Accessing the WAN Chapter 4 - PART II Modified by Tony Chen 07/20/2008
|
|
- Florence Blake
- 6 years ago
- Views:
Transcription
1 Network Security Accessing the WAN Chapter 4 - PART II Modified by Tony Chen 07/20/2008 ITE I Chapter Cisco Systems, Inc. All rights reserved. Cisco Public 1
2 Notes: If you see any mistake on my PowerPoint slides or if you have any questions about the materials, please feel free to me at Thanks! Tony Chen College of DuPage Cisco Networking Academy 2
3 What is Cisco SDM? The Cisco Security Device Manager (SDM) is a web-based device-management tool designed for configuring LAN, WAN, and security features on Cisco IOS softwarebased routers. It provides easy-to-use smart wizards, automates router security management, assists through comprehensive online help. Cisco SDM ships preinstalled by default on all new Cisco integrated services routers. If it is not preinstalled, you will have to install it. If SDM is pre-installed, Cisco recommends using Cisco SDM to perform the initial configuration SDM files can be installed on router, PC, or both. An advantage of installing SDM on the PC is 3
4 Cisco SDM Features Cisco SDM simplifies router and security configuration through the use of intelligent wizards to enable efficient configuration of key router VPN and Cisco IOS firewall parameters. Cisco SDM smart wizards guide users step-by-step through router and security configuration workflow by systematically configuring LAN and WAN interfaces, firewall, IPS, and VPNs. intelligently detect incorrect configurations and propose fixes, such as allowing DHCP traffic through a firewall if the WAN interface is DHCPaddressed. Online help embedded within Cisco SDM contains appropriate background information. 4
5 Configuring Router to Support SDM Before you can install SDM on an operational router, you must ensure that a few configuration settings are present in the router configuration file. Step 1. Access the router's Cisco CLI interface using Telnet or the console connection Step 2. Enable the HTTP and HTTPS servers on the router Step 3 Create a user account defined with privilege level 15 (enable privileges). Step 4 Configure SSH and Telnet for local login and privilege level 15. 5
6 Starting Cisco SDM To launch the Cisco SDM use the HTTPS protocol and put the IP address of the router into the browser. The figure shows the browser with an address of and the launch page for Cisco SDM. The prefix can be used if SSL is not available. When the username and password dialog box appears (not shown), enter a username and password for the privileged (privilege level 15) account on the router. After the launch page appears a signed Cisco SDM Java applet appears which must remain open while Cisco SDM is running. Because it is a signed Cisco SDM Java applet you may be prompted to accept a certificate. 6
7 Cisco SDM Home Page Overview After you logged in, the Overview page displays the router model, total amount of memory, the versions of flash, IOS, and SDM, the hardware installed, a summary of security features, such as firewall status and the number of active VPN connections. Specifically, it provides basic information about: Menu bar - The top of the screen has a typical menu bar with File, Edit, View, Tools, and Help. Tool bar - Below the menu bar, it has the SDM wizards and modes you can select. Router information - The current mode is displayed on the left side under the tool bar. 7
8 About Your Router Area The area of the SDM page that shows: Host Name - It shows the configured hostname for the router, which is RouterX Hardware - It shows the router model number, the available and total amounts of RAM available, and the amount of Flash memory available. Software - It describes the Cisco IOS software and Cisco SDM versions running on the router. The Feature Availability bar, found across the bottom of the About Your Router tab, shows the features available in the Cisco IOS image that the router is using. If the indicator beside each feature is green, the feature is available. If it is red it is not available. Check marks show that the feature is configured. In the figure, it shows that IP, firewall, VPN, 8
9 Configuration Overview Area Interfaces and Connections the number of connections that are up and down, the total number of LAN and WAN interfaces that are present in the router, and the number of LAN and WAN interfaces currently configured on the router. It also displays DHCP information. Firewall Policies if a firewall is in place, it displays the number of trusted (inside) interfaces, untrusted (outside) interfaces, and DMZ interfaces. It also displays the name of the interface to which a firewall has been applied, and if the NAT rule has been applied to this interface. 9
10 Configuration Overview Area VPN It displays the number of active VPN connections, the number of configured site-to-site VPN connections, the number of active VPN clients. Routing This area displays the number of static routes and which routing protocols are configured. Intrusion Prevention View Running Config 10
11 Cisco SDM Wizard Cisco SDM provides a number of wizards to help you configure a Cisco ISR router. The figure shows various Cisco SDM GUI screens for the Basic NAT wizard. NAT is discussed later in the IP Addressing Services sections course. Check for the latest information about the Cisco SDM wizards and the interfaces they support. 11
12 Locking Down a Router with Cisco SDM The one-step lockdown wizard is accessed from the Configure GUI interface by clicking the Security Audit task. The Cisco SDM one-step lockdown wizard implements almost all of the security configurations that Cisco AutoSecure offers. Do not assume that the network is secure simply because you executed a one-step lockdown. Not all the features of Cisco AutoSecure are implemented in Cisco SDM. AutoSecure features that are implemented differently in Cisco SDM include the following: SDM Disables SNMP, and does not configure SNMP version 3. Enables and configures SSH on crypto Cisco IOS images Does not enable Service Control Point or disable other access and file transfer services, such as FTP. Check the accuracy of these statements 12
13 Locking Down a Router with Cisco SDM 13
14 Maintaining Cisco IOS Software Images There are certain guidelines that you must follow when changing the Cisco IOS software on a router. Updates: An update replaces one release with another without upgrading the feature set. The software might be updated to fix a bug Updates are free. Upgrades: An upgrade replaces a release with one that has an upgraded feature set. Software is upgraded to add new features or technologies Upgrades are not free. It is not always a good idea to upgrade to the latest version of IOS software. Many times that release is not stable. Cisco recommends a four-phase migration process to simplify network operations and management. Plan - Set goals, identify resources, profile network hardware and software, and create a schedule for migrating to new releases. Design - Choose new Cisco IOS releases. Implement - Schedule and execute the migration. Operate - Monitor the migration progress and make backup copies of images that are running on your network. 14
15 Maintaining Cisco IOS Software Images There are a number of tools available on Cisco.com to aid in migrating Cisco IOS software. The following tools do not require a Cisco.com login: Cisco IOS Reference Guide - Covers the basics of the Cisco IOS software family Cisco IOS software technical documents - Documentation for each release of Cisco IOS software Cisco Feature Navigator - Finds releases that support a set of software features and hardware, and compares releases The following tools require valid Cisco.com login accounts: Download Software - Cisco IOS software downloads Bug Toolkit - Searches for known software fixes based on software version, feature set, and keywords Software Advisor - Compares releases, matches Cisco IOS software and Cisco Catalyst OS features to releases, and finds out which software release supports a given hardware device Cisco IOS Upgrade Planner - Finds releases by hardware, release, and feature set, and downloads images of Cisco IOS software For a complete listing of tools available, go to 15
16 Cisco IOS File Systems and Devices Cisco IOS devices provide a feature called the Cisco IOS Integrated File System (IFS). Flash The directories available depend on the platform. The show file systems command lists all file systems. It provides information such as the amount of available and free memory, type of file system and its permissions. Permissions include read only (ro), write only (wo), and read and write (rw). The flash file system has an asterisks preceding it indicates that this is the current default file system. the pound symbol (#) appended to the flash listing indicates that this is a bootable disk. It contains the file of the current IOS running in RAM. NVRAM To change the file system using the cd command. The pwd command verifies that are in NVRAM 16
17 URL Prefixes for Cisco Devices Administrators do not have visual cues when working at a router CLI. File locations are specified in Cisco IFS using the URL convention. The URLs used by Cisco IOS platforms look similar to the format you know from the web. For instance, the TFTP example in the figure is: tftp:// /configs/backupconfigs. The expression "tftp:" is called the prefix. Everything after the double-slash (//) defines the location is the location of the TFTP server. "configs" is the master directory. "backup-configs" is the filename. 17
18 Commands for Managing Configuration Files The copy command is used to move files from one device to another, such as RAM, NVRAM, or a TFTP server. The examples list two methods to accomplish the same tasks. Copy the running configuration from RAM to the startup configuration in NVRAM: R2# copy running-config startup-config R2# copy system:running-config nvram:startup-config Copy running configuration from RAM to a remote location: R2# copy running-config tftp: R2# copy system:running-config tftp: Copy configuration from a remote to the running configuration: R2# copy tftp: running-config R2# copy tftp: system:running-config Copy configuration from a remote to the startup configuration: R2# copy tftp: startup-config R2# copy tftp: nvram:startup-config 18
19 Cisco IOS File Naming Conventions The IOS image file is based on a special naming convention. The name for the Cisco IOS image file contains multiple parts, each with a specific meaning. The first part, c1841, identifies the platform on which the image runs. In this example, is a Cisco The second part, ipbase, specifies the feature set. In this case, "ipbase" refers to the basic IP internetworking image. Other feature set possibilities: i - Designates the IP feature set j - Designates the enterprise feature set (all protocols) s - Designates a PLUS feature set 56i - Designates 56-bit IPsec DES encryption 3 - Designates the firewall/ids k2 - Designates the 3DES IPsec encryption (168 bit) The third part, mz, indicates where the image runs and if the file is compressed. For example, "mz" indicates that the file runs from RAM and is compressed. The fourth part, T7, is the version number. 19
20 Using TFTP Servers to Manage IOS Images For any network, it is always prudent to retain a backup copy of the IOS image in case the image in the router becomes corrupted or accidentally erased. Using a network TFTP server allows image and configuration uploads and downloads over the network. TFTP server can be another router, or a workstation. Before changing a Cisco IOS image on the router, you need to complete these tasks: Determine the memory required for the update. Set up and test the file transfer capability. Schedule the required downtime. When you are ready to do the update, follow steps: Shut down all interfaces not needed to perform the update. Back up the current operating system and the current configuration file to a TFTP server. Load the update for either the operating system or the configuration file. Test to confirm that the update works properly. If the tests are successful, you can then re-enable the interfaces you 20
21 Using TFTP Servers to Manage IOS Images A new Cisco IOS software resilient configuration feature enables a router to secure and maintain a working copy of the running operating system image and configuration so that those files can withstand malicious attempts to erase the contents of persistent storage (NVRAM and flash). This feature is available only on platforms that support a Personal Computer Memory Card International Association (PCMCIA) Advanced Technology Attachment (ATA) disk. /12_3t8/feature/guide/gtrescfg.html 21
22 Backing up IOS Software Images To copy a IOS image software from flash to the network TFTP server, follow these steps. Step 1. Ping the TFTP server to make sure you have access to it. Step 2. Verify that the TFTP server has sufficient disk space for the Cisco IOS image. Use the show flash: command to determine : Total amount of flash memory on the router Amount of flash memory available Name of all the files stored in the flash memory Step 3. Copy current file from the router to TFTP server, using the copy flash: tftp: command. The command requires that you to enter the IP address of the remote host and the name of the source and destination system image files. During the copy process, exclamation points (!) indicate the progress. Each exclamation point signifies 22
23 Upgrade IOS Software Images Upgrading a system to a newer version requires a different system image file to be loaded. Use the copy tftp: flash: command to download the new image from the network TFTP server. The command prompts you for the IP address of the remote host and the name of the source and destination system image file. After these entries are confirmed, the Erase flash: prompt appears. Erase flash memory if there is not sufficient flash memory for more than one Cisco IOS image. If no free flash memory is available, the erase routine is required before new files can be copied. Each exclamation point (!) means that one UDP segment has successfully transferred. Note: Make sure that the Cisco IOS image loaded is appropriate for the router platform. If the wrong Cisco IOS image is loaded, the router could be made unbootable, requiring 23
24 Using tftpdnld to Restore an IOS Image When an IOS on a router is accidentally deleted from flash, the router is still operational because the IOS is running in RAM. However, it is crucial that the router is not rebooted since it would not be able to find a valid IOS in flash. When the router is rebooted and can no longer load an IOS. It is now loading the ROMmon prompt by default. In the figure, the IOS on router R1 has accidentally been deleted from flash. Unfortunately, the router has been rebooted and can no longer load an IOS. Follow the 3 steps below to restore the IOS. Step 1. Connect the devices. Connect the PC to the console port on the affected router. Connect the TFTP server to the first Ethernet port on the router. Configure it with a static IP address /24. 24
25 Using tftpdnld to Restore an IOS Image Step 2. Set the ROMmon variables. Because the router does not have a valid Cisco IOS image, the router boots into ROMmon mode. You must enter all of the variables listed in the figure. Be aware of the following: Variable names are case sensitive. Do not include any spaces before or after the = symbol. Navigational keys are not operational. Although the IP addresses, subnet mask, and image name in the figure are only examples. The actual variables will vary depending on your configuration. Step 3. Enter the tftpdnld command at the prompt. The command displays the required variables and warns that all existing data in flash will be erased. Type y to proceed, and press Enter. When connected, the download begins as indicated by the exclamation mark (!) marks. You can use the reset command to reload the router with the new Cisco IOS image. 25
26 Using xmodem to Restore an IOS Image Using the tftpdnld command is a very quick way of copying the image file. Another method for restoring a Cisco IOS image to a router is by using Xmodem. However, the file transfer is accomplished using the console cable and is therefore very slow when compared to the tftpdnld command. Follow the 4 steps below to restore the IOS. Step 1. Connect the PC of the system administrator to the console port on the affected router. 26
27 Using xmodem to Restore an IOS Image Step 2. Boot the router and issue the xmodem command at the ROMmon command prompt. The command syntax is xmodem [-cyr] [filename]. The cyr option varies depending on the configuration. For instance, -c specifies CRC-16, y specifies the Ymodem protocol, and r copies the image to RAM. Step 3. The figure shows the process for sending a file using HyperTerminal. In this case, Select Transfer > Send File. Step 4. Browse to the location of the IOS image you want to transfer and choose the Xmodem protocol. Click Send. A dialog box appears displaying the status of the download. It takes several seconds before the host and the router begin transferring the information. The download time could be dramatically improved if you change the connection speed of HyperTerminal and the router from 9600 b/s to b/s. 27
28 Troubleshooting Cisco IOS Configurations Two commands that are used in network administration Show command. A show command lists the configured parameters and their values. Use the show command to verify configurations. Debug command The debug command allows you to trace the execution of a process. Use the debug command to identify traffic flows through interfaces and router processes. 28
29 Using the show Command The show command displays static information. Use show commands when gathering facts for isolating problems in an internetwork, including problems with interfaces, nodes, media, servers, clients, or applications. You may also use it frequently to confirm that configuration changes have been implemented. When you are at the command prompt, type show? for a list of available show commands for the level and mode you are operating. 29
30 Using the debug Command The debug command displays dynamic events. Use debug to check the flow of protocol traffic for problems, protocol bugs, or misconfigurations. By default, the router sends the output from debug commands to the console. You can redirect debug output to a syslog server. Debugging output is assigned high priority in the CPU process queue and can therefore interfere with normal production processes on a network. use debug commands during quiet hours and only to troubleshoot specific problems. All debug commands are entered in privileged EXEC mode. To list a brief description of all the debugging command options, enter the debug? command. The best way to ensure there are no lingering 30
31 Considerations when using the debug Command It is one thing to use debug commands to troubleshoot a lab network that lacks end-user application traffic. It is another thing to use debug commands on a production network that users depend on for data flow. Without proper precautions, the impact of a broadly focused debug command could make matters worse. With proper, selective, and temporary use of debug commands, you can obtain potentially useful information without needing a protocol analyzer or other third-party tool. 31
32 Commands Related to the debug Command To optimize your efficient use of the debug command, these commands can help you: The service timestamps command is used to add a time stamp to a debug message. This feature provide information about when debug elements occurred. The show processes command displays the CPU use for each process. This data can influence decisions about using a debug command if it indicates that the system is too heavily used for adding a debug command. The no debug all command disables all debug commands. This command can free up system resources after you finish debugging. The terminal monitor command displays debug output and system error messages for the current terminal and session. When you Telnet to a device and issue a debug command, you will not see output unless this commands is entered. 32
33 Recovering a Lost Router Password Recovering a Lost Router Password You need physical access to the router. You connect your PC to the router through a console cable. The enable password and the enable secret password protect access to privileged EXEC and configuration modes. The enable password can be recovered, The enable secret password is encrypted and must be replaced with a new password. The configuration register is similar to your PC BIOS settings, which control the bootup process. In a router, a configuration register, represented by a single hexadecimal value, tells the router what specific steps to take when powered on. Configuration registers have many uses, and password recovery is probably the most used. 33
34 Recovering a Lost Router Password Prepare the Device Step 1. Connect to the console port. Step 2. If still have access to user EXEC mode. Type show version at the prompt, and record the configuration register setting. R>#show version <show command output omitted> Configuration register is 0x2102 R1> Configuration register is usually set to 0x2102. If you can no longer access the router, you can assume it is set to 0x2102. Step 3. Use the power switch to turn off the router, and then turn the router back on. Step 4. Press Break on the terminal keyboard within 60 seconds of power up to put the router into ROMmon. 34
35 Recovering a Lost Router Password Bypass Startup Step 5. Type confreg 0x2142 at the rommon 1> prompt. This causes the router to bypass the startup configuration where the forgotten enable password is stored. Step 6. Type reset at the rommon 2> prompt. The router reboots, but ignores the saved configuration. Step 7. Type no after each setup question, or press Ctrl-C to skip the initial setup procedure. Step 8. Type enable at the Router> prompt. This puts you into enable mode, and you should be able to see the Router# prompt. 35
36 Recovering a Lost Router Password Access NVRAM Step 9. Type copy startup-config runningconfig to copy the NVRAM into memory. Be careful! Do not type copy runningconfig startup-config or you will erase your startup configuration. Step 10. Type show running-config to view passwords. In this configuration, the shutdown command appears under all interfaces because all the interfaces are currently shut down. Most importantly though, you can now see the passwords (enable password, enable secret, vty, console passwords) either in encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password. 36
37 Recovering a Lost Router Password Reset Passwords Step 11. Type configure terminal. Step 12. Type enable secret password to change the enable secret password. R1(config)# enable secret cisco Step 13. Issue the no shutdown command on every interface that you want to use. You can issue a show ip interface brief command to confirm that your interface configuration is correct. Step 14. Type config-register configuration_register_setting. R1(config)#config-register 0x2102 Step 15. Press Ctrl-Z or type end. Step 16. Type copy running-config startupconfig to commit the changes. You have now completed password recovery. 37
38 Chapter Summary In this chapter, you have learned to: Identify security threats to enterprise networks Describe methods to mitigate Tony Chen security CODthreats to enterprise networks Cisco Networking Academy Configure basic router security Disable unused router services and interfaces Use the Cisco SDM one-step lockdown feature Manage files and software images with the Cisco IOS Integrated File System (IFS) 38
Chapter 4. Network Security. Part II
Chapter 4 Network Security Part II CCNA4-1 Chapter 4-2 Introducing Network Security Securing Cisco Routers CCNA4-2 Chapter 4-2 Router Security Issues The Role of Routers in Network Security: Router security
More informationObjectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Enterprise Network Security Describe the general methods used to mitigate security threats to Enterprise networks
More informationDoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel
CCNA4 Chapter 4 * DoS Attacks DoS attacks are the most publicized form of attack and also among the most difficult to eliminate. DoS attacks prevent authorized people from using a service by consuming
More informationConfigurations for the Layer 3 Switch Router
CHAPTER 3 This chapter describes the initial configuration of the Layer 3 switch router and contains the following major sections: Starting Up the Layer 3 Switch Router, page 3-1 Using the Console and
More informationLab 7 Configuring Basic Router Settings with IOS CLI
Lab 7 Configuring Basic Router Settings with IOS CLI Objectives Part 1: Set Up the Topology and Initialize Devices Cable equipment to match the network topology. Initialize and restart the router and switch.
More informationNo Service Password-Recovery
No Service Password-Recovery Last Updated: January 18, 2012 The No Service Password-Recovery feature is a security enhancement that prevents anyone with console access from accessing the router configuration
More informationCCNA 1 Chapter 2 v5.0 Exam Answers %
CCNA 1 Chapter 2 v5.0 Exam Answers 2015 100% 1. Which two features are characteristics of flash memory? (Choose two.) Flash provides nonvolatile storage. Flash receives a copy of the IOS from RAM when
More informationLab Configuring an ISR with SDM Express
Lab 5.2.3 Configuring an ISR with SDM Express Objectives Configure basic router global settings router name, users, and login passwords using Cisco SDM Express. Configure LAN and Internet connections on
More informationLab Student Lab Orientation
Lab 1.1.1 Student Lab Orientation Objective In this lab, the students will complete the following tasks: Review the lab bundle equipment Understand the security pod topology Understand the pod naming and
More informationRouter Startup and Configuration
Router Startup and Configuration Router Startup In general, the boot process follows these steps: Test hardware (POST) Load the bootstrap program Locate and load the Cisco IOS Locate and load the router
More informationChapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM
Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces. 2015 Cisco and/or its affiliates. All rights
More informationURIs in Cisco's IOS look like "flash:/directory/filename" when they're referred to by commands. For example
Rev. 20180820.134621 35. IOS Files & Boot c cnac o okbook.com F I L E S Y S T E M S URIs in Cisco's IOS look like "flash:/directory/filename" when they're referred to by commands. For example R5# more
More informationChapter 10 - Configure ASA Basic Settings and Firewall using ASDM
Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces.
More informationCCNA 1 Chapter 2 v5.0 Exam Answers 2013
CCNA 1 Chapter 2 v5.0 Exam Answers 2013 1. Refer to the exhibit. A switch was configured as shown. A ping to the default gateway was issued, but the ping was not successful. Other switches in the same
More informationPassword Recovery Procedure for the Cisco 3600 and 3800 Series Routers
Password Recovery Procedure for the Cisco 3600 and 3800 Series Routers Document ID: 22189 Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Step by Step Procedure
More informationInitial Configuration on ML-Series Card
CHAPTER 3 This chapter describes the initial configuration of the ML-Series card and contains the following major sections: Hardware Installation, page 3-1 Cisco IOS on the ML-Series Card, page 3-2 Startup
More informationChapter 11. Configuring and Testing Your Network
Chapter 11 Configuring and Testing Your Network CCNA1-1 Chapter 11 Note for Instructors These presentations are the result of a collaboration among the instructors at St. Clair College in Windsor, Ontario.
More informationChapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM
Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces.
More informationIOS and Configuration Basics
APPENDIX C This appendix contains basic information about the Cisco Internet Operating System (IOS) software and includes the following sections: Cisco IOS Modes of Operation Getting Context-Sensitive
More informationChapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM
Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces. 2016 Cisco and/or its affiliates. All
More informationPassword Recovery Procedure for the Cisco 1700 and 1800 Series Routers
Password Recovery Procedure for the Cisco 1700 and 1800 Series Routers Document ID: 22187 Introduction Prerequisites Requirements Components Used Related Products Conventions Step by Step Procedure Example
More informationCHAPTER 2 ACTIVITY
CHAPTER 2 ACTIVITY 2.1.1.1 1. CLI stands for 2. GUI stands for 3. Write the step you used to go to CLI interface on Windows 4. The OS, normally loads from a disk drive, into RAM. 5. The portion of the
More informationord Recovery Procedure for the Cisco Catalyst 8510 Multiserv
ord Recovery Procedure for the Cisco Catalyst 8510 Multiserv Table of Contents Password Recovery Procedure for the Cisco Catalyst 8510 Multiservice Switch Router...1 Introduction...1 Before You Begin...1
More informationLab Using the CLI to Gather Network Device Information Topology
Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A Lo0 209.165.200.225 255.255.255.224 N/A S1 VLAN 1 192.168.1.11 255.255.255.0
More informationBefore you start the lab exercises see the lab administrator or EEE3080F tutor to get assigned to your routers.
EEE00F Lab Basics of the Network Lab Student Lab Manual Before you start the lab exercises see the lab administrator or EEE00F tutor to get assigned to your routers. Contents. Resources used in the labs...
More informationLab Student Lab Orientation
Lab 1.1.1 Student Lab Orientation Objective In this lab, the students will complete the following tasks: Review the lab bundle equipment Understand the security pod topology Understand the pod naming and
More informationVersion 4.1. Configuring Network Devices
Version 4.1 Configuring Network Devices Objectives Configure a router with an initial configuration. Use Cisco SDM to configure a Cisco ISR with LAN connectivity, Internet connectivity and NAT. Configure
More informationGSS Administration and Troubleshooting
CHAPTER 9 GSS Administration and Troubleshooting This chapter covers the procedures necessary to properly manage and maintain your GSSM and GSS devices, including login security, software upgrades, GSSM
More informationWorking with the Cisco IOS File System, Configuration Files, and Software Images
APPENDIXB Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the Catalyst 2960 switch flash file system, how to copy configuration
More informationConfiguring Security with Passwords, Privileges, and Logins
Configuring Security with Passwords, Privileges, and Logins Cisco IOS based networking devices provide several features that can be used to implement basic security for CLI sessions using only the operating
More informationRPR+ on Cisco 7500 Series Routers
RPR+ on Cisco 7500 Series Routers Feature History 12.0(19)ST1 12.0(22)S 12.2(14)S This feature was introduced. This feature was integrated into Cisco IOS Release 12.0(22)S. This feature was integrated
More informationControlling Switch Access with Passwords and Privilege Levels
Controlling Switch Access with Passwords and Privilege Levels Finding Feature Information, page 1 Restrictions for Controlling Switch Access with Passwords and Privileges, page 1 Information About Passwords
More informationUsing Cisco IOS XE Software
This chapter describes the basics of using the Cisco IOS XE software and includes the following section: Accessing the CLI Using a Router Console, on page 1 Accessing the CLI Using a Router Console Before
More informationChapter 6: Network Layer
Chapter 6: Network Layer CCNA Routing and Switching Introduction to Networks v6.0 Chapter 6 - Sections & Objectives 6.1 Network Layer Protocols Explain how network layer protocols and services support
More informationUsing Setup Mode to Configure a Cisco Networking Device
Using Setup Mode to Configure a Cisco Networking Device Setup mode provides an interactive menu to help you to create an initial configuration file for a new networking device, or a device that you have
More informationMiPDF.COM. 3. Which procedure is used to access a Cisco 2960 switch when performing an initial configuration in a secure environment?
