Configure the switch to access the radius server at

This preview shows page 43 - 48 out of 55 pages.

Configure the switch to access the RADIUS server at PC-A. Specify auth-port 1812 and acct-port 1813 , along with the IP address and secret key of WinRadius for the RADIUS server.
Step 7: Test the RADIUS configuration by logging in to the console on S1. a. Exit to the initial switch screen that displays the following: S1 con0 is now available. Press RETURN to get started . b. Log in with the username RadAdmin and password RadAdminpa55 . Can you log in with minimal delay? Note: If you exit the WinRadius server and restart it, you must recreate the user accounts from Step 2. Step 8: Test your configuration by connecting to S1 with SSH. a. Clear the log on the WinRadius server by choosing Log > Clear . b. Use PuTTY or another terminal emulation client to open an SSH session from PC-A to S1. c. At the login prompt, enter the username RadAdmin defined on the RADIUS server and a password of RadAdminpa55 . Are you able to login to S1? Task 6: Secure Trunk Ports (Chapter 6) Step 1: Configure trunk ports on S1 and S2. a. Configure port Fa0/1 on S1 as a trunk port. b. Configure port Fa0/1 on S2 as a trunk port. c. Verify that S1 port Fa0/1 is in trunking mode. Step 2: Change the native VLAN for the trunk ports on S1 and S2. Changing the native VLAN for trunk ports to an unused VLAN helps prevent VLAN hopping attacks. a. Set the native VLAN on the S1 Fa0/1 trunk interface to an unused VLAN 99 . b. Set the native VLAN on the S2 Fa0/1 trunk interface to VLAN 99 .
Step 3: Prevent the use of DTP on S1 and S2. Set the trunk ports on S1 and S2 so that they do not negotiate by turning off the generation of DTP frames.
Step 4: Verify the trunking configuration on port Fa0/1. Step 5: Enable storm control for broadcasts. Enable storm control for broadcasts on the trunk port with a 50 percent rising suppression level using the storm-control broadcast command. Step 6: Verify the configuration with the show run command. Task 7: Secure Access Ports (Chapter 6) By manipulating the STP root bridge parameters, network attackers hope to spoof his or her system as the root bridge in the topology. Alternatively, they can spoof a rogue switch that they added to the network as the root bridge. If a port that is configured with PortFast receives a BPDU, STP can put the port into the blocking state by using a feature called BPDU guard. Step 1: Disable trunking on S1, S2, and S3 access ports. a. On S1, configure ports Fa0/5 and F0/6 as access mode only. b. On S2, configure Fa0/18 as access mode only. c. On S3, configure ports Fa0/5 and Fa0/18 as access mode only. Task 8: Protect Against STP Attacks (Chapter 6) The topology has only two switches and no redundant paths, but STP is still active. In this step, you enable some switch security features that can help reduce the possibility of an attacker manipulating switches via STP-related methods. Step 1: Enable PortFast on S1, S2, and S3 access ports. PortFast is configured on access ports that connect to a single workstation or server to enable them to become active more quickly. a. Enable PortFast on the S1 Fa0/5 and Fa0/6 access ports.
b. Enable PortFast on the S2 Fa0/18 access port. c. Enable PortFast on the S3 Fa0/5 and Fa0/18 access port.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture