Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
45 views4 pages

Lab5+6 nwc303

Uploaded by

Do Nguyen Phuc (K16 DN)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
45 views4 pages

Lab5+6 nwc303

Uploaded by

Do Nguyen Phuc (K16 DN)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Addressing Table

Device Interface Address and Prefix

[[R1]] G0/0/0 192.X.1.1/24


[[R1_name]] G0/0/0

[[R1_name]] G0/0/0

[[R1_name]] G0/0/1 192.X.2.1/24


[[R1_name]] G0/0/1

[[R1_name]] G0/0/1

[[R1_name]] G0/0/2 10.1.0.1/30


[[R1_name]] G0/0/2

[[R1_name]] G0/0/2

[[R1_name]] S0/1/0 10.2.0.1/30


S0/1/0
[[R1_name]]
S0/1/0
[[R1_name]]
[[R1_name]]
[[R1_name]]

[[R2]] G0/0/0.10 192.X.10.1/24


G0/0/0.100 192.X.100.1/24
[[R3_name]] G0/0/0.5 192.X.5.1/24
[[R3_name]] G0/0/1 10.3.0.2/30
G0/0/1

[[R3_name]]
[[R3_name]] S0/1/0 10.2.0.2/30
S0/1/0

[[R3_name]]
[[R3]] G0/0/0 10.1.0.2/30
[[Cld_router-name]]
G0/0/0
[[Cld_router-name]]
[[Cld_router-name]] G0/0/1 10.3.0.1/30
G0/0/1
G0/0/2 10.100.0.2/30
WLC management 192.168.100.254
WLC-10
WLAN 10 192.168.10.254/24
WLAN 5 192.168.5.254/24
[[Web_name]] NIC 203.0.113.25
[[Web_name]] NIC

DNS Server NIC 198.51.100.163


DNS Server NIC
Device Interface Address and Prefix

Admin PC NIC 192.168.100.23


Wireless Host NIC DHCP
RADIUS server NIC 192.168.100.10/24
PC0 NIC 192.X.1.10/24
[[Host 1_name]] NIC

PC1 NIC 192.X.1.11/24


[[Host 2_name]] NIC

PC2 NIC 192.X.2.20/24


[[Host 3_name]] NIC

Home-Router NIC 192.X.2.11/24


[[Host 4_name]] NIC

Part 1: Configure Switch Security ( on R1)


In this part of the assessment you will configure switch [[Switch0]] with switch security features. Switch ports
FastEthernet0/1 to FastEthernet0/6 are the active switch ports. Port GigabitEthernet0/1 is a dedicated link to
router [[R1]]. All other ports should be secured.

Step 1: Configure VLANs, Home router


a. Configure VLAN 11 with name users.
b. Configure VLAN 999 with the name unused.
c. Configure IP address for PC and home router,
d. Configure laptop 0 connect to home router with parameters ( SSID: Future, Security: WPA Personal,Pass:
ACBHn123, Mode: Mixed, Channel: 1,Local IP: 10.0.2.0/24)

Step 2: Configure active switch ports ( switch 0).


On the active switch ports configure the following:
a. Configure FastEthernet 0/1 through 0/6 and GigabitEthernet 0/1 as static access ports in VLAN 11.
b. Activate port security on the ports.
1) Configure the active ports to accept a maximum of 4 MAC addresses.
2) If a violation occurs, configure the ports to drop frames from the unauthorized MAC address, log it,
and send an alert.
3) MAC addresses should be present in the MAC address table for a maximum of 10 minutes before
they are removed.
4) Ports should add the learned MAC addresses to the running configuration.
5) Configure the MAC address of PC0 as a static address on port FastEthernet0/2.
c. Protect against DHCP snooping.
1) Activate DHCP snooping globally.
2) Activate DHCP snooping for the two VLANs that you configured.
3) Configure the ports to limit the rate to 5 DHCP packets per second.
4) Configure the port that links to the router as trusted.
d. Guard against ARP attacks by implementing DAI.
1) Activate DAI globally.
2) Activate DAI on the two VLANs.
3) Configure the port that links to the router as trusted.
e. Mitigate STP attacks by configuring BPDUguard and PortFast on the active ports.

Step 3: Secure unused switch ports.


a. Move all unused switch ports to VLAN 999.
b. Configure all unused switch ports as static access ports.
c. Deactivate all unused switch ports.

Part 2: Configure Addressing and DHCP


You will configure DHCP and interface addressing on router R2 to prepare for implementing the wireless LAN
controller network.

Step 1: Configure and address a subinterface for the WLAN user network.
a. Configure subinterface 5,10, 100 on the router interface that is connected to the switch [[Switch3]].
b. The router should provide router-on-a-stick routing to VLAN 5,10,100.
c. Configure the subinterface with the address from the Addressing Table.

Step 2: Configure a DHCP pool for WLAN user network.


a. Exclude the router interface address and the management address of the WLC.
b. Configure a DHCP pool that will be used by hosts that are connecting to the WLAN 5, 10.
1) Name the pool WLAN-hosts5/ WLAN-hosts10.
2) Configure the pool to use addresses in the (192.168.5.0/24) 192.168.10.0/24 network.
3) The pool should also provide the default gateway and DNS server addresses.

Part 3: Configure Static Routes


[R3] ip route 192.X.1.0 255.255.255.0 10.1.0.1
ip route 192.X.2.0 255.255.255.0 10.1.0.1
ip route 203.0.113.0 255.255.255.0 10.100.200.1
ip route 198.51.100.0 255.255.255.0 10.100.200.1
ip route 192.168.10.0 255.255.255.0 10.3.0.2
ip route 192.168.5.0 255.255.255.0 10.3.0.2
ip route 192.168.100.0 255.255.255.0 10.3.0.2

[R1]

ip route 0.0.0.0 0.0.0.0 10.1.0.2

[R2]

ip route 0.0.0.0 0.0.0.0 10.3.0.1

Part 4: Configure ports ( trunk or access) of switch 3


Examples: interface FastEthernet0/4
switchport trunk native vlan 100
switchport mode trunk
switchport nonegotiate

Part 5: Configure a Wireless LAN using a Wireless LAN Controller


In this part of the assessment, you will configure the wireless LAN controller to provide access wireless
access to the network. Username and password are the default admin/admin. Connect to the WLC over
HTTPS to the management interface.

Step 1: Configure a VLAN interface.

Step 2: Configure a RADIUS server.


a. Configure the WLC with the RADIUS server IPv4 address.
b. Use a shared secret ( look at Radius server )

Step 3: Configure a Wireless LAN.- create two WLAN 5, WLAN 10 using the VLAN 5, 10 interface
that was previously configured.
a. Create two new WLAN. Name it WLAN 5, WLAN 10 and configure the SSID as Guest, Staff .
b. The wireless LAN should use the VLAN interface that was previously configured.
c. WLAN 5: WPA2 Personal with password: summer2024
d. WLAN 10: WPA2 Enterprise with Radius Server

Step 4: Configure a DHCP scope for the management network.

Step 5: Configure the wireless host.


Configure laptop 1 to connect to the WLAN 5.
Configure laptop 2 to connect to WLAN 10.

You might also like