Lab 3.1.4 Applying Basic Switch Security

Step 1: Connect PC1 to the switch
a. Connect PC1 to Fast Ethernet switch port Fa0/1. Configure PC1 to use the IP address, mask, and gateway shown in the table. 
b. Establish a terminal emulation session to the switch from PC1.

Step 2: Connect PC2 to the switch
a. Connect PC2 to Fast Ethernet switch port Fa0/4.
b. Configure PC2 to use the IP address, mask, and gateway shown in the table.


Step 3: Configure PC3 but do not connect
A third host is needed for this lab. 
a. Configure PC3 using IP address 192.168.1.5. The subnet mask is 255.255.255.0, and the default gateway is 192.168.1.1.
b. Do not connect this PC to the switch yet. It will be used for testing security.

Step 4: Perform an initial configuration on the switch
a. Configure the hostname of the switch as Switch1
b. Set the privileged EXEC mode password to cisco.
c. Set the privileged EXEC mode secret password to class.
d. Configure the console and virtual terminal lines to use a password and require it at login.
e. Exit from the console session and log in again.
Which password was required to enter privileged EXEC mode?
Why?

Step 5: Configure the switch management interface on VLAN 1
a. Enter the interface configuration mode for VLAN 1.
b. Set the IP address, subnet mask, and default gateway for the management interface.
Why does interface VLAN 1 require an IP address in this LAN?
What is the purpose of the default gateway?

Step 6: Verify the management LANs settings
a. Verify that the IP address of the management interface on the switch VLAN 1 and the IP address of PC1 and PC2 are on the same local network. Use the show running-config command to check the IP address configuration of the switch.
b. Verify the interface settings on VLAN 1.
What is the bandwidth on this interface?
What are the VLAN states?
VLAN 1 is   and line protocol is        .

Step 7: Disable the switch from being an http server
Turn off the feature of the switch being used as an http server. 
Switch1(config)#no ip http server
 

Step 8: Verify connectivity
a. To verify that hosts and switch are correctly configured, ping the switch IP address from the hosts. Were the pings successful?
If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the host and switch configurations.
b. Save the configuration.

Step 9: Record the host MAC addresses
Determine and record the Layer 2 addresses of the PC network interface cards. From the command prompt of each PC, enter ipconfig /all.
PC1
PC2
PC3


Step 10: Determine what MAC addresses the switch has learned
Determine what MAC addresses the switch has learned by using the show mac-address-table command at the privileged EXEC mode prompt.
How many dynamic addresses are there?
How many total MAC addresses are there?
Do the MAC addresses match the host MAC addresses?

Step 11: View the show mac-address-table options
View the options that the show mac-address-table command has available.
Switch1(config)#show mac-address-table ?
What options are available?

Step 12: Set up a static MAC address

Step 13: Verify the results
a. Verify the MAC address table entries.
Switch1#show mac-address-table
How many dynamic MAC addresses are there now?
How many static MAC addresses are there now?
b. Remove the static entry from the MAC Address Table.

Step 14: List port security options
a. Determine the options for setting port security on interface FastEthernet 0/4.
What are some available options?
b. To allow the switch port FastEthernet 0/4 to accept only one device, configure port security.
c. Exit configuration mode and check the port security settings.
If a host other than PC2 attempts to connect to Fa0/4, what will happen?

Step 15: Limit the number of hosts per port
a. On interface FastEthernet 0/4, set the port security maximum MAC count to 1.
b. Disconnect the PC attached to FastEthernet 0/4. Connect PC3 to FastEthernet 0/4. PC3 has been given the IP address of 192.168.1.5 and has not yet been attached to the switch. It may be necessary to ping the switch address 192.168.1.2 to generate some traffic. Record any observations.


Step 16: Configure the port to shut down if there is a security violation
a. In the event of a security violation, the interface should be shut down. To make the port security shut down, enter the following command: Switch1(config-if)#switchport port-security violation shutdown
What other action options are available with port security?
b. If necessary, ping the switch address 192.168.1.2 from the PC3 192.168.1.5. This PC is now connected to interface FastEthernet 0/4. This ensures that there is traffic from the PC to the switch.
c. Record any observations.
d. Check the port security settings

Step 17: Show port 0/4 configuration information
FastEthernet0/4 is     and line protocol is             .

Step 18: Reactivate the port

Step 19: Disable unused ports

Step 20: Reflection 
a. Why would port security be enabled on a switch?
b. Why should unused ports on a switch be disabled?

Komentar

Postingan populer dari blog ini

Lab 4.2.5.5 Calculating a VLSM Addressing Scheme

Lab 7.3.3 Configuring and Testing the Rapid Spanning Tree Prototype

Lab 5.2.3 Configuring RIPv2 with VLSM, and Default Route Propagation