Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.

Slides:



Advertisements
Similar presentations
Configuring a Router Harold Hernandez, MS, CCNI. 3.1 Configuring a Router Name a router Set passwords Examine show commands Configure a serial interface.
Advertisements

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
Ch. 6 – Switch Configuration CCNA 3 version Overview Identify the major components of a Catalyst switch Monitor switch activity and status using.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
Sybex CCENT Chapter 10: Layer 2 Switching Instructor & Todd Lammle.
1 CCNA 2 v3.1 Module 3. 2 CCNA 2 Module 3 Configuring a Router.
Introduction to the Cisco IOS
Ch. 7 – Switch Configuration
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition
CCNA 2 v3.1 Module 2.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Initial Switch Configuration Internetworking Fundamentals Instructor: Abdirahman I. Abdi.
1 Chapter 2 ROUTER FUNDAMENTALS By: Tassos Tassou.
1 Semester 2 Module 3 Configuring a Router Yuda college of business James Chen
NMS Labs Mikko Suomi LAB1 Choose SNMP device managment software Features: –Gives Nice overview of network –Bandwith monitoring –Multible.
Chapter 6 Router Configuration Sem 2V2. Configuration files can come from the console NVRAM TFTP server. The router has several modes:  privileged mode.
Configuring a network os
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Operating Cisco LAN Switches
Module 6 – Switch Configuration CCNA 3 Cabrillo College.
Copyright 2003 CCNA 3 Chapter 7 Switch Configuration By Your Name.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 6 Switch Configuration.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 6 Switch Configuration Cisco Networking Academy.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 6 Switch Configuration.
1 CCNA 3 v3.1 Module 6 Switch Configuration Claes Larsen, CCAI.
CLI modes Accessing the configuration Basic configuration (hostname and DNS) Authentication and authorization (AAA) Log collection Time Synchronization.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VLANs.
© Wiley Inc All Rights Reserved. CHAPTER 4: Introduction to the Cisco IOS CCNA: Cisco Certified Network Associate Study Guide.
Ch. 6 – Switch Configuration
1 Pertemuan 9 Switch Configuration. Discussion Topics Starting the Switch Configuring the Switch 2.
CCNA 3 Week 6 Switch Configuration. Copyright © 2005 University of Bolton Physical Details Available in variety of sizes –12 port, 16 port, up to 48 port.
Discovery 2 Internetworking Module 5 JEOPARDY John Celum.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
Basic Router Configuration 1.1 Global configuration Cisco allows us to configure the router to support various protocols and interfaces. The router stores.
User Access to Router Securing Access.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Switch LAN Switching and Wireless – Chapter 2.
Module 3 Configuring a Router.
Router Fundamentals PJC CCNA Semester 2 Ver. 3.0 by William Kelly.
NetPro-ITI Ethernet LANs
1 Router Fundamentals (Ref. CCNA5 Introduction to Networks 2.1, 6.3)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.
Jose Luis Flores / Amel Walkinshaw
Routers and Routing Basics CCNA 2 Chapter 3 1.
Introduction to Routers
CCNA2 Chapter 2 Cisco IOS Software. Cisco’s operating system is called Cisco Internetwork Operating System (IOS) IOS provides the following network services:
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Understanding Switch Security.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Router Initialization steps.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Understanding Cisco Router Security.
Chapter 2: Configure a Network Operating System
 Router Configurations part1 2 nd semester
LAN Switching Virtual LANs. Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected.
Chapter 6.  Upon completion of this chapter, you should be able to:  Configure switches  Configure VLANs  Verify configuration settings  Troubleshoot.
Cisco LAN Switches.
Introduction to networking (Yarnfield) Configure a router.
Instructor Materials Chapter 5: Network Security and Monitoring
Understanding Switch Security
Chapter 5: Switch Configuration
Chapter 2: Basic Switching Concepts and Configuration
Switch Concepts and Configuration Part II
Chapter 5: Network Security and Monitoring
Understanding Switch Security
Chapter 5: Switch Configuration
Net 412 (Practical Part) LAB 5-port security
Understanding Cisco Router Security
Chapter 5: Switch Configuration
Chapter 2: Scaling VLANs
Presentation transcript:

Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1

Configuration of Features in Common with Routers This section covers the following topics: Simple password security for the console and Telnet access Secure Shell (SSH) Password encryption Enable mode passwords Port-Security 2

Configuration of Features in Common with Routers Securing the Switch CLI With default configuration settings, a user at the console does not need to supply a password to reach user mode or enable mode. The reason is that anyone with physical access to the switch or router console could reset the passwords in less than 5 minutes by using the password recovery procedures that Cisco publishes. To reach enable mode from a vty (Telnet or SSH), the switch must be configured with several items: An IP address Login security on the vty lines An enable password 3

Configuration of Features in Common with Routers Securing the Switch CLI Configuring Simple Password Security With default settings, Telnet users are rejected when they try to access the switch, because a vty password has not yet been configured. By default, the enable command allows console users into enable mode without requiring a password, but Telnet users are rejected without even a chance to supply a password. Regardless of these defaults, it makes sense to password protect enable mode using the enable secret global configuration command. 4

Configuration of Features in Common with Routers Securing the Switch CLI Configuring Simple Password Security 5

Configuration of Features in Common with Routers Securing the Switch CLI Configuring Usernames and Secure Shell (SSH) To add support for SSH login to a Cisco switch or router, the switch needs several configuration commands. 6

