Step 1: Determine the network users
Use word processing software to create a network organization structure document.
Examine the FilmCompany case study document and the sample interview.
Identify and list the potential end users.
Diagram the relationship between these users.
Step 2: Assess impact of user network access
Identify and include the different types of existing and potential new network services the listed users may require. Group the users under the type of network services they use
The impact of adding new user groups to the network also needs to be assessed. Identify and include in the network organization structure document:
• New user groups
• The type of access required
• Where access is allowed
• The overall impact on security
Save your network user structure document and network organization diagram and retain it for the next stages of this network design case study.
Step 3: Reflection
The total number of users has a direct impact on the scale of the network at the Access Layer. The type of users and the services they require also have implications for the network structure. Discuss and consider the impact that the range of network services required by even a relatively small number of users can have on the network structure
Rabu, 05 Januari 2011
Tugas CCNA 4 Lab 2.1.6 Observing Traffic Using Cisco Network Assistant
Step 1: Establish the network baseline criteria
Network baselining is the measuring and rating of the performance of a network as it transports data in real time.
Step 2: Configure network connectivity
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Connect the devices in accordance with the given topology and configuration. Your instructor may substitute Discovery Server with an equivalent server for this lab.
See your instructor regarding device configuration. If the devices are not configured, then from the Admin PC, establish a terminal session in turn to each switch and the router using HyperTerminal or TeraTerm. Configure these devices in accordance with the configuration details provided.
Ping between all devices to confirm network connectivity. Troubleshoot and establish connectivity if
the pings fail.
Step 3: Set up Cisco Network Assistant
From the Admin PC, launch the Cisco Network Assistant program.
Set Cisco Network Assistant to discover the network. One method is to establish a “community” of devices. From the Application menu, click Communities.
In the Communities window, click Create.
In the Name field, enter FilmCompany.
List the four options available in the Discover field:
From the Discover drop-down list, select Devices in an IP address range.
At the Start IP address, enter 10.0.0.1
At the End IP address, enter 10.0.0.5
Click Start. The devices found will be listed.
Click OK on the Create Community and Communities dialog boxes. Note the range of icons now available on the top toolbar.
Click the Topology icon on the top toolbar and view the topology that Cisco Network Assistant has created.
Step 4: Examine Cisco Network Assistant features
Cisco Network Assistant provides a range of features to display text and graphical information about the network devices. From the topology view window, right click each device’s ID and select properties. What protocol is used to discover and obtain the device information displayed?
Jawaban: Cisco Discovery Protocol
Step 5: Examine sample Cisco Network Assistant output
Once devices are added to the community, the links can be monitored from the Monitor tab of Cisco Network Assistant.
Step 6: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab focused on monitoring individual devices in a network. Consider, research, and discuss the network factors that should be included in network baseline measurements. Responses vary but examples include:
• Testing and reporting of the physical connectivity
• Normal network utilization
• Peak network utilization
• Average throughput of the network usage
• Protocol usage
In-depth network analysis can identify problems with speed and accessibility and can find vulnerabilities and other problems within the network. Once a network baseline has been established, this information can be ensure the current network is optimized for peak performance. Network analysis techniques include:
• Physical health analysis
• Broadcast storm analysis
• Network capacity overload analysis
• Network throughput analysis
• Transport and file retransmission analysis
• Packet route and path cost analysis
• End-to-end file transfer analysis
Network baselining is the measuring and rating of the performance of a network as it transports data in real time.
Step 2: Configure network connectivity
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Connect the devices in accordance with the given topology and configuration. Your instructor may substitute Discovery Server with an equivalent server for this lab.
See your instructor regarding device configuration. If the devices are not configured, then from the Admin PC, establish a terminal session in turn to each switch and the router using HyperTerminal or TeraTerm. Configure these devices in accordance with the configuration details provided.
Ping between all devices to confirm network connectivity. Troubleshoot and establish connectivity if
the pings fail.
Step 3: Set up Cisco Network Assistant
From the Admin PC, launch the Cisco Network Assistant program.
Set Cisco Network Assistant to discover the network. One method is to establish a “community” of devices. From the Application menu, click Communities.
In the Communities window, click Create.
In the Name field, enter FilmCompany.
List the four options available in the Discover field:
From the Discover drop-down list, select Devices in an IP address range.
At the Start IP address, enter 10.0.0.1
At the End IP address, enter 10.0.0.5
Click Start. The devices found will be listed.
Click OK on the Create Community and Communities dialog boxes. Note the range of icons now available on the top toolbar.
Click the Topology icon on the top toolbar and view the topology that Cisco Network Assistant has created.
Step 4: Examine Cisco Network Assistant features
Cisco Network Assistant provides a range of features to display text and graphical information about the network devices. From the topology view window, right click each device’s ID and select properties. What protocol is used to discover and obtain the device information displayed?
Jawaban: Cisco Discovery Protocol
Step 5: Examine sample Cisco Network Assistant output
Once devices are added to the community, the links can be monitored from the Monitor tab of Cisco Network Assistant.
Step 6: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab focused on monitoring individual devices in a network. Consider, research, and discuss the network factors that should be included in network baseline measurements. Responses vary but examples include:
• Testing and reporting of the physical connectivity
• Normal network utilization
• Peak network utilization
• Average throughput of the network usage
• Protocol usage
In-depth network analysis can identify problems with speed and accessibility and can find vulnerabilities and other problems within the network. Once a network baseline has been established, this information can be ensure the current network is optimized for peak performance. Network analysis techniques include:
• Physical health analysis
• Broadcast storm analysis
• Network capacity overload analysis
• Network throughput analysis
• Transport and file retransmission analysis
• Packet route and path cost analysis
• End-to-end file transfer analysis
Tugas CCNA 4 Lab 2.1.3 Creating a Project Plan
Step 1: Evaluate the current network, operations, and network management infrastructure
Use word processing software to create a Project Plan Checklist document based on this lab.
From the case study, document, identify, and assess the current state of the following factors:
Assess the ability of the current operations and network management infrastructure to support a new technology solution. On the checklist, list the following categories and include what changes must be completed before the implementation of any new technology solution.
• Infrastructure
• Personnel
• Processes
• Tools
Identify and add to the checklist any custom applications that may be required for the new network.
Step 2: Outline the project plan
To manage the project, the project plan includes five components. List these five components and an example of each, and then add them to the checklist. Jawaban: 1) Tasks· (Install wireless Access Points, configure routers), 2) Timelines and critical milestones· (Calendar or chart), 3) Risks and constraints· (Temporary loss of services, budget), 4) Responsibilities· (Allocation of tasks), 5) Resources required: (Cabling, equipment, time, specialist skills)
The plan needs to be within the scope, cost, and resource limits established by the business goals.
The FilmCompany and the stadium management need to assign staff to manage the project from each of their perspectives
Save your Project Plan Checklist document. You will use it during the next stages of this network design case study.
Step 3: Reflection
Sometimes apparent urgency, pressure to present results, and enthusiasm for a project can create a work environment that causes projects to be started before proper planning has been completed. Consider and discuss the potential problems that result from starting a network upgrade before completely assessing the existing network.
Category:
Use word processing software to create a Project Plan Checklist document based on this lab.
From the case study, document, identify, and assess the current state of the following factors:
Assess the ability of the current operations and network management infrastructure to support a new technology solution. On the checklist, list the following categories and include what changes must be completed before the implementation of any new technology solution.
• Infrastructure
• Personnel
• Processes
• Tools
Identify and add to the checklist any custom applications that may be required for the new network.
Step 2: Outline the project plan
To manage the project, the project plan includes five components. List these five components and an example of each, and then add them to the checklist. Jawaban: 1) Tasks· (Install wireless Access Points, configure routers), 2) Timelines and critical milestones· (Calendar or chart), 3) Risks and constraints· (Temporary loss of services, budget), 4) Responsibilities· (Allocation of tasks), 5) Resources required: (Cabling, equipment, time, specialist skills)
The plan needs to be within the scope, cost, and resource limits established by the business goals.
The FilmCompany and the stadium management need to assign staff to manage the project from each of their perspectives
Save your Project Plan Checklist document. You will use it during the next stages of this network design case study.
Step 3: Reflection
Sometimes apparent urgency, pressure to present results, and enthusiasm for a project can create a work environment that causes projects to be started before proper planning has been completed. Consider and discuss the potential problems that result from starting a network upgrade before completely assessing the existing network.
Category:
Tugas CCNA 4 Lab 1.4.6B Implementing Port Security
Step 1: Prepare the switch for configuration
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Referring to the topology diagram, connect the console (or rollover) cable to the console port on the switch and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and switch.
Establish a console terminal session from PC1 to switch S1.
Prepare the switch for lab configuration by ensuring that all existing VLAN and general configurations are removed.
Power cycle the switch and exit the initial configuration setup when the switch restarts.
Step 2: Configure the switch
Configure the hostname and VLAN 1 interface IP address as shown in the table.
Step 3: Configure the hosts attached to the switch
Configure the two PCs to use the same IP subnet for the address and mask as shown in the table.
Connect PC1 to switch port Fa0/1 and PC2 to switch port Fa0/4. The Linksys device is not connected at this stage of the lab.
Step 4: Verify host connectivity
Ping between all PCs and the switch to verify correct configuration. If any ping was not successful, troubleshoot the hosts and switch configurations.
Step 5: Record the host MAC addresses
Determine and record the Layer 2 addresses of the PC network interface cards.
(For Windows 2000, XP, or Vista, check by using Start > Run > cmd > ipconfig /all.)
PC1 MAC Address: _______________________________ e.g., 00-07-EC-93-3CD1
PC2 MAC Address: _______________________________ e.g., 00-01-C7-E4-ED-E6
Step 6: Determine what MAC addresses the switch has learned
At the privileged EXEC mode prompt, issue the show mac-address-table command to display the PC MAC addresses that the switch has learned.
