Lab Configure Cisco IOS Firewall CBAC on a Cisco Router
|
|
- Alison Lawrence
- 6 years ago
- Views:
Transcription
1 Lab Configure Cisco IOS Firewall CBAC on a Cisco Router Objective Scenario Topology Estimated Time: 35 minutes Number of Team Members: Two teams with four students per team In this lab, students will complete the following tasks: Configure logging and audit trails. Define and apply inspection rules access control lists (ACLs). Test and verify Context-based Access Control (CBAC). The task in this exercise is to configure CBAC on a Cisco router. Student groups will work individually to perform the following steps in this lab exercise: Step 1 Configure logging and audit trails Step 2 Define and apply inspection rules for ACLs Step 3 Test and verify CBAC This figure illustrates the network environment students will create: 1-6 Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
2 Preparation Begin with the standard lab topology and verify the standard router configuration on pod routers. Test the connectivity between the pod routers. Access the perimeter router console port using the terminal emulator on the student PC. If desired, save the router configuration to a text file for later analysis. Refer back to the Student Lab Orientation if more help is needed. Tools and resources In order to complete this lab, the following resources are required: Two pod routers Two inside hosts One SuperServer Additional materials One switch and one backbone router Further information about the objectives covered in this lab can be found at the following websites: Command list apter09186a00800d981a.html shtml These commands will be used throughout the lab. Students should be familiar with these commands. Command access-list ip access-group ip inspect audittrail ip inspect name logging show access-lists show ip inspect write memory Description Command used to configure an ACL. Command used to assign an ACL to an interface. Command used to configure a CBAC audit trail. Command used to define a CBAC rule. Command used to enable logging. Command used to display configured access lists. Command used to verify CBAC operation. Command used to save the running configuration to the startup configuration. 2-6 Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
3 Step 1 Configure Logging and Audit Trails To configure logging and audit trails, complete the following steps: a. Enable logging to the console and the Syslog server. RouterP(config)# logging on RouterP(config)# logging 10.0.P.12 (where P = pod number) b. Enable the audit trail. Router(config)# ip inspect audit-trail c. Save the configuration and return to global configuration mode. RouterP(config)# end RouterP# write memory 1. What command shows detailed logging information? 2. What command will erase the entries in the logging buffer? Step 2 Define and Apply Inspection Rules ACLs a. Define a CBAC rule to inspect all TCP and FTP traffic. RouterP(config)# ip inspect name FWRULE tcp timeout 300 RouterP(config)# ip inspect name FWRULE ftp timeout 300 b. Define the ACLs to allow outbound Internet Control Message Protocol (ICMP) traffic and CBAC traffic. Block all other inside initiated traffic. RouterP(config)# access-list 101 permit icmp any any RouterP(config)# access-list 101 permit ip 10.0.P any RouterP(config)# access-list 101 deny ip any any (where P = pod number) c. Define ACLs to allow inbound ICMP traffic and CBAC traffic such as FTP and WWW to the inside web or FTP server. Block all other outside initiated traffic. RouterP(config)# access-list 102 permit eigrp any any RouterP(config)# access-list 102 permit icmp any any (where P = pod number) d. Apply the inspection rule and the ACL to the inside interface. RouterP(config)# interface fa 0/0 RouterP(config-if)# ip inspect FWRULE in RouterP(config-if)# ip access-group 101 in e. Apply the ACL to the outside interface. RouterP(config-if)# interface fa 0/1 3-6 Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
4 RouterP(config-if)# ip access-group 102 in f. Save the configuration and return to global configuration mode. RouterP(config-if)# end RouterP# write memory Step 3 Test and Verify CBAC a. Complete the following steps to test and verify CBAC: i. Check the ACLs. RouterP# show access-lists 3. In the output for the show access-lists command, how many matches for Enhanced Interior Gateway Routing Protocol (EIGRP) packets are in access list 102? ii. From the MS command prompt, ping the SuperServer. C:\>ping Pinging with 32 bytes of data: iii. Use the web browser to connect to the SuperServer. Enter in the URL field. iv. Connect to the SuperServer by using an anonymous FTP: C:\> ftp User (10.0.P.12:(none)): anonymous... Password: user@ (where Q = peer pod number) v. Use the following show commands to verify CBAC configuration: RouterP# show ip inspect name FWRULE Inspection name FWRULE 4-6 Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
