Only $35.99/year

Terms in this set (86)

On Dorm-PC:
Add the applicable router to the workspace and provide power.
Under Shelf, expand Routers.
Drag Router, 100/1000BaseTX Ethernet to the Workspace.
For convenience, place the router to the left of the wall plate.
Above the router, select Back to switch to the back view of the router.
Under Shelf, expand Cables and then select Power Adapter, AC to DC.
From the Selected Component pane:
Drag the DC Power Connector to the power port on the back of the router.
Drag the AC Power Adapter to the surge protector.
Connect the Dorm-PC to the router and internet.
Drag the Ethernet cable currently connected to the wall plate (the other end is connected to Dorm-PC) to a LAN port on the router.
Under Shelf, select Cat5e Cable, RJ45.
From the Selected Component pane:
Drag an RJ45 Connector to the WAN port on the router.
Drag the unconnected RJ45 Connector to the Ethernet port on the wall plate.
(Optional) Above the router, select Front to verify power and network activity lights.
Establish a connection to the internet.
On the Dorm-PC monitor, select Click to view Windows 10.
Right-click Start and select Windows PowerShell (Admin).
At the PowerShell prompt, type IPconfig /renew and press Enter to request new TCP/IP information from the router.
In the notification area of the taskbar, right-click the Network icon and select Open Network and Internet settings. The network information map should indicate an active connection to the Firewall Network and the internet.
From Dorm-PC, turn on the applicable Windows Firewalls.
In Network and Internet, in the right pane, scroll down and select Windows Firewall.
From the right pane, under Private network, select Turn on.
From the right pane, under Public network, select Turn on.
Allow a program through the firewall on Dorm-PC.
From the Windows Security window, select Allow an app through firewall.
Select Change settings.
Select Allow another app to configure an exception for an uncommon program.
In the Add an app dialog, select SuperBlast from the list.
Select Add.
For the SuperBlast program, make sure the check mark for the Public profile is not selected.
Select OK.
On Dorm-PC2:
Connect Dorm-PC2 to the router.
From the top left, select Bench to return to the bench view.
Above the Dorm-PC2 computer, select Back.
Under Shelf, expand Cables.
Select a Cat5e Cable, RJ45.
From the Selected Component pane:
Drag an RJ45 Connector to the LAN port on the Dorm-PC2 computer.
Drag the unconnected RJ45 Connector to an open LAN port on the router.
For Dorm-PC2, request new TCP/IP information from the router.
On the Dorm-PC2 monitor, select Click to view Windows 10.
Right-click Start and then select Windows PowerShell (Admin).
At the PowerShell prompt, type IPconfig.
Notice the connection to the 192.168.0.0 network.
In the notification area of the taskbar, right-click the Network icon and select Open Network and Internet settings.
The network information map should indicate an active connection to the Firewall Network and the internet.
From Dorm-PC2, turn on the applicable Windows Firewalls.
In Network and Internet, in the right pane, scroll down and select Windows Firewall.
From the right pane, under Private network, select Turn on.
From the right pane, under Public network, select Turn on.
Allow the SuperBlast program through the firewall.
From the Windows Security window, select Allow an app through firewall.
Select Change settings.
Select Allow another app to configure an exception for an uncommon program.
In the Add an app dialog, select SuperBlast from the list.
Select Add.
For the SuperBlast program, make sure the check mark for the Public profile is not selected.
Select OK.
Sign in to the pfSense management console.
In the Username field, enter admin.
In the Password field, enter P@ssw0rd (zero).
Select SIGN IN or press Enter.
Create and configure a firewall rule to pass HTTP traffic from the internet to the web server.
From the pfSense menu bar, select Firewall > Rules.
Under the Firewall breadcrumb, select DMZ.
Select Add (either one).
Make sure Action is set to Pass.
Under Source, use the drop-down menu to select WAN net.
Select Display Advanced.
For Source Port Range, use the From drop-down menu to select HTTP (80).
Under Destination, use the Destination drop-down menu to select Single host or alias.
In the Destination Address field, enter 172.16.1.5
Using the Destination Port Range drop-down menu, select HTTP (80).
Under Extra Options, in the Description field, enter HTTP to DMZ from WAN.
Select Save.
Select Apply Changes.
Create and configure a firewall rule to pass HTTPS traffic from the internet to the web server.
