NAMA : TUGIYONO NIM : 15.240.0187

CCNA Discovery Introducing Routing and Switching in the Enterprise

Lab 2. Menerapkan Keamanan Dasar Pada Switch Security

Device Designation

IP Address

PC 1

192.168.1.3

255.255.255.0

192.168.1.1

PC 2

192.168.1.4

255.255.255.0

192.168.1.1

PC 3 Switch1

192.168.1.5 192.168.1.2

255.255.255.0 255.255.255.0

192.168.1.1 192.168.1.1

Subnet Mask

Default Gateway

Enable Secret Password

vty and Console Password

class

cisco

Tujuan 

Mengkonfigurasikan password untuk memastikan akses ke CLI AMAN



Mengkonfigurasikan portsecurity..



Menotifikasi port yang tidak dipakai.



Menguji konfigurasi keamanan dengan mengkoneksikan hos lain kep port yang diamankan. Background / Preparation

Latar Belakang / Persiapan Set up jaringan yang sama dengan yang ada di diagram topologi. Sumber daya yang dibutuhkan berupa: 

Satu buah Cisco 2960 or switch yang sejenis



Tiga PC, setidaknya dengan sebuah program terminal emulasi



Satu buah konektor rj-45-to-DB-9 beserta kabel konsolnya



Dua kabel eternet susunan straight-through (PC1 and PC2 to switch)

All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 11

CCNA Discovery Introducing Routing and Switching in the Enterprise 

Access ke command prompt PC



Access ke PC jaringan TCP/IP konfigurasi

Catatan: Pastikan switch telah di hapus dan tidak memiliki konfigurasi startup. Petunjuk untuk menghapus switch dan router disediakan di di modul praktek ini.

Langkah 1: Menghubungkan PC1 to the switch a. Hubungkan PC1 to FastEthernet switch port Fa0/1. konfigurasi PC1 to menggunakan the IP address, mask, and gateway yang Nampak pada table diatas b. Jalankan program sesi terminal emulation ke switch PC1.

Langkah 2: Menghubungkan PC2 to the switch a. Hubungkan PC2 ke FastEthernet switch port Fa0/4. b. Konfigurasi PC2 to menggunakan the IP address, mask, and gateway seperti tampak pada table diatas.

Langkah 3: KOnfigurasikan PC3 tetapi tidak dihubungkan Host ketiga diperlukan untuk praktek ini. a. Konfigurasikan PC3 menggunakan IPaddress 192.168.1.5. The subnet mask is 255.255.255.0, and the default gateway is 192.168.1.1. b. Jangan hubungkan dulu. Do not connect this PC to the switch yet. It will be used for testing security.

Langkah 4: Perform an initial configuration on the switch a. Konfigurasi console dan virtual terminal lines dengan menggunakan password dan diperlukan untuk login. the hostname of the switch as Switch1. Switch>enable Switch#config terminal Switch(config)#hostname Switch1 b. Set the privilegedEXECmode password to cisco. Switch1(config)#enable password cisco c.

Set the privilegedEXECmode secret password to class. Switch1(config)#enable secret class

d. Configure the console and virtual terminal lines to use a password and require it at login. Switch1(config)#line console 0 Switch1(config-line)#password cisco Switch1(config-line)#login Switch1(config-line)#line vty 0 15 Switch1(config-line)#password cisco Switch1(config-line)#login Switch1(config-line)#end e. Exit from the console session and log in again. Which password was required to enter privileged EXEC mode?_class Why? Karena level keamanan secret password lebih tinggi dibadingkan dengan password

Step 5: Configure the switch management interface on VLAN 1 a. Enter the interface configuration mode for VLAN 1. All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 2 of 11

CCNA Discovery Introducing Routing and Switching in the Enterprise Switch1(config)#interface vlan 1 b. Set the IP address, subnet mask, and default gateway for the management interface. Switch1(config-if)#ip address 192.168.1.2 255.255.255.0 Switch1(config-if)#no shutdown Switch1(config-if)#exit Switch1(config)#ip default-gateway 192.168.1.1 Switch1(config)#end Why does interface VLAN1 require an IP address in this LAN? Sebagai pengenal atau host dari ruang VLAN 1, alamat dari ruang vlan1 atau ruang vlan1 ip address 192.168.1.2 255.255.255.0 What is the purpose of the default gateway?

ip default-gateway 192.168.1.1 Step 6: Verify the management LANs settings a. Verify that the IP address of the management interface on the switch VLAN 1 and the IP address of PC1and PC2 are on the same local network. Use the show running-config command to check the IP address configuration of the switch. b. Verify the interface settings on VLAN 1. Switch1#showinterface vlan 1

Switch1#show interface vlan 1 Vlan1 is up, line protocol is up Hardware is CPU Interface, address is 0030.a33a.cc1e (bia 0030.a33a.cc1e) Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 21:40:21, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1682 packets input, 530955 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 563859 packets output, 0 bytes, 0 underruns 0 output errors, 23 interface resets 0 output buffer failures, 0 output buffers swapped out Switch1#

All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 3 of 11

CCNA Discovery Introducing Routing and Switching in the Enterprise What is the bandwidth on this interface?

MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec, reliability 255/255, txload 1/255, rxload 1/255 What are the VLAN states?

Vlan1 is up, line protocol is up VLAN1 is up andline protocol is up

Step 7: Disable the switch from being an http server Turn off the feature of the switch being used as an http server. Switch1(config)#no ip http server

Step 8: Verify connectivity a. To verify that hosts and switch are correctly configured, ping the switch IP address from the hosts. Were the pings successful? Ya

If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the host and switch configurations. b. Save the configuration.

All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 4 of 11

CCNA Discovery Introducing Routing and Switching in the Enterprise Step 9: Record the host MAC addresses Determine and record the Layer 2 addresses of the PC network interface cards.From the command prompt of each PC, enter ipconfig /all. PC1 __________________________________________________

PC2 __________________________________________________

PC3 __________________________________________________

All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 5 of 11

CCNA Discovery Introducing Routing and Switching in the Enterprise Step 10: Determine what MAC addresses the switch has learned Determine what MAC addresses the switch has learned by using the show mac-address-table command at the privileged EXEC mode prompt. Switch1#showmac-address-table Translating "showmac-address-table"...domain server (255.255.255.255) How many dynamic addresses are there? 255.255.255.255 How many total MAC addresses are there? 255 Do the MAC addresses match the host MAC addresses? Tidak

Step 11: View the show mac-address-table options View the options that the showmac-address-table command has available. Switch1(config)#showmac-address-table ?

What options are available?

Step 12: Setup a static MAC address Setup a static MAC address on FastEthernet interface 0/4.Use the address that was recorded for PC2 in Step 9. The MAC address 00e0.2917.1884 is used in this example statement only. Switch1(config)#mac-address-table static 00e0.2917.1884 vlan 1 interface fastethernet 0/4

Step 13:Verify the results a. Verify the MAC address table entries. Switch1#show mac-address-table

How many dynamic MAC addresses are there now? satu 00e0.2917.1774 All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 6 of 11

CCNA Discovery Introducing Routing and Switching in the Enterprise How many static MAC addresses are there now? Satu 00e0.2917.1774 b. Remove the static entry from the MAC Address Table. Switch1(config)#nomac-address-table static 00e0.2917.1884 vlan 1 interface fastethernet 0/4

Step 14: List port security options a. Determine the options for setting port security on interface FastEthernet 0/4. Switch1(config)#interface fastethernet 0/4 Switch1(config-if)#switchport port-security ? What are some available options?Untuk mengamankan port / security port Command rejected: FastEthernet0/4 is a dynamic port. b. To allow the switch port FastEthernet 0/4 to accept only one device, configure port security. Switch1(config-if)#switchport mode access Switch1(config-if)#switchport port-security Switch1(config-if)#switchport port-security mac-address sticky c.

Exit configuration mode and check the port security settings. Switch1#show port-security Secure Port

MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------Fa0/4 1 0 0 Shutdown ---------------------------------------------------------------------------

If a host other than PC2 attempts to connect to Fa0/4, what will happen? Terhubung / replay

All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 7 of 11

CCNA Discovery Introducing Routing and Switching in the Enterprise Step 15: Limit the number of hosts per port a. On interface FastEthernet 0/4, set the port security maximum MAC count to 1. Switch1(config-if)#switchport port-security maximum 1. b. Disconnect the PC attached to FastEthernet 0/4. Connect PC3to FastEthernet 0/4. PC3 has been given the IP address of 192.168.1.5 and has not yet been attached to the switch. It may be necessary to ping the switch address 192.168.1.2 to generate some traffic. Record any observations. ________________________________________________________

Step 16: Configure the port to shut down if there is a security violation a. In the event of a security violation, the interface should be shut down. To make the port security shutdown, enter the following command: Switch1(config-if)#switchport port-security violation shutdown

What other action options are available with port security? ______________________________ _____________________________________________________________________________ b. If necessary, ping the switch address 192.168.1.2 from the PC3 192.168.1.5. This PC is now connected to interface FastEthernet 0/4. This ensures that there is traffic from the PC to the switch.

All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 8 of 11

CCNA Discovery Introducing Routing and Switching in the Enterprise

c.

Record any observations. Lancar

d. Check the port security settings. Switch1#show port-security Secure Port

MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------Fa0/4 1 1 0 Shutdown ---------------------------------------------------------------------------

Step 17: Show port 0/4 configuration information To see the configuration information for FastEthernet port 0/4 only, enter show interface fastethernet 0/4 at the privileged EXEC mode prompt. Switch1#show interface fastethernet 0/4

Switch1(config)#interface fa0/4 Switch1(config-if)#switchport port-security violation shutdown Switch1(config-if)#show port-security ^ % Invalid input detected at '^' marker. Switch1(config-if)#exit Switch1(config)#exit Switch1# %SYS-5-CONFIG_I: Configured from console by console Switch1#show port-security Switch1#show interface fastethernet 0/4 All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 9 of 11

CCNA Discovery Introducing Routing and Switching in the Enterprise FastEthernet0/4 is up, line protocol is up (connected) Hardware is Lance, address is 00d0.bc9a.9704 (bia 00d0.bc9a.9704) BW 100000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s input flow-control is off, output flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:08, output 00:00:05, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 956 packets input, 193351 bytes, 0 no buffer Received 956 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2357 packets output, 263570 bytes, 0 underruns What is the state of this interface? FastEthernet0/4 is UP and line protocol is UP

Step 18: Reactivate the port a. If a security violation occurs and the port is shut down, use the shutdown / no shutdown commands to reactivate the port. b. Try reactivating this port a few times by switching between the original port 0/4 host and the new one.Plug in the original host, enter the no shutdown command on the interface, and ping using the command prompt. The ping will have to be repeated multiple times; alternately, use the ping 192.168.1.2 –n200 command. This command sets the number of ping packets to 200 instead of 4. Then switch hosts and try again.

Step 19: Disable unused ports Disable any ports not being used on the switch. Switch1(config)#interface range Fa0/2 – 3 Switch1(config-if-range)#shutdown Switch1(config-if-range)#exit Switch1(config)#interface range Fa0/5 – 24 Switch1(config-if-range)#shutdown Switch1(config)#interface range gigabitethernet0/1 - 2 Switch1(config-if-range)#shutdown

All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 10 of 11

CCNA Discovery Introducing Routing and Switching in the Enterprise Step 20: Reflection a. Why would port security be enabled on a switch? Agar bisa di gunakan di akses maka di aktifkan dulu b. Why should unused ports on a switch be disabled? Untuk keamanan karena tidak digunakan jika ada orang yang mau jahat atau jahil bisa kita teramankan dengan disable port.

<<<<<< Tugiyono Merdeka >>>>>>>

All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 11 of 11

Praktek 2 Switch tugiyono 15.240.0187.pdf

switch dan router disediakan di di modul praktek ini. Langkah 1: ... Switch1(config)#enable password cisco. c. ... Use the show running-config command to check.
Download PDF
218KB Sizes 5 Downloads 204 Views
Report

Recommend Documents

saveas pdf Tugiyono XP.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Main menu.
Praktek 4 VLAN tugiyono.pdf
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. ... One RJ-45-to-DB-9 connector console cable to configure the switch.
Praktek 5 Trunk Port Jarkom4.pdf
Three Windows-based PCs with a terminal emulation program ... Device Host Name /. Interface. Fa0/0 or ... Displaying Praktek 5 Trunk Port Jarkom4.pdf. Page 1 ...
Cheap Mini 2 Port AB Sharing Manual Network Ethernet Switch ...
Cheap Mini 2 Port AB Sharing Manual Network Ethernet Switch Splitter Box RJ45 Network-Ethernet.pdf. Cheap Mini 2 Port AB Sharing Manual Network Ethernet ...
EWS Layer 2 Switch Manual 0217.14L.pdf
EWS Layer 2 Switch Manual 0217.14L.pdf. EWS Layer 2 Switch Manual 0217.14L.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying EWS Layer 2 ...
32. modul pembelajaran Praktek Basis Data (MySQL)l.pdf ...
Page 1. Whoops! There was a problem loading more pages. Retrying... Main menu. Displaying 32. modul pembelajaran Praktek Basis Data (MySQL)l.pdf.
Cheap Newest 1Pcs Free Tv Diseqc Switch 4X1 Diseqc Switch ...
Cheap Newest 1Pcs Free Tv Diseqc Switch 4X1 Diseqc ... For Tv Receiver Free Shipping & Wholesale Price.pdf. Cheap Newest 1Pcs Free Tv Diseqc Switch ...
Cheap Diseqc Switch 4X1 Diseqc Switch Satellite Antenna Flat Lnb ...
Cheap Diseqc Switch 4X1 Diseqc Switch Satellite Ante ... For Tv Receiver Free Shipping & Wholesale Price.pdf. Cheap Diseqc Switch 4X1 Diseqc Switch ...
CAPACITANCE LEVEL SWITCH
circuit and relay will be activated. As Capacitance Level Switch has no moving parts inside the device, it will not be affected by friction. It is suitable for powder or liquid application easy to install. The customer can choose the types for his re
CAPACITANCE LEVEL SWITCH
timer in clockwise. The relay will energized after. "Indicator" illuminate for several seconds if set timer more than 0 second. The delay function is suitable for ...
SWITCH eng.pdf
These are mostly SMD components. The processor is in the THT, which will. facilitate the exchange of. Page 3 of 10. SWITCH eng.pdf. SWITCH eng.pdf. Open.
Slide switch plug
#define second_led 13 ​//second LED is connected to 13th pin. #define first_datapin 10 ​//D1 of slide switch is connected to. 10th pin. #define second_datapin ...
Light triggered light switch
Dec 25, 2012 - ee app lcanon e or Comp ete Seam lstory' is actuated by light of su?icient .... Will be used to make this calculation. Where no is 4 pi>
SlidE switch plug
27 Nov 2017 - Product Manual: Slide Switch Plug. Index. Introduction. 2. Specification. 2. Variants. 2. Supported cables: 3. Details. 3. How to interface? 4. Example Codes. 6. Code 1: Arduino. Elint Labz (​www.elintlabz.in​). Page 1 of 7 ...
Switch Guiding Statements.pdf
Children will be supported by healthy school and home environments to switch what they Do,. View, and Chew. • Objectives. – Children will: • Switch up to 60 ...
Simulation of an All-Optical 1 × 2 SMZ Switch with a High Contrast Ratio
backbone behind the Internet due to the huge capacity it offers. As the demand for ... greater bandwidth compared to the traditional copper cables and other .... potentially be adopted for high-speed signal processing and packet routing in ...
Simulation of an All-Optical 1 × 2 SMZ Switch with a High Contrast Ratio
E-mail: {ming-feng.chiang, fary.ghassemlooy, wai-pang.ng @unn.ac.uk}, [email protected]. Abstract— An ... SOAs and a number of 3-dB couplers. Injecting two ... the Virtual Photonics™ simulation software and its inter- output CR is ...
Cheap G-Box 4X1 Diseqc Switch Satellites Fta Tv Lnb Switch For ...
Cheap G-Box 4X1 Diseqc Switch Satellites Fta Tv Lnb S ... atellite Receiver Free Shipping & Wholesale Price.pdf. Cheap G-Box 4X1 Diseqc Switch Satellites Fta ...
Grove - Magnetic Switch v1.3.sch - GitHub
Page 1. 1. 2. 3. 4. 1. 1. 2. 2. A. B. C. D. 1. 2. 3. 4. 5. 6. A. B. C. D. 1. 2. 3. 4. 5. 6.
ZL7432-In-Wall-Switch-Manual.pdf
Thanks for choosing the Vision's In-Wall Switch module of the home automation device. This module is a Z-WaveTM enabled device (interoperable, two-way RF ...
brocade switch commands pdf
Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. brocade switch commands pdf. brocade switch commands pdf.
Grove - Tilt Switch v1.1 PDF File - GitHub
Page 1. SeeedStudio. TITLE: Grove — Tilt Switch v1.1. Design: Check: Date: 2814/7/11 17:85:12. Uision: Sheet: 1/2. 5. 6.
DIY RFID car starter kill switch schematic-2.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. DIY RFID car ...