Scribd Logo
Upload

Welcome to Scribd!

  • Network Security

    Uploaded by

    Aljopeir
    10 views28 pages
    Some of practicals Network security تطبيقات أمن الشبكات

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Some of practicals Network security تطبيقات أمن الشبكات

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views28 pages

    Network Security

    Uploaded by

    Aljopeir
    Some of practicals Network security تطبيقات أمن الشبكات

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    Network Security Labs

    VLANs
    Switch1> enable
    Switch1#config t
    Switch1(config)#vlan 10
    Switch1(config-vlan)#name students
    Switch1(config-vlan)#exit
    Switch1(config)#vlan 20
    Switch1(config-vlan)#name doctors
    Switch1(config-vlan)#exit
    Switch1(config)#interface ethernet 0
    Switch1(config-if)#switchport mode trunk
    Switch1(config-if)#exit
    Switch1(config)#interface ethernet 3
    Switch1(config-if)#switchport mode trunk
    Switch1(config-if)#exit
    Switch1(config)#interface ethernet 1
    Switch1(config-if)#switchport mode access
    Switch1(config-if)#switchport access vlan 10
    Switch1(config-if)#exit
    Switch1(config)#interface ethernet 2
    Switch1(config-if)#switchport mode access
    Switch1(config-if)#switchport access vlan 20
    Switch1(config-if)#exit
    Switch2>enable
    Switch2#config t
    Switch2(config)#vlan 10
    Switch2(config-vlan)#name students
    Switch2(config-vlan)#exit
    Switch2(config)#vlan 20
    Switch2(config-vlan)#name doctors
    Switch2(config-vlan)#exit
    Switch2(config)#interface ethernet 0
    Switch1(config-if)#switchport mode trunk
    Switch1(config-if)#exit
    Switch1(config)#interface ethernet 1
    Switch1(config-if)#switchport mode access
    Switch1(config-if)#switchport access vlan 10
    Switch1(config-if)#exit
    Switch1(config)#interface ethernet 2
    Switch1(config-if)#switchport mode access
    Switch1(config-if)#switchport access vlan 20
    Switch1(config-if)#exit
    R1>enable
    R1#config t
    R1(config)#interface ethernet 0/0
    R1(config-if)#no shutdown
    R1(config-if)#exit
    R1(config)#interface ethernet 0/0.10
    R1(config-subif)# encapsulation dot1Q 10
    R1(config-subif)#ip address 192.168.1.1 255.255.255.0
    R1(config-subif)#exit
    R1(config)#interface ethernet 0/0.20
    R1(config-subif)# encapsulation dot1Q 20
    R1(config-subif)#ip address 192.168.2.1 255.255.255.0
    R1(config-subif)#exit
    Port Security
    R1>enable
    R1#config t
    R1(config)#interface ethernet 0/0
    R1(config-if)#no shutdown
    R1(config-if)#ip address 192.168.10.1 255.255.255.0
    R1(config-if)#exit
    R1(config)#ip dhcp pool first
    R1(dhcp-config)#network 192.168.10.0 255.255.255.0
    R1(dhcp-config)#default-router 192.168.10.1
    R1(dhcp-config)#exit
    Switch1>enable
    Switch1#config t
    Switch1(config)#interface ethernet 0
    Switch1(config-if)#switchport mode access
    Switch1(config-if)#switchport port-security
    Switch1(config-if)# switchport port-security maximum 4
    Switch1(config-if)# switchport port-security violation protect
    Switch1(config)#interface ethernet 1
    Switch1(config-if)#switchport mode access
    Switch1(config-if)#switchport port-security
    Switch1(config-if)#switchport port-security mac-address sticky
    Switch1(config-if)# switchport port-security maximum 1
    Switch1(config-if)# switchport port-security violation restrict
    Switch1(config)#interface ethernet 3
    Switch1(config-if)#switchport mode access
    Switch1(config-if)#switchport port-security
    Switch1(config-if)#switchport port-security mac-address
    1111.2222.3333
    Switch1(config-if)# switchport port-security maximum 1
    Switch1(config-if)# switchport port-security violation shutdown
    DHCP Snooping
    R1>enable
    R1#config t
    R1(config)#interface ethernet 0/0
    R1(config-if)#no shutdown
    R1(config-if)#ip address 192.168.10.1 255.255.255.0
    R1(config-if)#exit
    R1(config)#ip dhcp pool first
