Nortel Ethernet Routing Switch 2500 Series Configuration ...
Lab-08 - Ethernet Switch Configuration
-
Upload
muhammad-asghar-khan -
Category
Documents
-
view
251 -
download
1
Transcript of Lab-08 - Ethernet Switch Configuration
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
1/13
www.asghars.blogspot.com 1
Lab-08 Ethernet Switch Configuration
http://www.4shared.com/rar/4Q2I6_9s/Lab-08-Ethernet_Switch_Configu.html
1) Configure the Topology2) Configuring security on switch3) Customizing CLI Connection4) Switch IP Configuration5) Switch Interface Configuration6) Configuring VLAN7) Configuring Port Security8) Securing Unused Interfaces
1. Configure the TopologyConfigure and design the following topology, please refer to previous labs (00-Prepare Virtual Network
Environment) for reference.
2. Configuring security on switchi. Configure password for Enable Mode. Double click to open a console for switch.
ii. Configure password for Console access.
http://www.4shared.com/rar/4Q2I6_9s/Lab-08-Ethernet_Switch_Configu.htmlhttp://www.4shared.com/rar/4Q2I6_9s/Lab-08-Ethernet_Switch_Configu.htmlhttp://www.4shared.com/rar/4Q2I6_9s/Lab-08-Ethernet_Switch_Configu.html -
7/30/2019 Lab-08 - Ethernet Switch Configuration
2/13
www.asghars.blogspot.com 2
Now to connect through console it will prompt for password.
iii. Configure password for Telnet access.iv.
Go to your PC prompt and telnet to SW1. Now you will observe that it requires password
authentication. Also consider that moving to enable mode also requires password.
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
3/13
www.asghars.blogspot.com 3
v. Configure SSH and username/password for SSH.
You can check the RSA key pair information as:
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
4/13
www.asghars.blogspot.com 4
Go to your PC prompt and SSH to SW1 using tera term.
On Security Warning window click Continue. On SSH authentication window provide username
and password you just configured.
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
5/13
www.asghars.blogspot.com 5
Now you can access your switch securely through SSH.
vi. Encrypting your passwords.Thepasswordand the username commands store the password in clear text in running-
config file as shown below:
You can encrypt the password using the service password-encryption global
configuration command.
Now you can see that password for vty is encrypted.
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
6/13
www.asghars.blogspot.com 6
3. Customizing CLI Connectioni. Configuring MOTD and Login banners
ii. Customizing History buffer
iii. Configuring Inactivity Timeout
iv. Configuring Syslog Messages
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
7/13
www.asghars.blogspot.com 7
4. Switch IP ConfigurationTo allow Telnet, SSH, Simple Network Management Protocol (SNMP) & Cisco Device Manager (CDM) to
work properly, the switch needs an IP address. To configure the static IP address, refer to the 1.
ConfigureCisco 3600 router to use as a switch step VI.
Use the following commands to configure switch as a DHCP client.
You can use the show interfaces vlan1 command to check the state and ip address assigned by
DHCP.
5. Switch Interface Configuration
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
8/13
www.asghars.blogspot.com 8
6. Configuring VLANThis and onward configuration in this lab is demonstrated by using the Packet Tracer 5.3. Packet tracer is
used due to the fact that this configuration is not supported by the GNS3 switch.
Build the same topology in Packet Tracer.
i. Provide the static IP to PC1 as:
ii. Configure the switch IP address.
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
9/13
www.asghars.blogspot.com 9
iii. Verify you can ping the switch SW1 from the PC1 desktop.
Finally to configure VLAN follow the following steps.
Check summary of the VLAN information.
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
10/13
www.asghars.blogspot.com 10
7. Configuring Port SecurityFirst of all ping the switch to generate some traffic.
Determine MAC address of the required interface.
Specify MAC address allowed to send frames into this interface.
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
11/13
www.asghars.blogspot.com 11
Verify, the MAC address is added to the secure MAC address table.
Check port status.
Now try to add second PC2, configure its IP and connect it to fa0/1 in place of PC1.
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
12/13
www.asghars.blogspot.com 12
You can check that SW1 cant be ping.
Check port status again, now you can see that the port status is Secure-Shut Down. Which means it
doesnt allow other MAC address to connect.
-
7/30/2019 Lab-08 - Ethernet Switch Configuration
13/13
www.asghars.blogspot.com 13
8. Securing Unused InterfacesBy default the interface is configured in no shutdown state. The following commands shows how to
override the default settings and make the unused port more secure