5 RouterP# show ip inspect config Session audit trail is enabled Session alert is enabled one-minute (sampling period) thresholds are [400:500] connections max-incomplete sessions thresholds are [400:500] max-incomplete tcp connections per host is 50. Block-time 0 minute. tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec tcp idle-time is 3600 sec -- udp idle-time is 30 sec dns-timeout is 5 sec Inspection Rule Configuration Inspection name FWRULE RouterP# show ip inspect interfaces Interface Configuration Interface FastEthernet0/0 Inbound inspection rule is FWRULE Outgoing inspection rule is not set Inbound access list is 101 Outgoing access list is not set vi. Use the following show commands to verify CBAC operation: RouterP# show ip inspect sessions Half-open Sessions Session 82A6A284 (10.0.P.12:1314)=>( :80) tcp Session 82A69FB4 (10.0.P.12:1312)=>( :21) ftp RouterP# show ip inspect sessions detail Half-open Sessions Session 82A6A284 (10.0.P.12:1314)=>( :80) tcp Created 00:00:09, Last heard 00:00:09 Bytes sent (initiator:responder) [0:0] acl created 1 Inbound access-list 102 applied to interface FastEthernet0/1 Session 82A69FB4 (10.0.P.12:1312)=>( :21) ftp Created 00:00:23, Last heard 00:00:18 Bytes sent (initiator:responder) [0:0] acl created Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
6 Inbound access-list 102 applied to interface FastEthernet0/1 RouterP# show ip inspect all Session audit trail is enabled Session alert is enabled one-minute (sampling period) thresholds are [400:500] connections max-incomplete sessions thresholds are [400:500] max-incomplete tcp connections per host is 50. Block-time 0 minute. tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec tcp idle-time is 3600 sec -- udp idle-time is 30 sec dns-timeout is 5 sec Inspection Rule Configuration Inspection name FWRULE Interface Configuration Interface FastEthernet0/0 Inbound inspection rule is FWRULE Outgoing inspection rule is not set Inbound access list is 101 Outgoing access list is not set Half-open Sessions Session 82A6A284 (10.0.P.12:1314)=>( :80) tcp vii. Use the show access-list command to display the Context-based Access List. Notice the access lists differs from that of Step 3a. CBAC has analyzed the traffic and created FTP and WWW permit statements. CBAC has created the permit statements because the traffic is permitted in the configured access lists (101 and 102). The statements will be removed after the ip inspect timeout value has expired. RouterP#show access-list Extended IP access list 101 permit icmp any any permit ip 10.0.P any (354 matches) deny ip any any Extended IP access list 102 permit tcp host eq ftp host 10.0.P.12 eq 1315 permit tcp host eq www host 10.0.P.12 eq 1320 permit eigrp any any (57 matches) permit icmp any any 6-6 Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
Lab Configure Cisco IOS Firewall CBAC
Lab 3.8.3 Configure Cisco IOS Firewall CBAC Objective Scenario Topology Estimated Time: 50 minutes Number of Team Members: Two teams with four students per team. In this lab, students will complete the
More informationInspection of Router-Generated Traffic
Inspection of Router-Generated Traffic The Inspection of Router-Generated Traffic feature allows Context-Based Access Control (CBAC) to inspect traffic that is originated by or destined to the router on
More informationContext Based Access Control (CBAC): Introduction and Configuration
Context Based Access Control (CBAC): Introduction and Configuration Document ID: 13814 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information What Traffic Do
More informationLab Student Lab Orientation
Lab 1.1.1 Student Lab Orientation Objective In this lab, the students will complete the following tasks: Review the lab bundle equipment Understand the security pod topology Understand the pod naming and
More informationIPv6 Commands: ipv6 h to ipv6 mi
IPv6 Commands: ipv6 h to ipv6 mi ipv6 hello-interval eigrp, page 3 ipv6 hold-time eigrp, page 5 ipv6 hop-limit, page 7 ipv6 host, page 8 ipv6 icmp error-interval, page 10 ipv6 inspect, page 12 ipv6 inspect
More informationPT Activity: Configuring a Zone-Based Policy Firewall (ZPF)
PT Activity: Configuring a Zone-Based Policy Firewall (ZPF) Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 R2 R3 Fa0/1 192.168.1.1 255.255.255.0
More informationThree interface Router without NAT Cisco IOS Firewall Configuration
Three interface Router without NAT Cisco IOS Firewall Configuration Document ID: 13893 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations
More informationipv6 hello-interval eigrp
ipv6 hello-interval eigrp ipv6 hello-interval eigrp To configure the hello interval for the Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 routing process designated by an autonomous system
More informationLab Configure ACLs in the PIX Security Appliance using CLI
Lab 9.1.9 Configure ACLs in the PIX Security Appliance using CLI Objective Scenario Topology In this lab exercise, the students will complete the following tasks: Disable pinging to an interface. Configure
More informationNetwork Security Laboratory 23 rd May STATEFUL FIREWALL LAB
Network Security Laboratory 23 rd May 2016. STATEFUL FIREWALL LAB 1 CONTENTS INTRODUCTION I. What is Stateful Firewall II. Difference between Stateful and Stateless III. Example of Stateful firewall IV.
