Lab-08 - Ethernet Switch Configuration

7/30/2019 Lab-08 - Ethernet Switch Configuration

1/13

www.asghars.blogspot.com 1

Lab-08 Ethernet Switch Configuration

http://www.4shared.com/rar/4Q2I6_9s/Lab-08-Ethernet_Switch_Configu.html

1) Configure the Topology2) Configuring security on switch3) Customizing CLI Connection4) Switch IP Configuration5) Switch Interface Configuration6) Configuring VLAN7) Configuring Port Security8) Securing Unused Interfaces

1. Configure the TopologyConfigure and design the following topology, please refer to previous labs (00-Prepare Virtual Network

Environment) for reference.

2. Configuring security on switchi. Configure password for Enable Mode. Double click to open a console for switch.

ii. Configure password for Console access.
http://www.4shared.com/rar/4Q2I6_9s/Lab-08-Ethernet_Switch_Configu.htmlhttp://www.4shared.com/rar/4Q2I6_9s/Lab-08-Ethernet_Switch_Configu.htmlhttp://www.4shared.com/rar/4Q2I6_9s/Lab-08-Ethernet_Switch_Configu.html


2/13


Now to connect through console it will prompt for password.

iii. Configure password for Telnet access.iv.

Go to your PC prompt and telnet to SW1. Now you will observe that it requires password

authentication. Also consider that moving to enable mode also requires password.


3/13


v. Configure SSH and username/password for SSH.

You can check the RSA key pair information as:


4/13


Go to your PC prompt and SSH to SW1 using tera term.

On Security Warning window click Continue. On SSH authentication window provide username

and password you just configured.


5/13


Now you can access your switch securely through SSH.

vi. Encrypting your passwords.Thepasswordand the username commands store the password in clear text in running-

config file as shown below:

You can encrypt the password using the service password-encryption global

configuration command.

Now you can see that password for vty is encrypted.


6/13


3. Customizing CLI Connectioni. Configuring MOTD and Login banners

ii. Customizing History buffer

iii. Configuring Inactivity Timeout

iv. Configuring Syslog Messages


7/13


4. Switch IP ConfigurationTo allow Telnet, SSH, Simple Network Management Protocol (SNMP) & Cisco Device Manager (CDM) to

work properly, the switch needs an IP address. To configure the static IP address, refer to the 1.

ConfigureCisco 3600 router to use as a switch step VI.

Use the following commands to configure switch as a DHCP client.

You can use the show interfaces vlan1 command to check the state and ip address assigned by

DHCP.

5. Switch Interface Configuration


8/13


6. Configuring VLANThis and onward configuration in this lab is demonstrated by using the Packet Tracer 5.3. Packet tracer is

used due to the fact that this configuration is not supported by the GNS3 switch.

Build the same topology in Packet Tracer.

i. Provide the static IP to PC1 as:

ii. Configure the switch IP address.


9/13


iii. Verify you can ping the switch SW1 from the PC1 desktop.

Finally to configure VLAN follow the following steps.

Check summary of the VLAN information.


10/13


7. Configuring Port SecurityFirst of all ping the switch to generate some traffic.

Determine MAC address of the required interface.

Specify MAC address allowed to send frames into this interface.


11/13


Verify, the MAC address is added to the secure MAC address table.

Check port status.

Now try to add second PC2, configure its IP and connect it to fa0/1 in place of PC1.


12/13


You can check that SW1 cant be ping.

Check port status again, now you can see that the port status is Secure-Shut Down. Which means it

doesnt allow other MAC address to connect.


13/13


8. Securing Unused InterfacesBy default the interface is configured in no shutdown state. The following commands shows how to

override the default settings and make the unused port more secure

Lab-08 - Ethernet Switch Configuration

Documents

Transcript of Lab-08 - Ethernet Switch Configuration