CCNA1 v6.0 Chapter 2 Exam Answers 2017 (100%) MiPDF.COM 1. What is the function of the kernel of an operating software? It provides a user interface that allows users to request a specific task. The kernel
More informationControlling Switch Access with Passwords and Privilege Levels
Controlling Switch Access with Passwords and Privilege Levels Finding Feature Information, page 1 Restrictions for Controlling Switch Access with Passwords and Privileges, page 1 Information About Passwords
More informationUpgrading the Software
APPENDIX B Upgrading the Software You can upgrade your software in the following ways: From the Cisco IOS command-line interface (CLI) From the ROM monitor Cisco recommends upgrading your software from
More informationLab 3: Basic Device Configuration
Lab 3: Basic Device Configuration University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 2 Lab 3: Basic Device Configuration **Given
More informationInitial Configuration
3 CHAPTER This chapter describes the initial configuration of the ML-Series card and contains the following major sections: Hardware Installation, page 3-1 Cisco IOS on the ML-Series Card, page 3-2 Startup
More informationUsing Setup Mode to Configure a Cisco Networking Device
Using Setup Mode to Configure a Cisco Networking Device First Published: August 9, 2005 Last Updated: December 3, 2010 Setup mode provides an interactive menu to help you to create an initial configuration
More informationChapter 5 Review Questions
Chapter 5 Review Questions The following questions are designed to test your understanding of this chapter s material. For more information on how to get additional questions, please see www.lammle.com/ccn
More informationAssigning the Switch IP Address and Default Gateway
CHAPTER 4 Assigning the Switch IP Address and Default Gateway This chapter describes how to create the initial switch configuration (for example, assigning the switch IP address and default gateway information)
More informationMaintaining the MGX RPM-PR
APPENDIX A This appendix describes maintenance procedures you might need to perform as your internetworking needs change. It contains the following sections: Reading Front Panel LEDs Recovering a Lost
More informationPassword Recovery Procedure for the Cisco 1900 Series Integrated Services Routers
Password Recovery Procedure for the Cisco 1900 Series Integrated Services Routers Document ID: 112058 Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Step
More informationConfiguring Passwords and Privileges
Configuring Passwords and Privileges Using passwords and assigning privilege levels is a simple way of providing terminal access control in your network. This chapter describes the following topics and
More informationWorking with the Cisco IOS File System, Configuration Files, and Software Images
CHAPTER B Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the Catalyst 3750 Metro switch flash file system, how to copy configuration
More informationSystem Management Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9400 Switches)
System Management Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9400 Switches) First Published: 2017-07-31 Last Modified: 2017-11-03 Americas Headquarters Cisco Systems, Inc. 170 West Tasman
More informationWorking with the Cisco IOS File System, Configuration Files, and Software Images
APPENDIX B Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the switch flash file system, how to copy configuration files, and
More informationPassword Recovery Procedure for the Cisco 801, 802, 803, 804, 805, 811, and 813 Series Routers
Password Recovery Procedure for the Cisco 801, 802, 803, 804, 805, 811, and 813 Series Routers Document ID: 12732 Contents Introduction Prerequisites Requirements Components Used Related Products Conventions
More informationTroubleshooting the Security Appliance
CHAPTER 43 This chapter describes how to troubleshoot the security appliance, and includes the following sections: Testing Your Configuration, page 43-1 Reloading the Security Appliance, page 43-6 Performing
More informationCisco IOS File System Commands
This chapter describes the basic set of commands used to manipulate files on your routing device using the Cisco IOS File System (IFS) in Cisco IOS Release 12.2. Commands in this chapter use URLs as part
More informationTroubleshooting. Testing Your Configuration CHAPTER
82 CHAPTER This chapter describes how to troubleshoot the ASA and includes the following sections: Testing Your Configuration, page 82-1 Reloading the ASA, page 82-8 Performing Password Recovery, page
More informationManaging Controller Software and Configurations
CHAPTER 8 Managing Controller Software and Configurations This chapter describes how to manage configurations and software versions on the controllers. This chapter contains these sections: Transferring
More informationLab 6.2.7a Managing Switch Operating System Files
Lab 6.2.7a Managing Switch Operating System Files Objective Create and verify a basic switch configuration. Backup the switch IOS to a TFTP server and then restore it. Background/Preparation Cable a network
