Scribd
Upload
11 views

Vlan SSH Configure

The document describes steps to configure basic settings and security on routers and switches. This includes configuring device hardening, SSH, interfaces, VLANs, trunking, SVIs, and default routing. Subinterfaces are configured on the router with IPv4 and IPv6 addressing. The switches have VLANs, trunking, port-channels, and unused ports configured.

Uploaded by

Дмирий Мысов
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
11 views

Vlan SSH Configure

The document describes steps to configure basic settings and security on routers and switches. This includes configuring device hardening, SSH, interfaces, VLANs, trunking, SVIs, and default routing. Subinterfaces are configured on the router with IPv4 and IPv6 addressing. The switches have VLANs, trunking, port-channels, and unused ports configured.

Uploaded by

Дмирий Мысов
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 7

Step 1: Configure R1 Basic Settings and Device Hardening

a. Configure basic settings.

Prevent the router from attempting to resolve incorrectly entered commands as


domain names.
Configure the R1 hostname.
Configure an appropriate MOTD banner.

Router(config)#no ip domain lookup


Router(config)#hostname R1
R1(config)#banner motd #Unauthorized Acess is Prohibited#

b. Configure password security.

Configure the console password and enable connections.


Configure an enable secret password.
Encrypt all clear text passwords.
Set the minimum length of newly created passwords to 10 characters.

R1(config)#line console 0
R1(config-line)#password ciscoconpass
R1(config-line)#login
R1(config-line)#exit

R1(config)#enable secret ciscoenpass

R1(config)#service password-encryption

R1(config)#security passwords min-length 10

c. Configure SSH.
1) Create an administrative user in the local user database.

Username: admin
Encrypted Password: admin1pass
2) Configure the domain name as ccna-ptsa.com
3) Create an RSA crypto key with a modulus of 1024 bits.
4) Ensure that more secure version of SSH will be used.
5) Configure the vty lines to authenticate logins against the local user database.
6) Configure the vty lines to only accept connections over SSH.

R1(config)#username admin secret admin1pass

R1(config)#ip domain name ccna-ptsa.com

R1(config)#crypto key generate rsa


1024

R1(config)#ip ssh version 2

R1(config)#line vty 0 15
R1(config-line)#login local
R1(config-line)#transport input ssh
R1(config-line)#exit
Step 2: Configure router interfaces.
a. Configure R1 with a loopback interface. Configure the loopback0 with IPv4 and
IPv6 addressing according to the addressing table.

R1(config)#interface Loopback 0
R1(config-if)#description Loopback
R1(config-if)#ip address 209.165.201.1 255.255.255.224
R1(config-if)#ipv6 address 2001:db8:acad:209::1/64
R1(config-if)#ipv6 address fe80::1 link-local
R1(config-if)#exit
b. Configure Router Subinterfaces

Prepare the router to be configured with IPv6 addresses on its interfaces.


Use the information in the Addressing Table and VLAN Table to configure
subinterfaces on R1:
Interfaces should be configured with IPv4 and IPv6 addressing.
All addressed interfaces should use fe80::1 as the link local address.
Use the VLAN table to assign VLAN membership to the subinterfaces.
Be sure to configure the native VLAN interface.
Configure descriptions for all interfaces.
R1(config)#ipv6 unicast-routing

R1(config)#interface g0/0/1.2
R1(config-subif)#encapsulation dot1Q 2
R1(config-subif)#description Bikes
R1(config-subif)#ip address 10.19.8.1 255.255.255.192
R1(config-subif)#ipv6 address 2001:db8:acad:a::1/64
R1(config-subif)#ipv6 address fe80::1 link-local

R1(config-subif)#interface g0/0/1.3
R1(config-subif)#encapsulation dot1Q 3
R1(config-subif)#description Trikes
R1(config-subif)#ip address 10.19.8.65 255.255.255.224
R1(config-subif)#ipv6 address 2001:db8:acad:b::1/64
R1(config-subif)#ipv6 address fe80::1 link-local

R1(config-subif)#interface g0/0/1.4
R1(config-subif)#encapsulation dot1Q 4
R1(config-subif)#description Management
R1(config-subif)#ip address 10.19.8.97 255.255.255.248
R1(config-subif)#ipv6 address 2001:db8:acad:c::1/64
R1(config-subif)#ipv6 address fe80::1 link-local

R1(config-subif)#interface g0/0/1.6
R1(config-subif)#encapsulation dot1Q 6 native
R1(config-subif)#description Native

R1(config)#interface g0/0/1
R1(config-if)#no shutdown

Step 3: Configure S1 and S2 with Basic Settings and Device Hardening.


