27 Mar 2009

Switch Port Security

Switch(config)#interface fastethernet0/0

switch(config-if)# switchport mode access

Switch(config-if)#switchport port-security-->The command enables port security on the interface. (it is disabled, by default).

Switch(config-if)#switchport port-security maximum value -->The command specifies the maximum number of devices that can be associated with the interface. This defaults to 1 and can range from 1 to 132.

Switch(config-if)#switchport port-security mac-address MAC_address -->The command specify the exact MAC address that is allowed to be associated with this interface.This command is statically defining the MAC addresses allowed off of the port.We can add additional secure MAC addresses up to the maximum value configured.

Switch(config-if)#switchport port-security violation shutdown -->Causes the switch to generate an alert and to disable the interface. The only way to re-enable the interface is to use the no shutdown command. This is the default violation mode if you don’t specify the mode.

Switch(config-if)#switchport port-security violation restrict -->Causes the switch to generate a security violation alert.

Switch(config-if)#switchport port-security violation protect -->When the number of secure addresses reaches the maximum number allowed, any additionally learned addresses will be dropped. This applies only if you have enabled the sticky option, discussed in the next paragraph.

Switch(config-if)#switchport port-security mac-address sticky -->The sticky command allows the switch to dynamically learn the MAC address(es) associated with the interface and convert these dynamic entries to static entries. The interface will learn MAC addresses only up to the maximum configured value for that interface. Then you use copy running-config startup-config command save the configuration , and when you reboot your switch, the sticky-learned addresses appear as statically secure addresses.

EXAMPLE :

switch(config)# interface fastethernet0/2

switch(config-if)# switchport mode access

switch(config-if)# switchport port-security

switch(config-if)# switchport port-security maximum 2

switch(config-if)# switchport port-security mac-address aaaa.1234.5de6

switch(config-if)# switchport port-security violation shutdown

switch(config-if)# switchport port-security mac-address sticky

Port Security Verification

Switch#show port-security -->Displays security information for all interfaces

Switch#show port-security interface fastethernet 0/1 -->Displays security information for interface fastethernet 0/5

Switch#show port-security address -->Displays MAC address table security information

Switch#show mac address-table -->Displays the MAC address table

Gönderen zaman: Hiç yorum yok:

26 Mar 2009

CCNA LAB:Frame Relay Multipoint Subinterfaces


RTA ROUTER
RTA(config)#interface serial 0/0
RTA(config-if)#no ip address
RTA(config-if)#no shutdown
RTA(config-if)#exit
RTA(config)#interface serial 0/0.1 multipoint
RTA(config-if)#ip address 10.10.10.1 255.255.255.0
RTA(config-if)#frame-relay map ip 10.10.10.2 56 broadcast
RTA(config-if)#frame-relay map ip 10.10.10.3 57 broadcast
RTA(config-if)#interface serial 0/0.2 point-to-point
RTA(config-if)#ip address 20.20.20.1 255.255.255.0
RTA(config-if)#frame-relay interface-dlci 58
RTA(config-if)#exit
RTA(config)#

RTB ROUTER
RTB(config-if)#interface serial 0/0
RTB(config-if)#encapsulation frame-relay
RTB(config-if)#ip address 10.10.10.2 255.255.255.0
RTB(config-if)#frame-relay map ip 10.10.10.1 65 broadcast
RTB(config-if)#frame-relay map ip 10.10.10.3 65 broadcast
RTB(config-if)#no shutdown

RTC ROUTER
RTC(config-if)#interface serial 0/0
RTC(config-if)#encapsulation frame-relay
RTC(config-if)#ip address 10.10.10.3 255.255.255.0
RTC(config-if)#frame-relay map ip 10.10.10.1 75 broadcast
RTC(config-if)#frame-relay map ip 10.10.10.2 75 broadcast
RTC(config-if)#no shutdown

RTD ROUTER
RTD(config)#interface serial 0/0
RTD(config-if)#encapsulation frame-relay
RTD(config-if)#ip address 20.20.20.2 255.255.255.0
RTD(config-if)#frame-relay interface-dlci 85
RTD(config-if)#no shutdown
Gönderen zaman: 1 yorum:

