Switch.com is an IT company that has an existing enterprise network comprised of two layer 2 only switch; DSW1 and ASW1. The topology diagram indicates their layer 2 mapping. VLAN 20 is a new VLAN that will be used to provide the shipping personnel access to the server. Corporate polices do not allow layer 3 functionality to be enabled on the switch. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:
- User connecting to VLAN 20 via pot f0/1 on ASW1 must be authenticated before they are given access to the network. Authentication is to be done via a Radius server:
- Radius key: rad123
- Authentication should be implemented as close to the host ad possibile
- Device on VLAN 20 are restricted to the subnet of 172.120.40.0/24
- Packets from devices in the subnet of 172.120.40.0/24 should be allowed on VLAN20.
- Packets form devices in any other address range should be dropped on VLAN20.
- Filtering should be implemented as close to the serverfarm as possible.