Note: Privilege level 15 is known as “enable mode” or “privileged exec mode,” and authorizes all commands by default.
Verification
Try to telnet to Sw101 from PC1:
On PC1:
PC1:\> telnet 192.168.100.1
Trying 192.168.100.1 …Open User Access Verification
Username: support //Type “support” here Password: ***** //Type “max2leam” here
Sw101#
Task 2. Configure and apply a single NACL on Sw101
Use the “show ip interface brief” command on Sw101, we learn the IP address of interface VLAN 100 is 192.168.100.1/24. We will use this IP address to “allow only PC2 on VLAN 200 to telnet to Sw101”.
On Sw101:
ip access-list extended ENT_ACL
deny icmp host 192.168.200.10 host 192.168.100.10
permit tcp host 192.168.200.10 host 192.168.100.1 eq telnet deny tcp 192.168.200.0 0.0.0.255 any eq telnet
permit ip any any
interface e0/2
ip access-group ENT_ACL in
Verification
+ Check to make sure PC2 cannot ping PC1:
PC2:\> ping 192.168.100.10
Pinging 192.168.100.10 with 32 bytes of data Request timed out.
Request timed out. Request timed out. Request timed out.
+ Check if only PC2 on VLAN 200 to telnet to Sw101 and prevent all other devices from telnetting from VLAN 200: PC2:\> telnet 192.168.100.1 //this must be successful
SW102# telnet 192.168.100.1 //this must fail
+ Check the “Allow all other network traffic from VLAN 200” condition by try pinging from PC2 to SW101: PC2:\>ping 192.168.100.1 //this must be successful
Task 3. Configure security on interface Ethernet 0/0 of Sw102.
In this task, it asked “No notification action is required” so we have to use “protect” for violation mode. On Sw102:
int e0/0
switchport port-security
switchport port-security maximum 4 switchport port-security violation protect
Dostları ilə paylaş: | 