24 Mar 2009

CCNA LAB: RIPv2 ROUTING CONFIGURATION EXAMPLE

 

RTA ROUTER

Router>enable

Router #configure terminal

Router (config)#hostname RTA

RTA (config)#int s0/0

RTA (config-if)#ip address 172.16.20.1 255.255.255.252

RTA (config-if)#clock rate 64000

RTA (config-if)#no shutdown

RTA (config-if)#exit

RTA (config)#int fa0/0

RTA (config-if)#ip address 172.16.1.1 255.255.255.0

RTA (config-if)#no shutdown

RTA (config-if)#exit

RTA (config)#router rip

RTA (config-router)#version 2

RTA (config-router)#network 172.16.0.0

RTA (config-router)#no auto-summary

RTA (config-router)#exit

RTA (config)#exit

RTA #copy running-config startup-config

RTA#


RTB ROUTER

Router>enable

Router #configure terminal

Router (config)#hostname RTB

RTB (config)#int s0/0

RTB (config-if)#ip address 172.16.40.1 255.255.255.252

RTB (config-if)#clock rate 64000

RTB (config-if)#no shutdown

RTB (config-if)#exit

RTB (config)#int s0/1

RTB (config-if)#ip address 172.16.20.2 255.255.255.252

RTB (config-if)#no shutdown

RTB (config-if)#exit

RTB (config)#int fa0/0

RTB (config-if)#ip address 172.16.3.1 255.255.255.0

RTB (config-if)#no shutdown

RTB (config-if)#exit

RTB (config)#router rip

RTB (config-router)#version 2

RTB (config-router)#network 172.16.0.0

RTB (config-router)#no auto-summary

RTB (config-router)#exit

RTB (config)#exit

RTB #copy running-config startup-config

RTB#


RTC ROUTER

Router>enable

Router #configure terminal

Router (config)#hostname RTC

RTC (config)#int s0/1

RTC (config-if)#ip address 172.16.40.2 255.255.255.252

RTC (config-if)#no shutdown

RTC (config-if)#exit

RTC (config-if)#exit

RTC (config)#int fa0/0

RTC(config-if)#ip address 172.16.4.1 255.255.255.0

RTC (config-if)#no shutdown

RTC (config-if)#exit

RTC (config)#router rip

RTC (config-router)#version 2

RTC (config-router)#network 172.16.0.0

RTC(config-router)#no auto-summary

RTC(config-router)#exit

RTC (config)#exit

RTC #copy running-config startup-config

RTC#

Gönderen zaman: Hiç yorum yok:

