Packet Tracer - 综合技能练习
地址分配表
| 设备 | 接口 | IP 地址 | 子网掩码 |
| S1 | VLAN 1 | 10.10.10.2 | 255.255.255.0 |
| PC1 | NIC | 10.10.10.10 | 255.255.255.0 |
| PC2 | NIC | 10.10.10.11 | 255.255.255.0 |
场景
网络管理员要求您配置新交换机。 在本练习中,您将使用一系列要求配置新交换机的初始设置、SSH 和端口安全。
拓扑图
要求
· 使用以下初始设置配置 S1:
- 主机名
S1(config)#hostname S1
- 包含 warning 一词的横幅
S1(config)#banner motd #Warning,unauthorized access is prohibited#
- 控制台端口登录名和密码 cisco
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
- 已加密启用密码 class
S1(config)#enable secret class
- 加密纯文本密码
S1(config)#service password-encryption
- 管理接口编址
· 使用以下设置配置 SSH 保护远程访问:
- 域名 cisco.com
S1(config)#ip domain-name cisco.com
- RSA 密钥对参数,以支持 SSH 版本 2
S1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
- 设置 SSH 版本 2
S1(config)#ip ssh version 2
- 用户 admin,加密密码 ccna
S1(config)#username admin secret ccna
- VTY 线路仅接受 SSH 连接并使用本地登录进行身份验证
S1(config-line)#line vty 0 4
S1(config-line)#login local
S1(config-line)#transport input ssh
· 配置端口安全功能以限制网络访问:
- 禁用所有未使用的端口。
S1(config-if-range)#interface range f0/3-24,g0/1-2
S1(config-if-range)#shutdown
- 将接口模式设置为接入。
S1(config)#interface range f0/1-2
S1(config-if-range)#switchport mode access
- 启用端口安全以仅允许每个端口两台主机。
S1(config-if-range)#switchport port-security
S1(config-if-range)#switchport port-security maximum 2
- 将 MAC 地址记录在运行配置中。
S1(config-if-range)#switchport port-security mac-address sticky
- 确保在发生端口违规时禁用端口。
S1(config-if-range)#switchport port-security violation shutdown
实验步骤:
S1:
Switch>en
Switch#conf
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#banner motd #Warning,unauthorized access is prohibited#
S1(config)#service password-encryption
S1(config)#enable secret class
S1(config)#username admin secret ccna
S1(config)#ip domain-name cisco.com
S1(config)#crypto key generate rsa
The name for the keys will be: S1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
S1(config)#ip ssh version 2
S1(config)#interface range f0/1-2
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport port-security
S1(config-if-range)#switchport port-security maximum 2
S1(config-if-range)#switchport port-security mac-address sticky
S1(config-if-range)#switchport port-security violation shutdown
S1(config-if-range)#interface range f0/3-24,g0/1-2
S1(config-if-range)#shutdown%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/7, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/9, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/16, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/21, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/23, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administratively down
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
S1(config-if-range)#interface vlan 1
S1(config-if)#ip add 10.10.10.2 255.255.255.0
S1(config-if)#no shutdownS1(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
S1(config-if)#exit
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line vty 0 4
S1(config-line)#login local
S1(config-line)#transport input ssh
S1(config-line)#endS1#
%SYS-5-CONFIG_I: Configured from console by console
S1#wr
Building configuration...
[OK]
S1#
实验链接:https://pan.baidu.com/s/1j1PGnOLBkq0va-WegRgzoA?pwd=5312
提取码:5312
--来自百度网盘超级会员V2的分享
