S1config interface fastethernet 01 s1config if

This preview shows page 13 - 15 out of 18 pages.

S1(config)# interface FastEthernet 0/1 S1(config-if)# spanning-tree bpduguard enable S1(config)# interface FastEthernet 0/6 S1(config-if)# spanning-tree bpduguard enable Task 3: Configure Port Security and Disable Unused Ports. Step 1: Configure basic port security for the S1 access port. Use the default port security options (set maximum MAC addresses to 1 and violation action to shutdown). Allow the secure MAC address that is dynamically learned on a port be added to the switch running configuration. S1(config)# interface FastEthernet 0/1 S1(config-if)#shutdown S1(config-if)#switchport port-security S1(config-if)#switchport port-security mac-address [your switch mac address] S1(config-if)#switchport port-security mac-address sticky S1(config-if)#no shutdown S1(config)# interface FastEthernet 0/6 S1(config-if)# shutdown S1(config-if)#switchport port-security S1(config-if)#switchport port-security mac-address [your switch mac address] S1(config-if)#switchport port-security mac-address sticky S1(config-if)#no shutdown Step 2: Disable unused ports on S1. As a further security measure, disable any ports not being used. S1(config)#interface range FastEthernet 0/2-5 S1(config)#shutdown S1(config)#interface range FastEthernet 0/7-24 S1(config)#shutdown Part 6: Configure ASA Basic Settings and Firewall Task 1: Prepare the ASA for ASDM access. Step 1: Clear the previous ASA configuration settings. ciscoasa# write erase ciscoasa# show start ciscoasa# reload Step 2: Bypass Setup Mode and configure the VLAN/routed interfaces using CLI. a. The VLAN 1 logical interface will be used by PC-B to access ASDM on ASA physical interface E0/1. Configure interface VLAN 1 and name it “ inside ”. Specify IP address 192.168.10.1 and subnet mask 255.255.255.0 . Verify that the security level is set to 100 .
All contents are Copyright © 1992–2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 14 of 10 CCNA Security ciscoasa(config)# interface vlan 1 ciscoasa(config-if)# nameif inside “INFO: Security level for "inside" set to 100 by default.” ciscoasa(config-if)# ip address 192.168.10.1 255.255.255.0 ciscoasa(config-if)# exit b. Pre-configure interface VLAN 2 and name it “ outside ”, and add physical interface E0/0 to VLAN 2. You will assign the IP address using ASDM. Verify that the security level is set to 0 . ciscoasa(config)# interface vlan 2 ciscoasa(config-if)# nameif outside “INFO: Security level for "outside" set to 0 by default.” ciscoasa(config-if)# interface e0/0 ciscoasa(config-if)# switchport access vlan 2 ciscoasa(config-if)# no shut ciscoasa(config-if)# exit c. Test Connectivity to the ASA by pinging from PC-B to ASA interface VLAN 1 IP address 192.168.10.1 . The pings should be successful. On PC-B >> ping 192.168.10.1 Step 3: Configure and verify access to the ASA from the inside network.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture