Cont int range gig00 1 switchport protected do show

Info icon This preview shows pages 27–39. Sign up to view the full content.

View Full Document Right Arrow Icon
Cont’ Int range gig0/0-1 Switchport protected Do show int g0/0 switchport Protected port can communicate with unprotected port but protected can’t communicate with protected
Image of page 27

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ The reason we use protected ports instead of private vlans because of it simplicity When would private VLANS be preferred to protected ports When we have two switch If we have community that must be community with each other
Image of page 28
09 - VACLs, pACLs, and MACsec VLAN Access Control Lists(VLAN map):use to block a communication between the same VLAN. Port based Access Control Lists:it is default to troubleshooting dut to there is not a lot of log on switch.this can be use as extended access control list MACsec L2 Hop by Hop encryption: layer symmetrical encryption
Image of page 29

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Ip access-list extended UNWANTED-IP-PORT Permit tcp 10.1.2.0 0.0.0.255 any eq 456 Permit udp 10.1.2.0 0.0.0.255 any eq 678 Exit Mac access-list extended UNWANTED-MAC Permit host 0000.1234.5578 any exit
Image of page 30
Cont’ Implementation of VACLs Ip access-list extended ALLOWED-TRAFFIC Permit ip any any Exit Vlan access-map VACL 10 Match ip address UNWANTED-IP-PORT Action drop Exit Vlan access-map VACL 20 Match mac address UNWANTED-MAC Action drop Exit
Image of page 31

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Vlan access-map VACL 10 Match ip address UNWANTED-IP-PORT Action drop Exit Vlan access-map VACL 20 Match ip address UNWANTED-MAC Action drop Exit Vlan access-map VACL 30 Match ip address UNWANTED-IP-PORT Action forward Exit Vlan filter VACL vlan 55
Image of page 32
Cont’ Implementation of pACLs Ip access-list extended NO-PING-TO-11 Deny icmp any host 10.123.0.11 Permit ip any any Int gig 0/2 Ip access-group NO-PING-TO-11 in exit
Image of page 33

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ CTS manual: cisco trust sec manual SAP Pmk:security association protocol perwayz master key SW1 Int gig 0/26 Cts manual Sap pmk ABCD Do show run int gig 0/26 Do show cts int
Image of page 34
10 - Remote Management Password length Local privilege 15 user Hide plain text passwords SSH support CCP support :use HTTPS ACLs for mgmt. Access Slowing brute force attacks Clipping failed login attempts(3 failed attempts within 60 seconds timeout for 30 seconds)
Image of page 35

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Hostname R1 Ip domain-name CBTNUggets.com Security passwords min-length 6 Username admin privilege 15 secret cisco Enable secret cisco123 do show run | include username Crypto key generate rsa modulus 2048 label Our- RSA-Keys Do show crypto key mypubkey rsa
Image of page 36
Cont’ Ip ssh version 2 (only support ssh 2) Ip ssh time-out 30 Ip ssh authentication-retries 5 Ip access-list standard 5 Permit host 10.1.0.25 Permit host 10.1.0.26 Permit host 192.168.1.23 Deny any log Exit
Image of page 37

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ No ip http server(the router won’t accept an incoming http request) Ip http secure-server( the router will accept SSL and TLS request by running https server on the router to support access coming from CCP) Ip http authentication local(for CCP authentication) Ip http access-class 5(permit on for access-list 5)
Image of page 38
Image of page 39
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern