DS0920 Info8491 22F Protfolio.2

Network Security portfolio 3
Lab Book
INFO8491
Network Security
Prof Khalid saood
Daljeet singh
8840920
Table of Contents
Lab 5 – VLAN and STP …………….………………………........................................……………………….

Description .........................................................................................................................
Preparation.........................................................................................................................
Observations………………………..............................................................................................
screenshots........................................................................................................................
Reflection ..........................................................................................................................
Reference ...........................................................................................................................
Lab 6 Packet Filtering Firewall…….............................................................................................
Description ..........................................................................................................................
Preparation..........................................................................................................................
Observations .......................................................................................................................
Screenshots………………………………………………………………………………………………………………………...
Reflection ............................................................................................................................
Reference ...........................................................................................................................
Lab 5 – VLAN and STP
Description
This lab helps to learn how to we can make step of VLAN AND STP with given devices follow all
the steps given in the lab book such as creating topology, configure network of all devices
password, ping network etc.
Preparation
You will need:
• 5 x Cisco 2960 Switches
• 2 x Cisco 2811 Routers
• 8 x PC PT Objects
• 1 x PC Server Object
• 1 x PT Laptop
•Used banner motd command, enforcing login, ssh configuring for router and switches.
•I also Use Networks assigned in Portfolio 3 subnets file
•All passwords must be Secret55
Observations -
Building the Topology
• With the help of cables, I connected all the devices, and then I turned on each one one by
one, clicked on configuration, updated the host and device names, and double-checked that the
host name corresponded to the names of the devices on each one.
Along with that I also test intial configuration in which both workstations can ping, server
objects can ping both side, both work station can open customized web site, workstation can be
ssh to their switch and router and finally check server objects can sash into their respective
routers
Fig 1.1 topology
I will Test all initial configuration and also Ensure workstations can ping all interfaces on their
respective routers. Along with that I also Ensure workstations can ping their respective
switches as well as workstations can ssh to their switches and router
Part 1 – enable and verify EIGRP is running and also test eigrp routing
Using the topology e to configure and test EIGRP routing on each device that is being used as a
Router:
 Firstly I Configure Loopback with using interface loopback 0 in both routers

 Then I give ip address 1.1.1.1 255.0.0.0 in router 1 and 2.2.2.2 255.0.0.0 to router 2
 After that I enable Eigrp using command router eigrp 10 on router 1 and router 2.
 In next step I configure ip address using network command 172.20.110.0 and 10.200.0.0
then network in first router 1.0.0.0
 Network in second router 172.20.110.0 ,2.0.0.0 and 10.200.10.0
 Made interface passive with giving command of passive-interface fa0/0 and fa0/1
Of router 1 and router passive-interface fa0/0 of router 2
 After setting these command on routers I check all the settings by using sh ip eigrp
database , sh ip route eigrp , sh ip eigrp interface , sh ip eigrp neighbors , sh ip eigrp
topology and sh ip eigrp traffic on both routers to check all the commands working
properly.
I also check router 1 can ping router 2.
 After checking ping, I created key chain by command key-chain mykey and then key 1 I
use key string Secret55 on both router 1 and router 2.
 Configure md5 with command ip authentication key-chain eigrp 10 md5 and ip
authentication key-chain eigrp 10 mykey .
 Then use command show ip eigrp neighbors to check the authentication.
Reflection - performing first part in which I enable eigrp , test eigrp and also create md5
I try firstly I feel it is easy I but I cannot get my proper outcomes I start again and try to
configure I watch video and notes but I was unable to done this part then I take some
help from my mates and finally I done this part.
Part 2 – Configure and Test VLAN, IVR and STP
 In this part I configure VLAN 5 , VLAN 10 AND VLAN 15 in sw1 ,sw2 and sw3 by using
command VLAN 5 ,VLAN 10 , VLAN 10 then enter along with that I also give name with
name command give name office , prod , admin in three switches.
 And use command sh vlan brief to check vlan setup.
 After that I configure link between switch 1 , switch 2 and switch 3 by using command
switchport mode trunk.
 I assigned vlan 5 to interface fa0/1 of switch 2 along with that interface fa0/1 of switch 3
to perform this task I use two commands respectively switchport mode access and then
switchport access VLAN 5 on interface as similarly assigned to VLAN 10 and VLAN 15 as
use interface as per requirement.
 Configure routing between all three VLAN on router 1 by using command intfa0/0.5 and
then I use command encapsulation dot1q5 for vlan 5 , intfa0/0.10 and encapsulation
dot1q10 for vlan 10, intfa0/0.15 and encapsulation dot1q15 for vlan 15.
 After that I make switch1 Root bridge for vlan5 by providing spanning-tree vlan 5 root
primary as similar switch 2 for vlan 10 and switch 3 for vlan 15.
 After setup these commands I check spanning-tree in all switches by using command sh
spanning-tree.
 I also ensure that PC pings on other VLANs.