FC-ASW-1#show mac-address-table
Record the details displayed in the table.
____________________________________________________________________________
____________________________________________________________________________
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0001.c7e4.ede6 DYNAMIC Fa0/1
1 0007.ec93.3cd1 DYNAMIC Fa0/4
NOTE: The MAC addresses above are examples only.
Note the MAC addresses shown and the associated switch ports. Confirm that these addresses
Task 2 Configure and Test the Switch for Dynamic Port Security
Step 1: Set port security options
Disconnect all PCs Ethernet cables from the switch ports.
Ensure that the MAC address table is clear of entries. To confirm this, issue the clear macaddress-
table dynamic and show mac-address-table commands.
a. Clear the MAC address table entries.
FC-ASW-1#clear mac-address-table dynamic
b. Issue the show mac-address-table command.
Record the table entries.
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
Determine the options for setting port security on interface FastEthernet 0/4. From the global configuration mode, enter interface fastethernet 0/4.
FC-ASW-1(config)#interface fa 0/4
Enabling switch port security provides options, such as specifying what happens when a security setting is violated.
To configure the switch port FastEthernet 0/4 to accept only the first device connected to the port, issue the following commands from the configuration mode:
FC-ASW-1(config-if)#switchport mode access
FC-ASW-1(config-if)#switchport port-security
In the event of a security violation, the interface should be shut down. Set the port security action to shutdown:
FC-ASW-1(config-if)#switchport port-security violation shutdown
FC-ASW-1(config-if)#switchport port-security mac-address sticky
What other action options are available with port security?Jawaban: protect, restrict
Exit the configuration mode.
Step 2: Verify the configuration
Display the running configuration.
What statements in the configuration directly reflect the security implementation?
Show the port security settings. FC-ASW-1#show port-security interface fastethernet 0/4
Record the details displayed in the table.
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
Step 3: Verify the port security
Connect PC1 to switch port Fa0/1 and PC2 to switch port Fa0/4.
From the command prompt ping from PC1 to PC2.
From the command prompt ping from PC2 to PC1.
From the console terminal session, issue the show mac-address-table command.
Show the port security settings.
FC-ASW-1#show port-security interface fastethernet 0/4
Record the details displayed in the table.
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
Step 4: Test the port security
Disconnect PC2 from Fa0/4
Connect PC2 to the Linksys using one of the ports on the Linksys LAN switch.
Use the Basic Setup tab to configure the Internet IP address on the Linksys device to the address and mask, as shown in the table.
Step 5: Reactivate the port
If a security violation occurs and the port is shut down, enter interface Fa0/4 configuration mode, disconnect the offending device, and use the shutdown command to temporarily disable the port.
Disconnect the Linksys and reconnect PC2 to port Fa0/4. Issue the no shutdown command on the
Step 6: Discuss switch port security using dynamic MAC address assignment
Step 7: Clean up
Erase the configurations and reload the switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
When considering designing a typical enterprise network, it is necessary to think about points of security vulnerability at the Access Layer. Discuss which Access Layer switches should have port security and those for which it may not be appropriate. Include possible future issues in regard to wireless and guest access to the network.
Jawaban:
• What types of hosts are connected to the switch; e.g., general PCs, IP phones, printers, servers.
• The type of users – employees or guests
• Where access is made – in secure office or in public area
• Type of access – wired or wireless
• Investigating the security features available on different switch platforms
• How port security policies can be implemented and managed.
• Static versus dynamic port security
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Referring to the topology diagram, connect the console (or rollover) cable to the console port on the switch and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and switch.
Establish a console terminal session from PC1 to switch S1.
Prepare the switch for lab configuration by ensuring that all existing VLAN and general configurations are removed.
Power cycle the switch and exit the initial configuration setup when the switch restarts.
Step 2: Configure the switch
Configure the hostname and VLAN 1 interface IP address as shown in the table.
Step 3: Configure the hosts attached to the switch
Configure the two PCs to use the same IP subnet for the address and mask as shown in the table.
Connect PC1 to switch port Fa0/1 and PC2 to switch port Fa0/4. The Linksys device is not connected at this stage of the lab.
Step 4: Verify host connectivity
Ping between all PCs and the switch to verify correct configuration. If any ping was not successful, troubleshoot the hosts and switch configurations.
Step 5: Record the host MAC addresses
Determine and record the Layer 2 addresses of the PC network interface cards.
(For Windows 2000, XP, or Vista, check by using Start > Run > cmd > ipconfig /all.)
PC1 MAC Address: _______________________________ e.g., 00-07-EC-93-3CD1
PC2 MAC Address: _______________________________ e.g., 00-01-C7-E4-ED-E6
Step 6: Determine what MAC addresses the switch has learned
At the privileged EXEC mode prompt, issue the show mac-address-table command to display the PC MAC addresses that the switch has learned.
FC-ASW-1#show mac-address-table
Record the details displayed in the table.
____________________________________________________________________________
____________________________________________________________________________
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0001.c7e4.ede6 DYNAMIC Fa0/1
1 0007.ec93.3cd1 DYNAMIC Fa0/4
NOTE: The MAC addresses above are examples only.
Note the MAC addresses shown and the associated switch ports. Confirm that these addresses
Task 2 Configure and Test the Switch for Dynamic Port Security
Step 1: Set port security options
Disconnect all PCs Ethernet cables from the switch ports.
Ensure that the MAC address table is clear of entries. To confirm this, issue the clear macaddress-
table dynamic and show mac-address-table commands.
a. Clear the MAC address table entries.
FC-ASW-1#clear mac-address-table dynamic
b. Issue the show mac-address-table command.
Record the table entries.
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
Determine the options for setting port security on interface FastEthernet 0/4. From the global configuration mode, enter interface fastethernet 0/4.
FC-ASW-1(config)#interface fa 0/4
Enabling switch port security provides options, such as specifying what happens when a security setting is violated.
To configure the switch port FastEthernet 0/4 to accept only the first device connected to the port, issue the following commands from the configuration mode:
FC-ASW-1(config-if)#switchport mode access
FC-ASW-1(config-if)#switchport port-security
In the event of a security violation, the interface should be shut down. Set the port security action to shutdown:
FC-ASW-1(config-if)#switchport port-security violation shutdown
FC-ASW-1(config-if)#switchport port-security mac-address sticky
What other action options are available with port security?Jawaban: protect, restrict
Exit the configuration mode.
Step 2: Verify the configuration
Display the running configuration.
What statements in the configuration directly reflect the security implementation?
Show the port security settings. FC-ASW-1#show port-security interface fastethernet 0/4
Record the details displayed in the table.
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
Step 3: Verify the port security
Connect PC1 to switch port Fa0/1 and PC2 to switch port Fa0/4.
From the command prompt ping from PC1 to PC2.
From the command prompt ping from PC2 to PC1.
From the console terminal session, issue the show mac-address-table command.
Show the port security settings.
FC-ASW-1#show port-security interface fastethernet 0/4
Record the details displayed in the table.
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
Step 4: Test the port security
Disconnect PC2 from Fa0/4
Connect PC2 to the Linksys using one of the ports on the Linksys LAN switch.
Use the Basic Setup tab to configure the Internet IP address on the Linksys device to the address and mask, as shown in the table.
Step 5: Reactivate the port
If a security violation occurs and the port is shut down, enter interface Fa0/4 configuration mode, disconnect the offending device, and use the shutdown command to temporarily disable the port.
Disconnect the Linksys and reconnect PC2 to port Fa0/4. Issue the no shutdown command on the
Step 6: Discuss switch port security using dynamic MAC address assignment
Step 7: Clean up
Erase the configurations and reload the switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
When considering designing a typical enterprise network, it is necessary to think about points of security vulnerability at the Access Layer. Discuss which Access Layer switches should have port security and those for which it may not be appropriate. Include possible future issues in regard to wireless and guest access to the network.
Jawaban:
• What types of hosts are connected to the switch; e.g., general PCs, IP phones, printers, servers.
• The type of users – employees or guests
• Where access is made – in secure office or in public area
• Type of access – wired or wireless
• Investigating the security features available on different switch platforms
• How port security policies can be implemented and managed.
• Static versus dynamic port security
Tugas CCNA 4 Lab 1.4.6A Gaining Physical Access to the Network
Step 1: Attempt login to the router
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Referring to the Topology 1, connect the host PC NIC Ethernet port to the router Fa0/0 Ethernet port using a crossover cable. Ensure that power has been applied to both the host computer and router.
Using the given preconfigured topology, attempt to telnet to the router from the PC command line.
When this attempt at remote login fails, establish a direct physical connection to the router by making the necessary console connections between the PC and router. Then establish a terminal session using HyperTerminal or TeraTerm. What does the message-of-the-day display? Jawaban: ONLY AUTHORIZED ACCESS TO THIS DEVICE PERMITTED Unauthorized access will be penalized in accordance with the relevant laws
Attempt to log in by guessing the password.
How many login attempts are allowed? __________ 3
What message is displayed to indicate failure of the log-in attempts? Jawaban: % Bad passwords
The configuration register needs to be changed so that the startup-configuration is not loaded. Normally, this is this done from the global configuration mode, but because you cannot log in at all, the boot process must first be interrupted so that the change can be made in the ROM Monitor mode.
Step 2: Enter the ROM Monitor mode
ROM Monitor mode (ROMMON) is a limited command-line environment used for special purposes, such as low-level troubleshooting and debugging. ROMMON mode is invoked when a Break key sequence sent to the console port interrupts the router boot process. This can only be done via the physical console connection.
The actual Break key sequence depends on the terminal program used:
• With HyperTerminal, the key combination is Ctrl+Break.
• For TeraTerm, it is Alt+b.
