Packet Tracer - 综合技能练习
地址分配表
设备
接口
IP 地址
子网掩码
S1
VLAN 1
10.10.10.2
255.255.255.0
PC1
NIC
10.10.10.10
255.255.255.0
PC2
NIC
10.10.10.11
255.255.255.0
场景
网络管理员要求您配置新交换机。 在本练习中,您将使用一系列要求配置新交换机的初始设置、SSH 和端口安全。
拓扑图
要求
· 使用以下初始设置配置 S1:
主机名
S1(config)#hostname S1
包含 ****warning**** 一词的横幅
S1(config)#banner motd #Warning,unauthorized access is prohibited#
控制台端口登录名和密码 ****cisco****
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
已加密启用密码 ****class****
S1(config)#enable secret class
加密纯文本密码
S1(config)#service password-encryption
管理接口编址
· 使用以下设置配置 SSH 保护远程访问:
域名 ****cisco.com****
S1(config)#ip domain-name cisco.com
RSA 密钥对参数,以支持 SSH 版本 2
****S1(config)#crypto key generate rsa ****
How many bits in the modulus [512]: 1024
设置 SSH 版本 2
S1(config)#ip ssh version 2
用户 ****admin****,加密密码 ****ccna****
S1(config)#username admin secret ccna
VTY 线路仅接受 SSH 连接并使用本地登录进行身份验证
****S1(config-line)#line vty 0 4 ****
****S1(config-line)#login local ****
****S1(config-line)#transport input ssh ****
· 配置端口安全功能以限制网络访问:
禁用所有未使用的端口。
S1(config-if-range)#interface range f0/3-24,g0/1-2
****S1(config-if-range)#shutdown ****
将接口模式设置为接入。
S1(config)#interface range f0/1-2
****S1(config-if-range)#switchport mode access ****
启用端口安全以仅允许每个端口两台主机。
****S1(config-if-range)#switchport port-security ****
S1(config-if-range)#switchport port-security maximum 2
将 MAC 地址记录在运行配置中。
****S1(config-if-range)#switchport port-security mac-address sticky ****
确保在发生端口违规时禁用端口。
****S1(config-if-range)#switchport port-security violation shutdown ****
实验步骤:
S1:
Switch>en
Switch#conf
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#banner motd #Warning,unauthorized access is prohibited#
S1(config)#service password-encryption
S1(config)#enable secret class
S1(config)#username admin secret ccna
S1(config)#ip domain-name cisco.com
S1(config)#crypto key generate rsa
The name for the keys will be: S1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
S1(config)#ip ssh version 2
S1(config)#interface range f0/1-2
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport port-security
S1(config-if-range)#switchport port-security maximum 2
S1(config-if-range)#switchport port-security mac-address sticky
S1(config-if-range)#switchport port-security violation shutdown
S1(config-if-range)#interface range f0/3-24,g0/1-2
S1(config-if-range)#shutdown
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/7, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/9, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/16, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/21, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/23, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administratively down
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
S1(config-if-range)#interface vlan 1
S1(config-if)#ip add 10.10.10.2 255.255.255.0
S1(config-if)#no shutdown
S1(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
S1(config-if)#exit
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line vty 0 4
S1(config-line)#login local
S1(config-line)#transport input ssh
S1(config-line)#end
S1#
%SYS-5-CONFIG_I: Configured from console by console
S1#wr
Building configuration...
[OK]
S1#
实验链接:https://pan.baidu.com/s/1j1PGnOLBkq0va-WegRgzoA?pwd=5312
提取码:5312
--来自百度网盘超级会员V2的分享
版权归原作者 傻傻的心动 所有, 如有侵权,请联系我们删除。