For the rule just created, select the Copy icon (two files).
Under Source, select Display Advanced.
Change the Source Port Range to HTTPS (443).
Under Destination, change the Destination Port Range to HTTPS (443).
Under Extra Options, change the Description field to HTTPS to DMZ from WAN
Select Save.
Select Apply Changes.
Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network.
Select Add (either one).
Make sure Action is set to Pass.
For Interface, use the drop-down menu to select LAN.
For Protocol, use the drop-down menu to select Any.
Under Source, use the drop-down menu to select LAN net.
Under Destination, use the drop-down menu to select DMZ net.
Under Extra Options, in the Description field, enter LAN to DMZ Any.
Select Save.
Select Apply Changes.
Complete this lab as follows:
Sign into the pfSense management console.
Enter admin in the Username field.
In the Password field, enter P@ssw0rd (0 = zero).
Select SIGN IN or press Enter.
Configure an interface for the DMZ.
From the pfSense menu bar, select Interfaces > Assignments.
Select Add.
Select OPT1.
Select Enable interface.
Change the Description field to DMZ
Under General Configuration, use the IPv4 Configuration Type drop-down menu to select Static IPv4.
Under Static IPv4 Configuration, change the IPv4 Address field. to 172.16.1.1
Use the Subnet mask drop-down menu to select 16.
Select Save.
Select Apply Changes.
(Optional) Verify the change as follows:
From the menu bar, select pfsense COMMUNITY EDITION.
Under Interfaces, verify that the DMZ is shown with the correct IP address.
Add a firewall rule to the DMZ interface that allows all traffic from the DMZ.
From the pfSense menu bar, select Firewall > Rules.
Under the Firewall breadcrumb, select DMZ. (Notice that no rules have been created.)
Select Add (either one).
For the Action field, make sure Pass is selected.
For the Interface field, make sure DMZ.
For the Protocol, use the drop-down menu to select Any.
Under Source, use the drop-down menu to select DMZ net.
Under Destination, make sure it is configured for any.
Under Extra Options, enter Allow DMZ to any rule as the description.
Scroll to the bottom and select Save.
Select Apply Changes.
Configure pfSense's DHCP server for the DMZ interface.
From the menu bar, select Services > DHCP Server.
Under the Services breadcrumb, select DMZ.
Select Enable to enable DHCP server on the DMZ interface.
Configure the Range field as follows:
From: 172.16.1.100
To: 172.16.1.200
Scroll to the bottom and select Save.
Sign in to the pfSense management console.
In the Username field, enter admin.
In the Password field, enter P@ssw0rd (zero).
Select SIGN IN or press Enter.
Access Snort Global Settings.
From the pfSense menu bar, select Services > Snort.
Under the Services breadcrumb, select Global Settings.
Configure the required rules to be downloaded.
Select Enable Snort VRT.
In the Snort Oinkmaster Code field, enter 992acca37a4dbd7. You can copy and paste this from the scenario.
Select Enable Snort GPLv2.
Select Enable ET Open.
Configure the Sourcefire OpenAppID Detectors to be downloaded.
Under Sourcefire OpenAppID Detectors, select Enable OpenAppID.
Select Enable RULES OpenAppID.
Configure when and how often the rules will be updated.
Under Rules Update Settings, use the Update Interval drop-down menu to select 4 DAYS.
For Update Start Time, change to 00:10 (12:10 a.m. in 24-hour format).
Select Hide Deprecated Rules Categories.
Configure Snort General Settings.
Under General Settings, use the Remove Blocked Hosts Interval drop-down menu to select 1 Day.
Select Startup/Shutdown Logging.
Select Save.
Configure the Snort Interface settings for the WAN interface.
Under the Services breadcrumb, select Snort Interfaces and then select Add.
Under General Settings, make sure Enable interface is selected.
For Interface, use the drop-down menu to select WAN (CorpNet_pfSense_L port 1).
For Description, use Snort-WAN.
Under Alert Settings, select Send Alerts to System Log.
Select Block Offenders.
Scroll to the bottom and select Save.
Start Snort on the WAN interface.
Under the Snort Status column, select the arrow to start Snort.
Wait for a checkmark to appear, indicating that Snort was started successfully.