More informationNetwork Security 1. Module 8 Configure Filtering on a Router
Network Security 1 Module 8 Configure Filtering on a Router 1 Learning Objectives 8.1 Filtering Technologies 8.2 Cisco IOS Firewall Context-Based Access Control 8.3 Configure Cisco IOS Firewall Context-Based
More informationLab Configure Routing Authentication and Filtering
Lab 2.5.7 Configure Routing Authentication and Filtering Objective Scenario Topology In this lab, the students will complete the following tasks: Configure routing protocol authentication Configure route
More informationLab Configure Object Groups
Lab 10.4.4 Configure Object Groups Objective Scenario Estimated Time: 35 minutes Number of Team Members: Two teams with four students per team. In this lab, the student will complete the following objectives:
More informationChapter 4 Lab A: Configuring CBAC and Zone-Based Firewalls
Chapter 4 Lab A: Configuring CBAC and Zone-Based Firewalls Topology Note: ISR G2 devices have Gigabit Ethernet interfaces instead of Fast Ethernet Interfaces. IP Addressing Table Device Interface IP Address
More informationCCNA Security Instructor Packet Tracer Manual
1.0.1 Instructor Packet Tracer Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use
More informationLab Student Lab Orientation
Lab 1.1.1 Student Lab Orientation Objective In this lab, the students will complete the following tasks: Review the lab bundle equipment Understand the security pod topology Understand the pod naming and
More informationCCNA Security PT Practice SBA
A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any Exam windows during the exam. 2. Do not close Packet Tracer when you are done.
More informationVRF Aware Cisco IOS Firewall
VRF Aware Cisco IOS Firewall VRF Aware Cisco IOS Firewall applies Cisco IOS Firewall functionality to VRF (Virtual Routing and Forwarding) interfaces when the firewall is configured on a service provider
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More information1.1 Configuring HQ Router as Remote Access Group VPN Server
Notes: 1.1 Configuring HQ Router as Remote Access Group VPN Server Step 1 Enable AAA model for local and remote access authentication. AAA will prompt extended authentication for remote access group VPN
More informationFirewall Stateful Inspection of ICMP
Firewall Stateful Inspection of ICMP Last Updated: March 26, 2012 The Firewall Stateful Inspection of ICMP feature addresses the limitation of qualifying Internet Control Management Protocol (ICMP) messages
More informationCCNA Access List Questions
CCNA Access List Questions Here you will find answers to CCNA Access list questions Note: If you are not sure about how to use Access list, please read my Access list tutorial Question 1 Your boss is learning
More informationLab 6: Access Lists. Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/ R1
Lab 6: Access Lists Network Topology:- Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/0 192.168.0.1 255.255.255.0 ----- R1 Fa 0/1 192.168.10.1 255.255.255.0 ----- Se 0/0/0 10.0.0.1 255.255.255.252
More informationHTTP Inspection Engine
HTTP Inspection Engine Last Updated: October 16, 2011 The HTTP Inspection Engine feature allows users to configure their Cisco IOS Firewall to detect and prohibit HTTP connections--such as tunneling over
More informationConfiguring IP Session Filtering (Reflexive Access Lists)
Configuring IP Session Filtering (Reflexive Access Lists) This chapter describes how to configure reflexive access lists on your router. Reflexive access lists provide the ability to filter network traffic
More informationImplementing Firewall Technologies
Implementing Firewall Technologies Network firewalls separate protected from non-protected areas preventing unauthorized users from accessing protected network resources. Technologies used: ACLs Standard,
More informationLab - Troubleshooting ACL Configuration and Placement Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway HQ G0/1 192.168.1.1
