Scribd Logo
Upload

Welcome to Scribd!

  • Lab - Analysis On Management Plane

    Uploaded by

    Anderson Bataglini
    43 views14 pages
    This document provides instructions for a lab to analyze network management using SPAN and SSH. The tasks are: 1. Connect all components and configure static IPs as shown in the diagram. 2. Create VLAN 10 on the switch and assign ports for PC1 and the router. 3. Enable SPAN on the switch to monitor the router's port and send traffic to the analyzer PC. 4. Enable Telnet on the router and capture the login from the analyzer to observe the password. 5. Repeat with SSH to compare security and analyze login messages.

    Original Description:

    Original Title

    lab -analysis on Management Plane (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for a lab to analyze network management using SPAN and SSH. The tasks are: 1. Connect all components and configure static IPs as shown in the diagram. 2. Create VLAN 10 on the switch and assign ports for PC1 and the router. 3. Enable SPAN on the switch to monitor the router's port and send traffic to the analyzer PC. 4. Enable Telnet on the router and capture the login from the analyzer to observe the password. 5. Repeat with SSH to compare security and analyze login messages.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    43 views14 pages

    Lab - Analysis On Management Plane

    Uploaded by

    Anderson Bataglini
    This document provides instructions for a lab to analyze network management using SPAN and SSH. The tasks are: 1. Connect all components and configure static IPs as shown in the diagram. 2. Create VLAN 10 on the switch and assign ports for PC1 and the router. 3. Enable SPAN on the switch to monitor the router's port and send traffic to the analyzer PC. 4. Enable Telnet on the router and capture the login from the analyzer to observe the password. 5. Repeat with SSH to compare security and analyze login messages.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 14

    Figure 1

    10.1.1.0/24

    SW1 VLAN10
    Fa0/0
    Fa0/5 Fa0/10 .1

    PC1
    .2 Fa0/2 Router

    PC2 (Analyzer)
    .3

    Lab: Analysis on Management Plane

    Note: Your group router’s interface type/number may be different than the one shows in network map.
    Switched Port Analyzer (SPAN)
    • The Switched Port Analyzer (SPAN)
    feature, which is sometimes called port
    mirroring or port monitoring, selects
    network traffic for analysis by a network
    analyzer. This lab is intended to verify how
    to utilize SPAN for network management
    plane monitoring.
    Lab Work Tasks:

    1. Interlink all the components.


    2. Configure PC1, PC2( Analyzer) with static IP settings
    as shown in figure 1.
    3. Create VLAN 10 on SW1. Ensure the PC1 and Router
    fa0/0 are assigned to VLAN 10 ports.
    SW# vlan database
    SW(VLAN)#vlan 10 name lab
    SW(VLAN)#exit
    SW#conf t
    SW(conf)#int range fa0/5, fa0/10
    SW(conf-range-if)# switchport access vlan 10
    Issue Show vlan brief to verify VLAN settings
    My LAB
    Lab Work Tasks:
    4. Enable SPAN on SW1 so that Analyzer (PC2) can monitor
    Router’s fa0/0 ongoing packets.
    monitor session 1 source int fa0/10
    monitor session 1 destination int fa0/2
    5. Enable Telnet service on Router. (Set password as Cisco)
    Router (conf)# line vty 0 4
    Router (conf-line)# login
    Router (conf-line)# password Cisco
    6. Capture PC1’s Telnet messages to Router from Analyzer. Set a
    Display filter so as to figure out the Telnet password from the
    captured messages.
    7. Let a group member reset a new password, others try to figure it
    out from the analyzer’s captured message.
    8. Fill up the Table1 after analyzing the captured message.
    My LAB
    Table 1
    Telnet client TCP port 53672

    Telnet server TCP port 23

    IP header’s Protocol 6
    number for TCP Payload
    TTL Value in packets 255
    sourced from router
    Analyzing SSH
    Base on the same network topology, apply a new Management
    Plane service SSH.
    Work out steps from the next page.
    Analyze the SSH, and compare it with Telnet.
    Fill up Table 2.
    Table 2.

    SSH Client IP Address

    SSH Service IP Address 10.1.1.1

    TCP or UDP based TCP

    Sever Port Number 22


    Step 1 Configuring SSH on a Router

    To enable SSH on the router, the following parameters should be configured:


    • Hostname
    • Domain-name
    • Asymmetrical keys
    • SSH timeouts
    • Local authentication
    • Version

    a. Set router parameters


    In this lab, the hostname has been configured to RouterGBC.
    RouterGBC(config)#hostname RouterGBC

    After the hostname is set, the active CLI will dynamically change.
    To configure the router IP domain-name, use the ip domain-name domain name
    command in Configuration Mode.
    RouterGBC(config)#ip domain-name cisco.com
    Step 2 Generate Asymmetric Keys

    a. Generate RSA keys


    Enter the following command in the configuration mode:
    RouterGBC(config)#crypto key generate ?

    b. Generate RSA keys (continued)


    To enable SSH for local and remote authentication on the router enter the
    command:
    RouterGBC(config)#crypto key generate rsa

    The router will respond with a message showing the naming convention for the keys.

    c. Press Enter to accept the default key size and continue.


    Step 3 Configure SSH Timeouts

    a.Configuring SSH timeouts and authentication retries is a way of


    providing additional security for the connection.
    Use the command ip ssh {[time-out seconds]} {authentication-
    retries integer} to enable timeouts and authentication retries.

    Set the SSH timeout to 15 seconds and the amount of retries to 3


    by entering the following commands:
    RouterGBC(config)#ip ssh time-out 15
    RouterGBC(config)#ip ssh authentication-retries 3
    Step 4 Configure Local Authentication and vty lines
    Use the following commands to define a local user and assign SSH communication to
    the vty lines:

    RouterGBC(config)# username student password cisco


    RouterGBC(config)# line vty 0 4
    RouterGBC(config-line)# transport input ssh
    RouterGBC(config-line)# login local
    Step 5 Communicating Between a SSH PC (Client) to Router (Server)

    a. The basic settings to allow a PC and a router to establish a SSH session is now
    configured. In order to establish a SSH session, launch the SSH client from the
    student PC.

    The configurations will vary amongst the different SSH clients. If PuTTY is being used
    as the SSH client, following these instructions. Launch the PuTTY.exe file and a pane
    with various configuration options will open.

    b. In the “Host Name (or IP address)” input box enter the IP address 10.1.1.1 of the
    router. Next, change the protocol to “SSH”. These two values must be sent to
    establish the SSH. To test the connection, press the Open command button at the
    bottom of the window.

    The SSH client will prompt for the local username and password that was previously
    set on the router. Enter the “student” for the username and “cisco” for the password.

    Analyze the SSH messages, do you see the username/password? Please fill up Table
    2.
    Conclusion:
    Which Login type (Telnet or SSH) is secure?
    And why?

    Free lab testing.

    Note: Please remote all passwords after finishing the lab

    You might also like