Take annotated screenshots of the output for each step</o:p> Pre-lab:</o:p> 1. Find a YouTube on the Atom editor and watch it.</o:p> 2. Watch the YouTube video -...

1 answer below »

Take annotated screenshots of the output for each step

Pre-lab:

1. Find a YouTube on the Atom editor and watch it.

2. Watch the YouTube video - https://www.youtube.com/watch?v=PRHClwLsTss

3. Watch the YouTube video - https://www.youtube.com/watch?v=RmfvX5DIRnc

Note: The video uses a different platform, but the Python part of the video is relevant.

Note: Your Sandbox will be valid and usable for about 100 minutes. Wait until you have watched the videos and are prepared before launching the sandbox lab. If you are unsure of how to use any Cisco commands, practice on Packet Tracer and write down the command sequences you need. The sandbox time goes very fast.

Part 1.

1. Reserve an instance of the “Cisco Modeling Labs” (CML), from the Sandbox, Networking section. It will take 10-15 minutes for the CML instance to be provisioned and made available.

2. Once the CML is available, follow the Cisco AnyConnect VPN process from the last lab to connect to your sandbox.

3. RDP into to the Devbox, which will be our Linux/Python platform in this lab.

4. “edge-sw01” (from this point on, this will be referred to as the “Switch”) is the device we want to configure and the Devbox is the only computer we will use to complete any actions or run Python scripts

5. Use Terminal (the Linux CLI) to verify that you can ping Switch from the Devbox. Do not proceed if you cannot successfully complete this step

6. Use Windows or Mac CLI to Telnet into the Switch. Verify that you can login and use the switch as you normally would. Note – Windows users may need to install Telnet from Control Panel, Programs & Features

a. How many ports does the switch have?

b. List the specific ports

c. Use the Hostname command to change the switch name to “S1”

7. Configure the Switch for SSH access. Use Putty or Mac Terminal to SSH into the Switch.

8. Using the Cisco CLI, create a VLAN between XXXXXXXXXXAssign that VLAN an IP and subnet mask. Avoid using any IP in the XXXXXXXXXXX/24 range.

a. Perform a Show run, to verify that the VLAN was created.

9. Write a Python script that will ask the user for a VLAN number, then ask for an IP address for that VLAN. Then SSH into the switch using Netmiko and configure the VLAN with the IP address. Finally, display the VLAN information.

Answered 3 days AfterApr 15, 2022

Solution

Naveen Kumar answered on Apr 17 2022
8 Votes
COMP2003 – Securing Networks        [TERM #, YEAR]
ASSIGNMENT COVER SHEET
For use with online submission of assignments
Please complete all of the following details and then make this sheet the first page of each file of your assignment – do not send it as a separate document.
Your assignments must be submitted as either Word documents, text documents with .rtf extension or as .pdf documents. If you wish to submit in any other file format please discuss this with your lecturer well before the assignment submission date.        
    Student Name:
    NAME
    Student ID No.:
    
    Unit Name:
    Securing Networks
    Unit Code:
    COMP2003
    Tutor’s name:
    
    Assignment No.:
    Assessment 2
    Assignment Title:
    Case Study - Practical Skills
    Due date:
    
    Date submitted:
    
Declaration:
I have read and understand the Rules Relating to Awards (Rule 3 Section 18 – Academic Misconduct Including Plagiarism) as contained in the SCU Policy Li
ary.
I understand the penalties that apply for plagiarism and agree to be bound by these rules. The work I am submitting electronically is entirely my own work.
    Signed:
    
    (please type your name)
    
    Date:
    
COMP2003 – Securing Networks        [TERM #, YEAR]
COMP2003 – Securing Networks        [TERM #, YEAR]
Remove red instructional text and replace with your answers.
(Including this)
[YOUR NAME HERE]        Page 18 of 39
Task 1
Set up the network.
•    Set up the routers, switches, and PCs with the appropriate connections
Ans: Yes
•    Perform basic configuration of the devices
Ans: Yes
•    Test connectivity
Include a screenshot here.
Main Router routing table:
1.
2.
Task 2
Add the required security to the network to meet the requirements.
Ensure you look at task 3 and record your troubleshooting as you complete this task.
Provide your Packet Tracer saved topology in a PKT file.
Your Packet Tracer file must be named in the format:
filename = FirstInitialYourLastName_A1.pkt
(i.e. FJones_COMP2003_A1.pkt)
Task 3
You must document what tests you will ca
y out, what the test is for and the result.
This task contains a series of steps that must be completed multiple times. Each test will go through the following steps:
Step 1: Propose a hypothesis to be tested.
Document the hypothesis.
Step 2: Identify information to be collected / devices to be tested.
Document information to be collected.
· Communication has been established between the DMZ to Serve
· Communication has been established between the DMZ to HQ
· Communication has been established between the Server to DMZ
· Communication has been established between the Server to HQ
Step 3: Test the configuration.
Please refer the above snap shots
Step 4: Determine conclusion of test – satisfactory or not.
As mentioned in documents, communication is established and secured.
Step 5a: If step 4 was not satisfactory, document and then change settings and move back to step 3
NA
Step 5b: If step 4 was satisfactory document the conclusion.
All ping test and trace route test done successfully.
Repeat this for number of tests to ensure that the configuration and security settings are working as required.
Consider creating a table for this.
You need to conduct enough tests to ensure that the requirements are met.
Ans: Please refer the above snaps for test results
Task 4
For each type of security that you have configured provide:
a) a
ief description of the security that was configured,
Ans:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
crypto isakmp key firewallcx address 192.168.23.2
ip access-list extended Enc-TRAFFIC
permit ip 0.0.0.0 0.0.0.0
crypto ipsec transform-set TS esp-3des esp-md5-hmac

crypto map CMAP 10 ipsec-isakmp
set peer 192.168.23.2
set transform-set TS
match address Enc-TRAFFIC
interface Ethernet1/2
crypto map CMAP
---------------
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
crypto isakmp key firewallcx address 192.168.23.1
ip access-list extended Enc-TRAFFIC
permit ip 0.0.0.0 0.0.0.0
crypto ipsec transform-set TS esp-3des esp-md5-hmac

crypto map CMAP 10 ipsec-isakmp
set peer 192.168.23.1
set transform-set TS
match address Enc-TRAFFIC
interface Ethernet1/2
crypto map CMAP
) what the purpose of the configuration is,
Ans: Create secure communicating between the
anch offices.
c) how it improves the posture of the organization.
Ans: With the help of Proper auditing and secure hardening
Task 5
Document the devices and settings.
Consider creating tables – the page is already landscape.
Include the following:
Host Devices (PC’s and servers)
172.16.23.0/24
172.16.24.0/24
192.168.23.0/24
10.23.0.0/8
192.168.37.0/24
Network Devices
· Name/ID : DMZ_Net
· Link technology e.g. Ethernet
· Port Address: 172.16.23.0/24
· Physical address: 0005.5e07.3801
· IP Address : 172.16.23.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 172.16.23.1
· DNS 0.0.0.0
· Name/ID : R&D
· Link technology e.g. Ethernet
· Port Address: 10.23.0.0/8
· Physical address: 0002.4a39.ee01
· IP Address : 10.23.0.2/8
· Subnet Mask: 255.0.0.0
· Default Gateway: 10.23.0.1
· DNS 0.0.0.0
· Name/ID : Server_net
· Link technology e.g. Ethernet
· Port Address: 172.16.24.0/24
· Physical address: 00d0.ff66.1001
· IP Address : 172.16.24.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 172.16.24.1
· DNS 0.0.0.0
· Name/ID : Remote_Net
· Link technology e.g. Ethernet
· Port Address: 192.168.37.0/24
· Physical address: 00e0.b0bd.9001
· IP Address : 192.168.37.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 192.168.37.1
· DNS 0.0.0.0
· Name/ID : HeadOff
· Link technology e.g. Ethernet
· Port Address: 192.168.23.0/24
· Physical address: 000b.be79.2c01
· IP Address : 192.168.23.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 192.168.23.1
· DNS 0.0.0.0
· Security Configuration
· Switch port security : Yes
· VLANs: 23, 24, 10, 37
· ACLs: Access list 101, 102, 103, 104, 105
· Routes: EIGRP 0001
· VPNs: Yes, Please referee the above config files
COMP2003 – Securing Networks    [TERM #, YEAR]
[YOUR NAME HERE]        Page 10 of 39
Appendix
Export the configurations to files or copy paste the running-config, please place them after your answers in this Appendix.
If you export them to text files, upload them all as a Zip.
Do not use RAR or 7 zip etc, just use ZIP!
Router:
Route
Route
Route
en
Router#
Router#
Router#
Router#sh run
Router#sh running-config
Building configuration...
Cu
ent configuration : 586 bytes
!
version 23.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Route
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.23.0.1 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 64.27.23.2 255.255.255.248
duplex auto
speed auto
!
outer eigrp 1
network 10.0.0.0
network 64.27.23.0 0.0.0.7
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Router#
Router#
Main Route
Router#tra
Router#traceroute
Router#traceroute ip 172.16.23.20
Type escape sequence to abort.
Tracing the route to 172.16.23.20
1 172.16.23.20 0 msec 0 msec 1 msec
Router#traceroute ip 172.16.24.20
Type escape sequence to abort.
Tracing the route to 172.16.24.20
1 172.16.24.20 0 msec 0 msec 0 msec
Router#traceroute ip 192.168.23.20
Type escape sequence to abort.
Tracing the route to 192.168.23.20
1 192.168.23.20 0 msec 0 msec 1 msec
Router#
Router con0 is now available
Press RETURN to get started.
Route
Route
Route
en
Router#
Router#sh run
Router#sh running-config
Building configuration...
Cu
ent configuration : 2204 bytes
!
version 23.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Route
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 200.239.37.52 255.255.255.255
!
interface FastEthernet0/0
ip address 64.27.23.1 255.255.255.248
ip access-group 105 out
duplex auto
speed auto
!
interface Ethernet1/0
ip address 172.16.23.1...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here