User Account

All Pages

Configure securing the local area network

Assignment Help Computer Networking
Reference no: EM132010141

Implementing Securing the Local Area Network

Objective: Configure Securing the Local Area Network

TOPOLOGY:

In this lab, you will perform the following tasks: Part 1: Configure Basic Device Settings
• Build the topology

• Configure basic settings such as host name, interface IP addresses, and access passwords.

Part 2: Configure SSH Access to the Switches

• Configure SSH version 2 access on the switch.

• Configure an SSH client to access the switch.

• Verify the configuration.

Part 3: Configure Secure Trunks and Access Ports

• Configure trunk port mode.

• Change the native VLAN for trunk ports.

• Verify trunk configuration.

• Enable storm control for broadcasts.

• Configure access ports.

• Enable PortFast and BPDU guard.

• Verify BPDU guard.

• Enable root guard.

• Enable loop guard.

• Configure and verify port security.

• Disable unused ports.

• Move ports from default VLAN 1 to alternate VLAN.

• Configure the PVLAN Edge feature on a port.

Part 4: Configure IP DHCP Snooping

• Configure DHCP on R1.

• Configure Inter-VLAN communication on R1.

• Configure S1 interface G0/0 as a trunk.

• Verify DHCP operation on PC- A and B.

• Enable DHCP Snooping.

• Verify DHCP Snooping.

BACKGROUND

The Layer 2 infrastructure consists mainly of interconnected Ethernet switches. Most end-user devices, such as computers, printers, IP phones, and other hosts, connect to the network via Layer 2 access switches. As a result, switches can present a network security risk. Similar to routers, switches are subject to attack from malicious internal users. The switch Cisco IOS software provides many security features that are specific to switch functions and protocols.

In this lab, you will configure SSH access and Layer 2 security for S1-StudentID and S2-StudentID. You will also configure various switch protection measures, including access port security and Spanning Tree Protocol (STP) features, such as BPDU guard and root guard.

Note: The router commands and output in this lab are from a Cisco 1941 with Cisco IOS Release 15.4(3)M2 (UniversalK9-M). Other routers and Cisco IOS versions can be used. See the Router Interface Summary Table at the end of the lab to determine which interface identifiers to use based on the equipment in the lab. Depending on the router model and Cisco IOS version, the commands available and output produced might vary from what is shown in this lab.

Note: Before beginning, ensure that the switches have been erased and have no startup configurations.

Task 1: Configure Basic Device Settings
The desktop system assigned to you serves as an end-user terminal. You access and manage the lab environment from the student desktop system using GNS3 Software.

Students should perform the steps in this task individually.

In Part 1 of this lab, you set up the network topology and configure basic settings, such as the interface IP addresses, static routing, device access, and passwords.

Part 2: Configure SSH Access to the Switches
In Part 2, you will configure S1 and S2 to support SSH connections and install SSH client software on the PCs.

Note: A switch IOS image that supports encryption is required to configure SSH. If this version of image is not used you cannot specify SSH as an input protocol for the vty lines and the crypto commands are unavailable.

Task 1: Configure the SSH Server on S1 and S2 Using the CLI.

In this task, use the CLI to configure the switch to be managed securely using SSH instead of Telnet. SSH is a network protocol that establishes a secure terminal emulation connection to a switch or other networking device. SSH encrypts all information that passes over the network link and provides authentication of the remote computer. SSH is rapidly replacing Telnet as the preferred remote login tool for network professionals. It is strongly recommended that SSH be used in place of Telnet on production networks.

Task 2: Configure the SSH Client

SSH from R1 to S1 and S2 OR use PuTTy and Tera Term are two terminal emulation programs that can support SSHv2 client connections.

Part 3: Configure Secure Trunks and Access Ports
In Part 3, you will configure trunk ports, change the native VLAN for trunk ports, and verify trunk configuration.

Securing trunk ports can help stop VLAN hopping attacks. The best way to prevent a basic VLAN hopping attack is to explicitly disable trunking on all ports except the ports that specifically require trunking. On the required trunking ports, disable DTP (auto trunking) negotiations and manually enable trunking. If no trunking is required on an interface, configure the port as an access port. This disables trunking on the interface.

Note: Tasks should be performed on S1 or S2, as indicated.

Task 1: Secure Trunk Ports

Task 2: Secure Access Ports

Network attackers hope to spoof their system, or a rogue switch that they add to the network, as the root bridge in the topology by manipulating the STP root bridge parameters. If a port that is configured with PortFast receives a BPDU, STP can put the port into the blocking state by using a feature called BPDU guard.

Task 3: Protect Against STP Attacks

The topology has only two switches and no redundant paths, but STP is still active. In this step, you will enable switch security features that can help reduce the possibility of an attacker manipulating switches via STP-related methods.

Task 4: Configure Port Security and Disable Unused Ports

Switches can be subject to a CAM table, also known as a MAC address table, overflow, MAC spoofing attacks, and unauthorized connections to switch ports. In this task, you will configure port security to limit the number of MAC addresses that can be learned on a switch port and disable the port if that number is exceeded.

Part 4: Configure DHCP Snooping
DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. It enables only authorized DHCP servers to respond to DHCP requests and distribute network information to clients.

Task 1: Set Up DHCP

Task 2: Configure Inter-VLAN Communication
Task 3: Configure DHCP Snooping

Attachment:- Securing Local Area Netwrok.rar

Verified Expert

In the given task, there is requirement to build topology as per the instruction. after that basic task are performed in the topology.The DHCP is configuration is performed in the network and based on that DHCP snooping is performed in the network.The switch are configured with the port security and for that the port that is going to connect with s1 from R1 is connected is enable for the port security. and than by changing the MAC address of Router interface this configuration is verified.

Reference no: EM132010141

Questions Cloud

Compute the estimated cost of inventory burned : Value of Inventory Computation by Gross Profit Method - On December 31, 2012, Felt Company's inventory burned. Compute the estimated cost of inventory burned
Politically active than other minority groups : Why have Asian-Americans been generally less politically active than other minority groups
How religion performs both manifest and latent functions : Can you provide examples of how religion performs both manifest and latent functions?
What is one social problem that is associated with modern : What is one social problem that is associated with modern families in the United States. From a functionalist perspective, choose the best research strategy
Configure securing the local area network : IT NE 2005 - Securing the Local Area Network - desktop system assigned to you serves as an end-user terminal. You access and manage the lab environment
Media on audiences from a functionalist perspective : Explain the impact of the media on audiences from a functionalist perspective. How does a functionalist perspective align with the active audience theory.
Task of shaping and reproducing society : As social institutions, education and religion are charged with the task of shaping and reproducing society
Has the lack of nonverbal communication changed : Has the lack of nonverbal communication changed the way we act in person?
How transgender individuals develop a gender identity : How transgender individuals develop a gender identity? Identify biological, social and cultural factors

Reviews

inf2010141

7/28/2018 2:44:43 AM

every configuration window and screenshot should have student id as per requirement whcih is Payment is not going through Send me some other link Send me some other link as this is not working Finally made it, How long will solution take? i want full screenshot with background and all pls make sure I want proper screenshots not cropped ones with background and time clock at bottom Very well done, the work appropriate and as per the requirements. I have less knowledge about such technical assignment so I am really thankful for your help.

Write a Review

Computer Networking Questions & Answers

  Networking and types of networking

This assignment explains the networking features, different kinds of networks and also how they are arranged.

  National and Global economic environment and ICICI Bank

While working in an economy, it has a separate identity but cannot operate insolently.

  Ssh or openssh server services

Write about SSH or OpenSSH server services discussion questions

  Network simulation

Network simulation on Hierarchical Network Rerouting against wormhole attacks

  Small internet works

Prepare a network simulation

  Solidify the concepts of client/server computing

One-way to solidify the concepts of client/server computing and interprocess communication is to develop the requirements for a computer game which plays "Rock, Paper, Scissors" using these techniques.

  Identify the various costs associated with the deployment

Identify the various costs associated with the deployment, operation and maintenance of a mobile-access system. Identify the benefits to the various categories of user, arising from the addition of a mobile-access facility.

  Describe how the modern view of customer service

Describe how the greater reach of telecommunication networks today affects the security of resources which an organisation provides for its employees and customers.

  Technology in improving the relationship building process

Discuss the role of Technology in improving the relationship building process Do you think that the setting of a PR department may be helpful for the ISP provider? Why?

  Remote access networks and vpns

safekeeping posture of enterprise (venture) wired and wireless LANs (WLANs), steps listed in OWASP, Securing User Services, IPV4 ip address, IPV6 address format, V4 address, VPN, Deploying Voice over IP, Remote Management of Applications and Ser..

  Dns

problems of IPV, DNS server software, TCP SYN attack, Ping of Death, Land attack, Teardrop attack, Smurf attack, Fraggle attack

  Outline the difference between an intranet and an extranet

Outline the difference between an intranet and an extranet A programmer is trying to produce an applet with the display shown in Figure 1 below such that whenever one of the checkboxes is selected the label changes to indicate correctly what has..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd