Using command prompt to answer the question

PART $3$: CONFIGURE VLANS AND SWITCH PORTS

In Part $2,$ you connected devices and assigned IP addresses to computers. You also tested connectivity between PC$-$A and PC$-$B$,$ and you should have been able to ping the computers from each other.

While you cannot ping PC$-$C and PC$-$M from any other computer, an intruder could change the computer$$s IP address and overcome this restriction.

As an optional exercise, you can change the IP address of PC$-$C to $192\mathrm{.}168\mathrm{.}10\mathrm{.}2/24,$ for example, and test the pinging PC$-$A or PC$-$B$.$ Don$$t forget to change the IP address of PC$-$C back afterward.

We will separate the three networks into VLANs to strengthen our network security.

$3\mathrm{.}1$ Configure VLANs

Using the table below, configure these VLANs in all three switches. Note: the VLAN names must match exactly.

VLAN ID VLAN Name

$10$ Students

$20$ Faculty

$99$ Management

$999$ Unused

$3\mathrm{.}2$ Configure ports on the switches

Configure the interfaces in the table below with the proper VLAN. Ensure the ports connected to the PCs are configured with a static access mode and add descriptions to each port configuration.

Device Interface VLAN Description

S$1$ GigabitEthernet$1/0/6$ VLAN $10$ Connection to student PC$-$A

S$2$ FastEthernet$0/11$ VLAN $10$ Student PC$-$B

S$2$ FastEthernet$0/18$ VLAN $20$ Dr$.$ Sheldon Cooper

S$3$ FastEthernet$0/24$ VLAN $99$ Network Management Workstation PC$-$M

$3\mathrm{.}2$ Part $3$ Summary

Now, even if you try changing the IP address of PC$-$C$,$ as we suggested earlier, you will notice that you cannot ping PC$-$B regardless of your IP address.

Your configuration is more secure now, but can you still ping PC$-$A from PC$-$B and vice versa?

PART $4$: IMPLEMENT VLAN TRUNKING

In Part $2,$ you hardened the switches and assigned IP addresses to the computers. You also discovered that changing the static IP address in PC$-$C will allow intruders to easily access networks they are not part of$.$

In Part $3,$ you created separate VLANs for each network and assigned the VLANs to the interfaces connected to the PCs$.$ But you also discovered that this broke connectivity between PC$-$A and PC$-$B$.$

If you run the command on the S$1$ interface GigabitEthernet$1/1/1$ switchport and check Operational Mode, you will see that the port is operating in a static access mode and passes only traffic that belongs to VLAN $1.$

To allow connectivity between the switches, we must configure all connections between S$1,$ S$2,$ and S$3$ as trunk connections.

$4\mathrm{.}1$ Implement VLAN trunking on the switches

All trunk interfaces that connect switches should be configured as follows:

$$ Manually set interfaces that interconnect the switches to a static trunk mode $($do NOT use dynamic mode or trunk negotiation$)$ Configure the VLAN $999$ as the native VLAN $$ Add descriptions to the ports:

Device Port Description

S$1$ GigabitEthernet$1/0/1$ Connection to S$3$: GigabitEthernet$0/1$

S$1$ GigabitEthernet$1/1/1$ Connection to S$2$: GigabitEthernet$0/1$

S$1$ GigabitEthernet$1/1/2$ Connection to S$2$: GigabitEthernet$0/2$

S$2$ FastEthernet$0/1$ Connection to S$3$: GigabitEthernet$0/2$

S$2$ GigabitEthernet$0/1$ Connection to S$1$: GigabitEthernet$1/1/1$

S$2$ GigabitEthernet$0/2$ Connection to S$1$: GigabitEthernet$1/1/2$

S$3$ GigabitEthernet$0/1$ Connection to S$1$: GigabitEthernet$1/0/1$

Device Port Description

S$3$ GigabitEthernet$0/2$ Connection to S$2$: FastEthernet$0/1$

$4\mathrm{.}2$ Part $4$ Summary

After enabling trunking, you should be able to ping PC$-$A from PC$-$B and back. And even if you change the IP address of PC$-$C or PC$-$M$,$ you should not be able to ping devices outside their designated VLANs.