You are the IT security administrator for a small corporate network. You need to increase the Networking Closet's security by implementing a CCTV system with IP cameras. As part of this task, you need to separate the CCTV data traffic on the network using a separate VLAN on the switch.
The patch panel connections for the Networking Closet, Lobby, and IT Administration office are installed and ready for use (ports 18-20). A DHCP server is already configured to provide the IP cameras and the laptop in the IT Administration office with the correct TCP/IP settings (port 21). For an easier implementation, create the logical VLAN first and then establish the physical connections for the IP cameras and the laptop.
In this lab, your task is to:
Access the switch management console from ITAdmin using the following credentials:Address: http://192.168.0.2Username: cisco (case-sensitive)Password: cisco (case-sensitive)
Create and configure a VLAN on the switch as follows:VLAN ID: 2VLAN name: IPCamerasConfigure ports GE18, GE19, GE20, GE21 as untagged.Port 18 is connected to the network jack next to the laptop in the IT Administration office.Port 19 is connected to the camera mount in the Lobby.Port 20 is connected to the camera mount in the Networking Closet.Port 21 is connected to a DHCP server that provides IP addresses to the camera and the laptop.
In the Lobby and Networking Closet, perform the following:Connect a Cat 5e cable to the RJ-45 ports on the IP camera and the IP camera wall plate.Mount the IP camera on the wall plate.
In the Networking Closet, connect the DHCP server to the VLAN using a Cat 5e cable from switch port 21 to patch panel port 21 on the rack.
In the IT Administration office, connect a Cat 5e cable to the laptop's network port and the open port on the wall plate.
On ITAdmin-Lap, verify the VLAN configuration and IP camera installation as follows:Select Start > IP Cameras.Verify that the program detects the IP cameras on the VLAN 2 network.
Log in to the Cisco switch.
In the Username and Password fields for the Cisco switch, enter cisco (case-sensitive).
Select Log In.
Create the IPCameras VLAN.
From the Getting Started pane (right), under Initial Setup, select Create VLAN.
Select Add.
For VLAN ID, enter 2.
For VLAN Name, enter IPCameras.
Select Apply.
Select Close.
Configure the IPCameras VLAN ports.
From the left pane, under VLAN Management, select Port to VLAN.
Using the VLAN ID equals to drop-down menu, select 2.
Select Go.
For ports GE18 through GE21, use the drop-down menus to select Untagged.
Select Apply.
Connect the IP camera in the lobby to the VLAN and mount the IP cameras.
From the top left, select Floor 1.
Under Lobby, select Hardware.
Under Shelf, expand CCTV Cameras.
Drag the IP Camera (Lobby) to the workspace.
Under Workspace, for the IP camera, select Back to switch to the back view of the IP camera.
Under Shelf, expand Cables and then select the Cat5e Cable, RJ45 cable.
From the Selected Component pane:
Drag an RJ45 Connector to the RJ-45 port on the IP camera wall mount plate.
Drag the unconnected RJ45 Connector to the RJ-45 port on the back of the IP camera.
Drag the IP camera to the IP camera wall plate.
Connect the IP camera in the Networking Closet to the VLAN and mount the IP cameras.
From the top left, select Floor 1.
Under Networking Closet, select Hardware.
Under Shelf, expand CCTV Cameras.
Drag the IP Camera (Networking Closet) to the workspace.
Under Workspace for the IP camera, select Back to switch to the back view of the IP camera.
Under Shelf, expand Cables and then select the Cat5e Cable, RJ45 cable.
From the Selected Component pane:
Drag an RJ45 Connector to the RJ-45 port on the IP camera mount wall plate.
Drag the unconnected RJ45 cable to the RJ-45 port on the back of the IP camera.
Drag the IP camera to the IP camera wall plate to mount the IP camera.
Connect the DHCP server and laptop to the VLAN.
From the Networking Closet, under Shelf, select Cat5e Cable, RJ45.
From the Selected Component pane:
Drag an RJ45 Connector to port 21 on the switch.
Drag the unconnected RJ45 Connector to port 21 on the patch panel.
Connect IT-Laptop2 to the VLAN.
From the top menu, select Floor 1.
Under IT Administration, select Hardware.
Above IT-Laptop2, select Back to switch to the back view of the laptop.
Under Shelf, select Cat5e Cable, RJ45.
