321 Studios OL-7141-04 manual Enable Netflow Switching

Page 38

Chapter 1 Cisco SDM Express

Supplementary Help

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Enable Netflow Switching

Cisco SDM Express enables Netflow switching whenever possible. Netflow switching is a Cisco IOS feature that enhances routing performance while using Access Control Lists (ACLs) and other features that create and enhance network security. Netflow identifies flows of network packets based on the source and destination IP addresses and TCP port numbers. Netflow then can use just the initial packet of a flow for comparison to ACLs and for other security checks, rather than having to use every packet in the network flow. This enhances performance, allowing you to make use of all of the router security features.

The configuration that will be delivered to the router to enable Netflow is as follows:

ip route-cache flow

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Enable TCP Keepalives for Inbound Telnet Sessions

Cisco SDM Express enables TCP keepalive messages for both inbound and outbound Telnet sessions whenever possible. Enabling TCP keepalives causes the router to generate periodic keepalive messages, letting it detect and drop broken Telnet connections.

The configuration that will be delivered to the router to enable TCP keepalives for inbound Telnet sessions is as follows:

service tcp-keepalives-in

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

	Cisco SDM Express
1-32	OL-7141-04

Image 38

Contents Cisco SDM Express User’s Guide Cisco SDM Express User’s Guide N T E N T S Contents Cisco SDM Express Edit Mode Contents Welcome A P T E RHostname Field Basic ConfigurationUsername and Password Fields Domain Name FieldSDM Express Enable Secret Password FieldRouter Provisioning Secure Device Provisioning Provision From USB TokenUSB Token or USB Flash CNS ServerProvision From USB Flash File Selection Name Wireless Interface ConfigurationLAN Interface Configuration SizeIP Address Field Wireless Parameters FieldsInterface/Bridge-to-Interface List Subnet Mask FieldRefresh, Apply Changes, Discard Changes Buttons Dhcp Server ConfigurationEnable Dhcp server on the LAN interface Check Box Starting IP Address FieldSecondary Domain Name Server Field Ending IP Address FieldPrimary Domain Name Server Field Use these DNS values for Dhcp clients Check Box Enable PPPoE Check BoxInternet WAN Ethernet Interface Address Type ListConfirm Password Field Authentication Type Check BoxPassword Field Username FieldInternet WAN User Specified Encapsulation Status Icon and Enable or Disable ButtonInternet WAN Autodetect Encapsulation Virtual Circuit Identifier Field Encapsulation ListVirtual Path Identifier Field IP Address for Remote Connection in Central Office Field Add Connection, Edit, Delete Buttons Enable or Disable ButtonWAN Interface Selection Refresh Button Serial ConnectionInterface List Frame Relay Configuration Settings Link IP Address and Subnet Mask FieldsLMI Type Field Frame Relay Configuration SettingsDlci Field Use Ietf Frame Relay Encapsulation Check BoxInternet WAN Advanced Options CNS Server InformationSecondary DNS Field Firewall ConfigurationPrimary DNS Field Security Settings Disable Snmp Services on Your Router Check Box Disable Services that Involve Security Risks Check BoxSummary Enhance Security on Router Access Check BoxEncrypt Passwords Check Box Cisco Router and Security Device Manager Cisco Network ServicesSupplementary Help Security Settings Disable SnmpDisable Finger Service Disable PAD ServiceDisable TCP Small Servers Service Disable UDP Small Servers Service Disable IP Bootp Server ServiceDisable IP Identification Service Disable CDPDisable IP Source Route Enable Password Encryption ServiceEnable Netflow Switching Enable TCP Keepalives for Inbound Telnet SessionsEnable IP CEF Enable TCP Keepalives for Outbound Telnet SessionsEnable Sequence Numbers and Time Stamps on Debugs Set Scheduler Interval Set Scheduler AllocateSet TCP Synwait Time Enable Logging Enable Unicast RPF on Outside InterfacesDisable IP Gratuitous ARPs Disable IP RedirectsDisable IP Proxy ARP Disable IP Directed BroadcastDisable MOP Service Disable IP UnreachablesDisable IP Mask Reply Set Minimum Password Length to Less Than 6 CharactersSet Authentication Failure Rate to Less Than 3 Retries Set BannerEnable Telnet Settings Enable SSH for Access to the RouterAbout Button Cisco SDM Express ButtonsHelp Button Apply Changes Button Reconnecting to the Router After Initial ConfigurationExit Button Discard Changes ButtonTesting Your WAN Internet Connection SDP Troubleshooting Tips Troubleshooting TipsLAN Fields OverviewIcons Internet WAN Fields Firewall FieldsUsername/Login Password/Password is Encrypted Fields Edit/Delete ButtonsEdit a Username Encrypt password using MD5 hash algorithm CheckboxBridge/Do not bridge LAN interface with wireless Checkbox Refresh/Apply Changes/Discard Changes ButtonsLAN interface configuration Fields WirelessWAN-Unable to Configure WAN Interface No WAN AvailableFirewall Enable Firewall/Disable Firewall ButtonsDelete Connection Unable to configure Firewall Window Unable to Configure NATAdd or Edit Address Translation Rule Routing Disable Services that Involve Security Risks Checkbox Select All Recommended by Cisco CheckboxEncrypt Passwords Checkbox Synchronize with my local PC clock CheckboxTools PingSource Field Update SDM from Cisco.comTo clear the output of the ping command Destination FieldCCO Login Update SDM from Local PCUpdate SDM from CD Edit Date and Time Fields Date and Time PropertiesSynchronize Checkbox Write down these steps and then reset the router Reset to Factory DefaultsSave Running Config to PC Apply ButtonReconfiguring Your PC with a Static or a Dynamic IP Address Microsoft Windows NT Feature Not Available Cisco SDM Express Edit Mode Feature Not Available D E IN-2