More informationCCNA Security 1.0 Student Packet Tracer Manual
1.0 Student Packet Tracer Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationLab b Simple DMZ Extended Access Lists Instructor Version 2500
Lab 11.2.3b Simple DMZ Extended Access Lists Instructor Version 2500 Objective In this lab, the use of extended access lists to create a simple DeMilitarized Zone (DMZ) will be learned. 372-833 CCNA 2:
More informationLab Catalyst 2950 and 3550 Series Intra-VLAN Security
Lab 7.2.5.1 Catalyst 2950 and 3550 Series Intra-VLAN Security Objective Scenario Configure intra-vlan security with Access Control Lists (ACLs) using the command-line interface (CLI) mode. This lab will
More informationLab Configure a Router with the IOS Intrusion Prevention System
Lab 2.1.6 Configure a Router with the IOS Intrusion Prevention System Objective Scenario Topology In this lab, the students will complete the following tasks: Initialize the Intrusion Protection System
More informationFirewall Policy. Edit Firewall Policy/ACL CHAPTER7. Configure a Firewall Before Using the Firewall Policy Feature
CHAPTER7 The feature lets you view and modify firewall configurations access rules and CBAC inspection rules in the context of the interfaces whose traffic they filter. Using a graphical representation
More informationProtection Against Distributed Denial of Service Attacks
Protection Against Distributed Denial of Service Attacks The Protection Against Distributed Denial of Service Attacks feature provides protection from Denial of Service (DoS) attacks at the global level
More informationPT Activity 5.6.1: Packet Tracer Skills Integration Challenge Topology Diagram
Topology Diagram All contents are Copyright 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 6 Addressing Table Device Interface IP Address Subnet Mask
More informationCISCO CONTEXT-BASED ACCESS CONTROL
51-10-41 DATA COMMUNICATIONS MANAGEMENT CISCO CONTEXT-BASED ACCESS CONTROL Gilbert Held INSIDE Operation; Intersection; The Inspect Statement; Applying the Inspection Rules; Using CBAC OVERVIEW Until 1999,
More informationCisco IOS Firewall Authentication Proxy
Cisco IOS Firewall Authentication Proxy This feature module describes the Cisco IOS Firewall Authentication Proxy feature. It includes information on the benefits of the feature, supported platforms, configuration
More informationIPv6 Firewall Support for Prevention of Distributed Denial of Service Attacks and Resource Management
IPv6 Firewall Support for Prevention of Distributed Denial of Service Attacks and Resource Management IPv6 zone-based firewalls support the Protection of Distributed Denial of Service Attacks and the Firewall
More informationLab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance
Lab 9.4.10 Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance Objective Scenario Topology In this lab exercise, the students will complete the following tasks: Display the
More informationLab Configuring and Verifying Extended ACLs Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationFirewall Authentication Proxy for FTP and Telnet Sessions
Firewall Authentication Proxy for FTP and Telnet Sessions Last Updated: January 18, 2012 Before the introduction of the Firewall Authentication Proxy for FTP and Telnet Sessions feature, users could enable
More informationStudy Guide. Using ACLs to Secure Networks
CHAPTER 5 ACLs The Study Guide portion of this chapter uses a combination of matching, multiple-choice, and open-ended question exercises to test your knowledge of the various types of access control lists
More information2002, Cisco Systems, Inc. All rights reserved.
2002, Cisco Systems, Inc. All rights reserved. Configuring IP Access Lists 2002, Cisco Systems, Inc. All All rights reserved. ICND v2.0 6-2 2 Objectives Upon completing this lesson, you will be able to:
More informationConfiguring Authentication Proxy
The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against industry standard TACACS+ and RADIUS authentication protocols.
