Tuesday, May 13, 2014

How to configure VLANs




Create and name VLANs on S2:
S2#conf t
S2(config)#vlan 10
S2(config-vlan)#name Faculty/Staff
S2(config-vlan)#exit
S2(config)#vlan 20
S2(config-vlan)#name Students
S2(config-vlan)#exit
S2(config)#vlan 30
S2(config-vlan)#name Guest(Default)
S2(config-vlan)#exit
S2(config)#vlan 99
S2(config-vlan)#name Management&Native
S2(config-vlan)#exit

Assign VLANs to the active ports on S2:
S2(config)#int fa0/11
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 10
S2(config-if)#exit
S2(config)#int fa0/18
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 20
S2(config-if)#exit
S2(config)#int fa0/6
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 30
S2(config-if)#exit

Create and name VLANs on S3 and Assign VLANs to the active ports on S3:
Using above same commands create & assign VLANs for S3.
Create and name VLANs on S2:
Using above same commands create VLANs for S1.
Configure Trunk Port at S1 end:
S1(config)#int g1/1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport native vlan 99
S1(config)#int g1/2
S1(config-if)#switchport mode trunk
S1(config-if)#switchport native vlan 99

Configure Native Port at S2 & S3 end:
S2(config)#int g1/1
S2(config-if)#switchport native vlan 99
S3(config)#int g1/2
S3(config-if)#switchport native vlan 99
Posted by at No comments:

How to configure SSH



Configure SSH connection for securely remote connection through a PC to Switch


Device
Interface
IP Address
Subnet Mask
S1
VLAN 1
10.10.10.2
255.255.255.0
PC1
NIC
10.10.10.10
255.255.255.0

SSH should replace Telnet for management connections. Telnet uses insecure plain text communications. SSH provides security for remote connections by providing strong encryption of all transmitted data between devices. In this activity, you will secure a remote switch with password encryption and SSH.

As we already have telnet connection, so firstly we are going to connect by telnet through PC1 to S1 for changing the switch configuration telnet to ssh access.
From PC1 command prompt telnet to S1 vlan IP:
PC>telnet 10.10.10.2
Trying 10.10.10.2 ...Open
User Access Verification
Password:
S1>enable
Password:
S1#
Configure the domain name to nrt.com:

S1#conf t
S1(config)#ip domain-name nrt.com
Secure keys are needed to encrypt the data. Generate the RSA keys using a 1024 key length:

S1(config)#crypto key generate rsa
The name for the keys will be: S1.nrt.com
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Create an SSH user and reconfigure the VTY lines for SSH-only access:

S1(config)#username administrator password sshlogin
S1(config)#service password-encryption

Configure the VTY lines to check the local username database for login credentials and to only allow SSH for remote access. Remove the existing vty line password:

S1(config)#line vty 0 15
S1(config-line)#login local
S1(config-line)#no password
S1(config-line)#transport input ssh

  Exit the Telnet session and attempt to log back in using Telnet. The attempt should fail. Attempt to log in using SSH with below command at PC1 command prompt (Password- sshlogin).

PC>ssh -l administrator 10.10.10.2
Open
Password:
Posted by at No comments:
Subscribe to: Comments (Atom)