Configuration tasks for the switches S1 and S2 include the following:
a. Configure Basic Settings on S1 and S2

Prevent the switches from attempting to resolve incorrectly entered commands as


domain names.int
Configure the S1 or S2 hostname.
Configure an appropriate MOTD banner on both switches.

Switch1(config)#no ip domain lookup


Switch1(config)#hostname S1
S1(config)#banner motd #Unauthorized Access is Prohibitted!#
Switch2(config)#no ip domain lookup
Switch2(config)#hostname S2
S2(config)#banner motd #Unauthorized Access is Prohibitted!#

b. Configure Device Hardening on S1 and S2

1) Configure the console password and enable connections.


2) Configure an enable secret password.
3) Encrypt all clear text passwords.

S1(config)#line console 0
S1(config-line)#password ciscoconpass
S1(config-line)#login
S1(config-line)#exit

S1(config)#enable secret ciscoenpass

S1(config)#service password-encryption
S2(config)#line console 0
S2(config-line)#password ciscoconpass
S2(config-line)#login
S2(config-line)#exit

S2(config)#enable secret ciscoenpass

S2(config)#service password-encryption

c. Configure SSH on S1 and S2

Create an administrative user in the local user database.


Username: admin
Password: admin1pass
Configure the domain name as ccna-ptsa.com
Create an RSA crypto key with a modulus of 1024 bits.
Ensure that more secure version of SSH will be used.
Configure the vty lines to authenticate logins against the local user database.
Configure the vty lines to accept connections over SSH only.

S1(config)#username admin secret admin1pass

S1(config)#ip domain name ccna-ptsa.com

S1(config)#crypto key generate rsa


1024

S1(config)#ip ssh version 2


S1(config)#line vty 0 15
S1(config-line)#login local
S1(config-line)#transport input ssh
S1(config-line)#exit
S2(config)#username admin secret admin1pass

S2(config)#ip domain name ccna-ptsa.com

S2(config)#crypto key generate rsa


1024

S2(config)#ip ssh version 2

S2(config)#line vty 0 15
S2(config-line)#login local
S2(config-line)#transport input ssh
S2(config-line)#exit

Step 4: Configure SVIs on S1 and S2


Configure the SVI on both switches.

a. Use the information in the Addressing Table to configure SVIs on S1 and S2 for
the Management VLAN.
b. Configure the switch so that the SVI can be reached from other networks over the
Management VLAN.

S1(config)#interface vlan 4
S1(config-if)#ip address 10.19.8.98 255.255.255.248
S1(config-if)#description Management Interface
S1(config-if)#no shutdown
S1(config-if)#exit

S1(config)#ip default-gateway 10.19.8.97


S2(config)#interface vlan 4
S2(config-if)#ip address 10.19.8.99 255.255.255.248
S2(config-if)#description Management Interface
S2(config-if)#no shutdown
S2(config-if)#exit

S2(config)#ip default-gateway 10.19.8.97


Part 3: Configure Network Infrastructure Settings (VLANs, Trunking, EtherChannel)
On S1 and S2, Configure the following.

Step 1: Configure VLANs and Trunking.


a. Create the VLANs according to the VLAN table.
b. Create 802.1Q VLAN trunks on ports F0/1 and F0/2. On S1, F0/5 should also be
configured as a trunk. Use VLAN 6 as the native VLAN.

S1(config)#vlan 2
S1(config-vlan)#name Bikes
S1(config-vlan)#vlan 3
S1(config-vlan)#name Trikes
S1(config-vlan)#vlan 4
S1(config-vlan)#name Management
S1(config-vlan)#vlan 5
S1(config-vlan)#name Parking
S1(config-vlan)#vlan 6
S1(config-vlan)#name Native

S1(config)#interface range f0/1-2


S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport trunk native vlan 6
S1(config-if-range)#switchport trunk allowed vlan 2,3,4,5,6
S1(config-if-range)#exit

