SlideShare a Scribd company logo

6.5.1.3 packet tracer layer 2 vlan security instructor

Salem Trabelsi
Salem Trabelsi

The document describes a network configuration activity with the following objectives: 1. Create a redundant trunk link between two switches and configure VLAN trunking and security. 2. Implement a management VLAN and connect a management PC for secure access to network devices. 3. Use an ACL on the router interface to allow the management PC access while preventing other devices from accessing the management VLAN.

Education
1 of 6
Download to read offline
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 6 Packet Tracer - Layer 2 VLAN Security (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Objectives  Connect a new redundant link between SW-1 and SW-2.  Enable trunking and configure security on the new trunk link between SW-1 and SW-2.  Create a new management VLAN (VLAN 20) and attach a management PC to that VLAN.  Implement an ACL to prevent outside users from accessing the management VLAN. Background / Scenario A company’s network is currently set up using two separate VLANs: VLAN 5 and VLAN 10. In addition, all trunk ports are configured with native VLAN 15. A network administrator wants to add a redundant link between switch SW-1 and SW-2. The link must have trunking enabled and all security requirements should be in place. In addition, the network administrator wants to connect a management PC to switch SW-A. The administrator would like to allow the management PC to be able to connect to all switches and the router, but does not want any other devices to connect to the management PC or the switches. The administrator would like to create a new VLAN 20 for management purposes. All devices have been preconfigured with: o Enable secret password: ciscoenpa55 o Console password: ciscoconpa55
Packet Tracer - Layer 2 VLAN Security © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 6 o VTY line password: ciscovtypa55 Part 1: Verify Connectivity Step 1: Verify connectivity between C2 (VLAN 10) and C3 (VLAN 10). Step 2: Verify connectivity between C2 (VLAN 10) and D1 (VLAN 5). Note: If using the simple PDU GUI packet, be sure to ping twice to allow for ARP. Part 2: Create a Redundant Link Between SW-1 and SW-2 Step 1: Connect SW-1 and SW-2. Using a crossover cable, connect port Fa0/23 on SW-1 to port Fa0/23 on SW-2. Step 2: Enable trunking, including all trunk security mechanisms on the link between SW-1 and SW-2. Trunking has already been configured on all pre-existing trunk interfaces. The new link must be configured for trunking, including all trunk security mechanisms. On both SW-1 and SW-2, set the port to trunk, assign native VLAN 15 to the trunk port, and disable auto-negotiation. SW-1(config)# interface fa0/23 SW-1(config-if)# switchport mode trunk SW-1(config-if)# switchport trunk native vlan 15 SW-1(config-if)# switchport nonegotiate SW-1(config-if)# no shutdown SW-2(config)# interface fa0/23 SW-2(config-if)# switchport mode trunk SW-2(config-if)# switchport trunk native vlan 15 SW-2(config-if)# switchport nonegotiate SW-2(config-if)# no shutdown Part 3: Enable VLAN 20 as a Management VLAN The network administrator wants to access all switch and routing devices using a management PC. For security, the administrator wants to ensure that all managed devices are on a separate VLAN. Step 1: Enable a management VLAN (VLAN 20) on SW-A. a. Enable VLAN 20 on SW-A. SW-A(config)# vlan 20 SW-A(config-vlan)# exit b. Create an interface VLAN 20 and assign an IP address within the 192.168.20.0/24 network. SW-A(config)# interface vlan 20 SW-A(config-if)# ip address 192.168.20.1 255.255.255.0 Step 2: Enable the same management VLAN on all other switches. a. Create the management VLAN on all switches: SW-B, SW-1, SW-2, and Central.
Packet Tracer - Layer 2 VLAN Security © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 6 SW-B(config)# vlan 20 SW-B(config-vlan)# exit SW-1(config)# vlan 20 SW-1(config-vlan)# exit SW-2(config)# vlan 20 SW-2(config-vlan)# exit Central(config)# vlan 20 Central(config-vlan)# exit b. Create an interface VLAN 20 on all switches and assign an IP address within the 192.168.20.0/24 network. SW-B(config)# interface vlan 20 SW-B(config-if)# ip address 192.168.20.2 255.255.255.0 SW-1(config)# interface vlan 20 SW-1(config-if)# ip address 192.168.20.3 255.255.255.0 SW-2(config)# interface vlan 20 SW-2(config-if)# ip address 192.168.20.4 255.255.255.0 Central(config)# interface vlan 20 Central(config-if)# ip address 192.168.20.5 255.255.255.0 Step 3: Configure the management PC and connect it to SW-A port Fa0/1. Ensure that the management PC is assigned an IP address within the 192.168.20.0/24 network. Connect the management PC to SW-A port Fa0/1. Step 4: On SW-A, ensure the management PC is part of VLAN 20. Interface Fa0/1 must be part of VLAN 20. SW-A(config)# interface fa0/1 SW-A(config-if)# switchport access vlan 20 SW-A(config-if)# no shutdown Step 5: Verify connectivity of the management PC to all switches. The management PC should be able to ping SW-A, SW-B, SW-1, SW-2, and Central. Part 4: Enable the Management PC to Access Router R1 Step 1: Enable a new subinterface on router R1. a. Create subinterface Fa0/0.3 and set encapsulation to dot1q 20 to account for VLAN 20. R1(config)# interface fa0/0.3 R1(config-subif)# encapsulation dot1q 20
Packet Tracer - Layer 2 VLAN Security © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 6 b. Assign an IP address within the 192.168.20.0/24 network. R1(config)# interface fa0/0.3 R1(config-subif)# ip address 192.168.20.100 255.255.255.0 Step 2: Verify connectivity between the management PC and R1. Be sure to configure the default gateway on the management PC to allow for connectivity. Step 3: Enable security. While the management PC must be able to access the router, no other PC should be able to access the management VLAN. a. Create an ACL that denies any network from accessing the 192.168.20.0/24 network, but permits all other networks to access one another. Example: (may vary from student configuration) R1(config)# access-list 101 deny ip any 192.168.20.0 0.0.0.255 R1(config)# access-list 101 permit ip any any b. Apply the ACL to the proper interface(s). Example: (may vary from student configuration) R1(config)# interface fa0/0.1 R1(config-subif)# ip access-group 101 in R1(config-subif)# interface fa0/0.2 R1(config-subif)# ip access-group 101 in Note: There are multiple ways in which an ACL can be created to accomplish the necessary security. For this reason, grading on this portion of the activity is based on the correct connectivity requirements. The management PC must be able to connect to all switches and the router. All other PCs should not be able to connect to any devices within the management VLAN. Step 4: Verify security. a. From the management PC, ping SW-A, SW-B, and R1. Were the pings successful? Explain. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ The pings should have been successful because all devices within the 192.168.20.0 network should be able to ping one another. Devices within VLAN20 are not required to route through the router. b. From D1, ping the management PC. Were the pings successful? Explain. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ The ping should have failed. This is because in order for a device within a different VLAN to successfully ping a device within VLAN20, it must be routed. The router has an ACL that prevents all packets from accessing the 192.168.20.0 network.
Packet Tracer - Layer 2 VLAN Security © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 6 Step 5: Check results. Your completion percentage should be 100%. Click Check Results to see feedback and verification of which required components have been completed. If all components appear to be correct and the activity still shows incomplete, it could be due to the connectivity tests that verify the ACL operation. !!! Script for SW-1 conf t interface fa0/23 switchport mode trunk switchport trunk native vlan 15 switchport nonegotiate no shutdown vlan 20 exit interface vlan 20 ip address 192.168.20.3 255.255.255.0 !!! Script for SW-2 conf t interface fa0/23 switchport mode trunk switchport trunk native vlan 15 switchport nonegotiate no shutdown vlan 20 exit interface vlan 20 ip address 192.168.20.4 255.255.255.0 !!! Script for SW-A conf t vlan 20 exit interface vlan 20 ip address 192.168.20.1 255.255.255.0 interface fa0/1 switchport access vlan 20 no shutdown !!! Script for SW-B conf t vlan 20 exit interface vlan 20 ip address 192.168.20.2 255.255.255.0
Packet Tracer - Layer 2 VLAN Security © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 6 !!! Script for Central conf t vlan 20 exit interface vlan 20 ip address 192.168.20.5 255.255.255.0 !!! Script for R1 conf t interface fa0/0.3 encapsulation dot1q 20 ip address 192.168.20.100 255.255.255.0 access-list 101 deny ip any 192.168.20.0 0.0.0.255 access-list 101 permit ip any any interface FastEthernet0/0.1 ip access-group 101 in interface FastEthernet0/0.2 ip access-group 101 in

Recommended

6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
Salem Trabelsi
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Harris Andrea
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
Salem Trabelsi
 
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
Salem Trabelsi
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
Salem Trabelsi
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 Minutes
CCNAResources
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba, a Hewlett Packard Enterprise company
 

Recommended

6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
Salem Trabelsi
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Harris Andrea
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
Salem Trabelsi
 
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
Salem Trabelsi
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
Salem Trabelsi
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 Minutes
CCNAResources
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba, a Hewlett Packard Enterprise company
 
Free CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdfFree CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdf
Networkershome
 
CCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdf
CCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdfCCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdf
CCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdf
poojaswami31
 
Ccna command
Ccna commandCcna command
Ccna command
Siddhartha Rajbhatt
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
DH Da Lat
 
How to configure vlan, stp, dtp step by step guide
How to configure vlan, stp, dtp step by step guideHow to configure vlan, stp, dtp step by step guide
How to configure vlan, stp, dtp step by step guide
IT Tech
 
IOS Cisco - Cheat sheets
IOS Cisco - Cheat sheetsIOS Cisco - Cheat sheets
IOS Cisco - Cheat sheets
Alejandro Marin
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
Salachudin Emir
 
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Kelson Silva
 
Router commands
Router commandsRouter commands
Router commandsAkshay Bhardwaj
 
Cisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchCisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer Switch
Hamed Moghaddam
 
IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based Firewall
Netwax Lab
 
Aruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference GuideAruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference Guide
Aruba, a Hewlett Packard Enterprise company
 
Vpc notes
Vpc notesVpc notes
Vpc notes
Krunal Shah
 
Storm-Control
Storm-ControlStorm-Control
Storm-Control
NetProtocol Xpert
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheet
Eng. Emad Al-Atoum
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall concepts
Mostafa El Lathy
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port Knocking
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
Muhd Mu'izuddin
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1Aruba, a Hewlett Packard Enterprise company
 
3.4.6-lab---configure-vlans-and-trunking.pdf
3.4.6-lab---configure-vlans-and-trunking.pdf3.4.6-lab---configure-vlans-and-trunking.pdf
3.4.6-lab---configure-vlans-and-trunking.pdf
arif hamidi
 
Exercise 4c stp rapid pvst+ question
Exercise 4c stp rapid pvst+ questionExercise 4c stp rapid pvst+ question
Exercise 4c stp rapid pvst+ question
sufi1248
 

More Related Content

What's hot

Free CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdfFree CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdf
Networkershome
 
CCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdf
CCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdfCCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdf
CCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdf
poojaswami31
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
DH Da Lat
 
How to configure vlan, stp, dtp step by step guide
How to configure vlan, stp, dtp step by step guideHow to configure vlan, stp, dtp step by step guide
How to configure vlan, stp, dtp step by step guide
IT Tech
 
IOS Cisco - Cheat sheets
IOS Cisco - Cheat sheetsIOS Cisco - Cheat sheets
IOS Cisco - Cheat sheets
Alejandro Marin
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
Salachudin Emir
 
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Kelson Silva
 
Cisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchCisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer Switch
Hamed Moghaddam
 
IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based Firewall
Netwax Lab
 
Aruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference GuideAruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference Guide
Aruba, a Hewlett Packard Enterprise company
 
Vpc notes
Vpc notesVpc notes
Vpc notes
Krunal Shah
 
Storm-Control
Storm-ControlStorm-Control
Storm-Control
NetProtocol Xpert
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheet
Eng. Emad Al-Atoum
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall concepts
Mostafa El Lathy
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port Knocking
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
Muhd Mu'izuddin
 

What's hot (20)

Free CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdfFree CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdf
 
CCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdf
CCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdfCCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdf
CCNA-LAB-GUIDE-V3_LAST-ADDITION (4).pdf
 
Ccna command
Ccna commandCcna command
Ccna command
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
 
How to configure vlan, stp, dtp step by step guide
How to configure vlan, stp, dtp step by step guideHow to configure vlan, stp, dtp step by step guide
How to configure vlan, stp, dtp step by step guide
 
IOS Cisco - Cheat sheets
IOS Cisco - Cheat sheetsIOS Cisco - Cheat sheets
IOS Cisco - Cheat sheets
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
 
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations
 
Router commands
Router commandsRouter commands
Router commands
 
Cisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchCisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer Switch
 
IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based Firewall
 
Aruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference GuideAruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference Guide
 
Vpc notes
Vpc notesVpc notes
Vpc notes
 
Storm-Control
Storm-ControlStorm-Control
Storm-Control
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheet
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall concepts
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port Knocking
 
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routingLab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1
 

Similar to 6.5.1.3 packet tracer layer 2 vlan security instructor

3.4.6-lab---configure-vlans-and-trunking.pdf
3.4.6-lab---configure-vlans-and-trunking.pdf3.4.6-lab---configure-vlans-and-trunking.pdf
3.4.6-lab---configure-vlans-and-trunking.pdf
arif hamidi
 
Exercise 4c stp rapid pvst+ question
Exercise 4c stp rapid pvst+ questionExercise 4c stp rapid pvst+ question
Exercise 4c stp rapid pvst+ question
sufi1248
 
Pe1 configuring pvst+ rapid pvst+
Pe1 configuring pvst+ rapid pvst+Pe1 configuring pvst+ rapid pvst+
Pe1 configuring pvst+ rapid pvst+
mohdsyahmi789
 
Vlan lab
Vlan labVlan lab
Vlan lab
tmim8
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?
Huanetwork
 
Ccna3 lab 9_1_5b_en
Ccna3 lab 9_1_5b_enCcna3 lab 9_1_5b_en
Ccna3 lab 9_1_5b_en
vin424
 
Switch inter vlan_routing
Switch inter vlan_routingSwitch inter vlan_routing
Switch inter vlan_routing
Ramesh Thumburu
 
Praktikum Lab 14 - Switch Security Configuration.docx
Praktikum Lab 14 - Switch Security Configuration.docxPraktikum Lab 14 - Switch Security Configuration.docx
Praktikum Lab 14 - Switch Security Configuration.docx
Ihsan Ihsan
 
Cisco labs practical6
Cisco labs practical6Cisco labs practical6
Cisco labs practical6Tai Lam
 
CCNA Lab 5-Configuring Inter-VLAN Routing
CCNA Lab 5-Configuring Inter-VLAN RoutingCCNA Lab 5-Configuring Inter-VLAN Routing
CCNA Lab 5-Configuring Inter-VLAN Routing
Amir Jafari
 
CCNA Lab 4-Configuring EtherChannels and optimizing Spanning Tree Protocol on...
CCNA Lab 4-Configuring EtherChannels and optimizing Spanning Tree Protocol on...CCNA Lab 4-Configuring EtherChannels and optimizing Spanning Tree Protocol on...
CCNA Lab 4-Configuring EtherChannels and optimizing Spanning Tree Protocol on...
Amir Jafari
 
2.3.1.5 packet tracer configuring rapid pvst+ answer
2.3.1.5 packet tracer configuring rapid pvst+ answer2.3.1.5 packet tracer configuring rapid pvst+ answer
2.3.1.5 packet tracer configuring rapid pvst+ answer
Narayana Samy
 
CCN3Switching_lab_5_5_2
CCN3Switching_lab_5_5_2CCN3Switching_lab_5_5_2
CCN3Switching_lab_5_5_2alan moreno
 
Cisco labs practical7
Cisco labs practical7Cisco labs practical7
Cisco labs practical7Tai Lam
 
CCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part ICCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part I
Amir Jafari
 
Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Dân Chơi
 
Hướng dẫn cài đặt switch planet layer 3
Hướng dẫn cài đặt switch planet layer 3Hướng dẫn cài đặt switch planet layer 3
Hướng dẫn cài đặt switch planet layer 3
3c telecom
 
How to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchHow to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchIT Tech
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercices
saqrjareh
 

Similar to 6.5.1.3 packet tracer layer 2 vlan security instructor (20)

3.4.6-lab---configure-vlans-and-trunking.pdf
3.4.6-lab---configure-vlans-and-trunking.pdf3.4.6-lab---configure-vlans-and-trunking.pdf
3.4.6-lab---configure-vlans-and-trunking.pdf
 
Exercise 4c stp rapid pvst+ question
Exercise 4c stp rapid pvst+ questionExercise 4c stp rapid pvst+ question
Exercise 4c stp rapid pvst+ question
 
Pe1 configuring pvst+ rapid pvst+
Pe1 configuring pvst+ rapid pvst+Pe1 configuring pvst+ rapid pvst+
Pe1 configuring pvst+ rapid pvst+
 
Vlan lab
Vlan labVlan lab
Vlan lab
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?
 
Ccna3 lab 9_1_5b_en
Ccna3 lab 9_1_5b_enCcna3 lab 9_1_5b_en
Ccna3 lab 9_1_5b_en
 
Switch inter vlan_routing
Switch inter vlan_routingSwitch inter vlan_routing
Switch inter vlan_routing
 
Praktikum Lab 14 - Switch Security Configuration.docx
Praktikum Lab 14 - Switch Security Configuration.docxPraktikum Lab 14 - Switch Security Configuration.docx
Praktikum Lab 14 - Switch Security Configuration.docx
 
Cisco labs practical6
Cisco labs practical6Cisco labs practical6
Cisco labs practical6
 
CCNA Lab 5-Configuring Inter-VLAN Routing
CCNA Lab 5-Configuring Inter-VLAN RoutingCCNA Lab 5-Configuring Inter-VLAN Routing
CCNA Lab 5-Configuring Inter-VLAN Routing
 
CCNA Lab 4-Configuring EtherChannels and optimizing Spanning Tree Protocol on...
CCNA Lab 4-Configuring EtherChannels and optimizing Spanning Tree Protocol on...CCNA Lab 4-Configuring EtherChannels and optimizing Spanning Tree Protocol on...
CCNA Lab 4-Configuring EtherChannels and optimizing Spanning Tree Protocol on...
 
2.3.1.5 packet tracer configuring rapid pvst+ answer
2.3.1.5 packet tracer configuring rapid pvst+ answer2.3.1.5 packet tracer configuring rapid pvst+ answer
2.3.1.5 packet tracer configuring rapid pvst+ answer
 
corporate network
corporate networkcorporate network
corporate network
 
CCN3Switching_lab_5_5_2
CCN3Switching_lab_5_5_2CCN3Switching_lab_5_5_2
CCN3Switching_lab_5_5_2
 
Cisco labs practical7
Cisco labs practical7Cisco labs practical7
Cisco labs practical7
 
CCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part ICCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part I
 
Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011
 
Hướng dẫn cài đặt switch planet layer 3
Hướng dẫn cài đặt switch planet layer 3Hướng dẫn cài đặt switch planet layer 3
Hướng dẫn cài đặt switch planet layer 3
 
How to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchHow to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switch
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercices
 

Recently uploaded

MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
bennyroshan06
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
PedroFerreira53928
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
GeoBlogs
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
Excellence Foundation for South Sudan
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
rosedainty
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
PedroFerreira53928
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
EduSkills OECD
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
Vivekanand Anglo Vedic Academy
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 

Recently uploaded (20)

MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 

6.5.1.3 packet tracer layer 2 vlan security instructor

  • 1. © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 6 Packet Tracer - Layer 2 VLAN Security (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Objectives  Connect a new redundant link between SW-1 and SW-2.  Enable trunking and configure security on the new trunk link between SW-1 and SW-2.  Create a new management VLAN (VLAN 20) and attach a management PC to that VLAN.  Implement an ACL to prevent outside users from accessing the management VLAN. Background / Scenario A company’s network is currently set up using two separate VLANs: VLAN 5 and VLAN 10. In addition, all trunk ports are configured with native VLAN 15. A network administrator wants to add a redundant link between switch SW-1 and SW-2. The link must have trunking enabled and all security requirements should be in place. In addition, the network administrator wants to connect a management PC to switch SW-A. The administrator would like to allow the management PC to be able to connect to all switches and the router, but does not want any other devices to connect to the management PC or the switches. The administrator would like to create a new VLAN 20 for management purposes. All devices have been preconfigured with: o Enable secret password: ciscoenpa55 o Console password: ciscoconpa55
  • 2. Packet Tracer - Layer 2 VLAN Security © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 6 o VTY line password: ciscovtypa55 Part 1: Verify Connectivity Step 1: Verify connectivity between C2 (VLAN 10) and C3 (VLAN 10). Step 2: Verify connectivity between C2 (VLAN 10) and D1 (VLAN 5). Note: If using the simple PDU GUI packet, be sure to ping twice to allow for ARP. Part 2: Create a Redundant Link Between SW-1 and SW-2 Step 1: Connect SW-1 and SW-2. Using a crossover cable, connect port Fa0/23 on SW-1 to port Fa0/23 on SW-2. Step 2: Enable trunking, including all trunk security mechanisms on the link between SW-1 and SW-2. Trunking has already been configured on all pre-existing trunk interfaces. The new link must be configured for trunking, including all trunk security mechanisms. On both SW-1 and SW-2, set the port to trunk, assign native VLAN 15 to the trunk port, and disable auto-negotiation. SW-1(config)# interface fa0/23 SW-1(config-if)# switchport mode trunk SW-1(config-if)# switchport trunk native vlan 15 SW-1(config-if)# switchport nonegotiate SW-1(config-if)# no shutdown SW-2(config)# interface fa0/23 SW-2(config-if)# switchport mode trunk SW-2(config-if)# switchport trunk native vlan 15 SW-2(config-if)# switchport nonegotiate SW-2(config-if)# no shutdown Part 3: Enable VLAN 20 as a Management VLAN The network administrator wants to access all switch and routing devices using a management PC. For security, the administrator wants to ensure that all managed devices are on a separate VLAN. Step 1: Enable a management VLAN (VLAN 20) on SW-A. a. Enable VLAN 20 on SW-A. SW-A(config)# vlan 20 SW-A(config-vlan)# exit b. Create an interface VLAN 20 and assign an IP address within the 192.168.20.0/24 network. SW-A(config)# interface vlan 20 SW-A(config-if)# ip address 192.168.20.1 255.255.255.0 Step 2: Enable the same management VLAN on all other switches. a. Create the management VLAN on all switches: SW-B, SW-1, SW-2, and Central.
  • 3. Packet Tracer - Layer 2 VLAN Security © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 6 SW-B(config)# vlan 20 SW-B(config-vlan)# exit SW-1(config)# vlan 20 SW-1(config-vlan)# exit SW-2(config)# vlan 20 SW-2(config-vlan)# exit Central(config)# vlan 20 Central(config-vlan)# exit b. Create an interface VLAN 20 on all switches and assign an IP address within the 192.168.20.0/24 network. SW-B(config)# interface vlan 20 SW-B(config-if)# ip address 192.168.20.2 255.255.255.0 SW-1(config)# interface vlan 20 SW-1(config-if)# ip address 192.168.20.3 255.255.255.0 SW-2(config)# interface vlan 20 SW-2(config-if)# ip address 192.168.20.4 255.255.255.0 Central(config)# interface vlan 20 Central(config-if)# ip address 192.168.20.5 255.255.255.0 Step 3: Configure the management PC and connect it to SW-A port Fa0/1. Ensure that the management PC is assigned an IP address within the 192.168.20.0/24 network. Connect the management PC to SW-A port Fa0/1. Step 4: On SW-A, ensure the management PC is part of VLAN 20. Interface Fa0/1 must be part of VLAN 20. SW-A(config)# interface fa0/1 SW-A(config-if)# switchport access vlan 20 SW-A(config-if)# no shutdown Step 5: Verify connectivity of the management PC to all switches. The management PC should be able to ping SW-A, SW-B, SW-1, SW-2, and Central. Part 4: Enable the Management PC to Access Router R1 Step 1: Enable a new subinterface on router R1. a. Create subinterface Fa0/0.3 and set encapsulation to dot1q 20 to account for VLAN 20. R1(config)# interface fa0/0.3 R1(config-subif)# encapsulation dot1q 20
  • 4. Packet Tracer - Layer 2 VLAN Security © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 6 b. Assign an IP address within the 192.168.20.0/24 network. R1(config)# interface fa0/0.3 R1(config-subif)# ip address 192.168.20.100 255.255.255.0 Step 2: Verify connectivity between the management PC and R1. Be sure to configure the default gateway on the management PC to allow for connectivity. Step 3: Enable security. While the management PC must be able to access the router, no other PC should be able to access the management VLAN. a. Create an ACL that denies any network from accessing the 192.168.20.0/24 network, but permits all other networks to access one another. Example: (may vary from student configuration) R1(config)# access-list 101 deny ip any 192.168.20.0 0.0.0.255 R1(config)# access-list 101 permit ip any any b. Apply the ACL to the proper interface(s). Example: (may vary from student configuration) R1(config)# interface fa0/0.1 R1(config-subif)# ip access-group 101 in R1(config-subif)# interface fa0/0.2 R1(config-subif)# ip access-group 101 in Note: There are multiple ways in which an ACL can be created to accomplish the necessary security. For this reason, grading on this portion of the activity is based on the correct connectivity requirements. The management PC must be able to connect to all switches and the router. All other PCs should not be able to connect to any devices within the management VLAN. Step 4: Verify security. a. From the management PC, ping SW-A, SW-B, and R1. Were the pings successful? Explain. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ The pings should have been successful because all devices within the 192.168.20.0 network should be able to ping one another. Devices within VLAN20 are not required to route through the router. b. From D1, ping the management PC. Were the pings successful? Explain. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ The ping should have failed. This is because in order for a device within a different VLAN to successfully ping a device within VLAN20, it must be routed. The router has an ACL that prevents all packets from accessing the 192.168.20.0 network.
  • 5. Packet Tracer - Layer 2 VLAN Security © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 6 Step 5: Check results. Your completion percentage should be 100%. Click Check Results to see feedback and verification of which required components have been completed. If all components appear to be correct and the activity still shows incomplete, it could be due to the connectivity tests that verify the ACL operation. !!! Script for SW-1 conf t interface fa0/23 switchport mode trunk switchport trunk native vlan 15 switchport nonegotiate no shutdown vlan 20 exit interface vlan 20 ip address 192.168.20.3 255.255.255.0 !!! Script for SW-2 conf t interface fa0/23 switchport mode trunk switchport trunk native vlan 15 switchport nonegotiate no shutdown vlan 20 exit interface vlan 20 ip address 192.168.20.4 255.255.255.0 !!! Script for SW-A conf t vlan 20 exit interface vlan 20 ip address 192.168.20.1 255.255.255.0 interface fa0/1 switchport access vlan 20 no shutdown !!! Script for SW-B conf t vlan 20 exit interface vlan 20 ip address 192.168.20.2 255.255.255.0
  • 6. Packet Tracer - Layer 2 VLAN Security © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 6 !!! Script for Central conf t vlan 20 exit interface vlan 20 ip address 192.168.20.5 255.255.255.0 !!! Script for R1 conf t interface fa0/0.3 encapsulation dot1q 20 ip address 192.168.20.100 255.255.255.0 access-list 101 deny ip any 192.168.20.0 0.0.0.255 access-list 101 permit ip any any interface FastEthernet0/0.1 ip access-group 101 in interface FastEthernet0/0.2 ip access-group 101 in