More informationFirewall Stateful Inspection of ICMP
The feature categorizes Internet Control Management Protocol Version 4 (ICMPv4) messages as either malicious or benign. The firewall uses stateful inspection to trust benign ICMPv4 messages that are generated
More informationApplication Firewall-Instant Message Traffic
Application Firewall-Instant Message Traffic Enforcement Finding Feature Information Application Firewall-Instant Message Traffic Enforcement Last Updated: June 14, 2011 The Application Firewall--Instant
More informationApplication Firewall-Instant Message Traffic Enforcement
Application Firewall-Instant Message Traffic Enforcement Last Updated: September 24, 2012 The Application Firewall--Instant Message Traffic Enforcement feature enables users to define and enforce a policy
More informationLab Configure Service Object Groups using ASDM
Lab 9.2.3 Configure Service Object Groups using ASDM Objective Scenario In this lab, the students will complete the following tasks: Configure an inbound access control list (ACL) with object groups. Configure
More informationCCNA 1 Final Exam Answers UPDATE 2012 eg.2
CCNA 1 Final Exam Answers UPDATE 2012 eg.2 January 12th, 2012AdminLeave a commentgo to comments 1. When must a router serial interface be configured with the clock rate command? when the interface is functioning
More informationApplication Firewall Instant Message Traffic Enforcement
Application Firewall Instant Message Traffic Enforcement The Application Firewall Instant Message Traffic Enforcement feature enables users to define and enforce a policy that specifies which instant messenger
More informationUnderstanding Access Control Lists (ACLs) Semester 2 v3.1
1 Understanding Access Control Lists (ACLs) Access Control Lists 2 Access control lists (ACLs) are lists of instructions you apply to a router's interface. These lists tell the router what kinds of packets
More informationConfiguring Commonly Used IP ACLs
Configuring Commonly Used IP ACLs Document ID: 26448 Contents Introduction Prerequisites Requirements Components Used Conventions Configuration Examples Allow a Select Host to Access the Network Deny a
More informationGranular Protocol Inspection
The feature adds flexibility to the Cisco IOS Firewall by allowing it to perform a higher degree of inspection of TCP and User Data Protocol (UDP) traffic for most RFC 1700 application types. Finding Feature
More informationSupport for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.
Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Transparently Routing Web Traffic to the Barracuda Web Security Gateway This article demonstrates
More informationTeacher s Reference Manual
UNIVERSITY OF MUMBAI Teacher s Reference Manual Subject: Security in Computing Practical with effect from the academic year 2018 2019 Practical 1: Packet Tracer - Configure Cisco Routers for Syslog, NTP,
More informationExperiment 3: Protocol Visualization with Packet Tracer
Experiment 3: Protocol Visualization with Packet Tracer Learning Objectives: Explore Packet Tracer Real-time mode Explore the Logical Workspace Explore Packet Tracer operation Connect devices Examine a
More informationTable of Contents. Cisco Configuring IP Access Lists
Table of Contents Configuring IP Access Lists...1 Introduction...1 Prerequisites...2 Requirements...2 Components Used...2 Conventions...2 ACL Concepts...2 Masks...2 ACL Summarization...3 Process ACLs...4
More informationAccess Control Lists (Beyond Standard and Extended)
Access Control Lists (Beyond Standard and Extended) www.ine.com Course Prerequisites and Assumptions» Prerequisite = CCNA ACL Videos» ACLs are used as a classification tool by many different features this
More informationLab Configuring and Verifying Standard ACLs Topology
Topology 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 9 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationImplementing Traffic Filtering with ACLs
Implementing Traffic Filtering with ACLs Managing Network Device Security 2013 Cisco Systems, Inc. ICND1 3-36 How can you restrict Internet access for PC2? 2013 Cisco Systems, Inc. ICND1 3-37 ACL operation
More informationCisco IOS Firewall Intrusion Detection System Commands
Cisco IOS Firewall Intrusion Detection System Commands This chapter describes the commands used to configure the integrated Intrusion Detection System (IDS) features in Cisco IOS Firewall. Intrusion detection
More informationLab 4.5.5a Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel Using CLI
Lab 4.5.5a Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel Using CLI Objective Scenario Topology In this lab exercise, the students will complete the following tasks: Prepare to configure
More informationLab 4.2.5a Connectivity Tests Ping
Lab 4.2.5a Connectivity Tests Ping Objective Use the ping command to send ICMP datagrams to target host. Verify that the network layer between source and destination is working properly. Retrieve information
More informationLab VTY Restriction Instructor Version 2500
Lab 11.2.6 VTY Restriction Instructor Version 2500 NOTE: The loopback entry in this graphic is not required in the lab. Objective Scenario Use the access-class and line commands to control Telnet access
