Lab-08 Ethernet Switch Configuration

http://www.4shared.com/rar/4Q2I6_9s/Lab-08-Ethernet_Switch_Configu.html 1) 2) 3) 4) 5) 6) 7) 8) Configure the Topology Configuring security on switch Customizing CLI Connection Switch IP Configuration Switch Interface Configuration Configuring VLAN Configuring Port Security Securing Unused Interfaces

1. Configure the Topology

Configure and design the following topology, please refer to previous labs (00-Prepare Virtual Network Environment) for reference.

2. Configuring security on switch

i. Configure password for Enable Mode. Double click to open a console for switch.

ii.

Configure password for Console access.

www.asghars.blogspot.com

Now to connect through console it will prompt for password.

iii. iv.

Configure password for Telnet access.

Go to your PC prompt and telnet to SW1. Now you will observe that it requires password authentication. Also consider that moving to enable mode also requires password.

www.asghars.blogspot.com

v.

Configure SSH and username/password for SSH.

You can check the RSA key pair information as:

www.asghars.blogspot.com

Go to your PC prompt and SSH to SW1 using tera term.

On Security Warning window click Continue. On SSH authentication window provide username and password you just configured.

www.asghars.blogspot.com

Now you can access your switch securely through SSH.

vi.

Encrypting your passwords. The password and the username commands store the password in clear text in runningconfig file as shown below:

You can encrypt the password using the service password-encryption global configuration command.

Now you can see that password for vty is encrypted.

www.asghars.blogspot.com

3. Customizing CLI Connection

i. Configuring MOTD and Login banners

ii.

Customizing History buffer

iii.

Configuring Inactivity Timeout

iv.

Configuring Syslog Messages

www.asghars.blogspot.com

4. Switch IP Configuration
To allow Telnet, SSH, Simple Network Management Protocol (SNMP) & Cisco Device Manager (CDM) to work properly, the switch needs an IP address. To configure the static IP address, refer to the 1. Configure Cisco 3600 router to use as a switch step VI. Use the following commands to configure switch as a DHCP client.

You can use the show interfaces vlan1 command to check the state and ip address assigned by DHCP.

5. Switch Interface Configuration

www.asghars.blogspot.com

6. Configuring VLAN
This and onward configuration in this lab is demonstrated by using the Packet Tracer 5.3. Packet tracer is used due to the fact that this configuration is not supported by the GNS3 switch. Build the same topology in Packet Tracer.

i.

Provide the static IP to PC1 as:

ii.

Configure the switch IP address.

www.asghars.blogspot.com

iii.

Verify you can ping the switch SW1 from the PC1 desktop.

Finally to configure VLAN follow the following steps.

Check summary of the VLAN information.

www.asghars.blogspot.com

7. Configuring Port Security

First of all ping the switch to generate some traffic.

Determine MAC address of the required interface.

Specify MAC address allowed to send frames into this interface.

www.asghars.blogspot.com

10

Verify, the MAC address is added to the secure MAC address table.

Check port status.

Now try to add second PC2, configure its IP and connect it to fa0/1 in place of PC1.

www.asghars.blogspot.com

11

You can check that SW1 cant be ping.

Check port status again, now you can see that the port status is Secure-Shut Down. Which means it doesnt allow other MAC address to connect.

www.asghars.blogspot.com

12

8. Securing Unused Interfaces

By default the interface is configured in no shutdown state. The following commands shows how to override the default settings and make the unused port more secure

www.asghars.blogspot.com

13