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More informationLAB 3 Basic Switch Configuration Commands
LAB 3 Basic Switch Configuration Commands This lab explains basic switch configuration commands in detail with examples. Configuration and commands explained in this tutorial are essential commands to
More informationLab 3.4.6a Configure the PIX Security Appliance using Setup Mode and ASDM Startup Wizard
Lab 3.4.6a Configure the PIX Security Appliance using Setup Mode and ASDM Startup Wizard Objective Scenario Topology In this lab exercise, the students will complete the following tasks: Verify that the
More informationChapter 2. Switch Concepts and Configuration. Part I
Chapter 2 Switch Concepts and Configuration Part I CCNA3-1 Chapter 2-1 Note for Instructors These presentations are the result of a collaboration among the instructors at St. Clair College in Windsor,
More informationOverview of the Cisco NCS Command-Line Interface
CHAPTER 1 Overview of the Cisco NCS -Line Interface This chapter provides an overview of how to access the Cisco Prime Network Control System (NCS) command-line interface (CLI), the different command modes,
More informationLab Managing Router Configuration Files with Terminal Emulation Software
Lab Managing Router Configuration Files with Terminal Emulation Software Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A
More informationEnterprise Network Security. Accessing the WAN Chapter 4
Enterprise Network Security Accessing the WAN Chapter 4 ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Describe the general methods used to mitigate security threats
More informationInternetwork Expert s CCNA Security Bootcamp. Securing Cisco Routers. Router Security Challenges
Internetwork Expert s CCNA Security Bootcamp Securing Cisco Routers http:// Router Security Challenges As the system gets more complex, as do the vulnerabilities Key part of security team s job is to be
More informationUser Security Configuration Guide, Cisco IOS Release 15MT
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 2014 Cisco Systems, Inc. All rights
More informationUpgrading the Cisco IOS XE Software
Prerequisites for the Software Upgrade Process, page 1 Saving Backup Copies of Your Old System Image and Configuration, page 2 Using TFTP or Remote Copy Protocol to Copy the System Image into Boot Flash
More informationInitial Configuration for the Switch
Options for Initial Configuration, page 1 Configuring the Switch Using the Web User Interface, page 1 Configuring the Switch Using the CLI, page 4 Configuring the Switch in the ROMMON Mode, page 12 Options
More informationChapter 10 Lab B: Configuring ASA Basic Settings and Firewall Using ASDM
Chapter 10 Lab B: Configuring ASA Basic Settings and Firewall Using ASDM Topology Note: ISR G2 devices have Gigabit Ethernet interfaces instead of Fast Ethernet interfaces. All contents are Copyright 1992
More informationConfigure Initial Router Settings on Cisco 4000 Series ISRs
Configure Initial Router Settings on Cisco 4000 Series ISRs This chapter describes how to perform the initial configuration on Cisco 4000 Series Integrated Services Routers (ISRs). It contains the following
More informationCCNA 1 Final Exam Answers UPDATE 2012 eg.2
CCNA 1 Final Exam Answers UPDATE 2012 eg.2 January 12th, 2012AdminLeave a commentgo to comments 1. When must a router serial interface be configured with the clock rate command? when the interface is functioning
More informationLab Configuring and Verifying Extended ACLs Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationLab Securing Network Devices
Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A S1 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1 PC-A NIC 192.168.1.3
More informationChapter 5 Router and IOS Basics
Chapter 5 Router and IOS Basics Benefits of Routing Routers provide Packet filtering Connections between local networks Traffic control Wide area network (WAN) connections Routers operate at the Network
More informationSmart Install Concepts
CHAPTER 1 Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. This means that a customer can ship a switch to a location, place
More informationUser and System Administration
CHAPTER 2 This chapter provides information about performing user and system administration tasks and generating diagnostic information for obtaining technical assistance. The top-level Admin window displays
More informationThis document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and
This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Exploration:
More informationCS 386M Lab 1 Router Configuration and Routing
CS 386M Lab 1 Router Configuration and Routing In this lab you will learn: PartA Cisco 2600 Router Configuration Static Routing PartB 30 min Dynamic Routing PartC 40 min Explore! Components used in this
More informationRoute Processor Redundancy Plus (RPR+)
Route Processor Redundancy (RPR) provides an alternative to the High System Availability (HSA) feature. HSA enables a system to reset and use a standby Route Switch Processor (RSP) if the active RSP fails.
More informationMaintaining the System Software
CHAPTER 2 This chapter covers the tasks required for maintaining a Content Engine. Upgrading the System Software, page 2-1 Recovering the System Software, page 2-2 Maintaining the Hard Disk Storage, page
More informationConfiguring the Switch with the CLI-Based Setup Program
Configuring the Switch with the CLI-Based Setup Program Accessing the CLI Through Express Setup, page 1 Accessing the CLI Through the Console Port, page 1 Entering the Initial Configuration Information,
More informationCisco Branch Routers Series Network Analysis Module (NME-NAM-120S) Installation and Configuration Note, 4.2
Cisco Branch Routers Series Network Analysis Module (NME-NAM-120S) Installation and Configuration Note, 4.2 The Cisco Network Analysis Module (NAM) is an integrated module that enables network managers
More information2.1. Device Connection
2.1. Device Connection Cisco routers and switches do not have monitors, and you cannot connect a keyboard or a mouse directly to the device. To manage the device, you connect to the router or switch through
More informationInstalling the Operating System or Hypervisor
If you purchased E-Series Server or NCE Option 1 (E-Series Server or NCE without a preinstalled operating system or hypervisor), you must install an operating system or hypervisor. This chapter includes
More informationConfiguring the Switch with the CLI-Based Setup Program
Configuring the Switch with the CLI-Based Setup Program This appendix contains these topics: Accessing the CLI Through Express Setup, page 1 Accessing the CLI Through the Console Port, page 1 Entering
More informationConfiguring the Cisco NAM 2220 Appliance
CHAPTER 5 This section describes how to configure the Cisco NAM 2220 appliance to establish network connectivity, configure IP parameters, and how to perform other required administrative tasks using the
More informationCCNA 1 Chapter 11 V4.0 Answers
CCNA 1 Chapter 11 V4.0 Answers 1. Refer to the exhibit. What command will place the router into the correct mode to configure an appropriate interface to connect to a LAN? UBAMA# configure terminal UBAMA(config)#
More informationManaging Software. Upgrading the Controller Software. Considerations for Upgrading Controller Software
Upgrading the Controller Software, on page 1 Considerations for Upgrading Controller Software, on page 1 Upgrading Controller Software (GUI), on page 2 Upgrading Controller Software (CLI), on page 5 Predownloading
More informationSkills Assessment Student Training Exam
Skills Assessment Student Training Exam Time: 20 minutes Given an IP address and mask of (address / mask), design an IP addressing scheme that satisfies the following requirements. Network address/mask
More informationLab Establishing and Verifying a Telnet Connection Instructor Version 2500
Lab 4.2.2 Establishing and Verifying a Telnet Connection Instructor Version 2500 Objective Establish a Telnet connection to a remote router. Verify that the application layer between source and destination
More informationConfiguration Guide. Upgrading AOS Firmware L1-29.1D July 2011
61200990L1-29.1D July 2011 Configuration Guide This configuration guide explains how to update your ADTRAN Operating System (AOS) firmware using the AOS Web-based graphical user interface (GUI) with Trivial
More informationJaringan Komputer (CCNA-1)
Jaringan Komputer (CCNA-1) #2 Configuring a Network Operating System Susmini I. Lestariningati, M.T Introduction (1) Home networks typically interconnect a wide variety of end devices including PCs, laptops,
More informationAssigning the Switch IP Address and Default Gateway
CHAPTER 3 Assigning the Switch IP Address and Default Gateway This chapter describes how to create the initial switch configuration (for example, assigning the IP address and default gateway information)
More informationWorking with the Cisco IOS File System, Configuration Files, and Software Images
Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System, page 1 Working with Configuration Files, page 11 Replacing and Rolling Back Configurations,
More informationUsing Cisco Unity Express Software
Using Cisco Unity Express Software Last Updated: May 1, 2006 This chapter provides helpful tips for understanding and configuring Cisco Unity Express software using the command-line interface (CLI). It
More informationCCNA Semester 2 labs. Labs for chapters 2 10
CCNA Semester 2 labs Labs for chapters 2 10 2.2.2.5 Lab - Configuring IPv4 Static and Default Routes 2.3.2.4 Lab - Troubleshooting Static Routes 3.2.1.9 Lab - Configuring Basic RIPv2 5.2.2.9 Lab - Configuring
More informationCisco ASA 5500 LAB Guide
INGRAM MICRO Cisco ASA 5500 LAB Guide Ingram Micro 4/1/2009 The following LAB Guide will provide you with the basic steps involved in performing some fundamental configurations on a Cisco ASA 5500 series
More informationConfiguring Switch-Based Authentication
CHAPTER 7 This chapter describes how to configure switch-based authentication on the switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. This chapter consists
More informationLab Password Recovery Procedure on a Catalyst 2900 Series Switches
Lab 6.2.8 Password Recovery Procedure on a Catalyst 2900 Series Switches Objective Create and verify a basic switch configuration verify it. Change passwords to the password recovery procedure be performed.
More informationco Password Recovery Procedure for the Cisco 1700 Series R
co Password Recovery Procedure for the Cisco 1700 Series R Table of Contents Password Recovery Procedure for the Cisco 1700 Series Routers...1 Introduction...1 Before You Begin...2 Conventions...2 Prerequisites...2
More informationUsing the Cisco NX-OS Setup Utility
This chapter contains the following sections: Configuring the Switch, page 1 Configuring the Switch Image Files on the Switch The Cisco Nexus devices have the following images: BIOS and loader images combined
More informationAssigning the Switch IP Address and Default Gateway
CHAPTER 3 Assigning the Switch IP Address and Default Gateway This chapter describes how to create the initial switch configuration (for example, assigning the IP address and default gateway information)
More information