Scribd
Upload
27 views9 pages

F OZV7 HEIMFxk X8 B O3 H HBD Sy 6 Iqv 5 Gil Bnmuzux 5 L

This document provides instructions for completing four tasks related to routing and port security: 1) configuring SSH, 2) configuring switch port security, 3) troubleshooting switch port security, and 4) configuring OSPFv2 routing. Students are asked to complete Packet Tracer activities and files for each task and submit their work.

Uploaded by

narofilem77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views9 pages

F OZV7 HEIMFxk X8 B O3 H HBD Sy 6 Iqv 5 Gil Bnmuzux 5 L

This document provides instructions for completing four tasks related to routing and port security: 1) configuring SSH, 2) configuring switch port security, 3) troubleshooting switch port security, and 4) configuring OSPFv2 routing. Students are asked to complete Packet Tracer activities and files for each task and submit their work.

Uploaded by

narofilem77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

TUGAS PERTEMUAN 6

Kerjakan tugas yang terlampir di materi Pertemuan 6, PEMBUATAN JARINGAN ROUTING


DAN PORT SECURITY yang terdiri dari 4 soal :

1. Configuring SSH Instruction


2. Configuring Switch Port Security
3. Troubleshooting Switch Port Security
4. Configuring OSPFv2

File-file soal dalam format Word yang harus diisi diupload di WA Grup, demikian juga
file-file topologi jaringan yang sudah dikonfigurasi pada Cisco Packet Tracer.
Packet Tracer - Configuring SSH (Instructor Version)
Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask

S1 VLAN 1 10.10.10.2 255.255.255.0


PC1 NIC 10.10.10.10 255.255.255.0

Objectives
Part 1: Secure Passwords
Part 2: Encrypt Communications
Part 3: Verify SSH Implementation

Background
SSH should replace Telnet for management connections. Telnet uses insecure plain text communications.
SSH provides security for remote connections by providing strong encryption of all transmitted data between
devices. In this activity, you will secure a remote switch with password encryption and SSH.

Part 1: Secure Passwords


a. Using the command prompt on PC1, Telnet to S1. The user EXEC and privileged EXEC password is
cisco.
b. Save the current configuration so that any mistakes you might make can be reversed by toggling the
power for S1.
c. Show the current configuration and note that the passwords are in plain text. Enter the command that
encrypts plain text passwords:
S1(config)# service password-encryption
d. Verify that the passwords are encrypted.

Part 2: Encrypt Communications


Step 1: Set the IP domain name and generate secure keys.
It is generally not safe to use Telnet, because data is transferred in plain text. Therefore, use SSH whenever it
is available.
a. Configure the domain name to be netacad.pka.
S1(config)# ip domain-name netacad.pka

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2
Packet Tracer - Configuring SSH

b. Secure keys are needed to encrypt the data. Generate the RSA keys using a 1024 key length.
S1(config)# crypto key generate rsa
The name for the keys will be: S1.netacad.pka
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024


% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

Step 2: Create an SSH user and reconfigure the VTY lines for SSH-only access.
a. Create an administrator user with cisco as the secret password.
S1(config)# username administrator secret cisco
b. Configure the VTY lines to check the local username database for login credentials and to only allow SSH
for remote access. Remove the existing vty line password.
S1(config-line)# login local
S1(config-line)# transport input ssh
S1(config-line)# no password cisco

Part 3: Verify SSH Implementation


a. Exit the Telnet session and attempt to log back in using Telnet. The attempt should fail.
b. Attempt to log in using SSH. Type ssh and press Enter without any parameters to reveal the command
usage instructions. Hint: The -l option is the letter “L”, not the number 1.
c. Upon successful login, enter privileged EXEC mode and save the configuration. If you were unable to
successfully access S1, toggle the power and begin again at Part 1.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 2
Packet Tracer - Configuring Switch Port Security (Instructor
Version)
Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask

S1 VLAN 1 10.10.10.2 255.255.255.0


PC1 NIC 10.10.10.10 255.255.255.0
PC2 NIC 10.10.10.11 255.255.255.0
Rogue Laptop NIC 10.10.10.12 255.255.255.0

Objective
Part 1: Configure Port Security
Part 2: Verify Port Security

Background
In this activity, you will configure and verify port security on a switch. Port security allows you to restrict a
port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port.

Part 1: Configure Port Security


a. Access the command line for S1 and enable port security on Fast Ethernet ports 0/1 and 0/2.
S1(config)# interface range fa0/1 - 2
S1(config-if-range)# switchport port-security
b. Set the maximum so that only one device can access the Fast Ethernet ports 0/1 and 0/2.
S1(config-if-range)# switchport port-security maximum 1

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2
Packet Tracer - Configuring Switch Port Security

c. Secure the ports so that the MAC address of a device is dynamically learned and added to the running
configuration.
S1(config-if-range)# switchport port-security mac-address sticky
d. Set the violation so that the Fast Ethernet ports 0/1 and 0/2 are not disabled when a violation occurs, but
packets are dropped from an unknown source.
S1(config-if-range)# switchport port-security violation restrict
e. Disable all the remaining unused ports. Hint: Use the range keyword to apply this configuration to all the
ports simultaneously.
S1(config-if-range)# interface range fa0/3 - 24 , gi1/1 - 2
S1(config-if-range)# shutdown

Part 2: Verify Port Security


a. From PC1, ping PC2.
b. Verify port security is enabled and the MAC addresses of PC1 and PC2 were added to the running
configuration.
c. Attach Rogue Laptop to any unused switch port and notice that the link lights are red.
d. Enable the port and verify that Rogue Laptop can ping PC1 and PC2. After verification, shut down the
port connected to Rogue Laptop.
e. Disconnect PC2 and connect Rogue Laptop to PC2’s port. Verify that Rogue Laptop is unable to ping
PC1.
f. Display the port security violations for the port Rogue Laptop is connected to.
S1# show port-security interface fa0/2
g. Disconnect Rouge Laptop and reconnect PC2. Verify PC2 can ping PC1.
h. Why is PC2 able to ping PC1, but the Rouge Laptop is not? The port security that was enabled on the
port only allowed the device, whose MAC was learned first, access to the port while preventing all other
devices access.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 2
Packet Tracer - Troubleshooting Switch Port Security (Instructor
Version)
Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Scenario
The employee who normally uses PC1 brought his laptop from home, disconnected PC1 and connected the
laptop to the telecommunication outlet. After reminding him of the security policy that does not allow personal
devices on the network, you now must reconnect PC1 and re-enable the port.

Requirements
 Disconnect Home Laptop and reconnect PC1 to the appropriate port.
- When PC1 was reconnected to the switch port, did the port status change? No
- Enter the command to view the port status. What is the state of the port?
S1# sh int fa0/1
FastEthernet0/1 is administratively down, line protocol is down (disabled)
- Which port security command enabled this feature? switchport port-security violation
shutdown
 Enable the port using the necessary command.
S1(config)# int fa0/1
S1(config-if)# no shut
 Verify connectivity. PC1 should now be able to ping PC2.

Suggested Scoring Rubric


Packet Tracer scores 90 points. Answers to the questions are worth 10 points.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 1
Packet Tracer – Configuring OSPFv2 in a Single Area (Instructor
Version)
Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway

G0/0 172.16.1.1 255.255.255.0 N/A


R1 S0/0/0 172.16.3.1 255.255.255.252 N/A
S0/0/1 192.168.10.5 255.255.255.252 N/A
G0/0 172.16.2.1 255.255.255.0 N/A
R2 S0/0/0 172.16.3.2 255.255.255.252 N/A
S0/0/1 192.168.10.9 255.255.255.252 N/A
G0/0 192.168.1.1 255.255.255.0 N/A
R3 S0/0/0 192.168.10.6 255.255.255.252 N/A
S0/0/1 192.168.10.10 255.255.255.252 N/A
PC1 NIC 172.16.1.2 255.255.255.0 172.16.1.1
PC2 NIC 172.16.2.2 255.255.255.0 172.16.2.1
PC3 NIC 192.168.1.2 255.255.255.0 192.168.1.1

Objectives
Part 1: Configure OSPFv2 Routing
Part 2: Verify the Configurations

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 3
Packet Tracer – Configuring OSPFv2 in a Single Area

Background
In this activity, the IP addressing is already configured. You are responsible for configuring the three router
topology with basic single area OSPFv2 and then verifying connectivity between end devices.
Note: The topology is the same one used in the chapter examples. In addition, the student practiced the
configuration of this topology in the Syntax Checker activities. Therefore, the student should be able to
complete this activity with minimal assistance.

Part 1: Configure OSPFv2 Routing


Step 1: Configure OSPF on the R1, R2 and R3.
Use the following requirements to configure OSPF routing on all three routers:
- Process ID 10
- Router ID for each router: R1 = 1.1.1.1; R2 = 2.2.2.2; R3 = 3.3.3.3
- Network address for each interface
- LAN interface set to passive (do not use the default keyword)

Step 2: Verify OSPF routing is operational.


On each router, the routing table should now have a route to every network in the topology.

Part 2: Verify the Configurations


Each PC should be able to ping the other two PCs. If not, check your configurations.

!--------------------------
!R1
!--------------------------
ena
conf t
!
router ospf 10
router-id 1.1.1.1
network 172.16.1.0 0.0.0.255 area 0
network 172.16.3.0 0.0.0.3 area 0
network 192.168.10.4 0.0.0.3 area 0
passive-interface GigabitEthernet0/0
!
end

!--------------------------
!R2
!--------------------------

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 3
Packet Tracer – Configuring OSPFv2 in a Single Area

ena
conf t
!
router ospf 10
router-id 2.2.2.2
network 172.16.2.0 0.0.0.255 area 0
network 172.16.3.0 0.0.0.3 area 0
network 192.168.10.8 0.0.0.3 area 0
passive-interface GigabitEthernet0/0
!
end

!--------------------------
!R3
!--------------------------
ena
conf t
!
router ospf 10
router-id 3.3.3.3
network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.4 0.0.0.3 area 0
network 192.168.10.8 0.0.0.3 area 0
passive-interface GigabitEthernet0/0
!
end

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 3

You might also like