Scribd
Upload
31 views3 pages

Router and Switch Hardening Guide

The document outlines the configuration and hardening procedures for a router (SecureR1) and a switch (Switch0) in a network setup. It includes device details, IP configurations, commands to disable unused services, and security measures such as SSH access control and switch port security. Testing steps are also provided to verify the effectiveness of the implemented security configurations.

Uploaded by

tuugu0705
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views3 pages

Router and Switch Hardening Guide

The document outlines the configuration and hardening procedures for a router (SecureR1) and a switch (Switch0) in a network setup. It includes device details, IP configurations, commands to disable unused services, and security measures such as SSH access control and switch port security. Testing steps are also provided to verify the effectiveness of the implemented security configurations.

Uploaded by

tuugu0705
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Lab2: hardening Switch and Router

Devices:

Device Model Name Notes


Router 2901 SecureR1 Hardened router
Switch 2960 Switch0 Connected to both PCs
PC Generic PC-Admin IP: 192.168.1.100
PC Generic PC-Attacker IP: 192.168.1.200

Connections (use copper straight-through):


• PC-Admin → Fa0/1 on Switch0
• PC-Attacker → Fa0/2 on Switch0
• Switch0 → Gig0/0 on SecureR1

IP Configuration
On PCs:

PC IP Address Subnet Mask Default Gateway


PC-Admin 192.168.1.100 255.255.255.0 192.168.1.1
PC-Attacker 192.168.1.200 255.255.255.0 192.168.1.1

Disable Unused Services

no ip http server
no ip http secure-server
no cdp run
no ip redirects тус бүрд тайлбарлана уу
no ip unreachables
no ip proxy-arp

On Router (SecureR1):
conf t
hostname SecureR1
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
exit

Router Hardening Config


Paste the full config below on SecureR1:

conf t
username admin secret Cyber@123
service password-encryption Тайлбарлаж бичнэ үү
banner motd ^AUTHORIZED ACCESS ONLY!^

line console 0
password c0nsole
login local Тайлбарлаж бичнэ үү
exec-timeout 5 0
logging synchronous

line vty 0 4
login local
transport input ssh
access-class 10 in
Тайлбарлаж бичнэ үү
crypto key generate rsa
1024
ip ssh version 2

access-list 10 permit 192.168.1.100


access-list 100 deny icmp any any
access-list 100 permit ip any any
Тайлбарлаж бичнэ үү
interface GigabitEthernet0/0
ip access-group 100 in
exit
end
Switch Port Security Config

enable
conf t
interface FastEthernet0/1
switchport mode access
switchport port-security Тайлбарлаж бичнэ үү
switchport port-security maximum 1
switchport port-security violation shutdown
switchport port-security mac-address sticky
exit

Testing Steps
Test Action Expected Result
SSH from PC-Admin ssh -l admin Success
192.168.1.1
SSH from PC-Attacker ssh -l admin Denied (access-class 10)
192.168.1.1
Ping from PC-Admin or ping 192.168.1.1 Fails (ICMP blocked by ACL 100)
Attacker
Switch port security Move PC-Attacker to Port shuts down
Fa0/1
Banner MOTD Press Enter in console or Shows "AUTHORIZED ACCESS
SSH ONLY!"

You might also like