The list of standard break key sequences is available at http://www.cisco.com/warp/public/701/61.pdf
To enter ROM Monitor mode, turn the router off, wait a few seconds, and turn it back on.
When the router starts displaying “System Bootstrap, Version …” on the terminal screen, press the Ctrl key and the Break key together if using HyperTerminal, or the Alt key and the b key together if using TeraTerm.
The router will boot in ROM monitor mode. Depending on the router hardware, one of several prompts such as “rommon 1 >” or simply “>” may show.
Step 3: Examine the ROM Monitor mode help
Enter ? at the prompt. The output should be similar to this:
rommon 1 > ?
alias set and display aliases command
boot boot up an external process
break set/show/clear the breakpoint
confreg configuration register utility
context display the context of a loaded image
dev list the device table
dir list files in file system
dis display instruction stream
help monitor builtin command help
history monitor command history
meminfo main memory information
repeat repeat a monitor command
reset system reset
set display the monitor variables
sysret print out info from last system return
tftpdnld tftp image download
xmodem x/ymodem image download
Step 4: Change the configuration register setting to boot without loading configuration file
From the ROM Monitor mode, enter confreg 0×2142 to change the config-register. rommon 2 > confreg 0×2142
NOTE: The ROMMON prompt increments when a command is issued – this is normal behavior. The increment does not mean a change of mode. The same ROMMON commands are still available. “0x” (zero- x) denotes that 2142 is a hexadecimal value. What is this value in binary?
Step 5: Restart router
From the ROM Monitor mode, enter reset, or power cycle the router. rommon 3 > reset
Due to the new configuration register setting, the router will not load the configuration file. After restarting, the system prompts:
“Would you like to enter the initial configuration dialog? [yes/no]:”
Enter no and press Enter.
Step 6: Enter Privileged EXEC mode and view and change passwords
The router is now running without a loaded configuration file.
At the user mode prompt Router>, enter enable and press Enter to go to the privileged mode without a password.
Use the command copy startup-config running-config to restore the existing configuration. Because the user is already in privileged EXEC, no password is needed.
Enter show running-config to display the configuration details. Note that all the passwords are shown.
enable password different
line con 0 password unusual
line vty 0 4 password uncommon
What two measures could be taken to prevent the passwords from being readable? service password encryption, enable secret somepassword
If the passwords were not readable, they can be changed. Enter configure terminal to enter the global configuration mode.
In global configuration mode, use these commands to change the passwords:
FC-CPE-1(config)#enable password cisco
FC-CPE-1(config)#line console 0
FC-CPE-1(config-line)#password console
FC-CPE-1(config-line)#login
FC-CPE-1(config-line)#line vty 0 4
FC-CPE-1(config-line)#password telnet
FC-CPE-1(config-line)#login
Step 7: Change the configuration register setting to boot and load the configuration file
The instructor will provide you with the original configuration register value, most likely 0×2101. While still in the global configuration mode, enter config-register 0×2101 (or the value provided by your instructor). Press Enter. FC-CPE-1(config)#config-register 0×2101
Use the Ctrl+z combination to return to the privileged EXEC mode.
Use the copy running-config startup-config command to save the new configuration.
Before restarting the router, verify the new configuration setting. From the privileged EXEC prompt, enter the show version command and press Enter.
Verify that the last line of the output reads: Configuration register is 0×2142 (will be 0×2101 at next reload).
Use the reload command to restart the router.
Step 8: Verify new password and configuration
When the router reloads, log in and change mode using the new passwords.
Issue the no shutdown command on the fa0/0 interface to bring it up to working status. FC-CPE-1(config-if)# no shutdown
Save the running configuration to startup configuration FC-CPE-1# copy run start
Disconnect the console cable and access the router using Telnet from the PC command line. The newly configured passwords will allow a successful login.
Step 9: Clean up
Erase the configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 2: Access and Change the Switch Passwords
Step 1: Attempt login to the switch
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Referring to the Topology 2, connect the host PC NIC Ethernet port to the switch Fa0/1 Ethernet port using a straight-through cable. Ensure that power has been applied to both the host computer and switch.
Using the given preconfigured topology, attempt to telnet to the router from the PC command line.
Step 2: Enter the switch: mode
Power off the switch.
Locate the MODE button on the front of the switch.
Hold down the MODE button on the front of the switch while powering on the switch. Release the
MODE button after 10 seconds.
Output similar to the following should be displayed:
Base ethernet MAC Address: 00:0a:b7:72:2b:40
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the
flash files system. The following commands will initialize
the flash files system, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:
To initialize the file system and finish loading the operating system, enter the following commands at
the switch: prompt:
switch: flash_init
switch: load_helper
To view the contents of flash memory, enter dir flash: at the switch: prompt.
switch: dir flash:
NOTE: Do not forget to type the colon (:) after the word “flash” in the command dir flash:
The file config.txt should be seen listed.
Enter rename flash:config.text flash:config.old to rename the configuration file. This file contains the password definitions.
Enter dir flash: at the switch: prompt to view the name change. switch: dir flash:
Step 3: Restart the switch
Enter boot to restart the switch.
Would you like to terminate autoinstall? [Yes]: Y
Would you like to enter the initial configuration dialog? [yes/no] N Switch>
Step 4: Enter Privileged EXEC mode and view and change passwords
The switch is now running without a loaded configuration file.
At the user mode prompt Router>, type enable and press Enter to go to the privileged mode without a password.
Enter rename flash:config.old flash:config.text to rename the configuration file with its original name.
Switch#rename flash:config.old flash:config.text
Destination filename [config.text]?
Press Enter to confirm file name change.
Copy the configuration file into RAM.
Switch#copy flash:config.text system:running-config
Destination filename [running-config]?
Press Enter to confirm file name.
Press Enter to accept the default file names.
Source filename [config.text]?
Destination filename [running-config]
The configuration file is now loaded.
Enter show running-config to display the configuration details. Note that all the passwords are shown.
enable password different
line con 0 password unusual
line vty 0 4 password uncommon
What two measures could be taken to prevent the passwords from being readable?
____________________________________________ service password encryption
____________________________________________ enable secret somepassword
If the passwords were not readable they can be changed. Enter configure terminal to enter the global configuration mode.
Change the unknown passwords.
FC-ASW-1#configure terminal
FC-ASW-1(config)#enable password cisco
FC-ASW-1(config)#line console 0
FC-ASW-1(config-line)#password console
FC-ASW-1(config-line)#line vty 0 15
FC-ASW-1(config-line)#password telnet
FC-ASW-1(config-line)#exit
FC-ASW-1(config)#exit
Step 5: Save the configuration file
Use the copy running-config startup-config command to save the new configuration.
Step 6: Verify new password and configuration
Power cycle the switch and verify that the passwords are now functional.
Step 7: Clean up
Erase the configurations and reload the switch. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
Consider the different methods of securing physical access to networking devices such as routers and
switches. List how only those people who require access can be identified and how this security can be
implemented. Jawaban: Physical security includes locking rooms and closets containing switches and routers. Networking devices sharing common space with other services, such as electrical power panels, should be enclosed in a separated lockable cabinet. Keys and access codes should only be given to identified authorized personnel. People authorized to access the networking devices should include only those network personnel required to configure and troubleshoot switches and routers as part of their regular or daily duties. Other IT personnel such as help desk staff, data center administrators, or desktop support workers would normally not be required to access switches and routers.
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Referring to the Topology 1, connect the host PC NIC Ethernet port to the router Fa0/0 Ethernet port using a crossover cable. Ensure that power has been applied to both the host computer and router.
Using the given preconfigured topology, attempt to telnet to the router from the PC command line.
When this attempt at remote login fails, establish a direct physical connection to the router by making the necessary console connections between the PC and router. Then establish a terminal session using HyperTerminal or TeraTerm. What does the message-of-the-day display? Jawaban: ONLY AUTHORIZED ACCESS TO THIS DEVICE PERMITTED Unauthorized access will be penalized in accordance with the relevant laws
Attempt to log in by guessing the password.
How many login attempts are allowed? __________ 3
What message is displayed to indicate failure of the log-in attempts? Jawaban: % Bad passwords
The configuration register needs to be changed so that the startup-configuration is not loaded. Normally, this is this done from the global configuration mode, but because you cannot log in at all, the boot process must first be interrupted so that the change can be made in the ROM Monitor mode.
Step 2: Enter the ROM Monitor mode
ROM Monitor mode (ROMMON) is a limited command-line environment used for special purposes, such as low-level troubleshooting and debugging. ROMMON mode is invoked when a Break key sequence sent to the console port interrupts the router boot process. This can only be done via the physical console connection.
The actual Break key sequence depends on the terminal program used:
• With HyperTerminal, the key combination is Ctrl+Break.
• For TeraTerm, it is Alt+b.
The list of standard break key sequences is available at http://www.cisco.com/warp/public/701/61.pdf
To enter ROM Monitor mode, turn the router off, wait a few seconds, and turn it back on.
When the router starts displaying “System Bootstrap, Version …” on the terminal screen, press the Ctrl key and the Break key together if using HyperTerminal, or the Alt key and the b key together if using TeraTerm.
The router will boot in ROM monitor mode. Depending on the router hardware, one of several prompts such as “rommon 1 >” or simply “>” may show.
Step 3: Examine the ROM Monitor mode help
Enter ? at the prompt. The output should be similar to this:
rommon 1 > ?
alias set and display aliases command
boot boot up an external process
break set/show/clear the breakpoint
confreg configuration register utility
context display the context of a loaded image
dev list the device table
dir list files in file system
dis display instruction stream
help monitor builtin command help
history monitor command history
meminfo main memory information
repeat repeat a monitor command
reset system reset
set display the monitor variables
sysret print out info from last system return
tftpdnld tftp image download
xmodem x/ymodem image download
Step 4: Change the configuration register setting to boot without loading configuration file
From the ROM Monitor mode, enter confreg 0×2142 to change the config-register. rommon 2 > confreg 0×2142
NOTE: The ROMMON prompt increments when a command is issued – this is normal behavior. The increment does not mean a change of mode. The same ROMMON commands are still available. “0x” (zero- x) denotes that 2142 is a hexadecimal value. What is this value in binary?
