Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
70 views6 pages

SIC Practical

This document outlines steps for configuring routing, authentication, logging, and access control on routers. It describes 4 parts: 1) configuring OSPF authentication and verifying routes, 2) configuring NTP authentication and logging, 3) configuring logging to a syslog server, and 4) configuring SSH access and authentication. It also outlines 2 practical scenarios: 1) configuring local and server-based AAA authentication on routers, and 2) creating and applying numbered and extended ACLs to filter traffic and secure router access.

Uploaded by

Bryan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
70 views6 pages

SIC Practical

This document outlines steps for configuring routing, authentication, logging, and access control on routers. It describes 4 parts: 1) configuring OSPF authentication and verifying routes, 2) configuring NTP authentication and logging, 3) configuring logging to a syslog server, and 4) configuring SSH access and authentication. It also outlines 2 practical scenarios: 1) configuring local and server-based AAA authentication on routers, and 2) creating and applying numbered and extended ACLs to filter traffic and secure router access.

Uploaded by

Bryan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Practical 1

Also remember

Part 1
Step 1 Test connectivity. All devices should be able to ping all other IP addresses.

Step 2 Configure OSPF MD5 authentication for all routers in area 0


This can be done using the “Router OSPF 1” command.

Step 3 : Configure the MD5 key for all the routers in area 0
This can be done using the “ip ospf message-digest-key 1”
Step 4: Verify configurations.

Part 2

Step 1: Configure the NTP

Step 2: Configure R1, R2, and R3 as NTP clients.

Step 3: Configure routers to update hardware clocks.

Step 4: Configure NTP Authentication on Routers.

Step 5: Configure routers to timestamp log messages.

Part 3
Configure Routers to Log Messages to the Syslog Server

Step 1: Configure the routers to identify the remote host (Syslog Server) that will receive logging
messages

Step 2: Verify logging configuration. Use the command show logging to verify logging has been
enabled.

Step 3: Examine logs of the Syslog Server.

Part 4
Configure R3 to support SSH connections.
Step 1: Configure a Domain name

Step 2: Configure users for login to SSH server on R3

Step 3: Configure the incoming vty lines on R3.

Step 4: Erase existing key pairs on R3.

Step 5: Generate the RSA encryption key pair for R3.

Step 6: Verify the SSH configuration.

Step 7: Configure SSH time outs and parameters.

Step 8: Connect to R3 using SSH on PC-C

Step 9: Connect to R3 using SSH on R2

Step 10: Check results.


Practical 2

Part 1: Configure Local AAA Authentication for Console Access on R1

Step 1: Test connectivity.


Step 2: Configure a local username on R1.
Step 3: Configure local AAA authentication for console access on R1.
Step 4: Configure the line console to use the defined AAA authentication method.
Step 5: Verify the AAA authentication method.

Part 2: Configure AAA authentication for vty lines on R1.

Step 1: Configure domain name and crypto key for use with SSH.
Step 2: Configure a named list AAA authentication method for the vty lines on R1.
Step 3: Configure the vty lines to use the defined AAA authentication method.
Step 4: Verify the AAA authentication method.

Part 3: Configure Server-Based AAA Authentication Using TACACS+ on R2

Step 1: Configure a backup local database entry called Admin


Step 2: Verify the TACACS+ Server configuration.
Step 3: Configure the TACACS+ server specifics on R2.
Step 4: Configure AAA login authentication for console access on R2.
Step 5: Configure the line console to use the defined AAA authentication method.
Step 6: Verify the AAA authentication method.

Part 4: Configure Server-Based AAA authentication using Radius on R3.

Step1: Configure a backup local database entry called Admin.


Step2: Verify the Radius server configuration.
Step3: Configure the RADIUS server specifics on R3.
Step 4: Configure AAA login authentication for console access on R3.
Step 5: Configure the line console to use the defined AAA authentication method.
Step 6: Verify the AAA authentication method.
Practical 3 Scenario 1

Part 1: Configure, Apply and Verify an Extended Numbered ACL.

Step 1: Configure an ACL to permit FTP and ICMP.


Step 2: Apply ACL on the correct interface to filter traffic.
Verify the ACL implementation.

Part 2: Configure, Apply and Verify an Extended Named ACL

Step 1: Configure an ACL to permit HTTP access and ICMP.


Step 2: Apply the ACL on the correct interface to filter traffic.

Part 3: Verify the ACL implementation.


Practical 4

Part 1: Verify Basic Network Connectivity.

Step 1: From PC-A, verify connectivity to PC-C and R2.


Step 2: From PC-C, verify connectivity to PC-A and R2

Part 2: Secure Access to Routers.

Step1: Configure ACL 10 to block all remote access to the routers except from PC-c
Step 2: Apply ACL 10 to ingress traffic on the VTY lines. Use the access-class
Step 3: Verify exclusive access from management station PC-C.

Part 3: Create a Numbered IP ACL 120 on R1

Step 1: Verify that PC-C can access the PC-A via HTTPS using the web browser.
Step 2: Configure ACL 120 to specifically permit and deny the specified traffic.
Step 3: Apply the ACL to interface S0/0/0
Step 4: Verify that PC-C cannot access PC-A via HTTPS using the web browser.

Part 4: Modify an Existing ACL on R1

Step 1: Verify that PC-A cannot successfully ping the loopback interface on R2.
Step 2: Make any necessary changes to ACL 120 to permit and deny the specified traffic.
Step 3: Verify that PC-A can successfully ping the loopback interface on R2.

Part 5: Create a Numbered IP ACL 110 on R3

Step 1: Configure ACL 110 to permit only traffic from the inside network.
Step 2: Apply the ACL to interface G0/1. Use the ip access-group command

Part 6: Create a Numbered IP ACL 100 on R3

Step1: Configure ACL 100 to block all specified traffic from the opposite network.
Step 2: Apply the ACL to interface Serial 0/0/1. Use the ip access-group command.
Step 3: Confirm that the specified traffic entering interface Serial 0/0/1 is handled correctly.
Step 4: Check results.

You might also like