| 11.1.10 Packet Tracer – Implement Port Security – Instructions Answer | 您所在的位置:网站首页 › ccnasecurityPT › 11.1.10 Packet Tracer – Implement Port Security – Instructions Answer |
11.1.10 Packet Tracer – Implement Port Security – Instructions Answer
11.1.10 Packet Tracer – Implement Port Security (Instructor Version) 11.1.10 Packet Tracer – Implement Port Security Addressing TableDeviceInterfaceIP AddressSubnet MaskS1VLAN 110.10.10.2255.255.255.0PC1NIC10.10.10.10255.255.255.0PC2NIC10.10.10.11255.255.255.0Rogue LaptopNIC10.10.10.12255.255.255.0ObjectivePart 1: Configure Port SecurityPart 2: Verify Port SecurityBackgroundIn this activity, you will configure and verify port security on a switch. Port security allows you to restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. Step 1: Configure Port Securitya. Access the command line for S1 and enable port security on Fast Ethernet ports 0/1 and 0/2. S1(config)# interface range f0/1 – 2 S1(config-if-range)# switchport port-securityb. Set the maximum so that only one device can access the Fast Ethernet ports 0/1 and 0/2. S1(config-if-range)# switchport port-security maximum 1c. Secure the ports so that the MAC address of a device is dynamically learned and added to the running configuration. S1(config-if-range)# switchport port-security mac-address stickyd. Set the violation mode so that the Fast Ethernet ports 0/1 and 0/2 are not disabled when a violation occurs, but a notification of the security violation is generated and packets from the unknown source are dropped. S1(config-if-range)# switchport port-security violation restricte. Disable all the remaining unused ports. Use the range keyword to apply this configuration to all the ports simultaneously. S1(config-if-range)# interface range f0/3 - 24 , g0/1 - 2 S1(config-if-range)# shutdownStep 2: Verify Port Securitya. From PC1, ping PC2. b. Verify that port security is enabled and the MAC addresses of PC1 and PC2 were added to the running configuration. S1# show run | begin interfacec. Use port-security show commands to display configuration information. S1# show port-security S1# show port-security addressd. Attach Rogue Laptop to any unused switch port and notice that the link lights are red. e. Enable the port and verify that Rogue Laptop can ping PC1 and PC2. After verification, shut down the port connected to Rogue Laptop. f. Disconnect PC2 and connect Rogue Laptop to F0/2, which is the port to which PC2 was originally connected. Verify that Rogue Laptop is unable to ping PC1. g. Display the port security violations for the port to which Rogue Laptop is connected. S1# show port-security interface f0/2How many violations have occurred? There should be a violation count of at least four, one for each ping request. h. Disconnect Rouge Laptop and reconnect PC2. Verify PC2 can ping PC1. Why is PC2 able to ping PC1, but the Rouge Laptop is not? The port security that was enabled on the port only allowed the device, whose MAC was learned first, access to the port while preventing all other devices access. Download Packet Tracer (.pka) file: 11.1.10 Packet Tracer - Implement Port Security.pka
565.47 KB
3439 downloads...DownloadPrevious Lab9.3.3 Packet Tracer – HSRP Configuration Guide Next Lab 11.6.1 Packet Tracer – Switch Security Configuration |
【本文地址】
| 今日新闻 |
| 推荐新闻 |
| 专题文章 |