S1(config)#interface f0/5
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk native vlan 6
S1(config-if)#switchport trunk allowed vlan 2,3,4,5,6
S1(config-if)#exit
S2(config)#vlan 2
S2(config-vlan)#name Bikes
S2(config-vlan)#vlan 3
S2(config-vlan)#name Trikes
S2(config-vlan)#vlan 4
S2(config-vlan)#name Management
S2(config-vlan)#vlan 5
S2(config-vlan)#name Parking
S2(config-vlan)#vlan 6
S2(config-vlan)#name Native

S2(config)#interface range f0/1-2


S2(config-if-range)#switchport mode trunk
S2(config-if-range)#switchport trunk native vlan 6
S2(config-if-range)#switchport trunk allowed vlan 2,3,4,5,6
S2(config-if-range)#exit

Step 2: Configure Etherchannel.


Create Layer 2 EtherChannel port group 1 that uses interfaces F0/1 and F0/2 on S1
and S2. Both ends of the channel should negotiate the LACP link.

S1(config)#interface range f0/1-2


S1(config-if-range)#channel-group 1 mode active
S1(config-if-range)#interface port-channel 1
S1(config-if-range)#exit
S2(config)#interface range f0/1-2
S2(config-if-range)#channel-group 1 mode active
S2(config-if-range)#interface port-channel 1
S2(config-if-range)#exit

Step 3: Configure Switchports.


a. On S1, configure the port that is connected to the host with static access mode
in VLAN 2.
b. On S2, configure the port that is connected to the host with static access mode
in VLAN 3.
c. Configure port security on the S1 and S2 active access ports to accept only
three learned MAC addresses.
d. Assign all unused switch ports to VLAN 5 on both switches and shut down the
ports.
e. Configure a description on the unused ports that is relevant to their status.
S1(config)#interface f0/6
S1(config-if)#description host
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 2
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 3

S1(config)#interface range f0/3-4, f0/7-24, g0/1-2


S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 5
S1(config-if-range)#description Unused Interfaces
S1(config-if-range)#shutdown
S2(config)#interface f0/18
S2(config-if)#switchport mode access
S2(config-if)#switchport port-security
S2(config-if)#switchport access vlan 3
S2(config-if)#switchport port-security maximum 3

S2(config)#interface range f0/3-17, f0/19-24, g0/1-2


S2(config-if-range)#switchport mode access
S2(config-if-range)#switchport access vlan 5
S2(config-if-range)#description Unused Interfaces
S2(config-if-range)#shutdown

Part 4: Configure Host Support


Step 1: Configure Default Routing on R1
Use Console cable to re-conntect PC and Router, enter password ciscoconpass and
ciscoenpass to login router

a. Configure an IPv4 default route that uses the Lo0 interface as the exit
interface.
b. Configure an IPv6 default route that uses the Lo0 interface as the exit
interface.

R1(config)#ip route 0.0.0.0 0.0.0.0 loopback 0


R1(config)#ipv6 route ::/0 loopback 0

Step 2: Configure IPv4 DHCP for VLAN 2


a. On R1, create a DHCP pool called CCNA-A that consists of the last 10 host
addresses in the VLAN 2 subnet only.
b. Configure the correct default gateway address in the pool.
c. Configure the domain name of ccna-a.net.

R1(config)#ip dhcp excluded-address 10.19.8.1 10.19.8.52


R1(config)#ip dhcp pool CCNA-A
R1(dhcp-config)#network 10.19.8.0 255.255.255.192
R1(dhcp-config)#default-router 10.19.8.1
R1(dhcp-config)#domain-name ccna-a.net
R1(dhcp-config)#exit

Step 3: Configure IPv4 DHCP for VLAN 3


a. On R1, create a DHCP pool called CCNA-B that consists of the last 10 host
addresses in the VLAN 3 subnet only.
b. Configure the correct default gateway address in the pool.
c. Configure the domain name of ccna-b.net.

R1(config)#ip dhcp excluded-address 10.19.8.65 10.19.8.84


R1(config)#ip dhcp pool CCNA-B
R1(dhcp-config)#network 10.19.8.64 255.255.255.224
R1(dhcp-config)#default-router 10.19.8.65
R1(dhcp-config)#domain-name ccna-b.net
R1(dhcp-config)#exit

Step 4: Configure host computers.


a. Configure the host computers to use DHCP for IPv4 addressing.
b. Statically assign the IPv6 GUA and default gateway addresses using the values in
the Addressing Table.

You might also like