More informationLab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology
Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives
More informationConfiguring Authentication Proxy
Configuring Authentication Proxy Last Updated: January 18, 2012 The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against
More informationLab c Simple DMZ Extended Access Lists
Lab 11.2.3c Simple DMZ Extended Access Lists Objective In this lab, the use extended access lists to create a simple DeMilitarized Zone (DMZ) will be learned. 1-9 CCNA 2: Routers and Routing Basics v 3.0
More informationObject Groups for ACLs
The feature lets you classify users, devices, or protocols into groups and apply these groups to access control lists (ACLs) to create access control policies for these groups. This feature lets you use
More informationConfiguring Authentication Proxy
Configuring Authentication Proxy Last Updated: January 7, 2013 The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against
More informationLab 8: Firewalls ASA Firewall Device
Lab 8: Firewalls ASA Firewall Device 8.1 Details Aim: Rich Macfarlane 2015 The aim of this lab is to investigate a Cisco ASA Firewall Device, its default traffic flows, its stateful firewalling functionality,
More informationLab Configuring Static Routes Instructor Version 2500
Lab 6.1.6 Configuring Static Routes Instructor Version 2500 Objective Configure static routes between routers to allow data transfer between routers without the use of dynamic routing protocols. Background/Preparation
More informationLab b Simple DMZ Extended Access Lists
Lab 11.2.3b Simple DMZ Extended Access Lists Objective In this lab, the use of extended access lists to create a simple DeMilitarized Zone (DMZ) will be learned. 1-9 CCNA 2: Routers and Routing Basics
More informationLab - Using Wireshark to Examine TCP and UDP Captures
Topology Part 1 (FTP) Part 1 will highlight a TCP capture of an FTP session. This topology consists of a PC with Internet access. Topology Part 2 (TFTP) Part 2 will highlight a UDP capture of a TFTP session.
More informationLab 9.6.2: Challenge EIGRP Configuration Lab
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway HQ BRANCH1 BRANCH2 PC1 PC2 PC3 Fa0/0 S0/0/0 S0/0/1 Lo1 Fa0/0 S0/0/0 S0/0/1 Fa0/0 S0/0/0 S0/0/1 NIC NIC NIC All
More informationCS 326e Lab 2, Edmondson-Yurkanan, Spring 2004 Router Configuration, Routing and Access Lists
CS 326e Lab 2, Edmondson-Yurkanan, Spring 2004 Router Configuration, Routing and Access Lists Name: In this lab you will learn: PartA Cisco 2600 Router Configuration Static Routing PartB 20 min Dynamic
More informationLab Configuring the PIX Security Appliance as a DHCP Server
Lab 8.5.3 Configuring the PIX Security Appliance as a DHCP Server Objective Scenario Topology Estimated Time: 15 minutes Number of Team Members: Two teams with four students per team. In this lab, students
More informationSybex CCENT Chapter 12: Security. Instructor & Todd Lammle
Sybex CCENT 100-101 Chapter 12: Security Instructor & Todd Lammle Chapter 12 Objectives The CCENT Topics Covered in this chapter include: IP Services Describe the types, features, and applications of ACLs
More informationRouter and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface
CCNA4 Chapter 5 * Router and ACL By default, a router does not have any ACLs configured and therefore does not filter traffic. Traffic that enters the router is routed according to the routing table. *
More informationCCNA Security. Chapter Four Implementing Firewall Technologies Cisco Learning Institute.
CCNA Security Chapter Four Implementing Firewall Technologies 1 Major Concepts Implement ACLs Describe the purpose and operation of firewall technologies Implement CBAC Zone-based Policy Firewall using
More informationReflexive Access List Commands
Reflexive Access List Commands This chapter describes reflexive access list commands, which are used to configure IP session filtering. IP session filtering provides the ability to filter IP packets based
More informationEnabling ALGs and AICs in Zone-Based Policy Firewalls
Enabling ALGs and AICs in Zone-Based Policy Firewalls Zone-based policy firewalls support Layer 7 application protocol inspection along with application-level gateways (ALGs) and application inspection
More informationVPN Connection through Zone based Firewall Router Configuration Example
VPN Connection through Zone based Firewall Router Configuration Example Document ID: 112051 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Configure
More informationEnabling ALGs and AICs in Zone-Based Policy Firewalls
Enabling ALGs and AICs in Zone-Based Policy Firewalls Zone-based policy firewalls support Layer 7 application protocol inspection along with application-level gateways (ALGs) and application inspection
More informationLab 1.3.2: Review of Concepts from Exploration 1 - Challenge
Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge Topology Diagram Learning Objectives Upon completion of this lab, you will be able to: Create a logical topology given network requirements
More information2. What flavor of Network Address Translation can be used to have one IP address allow many users to connect to the global Internet? A. NAT B.