Step 5: Restart router
From the ROM Monitor mode, enter reset, or power cycle the router. rommon 3 > reset
Due to the new configuration register setting, the router will not load the configuration file. After restarting, the system prompts:
“Would you like to enter the initial configuration dialog? [yes/no]:”
Enter no and press Enter.
Step 6: Enter Privileged EXEC mode and view and change passwords
The router is now running without a loaded configuration file.
At the user mode prompt Router>, enter enable and press Enter to go to the privileged mode without a password.
Use the command copy startup-config running-config to restore the existing configuration. Because the user is already in privileged EXEC, no password is needed.
Enter show running-config to display the configuration details. Note that all the passwords are shown.
enable password different
line con 0 password unusual
line vty 0 4 password uncommon
What two measures could be taken to prevent the passwords from being readable? service password encryption, enable secret somepassword
If the passwords were not readable, they can be changed. Enter configure terminal to enter the global configuration mode.
In global configuration mode, use these commands to change the passwords:
FC-CPE-1(config)#enable password cisco
FC-CPE-1(config)#line console 0
FC-CPE-1(config-line)#password console
FC-CPE-1(config-line)#login
FC-CPE-1(config-line)#line vty 0 4
FC-CPE-1(config-line)#password telnet
FC-CPE-1(config-line)#login
Step 7: Change the configuration register setting to boot and load the configuration file
The instructor will provide you with the original configuration register value, most likely 0×2101. While still in the global configuration mode, enter config-register 0×2101 (or the value provided by your instructor). Press Enter. FC-CPE-1(config)#config-register 0×2101
Use the Ctrl+z combination to return to the privileged EXEC mode.
Use the copy running-config startup-config command to save the new configuration.
Before restarting the router, verify the new configuration setting. From the privileged EXEC prompt, enter the show version command and press Enter.
Verify that the last line of the output reads: Configuration register is 0×2142 (will be 0×2101 at next reload).
Use the reload command to restart the router.
Step 8: Verify new password and configuration
When the router reloads, log in and change mode using the new passwords.
Issue the no shutdown command on the fa0/0 interface to bring it up to working status. FC-CPE-1(config-if)# no shutdown
Save the running configuration to startup configuration FC-CPE-1# copy run start
Disconnect the console cable and access the router using Telnet from the PC command line. The newly configured passwords will allow a successful login.
Step 9: Clean up
Erase the configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 2: Access and Change the Switch Passwords
Step 1: Attempt login to the switch
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Referring to the Topology 2, connect the host PC NIC Ethernet port to the switch Fa0/1 Ethernet port using a straight-through cable. Ensure that power has been applied to both the host computer and switch.
Using the given preconfigured topology, attempt to telnet to the router from the PC command line.
Step 2: Enter the switch: mode
Power off the switch.
Locate the MODE button on the front of the switch.
Hold down the MODE button on the front of the switch while powering on the switch. Release the
MODE button after 10 seconds.
Output similar to the following should be displayed:
Base ethernet MAC Address: 00:0a:b7:72:2b:40
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the
flash files system. The following commands will initialize
the flash files system, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:
To initialize the file system and finish loading the operating system, enter the following commands at
the switch: prompt:
switch: flash_init
switch: load_helper
To view the contents of flash memory, enter dir flash: at the switch: prompt.
switch: dir flash:
NOTE: Do not forget to type the colon (:) after the word “flash” in the command dir flash:
The file config.txt should be seen listed.
Enter rename flash:config.text flash:config.old to rename the configuration file. This file contains the password definitions.
Enter dir flash: at the switch: prompt to view the name change. switch: dir flash:
Step 3: Restart the switch
Enter boot to restart the switch.
Would you like to terminate autoinstall? [Yes]: Y
Would you like to enter the initial configuration dialog? [yes/no] N Switch>
Step 4: Enter Privileged EXEC mode and view and change passwords
The switch is now running without a loaded configuration file.
At the user mode prompt Router>, type enable and press Enter to go to the privileged mode without a password.
Enter rename flash:config.old flash:config.text to rename the configuration file with its original name.
Switch#rename flash:config.old flash:config.text
Destination filename [config.text]?
Press Enter to confirm file name change.
Copy the configuration file into RAM.
Switch#copy flash:config.text system:running-config
Destination filename [running-config]?
Press Enter to confirm file name.
Press Enter to accept the default file names.
Source filename [config.text]?
Destination filename [running-config]
The configuration file is now loaded.
Enter show running-config to display the configuration details. Note that all the passwords are shown.
enable password different
line con 0 password unusual
line vty 0 4 password uncommon
What two measures could be taken to prevent the passwords from being readable?
____________________________________________ service password encryption
____________________________________________ enable secret somepassword
If the passwords were not readable they can be changed. Enter configure terminal to enter the global configuration mode.
Change the unknown passwords.
FC-ASW-1#configure terminal
FC-ASW-1(config)#enable password cisco
FC-ASW-1(config)#line console 0
FC-ASW-1(config-line)#password console
FC-ASW-1(config-line)#line vty 0 15
FC-ASW-1(config-line)#password telnet
FC-ASW-1(config-line)#exit
FC-ASW-1(config)#exit
Step 5: Save the configuration file
Use the copy running-config startup-config command to save the new configuration.
Step 6: Verify new password and configuration
Power cycle the switch and verify that the passwords are now functional.
Step 7: Clean up
Erase the configurations and reload the switch. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
Consider the different methods of securing physical access to networking devices such as routers and
switches. List how only those people who require access can be identified and how this security can be
implemented. Jawaban: Physical security includes locking rooms and closets containing switches and routers. Networking devices sharing common space with other services, such as electrical power panels, should be enclosed in a separated lockable cabinet. Keys and access codes should only be given to identified authorized personnel. People authorized to access the networking devices should include only those network personnel required to configure and troubleshoot switches and routers as part of their regular or daily duties. Other IT personnel such as help desk staff, data center administrators, or desktop support workers would normally not be required to access switches and routers.
Tugas CCNA 4 Lab 1.4.5 Identifying Network Vulnerabilities
Step 1: Open the SANS Top 20 List
Using a web browser, go to http://www.sans.org/. On the resources menu, choose top 20 list. The SANS Top-20 Internet Security Attack Targets list is organized by category. An identifying letter indicates the category type, and numbers separate category topics. Router and switch topics fall under the Network Devices category, N. There are two major hyperlink topics:
N1. VoIP Servers and Phones
N2. Network and Other Devices Common Configuration Weaknesses
Step 2: Review common configuration weaknesses
Click hyperlink N2. Network and Other Devices Common Configuration Weaknesses.
List the four headings in this topic.
Step 3: Review common default configuration issues
Review the contents of N2.2 Common Default Configuration Issues. As an example, N.2.2.2 (in January 2007) contains information about threats associated with default accounts and values. A Google search on “wireless router passwords” returns links to multiple sites that publish a list of wireless router default administrator account names and passwords. Failure to change the default password on these devices can lead to compromised security and vulnerability to attackers.
Step 4: Note the CVE references
The last line under several topics cites references to CVE or Common Vulnerability Exposure. The CVE name is linked to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), sponsored by the United States Department of Homeland Security (DHS) National Cyber Security Division and US-CERT, which contains information about the vulnerability.
Step 5: Investigate a topic and associated CVE hyperlink
The remainder of this lab walks you through a vulnerability investigation and solution. Choose a topic to investigate, and click on an associated CVE hyperlink. The link should open a new web browser connected to http://nvd.nist.gov/ and the vulnerability summary page for the CVE.
NOTE: Because the CVE list changes, the current list may not contain the same vulnerabilities as
those in January 2007.
Step 6: Record vulnerability information
Complete the information about the vulnerability. Answers vary
Original release date: ____________________________
Last revised: ___________________________________
Source: _______________________________________
Overview: _____________________________________
Step 7: Record the vulnerability impact
Under Impact, there are several values. The Common Vulnerability Scoring System (CVSS) severity is
displayed and contains a value between 1 and 10. Complete the information about the vulnerability impact. Answers vary CVSS Severity
Access Complexity: ______________________________________________
Authentication: __________________________________________________
Impact Type: ___________________________________________________
Step 8: Record the solution
The References to Advisories, Solutions, and Tools section contains links with information about the
vulnerability and possible solutions. Jawaban: Using the hyperlinks, write a brief description of the solution found on those pages. Answers vary
Step 9: Reflection
The number of vulnerabilities to computers, networks, and data, continues to increase. Many national governments have dedicated significant resources to coordinating and disseminating information about security vulnerability and possible solutions. It remains the responsibility of the end user to implement the solution. Think of ways that users can help strengthen security. Write down some user habits that create security risks.
Jawaban: Using weak passwords, Writing down passwords, Not changing passwords frequently, Not securing workstations when leaving them unattended, Not following procedures or protocols when divulging network information (checking a person’s identity and clearance to have that information). Creating a “work-around” solution to a current security requirement (if it impedes a work process) instead of formally requesting that the issue be reviewed and amended. (Network administrators also need to be aware that network functionality is essential and that implementing security measures that render a business network feature inoperable is not viable.).
Using a web browser, go to http://www.sans.org/. On the resources menu, choose top 20 list. The SANS Top-20 Internet Security Attack Targets list is organized by category. An identifying letter indicates the category type, and numbers separate category topics. Router and switch topics fall under the Network Devices category, N. There are two major hyperlink topics:
N1. VoIP Servers and Phones
N2. Network and Other Devices Common Configuration Weaknesses
Step 2: Review common configuration weaknesses
Click hyperlink N2. Network and Other Devices Common Configuration Weaknesses.
