Packet Tracer - Comprehensive Skills Practice
Address Allocation Table
| equipment |
interface |
IP address |
subnet mask |
| S1 |
VLAN 1 |
10.10.10.2 |
255.255.255.0 |
| PC1 |
NIC |
10.10.10.10 |
255.255.255.0 |
| PC2 |
NIC |
10.10.10.11 |
255.255.255.0 |
Scenes
Your network administrator has asked you to configure a new switch. In this exercise, you will use a series of requirements to configure the initial setup, SSH, and port security of a new switch.
Topology
Require
· Configure S1 with the following initial settings :
-hostname _
S1(config)#hostname S1
- Banners containing the word warning
S1(config)#banner motd #Warning,unauthorized access is prohibited#
- console port login and password cisco
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
-encrypted enable cipher class
S1(config)#enable secret class
- Encrypted plain text password
S1(config)#service password-encryption
-Management interface addressing
· Configure SSH-secured remote access with the following settings:
-Domain name cisco.com
S1(config)#ip domain-name cisco.com
- RSA key pair parameters to support SSH version 2
S1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
- Set SSH version 2
S1(config)#ip ssh version 2
- user admin , encrypted password ccna
S1(config)#username admin secret ccna
- VTY line only accepts SSH connections and uses local login for authentication
S1(config-line)#line vty 0 4
S1(config-line)#login local
S1(config-line)#transport input ssh
· Configure port security features to restrict network access:
- Disable all unused ports.
S1(config-if-range)#interface range f0/3-24,g0/1-2
S1(config-if-range)#shutdown
- Set the interface mode to access.
S1(config)#interface range f0/1-2
S1(config-if-range)#switchport mode access
-Enable port security to only allow two hosts per port.
S1(config-if-range)#switchport port-security
S1(config-if-range)#switchport port-security maximum 2
- Record the MAC address in the running configuration.
S1(config-if-range)#switchport port-security mac-address sticky
- Ensure ports are disabled when port violations occur.
S1(config-if-range)#switchport port-security violation shutdown
Experimental steps:
S1:
Switch>en
Switch#conf
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#banner motd #Warning,unauthorized access is prohibited#
S1(config)#service password-encryption
S1(config)#enable secret class
S1(config)#username admin secret ccna
S1(config)#ip domain-name cisco.com
S1(config)#crypto key generate rsa
The name for the keys will be: S1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
S1(config)#ip ssh version 2
S1(config)#interface range f0/1-2
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport port-security
S1(config-if-range)#switchport port-security maximum 2
S1(config-if-range)#switchport port-security mac-address sticky
S1(config-if-range)#switchport port-security violation shutdown
S1(config-if-range)#interface range f0/3-24,g0/1-2
S1(config-if-range)#shutdown%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/7, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/9, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/16, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/21, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/23, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administratively down
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
S1(config-if-range)#interface vlan 1
S1(config-if)#ip add 10.10.10.2 255.255.255.0
S1(config-if)#no shutdownS1(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
S1(config-if)#exit
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line vty 0 4
S1(config-line)#login local
S1(config-line)#transport input ssh
S1(config-line)#endS1#
%SYS-5-CONFIG_I: Configured from console by console
S1#wr
Building configuration...
[OK]
S1#
Experiment link : https://pan.baidu.com/s/1j1PGnOLBkq0va-WegRgzoA?pwd=5312
Extraction code: 5312
--Sharing from Baidu Netdisk super member V2