User Account

All Pages

Set up the network topology and configure basic settings

Assignment Help Computer Engineering
Reference no: EM132372198

Securing the Local Area Network Assignment - Implementing Securing the Local Area Network

Objective: Configure Securing the Local Area Network.

TOPOLOGY:

In this lab, you will perform the following tasks:

Part 1: Configure Basic Device Settings

  • Build the topology
  • Configure basic settings such as host name, interface IP addresses, and access passwords.

Part 2: Configure SSH Access to the Switches

  • Configure SSH version 2 access on the switch.
  • Configure an SSH client to access the switch.
  • Verify the configuration.

Part 3: Configure Secure Trunks and Access Ports

  • Configure trunk port mode.
  • Change the native VLAN for trunk ports.
  • Verify trunk configuration.
  • Enable storm control for broadcasts.
  • Configure access ports.
  • Enable PortFast and BPDU guard.
  • Verify BPDU guard.
  • Enable root guard.
  • Enable loop guard.
  • Configure and verify port security.
  • Disable unused ports.
  • Move ports from default VLAN 1 to alternate VLAN.
  • Configure the PVLAN Edge feature on a port.

Part 4: Configure IP DHCP Snooping

  • Configure DHCP on R1.
  • Configure Inter-VLAN communication on R1.
  • Configure S1 interface G0/0 as a trunk.
  • Verify DHCP operation on PC- A and B.
  • Enable DHCP Snooping.
  • Verify DHCP Snooping.

BACKGROUND -

The Layer 2 infrastructure consists mainly of interconnected Ethernet switches. Most end-user devices, such as computers, printers, IP phones, and other hosts, connect to the network via Layer 2 access switches. As a result, switches can present a network security risk. Similar to routers, switches are subject to attack from malicious internal users. The switch Cisco IOS software provides many security features that are specific to switch functions and protocols.

In this lab, you will configure SSH access and Layer 2 security for S1-StudentID and S2-StudentID. You will also configure various switch protection measures, including access port security and Spanning Tree Protocol (STP) features, such as BPDU guard and root guard.

Note: The router commands and output in this lab are from a Cisco 1941 with Cisco IOS Release 15.4(3)M2 (UniversalK9-M). Other routers and Cisco IOS versions can be used. See the Router Interface Summary Table at the end of the lab to determine which interface identifiers to use based on the equipment in the lab. Depending on the router model and Cisco IOS version, the commands available and output produced might vary from what is shown in this lab.

Note: Before beginning, ensure that the switches have been erased and have no startup configurations.

Part 1: Configure Basic Device Settings

The desktop system assigned to you serves as an end-user terminal. You access and manage the lab environment from the student desktop system using GNS3 Software.

Students should perform the steps in this task individually.

In Part 1 of this lab, you set up the network topology and configure basic settings, such as the interface IP addresses, static routing, device access, and passwords.

All steps should be performed on routers R1-S0000.

Part 2: Configure SSH Access to the Switches

In Part 2, you will configure S1 and S2 to support SSH connections and install SSH client software on the PCs.

Note: A switch IOS image that supports encryption is required to configure SSH. If this version of image is not used you cannot specify SSH as an input protocol for the vty lines and the crypto commands are unavailable.

Task 1: Configure the SSH Server on S1 and S2 Using the CLI.

In this task, use the CLI to configure the switch to be managed securely using SSH instead of Telnet. SSH is a network protocol that establishes a secure terminal emulation connection to a switch or other networking device.

SSH encrypts all information that passes over the network link and provides authentication of the remote computer. SSH is rapidly replacing Telnet as the preferred remote login tool for network professionals. It is strongly recommended that SSH be used in place of Telnet on production networks.

Note: A switch must be configured with local authentication or AAA in order to support SSH.

Task 2: Configure the SSH Client

SSH from R1 to S1 and S2 OR use PuTTy and Tera Term are two terminal emulation programs that can support SSHv2 client connections.

Part 3: Configure Secure Trunks and Access Ports

In Part 3, you will configure trunk ports, change the native VLAN for trunk ports, and verify trunk configuration. Securing trunk ports can help stop VLAN hopping attacks. The best way to prevent a basic VLAN hopping attack is to explicitly disable trunking on all ports except the ports that specifically require trunking. On the required trunking ports, disable DTP (auto trunking) negotiations and manually enable trunking. If no trunking is required on an interface, configure the port as an access port. This disables trunking on the interface.

Note: Tasks should be performed on S1 or S2, as indicated.

