Lab 1.4.6B Implementing Port Security

Similar documents
Lab Analyzing a Test Plan and Performing a Test

Lab Add, Move, and Change MAC Addresses

Lab Troubleshooting VTP Configuration

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge

8.9.2 Lab: Configure an Ethernet NIC to use DHCP in Windows Vista

Lab Spanning-Tree Recalculation

Lab 6.4.2: Challenge Inter-VLAN Routing

Lab Troubleshooting RIP

Lab : Challenge OSPF Configuration Lab. Topology Diagram. Addressing Table. Default Gateway. Device Interface IP Address Subnet Mask

Lab 2.8.2: Challenge Static Route Configuration

Lab Configuring Static VLANs

CCNA 1 Chapter 2 v5.0 Exam Answers %

Lab Selecting the Root Bridge

Lab Verifying VLAN Configurations

Lab 5.6.2: Challenge RIP Configuration

Lab Using the CLI to Gather Network Device Information Topology

Lab 9.6.3: EIGRP Troubleshooting Lab

Lab 9.6.2: Challenge EIGRP Configuration Lab

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

CCNA 1 Chapter 2 v5.0 Exam Answers 2013

Lab Router Configuration Using Setup Instructor Version 2500

Lab 9.1.5b Trunking with 802.1q

Lab Configuring and Testing the Rapid Spanning Tree Prototype

Lab : OSPF Troubleshooting Lab

Lab Well-Known Port Numbers and Multiple Sessions

Lab Configuring Inter-VLAN Routing

Lab - Configuring a Switch Management Address

Skills Assessment Student Training Exam

Lab Configuring OSPF Timers

Introduction to Networks: Case Study, Option 2

Lab 7.5.1: Basic Wireless Configuration

Lab 1. CLI Navigation. Scenario. Initial Configuration for R1

Lab Managing the MAC Address Table 2900XL Series

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Lab Configuring a Serial Interface

CCNA 1 Chapter 11 V4.0 Answers

PT Activity 2.5.1: Basic Switch Configuration

Lab 3: Basic Device Configuration

1. Which OSI layers offers reliable, connection-oriented data communication services?

Lab Establishing and Verifying a Telnet Connection Instructor Version 2500

Lab 7.5.3: Troubleshooting the Wireless WRT300N

Lab 7 Configuring Basic Router Settings with IOS CLI

Lab VTP Client and Server Configurations

Lab 8.5.2: Troubleshooting Enterprise Networks 2

Lab Configuring Switch Security Features Topology

Lab Managing Router Configuration Files with Terminal Emulation Software

Lab Troubleshooting IP Address Issues Instructor Version 2500

Lab 4.2.5a Connectivity Tests Ping

MiPDF.COM. 3. Which procedure is used to access a Cisco 2960 switch when performing an initial configuration in a secure environment?

Lab Configuring DHCP

Before you start the lab exercises see the lab administrator or EEE3080F tutor to get assigned to your routers.

Lab Configuring the OSPF Routing Process

Lab - Building a Switch and Router Network

Lab Securing Network Devices

Lab Command Line Fundamentals Instructor Version 2500

Lab Verifying PPP Configuration

Lab Verifying RIP v2 Configuration

Lab Configuring Basic Switch Settings (Solution)

Lab Using the Boot System Command. Objective. Background/Preparation

NETWORK LAB 2 Configuring Switch Desktop

Lab Correcting RIPv2 Routing Problems

Lab 6.2.7a Managing Switch Operating System Files

CHAPTER 2 ACTIVITY

CCNA 1 Final Exam Answers UPDATE 2012 eg.1

Device Interface IP Address Subnet Mask Default Gateway

Lab Configuring OSPF Authentication

~ 1 ~ Ankara University Department of Computer Engineering COM LAB 1 Part 1

Laboration 1 Examine the Topology and Basic Troubleshooting Commands

CCENT Practice Certification Exam # 2 - CCNA Exploration: Accessing the WAN (Version 4.0)

Lab 5: Basic VLAN Configuration

Laboration 2 Troubleshooting Switching and First-Hop Redundancy

Backup a copy of a router IOS from flash to a TFTP server. Reload the backup IOS software image from a TFTP server into flash on a router.