    R1(dhcp-config)#network 192.168.10.0 255.255.255.0
    R1(dhcp-config)#default-router 192.168.10.1
    R1(dhcp-config)#exit
    R2>enable
    R2#config t
    R2(config)#interface ethernet 0/0
    R2(config-if)#no shutdown
    R2(config-if)#ip address 192.168.20.1 255.255.255.0
    R2(config-if)#exit
    R2(config)#ip dhcp pool first
    R2(dhcp-config)#network 192.168.20.0 255.255.255.0
    R2(dhcp-config)#default-router 192.168.20.1
    R2(dhcp-config)#exit
    S1>enable
    S1#config t
    S1(config)#ip dhcp snooping
    S1(config)#ip dhcp snooping vlan 1
    S1(config)#no ip dhcp snooping information option
    S1(config)#interface ethernet 0/0
    S1(config-if)#ip dhcp snooping trust
    S1(config-if)#exit
    S1(config)#interface range ethernet 0/1-2
    S1(config-if-range)#ip dhcp snooping limte rate 4
    S1(config-if-range)#exit
    S2>enable
    S2#config t
    S2(config)#ip dhcp snooping
    S2(config)#ip dhcp snooping vlan 1
    S2(config)#no ip dhcp snooping information option
    S2(config)#interface range ethernet 0/0-1
    S2(config-if-range)#ip dhcp snooping trust
    S2(config-if-range)#exit
    Dynamic ARP Inspection
    S1>enable
    S1#config t
    S1(config)#ip arp inspection vlan 1
    S1(config)#interface ethernet 0/0
    S1(config-if)#ip arp inspection trust
    S1(config-if)#exit
    S1(config)#interface range ethernet 0/1-2
    S1(config-if-range)#ip arp inspection limte rate 4
    S1(config-if-range)#exit
    S2>enable
    S2#config t
    S2(config)#ip arp inspection vlan 1
    S2(config)#interface range ethernet 0/0-1
    S2(config-if-range)#ip arp inspection trust
    S2(config-if-range)#exit
    SSH, Telnet
    Accessing Router, For both(SSH, Telnet)
    R1>enable
    R1#config t
    R1(config)#enable secret 1234
    R1(config)#username cnds secret 1234
    R1(config)#interface ethernet 0
    R1(config-if)#no shutdown
    R1(config-if)#ip address 192.168.30.1 255.255.255.0
    R1(config-if)#exit
    R1(config)#interface loopback 0
    R1(config-if)#ip address 1.1.1.1 255.255.255.255
    R1(config-if)#exit
    SSH
    R1(config)#hostname R1
    R1(config)#ip domain-name cnds.com
    R1(config)#crypto key generate rsa
    //enter the size of key = 1024 //it can be from 360 to 2048
    //for ssh v2 the size of key must be 768 or greater
    R1(config)#line vty 0 15
    R1(config-line)#login local
    R1(config-line)#transport input ssh
    Telnet
    R1(config)#line vty 0 15
    R1(config-line)#login local
    R1(config-line)#transport input ssh telnet
    //telnet is enabled along with ssh
    Accessing Switch
    //To access the switch, an interface vlan must be enabled and
    given an ip address
    S1>enable
    S1#config t
    S1(config)#interface vlan 1
    S1(config-if)#ip address 192.168.2.1 255.255.255.0
    S1(config-if)#exit
    For both(SSH, Telnet)
    S1>enable
    S1#config t
    S1(config)#enable secret 1234
    S1(config)#username cnds secret 1234
    SSH
    S1(config)#hostname S1
    S1(config)#ip domain-name cnds.com
    S1(config)#crypto key generate rsa
    //enter the size of key = 1024 //it can be from 360 to 2048
    //for ssh v2 the size of key must be 768 or greater
    S1(config)#line vty 0 4
    S1(config-line)#login local
    S1(config-line)#transport input ssh
    Telnet
    S1(config)#line vty 0 4
    S1(config-line)#login local
    S1(config-line)#transport input ssh telnet
    //telnet is enabled along with ssh
    Client
    Access the router from windows
    //The client must has an ip address from the same subnet, for eg: 192.168.30.2
    //It is preferred to access the router using the loopback ip address
    C:\Users\Client>telnet 1.1.1.1
    C:\Users\Client>ssh -l cnds 1.1.1.1
    Or
    C:\Users\Client>telnet 192.168.30.1
    C:\Users\Client>ssh -l cnds 192.168.30.1

    Access the switch from windows


    //The client must has an ip address from the same subnet, for eg: 192.168.2.2
    C:\Users\Client>telnet 192.168.2.1
    C:\Users\Client>ssh -l cnds 192.168.2.1

    You might also like