Acme is a small shipping company that has an existing enterprise network
comprised of 2 switches;DSW1 and ASWI. The topology diagram indicates their
layer 2 mapping. VLAN 40 is @ new VLAN that will be used to provide the
shipping personnel access to the server. For security reasons ite necessary to
restrict aoeess to VLAN 20 inthe following maaner:
‘Users connecting te ASW1’s port must be authenticate before they are given
access to the network, Authentication i to be done via a Radius server
~ Radius server host: 172.120.39.46
~ Radius key: rad123
~ Authentication should be implemented as lose to the host device possible,
~ Devices on VLAN 20 are reszicted to in the addres range of 172.120 40,0724,
~ Packets from devices in the address range of 172.120.40.0/24 should be passed
on VLAN 20,
~ Packets fron devices in any other addres range should be dropped on VLAN 20)
- Filtering should be implemented as close to the server farm as possible,
The Radius server and application servers will be installed at a future date. You
have been tasked with implementing the above access control as a pre-condition to
installing the se-vers. You must us the available 10S switeh features.
sig wos
‘Gane
J mses
Fao 602
Ses
2) Configure DSW1.
Define an accesist:
a
Dswi(contigd-macdy[
DSWitcontigtd-machi
5109.
SS
1) Configure ASW1:
Enable AAA on the switch:
aswiconngye[ Jy
Define the server along with its seeret shared password:
sswienigs
Mate the eno severe OD aired cha
ontqare rt ose
‘sweat [19
sweat ty [7
DSWI(config-std-nali exit
bates cn ath cnt See
Ds cmap ¢ [Jr
DSWI(confg-accen-mapyi exit
Apply a vian-map into a vlan:
powitconngy¢[ Jay