Lab Command Modes and Router Identification. Objective. Background/Preparation. Step 1 Login to the router in user EXEC mode

Lab 2.8.1: Basic Static Route Configuration

Skills Assessment Student Training

Lab Backing up Configuration Files

Lab Configuring HSRP and GLBP Topology

Lab Modifying OSPF Cost Metric

Lab 9.1.5a Trunking with ISL 2924XL Series

Lab Password Recovery Procedure on a Catalyst 2900 Series Switches

Lab Firmware Upgrade of a Catalyst 2900 Series Switch

Lab Verifying NAT and PAT Configuration

Lab 6.4.1: Basic Inter-VLAN Routing

Lab Exploring Cisco IOS and Configuring Basic Switch Settings

Configuration and management of Networks LAB 1 Introduction to packet tracer

Hochschule Bremen Networking Lab

Lab Configuring and Verifying Extended ACLs Topology

Retake - Skills Assessment Student Training (Answer Key)

CS 326e Lab 2, Edmondson-Yurkanan, Spring 2004 Router Configuration, Routing and Access Lists

Lab Password Recovery Procedure on a Catalyst 2950 Series Switch 2900XL Series

Lab Student Lab Orientation

Lab Troubleshooting LAN Connectivity

Vendor: Cisco. Exam Code: Exam Name: Cisco Interconnecting Cisco Networking Devices Part 1 (ICND1 v3.0) Version: Demo

Lab Troubleshooting Using traceroute Instructor Version 2500

Lab 1.1.4a Configuring NAT

Lab 1.1.4c Configuring Static NAT Addresses

Classful Address Subnet Mask Number of Hosts per Subnet (2 x 2)

Skills Assessment Student Training Exam

CCNA Semester 2 labs. Labs for chapters 2 10

Transcription:

Lab 1.4.6B Implementing Port Security Device Designation Device Name VLAN 1 Address Subnet mask S1 FC-ASW-1 10.0.0.2 255.255.255.0 PC1 Host 1 10.0.0.254 255.255.255.0 PC2 Host 2 10.0.0.253 255.255.255.0 Linksys Internet Port Intruder 10.0.0.252 255.255.255.0 All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 7

Objectives Configure port security on individual FastEthernet ports on a switch. Test and confirm the configured switch port security. 640-802 CCNA Exam Objectives This lab contains skills that relate to the following CCNA exam objectives: Perform and verify initial switch configuration tasks, including remote access management. Verify network status and switch operation using basic utilities (including: ping, traceroute, Telnet, SSH, arp, ipconfig), and show and debug commands. Implement basic switch security (including port security, trunk access, management VLAN other than VLAN 1, etc.). Expected Results and Success Criteria Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? Why do you think that network administrators implement port security in their network? How will a network administrator know if port security is working properly? Background / Preparation Network security is an important responsibility for network administrators and network designers. Access Layer switch ports are accessible through the structured cabling at wall outlets. Anyone can plug in a PC, laptop, or wireless Access Point at one of these outlets. These outlets are potential entry points to the network by unauthorized users. Switches provide a feature called port security. With port security, it is possible to limit the number of MAC addresses that can be learned on an interface. The switch can be configured to take an action [shut down], if this number is exceeded. The number of MAC addresses per port can be limited, commonly to 1. The first address dynamically learned by that switch for that port becomes the secure address. Using the given topology, this lab configures a switch to provide network access to only 2 PCs and tests this security by attempting to connect an "intruder" device, the Linksys Wireless Router, to the secure port. All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 7

Task 1: Configure and Test the Switch Connectivity Step 1: Prepare the switch for configuration NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab. a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the switch and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and switch. b. Establish a console terminal session from PC1 to switch S1. c. Prepare the switch for lab configuration by ensuring that all existing VLAN and general configurations are removed. 1) Remove the switch startup configuration file from NVRAM. Switch#erase startup-config Erasing the nvram filesystem will remove all files! Continue? [confirm] 2) Press Enter to confirm. The response should be: Erase of nvram: complete d. Power cycle the switch and exit the initial configuration setup when the switch restarts. Step 2: Configure the switch Configure the hostname and VLAN 1 interface IP address as shown in the table. Step 3: Configure the hosts attached to the switch a. Configure the two PCs to use the same IP subnet for the address and mask as shown in the table. b. Connect PC1 to switch port Fa0/1 and PC2 to switch port Fa0/4. The Linksys device is not connected at this stage of the lab. Step 4: Verify host connectivity Ping between all PCs and the switch to verify correct configuration. If any ping was not successful, troubleshoot the hosts and switch configurations. Step 5: Record the host MAC addresses Determine and record the Layer 2 addresses of the PC network interface cards. (For Windows 2000, XP, or Vista, check by using Start > Run > cmd > ipconfig /all.) PC1 MAC Address: PC2 MAC Address: Step 6: Determine what MAC addresses the switch has learned a. At the privileged EXEC mode prompt, issue the show mac-address-table command to display the PC MAC addresses that the switch has learned. FC-ASW-1#show mac-address-table All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 7

