Transcript SECURE LAB

SECURE LAB: CREATING A CISCO 3550
VLSM NETWORK
Lucas Maupin
Eastern Kentucky University
Network Security/Electronics
Email: [email protected]
PROJECT OVERVIEW
• Cisco 3550 Switch
• Layer 2 and 3 capability
• Secure Login Features
• Can be used in a small home or office
network
• Scales well into larger network designs
MOTIVATION
• Originally designed for home implementation
• Change of scope
• Demonstration of concept
• To gain Cisco knowledge and expertise
• Future networking projects
INTRODUCTION
• Layer 3 Switch removes need for
router
• Cost more than switches/less
than routers
• Consolidate into 1 device
• Perfect for small to large business
routing
INTRODUCTION
Windows 10 Machine
Linux Mint 17.1
PROBLEM STATEMENT
• Logically
• Must be able to Inter-VLAN
route
• DHCP
• Secure Shell Access
• Access Lists
• Physically
• Wire must be run to patch panel
• Wall ports must work when
connected
ASSUMPTIONS
• Ports will be functional
• Both systems will be able to reach one another upon connection to switch
• The switch will be able to route
PHYSICAL DESIGN
LOGICAL DESIGN
IMPLEMENTATION
IMPLEMENTATION
REPLACING CISCO FIRMWARE
• 3550 had incorrect software
image
• No Routing
• No Cryptography
• Replacement of Cisco Firmware
• Xmodem- Transfer via console
cable
BASIC COMMANDS
• Hostname
• Passwords
• Console
• VTY
• Enable Secret
• Logging Synchronous
• Banner
• Password Encryption
VLANS
• VLAN 1: Default VLAN. No
assigned ports
• VLAN 2: Student VLAN. Routed
• VLAN 3: Server VLAN. Routed
• VLAN 999: Lockdown. Non-routing.
VLAN INTERFACES
• Virtual interfaces on the switch
• Assigned network addresses and
subnet masks
• Defines the network that the
VLAN will operate in
• Gateway into the VLAN
• VLSM design
ROUTING
• Switch will route packets to
destined VLAN
• Directly connected
• No routing protocols needed for
this network
• Can be added layer to reach
other networks
• Command: ip routing
DHCP
• Domain Name
• Network Assignment
• Excluded Addresses
• Default Router
• VLAN Interfaces
• Will hand out addresses to devices
on respective networks
SECURE SHELL
• Encrypted traffic during remote
management
• 2048 RSA encryption key
• Extremely important for security
• Replaces Telnet
ACCESS LISTS
• Applied inbound to VLAN
interfaces
• VLAN 2:
• Restrict Telnet
• Restrict SSH
• VLAN 3
• Restrict Telnet
• Routing
confirmed
on
different
VLANs
• Routing confirmed on same
VLAN.
VIDEO
• Refer to Video
CONCLUSIONS
• All features work as intended
• Future Work
Set up WAN connection to allow network to reach the
internet
Implement a full physical network instead of a prototype
Create an actual server to use on Data VLAN
Static Assignment of SERVER IP addresses