API Guide
● sha1—Set to SHA1 encryption.
● sha2-256—Set to sha2-256 encryption.
View what NTP authentication is used
Use the following to view what NTP authentication is configured on the system:
OS10# show running-configuration ntp
!
ntp authenticate
ntp authentication-key 345 md5 0 5A60910FED211F02
ntp server 1.1.1.1 key 345
ntp trusted-key 345
ntp master 7
...
Loopback rules
Lookback interfaces are virtual interfaces and unlike physical interfaces, loopback interfaces do not go down unless they are
manually removed. This property provides security and consistency for device identification and stability.
Configure a loopback interface
Rationale: Configure a loopback interface which can be used for system multiple services.
Configuration:
OS10(config)# interface loopback 0
OS10(config)# exit
OS10# write memory
Remove multiple loopback interfaces
Rationale: Ensure that there is not more than one loopback interface configured.
Configuration:
OS10(config)# no interface loopback loopback-instance
OS10(config)# exit
OS10# write memory
Bind AAA services to a loopback interface
Rationale: AAA services are bound to a loopback interface so that the AAA services are not interrupted.
Configuration:
OS10(config)# ip tacacs source-interface loopback 0
OS10(config)# exit
OS10# write memory
Bind the NTP service to a loopback interface
Rationale: The NTP service is bound to a loopback interface so that the AAA services are not interrupted.
Configuration:
OS10(config)# ntp source loopback 0
OS10(config)# exit
OS10# write memory
Configure Control Plane Policing
Rationale: Use control-plane ACLs to selectively restrict packets that are destined to the CPU, hence preventing flooding and
DoS attacks.
Configuration:
OS10# configure terminal
OS10(config)# control-plane
OS10(config-control-plane)# ip access-group acl_name in
OS10 security best practices
21