Professional Documents
Culture Documents
Connect the above network on Packet Tracer using 1941 Router, 2960 Switch and
Generic PCs (This step is already done for you)
1. Configure the host names. The host name must match the value in the table
exactly in spelling, case, and punctuation.
2. Prevent the router CLI from attempting to look up mistyped commands as
URLs.
3. Configure the message-of-the-day banner as (Unauthorized Access is
Prohibited) must match exactly in spelling, case, and punctuation.
4. Configure an encrypted password for Privileged EXEC mode as (class).
5. Protect access to the device console (use password cisco).
6. Prevent IOS status messages from interrupting command line output at the
device console.
7. Encrypt all clear text passwords.
On all three switches, create and name the VLANs shown in the VLAN Table.
1. The VLAN names must match the values in the table exactly in spelling, case,
and punctuation.
2. Each switch should be configured with all the VLANs shown in the table.
Using the VLAN table, assign the switch ports to the VLANs you created in Step 3, as
follows:
1. All switch ports that you assign to VLANs should be configured to static access
mode.
2. All switch ports that you assign to VLANs should be activated.
3. Note that all the unused ports should be disabled and assigned to VLAN 999.
Using the addressing table, create and address the SVIs on all three switches.
Configure the switches so that they can connect with remote hosts. Full connectivity
will be established after routing between VLANs has been configured later in this
assessment.
b. Activate PortFast and BPDU Guard on the SW-C switch access ports.
1. Configure PortFast on all access ports that are connected to hosts. This
must be configured on the switch ports. Do not use the portfast default
form of the command.
2. Activate BPDU Guard on all access ports that are connected to hosts.
a. Secure unused switch ports. Following security best practices, do the following
on SW-B only:
1. Shutdown all unused switch ports.
2. Configure all unused switch ports as access ports.
3. All unused switch ports should be assigned to VLAN 999.
b. Configure port security on all active access ports on the SW-B. do the
following on SW-B only:
1. Each switch port should accept only two MAC addresses before a
security action occurs.
2. The learned MAC addresses should be recorded in the running
configuration.
3. If a security violation occurs, the switch ports should provide
notification that a violation has occurred but not place the interface in an
err-disabled state.
c. On SW-B, configure the virtual terminal lines to accept only SSH connections
on the virtual terminal lines.
1. Use a domain name of project1.com.
2. Use a modulus value of 1024.
3. Configure SSH version 2.
4. Configure the vty lines to only accept SSH connections.
5. Configure user-based authentication for SSH connections to the vty lines
with a user name of netadmin and a secret password of sshpass1. The
user name and password must match the values provided here exactly in
case, punctuation, and spelling.
1. Create a DHCP pool for hosts on VLAN5 using the pool name vlan5pool.
2. Create a DHCP pool for hosts on VLAN10 using the pool name vlan10pool.
3. Create a DHCP pool for hosts on VLAN15 using the pool name vlan15pool.
4. All VLAN pool names must match the provided values exactly.
5. Exclude the first five addresses from each pool.
6. Configure a DNS server address of 192.0.2.62.
7. Configure the default gateway.
8. Once they have received addresses, the hosts should be able to ping hosts on
other networks.
SW-B#sh r
Building configuration...
Campus#sh r
Building configuration...
Current configuration : 1847 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Campus
!
no logging console
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
ip dhcp excluded-address 10.10.5.1 10.10.5.5
ip dhcp excluded-address 10.10.10.1 10.10.10.5
ip dhcp excluded-address 10.10.15.1 10.10.15.5
!
ip dhcp pool vlan5pool
network 10.10.5.0 255.255.255.0
default-router 10.10.5.1
dns-server 192.0.2.62
ip dhcp pool vlan10pool
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 192.0.2.62
ip dhcp pool vlan15pool
network 10.10.15.0 255.255.255.0
default-router 10.10.15.1
dns-server 192.0.2.62
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX15240AK7
!
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.5
encapsulation dot1Q 5
ip address 10.10.5.1 255.255.255.0
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/1.15
encapsulation dot1Q 15
ip address 10.10.15.1 255.255.255.0
!
interface GigabitEthernet0/1.100
encapsulation dot1Q 100
ip address 10.10.100.1 255.255.255.0
!
interface GigabitEthernet0/1.199
encapsulation dot1Q 199
ip address 10.10.199.1 255.255.255.0
ip access-group 1 out
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
access-list 1 permit 10.10.100.0 0.0.0.255
!
banner motd ^C
Unauthorized Access is Prohibited^C
!
!
!
!
line con 0
password 7 0822455D0A16
logging synchronous
!
line aux 0
!
line vty 0 4
logging synchronous
login
line vty 5 15
logging synchronous
login
!
!
!
end