Filter
Top Products
Chapter 24 Security Audit
Fix It Page
24-16
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
The configuration that will be delivered to the router to disable SNMP is as
follows:
no snmp-server
Set Scheduler Interval
Security Audit configures the scheduler interval on the router whenever possible.
When a router is fast-switching a large number of packets, it is possible for the
router to spend so much time responding to interrupts from the network interfaces
that no other work gets done. Some very fast packet floods can cause this
condition. It may stop administrative access to the router, which is very dangerous
when the device is under attack. Tuning the scheduler interval ensures that
management access to the router is always available by causing the router to run
system processes after the specified time interval even when CPU usage is at
100%.
The configuration that will be delivered to the router to tune the scheduler interval
is as follows:
scheduler interval 500
Set Scheduler Allocate
On routers that do not support the command scheduler interval, Security Audit
configures the scheduler allocate command whenever possible. When a router is
fast-switching a large number of packets, it is possible for the router to spend so
much time responding to interrupts from the network interfaces that no other work
gets done. Some very fast packet floods can cause this condition. It may stop
administrative access to the router, which is very dangerous when the device is
under attack. The scheduler allocate command guarantees a percentage of the
router CPU processes for activities other than network switching, such as
management processes.
The configuration that will be delivered to the router to set the scheduler allocate
percentage is as follows:
scheduler allocate 4000 1000