Lab Configuring the PIX Security Appliance as a DHCP Server

Similar documents
Lab 3.4.6a Configure the PIX Security Appliance using Setup Mode and ASDM Startup Wizard

Lab Student Lab Orientation

Lab - Connect to a Router for the First Time

8.9.2 Lab: Configure an Ethernet NIC to use DHCP in Windows Vista

PIX/ASA as a DHCP Server and Client Configuration Example

Lab - Configure a NIC to Use DHCP in Windows

Configuring DHCP, DDNS, and WCCP Services

DHCP and DDNS Services

Lab Student Lab Orientation

Lab - Configure Wireless Router in Windows

DHCP and DDNS Services

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

Lab DHCP Client Setup

Packet Tracer Create a Simple Network Using Packet Tracer

Lab - Troubleshooting DHCPv4 Topology

DHCP in. Introduction. Step 1 router. In this lab, you. computer. Page 1 of 7

DHCP and DDNS Services for Threat Defense

DHCP and DDNS Services

Lab Configure Cisco IOS Firewall CBAC

Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge

Lab Configure ACLs in the PIX Security Appliance using CLI

Getting Started. Getting Started with Your Platform Model. Factory Default Configurations CHAPTER

Lab 7.5.1: Basic Wireless Configuration

Packet Tracer - Using Traceroute to Discover the Network (Instructor Version)

Retake - Skills Assessment Student Training (Answer Key)

Lab Configure Basic AP security through GUI

Lab Configuring DHCP

Skills Assessment Student Training

Symantec NetBackup Appliances Hands-On Lab

Abstract. Avaya Solution & Interoperability Test Lab

Access Switch VLAN Y Y.1 /24

Deploying Cisco ASA Firewall Solutions (FIREWALL) v2.0. Global Knowledge European Remote Labs Instructor Guide

Lab Configure Object Groups

Skills Assessment Student Training Exam

Skills Assessment Student Practice

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

Lab Command Line Fundamentals Instructor Version 2500

~ 1 ~ Ankara University Department of Computer Engineering COM LAB 1 Part 1

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Lab Configure Service Object Groups using ASDM

Deploying Cisco ASA Firewall Features (FIREWALL) v1.0. Global Knowledge European Remote Labs Instructor Guide

Configuring the SMA 500v Virtual Appliance

The following topics explain how to get started configuring Firepower Threat Defense. Table 1: Firepower Device Manager Supported Models

Configuring the Management Access List

Lab: Configure Wireless Security

Introduction to Networks: Case Study, Option 2

Configuring the Cisco IOS DHCP Server

Configuring the Cisco IOS XE DHCP Server

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Lab - Configuring & Troubleshooting Basic DHCPv4 on a Router

Lab Using the CLI to Gather Network Device Information Topology

Experiment 3: Protocol Visualization with Packet Tracer

Laboration 1 Examine the Topology and Basic Troubleshooting Commands

Lab Well-Known Port Numbers and Multiple Sessions

Computer Networks Lab

IPR10. Quick Start Guide and Application Notes

Contents. Introduction

Configuring and Deploying DHCP (Dynamic Host Configuration Protocol) on a Cisco Router

Lab - Remote Desktop in Windows 8

Lab 7 Configuring Basic Router Settings with IOS CLI

Lab Configuring LEAP/EAP using Cisco Secure ACS (OPTIONAL)

Laboration 2 Troubleshooting Switching and First-Hop Redundancy

Application Notes for Infoblox DNSone in an Avaya IP Office IP Telephony Infrastructure Issue 1.0

Dynamically Configuring DHCP Server Options

Lab - Remote Desktop in Windows 7 and Vista

Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client

INF204x Module 1, Lab 3 - Configure Windows 10 VPN

Configure the idrac Remote Access Console

CCNA Discovery Server Live CD v2.0

Activity Configuring Routers, Web, DHCP, DNS and FTP Servers

CHAPTER 7 ADVANCED ADMINISTRATION PC

Installing or Upgrading ANM Virtual Appliance

Initial Configuration for the Switch

Department Of Computer Science

Deployment Guide: Routing Mode with No DMZ

On completion of this chapter, you will be able to perform the following tasks: Describe the PIX Device Manager (PDM) and its capabilities.

Vodafone MachineLink. VRRP Configuration Guide

Configure the Cisco DNA Center Appliance

ZyWALL 10W. Internet Security Gateway. Quick Start Guide Version 3.62 December 2003

Lab : Challenge OSPF Configuration Lab. Topology Diagram. Addressing Table. Default Gateway. Device Interface IP Address Subnet Mask

Lab PC Network TCP/IP Configuration

D-Link (Europe) Ltd. 4 th Floor Merit House Edgware Road London HA7 1DP U.K. Tel: Fax:

Activity Configuring and Securing a Wireless LAN in Packet Tracer

PT Activity: Configure AAA Authentication on Cisco Routers

**Note that this must be run from a PC on the same network segment as the NetBotz device, and the NetBotz device MUST be connected to the network.

Before you start the lab exercises see the lab administrator or EEE3080F tutor to get assigned to your routers.

Lab: RIP v2 with VLSM

Lab 6.7.1: Ping and Traceroute

Contrail Sandbox Tutorial Script

To access the Startup Wizard, choose one of the following options: Wizards > Startup Wizard.

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

Lab - Configuring Basic DHCPv4 on a Router (Solution)

This chapter covers the following exam topics for the Secure PIX Firewall Advanced Exam (CSPFA 9E0-511): 5. User interface 6. Configuring the PIX

Using AutoInstall to Remotely Configure Cisco Networking Devices

Lab - Configure the Firewall in Windows 8

CIS 76 VLab Pod Setup

PIX/ASA: PPPoE Client Configuration Example

Configuring the Cisco IOS DHCP Server

Lab Router Configuration Using Setup Instructor Version 2500

Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations (Instructor Version)

Transcription:

Lab 8.5.3 Configuring the PIX Security Appliance as a DHCP Server Objective Scenario Topology Estimated Time: 15 minutes Number of Team Members: Two teams with four students per team. In this lab, students will learn the following objectives: Configure a DHCP address pool and domain name Verify DHCP Server settings on a PIX Security Appliance Verify DHCP operation on a PC Configure DHCP Server using PDM A small company has deployed several remote offices and do not have any onsite IT support. To minimize the support cost when adding new devices, the IT administrator will configure the DHCP feature on the PIX Security Appliance. A PIX Security Appliance can provide DHCP services for hosts located on the trusted network, allowing it to automatically assign IP addresses to machines that are configured for dynamic addressing. This figure illustrates the lab network environment. 1-7 Fundamentals of Network Security v 1.2 - Lab 8.5.3 Copyright 2004, Cisco Systems, Inc.

Preparation Verify the starting configuration is on the pod firewall and test the connectivity. Access the PIX console port using the terminal emulator on the student PC. If desired, save the configuration to a text file for later analysis. Refer back to the Student Lab Orientation if more help is needed. Tools and Resources In order to complete the lab, the following is required: Standard PIX Security Appliance lab topology Console cable HyperTerminal Additional materials Further information about the objectives covered in this lab can be found at, http://www.cisco.com/en/us/products/sw/secursw/ps2120/products_command_reference_book0918 6a0080104234.html http://www.cisco.com/en/us/products/sw/netmgtsw/ps2032/products_user_guide_list.html Command list In this lab exercise, the following commands will be used. Refer to this list if assistance or help is needed during the lab exercise. Command dhcpd address ip1[-ip2] [if_name] dhcpd domain domain_name dhcpd lease lease_length show dhcpd [binding statistics] Description This command defines the IP pool address range. The size of the pool is limited to 32 addresses with a 10-user license and 128 addresses with a 50-user license on the PIX 501. All other PIX Security Appliance platforms support 256 addresses. This command defines the DNS domain name. For example, example.com. This command defines the length of the lease, in seconds, granted to DHCP client from the DHCP server. The lease indicates how long the client can use the assigned IP address. The default is 3600 seconds. The minimum lease length is 300 seconds, and the maximum lease length is 2,147,483,647 seconds. Displays the binding and statistics information associated with the dhcpd commands. 2-7 Fundamentals of Network Security v 1.2 - Lab 8.5.3 Copyright 2004, Cisco Systems, Inc.

Step 1 Verify the PIX Security Appliance Inside IP Address Complete the following steps to verify the PIX Security Appliance inside IP address: a. Display the currently configured IP addresses: PixP(config)# show ip address b. Ensure that the IP address on the inside interface is 10.0.P.1. c. Ensure that the IP address on the outside interface is 192.168.P.2 Establish a connection to the RBB web server at 172.26.26.150 by completing the following substeps: d. Open a web browser on the student PC. e. Use the web browser to access RBB by entering http://172.26.26.150. f. When prompted for a username and password, use cisco and cisco. Step 2 Configure the PIX Security Appliance DHCP Server Feature Complete the following steps to configure the PIX Security Appliance DHCP server feature: a. In order to configure the PIX as a DHCP server, the inside interface is required to be configured with an IP address. This IP address is required to be on the same subnet as the pool of dynamically assigned DHCP addresses. To configure the DHCP address pool use the dhcpd address command in the Global Configuration mode. The PIX Security Appliance will assign the client one of the addresses from this pool to use for a given length of time. The default is the inside interface. Specify a range of addresses for the DHCP server to distribute: PixP (config)# dhcpd address 10.0.P.32-10.0.P.253 inside b. Specify the IP address of the Domain Name System (DNS) server the client will use: PixP (config)# dhcpd dns 10.0.P.10 1. What is the maximum number of DNS servers that can be entered? c. Specify the IP address of the WINS server the client will use: PixP (config)# dhcpd wins 10.0.P.10 d. Specify the lease length to be granted to the client. This lease equals the amount of time in seconds the client can use its allocated IP address before the lease expires. The default value is 3600 seconds. Specify the lease length to grant the client as 3000: PixP (config)# dhcpd lease 3000 f. Configure the domain name the client will use: PixP (config)# dhcpd domain cisco.com g. Enable the DHCP daemon within the PIX Security Appliance to listen for DHCP client requests on the enabled interface: 3-7 Fundamentals of Network Security v 1.2 - Lab 8.5.3 Copyright 2004, Cisco Systems, Inc.

