Scribd Logo
Upload

Welcome to Scribd!

  • SIC Final Prac Manual

    Uploaded by

    Sumit shinde
    31 views60 pages
    Yahahyshsh

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Yahahyshsh

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views60 pages

    SIC Final Prac Manual

    Uploaded by

    Sumit shinde
    Yahahyshsh

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 60

    Table of Contents

    Practical 01: Configure cisco routers for syslog, ntp and sssh operation ........................................ 2
    Practical 01: A ................................................................................................................................... 2
    Practical 01: B ................................................................................................................................... 6
    Practical 01: C SSH Secure Shell..................................................................................................... 8
    Practical 02: Configure AAA authentication on cisco routers.......................................................... 9
    Practical 03: Configure extended ACL. ............................................................................................ 12
    Practical 04: Configure ip ACL to migrate attacks ......................................................................... 15
    Practical 05: Configuring IPV6 ACL ................................................................................................ 18
    Practical 06: Configuring a zone-based policy firewall ................................................................... 22
    Practical 07: Configure IOS intrusion prevention system using CLI ............................................ 30
    7A: Enable IOS IPS ........................................................................................................................ 30
    7B: Open router1 and modify the signature. ................................................................................ 34
    Practical 08: ......................................................................................................................................... 36
    Practical 09: Layer 2 VLAN Security ............................................................................................... 42
    Practical 07: B: Create a Redundant Link between SW-1 and SW-2 ........................................ 49
    Practical 10: Configure and Verify a Site-to-Site Ipse VPN Using CLI......................................... 54
    Practical 01: Configure cisco routers for syslog, ntp and sssh
    operation

    Practical 01: A
    Steps:
    1) Assign ip addresses:

    • Syslog Server
    • Ntp server:

    • Pc 0:

    • PC 1:

    • Router 0:
    • Router 1:

    2) Open the CLI window of router 0:


    3) Open CLI window of router 1:

    4) Md5 authentication: Open CLI window of Router 0.


    5) Verify Md5 authentication:

    Practical 01: B

    1) Enable Ntp service on Ntp server:


    Open Router 1
    Open Router 0

    2) Open Syslog server:


    Open Router 0

    Open Router 1
    Practical 01: C SSH Secure Shell

    Open CLI window of Router 1

    Open Command Prompt of PC 0


    Practical 02: Configure AAA authentication on cisco routers.

    Steps:
    1) Assign the IP addresses:
    • PC1 : 192.168.1.3
    • PC0 : 192.168.1.2
    • Router0 : (gig0/0: 192.168.1.1) (gig0/1: 192.168.2.1)
    • Tacacs Sever : 192.168.2.3
    • Radius Server: 192.168.2.2
    2) Open configure wizard of tacacs server:
    3) Open the configure wizard of radius server:

    4) Open CLI window of router 0:


    5) Open CMD window of PC0;
    Practical 03: Configure extended ACL.

    Steps:
    1) Click on router 0 and router 1 > Go to the config tab > click on RIP tab insert network
    address:
    2) Open the server 0 > Go to services > Enable/On the FTP services > Login id: cisco
    Password: cisco:
    3) Click on router 1 open CLI window and fire following command:

    4) Open CMD window of PC0 and fire following command:


    Practical 04: Configure ip ACL to migrate attacks

    Steps:
    1) For All Routers some configuration we should perform here.
    Click on router > Physical mode > power off > Right side (HWIC-2T)
    Drag and drop this on screen > power on off router.
    2) Open the CLI window of Router0 and execute following command:

    3) Open CLI window of Router1 and Router2 and execute the same command instead of
    hostname R0 command:
    For Router1: hostname R1
    For Router2: hostname R2
    Change this command accordingly.
    4) Open CLI window of Router0 and execute following command:

    5) Open the cmd of pc0 and execute following command:


    Practical 05: Configuring IPV6 ACL

    Steps:
    1) Configuration for all routers:
    Click on router > Physical mode > power off > Right side (HWIC-2T)
    Drag and drop this on screen > power on off router.
    2) Open the CLI window of router0 and execute the following command:
    3) Open CLI window of router1 and execute following commands:

    4) Open CLI window of router2 and execute following command:


    5) Open cmd of pc0 or pc1 or sever and execute following command:
    Practical 06: Configuring a zone-based policy firewall

    Steps:

    1) Configuration for all routers:


