Lab – Configuring Switch Security Features

 Issue the show vlan command on S1. What is the status of VLAN 99?
: - active

 Issue the show ip interface brief command on S1. What is the status and protocol for
management interface VLAN 99?
: - Status is up, and protocol is down.

 Why is the protocol down, even though you issued the no shutdown command for interface
VLAN 99?
: - No physical ports on the switch have been assigned to VLAN 99

 Issue the show ip interface brief command on S1. What is the status and protocol showing for
interface VLAN 99?
: - Up and up

 From PC-A, ping the default gateway address on R1. Were your pings successful?
: - Yes

 From PC-A, ping the management address of S1. Were your pings successful?
: - Yes

 From S1, ping the default gateway address on R1. Were your pings successful?
: - Yes

 From PC-A, open a web browser and go to http://172.16.99.11 . If you are prompted for a
username and password, leave the username blank and use class for the password. If you are
prompted for a secured connection, answer No. Were you able to access the web interface on
S1?
: - Yes

 What version of SSH is the switch using?

: - 1.99

 How many authentication attempts does SSH allow?

:-3

 What is the default timeout setting for SSH?

: - 120 seconds
 How many authentication attempts does SSH allow?
:-2

 What is the timeout setting for SSH?

: - 75 seconds

 Was the connection successful?

: - Yes

 What is the HTTP server status?

: - Enabled

 What server port is it using?

: - 80

 What is the HTTP secure server status?

: - enabled

 What secure server port is it using?

: - 443

 What is the MAC address of the R1 G0/1 interface?

: - it is 30f7.0da3.1821

 From the S1 CLI, issue a show mac address-table command from privileged EXEC mode. Find the
dynamic entries for ports F0/5 and F0/6. Record them below.
F0/5 MAC address: _________30f7.0da3.1821______________
F0/6 MAC address: _________00e0.b857.1ccd______________

 What is the port status of F0/5?

: - the status is Secure-up, which indicates that the port is secure, but the status and protocol
are up

 From R1 privileged EXEC mode, ping PC-A. Was the ping successful? Why or why not?
: - no, the F0/5 port on S1 is shut down because of the security violation

 From R1, ping PC-A again at 172.16.99.3. Was the ping successful?
: - No
 Reflection

 Why would you enable port security on a switch?

: - It would help prevent unauthorized devices from accessing your network if they
plugged into a switch on your network.
 Why should unused ports on a switch be disabled?
: - One excellent reason is that a user could not connect a device to the switch on an
unused port and access the LAN.