Screenshots -
Fig 1.2 show vlan brief in switch 1

Fig 1.5 show interface trunk in switch 1

Fig 1.8(1) show spanning-tree in switch 1

Fig 1.8(2) show spanning-tree in switch 1

Fig 1.9(1)show spanning-tree in switch 2

Fig 1.9(2)show spanning-tree in switch 2

Fig1.10.(1) show spanning-tree in switch 3

Fig 1.10.(2) show spanning-tree in switch 3
Fig 1.11 show Ping pc1 to bridge –b1

Fig 1.12 show Ping pc1 to office pc 2
Fig1.13 show Ping pc1 to pc7

Reflection- I faced little bit problem while building this topology. Firstly, I select all devices but
when I was connecting devices I confused about using serial port because there are two type of
serial port wires after using both I did not find any difference so I use serial port wire without
time (watch symbol on it) I easily use all command but I face difficulity in ping at that time I use
all commands step by step. Apart from this I thought the an other difficult step is when i use
and encapsulation dot1q which is difficult and ne to use this command but when I started
using this command I read all notes and also I watched videos of zoom recording and then I
was able to do all commands and easily took screenshots. In this lab I learn so many things how
to done eigrp routing, trunking, spanning-tree in this lab. If I talk about VLAN which is helps to
allows different computers and devices to be interact with each other as if they are in same
LAN sharing a single broadcast domain along with that VLAN used by most of the organization
because it easy to use in large segments as well as small segments. STP is known for spanning
tree protocol which is used to prevent looping with in a network topology and STP use to avoid
the problems that happens when system interchange the information or data on LAN.
References
Professor "Khalid Saood" zoom videos and notes help me to done the INFO8491 lab activities
and topic resources.
INFO8491 Lab 6 Packet Filtering Firewall
Description
This lab helps to learn how to we do packet filtering firewall which is helpful important part of
networking with given devices follow all the steps given in the lab book such as creating
topology, configure network of all devices password , ping network etc.
Preparation
You will need:
• 6 x Cisco 2960 Switch
• 6 x Cisco 2811 Routers
• 6 x PC PT Objects
• 1 x PT Laptop
• All passwords must be Secret55
• Use Network assigned in Subnet file in the assessment portal
PART 1- Building the Topology
• With the help of cables, I connected all the devices, and then I turned on each one one by
one, clicked on configuration, updated the host and device names, and double-checked that the
host name, Configure corresponded to the names of the devices on each one, Configure Telnet
and Secure Shell, Configure Telnet and Secure Shell but this time it is not difficult because I use
the topology of lab 4 but before start I check all the details and devices again so I perform this
lab properly. Apart from this I also I save all the setting of router by command copy running-
config startup-config .
Along with that I also test intial configuration in which both workstations can ping, server
objects can ping both side, both work station can open coustumized web site ,workstation can
be ssh to their switch and router and finally check server objects can ssh into their resepective
routers
Diagram of topology-
Fig 2.0 topology of lab 5
Part 2 - Configure Standard Access Lists

Description
This is the part in which we can configure all the spokes as per requirement to create standard
ACL by following all the parts 1-6 of part 2 and let us see what happens because it is new
concept but I follow all the commands as per lab book instructions.
Obseravation
On Spoke-1
I Create and name a standard access list there give name block-ds, Denies traffic from
the LAN networks on Spoke-2,Spoke-4 and Allows traffic from any other network after
that I Apply that access list inbound on the external interfaces on Spoke-1
On Spoke-2
I Create and name a standard access list there give name BLOCK-DS, Denies traffic
from the LAN networks on Spoke-1 and Spoke 4. Along with that I allows traffic from
any other network and also apply that access list inbound on the external interfaces on
Spoke-2
After performing the commands on spoke 1 and spoke 2 now I test access list
I use commands for Test your access lists with using show access-lists command.
After test access list I make sure that all other PC’s can communicate with the PC’s on
Spoke-1, Spoke-2 and Spoke-4
Apart from this I ensure PC’s on Spoke-1 and Spoke-2 cannot communicate with each
other and I also check that the PC on Spoke-4 cannot communicate the PC’s on Spoke-
1 and Spoke-2
Screenshots
Fig.2.1- shows access-list of spoke-1

Fig.2.2- shows interface where access-list is allowed in spoke-1
Fig.2.3- shows access-list of spoke-2

Fig.2.4- shows interface where access-list is allowed in spoke-2
Fig.2.5- shows ping from pc1 to spoke 2 (part 3.1)

Fig.2.6- shows ping from pc1 to pc6 (part 3.1)
Fig.2.6- shows ping from pc1 to spoke-3 (part 3.1)

Fig.2.7- shows ping from spoke-1 to spoke-2 (part 3.1)
Fig.2.7- shows ping from spoke-2 to spoke-1(part 3.1)

Fig.2.8- shows ping from spoke-1 to spoke-2 (part3.1)



Fig.2.5- eigrp protocol for Spoke 4
Fig.2.6- eigrp protocol for Spoke 3

Fig.2.7- eigrp information for Hub A
Fig.2.8- eigrp information for hub b

Fig.2.9- eigrp information for spoke 1


Fig.2.13- eigrp interface for hub b
Fig.2.14- eigrp interface for Hub A

Fig.2.15- eigrp interface for spoke 2


Fig.2.19- eigrp neighbors for Hub A
Fig.2.20- eigrp neighbors for Hub B

Fig.2.21- eigrp neighbors for spoke 2

Fig.2.24- eigrp
neighbors for spoke 4
Fig.2.25- eigrp topology for Hub A
Fig.2.26- eigrp topology for Hub B

Fig.2.27- eigrp topology for spoke 1


Fig.2.31- eigrp traffic for Hub A

Fig.2.32- eigrp traffic for Hub B
Fig.2.33- eigrp traffic for spoke 1


Fig.2.37- eigrp debug event for hub a
Fig.2.38- eigrp debug event for hub b

Fig.2.39- eigrp debug event for spoke 1


Part 3 – Configure and Test EIGRP Authentication

Using the topology above to configure and test EIGRP Authentication on each Router:
1. Configure EIGRP Authentication using MD5
Create a Keychain that uses MD5
Configure md5 authentication within the EIGRP router process
Set md5 authentication on each interface that is connected to other router.
Show EIGRP Authentication events using debug mode
2. Test EIGRP Routing with md5 Authentication

From PC1 make sure that you can ping all the other PC’s
Fig.3.1 -debug event for Hub- A

Fig.3.2 -debug event for Hub- B
Fig.3.3- debug event for spoke 1



Fig.3.7-
ping pc2 from pc1
Fig.3.8- ping pc3 from pc1

Fig.3.10 - ping pc5 from pc1

Test Command used in lab3 and lab4-
To test ospf-I used sh ip protocol, sh ipEIGRP database, sh ip route and debug ipEIGRP
command.
To test ospf-I used sh ip protocol, sh ip ospf database, sh ip route and debug ip ospf event
command.
To test eigrp –I used sh ip protocol, sh ip route eigrp, sh ip eigrp database, sh ip eigrp
interface, sh ip eigrp neighbors, sh ip eigrp topology and sh ip eigrp traffic command.
Reflection- I faced lots of problem while building this topology. Firstly, I selected all devices but
when I was connecting all devices especially when I was connecting hub –A AND hub-B. I was un
able to connect devices so I had to use additional fast Ethernet port to connect all I change
setting in physical setting and after that I used fast Ethernet and serial ports to connects all
routers after that I was able to work on this topology. This lab is too lengthy to complete as I
have to take 6 screen shot of each device in first lab after that when I use these screenshots in
word document then I face difficulity to choose screenshot but after little bit confusion I sort
my problem . The other thing when I see this topology first time I thought it’s impossible. Even I
faced so many up and downs but the end I felt happy because I done it.
When all devices I got green signaling then start performing lab of eigrp. I faced difficulty when
giving commands so I had to read all notes and watch videos of zoom recording and then I was
able to do all commands and easily took screenshots. In this lab I learnt so many things like
how to Configure and Test Routing using EIGRPand Configure and Test EIGRP Authentication in
this lab. There are different terms and commands to done this task.
References
Professor "Khalid Saood" zoom videos and notes help me to done the INFO8491 lab activities
and topic resources.