How long is an IPv6 address? A. 32 bits B. 128 bytes C. 64 bits D. 128 bits Answer: Option D An IPv6 address is 128 bits long. 2. What flavor of Network Address Translation can be used to have one IP address
More informationLab Troubleshooting LAN Connectivity
Lab 9.2.4 Troubleshooting LAN Connectivity Device Host Name Interface IP Address Subnet Mask Default Gateway Switch Port R1 R1 Fast Ethernet 0/0 192.168.1.1 255.255.255.0 N/A Fast Ethernet 0/2 S1 S1 VLAN
More informationCourse Outline. Interconnecting Cisco Networking Devices Part 1 Lab.
Course Outline Interconnecting Cisco Networking 22 Mar 2018 Contents 1. Course Objective 2. Expert Instructor-Led Training 3. ADA Compliant & JAWS Compatible Platform 4. State of the Art Educator Tools
More informationCS356 Lab NIL (Lam) In this lab you will learn: Cisco 2600 Router Configuration Static Routing PartB 20 min Access Control Lists PartC 30 min Explore!
CS356 Lab NIL (Lam) In this lab you will learn: PartA Time: 2 hrs 40 min Cisco 2600 Router Configuration Static Routing PartB 20 min Access Control Lists PartC 30 min Explore! Components used: 2 computers
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : 200-125 Title : CCNA Cisco Certified Network Associate CCNA (v3.0) Vendor : Cisco Version : DEMO Get
More informationThis document is a tutorial related to the Router Emulator which is available at:
Introduction This document is a tutorial related to the Router Emulator which is available at: http://www.dcs.napier.ac.uk/~bill/router.html A demo is also available at: http://www.dcs.napier.ac.uk/~bill/router_demo.htm
More informationAccess Rules. Controlling Network Access
This chapter describes how to control network access through or to the ASA using access rules. You use access rules to control network access in both routed and transparent firewall modes. In transparent
More informationAutoSecure. Finding Feature Information. Last Updated: January 18, 2012
AutoSecure Last Updated: January 18, 2012 The AutoSecure feature secures a router by using a single CLI command to disable common IP services that can be exploited for network attacks, enable IP services
More informationBGP Cost Community. Prerequisites for the BGP Cost Community Feature
The feature introduces the cost extended community attribute. The cost community is a non-transitive extended community attribute that is passed to internal BGP (ibgp) and confederation peers but not to
More informationI N D E X. Numerics. 3DES (triple Data Encryption Standard), 199
I N D E X Numerics A 3DES (triple Data Encryption Standard), 199 AAA (Authentication, Authorization, and Accounting), 111 114, 236 configuring, 114, 144 145 CSACS, 116 122 floodguard, 168 169 servers,
More information1. Which OSI layers offers reliable, connection-oriented data communication services?
CCNA 1 Practice Final Exam Answers v4.0 100% 1. Which OSI layers offers reliable, connection-oriented data communication services? application presentation session transport network 2. Refer to the exhibit.
More informationImplementing Traffic Filters for IPv6 Security
Implementing Traffic Filters for IPv6 Security Last Updated: November 14, 2011 This module describes how to configure Cisco IOS XE IPv6 traffic filter and firewall features for your Cisco networking devices.
More informationIPv6 Access Control Lists
Access lists determine what traffic is blocked and what traffic is forwarded at device interfaces and allow filtering of traffic based on source and destination addresses, and inbound and outbound traffic
More informationSkills Assessment Student Training Exam
Skills Assessment Student Training Exam Topology Assessment Objectives Part 1: Initialize Devices (2 points, 5 minutes) Part 2: Configure Device Basic Settings (18 points, 20 minutes) Part 3: Configure
More informationLab: RIP v2 with VLSM
Lab: RIP v2 with VLSM Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway BRANCH HQ ISP PC1 PC2 PC3 PC4 PC5 Lo1 S0/0/0 Lo1 S0/0/0 S0/0/1 S/0/0/1 Learning Objectives
More informationChapter 8 roadmap. Network Security
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing
More informationLab Configuring and Verifying Standard IPv4 ACLs Topology
Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 10 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More information