood攻击防范的全局触发阈值为1000;
#配置Login用户登录失败后重新进行认证的等待时长(配置登录失败后等待时间30s)
attack-defense login reauthentication-delay 30
#配置https登录服务 v1.2
#make https enable
Undo ip http enable
ip https enable
ip https port 4433
web idle-timeout 5
aaa session-limit https 2
aaa session-limit ssh 2 #设置ssh 同时登录的上限是2个
# 开启对单包攻击防范日志的非聚合输出功能。
attack-defense signature log non-aggregate
#config cpu threshold ,70%
monitor cpu-usage enable #启用CPU使用率告警
monitor cpu-usage threshold 70 #配置CPU使用率在70%以上就告警
#显示版权信息
copyright-info enable