From the Selected Component pane:
Drag an RJ45 Connector to the RJ-45 port on the laptop.
Drag the unconnected RJ45 Connector to the open RJ-45 port on the wall plate.
To verify that all components are connected, you can change the location to the Network Closet hardware view. You should see green link/activity lights on ports 18 - 21 of the switch.
Launch the IP camera monitoring software.
Under the laptop's workspace, select Front.
On the IT-Laptop2, select Click to view Windows 10.
From the taskbar, select Start.
Select IP Cameras.
Verify that both cameras are detected on the network.
Log in to the Cisco switch.
In the Username and Password fields, enter cisco (case-sensitive).
Select Log In.
Create a new Link Aggregation Group (LAG1).
From the left pane, expand and select Port Management > Link Aggregation > LAG Management.
From the right pane, select LAG 1 and then select Edit.
In the LAG Name field, type windows_server.
Select LACP to enable the Link Aggregation Control Protocol (LACP).
Under Port List, press and hold the Shift key; then select GE1 and GE2.
Select > to add the ports to the LAG Members pane.
Select Apply.
Select Close.
Configure LAG1 to the VLAN mode of access.
From the left pane, expand and select VLAN Management > Interface Settings.
Using the Filter: Interface Type equals to drop-down menu, select LAG and then select Go.
Select LAG1 and then select Edit.
For Interface VLAN Mode, select Access.
Select Apply.
Select Close.
Join LAG1 to VLAN13.
From the left pane, expand and select VLAN Management > Port VLAN Membership.
Using the Filter: Interface Type equals to drop-down menu, select LAG and then select Go.
Select LAG1 and then select Join VLAN.
Under Select VLAN, from the right pane, select 1U and then select < to remove VLAN1.
From the left pane, select VLAN13; then select > to add the VLAN to the selected VLANs pane.
Select Apply.
Select Close.
Verify the status of the new LAG1 group.
From the left navigation bar, expand and select Port Management > Link Aggregation > LAG Management.
From the top right, select Answer Questions.
Answer the questions.
This connection is now ready to use LACP.
Minimize the Lab Questions window.
Save the changes to the switch's startup configuration file.
From the upper right of the switch window, select Save.
For Source File Name, make sure Running configuration is selected.
For Destination File Name, make sure Startup configuration is selected.
Select Apply.
Select OK.
Select Done.
From the top right, select Answer Questions.
Select Score Lab.
Log in to the CISCO switch.
From the taskbar, select Google Chrome.
In the URL field, enter 192.168.0.2 and press Enter.
Maximize the window for better viewing.
In the Username and Password fields, enter cisco (the password is case sensitive).
Select Log In.
Examine the switch port defaults.
From the left navigation bar, expand and select VLAN Management > Interface Settings.
Using the interface shown in the right pane, examine the settings for all ports.
For a detailed view of a single port, you can select Edit.
From the upper right, select Answer Questions.
Answer Question 1.
Minimize the Lab Questions dialog.
Set ports GE1 through GE26 to Access Mode.
From the Interface Settings pane, select GE1.
Select Edit.
Maximize the window for better viewing.
For Interface VLAN Mode, select Access.
Select Apply and then select Close.
With GE1 still selected, click Copy Settings.
In the to field, type 2-26 and then select Apply.
Notice that under the Interface VLAN Mode column, ports GE1-GE26 are now set to Access.
Set the port VLAN ID (PVID) for ports GE27-GE28 to the value of 2.
Select the desired port and then select Edit.
For the Administrative PVID, enter 2.
Select Apply and then Close.
Repeat steps 4a - 4c for the second port.
Add VLANs 22, 44, and 67 to ports GE27 and GE28.
From the left pane, under VLAN Management, select Port VLAN Membership.
Select port GE27 and then select Join VLAN.
From the new window, hold down the Shift key and select VLANs 22, 44, and 67; then select the > button to assign the VLANs.
Select Apply and then select Close.
Repeat steps 5b - 5d for port GE28.
Save the changes to the switch's startup configuration file.
From the top of the switch window, select Save.
For Source File Name, make sure Running configuration is selected.
For Destination File Name, make sure Startup configuration is selected.
Select Apply.
Select OK.
Select Done.
Score the lab.
From the upper right, select Answer Questions.
Select Score Lab.