CCNA LAB: STATIC ROUTE CONFIGURATION EXAMPLE

RTA ROUTER

Router>enable

Router #configure terminal

Router (config)#hostname RTA

RTA (config)#int s0/0

RTA (config-if)#ip address 172.16.10.1 255.255.255.252

RTA (config-if)#clock rate 64000

RTA (config-if)#no shutdown

RTA (config-if)#exit

RTA (config)#int fa0/0

RTA (config-if)#ip address 192.168.10.1 255.255.255.0

RTA (config-if)#no shutdown

RTA (config-if)#exit

RTA (config)# ip route 192.168.20.0 255.255.255.0 172.16.10.2

RTA (config)# ip route 172.16.20.0 255.255.255.0 172.16.10.2

RTA (config)# ip route 192.168.30.0 255.255.255.0 172.16.10.2

RTA (config-router)#exit

RTA (config)#exit

RTA #copy running-config startup-config

RTA#


RTB ROUTER

Router>enable

Router #configure terminal

Router (config)#hostname RTB

RTB (config)#int s0/1

RTB (config-if)#ip address 172.16.10.2  255.255.255.252

RTB(config-if)#no shutdown

RTB (config-if)#exit

RTB (config)#int s0/0

RTB (config-if)#ip address 172.16.20.1 255.255.255.252

RTB (config-if)#clock rate 64000

RTB (config-if)#no shutdown

RTB (config-if)#exit

RTB(config)#int fa0/0

RTB (config-if)#ip address 192.168.20.1 255.255.255.0

RTB (config-if)#no shutdown

RTB (config-if)#exit

RTB (config)# ip route 192.168.10.0 255.255.255.0 172.16.10.1

RTB (config)# ip route 192.168.30.0 255.255.255.0 172.16.20.2

RTB (config-router)#exit

RTB (config)#exit

RTB #copy running-config startup-config

RTB#


RTC ROUTER

Router>enable

Router #configure terminal

Router(config)# hostname RTC

RTC (config)#int s0/1

RTC (config-if)#ip address 172.16.20.2  255.255.255.252

RTC(config-if)#no shutdown

RTC (config-if)#exit

RTC(config)#int fa0/0

RTC (config-if)#ip address 192.168.30.1 255.255.255.0

RTC (config-if)#no shutdown

RTC (config-if)#exit

RTC (config)# ip route 192.168.20.0 255.255.255.0 172.16.20.1

RTC (config)# ip route 172.16.10.0 255.255.255.0 172.16.20.1

RTC (config)# ip route 192.168.10.0 255.255.255.0 172.16.20.1

RTC (config-router)#exit

RTC (config)#exit

RTC #copy running-config startup-config

RTC#

 





Gönderen zaman: 1 yorum:

CCNA LAB:EIGRP CONFIGURATION with MD5 AUTHENTICATION

EIGRP MD 5 Authentication

To specify MD5 authentication, the command is:

router(config-if)#ip authentication mode eigrp autonomous-system md5

Once MD5 is specified, the command to set the key is:

router(config-if)#ip authentication key-chain eigrp autonomous-system chain-name

Finally, the key-chain is configured and the key is specified:

router(config-if)#key chain chain-name

router(config-if)#key key-id

router(config-keychain-key)#key-string key


RTA ROUTER

Router>enable

Router# configure terminal

Router(config)#hostname RTA

RTA(config)#interface serial 0/0 

RTA(config-if)#ip address 192.168.10.1 255.255.255.252

RTA(config-if)#clock rate 64000

RTA(config-if)#ip authentication mode eigrp 65 md5

RTA(config-if)#ip authentication key-chain eigrp 65 thewayofccie

RTA(config-if)#no shutdown

RTA(config-if)#exit

RTA(config)#key chain thewayofccie

RTA(config-keychain)#key 1

RTA(config-keychain-key)#key-string mykey

RTA(config-keychain-key)#exit

RTA(config-keychain)#exit

RTA(config)#interface fastethernet 0/0

RTA(config-if)#ip address 192.168.20.1 255.255.255.0

RTA(config-if)#no shutdown

RTA(config-if)#exit

RTA(config)#router eigrp 65

RTA(config-router)#network 192.168.10.0

RTA(config-router)#network 192.168.20.0

RTA(config-if)#no auto-summary

RTA(config-if)#exit

RTA(config)#exit

RTA# copy running-config startup-config


RTB ROUTER

Router>enable

Router# configure terminal

Router(config)#hostname RTB

RTB(config)#interface serial 0/0

RTB(config-if)#ip address 192.168.10.2 255.255.255.252

RTB(config-if)#ip authentication mode eigrp 65 md5

RTB(config-if)#ip authentication key-chain eigrp 65 thewayofccie

RTB(config-if)#no shutdown

RTB(config-if)#exit

RTB(config)#key chain thewayofccie

RTB(config-keychain)#key 1

RTB(config-keychain-key)#key-string mykey

RTB(config-keychain-key)#exit

RTB(config-keychain)#exit

RTB(config)#interface fastethernet 0/0

RTB(config-if)#ip address 192.168.30.1 255.255.255.0

RTB(config-if)#no shutdown

RTB(config-if)#exit

RTB(config)#router eigrp 65

RTB(config-router)#network 192.168.10.0

RTB(config-router)#network 192.168.30.0

RTB(config-if)#no auto-summary

RTB(config-if)#exit

RTB(config)#exit

RTB# copy running-config startup-config

 

 

Gönderen zaman: Hiç yorum yok:
Kaydol: Kayıtlar (Atom)