PixP (config)# dhcpd enable inside h. Display the DHCP configuration and binding: PixP (config)# show dhcpd dhcpd address 10.0.P.32-10.0.P.253 inside dhcpd dns 10.0.P.10 dhcpd wins 10.0.P.10 dhcpd lease 3000 dhcpd ping_timeout 750 dhcpd domain cisco.com dhcpd enable inside i. Save the DHCP configuration: PixP (config)# write memory Step 3 Test the PIX Security Appliance DHCP Server Feature Complete the following steps to test the PIX Security Appliance DHCP server feature: a. Reconfigure the student PC to obtain IP and DNS addresses from a DHCP server. b. Open a Windows 2000 command prompt, and release and renew the IP address: C:\> ipconfig /release C:\> ipconfig /renew c. Verify that the PIX Security Appliance assigned an IP address, subnet mask, DNS address, WINS address, and domain name to the student PC by opening a Windows 2000 command prompt and viewing the IP configuration: C:\> ipconfig /all 2. Fill in the information below: Connection-specific DNS suffix IP Address Subnet Mask Default Gateway If you are not using Windows 2000, please ask your instructor for the commands and instructions to check the DHCP configurations. d. Establish a connection to the RBB web server at 172.26.26.150 by completing the following substeps: e. From the Student PC, ping 172.26.26.150. f. Open a web browser and access the web server by entering http://172.26.26.150. Step 4 Disable the PIX Security Appliance DHCP Server Feature Complete the following steps to disable the PIX Security Appliance DHCP server feature: a. Save the current configuration to a text file if desired. b. Clear all dhcpd commands, binding, and statistics information: 4-7 Fundamentals of Network Security v 1.2 - Lab 8.5.3 Copyright 2004, Cisco Systems, Inc.

PixP (config)# clear dhcpd c. Verify that the DHCP feature has been disabled: PixP (config)# show dhcpd d. Reconfigure the IP addressing information for the Student PC. IP address: 10.0.P.11 Subnet mask: 255.255.255.0 Default gateway: 10.0.P.1 (Where P = pod number) Step 5 Configure DCHP Server using PDM Using PDM, configure the DHCP server feature. a. Open a browser and access PDM at https://10.0.p.1 b. Click on the Configuration button c. Click on System Properties tab. d. Click on DHCP Services>DHCP Server. e. Highlight the inside interface on which to configure DHCP. f. Click Edit. 5-7 Fundamentals of Network Security v 1.2 - Lab 8.5.3 Copyright 2004, Cisco Systems, Inc.

g. Select the Enable DHCP check box. h. Enter the range of IP addresses, from lowest to highest, that the DHCP server will use in the DHCP Range: 10.0.P.32 to 10.0.P.253 The range of IP addresses must be on the same subnet as the interface on which the DHCP server is configured, but must not include the IP address of the DHCP server interface itself. i. Click OK. j. (Optional) Enter the optional settings. Dns / wins: 10.0.P.10 Lease: 3000 Ping timeout: 750 domain: k. Click Apply. cisco.com l. If the Preview CLI Commands window appears, click the Send button to continue. m. Click on the Advanced button below the ping timeout field What are these settings for? Answer: Point to TFTP Server IP address if running IP Telephony phone system. Step 6 Test the PIX Security Appliance DHCP Server Feature Complete the following steps to test the PIX Security Appliance DHCP server feature: a. Reconfigure the student PC to obtain IP and DNS addresses from a DHCP server. b. Open a Windows 2000 command prompt, and release and renew the IP address: C:\> ipconfig /release C:\> ipconfig /renew d. Verify that the PIX Security Appliance assigned an IP address, subnet mask, DNS address, WINS address, and domain name to the student PC by opening a Windows 2000 command prompt and viewing the IP configuration: C:\> ipconfig /all e. From the Student PC, ping 172.26.26.150. f. Open a web browser and access RBB by entering http://172.26.26.150. 6-7 Fundamentals of Network Security v 1.2 - Lab 8.5.3 Copyright 2004, Cisco Systems, Inc.

Step 7 Disable the DHCP on the Student PC Complete the following steps to reset the student PC: a. Disable DHCP on the student PC. Manually enter the following parameters: IP Address- 10.0.P.11 / Subnet Mask - 255.255.255.0 / Default Gateway - 10.0.P.1 c. At a command prompt, verify that the configuration supplied by the PIX Security Appliance DHCP server has been removed, and that the following IP configuration exists on the Student PC: C:\> ipconfig /all Hostname - StudentPCP DNS Server -(blank) DHCP Enabled -no IP Address - 10.0.P.11 Subnet Mask - 255.255.255.0 Default Gateway - 10.0.P.1 7-7 Fundamentals of Network Security v 1.2 - Lab 8.5.3 Copyright 2004, Cisco Systems, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback