Scribd Logo
Upload

Welcome to Scribd!

  • Ilovepdf Merged

    Uploaded by

    I'm KING
    2 views23 pages
    The document provides steps to configure and verify a basic firewall in Cisco Packet Tracer. It instructs the user to: 1) Create a network topology with devices including PCs, a server, and a firewall. 2) Configure IP addresses on the devices. 3) Turn on services like ICMP and HTTP on the firewall and deny/allow protocols. 4) Verify the firewall configuration by pinging devices and accessing the web browser.

    Original Description:

    Hdg

    Original Title

    ilovepdf_merged

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides steps to configure and verify a basic firewall in Cisco Packet Tracer. It instructs the user to: 1) Create a network topology with devices including PCs, a server, and a firewall. 2) Configure IP addresses on the devices. 3) Turn on services like ICMP and HTTP on the firewall and deny/allow protocols. 4) Verify the firewall configuration by pinging devices and accessing the web browser.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views23 pages

    Ilovepdf Merged

    Uploaded by

    I'm KING
    The document provides steps to configure and verify a basic firewall in Cisco Packet Tracer. It instructs the user to: 1) Create a network topology with devices including PCs, a server, and a firewall. 2) Configure IP addresses on the devices. 3) Turn on services like ICMP and HTTP on the firewall and deny/allow protocols. 4) Verify the firewall configuration by pinging devices and accessing the web browser.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 23

    Basic Firewall Configuration in Cisco

    Packet Tracer
    Steps to Configure and Verify Firewall in Cisco Packet Tracer:

    Step 1: First, open the Cisco packet tracer desktop and select the devices
    given below:

    IP Addressing Table:

     Then, create a network topology as shown below the image.


     Use an Automatic connecting cable to connect the devices with others.
    Step 2: Configure the PCs (hosts) and server with IPv4 address and Subnet
    Mask according to the IP addressing table given above.
     To assign an IP address in PC0, click on PC0.
     Then, go to desktop and then IP configuration and there you will IPv4
    configuration.
     Fill IPv4 address and subnet mask.
     Repeat the same procedure with the server

    Step 3: Configuring the firewall in a server and blocking packets and
    allowing web browser.
     Click on server0 then go to the desktop.
     Then click on firewall IPv4.
     Turn on the services.
     First, Deny the ICMP protocol and set remote IP to 0.0.0.0 and Remote
    wildcard mask to 255.255.255.255.
     Then, allow the IP protocol and set remote IP to 0.0.0.0 and Remote
    wildcard mask to 255.255.255.255.
     And add them.
    Step 4: Verifying the network by pinging the IP address of any PC.
     We will use the ping command to do so.
     First, click on PC2 then Go to the command prompt.
     Then type ping <IP address of targeted node>.
     We will ping the IP address of the server0.
     As we can see in the below image we are getting no replies which means
    the packets are blocked.
    Check the web browser by entering the IP address in the URL.
     Click on PC2 and go to desktop then web browser.
    MAC Flood attack
    Switch Configuration: restrict mode
    • Switch>enable
    • Switch#configure terminal
    • Switch(config)#interface range fastEthernet 0/1-3
    • Switch(config-if-range)#switchport mode access
    • Switch(config-if-range)#switchport port-security
    • Switch(config-if-range)#switchport port-security
    maximum 2
    Switch Configuration: restrict mode
    • Switch(config-if-range)#switchport port-security violation ?
    – protect Security violation protect mode
    – restrict Security violation restrict mode
    – shutdown Security violation shutdown mode
    • Switch(config-if-range)#switchport port-security violation
    restrict
    • Switch(config-if-range)# exit
    • Switch#end
    • %SYS-5-CONFIG_I: Configured from console by console
    • Wr (type wr to build the configuration)
    • Switch#show port-security
    • Switch#show mac address-table
    switchport mode access
    • Using the “Switchport mode access” command forces the
    port to be an access port while and any device plugged into
    this port will only be able to communicate with other devices
    that are in the same VLAN.
    Switchport Security Violations
    • A switchport violation occurs in one of two
    situations:
    • When the maximum number of secure MAC
    addresses has been reached (by default, the
    maximum number of secure MAC addresses
    per switchport is limited to 1)
    • An address learned or configured on one
    secure interface is seen on another secure
    interface in the same VLAN
    3 modes ofvSwitchport Security
    Violations
    • The action that the device takes when one of these violations occurs can be
    configured:
    • Protect—This mode permits traffic from known MAC addresses to continue to be
    forwarded while dropping traffic from unknown MAC addresses when over the
    allowed MAC address limit. When configured with this mode, no notification
    action is taken when traffic is dropped.
    • Restrict—This mode permits traffic from known MAC addresses to continue to be
    forwarded while dropping traffic from unknown MAC addresses when over the
    allowed MAC address limit. When configured with this mode, a syslog message is
    logged, a Simple Network Management Protocol (SNMP) trap is sent, and a
    violation counter is incremented when traffic is dropped.
    • Shutdown—This mode is the default violation mode; when in this mode, the
    switch will automatically force the switchport into an error disabled (err-disable)
    state when a violation occurs. While in this state, the switchport forwards no
    traffic. The switchport can be brought out of this error disabled state by issuing
    the errdisable recovery cause CLI command or by disabling and reenabling the
    switchport.

    You might also like