UniNets CCNA Security LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL UniNets CCNA LAB MANUAL

Similar documents
CCNA Security 1.0 Student Packet Tracer Manual

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.

TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified

Implementing Cisco Network Security (IINS) 3.0

Lab 1-2Connecting to a Cisco Router or Switch via Console. Lab 1-6Basic Graphic Network Simulator v3 Configuration

ActualTorrent. Professional company engaging Providing Valid Actual Torrent file for qualification exams.

Cisco Certified Network Associate ( )

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview

Interconnecting Cisco Networking Devices: Accelerated

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

CCNA Routing and Switching (NI )

Fundamentals of Network Security v1.1 Scope and Sequence

Skills Assessment Student Training

"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary

CCNA Security. 2.0 Secure Access. 1.0 Security Concepts

CCNA Skill Mastery. I suggest three ways to get all the lab time you could want or need.

CCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, ,

CCNA Routing & Switching

Cisco Exam Implementing Cisco Network Security Version: 12.0 [ Total Questions: 186 ]

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Interconnecting Cisco Networking Devices Part 1 (ICND)

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

Lab 8.5.2: Troubleshooting Enterprise Networks 2

TEXTBOOK MAPPING CISCO COMPANION GUIDES

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Exam Topics Cross Reference

ASACAMP - ASA Lab Camp (5316)

Access Rules. Controlling Network Access

IT Exam Training online / Bootcamp

co Configuring PIX to Router Dynamic to Static IPSec with

CERTIFICATE CCENT + CCNA ROUTING AND SWITCHING INSTRUCTOR: FRANK D WOUTERS JR. CETSR, CSM, MIT, CA

CISCO EXAM QUESTIONS & ANSWERS

Interconnecting Cisco Networking Devices Part 1 ( )

CCNA Security PT Practice SBA

Cisco Exam. Volume: 223 Questions. Question No: 1 Which three commands can be used to harden a switch? (Choose three.)

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

CCNA Discovery 3 Chapter 8 Reading Organizer

Technology Scenarios. INE s CCIE Security Bootcamp - 1 -

Case Study. Routing & Switching. Cisco Networking Academy Routing and Switching: Scaling Network Case Study

CISCO QUAD Cisco CCENT/CCNA/CCDA/CCNA Security (QUAD)

Lab - Troubleshooting ACL Configuration and Placement Topology

Pass4sures. Latest Exam Guide & Learning Materials

Exam Actual. Higher Quality. Better Service! QUESTION & ANSWER

Massimiliano Sbaraglia

ITdumpsFree. Get free valid exam dumps and pass your exam test with confidence

Lab Configuring and Verifying Extended ACLs Topology

Chapter 5. Security Components and Considerations.

Interconnecting Cisco Networking Devices Part 1 ICND1

v Number: Passing Score: 800 Time Limit: 120 min File Version: 12.39

Lab Student Lab Orientation

Implementing Cisco IP Switched Networks (SWITCH)

Table of Contents. Cisco IPSec Tunnel through a PIX Firewall (Version 7.0) with NAT Configuration Example

Cisco ASA 5500 LAB Guide

Seattle Cisco Users Group

CCNA Semester 2 labs. Labs for chapters 2 10

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

Exam Name: Implementing Cisco Edge Network Security Solutions

CISCO SWITCH BEST PRACTICES GUIDE

Configuring Private VLANs

Chapter 2 VLANs. CHAPTER 2 VLANs

CISCO EXAM QUESTIONS & ANSWERS

Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

Lab Student Lab Orientation

Cisco Networking Academy CCNP

CertifyMe. CertifyMe

Completing Interface Configuration (Transparent Mode)

3. What could you use if you wanted to reduce unnecessary broadcast, multicast, and flooded unicast packets?

Scenario Labs NETSIM FOR CCNA LAB MANUAL. Scenario Labs. Boson NetSim for CCNA Lab Manual

Implementing Cisco IP Routing

Configuring Easy VPN Services on the ASA 5505

H Q&As. HCNA-HNTD (Huawei Network Technology and Device) Pass Huawei H Exam with 100% Guarantee

Course: CCNA Bootcamp (Intensive CCNA)