Task 1: Secure Trunk Ports

Task 2: Secure Access Ports

Network attackers hope to spoof their system, or a rogue switch that they add to the network, as the root bridge in the topology by manipulating the STP root bridge parameters. If a port that is configured with PortFast receives a BPDU, STP can put the port into the blocking state by using a feature called BPDU guard.

Task 3: Protect Against STP Attacks

The topology has only two switches and no redundant paths, but STP is still active. In this step, you will enable switch security features that can help reduce the possibility of an attacker manipulating switches via STP-related methods.

Task 4: Configure Port Security and Disable Unused Ports

Switches can be subject to a CAM table, also known as a MAC address table, overflow, MAC spoofing attacks, and unauthorized connections to switch ports. In this task, you will configure port security to limit the number of MAC addresses that can be learned on a switch port and disable the port if that number is exceeded.

Part 4: Configure DHCP Snooping

DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. It enables only authorized DHCP servers to respond to DHCP requests and distribute network information to clients.

Task 1: Set Up DHCP.

Task 2: Configure Inter-VLAN Communication.

Task 3: Configure DHCP Snooping.

Attachment:- Securing the Local Area Network Assignment File.rar

Reference no: EM132372198

Questions Cloud

Prepare a design class diagram for the task schedule : ICT310 - System Analysis and Design - University of the Sunshine Coast - Prepare a Design class diagram for the Task Schedule and Backup Task classes ONLY
Write comparison and contrast paper on organization - PUMA : Case Assignment- Company name is PUMA. Write a 4- 6 page comparison and contrast paper on your organization
Create a new sketch and add the relations as required : Create a new sketch. From the Sketch toolbar, select Sketch make sure you select Sketch, and not 3D Sketch and add the relations as required.
Provide an overview and description of the nominated website : CQ University - COIT 20268 - Responsive Web Design (RWD) Assignment, Provide an overview and description of the nominated website
Set up the network topology and configure basic settings : IT NE 2005 Securing the Local Area Network Assignment, Victorian Institute of Technology, Australia. Set up the network topology and configure basic settings
What is predicted satisfaction level score for an employee : Math 220-What is the predicted satisfaction level score for an employee who has been with the company for 10 years? To find the correlation between two variable
How organisational culture affects the accounting system : BUS707 – Applied Business Research - King's Own Institute - What real problem does the research seek to resolve and why is it important to research this topic
Discuss trends in the herbivore tribe group richness : BIOL 4312 – Analysis of Biological Communities - University of Manitoba - Summarize and discuss trends in the effective richness
Write about one lesson learnt about from teamwork project : Write about ONE lesson learnt about from teamwork project (be specific about that lesson learned). Explaining how was learnt

Reviews

Write a Review

Computer Engineering Questions & Answers

  What is the index of the top element of the stack

What is the index of the top element of the stack. What is the index of the bottom element of the stack?

  Search a binary search tree with n nodes for a given value

Search a binary search tree with n nodes for a given value. Determine whether or not a sorted list of n elements has any duplicate values.

  Who is going to win more games of craps you or the house

In the game of craps, a Pass Line bet proceeds as follows. Over the long run, who is going to win more games of craps, you or the house?

  Create an applet that could run from a browser

We Love Pets is a pet clinic with several locations. The office manager has asked you to create an applet that could run from a browser at all the offices.

  Questionselect an information scheme used in your

questionselect an information scheme used in your association or in your school. interview a systems analyst or

  Calculate the mean value and standard deviation of x

For t = 0 to 8?, take discrete sample data of the function x(t) with time interval of 0.025 sec, thus forming a dataset {x}.

  Find out which equation will equal to hundred

How can I write a program to find out which equation will equal to 100 and how many equations equal to 100?

  How to calculate and display the total retail value

A mail order house sells five different products whose retail prices are: product 1 - $150, product 2 - $250, product 3 - $500, product 4 - $300, and product 5 - $350.

  Determine the best uses of 3g and 4g technology

Compare the pros and cons of 3G and 4G technology to determine the best uses of 3G and 4G technology in today's applications

  How state might impact the investigator gathering data

Describe the state, and how it might impact the investigator gathering data. Also discuss alternatives and work around to the device state.

  Discuss the roles of the advancement in web technology

As the core component of Web 4.0, the Internet of Things (IoT) has become a reality after many years of development. Distinct from all previous generations.

  Create an application that displays the given patterns

Create an application that displays the following patterns. You may use any character of your choice to construct the pattern. One possible solution follows.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd