Packet Tracer – Configuring SSH Instructions Answers.

 

TOPOLOGI


Addressing Table



Objectives

Part 1: Secure Passwords

Part 2: Encrypt Communications

Part 3: Verify SSH Implementation

Background

SSH should replace Telnet for management connections. Telnet uses insecure plain text communications. SSH provides security for remote connections by providing strong encryption of all transmitted data between devices. In this activity, you will secure a remote switch with password encryption and SSH.


Part 1: Secure Passwords

a. Using the command prompt on PC1, Telnet to S1. The user EXEC and privileged EXEC password is cisco.

Packet Tracer PC Command Line 1.0
PC>telnet 10.10.10.2
Trying 10.10.10.2 …Open
User Access Verification
Password:
S1>en
Password:
S1#

b. Save the current configuration so that any mistakes you might make can be reversed by toggling the power for S1.

S1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]

c. Show the current configuration and note that the passwords are in plain text. Enter the command that encrypts plain text passwords.

S1#show running-config
……..
hostname S1
!
enable password cisco
!
line con 0
!
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login

S1#conf ter
S1(config)#service password-encryption

d. Verify that the passwords are encrypted.

S1#show running-config
Building configuration…
!
hostname S1
!
enable password 7 0822455D0A16

!
line con 0
!
line vty 0 4
password 7 0822455D0A16
login
line vty 5 15
password 7 0822455D0A16
login

Part 2: Encrypt Communications

Step 1: Set the IP domain name and generate secure keys.

It is generally not safe to use Telnet, because data is transferred in plain text. Therefore, use SSH whenever it is available.

a. Configure the domain name to be netacad.pka.

S1(config)#ip domain-name netacad.pka

b. Secure keys are needed to encrypt the data. Generate the RSA keys using a 1024 key length.

S1(config)#crypt key generate rsa
How many bits in the modulus [512]: 1024

Step 2: Create an SSH user and reconfigure the VTY lines for SSH-only access.

a. Create an administrator user with cisco as the secret password.

S1(config)#username administrator secret cisco

b. Configure the VTY lines to check the local username database for login credentials and to only allow SSH for remote access. Remove the existing vty line password.

S1(config)#line vty 0 15
S1(config-line)#login local
S1(config-line)#transport input ssh
S1(config-line)#no password cisco

Part 3: Verify SSH Implementation

a. Exit the Telnet session and attempt to log back in using Telnet. The attempt should fail.

PC>telnet 10.10.10.2
Trying 10.10.10.2 …Open

[Connection to 10.10.10.2 closed by foreign host]

b. Attempt to log in using SSH. Type ssh and press Enter without any parameters to reveal the command usage instructions. Hint: The -l option is the letter “L”, not the number 1.

c. Upon successful login, enter privileged EXEC mode and save the configuration. If you were unable to successfully access S1, toggle the power and begin again at Part 1.

PC>ssh -l administrator 10.10.10.2
Open
Password:

Password:

 Packet Tracer – Configuring Switch Port Security Instructions

 

Packet Tracer – Configuring Switch Port Security

Addressing Table

Objective

Part 1: Configure Port Security

Part 2: Verify Port Security

Background

In this activity, you will configure and verify port security on a switch. Port security allows you to restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port.

Part 1: Configure Port Security

a. Access the command line for S1 and enable port security on Fast Ethernet ports 0/1 and 0/2.

b. Set the maximum so that only one device can access the Fast Ethernet ports 0/1 and 0/2.

c. Secure the ports so that the MAC address of a device is dynamically learned and added to the running configuration.

d. Set the violation so that the Fast Ethernet ports 0/1 and 0/2 are not disabled when a violation occurs, but packets are dropped from an unknown source.

e. Disable all the remaining unused ports. Hint: Use the range keyword to apply this configuration to all the ports simultaneously.

Part 2: Verify Port Security

a. From PC1, ping PC2.

b. Verify port security is enabled and the MAC addresses of PC1 and PC2 were added to the running configuration.

c. Attach Rogue Laptop to any unused switch port and notice that the link lights are red.

d. Enable the port and verify that Rogue Laptop can ping PC1 and PC2. After verification, shut down the port connected to Rogue Laptop.

e. Disconnect PC2 and connect Rogue Laptop to PC2’s port. Verify that Rogue Laptop is unable to ping PC1.

f. Display the port security violations for the port Rogue Laptop is connected to.

g. Disconnect Rouge Laptop and reconnect PC2. Verify PC2 can ping PC1.

h. Why is PC2 able to ping PC1, but the Rouge Laptop is not?

The port security that was enabled on the port only allowed the device, whose MAC was learned first, access to the port while preventing all other devices access.

Instructions

Show MAC address on PC: ipconfig /all

S1(config)#int fa0/1
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 1
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security mac-address sticky 00E0.B027.2245
S1(config-if)#switchport port-security violation restrict
S1(config-if)#exit

S1(config)#int fa0/2
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 1
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security mac-address sticky 0001.647C.697E
S1(config-if)#switchport port-security violation restrict
S1(config-if)#exit

S1(config)#int range fa0/3-24
S1(config-if-range)#shutdown
S1(config-if-range)#int range gi0/1-2
S1(config-if-range)#shutdown
S1(config-if-range)#end

S1#show port-security interface fa 0/1.


Packet Tracer – Troubleshooting Switch Port Security Instructions Answers.

Packet Tracer – Troubleshooting Switch Port Security

Scenario

The employee who normally uses PC1 brought his laptop from home, disconnected PC1 and connected the laptop to the telecommunication outlet. After reminding him of the security policy that does not allow personal devices on the network, you now must reconnect PC1 and re-enable the port.

Requirements

· Disconnect Home Laptop and reconnect PC1 to the appropriate port.
– When PC1 was reconnected to the switch port, did the port status change? No
– Enter the command to view the port status. What is the state of the port?

S1#show interfaces fa0/1
FastEthernet0/1 is administratively down, line protocol is down (disabled)

– Which port security command enabled this feature?

S1(config-if)#switchport port-security violation shutdown

· Enable the port using the necessary command.

S1(config)#in fastEthernet 0/1
S1(config-if)#no shutdown

· Verify connectivity. PC1 should now be able to ping PC2.

Suggested Scoring Rubric

Packet Tracer scores 90 points. Answers to the questions are worth 10 points.


CONFIGURING OSPFV2 PADA CISCO PACKET TRACER

Pengertian OSPFv2

OSPF (Open Shortest Path First) adalah sebuah routing protocol standart terbuka yang telah banyak diimplementasikan oleh sejumlah vendor telekomunikasi dunia.OSPF memiliki sebuah Autonomous System (AS) yang berfungsi untuk mengelompokkan router-router yang akan berada dalam satu kendali dan satu strategi routing yang sama.

OSPF pertama kali dikembangkan pada tahun 1987 oleh Internet Engineering Task Force (IETF) dan yang pertama kali dipublikasikan adalah OSPFv1 pada tahun 1989. Pada tahun 1991 OSPFv2 mulai dipublikasikan oleh John Moy melalui RFC1247 dan juga selalu disempurnakan.

Karakteristik OSPF

  1. Merupakan routing protocol jenis link-state, sehingga setiap router memilik data atau gambaran topologi yang ada pada jaringan.
  1. Menggunakan Hello Packet untuk mengetahui keberadaan neighbor router (router tetangga).
  1. Routing update hanya dikirimkan apabila ada perubahan dalam jaringan dan dikirim secara multicast.

 

Langkah Pertama yaitu buatlah sebuah simulasi seperti pada gambar dibawah ini.

Klik pada salah satu router, disini saya memilih Router1 untuk mengawali pengkonfigurasiankemudian lakukan konfigurasi pada Router1 seperti cara berikut ini :

Router>en
Router#conf t
Router(config)#host R1
R1(config)#int g0/0
R1(config-if)#ip add 172.16.1.2 255.255.255.0
R1(config-if)#
R1(config-if)#no sh
R1(config-if)#int s0/0/0
R1(config-if)#ip add 172.16.3.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#int s0/0/1
R1(config-if)#ip add 192.168.10.5 255.255.255.252
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#router ospf 10
R1(config-router)#router-id 1.1.1.1
R1(config-router)#net 172.16.1.0 0.0.0.255 area 10
R1(config-router)#net 172.16.3.0 0.0.0.3 area 10
R1(config-router)#net 192.168.10.0 0.0.0.3 area 10
R1(config-router)#

Setelah itu Konfigurasi pada Router2

Router>en
Router#conf t
Router(config)#host R2
R2(config)#int g0/0
R2(config-if)#ip add 172.16.2.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#int s0/0/0
R2(config-if)#ip add 172.16.3.1 255.255.255.252
R2(config-if)#no shut
R2(config-if)#int s0/0/1
R2(config-if)#ip add 192.168.10.5 255.255.255.252
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#router ospf 10
R2(config-router)#router-id 2.2.2.2
R2(config-router)#net 172.16.1.0 0.0.0.255 area 10
R2(config-router)#net 172.16.3.0 0.0.0.3 area 10
R2(config-router)#net 192.168.10.0 0.0.0.3 area 10
R2(config-router)#

Konfigurasi pada Router3

Router>enable
Router#conf t
Router(config)#host R3
R3(config)#int g0/0
R3(config-if)#ip add 192.168.1.2 255.255.255.0
R3(config-if)#no sh
R3(config-if)#int s0/0/0
R3(config-if)#ip add 172.16.3.1 255.255.255.252
R3(config-if)#no shut
R3(config-if)#int s0/0/1
R3(config-if)#ip add 192.168.10.5 255.255.255.252
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#router ospf 10
R3(config-router)#router-id 3.3.3.3
R3(config-router)#net 172.16.1.0 0.0.0.255 area 10
R3(config-router)#net 172.16.3.0 0.0.0.3 area 10
R3(config-router)#net 192.168.10.0 0.0.0.3 area 10
R3(config-router)#

 

Addressing Table

DEVICEINTERFACEADDRESSSUBNET MASKDEFAULT GATEWAY
Pc 1Nic172.16.1.2255.255.255.0172.16.1.1
Pc 2Nic172.16.2.2255.255.255.0172.16.2.1
Pc 3Nic192.168.1.2255.255.255.0192.168.1.1
R1Gig0/0172.16.1.0
R1S0/0/1192.168.10.5255.255.255.252
R2Gig0/0172.16.2.0
R2S0/0/1192.168.10.5255.255.255.252
R3Gig0/0192.168.1.0
R3S0/0/1192.168.10.5255.255.255.252

 Hasilnya


















Komentar

Posting Komentar

Postingan populer dari blog ini

cloud computing pertemuan 4

nama :  farhan januariansah  nim : 13190296 tugas pertemuan 4   1. Yang termasuk tiga aspek manajemen sumber daya awan (Cloud Computing): a. Keamanan TI b. Kinerja manajemen c. Provisioning d. Kinerja Tim e. a, b dan c benar 2. Berisi tentang bagaimana layanan perangkat lunak berjalan efektif didalam lingkungan sendiri (PC sendiri) ataupun melalui awan (Cloud). Merupakan pengertian dari……….. a. Manajemen Kinerja b. Jasa Manajemen c. Manejemen Resiko d. Manajemen SDM e. Jasa Kinerja 3. Yang termasuk Layanan manajemen mencakup berbagai disiplin, yaitu: a. Konfigurasi manajemen b. Aset Manajemen c. Jaringan manajemen d. Kapasitas perencanaan e. Semua Benar 4. Yang termasuk manajemen pengelolaan a. Manajemen Resiko b. Mengelola beban kerjadi Awan (cloud) c. Jasa pengelolaan d. Jasa kerja e. Resiko manajemen 5. Semua departemen IT memonitor biaya, tetapi hanya sedikit dari “mereka” yang memantau dalam hal asset kinerja-keharusan untuk mengoptimalkan hasil investasi baik untuk ...
Baca selengkapnya

tugas pertumuan 2 (CHARACTERBULDING BSI)

  NAMA : FARHAN JANUARIANSAH NIM : 13190296 KELAS : 13.4A.11 SOAL DAN JAWABAN  1. TANDA ORANG SUDAH MENERIMA DIRINYA ADALAH ............ A. PIKIRIAN MENJADI JERNIH  B. TIDAK PERCAYA DIRI  C. TIDAK OPTIMIS  D. SENSITIV E. SEMUA SALAH 2. YANG TERMASUK DARI DEFINSI MENERIMA DIRI ADALAH.......... A. SIKAP MEMBENCI DIRI DAN BERLAKU PASIF  B. MEMPERLAKUKAN DIRI ADANYA TANDA USAHA MEMPERBAIKI DIRI  C. PERILAKU MENURUT DIRI SENDIRI SEPERTI ORANG LAIN D. SIKAP MEMANDANG DIRI SENDIRI DAN MEMPERLAKUKAAN NYA DENGAN BAIK E. SEMUA J AWABAN BENAR 3. MEMBACA BUKU PENGEMBANGAAN DIRIMERUPAKAN SALAH DARI : A. CARA MENERIMA DIRI  B. MANFAAT MENERIMA DIRI C. PENTING MENERIMA DIRI D. MENOLAK  DIRI SENDIRI  E. MENGAPA HARUS MENERIMA DIRI 4. BERIKUT INI ADALAH CONTOH PERILAKU YANG TIDAK SESUAI DALAM  MENERIMA DIRI SENDIRI: A. MENYUKAI DIRI SENDIRI APAPUN BENTUKNYA  B. SELALU INGIN MENGEMBANGKAN DIRI  C. MEMANDANG DIRI RENDAH D. BERUSAHA UNTUK MAJ...
Baca selengkapnya
Gambar
contoh program java dengan if else  1.  if else  contoh program :  > script  program  package percabangan; public class Percabangan {     public static void main(String[] args) {         // TODO code application logic here         int x=10;         switch (x){             case 1:                 System.out.println("nilai x = 1");                 break;             case 2:                 System.out.println("nilai x = 2");                 break;             case 3:                 System.out.println("nilai x = 3");                 break;       ...
Baca selengkapnya