    Click on router > Physical mode > power off > Right side (HWIC-2T)
    Drag and drop this on screen > power on off router.
    2) Static routing assigning: Router 1
    Network :192.168.1.0 192.168.4.0
    Subnet mask : 255.255.255.0 255.255.255.0
    Next hope : 12.168.3.1 192.168.3.1
    Router 2:
    Network : 192.168.1.0 192.168.4.0
    Subnet mask : 255.255.255.0 255.255.255.0
    Next hope : 192.168.2.1 192.168.3.2
    Router 0:
    Network : 192.168.3.0 192.168.4.0
    Subnet mask : 255.255.255.0 255.255.255.0
    Next hope : 192.168.2.2 192.168.2.2
    3) Configuring SSH protocol on router 2:

    4) Open cmd window of pc0:


    5) Define Zones, zone-pairs, define class map that describe traffic that much have policy
    applied as it crosses a zone-pair.
    Define policy map to apply access to your traffic assign interface to zones.
    6) Open pc0 cmd window: It should return the pinging operation.

    7) Open CLI window of router 1:


    8) Open the cmd window of server and ping to pc0 with command ping 192.168.4.2, it
    should not ping.

    9) Open web browser on pc0 and hit the following address 192.168.1.2.
    Practical 07: Configure IOS intrusion prevention system using
    CLI
    7A: Enable IOS IPS
    Steps:

    1) Configuration for all routers:


    Click on router > Physical mode > power off > Right side (HWIC-2T)
    Drag and drop this on screen > power on off router.
    2) Use RIP protocol for routing.
    Router0 : 192.168.1.0 & 192.168.2.0
    Router1 : 192.168.2.0 & 192.168.3.0
    Router2 : 192.168.3.0 & 192.168.4.0

    3) Open router1 CLI window and execute following command.


    7B: Open router1 and modify the signature.

    1) Open pc0 cmd window and execute this command


    2) Open router0 and execute following command.

    3) Open the syslog server (see all the entries ).


    Practical 08:

    Steps:

    1) Click the Router 1 and assign following IP address:


    • Gig 0/0 : 192.168.1.1
    • Serial 0/1/0 : 209.165.200.1

    2) PC1 = A1: 10.1.1.10 PC5 = B1: 10.1.1.14


    PC2 = A2: 10.1.1.11 PC6 = B2: 10.1.1.15
    PC3 = A3: 10.1.1.12 PC7 = B3: 10.1.1.16
    PC4 = A4: 10.1.1.13 PC8 = B4: 10.1.1.17
    3) Following command, you have to execute in Router 1 and all the
    switches:

    4) Open CLI window of Central switch and execute this command:


    5) Open a CLI window of SW1 $ SW2 Execute this command:

    6) Enable the BPDU guard on SWA & SWB.


    7) Open the CLI window of SW1 & SW2 and execute this command:
    8) Open SWA & SWB and execute this command:
    9) Open cmd window of A1 and ping to 10.1.1.14 & 10.1.1.11

    10) Open SWA & SWB execute this command:


    Practical 09: Layer 2 VLAN Security

    Take Switch 2950T


    Steps:
    1) Configure Switch/Router: Execute these commands in all router and
    switches.
    2) Create VLAN and assign access mode and trunk mode to interfaces.
    • Check existing VLAN
    • Create new VLAN

    • Check the new VLAN


    3) Assign access mode to VLAN switch interfaces: Only SWA & SWB
    4) Check the access mode allocations

    5) Assign trunk mode to other switch interfaces: SWA, SWB, SW1 & SW2
    6) Create sub-interfaces on router to support VLAN
    7) Verify Connectivity

    Practical 07: B: Create a Redundant Link between SW-1 and SW-2


    1) Connect SW-1 and SW-2.
    Using a crossover cable, connect port Fa0/23 on SW-1 to port Fa0/23 on SW-2.
    2) Enable trunking, including all trunk security mechanisms on the link
    between SW-1 and SW-2

    3) Enable VLAN 20 as a Management VLAN: Enable a management


    VLAN (VLAN 20) on SW-A.
    4) Enable the same management VLAN on all other switches

    5) : Connect and configure the management PC.


    6) Verify connectivity of the management PC to all switches.

    7) Enable security & Apply ACL on correct interfaces: On Router


    8) Verify connectivity between the management PC and SW-A, SW-B and
    R1.

    9) Verify connectivity between the D1 and management PC.


    Practical 10: Configure and Verify a Site-to-Site Ipse VPN Using
    CLI

    Steps:
    1) Configure router: All routers
    2) Configure OSPF on routers: This is for R1 change network address for
    R2 and R3.

    3) Ping From PC-A


    4) Executer all this command in R1
    5) Execute all this command on R3

    6) Verify the IPsec VPN


    7) Ping PC3 192.168.1.3

    8) Open R1 and Execute this: show crypto ipsec sa


    9) Open R1 ping 192.168.3.3 & R3 and Ping 192.168.1.3

    10) Verify the tunnel.

    You might also like