List the four headings in this topic.
Step 3: Review common default configuration issues
Review the contents of N2.2 Common Default Configuration Issues. As an example, N.2.2.2 (in January 2007) contains information about threats associated with default accounts and values. A Google search on “wireless router passwords” returns links to multiple sites that publish a list of wireless router default administrator account names and passwords. Failure to change the default password on these devices can lead to compromised security and vulnerability to attackers.
Step 4: Note the CVE references
The last line under several topics cites references to CVE or Common Vulnerability Exposure. The CVE name is linked to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), sponsored by the United States Department of Homeland Security (DHS) National Cyber Security Division and US-CERT, which contains information about the vulnerability.
Step 5: Investigate a topic and associated CVE hyperlink
The remainder of this lab walks you through a vulnerability investigation and solution. Choose a topic to investigate, and click on an associated CVE hyperlink. The link should open a new web browser connected to http://nvd.nist.gov/ and the vulnerability summary page for the CVE.
NOTE: Because the CVE list changes, the current list may not contain the same vulnerabilities as
those in January 2007.
Step 6: Record vulnerability information
Complete the information about the vulnerability. Answers vary
Original release date: ____________________________
Last revised: ___________________________________
Source: _______________________________________
Overview: _____________________________________
Step 7: Record the vulnerability impact
Under Impact, there are several values. The Common Vulnerability Scoring System (CVSS) severity is
displayed and contains a value between 1 and 10. Complete the information about the vulnerability impact. Answers vary CVSS Severity
Access Complexity: ______________________________________________
Authentication: __________________________________________________
Impact Type: ___________________________________________________
Step 8: Record the solution
The References to Advisories, Solutions, and Tools section contains links with information about the
vulnerability and possible solutions. Jawaban: Using the hyperlinks, write a brief description of the solution found on those pages. Answers vary
Step 9: Reflection
The number of vulnerabilities to computers, networks, and data, continues to increase. Many national governments have dedicated significant resources to coordinating and disseminating information about security vulnerability and possible solutions. It remains the responsibility of the end user to implement the solution. Think of ways that users can help strengthen security. Write down some user habits that create security risks.
Jawaban: Using weak passwords, Writing down passwords, Not changing passwords frequently, Not securing workstations when leaving them unattended, Not following procedures or protocols when divulging network information (checking a person’s identity and clearance to have that information). Creating a “work-around” solution to a current security requirement (if it impedes a work process) instead of formally requesting that the issue be reviewed and amended. (Network administrators also need to be aware that network functionality is essential and that implementing security measures that render a business network feature inoperable is not viable.).
Tugas CCNA 4 Lab 1.4.3 Monitoring VLAN Traffic
Task 1: Demonstrate Broadcasts across a Single LAN
Step 1: Prepare the switch for configuration
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Referring to the topology diagram, connect the console (or rollover) cable to the console port on the switch and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and switch.
Establish a HyperTerminal, or other terminal emulation program, connection from PC1 to the switch.
Ensure that the switch is ready for lab configuration by verifying that all existing VLAN and general configurations are removed.
1) Remove the switch startup configuration file from NVRAM.
Switch#erase startup-config
Erasing the nvram filesystem will remove all files! Continue? [confirm]
2) Press Enter to confirm.
The response should be:
Erase of nvram: complete
Step 2: Configure the PCs
a. Connect the two PCs to the switch as shown in the topology diagram.
b. Configure the two PCs to have the IP addresses and subnet mask shown in the topology table.
c. Clear the ARP cache on each PC by issuing the arp -d command at the PC command prompt.
d. Confirm that the ARP cache is clear by issuing the arp -a command.
Step 3: Generate and examine ARP broadcasts
Launch Wireshark on each PC and start the packet capture for the traffic seen by the NIC in each PC.
From the command line of each PC, ping all connected devices.
Monitor the operation of Wireshark. Note the ARP traffic registering on each PC.
Stop the Wireshark capture on each PC.
Examine the entries in the Wireshark Packet List (upper) Pane.
Exit Wireshark. (You have the option to save the capture file for later examination.)
Task 2: Demonstrate Broadcasts within Multiple VLANs
Step 1: Configure the VLANs on the switch
Using the established console session from PC1 to the switch, set the hostname by issuing the following command from the global configuration mode:
Switch(config)# hostname FC-ASW-1
Set interfaces Fa0/1 and Fa0/2 to VLAN 10 by issuing the following commands from the global configuration and interface configuration modes:
FC_ASW-1(config)#interface FastEthernet0/1
FC_ASW-1(config-if)#switchport access vlan 10
% Access VLAN does not exist. Creating vlan 10
FC_ASW-1(config-if)#interface FastEthernet0/2
FC_ASW-1(config-if)#switchport access vlan 10
Set interfaces Fa0/3 and Fa0/4 to VLAN 20 by issuing the following commands from the interface configuration mode:
FC_ASW-1(config-if)#interface FastEthernet0/3
FC_ASW-1(config-if)#switchport access vlan 20
% Access VLAN does not exist. Creating vlan 20
FC_ASW-1(config-if)#interface FastEthernet0/4
FC_ASW-1(config-if)#switchport access vlan 20
FC_ASW-1(config-if)#end
Confirm that the interfaces are assigned to the current VLANs by issuing the show vlan command from the Privileged EXEC mode. If the VLANs are not assigned correctly, troubleshoot the command entries shown in Steps 1b and 1c and reconfigure the switch.
Step 2: Prepare the PCs
Clear ARP cache on each PC by issuing the arp -d command at the PC command prompt.
Confirm the ARP cache is clear by issuing the arp -a command.
Step 3: Generate ARP broadcasts
Launch Wireshark on each PC and start the packet capture for the traffic seen by the NIC in each PC.
From the command line of each PC, ping each of the other three devices connected to the switch.
Monitor the operation of Wireshark. Note the ARP traffic registering on the two PCs.
Stop the Wireshark capture on each PC.
Examine the entries in the Wireshark Packet List (upper) Pane.
Exit Wireshark. (You have the option to save the capture file for later examination.)
Step 4: Clean up
Erase the configuration and reload the switch. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
Discuss the use of VLANS in keeping data traffic separated. What are the advantages of doing this?
When designing a network list different criteria that could be used to divide a network into VLANs.
Step 1: Prepare the switch for configuration
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Referring to the topology diagram, connect the console (or rollover) cable to the console port on the switch and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and switch.
Establish a HyperTerminal, or other terminal emulation program, connection from PC1 to the switch.
Ensure that the switch is ready for lab configuration by verifying that all existing VLAN and general configurations are removed.
1) Remove the switch startup configuration file from NVRAM.
Switch#erase startup-config
Erasing the nvram filesystem will remove all files! Continue? [confirm]
2) Press Enter to confirm.
The response should be:
Erase of nvram: complete
Step 2: Configure the PCs
a. Connect the two PCs to the switch as shown in the topology diagram.
b. Configure the two PCs to have the IP addresses and subnet mask shown in the topology table.
c. Clear the ARP cache on each PC by issuing the arp -d command at the PC command prompt.
d. Confirm that the ARP cache is clear by issuing the arp -a command.
Step 3: Generate and examine ARP broadcasts
Launch Wireshark on each PC and start the packet capture for the traffic seen by the NIC in each PC.
From the command line of each PC, ping all connected devices.
Monitor the operation of Wireshark. Note the ARP traffic registering on each PC.
Stop the Wireshark capture on each PC.
Examine the entries in the Wireshark Packet List (upper) Pane.
Exit Wireshark. (You have the option to save the capture file for later examination.)
Task 2: Demonstrate Broadcasts within Multiple VLANs
Step 1: Configure the VLANs on the switch
Using the established console session from PC1 to the switch, set the hostname by issuing the following command from the global configuration mode:
Switch(config)# hostname FC-ASW-1
Set interfaces Fa0/1 and Fa0/2 to VLAN 10 by issuing the following commands from the global configuration and interface configuration modes:
FC_ASW-1(config)#interface FastEthernet0/1
FC_ASW-1(config-if)#switchport access vlan 10
% Access VLAN does not exist. Creating vlan 10
FC_ASW-1(config-if)#interface FastEthernet0/2
FC_ASW-1(config-if)#switchport access vlan 10
Set interfaces Fa0/3 and Fa0/4 to VLAN 20 by issuing the following commands from the interface configuration mode:
FC_ASW-1(config-if)#interface FastEthernet0/3
FC_ASW-1(config-if)#switchport access vlan 20
% Access VLAN does not exist. Creating vlan 20
FC_ASW-1(config-if)#interface FastEthernet0/4
FC_ASW-1(config-if)#switchport access vlan 20
FC_ASW-1(config-if)#end
Confirm that the interfaces are assigned to the current VLANs by issuing the show vlan command from the Privileged EXEC mode. If the VLANs are not assigned correctly, troubleshoot the command entries shown in Steps 1b and 1c and reconfigure the switch.
Step 2: Prepare the PCs
Clear ARP cache on each PC by issuing the arp -d command at the PC command prompt.
Confirm the ARP cache is clear by issuing the arp -a command.
Step 3: Generate ARP broadcasts
Launch Wireshark on each PC and start the packet capture for the traffic seen by the NIC in each PC.
From the command line of each PC, ping each of the other three devices connected to the switch.
Monitor the operation of Wireshark. Note the ARP traffic registering on the two PCs.
Stop the Wireshark capture on each PC.
Examine the entries in the Wireshark Packet List (upper) Pane.
Exit Wireshark. (You have the option to save the capture file for later examination.)
