CCNA Hands on final
Task breakdown and planning
Task 1
Cable the network
Clear router config
Do the bartman
Task 2
Configure on all routers:
Hostname
config: hostname [hostname]
Disable DNS lookup
config: no ip domain-lookup
Configure Exec mode password
config: en secret cisco
MOTD
config: banner motd # banner #
Config a password for vtys/console
config: line vty 0 4
conflin: password cisco
Configure synchronous logging
config: line con 0
linecon: logging synchronous
Task 3 Configure IP's
Configure interfaces on routers
Verify IP addresses
Configure PC IP's
Test with pings
Task 4 Configure serial stuph
config: int serial whatever
lincon: encap ppp
Configure PPP w/ CHAP between r1 r2
ppp authentication chap
set CHAP password to cisco
hostname = username for login
username R3 password cisco
The above is the username to compare
to.
Configure HDLC between r2 and 3
config: interblah
lincoln: encapsulation hdlc
Configure frame relay between r1, r3
buttcon: encapsulation hdlc
lincoln: frame-relay interface-dlci #
Task 5 Configure rip
Enable RIP on all routers
(Prevent RIP updates outside serial
links)
config:ip classless (Just in case)
config:router rip
ripcon:network [network_address]
ripcon:passive-interface [IF]
config:ip classless (Just in case)
Test with Pings
Verify the routing table
show ip route
Task 6 Configure security on R2
Enable secure telnet with a DB on r2
config: ip domain-name blah.com
config: crypto key generate RSA
config: username student secret cisco
conf t
line vty 0 4
no transport input
transport input ssh
exit
Disable unused services and interfaces r2
conf t
line aux 0
no password
login
exit
no service tcp-small-servers
no service udp-small-servers
no ip bootp server
no http server
no service finger
no snmp-server
no cdp run
no ip source-route
various interfaces: SHUTDOWN
//maybe try autosecure when all is done
"Confirm that R2 is secured"
Task 7 Configure ACLs
Allow telnet to R1 and 3 from r2 only
access-list 101 permit tcp [ip] [WC] eq telnet
access-list 101 permit tcp [ip] [WC] eq telnet
block from internet to pc1: 80,23,21,20
access-list 102 permit tcp eq 80 destination 10.0.0.10
access-list 102 deny tcp any eq 80 destination 10.0.0.10
access-list 102 deny tcp any eq 23 destination 10.0.0.10
access-list 102 deny tcp any eq 21 destination 10.0.0.10
access-list 102 deny tcp any eq 20 destination 10.0.0.10
Block from 10.0.0.128/25 to pc1
access-list 102 deny tcp 10.0.0.1 0.0.0.127 destination 10.0.0.10
Verify that pc3 cannot ping pc1, but can ping 10.0.0.1
Task 8
Configure NAT to allow pc3 to ping pc1
config: ip nat inside source static PC1 [GlobalIP]
config:internal interface
lincoln: ip nat inside
lincoln:exit
config: interface [outside if]
lincoln: ip nat outside
Verify that it works
Task 9
copy down all router configs
show run | write terminal
Task 10
Clean up.
Wyszukiwarka
Podobne podstrony:
Cisco Press CCNP Routing Exam Certification Guide Appendix3? EXAM LANGUAGE ELEMENTSfor studentsWExample2april 09 lowersecondary exam studentsCCNA4 v 4 0 Exam chapter 7 Addressing Servicesexam pytaniaexam 1 solutionsEXAM 4 WAZNEI a fiza examexam eieBook 6 modules 1 8 exam A key7?fore the exam word formation revisionCHOQUE Model Exam 2dowięcej podobnych podstron