Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
54Activity
P. 1
CCNP Security Secure Lab Guide[1]

CCNP Security Secure Lab Guide[1]

Ratings:

3.67

(1)
|Views: 11,403|Likes:
Published by bkaraqa

More info:

Published by: bkaraqa on Mar 11, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/08/2015

pdf

text

original

 
SECURE
Lab Guide
Overview
This guide presents the instructions and other information required to complete the labactivities for this course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
 
L
ab 1-1: Configuring Advanced Switched Data Plane Security Controls
 
L
ab 1-2: Configuring Advanced Infrastructure Security Controls
 
L
ab 2-1: Configuring Basic Zone-Based Policy Firewall Features
 
L
ab 2-2: Configuring Advanced Zone-Based Policy Firewall Features
 
L
ab 2-3: Configuring Cisco IOS Software IPS
 
L
ab 3-1: Configuring a PKI-Enabled Site-to-Site IPsec VPN
 
L
ab 3-2: Configuring Cisco IOS Software DMVPN Spokes
 
L
ab 3-3: Configuring GET VPN Group Members
 
L
ab 4-1: Configuring a Cisco IOS Software SS
L
VPN Gateway
 
L
ab 4-2: Configuring Cisco Easy VPN
 
Answer Key
 
2
Securing Networks with Cisco Routers and Switches (SECURE) v1.0 ©
2
010 Cisco Systems, Inc.
Lab
1-1: Configuring Adv
a
nced Switched D
a
t
a
 Pl
a
ne Security Controls
Complete this lab activity to practice what you learned in the related module.
Activity O
bj
ective
In this activity, you will configure common Cisco Catalyst IOS Software-switchedinfrastructure protection controls in a basic scenario. After completing this activity, you will beable to meet these objectives:
 
Verify DHCP spoofing vulnerability
 
Configure DHCP snooping
 
Configure dynamic and static ARP inspection
 
Configure IP Source Guard and PAC
L
s
 
Configure PV
L
AN Edge
V
isu
a
l O
bj
ective
The figure illustrates what you will accomplish in this activity.
©
 
010 Cisco Systems, Inc. All rights reserved. SECURE v1.0²3
Visual Objective for Lab 1-1: ConfiguringAdvanced Switched Data Plane SecurityControls
DHCP Snooping
 ARP Inspection
IP Source Guard/PACL Attacker  ARP/IP SpoofingDHCP SpoofingISR-PxR1LegitimateSessionLegitimateDHCP Server Client PCServer ASwitchFa0/
¡¡ 
Fa0/
¡ 
3Fa0/1
 
Required Resources
These are the resources and equipment that are required to complete this activity:
 
Student terminals (laptops or PCs)
 
Pod ISR router 
 
Pod Catalyst switch
 
Pod client PC and Server A systems
 
©
2
010 Cisco Systems, Inc. Lab Guide 3
Comm
a
nd
L
ist
The table describes the commands that are used in this activity.
Configuring Adv
a
nced Switched D
a
t
a
Pl
a
ne Security Controls Comm
a
nds
Comm
a
nd Description
arp access-list
name
 
Configures an ARP ACL for ARP inspection.
ip access-group
access-list-name
{in | out}
 Applies an IP ACL to an interface.
ip access-list {standard 
 
|extended}
access-list-name
 
D
efines an IP ACL by name.
ip arp inspection filter
arp-acl-name
vlan
vlan-range
 
Permits ARPs from hosts that are configured for static IPwhen
D
ynamic ARP Inspection (
D
 AI) is enabled, anddefines an ARP access list and applies it to a VLAN.
ip arp inspection vlan
vlan-range
 
Enables
D
 AI on a per-VLAN basis.
ip dhcp snooping
Globally enables
DH
CP snooping.
ip dhcp snooping trust
Configures the interface as
DH
CP-snooping trusted.
ip dhcp snooping vlan{
number 
|
vlan-list
}
Enables
DH
CP snooping on a VLAN or a group of VLANs.
ip verify source port-security
Configures the IP Source Guard feature on an interfacewith IP and MAC address verification.
ipconfig /release
Releases the IP address on the PC.
ipconfig /renew
Renews the IP address on the PC.
 permit
ip-address
 
Sets conditions in the named IP ACL that will permitpackets.
 permit ip host
ip-address
  mac host
mac-address
 
Permits ARP packets inside the ARP access list with the IPaddress specified, bound to a specific MAC address.
 ping
ip-address
 
D
etermines if another IP address is accessible.
show ip dhcp snooping
D
isplays the
DH
CP snooping configuration.
show ip dhcp snooping binding
D
isplays the
DH
CP snooping binding entries.
show running-config
D
isplays the configuration that is currently running on thedevice.
J
o
b
Aids
These job aids are available to help you complete the lab activity:
 
The instructor will provide you with your pod number and other pod access information.Please log this information in this table.
Pod Access Inform
a
tion
P
a
a
meter 
V
a
lue
Pod number 
 
Terminal server IP address and portnumber 
 

Activity (54)

You've already reviewed this. Edit your review.
Harry Lin liked this
khan liked this
abdelhamidnassar added this note
like
abdelhamidnassar liked this
Jon Woloshyn liked this
1 thousand reads
1 hundred reads
Sergio Echaiz liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->