HW4 - HackMD

HW4 === ## Chatper 1 1. | |可通過的 VLAN 數量 |802.1Q 標記 | | ----------- | ----------- | ----------- | | Access Port | 1 | 無 | | Trunk Port | 2 or more |有| [Ref](https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Fundamentals_of_802.1Q_VLAN_Tagging#:~:text=The%20purpose%20of%20a%20tagged,will%20link%20to%20end%20devices.) 2. Native VLAN is used to carry untagged traffic on a trunk port，在802.1Q的port會被設為trunk且預設上，都會隸屬於native VLAN，所有沒有被貼上標籤的資料都會被送往這個native VLAN。每個VLAN都會有一個ID，用來區分各個VLAN，而通常native VLAN的預設ID就是VLAN 1。 [Ref](https://www.netadmin.com.tw/netadmin/zh-tw/technology/E966B2A3B5CC434FABB02DB9C46CD8E8?page=5) 3. ![431764344_1381077992772886_4457102249697672864_n](https://hackmd.io/_uploads/Sy4ZXmQR6.jpg) 4. 當PC-01/VLAN10可以把VLAN20的訊息包在VLAN10中傳出，當經過線路3時native VLAN是10，因此10的TAG將被拿掉，剩下20，因此可以傳送給PC-04 [Ref](https://www.jannet.hk/virtual-lan-vlan-attack-zh-hant/) ## Chapter2 1. 根據`username RiNG privilege 15 password 7 0813435D0C150C16`使用網路上的解碼器，得到密碼`Roselia`，透過Admin的terminal連入 2. telnet 到RiNG-Edge(192.168.99.2) ``` no vlan 10 vlan 20 name VLAN-MyGo inter range fa0/21-22 switchp mod acc switchp acc vlan 20 write inter range gig0/1-2 switch trunk allowed vlan add 20 ``` 打開termianl連到core ``` no vlan 10 vlan 20 name VLAN-MyGo vlan 30 name VLAN-AveMujica inter range fa0/1-3 switchp mod acc switchp acc vlan 20 inter range fa0/11-12 switchp mod acc switchp acc vlan 30 write inter range gig0/1-2 switch trunk allowed vlan add 20 write ``` 3. part 3 [Ref](https://medium.com/%E7%92%BF%E7%9A%84%E7%AD%86%E8%A8%98%E6%9C%AC/cisco-router%E7%9A%84%E5%AF%86%E7%A2%BC%E5%AE%89%E5%85%A8%E8%88%87ssh%E8%A8%AD%E5%AE%9A-854318136e91) - (a)調整帳號 RiNG 的密碼為 secret 模式，且更改密碼為 Afterglow(分別登入core 和 Edge進行修改) ``` no username RiNG password 7 0813435D0C150C16 username RiNG privilege 15 secret Afterglow do write ``` - (b)啟動 RiNG-Core 的 Telnet/SSH 登入 ``` ip domain-name ccna.com crypto key generate rsa general-keys modulus 1024 line vty 0 4 login local transport input all ``` [Ref](https://community.cisco.com/t5/switching/2500-series-router-showing-quot-no-password-set-quot-when-trying/td-p/3350549) - \(c)設定 RiNG-Core 和 RiNG-Edge 的 vty 0-4 都可以使用 (a) 的帳密且只能透過 SSH 登入 (分別登入core 和 Edge進行修改) ``` line vty 0 4 login local transport input ssh ``` - (d)設定 RiNG-Core 和 RiNG-Edge 的 vty 5-15 都無法登入 ``` line vty 5 15 no login ``` - (e)設定 RiNG-Core 和 RiNG-Edge 的 SSH 版本為 v2 ``` ip ssh version 2 ``` ## Chapter 3 1. 手動release `C:\Users\user>ipconfig /release` ![image](https://hackmd.io/_uploads/B1K5YozC6.png) [Ref](https://www.tp-link.com/tw/support/faq/840/) 2. - IP 0.0.0.0 涵義:網絡號和主機號都全部為0，表示"本網絡上的本主機"，只能用作源地址。原因：DHCP客戶端還未獲取到ip的時候規定使用0.0.0.0作「源地址」 - IP 255.255.255.255 涵義:Represents the broadcast address, or place to route messages to be sent to every device within a network 原因:DHCP client doesn’t know the IP address of the server so the message is broadcast with a destination IP is 255.255.255.255 - MAC FF:FF:FF:FF:FF:FF 涵義:The broadcast MAC address is FF:FF:FF:FF:FF:FF. A frame with this destination address will be sent to all hosts within a particular network segment/broadcast domain. 原因:DHCP client doesn’t know the MAC address of the server so the message is broadcast with a destination MAC addr is FF:FF:FF:FF:FF:FF [Ref1](https://www.geeksforgeeks.org/how-dora-works/) [Ref2](https://ithelp.ithome.com.tw/articles/10311096) 3. DHCP poisoning [Ref](https://www.cisco.com/c/en/us/support/docs/ip/dynamic-host-configuration-protocol-dhcp-dhcpv6/217055-operate-and-troubleshoot-dhcp-snooping.html) 將FAKE DHCP也就是位於interface fa0/21作為untrust ``` vlan 11 ip dhcp snooping interface range fa0/22-23 switchport mode access switchport access vlan 11 ip dhcp snooping trust ```