Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
34Activity
0 of .
Results for:
No results containing your search query
P. 1
ccna security skills based assessment

ccna security skills based assessment

Ratings: (0)|Views: 5,646|Likes:
ccna security skills based assessment
ccna security skills based assessment

More info:

Published by: http://utsit.blogspot.com.au/ on May 30, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/13/2013

pdf

text

original

 
 
 All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12
CCNA Security
 
Skills-Based Assessment
TopologyIP Addressing Table
Device Interface IP Address Subnet Mask Default Gateway Switch Port
R1 FA0/1 172.16.1.1 255.255.255.0 N/A S1 FA0/5S0/0/0 (DCE) 10.10.10.1 255.255.255.252 N/A N/A R2 S0/0/0 10.10.10.2 255.255.255.252 N/A N/A S0/0/1 (DCE) 10.20.20.2 255.255.255.252 N/A N/A R3 FA0/1 172.16.3.1 255.255.255.0 N/A S3 FA0/5
 
CCNA Security
 
 All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 12
Device Interface IP Address Subnet Mask Default Gateway Switch Port
S0/0/1 10.20.20.1 255.255.255.252 N/A N/A S1 VLAN 1 172.16.1.11 255.255.255.0 172.16.1.1 N/A S2 VLAN 1 172.16.1.12 255.255.255.0 172.16.1.1 N/A S3 VLAN 1 172.16.3.11 255.255.255.0 172.16.3.1 N/A PC-A NIC 172.16.1.3 255.255.255.0 172.16.1.1 S1 FA0/6PC-B NIC 172.16.1.2 255.255.255.0 172.16.1.1 S2 FA0/18PC-C NIC 172.16.3.3 255.255.255.0 172.16.3.1 S3 FA0/18
Objectives
Part 1: Build the network and configure basic device settingsPart 2: Secure Network Routers
Configure encrypted passwords and a login banner.
Configure EXEC timeout on console and VTY lines.
Configure login failure rates and virtual login enhancements
Configure SSH access and disable Telnet.
Configure local AAA authentication.
Configure a zone-based policy firewall (ZPF) and ACLs using Cisco SDM.
Configure Intrusion Prevention System (IPS) using Cisco SDM.Part 3: Configure a Site-to-Site VPN
Configure a Site-to-Site VPN using SDM.Part 4: Secure Network Switches
Configure passwords, and a login banner.
Configure management VLAN access.
Secure trunk ports.
Secure access ports.
Protect against STP attacks.
Configure port security and disable unused ports.
Exam Overview
This skills-based assessment is the final practical exam for the course CCNA Security. The exam is dividedinto four parts. The parts should be completed sequentially. In Part 1, you cable the network and configure thebasic device settings. Static routing is used between the networks. In Part 2 you secure network routers usingCisco SDM and CLI to configure various IOS features including AAA, ZPF, ACLs and IPS. In Part 3 youconfigure a Site-to-Site VPN between R1 and R3 through the ISP router (R2). In Part 4 you configure switchsecurity features.
Note:
The router commands and output in this SBA are from a Cisco 1841 with Cisco IOS Release 12.4(20)T(Advanced IP image). The switch commands and output are from a Cisco WS-C2960-24TT-L with Cisco IOSRelease 12.2(46)SE (C2960-LANBASEK9-M image). Other routers, switches, and Cisco IOS versions maybe used. See the Router Interface Summary table at the end of the SBA to determine which interface
 
CCNA Security
 
 All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 12
identifiers to use based on the equipment in the lab. Depending on the router or switch model and Cisco IOSversion, the commands available and output produced might vary from what is shown in this SBA.
Note:
Make sure that the routers and switches have been erased and have no startup configurations.
Required Resources
2 routers with SDM 2.5 installed (Cisco 1841 with Cisco IOS Release 12.4(20)T1 Advanced IPService or comparable)
1 router (Cisco 1841 with Cisco IOS Release 12.4(20)T1 IP Base or comparable)
3 switches (Cisco 2960 with Cisco IOS Release 12.2(46)SE C2960-LANBASEK9-M image or comparable)
PC-A: Windows XP or Vista (with SSH client, TFTP server and IPS files)
PC-B: Windows XP or Vista
PC-C: Windows XP or Vista (with SSH client, TFTP server and IPS files)
Serial and Ethernet cables as shown in the topology
Rollover cables to configure the routers and switches via the console
Part 1: Build the Network and Configure Basic Settings to Create theTesting Environment.
In Part 1, you set up the network topology and configure basic settings, such as the hostname, interface IPaddresses and static routing. Perform steps on routers and switches as indicated.
Step 1: Cable the network as shown in the topology.
If the SBA topology is already set up, go to Step 2. Otherwise, attach the devices shown in the topologydiagram, and cable as necessary.
Step 2: Configure basic settings for all routers.
a. Configure host names as shown in the topology.b. Configure the interface IP addresses as shown in the IP addressing table.c. Configure a clock rate for the routers with a DCE serial cable attached to their serial interface.d. Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commandsas though they were host names.
Step 3: Configure static default routes on edge routers (R1 and R3).
Configure a static default route from R1 to R2 and from R3 to R2.
Step 4: Configure static routes on the ISP router (R2).
Configure a static route from R2 to the R1 LAN and from R2 to the R3 LAN.
Step 5: Configure basic settings for each switch.
a. Configure host names as shown in the topology.b. Configure the VLAN 1 management address on each switch as shown in the IP Addressing table.

Activity (34)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Ayman Ali Ahmed liked this
Piotr Winciorek liked this
Jesus Flores liked this
Kazuo Ishizaki liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->