Step 4: Clean up
Erase the configuration and reload the switch. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
Discuss the use of VLANS in keeping data traffic separated. What are the advantages of doing this?
When designing a network list different criteria that could be used to divide a network into VLANs.
Tugsa CCNA 4 Lab 1.3.4 Creating an ACL
Step 1: Analyze the traffic filtering requirements
Determine the access and filtering requirements.
For this lab:
PC1 is a network administrator’s workstation. This host must be permitted FTP and HTTP access to the network server, and telnet access to the router FC-CPE-1.
PC2 is a general workstation that is to have HTTP access only. FTP services and Telnet access to the router is not permitted.
Having determined specific requirements, decide if all other traffic is to be allowed or denied. List the benefits and potential problems to the following filtering scenarios:
Step 2: Design and create the ACL
Review, and then apply, ACL recommended practice.
• Always plan thoroughly before implementation.
• The sequence of the statements is important. Put the more specific statements at the beginning and the more general statements at the end.
• Statements are added to the end of the ACL as they are written.
• Create and edit ACLs with a text editor and save the file.
• Use Named ACLs wherever possible.
• Use comments (remark option) within the ACL to document the purpose of the statements.
• To take effect, ACLs must be applied to an interface.
• An interface can have one ACL per Network Layer protocol, per direction.
• Although there is an implicit deny any statement at the end of every ACL, it is good practice to
configure this explicitly. This ensures that you remember that the effect is in place and allows
logging of matches to this statement to be used.
• ACLs with many statements take longer to process, which may affect router performance.
• Placement of ACLs:
o Standard: closest to destination (if have administrative authority on that router)
o Extended: closest to source (if have administrative authority on that router)
Consider the two approaches to writing ACLs:
• Permit specific traffic first and then deny general traffic.
• Deny specific traffic first and then permit general traffic.
Select one approach and write the ACL statements that will meet the requirements of this lab.
Step 3: Cable and configure the given network
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router.
Connect and configure the devices in accordance with the given topology and configuration. Your instructor may substitute Discovery Server with an equivalent server for this lab.
Establish a HyperTerminal, or other terminal emulation program, from PC1 to Router R1.
From the global configuration mode issue the following commands:
Router(config)#hostname FC-CPE-1
FC-CPE-1(config)#interface FastEthernet0/0
FC-CPE-1(config-if)#ip address 10.0.0.1 255.255.255.0
FC-CPE-1(config-if)#no shutdown
FC-CPE-1(config-if)#exit
FC-CPE-1(config)#interface FastEthernet0/1
FC-CPE-1(config-if)#ip address 172.17.0.1 255.255.0.0
FC-CPE-1(config-if)#no shutdown
FC-CPE-1(config-if)#exit
FC-CPE-1(config)#line vty 0 4
FC-CPE-1(config-line)#password telnet
FC-CPE-1(config-line)#login
FC-CPE-1(config-line)#end
Ping between PC1 and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 4: Test the network services without ACLs Perform the following tests on PC1:
Open a web browser on PC1 and enter the URL http://172.17.1.1 at the address bar. What web page was displayed? Discovery Server Home Page
Open a web browser on PC1 and enter the URL ftp://172.17.1.1 at the address bar. What web page was displayed? Discovery FTP Home Directory
On the Discovery FTP Home Directory, open the Discovery 1 folder. Click and drag a Chapter file to the local Desktop. Did the file copy successfully?
From the PC1 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. What response did the router display?
Step 5: Configure the network services ACL
From the global configuration mode issue the following commands:
Allow PC1 to access the web server and telnet to the router.
Allow PC2 to access the web server.
FC-CPE-1(config-ext-nacl)#remark Allow PC2 to access web server
FC-CPE-1(config-ext-nacl)#permit tcp host 10.0.0.201 host 172.17.1.1 eq
www log
Allow PC1 telnet access to router
FC-CPE-1(config-ext-nacl)#remark Allow PC1 to telnet router
FC-CPE-1(config-ext-nacl)#permit tcp host 10.0.0.10 host 10.0.0.1 eq telnet log
Deny all other traffic.
FC-CPE-1(config-ext-nacl)#remark Deny all other traffic
FC-CPE-1(config-ext-nacl)#deny ip any any log
FC-CPE-1(config-ext-nacl)#exit
Step 6: Apply the ACLs
Apply the Extended ACL to the router interface closest to the source.
FC-CPE-1(config)#interface FastEthernet0/0
FC-CPE-1(config-if)#ip access-group Server-Access in
FC-CPE-1(config-if)#end
From the Privileged EXEC mode, issue the show running-configuration command and confirm that the ACLs have been configured and applied as required. Reconfigure if errors are noted.
Step 7: Test the network services with ACLs
Perform the following tests on PC1:
Open a web browser on PC1 and enter the URL http://172.17.1.1 at the address bar.
Open a web browser on PC1 and enter the URL ftp://172.17.1.1 at the address bar.
On the Discovery FTP Home Directory, open the Discovery 1 folder. Click and drag a Chapter file to the local Desktop.
Did the file copy successfully? _________
Why is this the outcome?
From the PC1 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. What response did the router display? Why is this the outcome?
Exit the Telnet session.
Perform the following tests on PC2:
Open a web browser on PC2 and enter the URL http://172.17.1.1 at the address bar.
Open a web browser on PC2 and enter the URL ftp://172.17.1.1 at the address bar.
From the PC2 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. If any of these transactions did not result in the expected outcome, troubleshoot the network and configurations and retest the ACLs from each host.
Step 8: Observe the number of statement matches
From the Privileged EXEC mode, issue the command:
FC-CPE-1#show access-list Server-Access
List the number of matches logged against each ACL statement.
Step 9: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
Rewrite the Server-Access ACL used in this lab so that:
1) Administrator workstations are considered to be in the address range of 10.0.0.10 /24 to
10.0.0.15 /24 instead of a single host; and,
2) The general workstations have the address range of 10.0.0.16 /24 to 10.0.0.254 /24 instead of
being a single host.
Determine the access and filtering requirements.
For this lab:
PC1 is a network administrator’s workstation. This host must be permitted FTP and HTTP access to the network server, and telnet access to the router FC-CPE-1.
PC2 is a general workstation that is to have HTTP access only. FTP services and Telnet access to the router is not permitted.
Having determined specific requirements, decide if all other traffic is to be allowed or denied. List the benefits and potential problems to the following filtering scenarios:
Step 2: Design and create the ACL
Review, and then apply, ACL recommended practice.
• Always plan thoroughly before implementation.
• The sequence of the statements is important. Put the more specific statements at the beginning and the more general statements at the end.
• Statements are added to the end of the ACL as they are written.
• Create and edit ACLs with a text editor and save the file.
• Use Named ACLs wherever possible.
• Use comments (remark option) within the ACL to document the purpose of the statements.
• To take effect, ACLs must be applied to an interface.
• An interface can have one ACL per Network Layer protocol, per direction.
• Although there is an implicit deny any statement at the end of every ACL, it is good practice to
configure this explicitly. This ensures that you remember that the effect is in place and allows
logging of matches to this statement to be used.
• ACLs with many statements take longer to process, which may affect router performance.
• Placement of ACLs:
o Standard: closest to destination (if have administrative authority on that router)
o Extended: closest to source (if have administrative authority on that router)
Consider the two approaches to writing ACLs:
• Permit specific traffic first and then deny general traffic.
• Deny specific traffic first and then permit general traffic.
Select one approach and write the ACL statements that will meet the requirements of this lab.
Step 3: Cable and configure the given network
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab.
Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router.
Connect and configure the devices in accordance with the given topology and configuration. Your instructor may substitute Discovery Server with an equivalent server for this lab.
Establish a HyperTerminal, or other terminal emulation program, from PC1 to Router R1.
From the global configuration mode issue the following commands:
Router(config)#hostname FC-CPE-1
FC-CPE-1(config)#interface FastEthernet0/0
FC-CPE-1(config-if)#ip address 10.0.0.1 255.255.255.0
FC-CPE-1(config-if)#no shutdown
FC-CPE-1(config-if)#exit
FC-CPE-1(config)#interface FastEthernet0/1
FC-CPE-1(config-if)#ip address 172.17.0.1 255.255.0.0
FC-CPE-1(config-if)#no shutdown
FC-CPE-1(config-if)#exit
FC-CPE-1(config)#line vty 0 4
FC-CPE-1(config-line)#password telnet
FC-CPE-1(config-line)#login
FC-CPE-1(config-line)#end
Ping between PC1 and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 4: Test the network services without ACLs Perform the following tests on PC1:
Open a web browser on PC1 and enter the URL http://172.17.1.1 at the address bar. What web page was displayed? Discovery Server Home Page
Open a web browser on PC1 and enter the URL ftp://172.17.1.1 at the address bar. What web page was displayed? Discovery FTP Home Directory
On the Discovery FTP Home Directory, open the Discovery 1 folder. Click and drag a Chapter file to the local Desktop. Did the file copy successfully?
From the PC1 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. What response did the router display?
Step 5: Configure the network services ACL
From the global configuration mode issue the following commands:
Allow PC1 to access the web server and telnet to the router.
Allow PC2 to access the web server.
FC-CPE-1(config-ext-nacl)#remark Allow PC2 to access web server
FC-CPE-1(config-ext-nacl)#permit tcp host 10.0.0.201 host 172.17.1.1 eq
www log
Allow PC1 telnet access to router
FC-CPE-1(config-ext-nacl)#remark Allow PC1 to telnet router
FC-CPE-1(config-ext-nacl)#permit tcp host 10.0.0.10 host 10.0.0.1 eq telnet log
Deny all other traffic.
FC-CPE-1(config-ext-nacl)#remark Deny all other traffic
FC-CPE-1(config-ext-nacl)#deny ip any any log
FC-CPE-1(config-ext-nacl)#exit
Step 6: Apply the ACLs
Apply the Extended ACL to the router interface closest to the source.
