Huawei Switch Hardening Guide Page

command to prevent users on service networks from reaching the management interface. 2. Control Plane Protection

[Huawei] interface GigabitEthernet 0/0/5 [Huawei-GigabitEthernet0/0/5] port-security enable [Huawei-GigabitEthernet0/0/5] port-security max-mac-num 2 [Huawei-GigabitEthernet0/0/5] port huawei switch hardening guide

The data plane forwards user traffic. Hardening here stops lateral movement. command to prevent users on service networks from

: Enable BPDU Guard on edge ports (connected to PCs) to prevent unauthorized switches from affecting the spanning tree topology. stp bpdu-protection 5. Physical and Port Maintenance huawei switch hardening guide

# Schedule a backup to a TFTP/SFTP server weekly [Switch] schedule job backup [Switch-job-backup] command 1 save main [Switch-job-backup] command 2 copy startup.cfg sftp://backup:pass@10.1.1.100/configs/ [Switch] schedule job backup time repeating at 02:00 week-day Mon