2024年3月22日发(作者:开晓燕)
PT Activity: Configure a Network for Secure Operation
Addressing Table
Device
R1
R2
R3
PC-A
PC-B
PC-C
Interface
FA0/1
S0/0/0 (DCE)
S0/0/0
S0/0/1 (DCE)
FA0/1
S0/0/1
NIC
NIC
NIC
IP Address
192.168.1.1
10.1.1.1
10.1.1.2
10.2.2.2
192.168.3.1
10.2.2.1
192.168.1.5
192.168.1.6
192.168.3.5
Subnet Mask
255.255.255.0
255.255.255.252
255.255.255.252
255.255.255.252
255.255.255.0
255.255.255.252
255.255.255.0
255.255.255.0
255.255.255.0
Default
Gateway
N/A
N/A
N/A
N/A
N/A
N/A
192.168.1.1
192.168.1.1
192.168.3.1
Switch
Port
S1 FA0/5
N/A
N/A
N/A
S3 FA0/5
N/A
S1 FA0/6
S2
FA0/18
S3 FA0/6
Learning Objectives
Secure the routers with strong passwords, password encryption and a login banner.
Secure the console and VTY lines with passwords.
Configure local AAA authentication.
Configure SSH server.
Configure router for syslog.
Configure router for NTP.
Secure the router against login attacks.
Configure CBAC and ZPF firewalls.
Secure network switches.
Introduction
In this comprehensive practice activity, you will apply a combination of security measures
that were introduced in the course. These measures are listed in the objectives.
In the topology, R1 is the edge outer for the Company A while R3 is the edge router for
Company B. These networks are interconnected via the R2 router which represents the ISP.
You will configure various security features on the routers and switches for Company A and
Company B. Not all security features will be configured on R1 and R3.
The following preconfigurations have been made:
Hostnames on all devices
IP addresses on all devices
R2 console password: ciscoconpa55
R2 password on VTY lines: ciscovtypa55
R2 enable password: ciscoenpa55
Static routing
Syslog services on PC-B
DNS lookup has been disabled
IP default gateways for all switches
Task 1: Test Connectivity and Verify Configurations
Step 1. Verify IP addresses.
Verify 核实,查证
Step 2. Verify routing tables.
Step 3. Test connectivity.(连通性)
From PC-A, ping PC-C at IP address 192.168.3.5.
Task 2: Secure the Routers
Step 1. Set minimum(最小值) a password length of 10 characters on router R1 and
R3.
Step 2. Configure(安装) an enable secret password on router R1 and R3.
Use an enable secret password of ciscoenpa55.
Step 3. Encrypt plaintext passwords.(将明文译成密码)
此命令将配置文件中的当前和将来的所有明文密码加密为密文
Step 4. Configure the console lines on R1 and R3.
Configure a console password of ciscoconpa55 and enable login(进入系统,登陆). Set
the exec-timeout to log(记录) out after 5 minutes of inactivity(静止). Prevent console
messages from interrupting command entry.(进入)
2024年3月22日发(作者:开晓燕)
PT Activity: Configure a Network for Secure Operation
Addressing Table
Device
R1
R2
R3
PC-A
PC-B
PC-C
Interface
FA0/1
S0/0/0 (DCE)
S0/0/0
S0/0/1 (DCE)
FA0/1
S0/0/1
NIC
NIC
NIC
IP Address
192.168.1.1
10.1.1.1
10.1.1.2
10.2.2.2
192.168.3.1
10.2.2.1
192.168.1.5
192.168.1.6
192.168.3.5
Subnet Mask
255.255.255.0
255.255.255.252
255.255.255.252
255.255.255.252
255.255.255.0
255.255.255.252
255.255.255.0
255.255.255.0
255.255.255.0
Default
Gateway
N/A
N/A
N/A
N/A
N/A
N/A
192.168.1.1
192.168.1.1
192.168.3.1
Switch
Port
S1 FA0/5
N/A
N/A
N/A
S3 FA0/5
N/A
S1 FA0/6
S2
FA0/18
S3 FA0/6
Learning Objectives
Secure the routers with strong passwords, password encryption and a login banner.
Secure the console and VTY lines with passwords.
Configure local AAA authentication.
Configure SSH server.
Configure router for syslog.
Configure router for NTP.
Secure the router against login attacks.
Configure CBAC and ZPF firewalls.
Secure network switches.
Introduction
In this comprehensive practice activity, you will apply a combination of security measures
that were introduced in the course. These measures are listed in the objectives.
In the topology, R1 is the edge outer for the Company A while R3 is the edge router for
Company B. These networks are interconnected via the R2 router which represents the ISP.
You will configure various security features on the routers and switches for Company A and
Company B. Not all security features will be configured on R1 and R3.
The following preconfigurations have been made:
Hostnames on all devices
IP addresses on all devices
R2 console password: ciscoconpa55
R2 password on VTY lines: ciscovtypa55
R2 enable password: ciscoenpa55
Static routing
Syslog services on PC-B
DNS lookup has been disabled
IP default gateways for all switches
Task 1: Test Connectivity and Verify Configurations
Step 1. Verify IP addresses.
Verify 核实,查证
Step 2. Verify routing tables.
Step 3. Test connectivity.(连通性)
From PC-A, ping PC-C at IP address 192.168.3.5.
Task 2: Secure the Routers
Step 1. Set minimum(最小值) a password length of 10 characters on router R1 and
R3.
Step 2. Configure(安装) an enable secret password on router R1 and R3.
Use an enable secret password of ciscoenpa55.
Step 3. Encrypt plaintext passwords.(将明文译成密码)
此命令将配置文件中的当前和将来的所有明文密码加密为密文
Step 4. Configure the console lines on R1 and R3.
Configure a console password of ciscoconpa55 and enable login(进入系统,登陆). Set
the exec-timeout to log(记录) out after 5 minutes of inactivity(静止). Prevent console
messages from interrupting command entry.(进入)