FC-CPE-1(config)#interface FastEthernet0/0
FC-CPE-1(config-if)#ip access-group Server-Access in
FC-CPE-1(config-if)#end
From the Privileged EXEC mode, issue the show running-configuration command and confirm that the ACLs have been configured and applied as required. Reconfigure if errors are noted.
Step 7: Test the network services with ACLs
Perform the following tests on PC1:
Open a web browser on PC1 and enter the URL http://172.17.1.1 at the address bar.
Open a web browser on PC1 and enter the URL ftp://172.17.1.1 at the address bar.
On the Discovery FTP Home Directory, open the Discovery 1 folder. Click and drag a Chapter file to the local Desktop.
Did the file copy successfully? _________
Why is this the outcome?
From the PC1 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. What response did the router display? Why is this the outcome?
Exit the Telnet session.
Perform the following tests on PC2:
Open a web browser on PC2 and enter the URL http://172.17.1.1 at the address bar.
Open a web browser on PC2 and enter the URL ftp://172.17.1.1 at the address bar.
From the PC2 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. If any of these transactions did not result in the expected outcome, troubleshoot the network and configurations and retest the ACLs from each host.
Step 8: Observe the number of statement matches
From the Privileged EXEC mode, issue the command:
FC-CPE-1#show access-list Server-Access
List the number of matches logged against each ACL statement.
Step 9: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
Rewrite the Server-Access ACL used in this lab so that:
1) Administrator workstations are considered to be in the address range of 10.0.0.10 /24 to
10.0.0.15 /24 instead of a single host; and,
2) The general workstations have the address range of 10.0.0.16 /24 to 10.0.0.254 /24 instead of
being a single host.
Tugas CCNA 2 Lab 4.1.5 Subnetting a Network
Objective
• Create an IP addressing plan for a small network.
Background / Preparation
In this activity, you will play the role of an onsite installation and support technician from an ISP. A customer has called the ISP complaining of e-mail problems and occasional poor Internet performance. On The ISP is preparing a design for a network upgrade. The interim topology diagram for the proposed network is shown below.
There is still a requirement for an IP addressing plan. One of the ISP network designers has made some
notes on a simplified sketch of the proposed network, and has written some requirements. The designer asks you to create an IP address plan for the network upgrade.
Step 1: Analyze the network
perhitungkanlah berapa minimal subnet host yang dibutuhkan:
30 hosts
5 bits
S ubnet terbesar harus dapat mendukung host yaitu 3 subnets
Ya
Step 2: Calculate the custom subnet mask
Langkah 2: Hitung subnet mask custom
Sekarang jumlah bit subnet ID diketahui, subnet mask dapat dihitung. Sebuah jaringan kelas C memiliki
default subnet mask dari 24 bit, atau 255.255.255.0. Apa yang akan subnet mask custom bisa?
Subnet mask kustom untuk jaringan ini akan menjadi 255.255.255.224 atau / 27
Step 3: Specify the host IP addresses
Langkah 3: Tentukan alamat IP host
Sekarang subnet mask diidentifikasi, skema pengalamatan jaringan dapat dibuat. Pengalamatan
skema termasuk nomor subnet, alamat broadcast subnet, dan kisaran alamat IP
dialihkan ke host.
Lengkapi tabel yang menunjukkan semua subnet yang mungkin untuk jaringan 192.168.1.0.
Step 4 Consider other subnetting options
Bagaimana jika ada lebih dari 30 host yang harus didukung pada porsi baik kabel atau nirkabel
jaringan. Anda bisa meminjam lebih sedikit bit, yang akan membuat subnet yang lebih sedikit, namun masing-masing akan mendukung besar jumlah host per subnet.
Berapa banyak bit akan dipinjam untuk membuat empat subnet? Jawaban 2 bit (2 ^ 2 = 4 subnet)
Berapa banyak bit akan ditinggalkan untuk host pada subnet masing-masing? Jawanban 6 bit
Berapa jumlah maksimum host setiap subnet dapat mendukung? 2 ^ 6 = 64-2 = 62
Apa yang akan subnet mask dalam desimal bertitik dan nomor slash (/ #) format?
Pinjaman 2 bit akan membuat 255.255.255.192 atau / 26 subnet mask.
Jika Anda mulai dengan jaringan 192.168.1.0 yang sama seperti sebelumnya dan subnet ke empat subnet, apa yang akan nomor subjaringan? 192.168.1.0, 192.168.1.64, 192.168.1.128, 192.168.1.192
Step 5: Reflection
Apakah subnetting membantu mengurangi masalah deplesi alamat IP? Jelaskan jawaban Anda. jawaban: Ya. Subnetting mengizinkan kita untuk menggunakan satu alamat kelas C untuk mendukung berbagai jaringan.
Rough Desain Diagram Catatan mencatat bahwa subnet nirkabel akan memiliki hingga 30 PC
menghubungkan. Dalam berpasangan atau dalam kelompok kecil, berdiskusi maupun tidak yang menciptakan situasi di mana IP alamat mungkin akan sia-sia. Apakah itu penting, dan mengapa atau mengapa tidak?
Ada metode alternatif dari subnetting dengan CIDR dan VLSM. Apakah VLSM menjadi berharga pilihan untuk subnetting jaringan ini? Diskusikan dalam kelompok kecil
• Create an IP addressing plan for a small network.
Background / Preparation
In this activity, you will play the role of an onsite installation and support technician from an ISP. A customer has called the ISP complaining of e-mail problems and occasional poor Internet performance. On The ISP is preparing a design for a network upgrade. The interim topology diagram for the proposed network is shown below.
There is still a requirement for an IP addressing plan. One of the ISP network designers has made some
notes on a simplified sketch of the proposed network, and has written some requirements. The designer asks you to create an IP address plan for the network upgrade.
Step 1: Analyze the network
perhitungkanlah berapa minimal subnet host yang dibutuhkan:
30 hosts
5 bits
S ubnet terbesar harus dapat mendukung host yaitu 3 subnets
Ya
Step 2: Calculate the custom subnet mask
Langkah 2: Hitung subnet mask custom
Sekarang jumlah bit subnet ID diketahui, subnet mask dapat dihitung. Sebuah jaringan kelas C memiliki
default subnet mask dari 24 bit, atau 255.255.255.0. Apa yang akan subnet mask custom bisa?
Subnet mask kustom untuk jaringan ini akan menjadi 255.255.255.224 atau / 27
Step 3: Specify the host IP addresses
Langkah 3: Tentukan alamat IP host
Sekarang subnet mask diidentifikasi, skema pengalamatan jaringan dapat dibuat. Pengalamatan
skema termasuk nomor subnet, alamat broadcast subnet, dan kisaran alamat IP
dialihkan ke host.
Lengkapi tabel yang menunjukkan semua subnet yang mungkin untuk jaringan 192.168.1.0.
Step 4 Consider other subnetting options
Bagaimana jika ada lebih dari 30 host yang harus didukung pada porsi baik kabel atau nirkabel
jaringan. Anda bisa meminjam lebih sedikit bit, yang akan membuat subnet yang lebih sedikit, namun masing-masing akan mendukung besar jumlah host per subnet.
Berapa banyak bit akan dipinjam untuk membuat empat subnet? Jawaban 2 bit (2 ^ 2 = 4 subnet)
Berapa banyak bit akan ditinggalkan untuk host pada subnet masing-masing? Jawanban 6 bit
Berapa jumlah maksimum host setiap subnet dapat mendukung? 2 ^ 6 = 64-2 = 62
Apa yang akan subnet mask dalam desimal bertitik dan nomor slash (/ #) format?
Pinjaman 2 bit akan membuat 255.255.255.192 atau / 26 subnet mask.
Jika Anda mulai dengan jaringan 192.168.1.0 yang sama seperti sebelumnya dan subnet ke empat subnet, apa yang akan nomor subjaringan? 192.168.1.0, 192.168.1.64, 192.168.1.128, 192.168.1.192
Step 5: Reflection
Apakah subnetting membantu mengurangi masalah deplesi alamat IP? Jelaskan jawaban Anda. jawaban: Ya. Subnetting mengizinkan kita untuk menggunakan satu alamat kelas C untuk mendukung berbagai jaringan.
Rough Desain Diagram Catatan mencatat bahwa subnet nirkabel akan memiliki hingga 30 PC
menghubungkan. Dalam berpasangan atau dalam kelompok kecil, berdiskusi maupun tidak yang menciptakan situasi di mana IP alamat mungkin akan sia-sia. Apakah itu penting, dan mengapa atau mengapa tidak?
Ada metode alternatif dari subnetting dengan CIDR dan VLSM. Apakah VLSM menjadi berharga pilihan untuk subnetting jaringan ini? Diskusikan dalam kelompok kecil
Tugas CCNA 2 Lab 4.2.4 Determining PAT Translations
Klien pada jaringan pribadi mengirimkan permintaan ke server web di Internet publik.\
NAT router menerjemahkan alamat sumber dan meneruskan permintaan ke web server
web server merespon ke alamat klien diterjemahkan
Router NAT menerjemahkan alamat klien (tujuan) kembali ke alamat pribadi asli
Tujuan
Menjelaskan koneksi jaringan yang aktif terbuka pada komputer saat melihat halaman web tertentu.
Menentukan apa alamat IP internal dan nomor port dijabarkan ke menggunakan alamat port translation (PAT).