DS0920 Info8491 22F Protfolio.2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DS0920 Info8491 22F Protfolio.2

Uploaded by

Copyright:

Available Formats

Network Security portfolio 3

Lab 5 – VLAN and STP …………….………………………........................................……………………….

Lab 6 Packet Filtering Firewall…….............................................................................................

Lab 5 – VLAN and STP

You will need:

• 5 x Cisco 2960 Switches

• 2 x Cisco 2811 Routers

•I also Use Networks assigned in Portfolio 3 subnets file

•All passwords must be Secret55

Building the Topology

Fig 1.1 topology

 Firstly I Configure Loopback with using interface loopback 0 in both routers

I also check router 1 can ping router 2.

Part 2 – Configure and Test VLAN, IVR and STP

 I also ensure that PC pings on other VLANs.

Fig 1.2 show vlan brief in switch 1

Fig 1.3 show vlan brief in switch 2

Fig 1.4 show vlan brief in switch 3

Fig 1.5 show interface trunk in switch 1

Fig 1.6 show interface trunk in switch 2

Fig 1.7 show interface trunk in switch 3

Fig 1.8(1) show spanning-tree in switch 1

Fig 1.8(2) show spanning-tree in switch 1

Fig 1.9(1)show spanning-tree in switch 2

Fig 1.9(2)show spanning-tree in switch 2

Fig1.10.(1) show spanning-tree in switch 3

Fig 1.10.(2) show spanning-tree in switch 3

Fig 1.11 show Ping pc1 to bridge –b1

Fig 1.12 show Ping pc1 to office pc 2

Fig1.13 show Ping pc1 to pc7

INFO8491 Lab 6 Packet Filtering Firewall

You will need:

• 6 x Cisco 2960 Switch

• 6 x Cisco 2811 Routers

• All passwords must be Secret55

• Use Network assigned in Subnet file in the assessment portal

PART 1- Building the Topology

Fig 2.0 topology of lab 5

Part 2 - Configure Standard Access Lists

Fig.2.1- shows access-list of spoke-1

Fig.2.2- shows interface where access-list is allowed in spoke-1

Fig.2.3- shows access-list of spoke-2

Fig.2.4- shows interface where access-list is allowed in spoke-2

Fig.2.5- shows ping from pc1 to spoke 2 (part 3.1)

Fig.2.6- shows ping from pc1 to pc6 (part 3.1)

Fig.2.6- shows ping from pc1 to spoke-3 (part 3.1)

Fig.2.7- shows ping from spoke-1 to spoke-2 (part 3.1)

Fig.2.7- shows ping from spoke-2 to spoke-1(part 3.1)

Fig.2.8- shows ping from spoke-1 to spoke-2 (part3.1)

Fig.2.7- shows ping from spoke-1 to spoke-2 (part 3.2)

Fig.2.8- shows ping from spoke-1 to spoke-2 (part 3.2)

Fig.2.9- shows ping from spoke-4 to spoke-1 (part 3.3)

Fig.2.10- shows ping from spoke-4 to spoke-1 (part 3.3)

Fig.2.5- eigrp protocol for Spoke 4

Fig.2.6- eigrp protocol for Spoke 3

Fig.2.7- eigrp information for Hub A

Fig.2.8- eigrp information for hub b

Fig.2.9- eigrp information for spoke 1

Fig.2.10- eigrp information for spoke 2

Fig.2.11- eigrp information for spoke 3

Fig.2.12- eigrp information for spoke 4

Fig.2.13- eigrp interface for hub b

Fig.2.14- eigrp interface for Hub A