b. Note the MAC addresses shown and the associated switch ports. Confirm that these addresses and ports match the connected PCs. How were these MAC addresses and port associations learned? Task 2 Configure and Test the Switch for Dynamic Port Security Step 1: Set port security options a. Disconnect all PCs Ethernet cables from the switch ports. b. Ensure that the MAC address table is clear of entries. To confirm this, issue the clear macaddress-table dynamic and show mac-address-table commands. a. Clear the MAC address table entries. FC-ASW-1#clear mac-address-table dynamic b. Issue the show mac-address-table command. Record the table entries. c. Determine the options for setting port security on interface FastEthernet 0/4. From the global configuration mode, enter interface fastethernet 0/4. FC-ASW-1(config)#interface fa 0/4 Enabling switch port security provides options, such as specifying what happens when a security setting is violated. d. To configure the switch port FastEthernet 0/4 to accept only the first device connected to the port, issue the following commands from the configuration mode: FC-ASW-1(config-if)#switchport mode access FC-ASW-1(config-if)#switchport port-security e. In the event of a security violation, the interface should be shut down. Set the port security action to shutdown: FC-ASW-1(config-if)#switchport port-security violation shutdown FC-ASW-1(config-if)#switchport port-security mac-address sticky What other action options are available with port security? f. Exit the configuration mode. Step 2: Verify the configuration a. Display the running configuration. What statements in the configuration directly reflect the security implementation? All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 7

b. Show the port security settings. FC-ASW-1#show port-security interface fastethernet 0/4 Step 3: Verify the port security a. Connect PC1 to switch port Fa0/1 and PC2 to switch port Fa0/4. b. From the command prompt ping from PC1 to PC2. c. From the command prompt ping from PC2 to PC1. d. From the console terminal session, issue the show mac-address-table command. e. Show the port security settings. FC-ASW-1#show port-security interface fastethernet 0/4 Note the difference in entries recorded in Step 2 b. All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 7

f. Confirm the status of the switch port. ALSwitch#show interface fastethernet 0/4 What is the state of this interface? FastEthernet0/4 is and line protocol is Step 4: Test the port security a. Disconnect PC2 from Fa0/4 b. Connect PC2 to the Linksys using one of the ports on the Linksys LAN switch. c. Use the Basic Setup tab to configure the Internet IP address on the Linksys device to the address and mask, as shown in the table. d. Configure PC2 to get an IP address using DHCP. Verify that PC2 receives an IP address from the Linksys device. e. Connect the Internet port on the Linksys to Fa0/4. f. Ping from PC1 to PC2. g. Ping from PC2 to PC1. Record the output displayed on the console screen at the switch command line. h. Issue the show mac-address-table command. i. Show the port security settings. FC-ASW-1#show port-security interface fastethernet 0/4 All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 7

Note the difference in entries recorded in Step 3 e. j. Confirm the status of the switch port. FC-ASW-1#show interface fastethernet 0/4 What is the state of this interface? FastEthernet0/4 is and line protocol is Step 5: Reactivate the port a. If a security violation occurs and the port is shut down, enter interface Fa0/4 configuration mode, disconnect the offending device, and use the shutdown command to temporarily disable the port. b. Disconnect the Linksys and reconnect PC2 to port Fa0/4. Issue the no shutdown command on the interface. c. Ping from PC1 to PC2. This may have to be repeated multiple times before success. List reasons why multiple ping attempts may be necessary before success is achieved. Step 6: Discuss switch port security using dynamic MAC address assignment Advantages: Disadvantages: Step 7: Clean up Erase the configurations and reload the switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings. Task 3: Reflection When considering designing a typical enterprise network, it is necessary to think about points of security vulnerability at the Access Layer. Discuss which Access Layer switches should have port security and those for which it may not be appropriate. Include possible future issues in regard to wireless and guest access to the network. All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback