Transcript SECURE LAB
SECURE LAB: CREATING A CISCO 3550 VLSM NETWORK Lucas Maupin Eastern Kentucky University Network Security/Electronics Email: [email protected] PROJECT OVERVIEW • Cisco 3550 Switch • Layer 2 and 3 capability • Secure Login Features • Can be used in a small home or office network • Scales well into larger network designs MOTIVATION • Originally designed for home implementation • Change of scope • Demonstration of concept • To gain Cisco knowledge and expertise • Future networking projects INTRODUCTION • Layer 3 Switch removes need for router • Cost more than switches/less than routers • Consolidate into 1 device • Perfect for small to large business routing INTRODUCTION Windows 10 Machine Linux Mint 17.1 PROBLEM STATEMENT • Logically • Must be able to Inter-VLAN route • DHCP • Secure Shell Access • Access Lists • Physically • Wire must be run to patch panel • Wall ports must work when connected ASSUMPTIONS • Ports will be functional • Both systems will be able to reach one another upon connection to switch • The switch will be able to route PHYSICAL DESIGN LOGICAL DESIGN IMPLEMENTATION IMPLEMENTATION REPLACING CISCO FIRMWARE • 3550 had incorrect software image • No Routing • No Cryptography • Replacement of Cisco Firmware • Xmodem- Transfer via console cable BASIC COMMANDS • Hostname • Passwords • Console • VTY • Enable Secret • Logging Synchronous • Banner • Password Encryption VLANS • VLAN 1: Default VLAN. No assigned ports • VLAN 2: Student VLAN. Routed • VLAN 3: Server VLAN. Routed • VLAN 999: Lockdown. Non-routing. VLAN INTERFACES • Virtual interfaces on the switch • Assigned network addresses and subnet masks • Defines the network that the VLAN will operate in • Gateway into the VLAN • VLSM design ROUTING • Switch will route packets to destined VLAN • Directly connected • No routing protocols needed for this network • Can be added layer to reach other networks • Command: ip routing DHCP • Domain Name • Network Assignment • Excluded Addresses • Default Router • VLAN Interfaces • Will hand out addresses to devices on respective networks SECURE SHELL • Encrypted traffic during remote management • 2048 RSA encryption key • Extremely important for security • Replaces Telnet ACCESS LISTS • Applied inbound to VLAN interfaces • VLAN 2: • Restrict Telnet • Restrict SSH • VLAN 3 • Restrict Telnet • Routing confirmed on different VLANs • Routing confirmed on same VLAN. VIDEO • Refer to Video CONCLUSIONS • All features work as intended • Future Work Set up WAN connection to allow network to reach the internet Implement a full physical network instead of a prototype Create an actual server to use on Data VLAN Static Assignment of SERVER IP addresses