11.6.1 Packet Tracer - Switch Security Configuration

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi friends welcome to or in this video we are going to discuss CCNA version 7 packet racer activity switch security configuration before coming to this activity friends if you like to get any CCNA version 7 online classes or any other technical supports you can contact our team using our website link you will get from the description below and also if you like to get this type of technical videos in future considered subscribing also don't forget to enable that Bell icon new to the subscribe button so that you will get notification message whenever we upload a new video coming back to our packet tracer activity here we can see they given the VLAN table okay and here we can see the objectives in part 1 create a secure trunk then secure unused switch ports implement a port security then enable a DHCP snooping and finally configure rapid pbht port fast and bpdu guard these are the objectives of this packet restore activity but just will go through this background also you are enhancing security on to access switches in a partially configured network it will implement the range of security measures that were covered in this module according to the requirements below note that routing has been configured on this network so connectivity between house on different VLANs should function when completed we will do it one by one coming to the instructions in step 1 create a secure of trunk connection the G 0 / 2 ports of the to access layer switches that means we are going to connect these two switches so we'll go to connections and we loose copper crossover then click on this switch click on a G gigabit 1/3 of 0 / - right G 0 / 2 then coming to this switch Connect two gigabit ertharin 0/2 then configure ports G 0 / 1 and G 0 / 2 as static trunks on both switches you're coming to our topology here we can see this port that is G 0 / 1 which is connected to this multi-layer switch and G 0 / - I just know we connected we are going to configure these two poor so G 0 / 1 and G 0 starts to as a static trunks on both switches we will do that click on this switch then go to CLI enable kind of T then we will go to these interfaces as a range that is G 0 / 1 and it - that means 1 - tube then we will give a switch port mode as a trunk then close this we will go to this switch enable kind of T then go to those interfaces as a range G 0 / 1 - to support the modisett trunk then press Enter sorry here to give it trunk right yes then we have to press Enter we can verify these configurations we will go to this switch and we'll give end again press ENTER then we will give a show we can give a interface such trunk and here we can see these ports G 0 / 1 G 0 starts to its terraced ranking and we can see native VLAN also here we can see FA 0 starts to also trunking okay we will go to this switch and then we will give a show interfaces trunk and here also we can see G 0 / 1 G 0 starts - it set ranking next is a disable a DTP negotiation on both sides of the link okay we can do that people will do this configuration will go to this switch first configure terminal then we will go to those interfaces arranged that is G 0 / 1 & 2 so 1 - 2 then we have to give a switch port no negotiate right so I will verify this command propagation mark under here we can see no negotiate we will use this command here no negotiate okay so next we will go to this a switch CLI kind of T we will go to interface or cell range then G 0 / 1 - 2 switch port no negotiate eight billion hunted and give it the name native on both switches okay we will do that will create this Avilan hundred percent or and here we can see we get some messages anyways you know to worry about that end we will give a country we will create a VLAN hundred then we will give the name as a native yes then we will go to this switch exit then we will create this Avilan hundred and we can be the name as an 80 then configure all trunk ports on both switches to use VN hunter as the native VLAN okay we will do that again we will go to those interfaces exit or we can give nth sorry will give exit better so that we will go to global configuration mode sure we will give an interface as a range G 0 / 1 - 2 and we will give a switch to port trunk native VLAN its 100 okay then we will go through this switch give exit then we can give interface as arranged G 0 / 1 - 2 then we will let set S which you put trunk native VLAN 100 and we can see all those errors that pod consistency restored now we will go to step to secure and used as switch ports shutdown all and used as which reports on SW - 1 here coming to a reveal and table we can see these ports are used in the switch SW - 1 FA 0 / 1 FA 0 starts to FA 0 / 10 FA 0 / 24 and G 0 / 1 and G 0 / 2 so we will shut down all the ports except these pots ok we can do that we will go to this SW - 1 we will exit then we will go to those interfaces as arranged FA here we can see we used FA 0 / 1 + fa 0 / 3 sorry FS 0 / 2 so we'll go to FA 0 / 3 till 9 because here we can see can be used so we'll put a comma F a0 / 11 11 till 23 correct because 24 we used also we we used to G 0 / 1 and G 0 / - okay so we will shut down all these sports FA 0 / 3 till 9 then FA 0 / 11 till 23 press enter and you the command is shut down then on SW - 1 create a VLAN triple-n and name it black hole the configurator name must match with our requirement exactly we will create this VLAN exit and will create this VLAN triple 9th also we will give the name as black hole so yes so here it is case sensitive for a scoring purpose then after this move or unused switch ports to the black hole VLAN ok we can do that so just will exit from this VLAN and we will go to those interfaces we can press up arrow from keyboard so that we will get that previous command just to keep porn plus this up arrow and here we can see all the unused to ports fa0 starts 3 - 9 then FS 0 / 11 till 23 presenter and here we can give a support I think it's already in access mode so support we can give a access wheel and triple 9 okay just end and we can verify it show VLAN brief here we can see all those unused pores we added to v10 triple n that is black horror now we will go to step 3 implement port security activate port security on all the active access ports on switch SW - 1 before coming to this step I would like to go to the switch SW - 1 again and here I like to give this a shot commander show interface a trunk and here we observed this port fa0 slams - is in tracking mode but coming to order topology we can see this port FA 0 starts - is connected to these anti device so that means this support should be in static access maybe by mistake the pre-configured this trunk port coming to our a VLAN table here we can see they mentioned FA 0 / 1 + FS 0 starts - should be in VLAN 10 should be a saint - VLAN 10 but we have seen this FS 0 / - is ranking right just we will verify in SW - - we will go to SW - - and here I will give enable then we will give a show VLAN brief command and here we will verify these ports FS 0 / 1 + FS 0 / - they are in VLAN 10 here it is correct also even we can verify its you know static access show interface we can give sorry interface it's a FA 0 starts to write switch port and here we can see its mode administrative mode static access and operational mode static access so here we will correct this problem in this switch SW - 1 we will go to this switch then we will go to that interface kunti interface FAS Eurostar's - and we will change its mode switch port modest access we can verify it also we have to assign to the VLAN right so I think we will do that again kunti we will go to that interface FA 0 / 2 then we will give switch a port access VLAN 10 it will confirm yeah we done Chen so we will verify now give end so we'll give an interface trunk I know here we can see only G 0 / 1 and G 0 starts to is a trunking okay that's fine also we will verify a show VLAN brief and here we can see FA 0 / 1 + fa 0 starts - is in VLAN 10 admin okay just to be identified this problem in this pre configuration that's why we change in this switch SW - 1 now we will activate the support security on all the active access ports in this switch SW - 1 and here we can see those ports FS 0 / 1 FS 0 starts - then ten and twenty four okay we will do that just we'll go to this switch and we will go to those ports kind of T then we have to give interface as a range of aim 0 / 1 - 2 then we have a FA 0 / 10 also we have FA 0 / 24 then we have to enable for security and the command is here switch port port security configure the active ports to allow a maximum of four MAC addresses to be land on the ports that can be done we had to get his command as which port a port security we have to set the maximum as for right yes presenter then for ports FS 0 / 1 on SW - 1 statically configure the MAC address of the PC using port security okay that can be done so we will get the MAC address of this PC that is we can see FA 0 / 1 it's this PC right FA 0 / 1 I think it's here yeah it's a PC 1 we will get its MAC address we have to give this command ipconfig /all and here we can see its physical address just will copy it's a physical address now again we will go back to the switch SW - 1 and exit from all these interfaces then we will go to interface FA 0 / 1 only then we will let this switch port port security then we have is a MAC address space il protection mark and here we can see we can specify 48 to be two MAC address so already we copied that just paste your that MAC address then press Enter configure each active access port so that it will automatically add the MAC addresses I'll land on the port to the running configuration okay we can do that in this s which actually here they specified each add to access ports that means even we have to include at the surface 0/1 actually this port is not rocket but still for a scoring purpose so we will do that so we will go to those interfaces we can give interfaces a range FAS euro / 192 we can give 1-2 we have F a0 / 10 and FA 0 / 24 and ago we will give a switch you port port security then we will give a MAC address that's a sticky so here I will have a cushion mark and here we can see configure a dynamic security SS as sticky you will give it to keep then thereafter configure the port security violation mode to drop packets from my addresses that exceeded the maximum generate is the slow entry but not disable the ports that means we have to use the violation as a restrict right so we can do that here you will give the command the switch port port security we can set the violation or saw restrict now we will go to a step for configure a DHCP snooping configure at the trunk ports on as W - one as a trusted ports that means these ports of G 0 / 1 and G 0 / 2 in this switch SW - 1 right ok we can do that just go to the switch then exit we will go to interface as I arranged a G 0 / 102 and here we can set this IP dhcp snooping then I put a question mark and here we can see trust DHCP snooping trust config so we'll give this a trust then limited and trusted ports on as W - 1 - hi with DHCP packets per seconds and that means if you have to go through all these on static access ports and we have to limit this right we will click on this a switch then exit we will go to interfaces arrange FA 0 / 1 and it to FAS 0/10 and FA 0 / 24 and here we can give IP dhcp snooping I will protection mark and here we can see the commanded limit DHCP snooping limit so we can set this limit then you have to specify the right DHCP is no ping limit right then we had to specify that snooping limit DHCP snooping all right a limit has a specified it's 5 we have to go to a switch as W - to then enable DHCP snooping globally and for VLANs 10 20 and a 99 ok this we have to do it in a global configuration mode I will go to this switch SW to enable kind of T so now we are in global configuration mode here we can give that command you will give an IP dhcp is snooping first then we can give an IP dhcp sorry snooping we can specify the VLAN it's VLAN 10 20 and 299 now coming through the last step in this activity step 5 configure port fast and to bpdu guard enable portfast on all the access ports that are in use on SW - 1 ok so we will go to this which SW - 1 then we'll go to all these access ports kind of T ok just will go to those interfaces as a range that is FA 0 / 1 - 2 then FA 0 / 10 also we have a FA 0 / 24 right and here we have to give this command spanning-tree portfast to enable bpdu guard on all the access ports that are in use on SW - one okay again we will go to the switch SW - one and we can enable that spanning-tree bpdu guard enable finally configure SW - - so that all access ports will use what fast by default okay that can be done we will go to SW - - so now we are in a global configuration mode in global configuration mode we can give this command as spanning-tree portfast default okay then presenter okay great that's all in this activity switch security configuration and here we can see our completion status it's hundred percent now dear friends if you have any doubt any suggestions regarding this packet race or activity please comment below or you can contact our team using our website and also if you liked our video give a thump and share with all your friends stay tuned and we will meet again with the next video thank you

Info

Channel: Tech Acad

Views: 24,676

Rating: 4.928287 out of 5

Keywords: CISCO, CISCO Certification, CCNA, CISCO Switch, Switch Security, Packet Tracer, Routing and Switching, CCNAv7

Id: ClHlrqfMF10

Channel Id: undefined

Length: 24min 33sec (1473 seconds)

Published: Sat Jul 11 2020