Professional Documents
Culture Documents
Ccna Security Chapter 2 Lab A - Securing The Router For Administrative Access Instructor Version Topology Ip
Ccna Security Chapter 2 Lab A - Securing The Router For Administrative Access Instructor Version Topology Ip
Ccna security Chapter 2 Lab A: Securing the Router for Administrative Access Instructor Version Topology ip addressing Table
main goal is
commands available
network topology
find similar
router commands
Download 392.14
Kb.
Page 1/10
Date 29.01.2017
Size 392.14 Kb.
1 2 3 4 5 6 7 8 9 10
CCNA Security
Chapter 2 Lab A: Securing the Router for Administrative Access Instructor Version
Topology
IP Addressing Table
Default
Device Interface IP Address Subnet Mask Gateway Switch Port
Objectives
Configure a router as a synchronized time source for other devices using NTP.
Make changes to the router and monitor syslog results on the PC.
Use the SDM Security Audit tool to identify vulnerabilities and lock down services.
Background/Scenario
The router is a key component that controls the movement of data into and out of the network and between devices within the network. It is particularly important to protect the network
routers because the failure of one of these devices due to malicious activity could make sections of the network or the entire network inaccessible. Controlling access to routers and enabling
reporting on routers are critical to network security and should be part of a comprehensive security policy.
In this lab, you build a multi-router network and configure the routers and hosts. You use various CLI and SDM tools to secure local and remote access to the routers, analyze potential
vulnerabilities, and take steps to mitigate them. You also enable management reporting to monitor router configuration changes.
The router commands and output in this lab are from Cisco 1841s using Cisco IOS software, release 12.4(20)T (advanced IP image). Other routers and Cisco IOS versions can be used. See
the Router Interface Summary table at the end of the lab to determine which interface identifiers to use based on the equipment in the lab. Depending on the model of the router, the commands
available and output produced may vary from what is shown in this lab.
Note: Make sure that the routers and the switches have been erased and have no startup configurations.
Instructor Note: Instructions for erasing switches and routers are provided in the Lab Manual, located on Academy Connection in the Tools section.
Required Resources
3 routers with SDM 2.5 installed (Cisco 1841 with Cisco IOS software, release 12.4(20)T1 or comparable)
PC-A: Windows XP, Vista, or Windows Server with PuTTy SSH Client (no ACS required for this lab)
PC-C: Windows XP or Vista with PuTTy SSH Client and Kiwi or Tftpd32 Syslog server
Instructor Note:
This lab is divided into five parts. Each part can be administered individually or in combination with others as time permits. The main goal is to configure various Cisco IOS and SDM security
features on routers R1 and R3. R1 and R3 are on separate networks and communicate through R2, which simulates a connection to an ISP. Students can work in teams of two for router
security configuration, one student configuring R1 and the other student configuring R3.
Although switches are shown in the topology, students can omit the switches and use crossover cables between the PCs and routers R1 and R3.
The basic running configs for all three routers are captured after Parts 1 and 2 of the lab are completed. The running config commands that are added in Parts 3 and 4 are captured and listed
separately. The running configs generated by AutoSecure for R3 and SDM Security Audit for R1 in Part 5 of the lab are listed separately. All configs are found at the end of the lab.
In Part 1 of this lab, you set up the network topology and configure basic settings such as interface IP addresses and static routing.
Attach the devices shown in the topology diagram and cable as necessary.
1.
Configure host names as shown in the topology.
2.
Configure interface IP addresses as shown in the IP Addressing Table.
3.
Configure a clock rate for routers with a DCE serial cable attached to their serial interface. Router R1 is shown here as an example.
R1(config)#interface S0/0/0
4.
To prevent the router from attempting to translate incorrectly entered commands as though they were host names, disable DNS lookup. Router R1 is shown here as an example.
R1(config)#no ip domain-lookup
1.
Configure a static default route from R1 to R2 and from R3 to R2.
2.
Configure a static route from R2 to the R1 LAN and from R2 to the R3 LAN.
Configure a static IP address, subnet mask, and default gateway for PC-A and PC-C as shown in the IP Addressing Table.
1.
Ping from R1 to R3.
If the pings are not successful, troubleshoot the basic device configurations before continuing.
2.
Ping from PC-A on the R1 LAN to PC-C on the R3 LAN.
If the pings are not successful, troubleshoot the basic device configurations before continuing.
Note: If you can ping from PC-A to PC-C you have demonstrated that static routing is configured and functioning correctly. If you cannot ping but the device interfaces are up and IP
addresses are correct, use the show run and show ip route commands to help identify routing protocol related problems.
Use the Transfer > Capture text option in HyperTerminal or some other method to capture the running configs for each router. Save the three files so that they can be used to restore configs
later in the lab.
Research terminal emulation client software and configure the SSH client.
Note: Perform all tasks, on both R1 and R3. The procedures and output for R1 are shown here.
Download 392.14
Kb.
1 2 3 4 5 6 7 8 9 10
The database is protected by copyright ©ininet.org 2020
send message