1 / 40

Any Questions?

Any Questions?. Chapter 9-Ethernet Switch Configuration. Configuration Features in Common with Routers LAN Switch Configuration and Operation. Do I know this?. Go through the Quiz- 5 minutes.

evangeline
Télécharger la présentation

Any Questions?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Any Questions?

  2. Chapter 9-Ethernet Switch Configuration • Configuration Features in Common with Routers • LAN Switch Configuration and Operation

  3. Do I know this? Go through the Quiz- 5 minutes

  4. 1. Imagine that you have configured the enable secret command, followed by the enable password command, from the console. You log out of the switch and log back in at the console. Which command defines the password that you had to enter to access privileged mode? a. enable password b. enable secret c. Neither d. The password command, if it’s configured

  5. 1. Imagine that you have configured the enable secret command, followed by the enable password command, from the console. You log out of the switch and log back in at the console. Which command defines the password that you had to enter to access privileged mode? a. enable password b. enable secret c. Neither d. The password command, if it’s configured Answer:B

  6. 2. An engineer had formerly configured a Cisco 2960 switch to allow Telnet access so that the switch expected a password of mypassword from the Telnet user. The engineer then changed the configuration to support Secure Shell. Which of the following commands could have been part of the new configuration? a. A username name password password command in vty config mode b. A username name password password global configuration command c. A transport input ssh command in vty config mode d. A transport input ssh global configuration command

  7. 2. An engineer had formerly configured a Cisco 2960 switch to allow Telnet access so that the switch expected a password of mypassword from the Telnet user. The engineer then changed the configuration to support Secure Shell. Which of the following commands could have been part of the new configuration? a. A username name password password command in vty config mode b. A username name password password global configuration command c. A transport input ssh command in vty config mode d. A transport input ssh global configuration command Answer: B, C

  8. 3. The following command was copied and pasted into configuration mode when a user was telnetted into a Cisco switch: banner login this is the login banner Which of the following are true about what occurs the next time a user logs in from theconsole? a. No banner text is displayed. b. The banner text “his is” is displayed. c. The banner text “this is the login banner” is displayed. d. The banner text “Login banner configured, no text defined” is displayed.

  9. 3. The following command was copied and pasted into configuration mode when a user was telnetted into a Cisco switch: banner login this is the login banner Which of the following are true about what occurs the next time a user logs in from theconsole? a. No banner text is displayed. b. The banner text “his is” is displayed. c. The banner text “this is the login banner” is displayed. d. The banner text “Login banner configured, no text defined” is displayed. Answer: B

  10. 4. Which of the following is not required when configuring port security without sticky learning? a. Setting the maximum number of allowed MAC addresses on the interface with the switchport port-security maximum interface subcommand b. Enabling port security with the switchport port-security interface subcommand c. Defining the allowed MAC addresses using the switchport port-security macaddress interface subcommand d. All of the other answers list required commands

  11. 4. Which of the following is not required when configuring port security without sticky learning? a. Setting the maximum number of allowed MAC addresses on the interface with the switchport port-security maximum interface subcommand b. Enabling port security with the switchport port-security interface subcommand c. Defining the allowed MAC addresses using the switchport port-security macaddress interface subcommand d. All of the other answers list required commands Answer: A

  12. 5. An engineer’s desktop PC connects to a switch at the main site. A router at the main site connects to each branch office via a serial link, with one small router and switch at each branch. Which of the following commands must be configured, in the listed configuration mode, to allow the engineer to telnet to the branch office switches? a. The ip address command in VLAN 1 configuration mode b. The ip address command in global configuration mode c. The ip default-gateway command in VLAN 1 configuration mode d. The ip default-gateway command in global configuration mode e. The password command in console line configuration mode f. The password command in vty line configuration mode

  13. 5. An engineer’s desktop PC connects to a switch at the main site. A router at the main site connects to each branch office via a serial link, with one small router and switch at each branch. Which of the following commands must be configured, in the listed configuration mode, to allow the engineer to telnet to the branch office switches? a. The ip address command in VLAN 1 configuration mode b. The ip address command in global configuration mode c. The ip default-gateway command in VLAN 1 configuration mode d. The ip default-gateway command in global configuration mode e. The password command in console line configuration mode f. The password command in vty line configuration mode Answer: A, D, F

  14. 6. Which of the following describes a way to disable IEEE standard autonegotiation on a 10/100 port on a Cisco switch? a. Configure the negotiate disable interface subcommand b. Configure the no negotiate interface subcommand c. Configure the speed 100 interface subcommand d. Configure the duplex half interface subcommand e. Configure the duplex full interface subcommand f. Configure the speed 100 and duplex full interface subcommands

