This document discusses configuring security features on a switch. It shows how VLAN 99 was initially down because no ports were assigned to it, but became up after a port was added. It also discusses enabling HTTP and SSH access to the switch's management interface, viewing MAC address tables, and configuring port security to shut down a port due to a security violation when pinging from R1 to PC-A. The reflection questions discuss how port security helps prevent unauthorized access and why unused switch ports should be disabled.
This document discusses configuring security features on a switch. It shows how VLAN 99 was initially down because no ports were assigned to it, but became up after a port was added. It also discusses enabling HTTP and SSH access to the switch's management interface, viewing MAC address tables, and configuring port security to shut down a port due to a security violation when pinging from R1 to PC-A. The reflection questions discuss how port security helps prevent unauthorized access and why unused switch ports should be disabled.
This document discusses configuring security features on a switch. It shows how VLAN 99 was initially down because no ports were assigned to it, but became up after a port was added. It also discusses enabling HTTP and SSH access to the switch's management interface, viewing MAC address tables, and configuring port security to shut down a port due to a security violation when pinging from R1 to PC-A. The reflection questions discuss how port security helps prevent unauthorized access and why unused switch ports should be disabled.
This document discusses configuring security features on a switch. It shows how VLAN 99 was initially down because no ports were assigned to it, but became up after a port was added. It also discusses enabling HTTP and SSH access to the switch's management interface, viewing MAC address tables, and configuring port security to shut down a port due to a security violation when pinging from R1 to PC-A. The reflection questions discuss how port security helps prevent unauthorized access and why unused switch ports should be disabled.
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1/ 3
Lab – Configuring Switch Security Features
Issue the show vlan command on S1. What is the status of VLAN 99? : - active
Issue the show ip interface brief command on S1. What is the status and protocol for management interface VLAN 99? : - Status is up, and protocol is down.
Why is the protocol down, even though you issued the no shutdown command for interface VLAN 99? : - No physical ports on the switch have been assigned to VLAN 99
Issue the show ip interface brief command on S1. What is the status and protocol showing for interface VLAN 99? : - Up and up
From PC-A, ping the default gateway address on R1. Were your pings successful? : - Yes
From PC-A, ping the management address of S1. Were your pings successful? : - Yes
From S1, ping the default gateway address on R1. Were your pings successful? : - Yes
From PC-A, open a web browser and go to http://172.16.99.11 . If you are prompted for a username and password, leave the username blank and use class for the password. If you are prompted for a secured connection, answer No. Were you able to access the web interface on S1? : - Yes
What version of SSH is the switch using?
: - 1.99
How many authentication attempts does SSH allow?
:-3
What is the default timeout setting for SSH?
: - 120 seconds How many authentication attempts does SSH allow? :-2
What is the timeout setting for SSH?
: - 75 seconds
Was the connection successful?
: - Yes
What is the HTTP server status?
: - Enabled
What server port is it using?
: - 80
What is the HTTP secure server status?
: - enabled
What secure server port is it using?
: - 443
What is the MAC address of the R1 G0/1 interface?
: - it is 30f7.0da3.1821
From the S1 CLI, issue a show mac address-table command from privileged EXEC mode. Find the dynamic entries for ports F0/5 and F0/6. Record them below. F0/5 MAC address: _________30f7.0da3.1821______________ F0/6 MAC address: _________00e0.b857.1ccd______________
What is the port status of F0/5?
: - the status is Secure-up, which indicates that the port is secure, but the status and protocol are up
From R1 privileged EXEC mode, ping PC-A. Was the ping successful? Why or why not? : - no, the F0/5 port on S1 is shut down because of the security violation
From R1, ping PC-A again at 172.16.99.3. Was the ping successful? : - No Reflection
Why would you enable port security on a switch?
: - It would help prevent unauthorized devices from accessing your network if they plugged into a switch on your network. Why should unused ports on a switch be disabled? : - One excellent reason is that a user could not connect a device to the switch on an unused port and access the LAN.
