Professional Documents
Culture Documents
Practice SBA w90
Practice SBA w90
IP Addressing Table
Device
R1
Interface
FA0/1
IP Address
172.16.1.1
Subnet Mask
255.255.255.0
Default Gateway
N/A
Switch Port
S1 FA0/5
S0/0/0 (DCE)
10.10.10.1
255.255.255.252
N/A
N/A
S0/0/0
10.10.10.2
255.255.255.252
N/A
N/A
S0/0/1 (DCE)
10.20.20.2
255.255.255.252
N/A
N/A
FA0/1
172.16.3.1
255.255.255.0
N/A
S3 FA0/5
S0/0/1
10.20.20.1
255.255.255.252
N/A
N/A
S1
VLAN 1
172.16.1.11
255.255.255.0
172.16.1.1
N/A
S2
VLAN 1
172.16.1.12
255.255.255.0
172.16.1.1
N/A
S3
VLAN 1
172.16.3.11
255.255.255.0
172.16.3.1
N/A
PC-A
NIC
172.16.1.3
255.255.255.0
172.16.1.1
S1 FA0/6
PC-B
NIC
172.16.1.2
255.255.255.0
172.16.1.1
S2 FA0/18
PC-C
NIC
172.16.3.3
255.255.255.0
172.16.3.1
S3 FA0/18
R2
R3
Objectives
Part 1: Build the network and configure basic device settings
Part 2: Secure Network Routers
Configure a clock rate for the routers with a DCE serial cable attached to their serial
interface.
R1(config)#interface S0/0/0
R1(config-if)#clock rate 64000
R2(config)#interface S0/0/1
R2(config-if)#clock rate 64000
d. Disable DNS lookup to prevent the router from attempting to translate incorrectly entered
commands as though they were host names.
R1(config)#no ip domain-lookup
Step 3: Configure static default routes on edge routers (R1 and R3).
Configure a static default route from R1 to R2 and from R3 to R2.
R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.2
R3(config)#ip route 0.0.0.0 0.0.0.0 10.20.20.2
Configure the IP default gateway for each of the three switches. The gateway for the S1
and S2 switches is the R1 Fa0/1 interface IP address. The gateway for the S3 switch is
the R3 Fa0/1 interface IP address.
S1(config)#ip default-gateway 172.16.1.1
S2(config)#ip default-gateway 172.16.1.1
S3(config)#ip default-gateway 172.16.3.1
d. Disable DNS lookup to prevent the switches from attempting to translate incorrectly
entered commands as though they were host names.
S1(config)#no ip domain-lookup
Step 8: Save the basic running configuration for each router and switch.
Log in to the console as Admin01 with a password of Admin01pa55 to verify that AAA
with local authentication is functioning correctly.
d. Exit to the initial router screen that displays: R1 con0 is now available, Press RETURN
to get started.
e. Attempt to log in to the console as baduser with a bad password to verify that users not
defined in the local router database are denied access.
Step 4: Repeat Steps 1 through 3 to configure AAA with local authentication on R3.
Step 3: Generate the RSA encryption key pair for router R1.
Configure the RSA keys with 1024 as the number of modulus bits.
R1(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: R1.ccnasecurity.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be nonexportable...[OK]
R1(config)#
*May 26 19:08:58.215: %SSH-5-ENABLED: SSH 1.99 has been enabled
PC-C to R3.
Step 2: Save the running configuration to the startup configuration for R1.
Step 3: Repeat steps 1 and 2 to configure enhanced login security for virtual logins
for router R3.
Step 2:
Create two security zones Inside and Outside.
Create one class map IN2OUT_MAP to match all traffic and another OUT2SELF_MAP to
math only telnet traffic.
Create policy-map IN2OUT_PMAP to inspect traffic from class map IN2OUT_MAP
Create policy-map OUT2SELF_PMAP to drop traffic from class map OUT2SELF_MAP and
pass everything else
Create zone-pair IN2OUT_PAIR for the outside direction and apply IN2OUT_PMAP policymap
Create zone-pair OUT2SELF for Outside to Self zone and apply OUT2SELF_PMAP policymap
Tests:
a. From PC-A, ping external router R2 interface S0/0/0 at IP address 10.10.10.2. The pings
should be successful.
b. From external router R2, ping PC-A at IP address 172.16.1.3. The pings should NOT be
successful.
c.
From router R2, telnet to R1 at IP address 10.10.10.1. The telnet attempt should NOT be
successful.
Submission:
Save the file with your name using capital letter followed by your first name, e.g. SMITH_John
Upload the file to the Weblearn via the Skills Assessment Practice Assignment on the Weblearn.