Configuration of Features in Common with Routers Securing the Switch CLI Configuring Usernames and Secure Shell (SSH) Emma# Emma#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Emma(config)#line vty 0 15 Emma(config-line)#login local Emma(config-line)#transport input telnet ssh Emma(config-line)#exit Emma(config)#username wendell password hope Emma(config)#ip domain-name example.com Emma(config)#crypto key generate rsa The name for the keys will be: Emma.example.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys...[OK] 7

Configuration of Features in Common with Routers Securing the Switch CLI Password Encryption To prevent password vulnerability in a printed version of the configuration file, or in a backup copy of the configuration file stored on a server, you can encrypt or encode the passwords using the service password-encryption global configuration command. The presence or absence of the service password-encryption global configuration command dictates whether the passwords are encrypted as follows: When the service password-encryption command is configured, all existing console, vty, and username command passwords are immediately encrypted. If the service password-encryption command has already been configured, any future changes to these passwords are encrypted. If the no service password-encryption command is used later, the passwords remain encrypted, until they are changed—at which point they show up in clear text. 8

Configuration of Features in Common with Routers Securing the Switch CLI Password Encryption 9

Configuration of Features in Common with Routers Securing the Switch CLI The Two Enable Mode Passwords A router or switch can be configured to require a password to reach enable mode according to the following rules: If the global configuration command enable password actual- password is used, it defines the password required when using the enable EXEC command. This password is listed as clear text in the configuration file by default. If the global configuration command enable secret actual-password is used, it defines the password required when using the enable EXEC command. This password is listed as a hidden MD5 hash value in the configuration file. If both commands are used, the password set in the enable secret command defines which password is required. The MD5 encoding is much more secure than the encryption used for other passwords with the service password-encryption command. 10

Configuration of Features in Common with Routers Securing the Switch CLI The Two Enable Mode Passwords 11

Configuration of Features in Common with Routers Console and vty Settings Banners Cisco routers and switches can display a variety of banners depending on what a router or switch administrator is doing. A banner is simply some text that appears on the screen for the user. 12

Configuration of Features in Common with Routers Console and vty Settings Banners 13

Configuration of Features in Common with Routers Console and vty Settings Banners 14

Configuration of Features in Common with Routers Console and vty Settings History Buffer Commands 15

Configuration of Features in Common with Routers Console and vty Settings The logging synchronous and exec-timeout Commands The console automatically receives copies of all unsolicited syslog messages on a switch or router; that feature cannot be disabled. Normally a switch or router puts these syslog messages on the console’s screen at any time—including right in the middle of a command you are entering, or in the middle of the output of a show command. To make using the console a little easier, you can tell the switch to display syslog messages only at more convenient times, such as at the end of output from a show command or to prevent the interruption of a command text input. To do so, just configure the “logging synchronous” console line subcommand. 16

Configuration of Features in Common with Routers Console and vty Settings The logging synchronous and exec-timeout Commands By default, the switch or router automatically disconnects users after 5 minutes of inactivity, for both console users and users who connect to vty lines using Telnet or SSH. When you configure the exec-timeout minutes seconds line subcommand, the switch or router can be told a different inactivity timer. Also, if you set the timeout to 0 minutes and 0 seconds, the router never times out the console connection. 17

LAN Switch Configuration and Operation In particular, this section covers the following: Switch IP configuration Interface configuration (including speed and duplex) Port security VLAN configuration Securing unused switch interfaces 18

LAN Switch Configuration and Operation Configuring the Switch IP Address To allow Telnet or SSH access to the switch, to allow other IP- based management protocols such as Simple Network Management Protocol (SNMP) to function as intended, or to allow access to the switch using graphical tools such as Cisco Device Manager (CDM), the switch needs an IP address. Switches do not need an IP address to be able to forward Ethernet frames. The need for an IP address is simply to support overhead management traffic, such as logging into the switch. An IOS-based switch configures its IP address and mask on a special virtual interface called the VLAN 1 interface. 19

LAN Switch Configuration and Operation Configuring the Switch IP Address In effect, a switch’s VLAN 1 interface gives the switch an interface into the default VLAN used on all ports of the switch—namely, VLAN 1. The following steps list the commands used to configure IP on a switch: 20

LAN Switch Configuration and Operation Configuring the Switch IP Address For the switch to act as a DHCP client to discover its IP address, mask, and default gateway, you still need to configure it. Some older models of Cisco IOS switches might not support the DHCP client function on the VLAN 1 interface. 21

LAN Switch Configuration and Operation Configuring Switch Interfaces You can see some of the details of interface configuration with both the show running-config command and the handy show interfaces status command. You can configure a command on a range of interfaces at the same time using the interface range command. 22

LAN Switch Configuration and Operation Port Security Port security configuration involves several steps: Step 1 Make the switch interface an access interface using the switchport mode access interface subcommand. Step 2 Enable port security using the switchport port-security interface subcommand. Step 3 (Optional) Specify the maximum number of allowed MAC addresses associated with the interface using the switchport port-security maximum number interface subcommand. (Defaults to one MAC address.) Step 4 (Optional) Define the action to take when a frame is received from a MAC address other than the defined addresses using the switchport port-security violation {protect | restrict | shutdown} interface subcommand. (The default action is to shut down the port.) Step 5A Specify the MAC address(es) allowed to send frames into this interface using the switchport port-security mac-address mac-address command. Use the command multiple times to define more than one MAC address. Step 5B Alternatively, instead of Step 5A, use the “sticky learning” process to dynamically learn and configure the MAC addresses of currently connected hosts by configuring the switchport port-security macaddress sticky interface subcommand. 23

LAN Switch Configuration and Operation Port Security 24

LAN Switch Configuration and Operation Port Security 25

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.