00:00:01
hello everyone again
00:00:03
now we're going to do a brief little bit
00:00:05
about what we do
00:00:06
till now so we download and
00:00:09
install packet racer we create a network
00:00:13
with a we give ip addresses to the
00:00:18
endpoint computers laptop servers
00:00:21
we configure switches we can figure
00:00:24
whiter we
00:00:25
we give a dhtp services to
00:00:29
vlan 20 and that's
00:00:32
it what we do we do more but
00:00:36
let's say continue and now we're going
00:00:38
to create
00:00:39
villains and enable for security on the
00:00:43
interfaces above of the end point
00:00:46
computer
00:00:47
laptops and servers and the
00:00:51
interfaces between the switches
00:00:54
and the interface between the switch to
00:00:56
the router
00:00:58
so let's begin first of all
00:01:00
[Music]
00:01:02
let's delete vlan one let's do this
00:01:06
thing
00:01:07
okay so this is to see our one month
00:01:09
three
00:01:10
enable one two three
00:01:14
config terminal and let's
00:01:17
go to interface v1 one no
00:01:20
ip edit press and
00:01:24
shut so with this command we shut the
00:01:27
villain one
00:01:27
and delete the ipad address that we gave
00:01:29
to with the one
00:01:30
we can see if we just put the mouse
00:01:34
on the switch we can see that
00:01:37
vlan 1 is done let's do the same thing
00:01:40
with this switch switch two
00:01:48
again one two three
00:01:52
one terminal
00:01:55
and the interface vlan 1
00:01:59
no with the command no and the
00:02:03
rest of the command ip address we just
00:02:06
delete
00:02:07
the products that we give earlier and we
00:02:10
do check
00:02:11
we shut the interface we don't want
00:02:14
let's go to the router
00:02:16
in the router we need to delete the
00:02:18
interface that we give to gig
00:02:21
these things we need to do in the future
00:02:22
what we do it now it's okay
00:02:24
and i explained it in the further uh
00:02:27
tutorials so let's do no ip
00:02:30
address so
00:02:34
and exit we don't need to shut down the
00:02:36
interface
00:02:38
let's go to the dhcp we don't need the
00:02:40
services it can complicate
00:02:42
the the things that we're going to do so
00:02:44
let's delete also the
00:02:46
dhcp no ip
00:02:50
dhcp pull argon
00:02:53
dsp and we with this command delete the
00:02:57
date people okay at this
00:03:00
let's begin with the villains
00:03:04
okay so what we need to do is to create
00:03:06
the villain
00:03:07
so first of all we're going
00:03:11
to create villains to each network
00:03:13
separately what we do a
00:03:15
villain 10 winner 20 win an android
00:03:17
wheel on the
00:03:18
a 200 so let's begin vlan
00:03:22
10 name villain
00:03:29
20 name vlan 20
00:03:33
villain android name villain
00:03:38
android vlan 200
00:03:43
name villain
00:03:48
what we're going to do now because vlan
00:03:50
1 was the
00:03:51
a native villain to that
00:03:54
every switch and every writer ever we're
00:03:57
going to create another native villain
00:03:59
that's called
00:04:00
name vlan 888
00:04:05
villa 888
00:04:08
name vlan 888
00:04:12
if you want to see that the villain is
00:04:14
created we just need to write the
00:04:16
comment do
00:04:17
show villain and as we can see
00:04:20
vlan 10 created 20 100 200 888
00:04:24
these things we need to do the same
00:04:26
thing in the other switch so let's go to
00:04:28
the other switch
00:04:30
save this from the vietnamese interface
00:04:33
and write vlan 10 name
00:04:36
vlan 10
00:04:40
vlan 20
00:04:42
[Music]
00:04:44
20 000 make
00:04:47
video 100 villains
00:04:50
200 names 200
00:05:00
let's see that we have all the winners
00:05:02
do show
00:05:03
villain do show
00:05:06
villain and as you can see the villain
00:05:09
is
00:05:10
already set inside the
00:05:13
villain okay so what we're going to do
00:05:18
now
00:05:18
we're going to shut down the interfaces
00:05:22
that not in use this is more secure
00:05:26
and i will show you with the attacker
00:05:28
later how
00:05:29
when we connect it to another interfaces
00:05:34
for example fa-06 it cannot get inside
00:05:39
the it cannot get inside the land
00:05:42
because we shut down a manually the
00:05:45
interface
00:05:47
okay so what we're going to do now to go
00:05:49
inside
00:05:51
the dli and
00:05:55
write the command interface range
00:06:00
range we can get together several
00:06:04
interfaces that we want and do they
00:06:07
do commands to all interfaces together
00:06:10
and not a
00:06:11
all the time for each one of them so we
00:06:14
want
00:06:15
fa zero forward slash
00:06:19
we have five
00:06:23
so this is the last one so we need six
00:06:26
to 24 and as you can see
00:06:29
we got interfaces range so what we're
00:06:31
going to do is
00:06:32
simple just shut
00:06:36
we shut all the interfaces and no
00:06:39
a computer or device can
00:06:43