Latar Belakang / Persiapan
Alamat port translation (PAT) adalah bentuk network address translation (NAT). Dengan PAT, router menerjemahkan beberapa internal (biasanya swasta) alamat ke alamat IP tunggal umum pada antarmuka yang tersambung ke Internet. nomor Port yang digunakan, dalam kombinasi dengan alamat IP, untuk melacak individu koneksi. Pada lab ini, Anda menggunakan perintah ipconfig dan netstat untuk melihat port yang terbuka pada komputer. Anda akan dapat melihat alamat IP awal dan kombinasi pelabuhan, dan menentukan diterjemahkan kombinasi alamat IP dan port. Sumber berikut diperlukan:
Komputer menjalankan Windows XP Professional
Koneksi ke router gateway atau ISR yang menggunakan PAT
Koneksi internet
Akses ke prompt perintah PC.
Langkah 1: Tentukan alamat IP komputer
Buka jendela Command Prompt dengan mengklik Start> Run dan ketik cmd. Atau, Anda mungkinmklik Start> All Program> Accessories> Command Prompt. Pada tipe, prompt ipconfig perintah untuk menampilkan alamat IP dari komputer.
Apa alamat IP dari komputer? Apakah ada nomor port yang ditampilkan, dan mengapa atau mengapa tidak? Jawaban: Alamat IP seperti yang ditunjukkan untuk adapter aktif pada komputer Tidak ada nomor port akan ditampilkan, karena nomor port berhubungan dengan koneksi aktif antara proses pada beberapa perangkat.
Langkah 2: Tentukan alamat IP dari router gateway atau ISR
Periksa dengan instruktur Anda untuk mendapatkan alamat IP untuk gateway NAT ISR router.
Internal Ethernet Alamat:
Eksternal alamat Internet:
Langkah 3: Hasil baseline Tampilan netstat
Pada command prompt, ketik perintah netstat-n.
Apa jenis informasi yang tidak kembali perintah netstat-n? Jawaban: Aktif informasi Koneksi ditampilkan: Protokol, Lokal Alamat, Alamat Asing, Negara. IP alamat dan nomor port akan ditampilkan.
Mana alamat IP yang ditemukan pada Langkah 1 muncul? Apakah ada nomor port yang terkait dengan itu? Mengapa atau mengapa tidak? Jawaban: Perintah netstat menunjukkan alamat IP lokal pada kolom Alamat Lokal. Port number mungkin atau mungkin tidak akan ditampilkan tergantung pada koneksi aktif saat ini. Catatan: Jika komputer telah diam selama beberapa saat dan tidak ada koneksi jaringan baru-baru ini dilakukan, mungkin tidak menunjukkan entri atau hanya menampilkan alamat loopback dan nomor port di Lokal dan Asing Kolom alamat (misalnya 127.0.0.1:1039)
Langkah 4: Tampilkan koneksi jaringan aktif
Ping alamat www.cisco.com dan mencatat.
Buka web browser dan masukkan www.cisco.com di address bar.
Kembali ke jendela Command Prompt. Ketik perintah netstat-n lagi, dan kemudian ketik
perintah tanpa opsi-n. Outputnya terlihat mirip dengan gambar berikut, tergantung pada apa aplikasi jaringan lainnya dan sambungan terbuka ketika anda mengeluarkan perintah.
Apa perbedaan di antara output netstat dan perintah netstat-n?
Jawaban: Tanpa n-opsi, alamat IP yang memutuskan untuk host nama, dan nomor protokol yang dikonversi ke nama protokol.
Tulis entri koneksi untuk alamat IP klien dan alamat IP dari www.cisco.com yang
web server. alamat IP lokal klien dan nomor port: Luar Negeri Alamat IP dan nomor port:
Apakah entri netstat ada lebih kedua kalinya? Jawaban: Mungkin ya
Langkah 5: Tentukan diterjemahkan alamat
Gunakan informasi yang dicatat dalam langkah 2 dan 4 dan diagram topologi yang ditampilkan pada awal lab untuk mengisi Alamat: kolom Port.
Langkah 6: Refleksi
Alamat port translation (PAT) juga disebut dengan NAT overload. Apakah yang “overload” Istilah lihat untuk? Jawaban: Menggunakan satu “kelebihan beban” alamat eksternal untuk menerjemahkan untuk alamat internal beberapa.
NAT terminologi yang digunakan dalam laboratorium mencakup empat jenis alamat: di-lokal, di dalam-global, luar-lokal, dan luar-global. Dalam banyak hubungan yang melalui router NAT, dua dari alamat sering sama. Yang dua dari empat alamat biasanya tetap tidak berubah, dan mengapa Anda berpikir bahwa ini terjadi?
Jawaban: Luar lokal dan luar global, karena alamat IP di luar atau tujuan harus tetap
yang sama untuk host internal untuk dapat mencapai host yang lain di Internet.
NAT router menerjemahkan alamat sumber dan meneruskan permintaan ke web server
web server merespon ke alamat klien diterjemahkan
Router NAT menerjemahkan alamat klien (tujuan) kembali ke alamat pribadi asli
Tujuan
Menjelaskan koneksi jaringan yang aktif terbuka pada komputer saat melihat halaman web tertentu.
Menentukan apa alamat IP internal dan nomor port dijabarkan ke menggunakan alamat port translation (PAT).
Latar Belakang / Persiapan
Alamat port translation (PAT) adalah bentuk network address translation (NAT). Dengan PAT, router menerjemahkan beberapa internal (biasanya swasta) alamat ke alamat IP tunggal umum pada antarmuka yang tersambung ke Internet. nomor Port yang digunakan, dalam kombinasi dengan alamat IP, untuk melacak individu koneksi. Pada lab ini, Anda menggunakan perintah ipconfig dan netstat untuk melihat port yang terbuka pada komputer. Anda akan dapat melihat alamat IP awal dan kombinasi pelabuhan, dan menentukan diterjemahkan kombinasi alamat IP dan port. Sumber berikut diperlukan:
Komputer menjalankan Windows XP Professional
Koneksi ke router gateway atau ISR yang menggunakan PAT
Koneksi internet
Akses ke prompt perintah PC.
Langkah 1: Tentukan alamat IP komputer
Buka jendela Command Prompt dengan mengklik Start> Run dan ketik cmd. Atau, Anda mungkinmklik Start> All Program> Accessories> Command Prompt. Pada tipe, prompt ipconfig perintah untuk menampilkan alamat IP dari komputer.
Apa alamat IP dari komputer? Apakah ada nomor port yang ditampilkan, dan mengapa atau mengapa tidak? Jawaban: Alamat IP seperti yang ditunjukkan untuk adapter aktif pada komputer Tidak ada nomor port akan ditampilkan, karena nomor port berhubungan dengan koneksi aktif antara proses pada beberapa perangkat.
Langkah 2: Tentukan alamat IP dari router gateway atau ISR
Periksa dengan instruktur Anda untuk mendapatkan alamat IP untuk gateway NAT ISR router.
Internal Ethernet Alamat:
Eksternal alamat Internet:
Langkah 3: Hasil baseline Tampilan netstat
Pada command prompt, ketik perintah netstat-n.
Apa jenis informasi yang tidak kembali perintah netstat-n? Jawaban: Aktif informasi Koneksi ditampilkan: Protokol, Lokal Alamat, Alamat Asing, Negara. IP alamat dan nomor port akan ditampilkan.
Mana alamat IP yang ditemukan pada Langkah 1 muncul? Apakah ada nomor port yang terkait dengan itu? Mengapa atau mengapa tidak? Jawaban: Perintah netstat menunjukkan alamat IP lokal pada kolom Alamat Lokal. Port number mungkin atau mungkin tidak akan ditampilkan tergantung pada koneksi aktif saat ini. Catatan: Jika komputer telah diam selama beberapa saat dan tidak ada koneksi jaringan baru-baru ini dilakukan, mungkin tidak menunjukkan entri atau hanya menampilkan alamat loopback dan nomor port di Lokal dan Asing Kolom alamat (misalnya 127.0.0.1:1039)
Langkah 4: Tampilkan koneksi jaringan aktif
Ping alamat www.cisco.com dan mencatat.
Buka web browser dan masukkan www.cisco.com di address bar.
Kembali ke jendela Command Prompt. Ketik perintah netstat-n lagi, dan kemudian ketik
perintah tanpa opsi-n. Outputnya terlihat mirip dengan gambar berikut, tergantung pada apa aplikasi jaringan lainnya dan sambungan terbuka ketika anda mengeluarkan perintah.
Apa perbedaan di antara output netstat dan perintah netstat-n?
Jawaban: Tanpa n-opsi, alamat IP yang memutuskan untuk host nama, dan nomor protokol yang dikonversi ke nama protokol.
Tulis entri koneksi untuk alamat IP klien dan alamat IP dari www.cisco.com yang
web server. alamat IP lokal klien dan nomor port: Luar Negeri Alamat IP dan nomor port:
Apakah entri netstat ada lebih kedua kalinya? Jawaban: Mungkin ya
Langkah 5: Tentukan diterjemahkan alamat
Gunakan informasi yang dicatat dalam langkah 2 dan 4 dan diagram topologi yang ditampilkan pada awal lab untuk mengisi Alamat: kolom Port.
Langkah 6: Refleksi
Alamat port translation (PAT) juga disebut dengan NAT overload. Apakah yang “overload” Istilah lihat untuk? Jawaban: Menggunakan satu “kelebihan beban” alamat eksternal untuk menerjemahkan untuk alamat internal beberapa.
NAT terminologi yang digunakan dalam laboratorium mencakup empat jenis alamat: di-lokal, di dalam-global, luar-lokal, dan luar-global. Dalam banyak hubungan yang melalui router NAT, dua dari alamat sering sama. Yang dua dari empat alamat biasanya tetap tidak berubah, dan mengapa Anda berpikir bahwa ini terjadi?
Jawaban: Luar lokal dan luar global, karena alamat IP di luar atau tujuan harus tetap
yang sama untuk host internal untuk dapat mencapai host yang lain di Internet.
Langganan:
Komentar (Atom)