  15. 6. Which of the following describes a way to disable IEEE standard autonegotiation on a 10/100 port on a Cisco switch? a. Configure the negotiate disable interface subcommand b. Configure the no negotiate interface subcommand c. Configure the speed 100 interface subcommand d. Configure the duplex half interface subcommand e. Configure the duplex full interface subcommand f. Configure the speed 100 and duplex full interface subcommands Answer: F

  16. 7. In which of the following modes of the CLI could you configure the duplex setting for interface fastethernet 0/5? a. User mode b. Enable mode c. Global configuration mode d. Setup mode e. Interface configuration mode

  17. 7. In which of the following modes of the CLI could you configure the duplex setting for interface fastethernet 0/5? a. User mode b. Enable mode c. Global configuration mode d. Setup mode e. Interface configuration mode Answer: E

  18. 8. The show vlan brief command lists the following output: 2 my-vlan active Fa0/13, Fa0/15 Which of the following commands could have been used as part of the configuration for this switch? a. The vlan 2 global configuration command b. The name MY-VLAN vlan subcommand c. The interface range Fa0/13 - 15 global configuration command d. The switchport vlan 2 interface subcommand

  19. 8. The show vlan brief command lists the following output: 2 my-vlan active Fa0/13, Fa0/15 Which of the following commands could have been used as part of the configuration for this switch? a. The vlan 2 global configuration command b. The name MY-VLAN vlan subcommand c. The interface range Fa0/13 - 15 global configuration command d. The switchport vlan 2 interface subcommand Answer: A

  20. Any Questions?

  21. Securing the CLI • Console is inherently insecure • Physical access means you can password reset • For telnet and ssh • Enable or enable secret must be set • IP, Login, password

  22. Basic password security • Different password work in different places • Line console • Line vty

  23. SSH Configuration • Must turn on transport input • Set up cryptographic keys • line vty 0 15 • Configure for telnet sessions • login local • Use local login details • transport input telnet ssh • Accept ssh • username wendell password hope • Local username • ip domain-name example.com • Configure dns suffix • crytpo key generate rsa • Generate keys

  24. Password Encryption • Most password are in clear text • Vulnerable if saved • service password encryption • Encrypt all passwords on system • Turn it off and change to return to clear text • no service password-encryption

  25. Enable and Enable Secret • Enable secret overrides enable password • Encrypted by default

  26. Console and VTY settings • Banners • MOTD • Login • Exec

  27. History Functions

  28. Logging Synchronous and Exec Timeout • System gives feedback to screen • Even when you are working • Logging synchronous • Prevents the information from hiding your prompt • Inactivity timeout • How long before the switch ends your session • Exec-timeout command

  29. Switch IP config • Switches don’t NEED and IP • IP address is only needed if you are going to adminster over the network • telnet • SSH • Config with • IP address • Default gateway

  30. Basic Switch Config • IP address is associated to VLAN1 • Not on an actual interface, but looks at all traffic that goes through VLAN1 • configure terminal • interface vlan1 • ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX • no shutdown

  31. Default Gateway • Only needed when you communicate off of network • configure terminal • ip default-gateway XXX.XXX.XXX.XXX

  32. Switch uses DHCP • You can also have the switch ask for an IP address by DHCP • configure terminal • interface vlan1 • ip address dhcp • You will not need the default gateway in this case

  33. Switch Interfaces • The ethernet ports are called interfaces • Can configure if necessary • Descriptions • Speed (10 or 100) • Duplex (half or full) • configure terminal • interface Fastethernet 0/# • # is the port number you want to configure

  34. Port Security • Can limit the number of MAC addresses that a switch will allow in MAC Address table for a port • Can program MAC addresses into the table instead of learning them

  35. Port Security • Switchport Mode access • Set the port to a single VLAN • Switchport port-security • switchport port-security maximum number • Max number of addresses on the port • switchport port-security violation {protect | restrict | shutdown} • What to do if there is a violation • switchport port-security mac-address mac-address • Program the mac address • switchport port-security macaddresssticky • Add the first MAC address in and don’t allow others

  36. Any Questions?

  37. VLAN Configuration • Two main steps • Create VLAN router(config)#vlan 2 Adds the vlan 2 to the system router(config-vlan)#name Freds-vlan Associates the name Freds-vlan to vlan 2 • Assign ports to VLAN Router(config)#interface range f0/13-14 Config interface 13 and 14 Router(config-if)#switchport access vlan2 Assigns these ports to VLAN2

  38. Securing Unused Interfaces • Default of interfaces • VLAN1 • No shutdown • Use • shutdown • Turn off interface • switchport mode access • Prevent trunking • switchport access vlan # • Assign to a particular VLAN

  39. Key Topics • Check Handout

  40. Any Questions?

More Related