connect now to the switch and i can show
00:06:45
you that with
00:06:46
just trying to connect this laptop over
00:06:50
the attacker
00:06:50
to a 50-36
00:06:54
as you can see it's on red
00:06:58
you cannot get inside the the
00:07:01
switch because the switch is shut down
00:07:05
if we're going and actually and we're
00:07:08
going to
00:07:08
interface fa fs a 0
00:07:12
4 6 and we're going to do it a
00:07:16
no shot we can see
00:07:20
that now the interface is connected to
00:07:22
the computer but if we're going again
00:07:24
and do shut
00:07:28
we can see that the computer is now
00:07:30
disconnected from the switch
00:07:33
so this is for the security thing of the
00:07:37
of the shutting down the rest of the
00:07:39
interface that's nothing new
00:07:41
and now we're going to you to to
00:07:44
port security enable the port security
00:07:48
for
00:07:48
these interfaces all right so the
00:07:52
interface
00:07:53
before that we're going to go to this
00:07:54
switch and do the same thing
00:07:56
we don't want to forget the
00:08:00
things that we need to do so
00:08:03
just a second what we're going to do is
00:08:06
get inside this
00:08:08
and interface range
00:08:12
f a 0 5
00:08:16
24 shut we shut down the interfaces
00:08:21
and now we are in switch one let's
00:08:24
make a day protectivity
00:08:27
okay so no let's get inside
00:08:31
let's say get the the interfaces to the
00:08:34
villain that we want
00:08:36
so if we're going to
00:08:41
interface range one and two interface
00:08:44
range
00:08:45
f a zero one and two
00:08:49
what we need to do is swatch switch fold
00:08:59
now the interfaces are in vlan 10 in
00:09:02
vienna 10 the computers
00:09:04
are inside vlan 10 we're going to have
00:09:08
connection between
00:09:09
the same villains so let's get inside a
00:09:12
villain through a interface fa
00:09:17
3 which brought access
00:09:20
vlan 200 and interface
00:09:24
f8 4
00:09:28
we're going to switch both access vlan
00:09:31
20 exit
00:09:35
let's do the same thing in the other
00:09:37
switch
00:09:41
and this interface
00:09:45
range fa0 1.2
00:09:50
switchboard access vlan 20
00:09:54
we have also these two vlan 200 so
00:09:57
interface
00:09:58
fh3
00:10:02
a switchboard access vlan
00:10:06
200 and we also have the server so
00:10:11
interface fa 45
00:10:16
interface range when we take
00:10:20
several interfaces it's range so
00:10:23
switchboard access vlan android
00:10:27
let's say in the comments that we have
00:10:30
everything in the villains
00:10:32
will show villain and as we can see
00:10:35
one and two it's in villain 20.
00:10:38
four and five it can be 100
00:10:42
a tree it's in villain 200.
00:10:45
so that's correct let's see in the in
00:10:47
the other switch
00:10:49
[Music]
00:10:50
a do show
00:10:54
billion and here
00:10:58
we can see one and two it's being ten a
00:11:01
four is in vienna twenty three it's in
00:11:04
vlan 200
00:11:05
so that's correct let's begin and let's
00:11:09
move on and go to the post security
00:11:14
so what we need to do is um
00:11:18
now when we when we take the security
00:11:21
we need access for security mode
00:11:24
because we are a connect the interfaces
00:11:28
from
00:11:29
endpoint devices to the switch
00:11:32
between switches it's going to be a
00:11:34
trunk because
00:11:35
if we want only one mac address from
00:11:39
this
00:11:39
interface connect to this server or one
00:11:42
mac address connect from this computer
00:11:44
to this
00:11:45
switch that is more secure when we want
00:11:49
that a a several connections several mac
00:11:52
addresses and several vlans and several
00:11:55
things
00:11:55
move on from this interface to this
00:11:58
interface we need to put
00:12:00
a trunk interface in this connection in
00:12:02
mode in this country so let's
00:12:04
let's show you how it's done so let's
00:12:07
start with
00:12:08
sw1 so what we need to do
00:12:12
is interface range
00:12:16
fa 0 1 2
00:12:19
4 switch both
00:12:22
alt or switchboard port security
00:12:26
and we can see that it is dynamic so
00:12:28
what we need to do is
00:12:30
it's which fold mode access
00:12:35
after that we need to do switchboard
00:12:38
both a switchboard nate in switchboard
00:12:42
for security max one that's only
00:12:46
one mac address from a one interface
00:12:49
switchboard for security a
00:12:52
mac address sticky that
00:12:55
which mac address coming from this
00:12:59
interface
00:13:00
to the switch it's going to be sticky
00:13:03
it's going to stay you cannot come you
00:13:05
cannot
00:13:07
add another computer and then
00:13:10
another computer and connect to the uh
00:13:14
the switch going to to disable the
00:13:17
connection
00:13:17
because you know this computer mac
00:13:20
address if i connect the attacker
00:13:22
to it he said oh this is not the mac
00:13:26
