e-Portfolio - Don McClintock

By admin, 25 April, 2009
Topic
Technology
Non sequitur

e-Portfolio for Don McClintock

CNT-2102 Switching & Wireless Fundamentals

Equipment 1 2912 or 2924 Switch (left), 1 2950 or 2960 Switch (right), 1Router with two FastEthernet interfaces and capable of trunking, 1 Cisco/Linksys Wireless Access Point, and 1 laptop with wireless capabilities. If available, and if time permits use a Cisco Wireless Card and its accompanying software.

RESULTS

Click on each link to review configs.

!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SW1
!
enable secret 5 $1$On7u$9XWjD3vAAdHqTINf7MqyU1
!
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
interface FastEthernet0/1
 description TO CISCO 1841 FA0/0
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 99
 switchport trunk allowed vlan 1,5,7,9,99,1002-1005
 switchport mode trunk
!
interface FastEthernet0/2
 shutdown
!
interface FastEthernet0/3
 shutdown
!
interface FastEthernet0/4
 shutdown
!
interface FastEthernet0/5
 description PC1
 switchport access vlan 5
!
interface FastEthernet0/6
 description PC2
 switchport access vlan 5
!
interface FastEthernet0/7
 description PC3
 switchport access vlan 7
!
interface FastEthernet0/8
 shutdown
!
interface FastEthernet0/9
 shutdown
!
interface FastEthernet0/10
 shutdown
!
interface FastEthernet0/11
 shutdown
!
interface FastEthernet0/12
 description TRUNK to SW2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 99
 switchport mode trunk
!
interface VLAN1
 no ip directed-broadcast
 no ip route-cache
 shutdown
!
interface VLAN99
 ip address 192.168.1.2 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
!
ip default-gateway 192.168.1.1
banner motd  NO UNAUTHORIZED ACCESS ! 
!
line con 0
 password 7 0822455D0A16
 logging synchronous
 login
 transport input none
 stopbits 1
line vty 0 4
 password 7 0822455D0A16
 logging synchronous
 login
line vty 5 15
 password 7 0822455D0A16
 logging synchronous
 login
!
end

  1. SW1 Config
  2. SW2 Config
  3. R1 Config
  4. R1:IP-Routes

WIRELESS ROUTER Images

Screenshots from the Wireless Router follow:
  • Screenshot 1
  • Screenshot 2
  • Screenshot 3
  • Screenshot 4

    • Click here for the Network Diagram

    In addition to the diagram do the following.

    1. Configure the Management vlan to be anything other than vlan 1.
    2. Configure Spanning-tree portfast wherever advisable.
    3. Configure SW1 so you can remotely access it via SSH, and only SSH (remotely) to it. Be sure the switch has the IOS to do SSH.
    4. Configure SW2 so you can remotely access it via telnet.
    5. Be sure your VTP is secure.
    6. Enable VTP “pruning.”
    7. Be sure to name vlan5, vlan 7, and vlan9.
    8. Implement port/switch security. Include the following: 1) maximum number of MAC addresses per port, 2) static mapping of MAC to port number, 3) shutting down unused ports, 4) action taken when there is a port security breach, etc…
    9. Although in a production network the wireless part of your network would/should take much stronger security measures, all you need to do for this exercise is to:
      1. assign an SSID
      2. a 104/128 bit WEP key
      3. disable SSID broadcasting (beaconing)
      4. enable MAC filtering

    When you are done and everything can ping, save the following output from the appropriate devices.

    1. show ip route
    2. show running-config
    3. show vlan brief
    4. show vtp status
    5. if necessary, screen shots from the AP (WRT300N).
    6. screen shots from PC connected wirelessly and pings to all locations
    7. whatever other commands you think appropriate.