Unit Exam 1 Answer Key:

Part 1 Answer Key:

I. Title:

Port Security Configuration

II. Introduction:

By default, all interfaces on a Cisco switch are turned on. That means that
an attacker could connect to your network through a wall socket and
potentially threaten your network. If you know which devices will be
connected to which ports, you can use the Cisco security feature called port
security. By using port security, a network administrator can associate
specific MAC addresses with the interface, which can prevent an attacker to
connect his device. This way you can restrict access to an interface so that
only the authorized devices can use it. If an unauthorized device is
connected, you can decide what action the switch will take, for example
discarding the traffic and shutting down the port.

To configure port security, three steps are required:

1. define the interface as an access interface by using the switchport mode

access interface subcommand
2. enable port security by using the switchport port-security interface
subcommand
3. define which MAC addresses are allowed to send frames through this
interface by using the switchport port-security mac-address MAC_ADDRESS
interface subcommand or using the switchports port-security mac-address
sticky interface subcommand to dynamically learn the MAC address of the
currently connected host

Two steps are optional:

1. define what action the switch will take when receiving a frame from an
unauthorized device by using the port security violation {protect | restrict |
shutdown} interface subcommand. All three options discard the traffic from
the unauthorized device. The restrict and shutdown options send a log
message when a violation occurs. Shut down mode also shuts down the
port.
2. define the maximum number of MAC addresses that can be used on the
port by using the switchport port-security maximum NUMBER interface sub
mode command
The following example shows the configuration of port security on a Cisco
switch:

First, we need to enable port security and define which MAC addresses are
allowed to send frames:

Next, by using the show port-security interface fa0/1 we can see that the
switch has learned the MAC address of host A:

By default, the maximum number of allowed MAC addresses are one, so if

we connect another host to the same port, the security violation will occur:
 The status code of err-disabled means that the security violation occurred
on the port.

In this activity you will configure Port Security on a small campus

network.

III. Instruction:

Disable Unused Ports

1) Disable all unused ports on SW1. This prevents unauthorized hosts

plugging in to them to gain access to the network.
 Port Security Configuration

2) Configure port security on interface FastEthernet 0/1. Allow a maximum

of two MAC addresses and manually add PC1’s MAC address to the
configuration.

3) Enable Port Security on interface FastEthernet 0/2 with the default

settings.

4) Use a ‘show port-security’ command to verify the MAC address on PC2.

5) Verify the full Port Security configuration on both interfaces.

IV. Interpretation of data (programs will be checked on your video

recording):

Disable Unused Ports

1) Disable all unused ports on SW1. This prevents unauthorized hosts

plugging in to them to gain access to the network.

‘show ip interface brief’ shows ports FastEthernet 0/1 – 24 and

GigabitEthernet0/1 – 2. Interfaces FastEthernet 0/1 and 0/2 are in use.

SW1#sh ip int brief

Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES manual up up
! truncated
FastEthernet0/24 unassigned YES manual down down
GigabitEthernet0/1 unassigned YES manual down down
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down

Interfaces FastEthernet 0/1 and 0/2 are in use.

SW1(config)#interface range f0/3 - 24

SW1(config-if-range)#shutdown

SW1(config-if-range)#interface range g0/1 - 2

SW1(config-if-range)#shutdown

Port Security Configuration

2) Configure port security on interface FastEthernet 0/1. Allow a maximum

of two MAC addresses and manually add PC1’s MAC address to the
configuration.

We need to discover PC1’s MAC address. We can get this information from
the PC itself or from the switch. Use ‘ipconfig /all’ to find it on the PC.

Use ‘show mac address-table’ to find it on the switch. Use ping to

generate some traffic from the PC if it does not show up in the MAC
address table.

You need to make the interface an access port before the switch will
accept Port Security configuration. No VLANs are configured on the switch
or specified in the lab task so leave it in the default VLAN 1.

SW1(config)#int f0/1
SW1(config-if)#switch mode access

Add the Port Security configuration.

SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security maximum 2
SW1(config-if)#switchport port-security mac-address0000.1111.1111

3) Enable Port Security on interface FastEthernet 0/2 with the default

settings.

SW1(config)#int f0/2
SW1(config-if)#switch mode access
SW1(config-if)#switchport port-security
4) Use a ‘show port-security’ command to verify the MAC address on PC2.

You may have to ping from PC2 first to generate some traffic.

PC2’s MAC address is 0000.2222.2222

 5) Verify the full Port Security configuration on both interfaces.

SW1#show port-security int f0/1\

Port Security : Enabled
Port Status : Secure-up
Violation Mode : ShutdownAging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.1111.1111:1
Security Violation Count : 0

SW1#show port-security int f0/2

Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.2222.2222:1
Security Violation Count : 0

Part 2 Answer Key

V. Title:

Line Coding Scheme

VI. Introduction:

Line coding is the process of converting binary data, a sequence of bits to

a digital signal.

Encoding is the process of using various patterns of voltage or current levels

to represent 1s and 0s of the digital signals on the transmission link. The
common types of line encoding are Unipolar, Polar, Bipolar, and
Manchester.
 The data encoding technique is divided into the following types, depending
upon the type of data conversion.
• Analog data to Analog signals − The modulation techniques such as
Amplitude Modulation, Frequency Modulation and Phase Modulation of
analog signals, fall under this category.
• Analog data to Digital signals − This process can be termed as
digitization, which is done by Pulse Code Modulation PCM Hence, it is
nothing but digital modulation. As we have already discussed, sampling and
quantization are the important factors in this. Delta Modulation gives a
better output than PCM.
• Digital data to Analog signals − The modulation techniques such as
Amplitude Shift Keying ASK, Frequency Shift Keying FSK, Phase Shift
Keying PSK, etc., fall under this category. These will be discussed in
subsequent chapters.
• Digital data to Digital signals − These are in this section. There are
several ways to map digital data to digital signals. Some of them are –
• NRZ Codes has 1 for High voltage level and 0 for Low voltage level. The
main behavior of NRZ codes is that the voltage level remains constant
during bit interval. The end or start of a bit will not be indicated and it will
maintain the same voltage state if the value of the previous bit and the
value of the present bit are same.
• NZR Level - There is a change in the polarity of the signal, only when the
incoming signal changes from 1 to 0 or from 0 to 1. It is the same as NRZ,
however, the first bit of the input signal should have a change of polarity.
• NZR Inverted - If a 1 occurs at the incoming signal, then there occurs a
transition at the beginning of the bit interval. For a 0 at the incoming signal,
there is no transition at the beginning of the bit interval. NRZ codes has a
disadvantage that the synchronization of the transmitter clock with the
receiver clock gets completely disturbed when there is a string of 1s and
0s. Hence, a separate clock line needs to be provided.
• Bi-Phase Manchester - In this type of coding, the transition is done at
the middle of the bit-interval. The transition for the resultant pulse is from
High to Low in the middle of the interval, for the input bit 1. While the
transition is from low to high for the input bit 0.
• Differential Manchester - In this type of coding, there always occurs a
transition in the middle of the bit interval. If there occurs a transition at the
beginning of the bit interval, then the input bit is 0. If no transition occurs
at the beginning of the bit interval, then the input bit is 1.
• Bipolar AMI - AMI means Bipolar Alternate Mark Inversion. It is the
elementary method of bipolar encoding. Here the word 'mark' comes
from telegraphy defines 1. AMI defines alternate 1 inversion. In the Bipolar
AMI encoding scheme, 0 bit is defined by zero levels and 1 bit is described
by rotating positive and negative voltages
• B8ZS - stands for Bipolar 8-Zero Substitution. It is a line coding/data
transmission format used for T1 (i.e. DS1 signals) lines. This transmission
format is used to prevent too many consecutive zeros from being
transmitted.
• HDB3 - The purpose of this is to prevent long runs of 0's in the data
stream which may otherwise prevent a DPLL from tracking the
centre of each bit. Such a code is sometimes called a "run length limited"
code, since it limits the runs of 0's which would otherwise be produced by
AMI.
VII. Instruction:

Convert the following binary data (110011010000100000000110) to a

sequence of bits digital signal (Unipolar NRZ, Polar NRZ, Polar, RZ, NRZI,
Manchester, Differential Manchester, Bipolar AMI, B8ZS and HDB3). You
may use the table or a graphing paper for the data.
VIII. Interpretation of data (ANSWER OF INSTRUCTION SECTION):