address that i know
00:13:27
and then i'm not going to give you the
00:13:30
opportunity to move traffic from me
00:13:34
so this is the sticky which is sticky
00:13:38
after that we want that the switchboard
00:13:42
um no negotiate that
00:13:45
what we decided this is what it's going
00:13:48
to be
00:13:49
the attackers cannot change it i said
00:13:51
it's not negotiated
00:13:52
so it's no negotiate and
00:13:56
after that
00:14:02
after that we're going to decide that
00:14:04
when
00:14:06
something like this is going to happen
00:14:07
and the mac address
00:14:09
um it's not the same mac address that
00:14:12
same the
00:14:13
last package so the
00:14:16
switchboard pro security violation what
00:14:19
is it going to do
00:14:20
is to shut down
00:14:23
so this is all the command to this port
00:14:26
security
00:14:27
let's do the same thing in the other
00:14:29
switch
00:14:30
for the endpoint interfaces so
00:14:34
interface
00:14:37
fa zero forward slash one
00:14:40
two five
00:14:44
range i forget range
00:14:47
okay switchboard for security
00:14:50
switchboard mode access
00:14:54
switchpost
00:14:57
um and negotiate which both
00:15:00
for security mac sticky
00:15:04
switchboard which both
00:15:08
for security max one switch fold
00:15:12
switch both security violation
00:15:16
shut down
00:15:20
okay so we make all the commands
00:15:24
and now we can see
00:15:28
if the things equal so let's uh
00:15:32
send the icmp from this
00:15:37
to this computer and we can see
00:15:41
that the connection
00:15:46
is failed and we have a a
00:15:50
things that we but what we want to test
00:15:53
now it's not the connection between the
00:15:54
data it's this
00:15:56
if i put the icmp from here to here
00:16:00
now the mac address is a already
00:16:06
already inside the switch so if
00:16:10
we change
00:16:19
if we change the connection between this
00:16:26
this computer as you can see it's
00:16:29
working because nothing like this the
00:16:32
interface is a
00:16:33
okay but if we want to try to connect
00:16:36
from this to this you see
00:16:39
it's failed and they are in the same
00:16:42
network
00:16:43
in their villa so this show you that
00:16:47
the port securities work perfectly and
00:16:50
if we take
00:16:52
the connection again to this pc
00:16:57
and run a little bit of time we can see
00:16:59
that with this interface we can
00:17:02
do a connection with another pc on the
00:17:06
network after we create a post security
00:17:09
to a endpoint interfaces let's create a
00:17:13
um altitude to this
00:17:16
uh interface into this interface into
00:17:19
this interface let's start with
00:17:21
this and the 0.084 slash one
00:17:28
and switchboard for security
00:17:31
switchboard mode
00:17:35
trunk which for
00:17:38
trunks allow we're going to allowed
00:17:42
the villains villain 10 20
00:17:46
100 200 switchboard
00:17:49
tournament native
00:17:52
is villain hey
00:17:56
and switchboard no
00:17:59
switchboard no negotiate this is all
00:18:03
what we need to do
00:18:04
in this trunk now we're going to do the
00:18:07
same thing
00:18:08
exit in the gate want to point
00:18:13
this interface and we're going to give
00:18:15
him
00:18:16
a switchboard for security switchboard
00:18:20
mode trunks
00:18:23
switch for trunk allow
00:18:27
vlan 10 20
00:18:31
100 200 switchboard
00:18:35
navy switchboard rank
00:18:40
plant native zealand
00:18:44
888 switch post no negotiate
00:18:48
so what we're going to do is that
00:18:52
now we need to try that we have a
00:18:54
connection between
00:18:55
these computers to these computers
00:18:59
so if we take the vlan 20
00:19:02
and try to connect with another a a
00:19:05
piece in glass 20 that connects to this
00:19:08
switch
00:19:08
and we see that we have a successful
00:19:11
um connection and from vlan 200 to
00:19:14
windows 200
00:19:16
we have perfectly connection and from
00:19:19
vlan 10 to v920 we can see
00:19:22
that we don't have the connection in the
00:19:25
future
00:19:26
we're going to see how we're going to
00:19:28
have a connection
00:19:29
so what we do in this tutorial we create
00:19:32
vlans and
00:19:36
add the right interfaces to the right
00:19:38
villain
00:19:39
we create a port security for the
00:19:43
endpoint devices interfaces
00:19:46
and for security between the switches
00:19:50
and post security between the switch to
00:19:52
the router
00:19:53
let's do this because we don't do
00:19:56
interesting
00:19:57
one switch for all security
00:20:01
switch port mode access switch for
00:20:04
trunks allow
00:20:08
cloud venom 10
00:20:11
20 under 200 switchboard run
00:20:15
native vlan 888
00:20:19
and switchboard
00:20:22
no negotiate so that's it all for this
00:20:26
tutorial thank you guys for watching i
00:20:28
will see you in the next
00:20:30
movie video
00:20:33
movie video it doesn't matter
