Question
Answer the question asap pls 1) Subnetting with VLSM Given IP = 192.168.10.0 /23 VLAN 10 = Students = 100 hosts /25 =255.255.255.128 25 23
Answer the question asap pls
1) Subnetting with VLSM
Given IP = 192.168.10.0 /23
VLAN 10 = Students = 100 hosts
/25 =255.255.255.128
25 23 = 2, 22 = 4 subnets
Block size = 256 128
192.168.10.0 /25 (.1 to .126) VLAN 10
192.168.10.128 /25
192.168.11.0 /25
192.168.11.128 /25
VLAN 20 = Faculty = 60 hosts
/26=255.255.255.192
26 25 = 2, 21 = 2 Subnets
Block size = 256 192 = 64
192.168.10.128 /26 (.129 t .190) VLAN 20
192.168.10.192 /26
VLAN30 = Admin = 20 hosts
/27=255.255.255.224
27 26 = 1, 21 = 2 subnets
Block size = 256 224 =32
192.168.10.192 /27 (.193 to .222) VLAN 30
192.168.10.224 /27
Fill in the following chart. Assign the Last IP address in the VLAN to default gateway. The 1st IP address should be assigned to the 1st host and so on.
| Interface | IP address | Mask | Default Gateway |
| VLAN 10 | 192.168.10.126 | 255.255.255.128 | N/A |
| VLAN 20 | 192.168.10.190 | 255.255.255.192 | N/A |
| VLAN 30 | 192.168.10.222 | 255.255.255.224 | N/A |
| PC-VLAN10 | Dynamic |
|
|
| PC-VLAN20 | Dynamic |
|
|
| PC-VLAN30 | Dynamic |
|
|
2) DHCPv4 using Router on a stick
a. Place and label a 2911 router, 2960 switch and place 3PCs and Label them according to the chart
b. Complete basic switch configuration
No ip domain lookup
Hostname S1
Enable secret enablepass
Line console 0
Password consolepass
Login
Line vty 0 15
Password telnetpass
Login
Exit
Service passwords-encryption
c. Connect the 3 PCs to ports fa0/1 to fa0/3
d. Connect port fa0/4 to the router g0/0
e. Disable all ports on S1
Int range fa0/1-24
Shut
Int range g0/1-2
Shut
f. Configure the 3 VLANs on S1
Vlan 10
Name Engineering
Vlan20
Name Production
Vlan 30
Name Sales
g. Configure the ports to their appropriate ports. Enable no-negotiate (Disable DTP) on all ports. Enable STP portfast and Bpdu guard on edge ports.
Int range fa0/1
Switchport mode access
Switchport access vlan 10
Switchport nonegotiate
Spanning-tree portfast
Spanning-tree bpduguard enable
No shut
Int range fa0/2
Switchport mode access
Switchport access vlan 20
Switchport nonegotiate
Spanning-tree portfast
Spanning-tree bpduguard enable
No shut
Int fa0/3
Switchport mode access
Switchport access vlan 30
Switchport nonegotiate
Spanning-tree portfast
Spanning-tree bpduguard enable
No shut
Int fa0/4
Switchport mode trunk
Switchport nonegotiate
No shut
3) DHCPv4 Configuration
a. On R1, configure the basic router configurations and default gateways for VLAN 10, VLAN 20 and VLAN30
No ip domain lookup
Hostname R1
Login block-for 120 attempts 3 within 20
Enable secret enablepass
Line console 0
Password consolepass
Login
Line vty 0 5
Password telnetpass
Login
Exit
Service passwords-encryption
Int g0/0
No ip add
No shut
Int g0/0.10
Encapsulation dot1q 10
Ip add 192.168.10.126 255.255.255.128
Int g0/0.20
Encapsulation dot1q 20
Ip add 192.168.10.190 255.255.255.192
Int g0/0.30
Encapsulation dot1q 30
Ip add 192.168.10.222 255.255.255.224
b. Configure the pools for VLAN 10, VLAN 20 and VLAN 30
Ip dhcp excluded-address 192.168.10.126
Ip dhcp excluded-address 192.168.10.190
Ip dhcp excluded-address 192.168.10.222
Ip dhcp pool V10
Network 192.168.10.0 255.255.255.128
Default-router 192.168.10.126
Dns-server 10.10.10.1
Ip dhcp pool V20
Network 192.168.10.128 255.255.255.192
Default-router 192.168.10.190
Dns-server 10.10.10.1
Ip dhcp pool V30
Network 192.168.10.192 255.255.255.224
Default-router 192.168.10.222
Dns-server 10.10.10.1
c. Verify DHCPv4 operation
4) Port Security Configuration
a. enable port security on all edge ports. Set a maximum MAC address =1. Make sure It is added to the running-config so that If saved in the NRAM, it becomes as a static. Set port violation = shutdown and set port aging time = 10 minutes. (the default is absolute. Note: packet tracer does not support configuring aging time absolute or inactivity)
int range fa0/1-3
switchport port-security
switchport port-security maximum 1
switchport port-security mac-add sticky
switchport port-security violation shutdown
switchport port-security aging time 10
b. Verify port-security
Sh port-security interface fa0/1 display current security settings
Sh port-security display port security setting on a switch
Sh run | begin int fa0/1 To verify that MAC addresses are sticking to the configuration
5) DHCP Snooping configuration
a. Enable DHCP snooping
Ip dhcp snooping
b. configure fa0/4 as a the trusted port
int fa0/4
ip dhcp snooping trust
c. on the untrusted interfaces, limit the number of DHCP discovery messages that can be received to = 5 packets/sec
int range fa0/1-3
ip dhcp snooping limit rate 5
d. Enable DHCP snooping on LANs 10, 20 and 30
Ip dhcp snooping VLAN 10,20,30
e. Verify DHCP snooping
Sh ip dhcp snooping to verify DHCP snooping settings
Sh ip dhcp snooping binding to view the clients that have received DHCP information
6) DAI (Dynamic ARP Inspection) configuration
a. Enable DHCP and ARP inspection on all 3 VLANs
Ip arp inspection vlan 10,20,30
b. Enable arp inspection on the trusted uplink port fa0/4 so that it is trusted for DHCP snooping and ARP inspection
Int fa0/4
Ip arp inspection trust
c. Configure DAI to drop ARP packets when the IP addresses are invalid
Ip arp inspection validate ip
With the above security measures, you have mitigated the following LAN attacks:
MAC address table attacks
VLAN attacks
STP attacks
DHCP attacks
ARP attacks
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
