Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Answer the question asap pls 1) Subnetting with VLSM Given IP = 192.168.10.0 /23 VLAN 10 = Students = 100 hosts /25 =255.255.255.128 25 23

Answer the question asap pls

1) Subnetting with VLSM

Given IP = 192.168.10.0 /23

VLAN 10 = Students = 100 hosts

/25 =255.255.255.128

25 23 = 2, 22 = 4 subnets

Block size = 256 128

192.168.10.0 /25 (.1 to .126) VLAN 10

192.168.10.128 /25

192.168.11.0 /25

192.168.11.128 /25

VLAN 20 = Faculty = 60 hosts

/26=255.255.255.192

26 25 = 2, 21 = 2 Subnets

Block size = 256 192 = 64

192.168.10.128 /26 (.129 t .190) VLAN 20

192.168.10.192 /26

VLAN30 = Admin = 20 hosts

/27=255.255.255.224

27 26 = 1, 21 = 2 subnets

Block size = 256 224 =32

192.168.10.192 /27 (.193 to .222) VLAN 30

192.168.10.224 /27

Fill in the following chart. Assign the Last IP address in the VLAN to default gateway. The 1st IP address should be assigned to the 1st host and so on.

Interface

IP address

Mask

Default Gateway

VLAN 10

192.168.10.126

255.255.255.128

N/A

VLAN 20

192.168.10.190

255.255.255.192

N/A

VLAN 30

192.168.10.222

255.255.255.224

N/A

PC-VLAN10

Dynamic

PC-VLAN20

Dynamic

PC-VLAN30

Dynamic

2) DHCPv4 using Router on a stick

a. Place and label a 2911 router, 2960 switch and place 3PCs and Label them according to the chart

b. Complete basic switch configuration

No ip domain lookup

Hostname S1

Enable secret enablepass

Line console 0

Password consolepass

Login

Line vty 0 15

Password telnetpass

Login

Exit

Service passwords-encryption

c. Connect the 3 PCs to ports fa0/1 to fa0/3

d. Connect port fa0/4 to the router g0/0

e. Disable all ports on S1

Int range fa0/1-24

Shut

Int range g0/1-2

Shut

f. Configure the 3 VLANs on S1

Vlan 10

Name Engineering

Vlan20

Name Production

Vlan 30

Name Sales

g. Configure the ports to their appropriate ports. Enable no-negotiate (Disable DTP) on all ports. Enable STP portfast and Bpdu guard on edge ports.

Int range fa0/1

Switchport mode access

Switchport access vlan 10

Switchport nonegotiate

Spanning-tree portfast

Spanning-tree bpduguard enable

No shut

Int range fa0/2

Switchport mode access

Switchport access vlan 20

Switchport nonegotiate

Spanning-tree portfast

Spanning-tree bpduguard enable

No shut

Int fa0/3

Switchport mode access

Switchport access vlan 30

Switchport nonegotiate

Spanning-tree portfast

Spanning-tree bpduguard enable

No shut

Int fa0/4

Switchport mode trunk

Switchport nonegotiate

No shut

3) DHCPv4 Configuration

a. On R1, configure the basic router configurations and default gateways for VLAN 10, VLAN 20 and VLAN30

No ip domain lookup

Hostname R1

Login block-for 120 attempts 3 within 20

Enable secret enablepass

Line console 0

Password consolepass

Login

Line vty 0 5

Password telnetpass

Login

Exit

Service passwords-encryption

Int g0/0

No ip add

No shut

Int g0/0.10

Encapsulation dot1q 10

Ip add 192.168.10.126 255.255.255.128

Int g0/0.20

Encapsulation dot1q 20

Ip add 192.168.10.190 255.255.255.192

Int g0/0.30

Encapsulation dot1q 30

Ip add 192.168.10.222 255.255.255.224

b. Configure the pools for VLAN 10, VLAN 20 and VLAN 30

Ip dhcp excluded-address 192.168.10.126

Ip dhcp excluded-address 192.168.10.190

Ip dhcp excluded-address 192.168.10.222

Ip dhcp pool V10

Network 192.168.10.0 255.255.255.128

Default-router 192.168.10.126

Dns-server 10.10.10.1

Ip dhcp pool V20

Network 192.168.10.128 255.255.255.192

Default-router 192.168.10.190

Dns-server 10.10.10.1

Ip dhcp pool V30

Network 192.168.10.192 255.255.255.224

Default-router 192.168.10.222

Dns-server 10.10.10.1

c. Verify DHCPv4 operation

4) Port Security Configuration

a. enable port security on all edge ports. Set a maximum MAC address =1. Make sure It is added to the running-config so that If saved in the NRAM, it becomes as a static. Set port violation = shutdown and set port aging time = 10 minutes. (the default is absolute. Note: packet tracer does not support configuring aging time absolute or inactivity)

int range fa0/1-3

switchport port-security

switchport port-security maximum 1

switchport port-security mac-add sticky

switchport port-security violation shutdown

switchport port-security aging time 10

b. Verify port-security

Sh port-security interface fa0/1 display current security settings

Sh port-security display port security setting on a switch

Sh run | begin int fa0/1 To verify that MAC addresses are sticking to the configuration

5) DHCP Snooping configuration

a. Enable DHCP snooping

Ip dhcp snooping

b. configure fa0/4 as a the trusted port

int fa0/4

ip dhcp snooping trust

c. on the untrusted interfaces, limit the number of DHCP discovery messages that can be received to = 5 packets/sec

int range fa0/1-3

ip dhcp snooping limit rate 5

d. Enable DHCP snooping on LANs 10, 20 and 30

Ip dhcp snooping VLAN 10,20,30

e. Verify DHCP snooping

Sh ip dhcp snooping to verify DHCP snooping settings

Sh ip dhcp snooping binding to view the clients that have received DHCP information

6) DAI (Dynamic ARP Inspection) configuration

a. Enable DHCP and ARP inspection on all 3 VLANs

Ip arp inspection vlan 10,20,30

b. Enable arp inspection on the trusted uplink port fa0/4 so that it is trusted for DHCP snooping and ARP inspection

Int fa0/4

Ip arp inspection trust

c. Configure DAI to drop ARP packets when the IP addresses are invalid

Ip arp inspection validate ip

With the above security measures, you have mitigated the following LAN attacks:

MAC address table attacks

VLAN attacks

STP attacks

DHCP attacks

ARP attacks

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_step_2

Step: 3

blur-text-image_step3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Students also viewed these Databases questions