CCNP Switch Questions/Answers Securing Campus Infrastructure

PIX Security Appliance Contexts, Failover, and Management

Skills Assessment (OSPF) Student Training Exam

Mobile MOUSe ROUTING AND SWITCHING FUNDAMENTALS PART II ONLINE COURSE OUTLINE

Cisco CCNP Security Exam

CCNP (Routing & Switching and T.SHOOT)

CCNP TSHOOT. Quick Reference Sheet Exam

Permitting PPTP Connections Through the PIX/ASA

Configuring Interfaces (Transparent Mode)

Building Cisco Multilayer Switched Networks (BCMSN)

EIGRP Practice Skills Assessment - Packet Tracer

Lab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)

ASA/PIX Security Appliance

Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0. Cisco

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

To access the Startup Wizard, choose one of the following options: Wizards > Startup Wizard.

Feature-by-Feature Router Configurations

Transparent or Routed Firewall Mode

CISCO EXAM QUESTIONS & ANSWERS

Skills Assessment Student Training Exam

Syllabus. Cisco Certified Design Professional. Implementing Cisco IP Routing

CCNA Security. Implementing Cisco Network Security Version: 5.0

Cisco Certified Network Professional (CCNP)

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

PT Activity: Configure AAA Authentication on Cisco Routers

cisco. Number: Passing Score: 800 Time Limit: 120 min

Cisco Cookbook. Kevin Dooley and IanJ. Brown. O'REILLY 4 Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

Transcription:

UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL

Contents: UniNets CCNA Security LAB MANUAL Section 1 Securing Layer 2 Lab 1-1 Configuring Native VLAN on a Trunk Links Lab 1-2 Disabling Dynamic Trunking Protocol (DTP) Lab 1-3 Preventing Layer 2 Loops with BPDU Guard Lab 1-4 Protecting the Root Bridge using STP Root Guard Lab 1-5 Protecting the CAM Table using Port Security Lab 1-6 Preventing DHCP Rogue Servers by using DHCP Snooping Lab 1-7 Preventing Spoofed ARP via Dynamic ARP Inspection Lab 1-8 Preventing IP Spoofs using IP Source Guard Section 2 Securing the Control Plane Lab 2-1 Configuring Local User Authentication via AAA Lab 2-2 Configuring SSH and HTTPS Management Access Lab 2-3 Configuring Console, Local and Remote System Logging (SYSLOG) Lab 2-4 Configuring Secure NTP (Network Time Protocol) Lab 2-5 Protecting the Cisco IOS File(s) Section 3 Securing the Forwarding Plane Lab 3-1 Securing RIP advertisements using MD5 Authentication Lab 3-2 Securing EIGRP Neighbors using MD5 Authentication Lab 3-3 Securing OSPF Neighbors using MD5 Authentication Lab 3-4 Configuring Cisco IOS ACL Object-Groups Lab 3-5 Configuring Time Based Access Control Lists Section 4 Cisco IOS Firewall Technologies Lab 4-1 Configuring Dynamic NAT (Many to One) on ASA Lab 4-2 Configuring Static NAT (One to One) on ASA Lab 4-3 Configuring Static PAT (IP Port to IP Port) on ASA Lab 4-4 Configuring Cisco IOS Firewall Lab 4-5 Configuring Cisco IOS Firewall Exceptions Lab 4-6 Configuring Basic Cisco IOS Zone Based Firewall Lab 4-7 Configuring Cisco IOS Zone Based Firewall Exceptions

Section 5 Cisco IOS VPN Technologies Lab 5-1 Understanding VPN Technologies Lab 5-2 Configuring ISAKMP Policies Lab 5-3 Configuring Site to Site IPSEC VPN on IOS and ASA Lab 5-4 Configuring an IPSEC GRE Tunnel on IOS and ASA Section 6 Cisco IOS IPS/IDS Lab 6-1 Configuring Basic Cisco IOS IPS/IDS Lab 6-2 Installing new IPS/IDS Signature Libraries Lab 6-3 Managing Cisco IPS/IDS Signatures Lab 6-4 Configuring Cisco IOS Signature Based IPS/IDS Lab 6-5 Configuring Cisco IOS Policy Based IPS/IDS Section 7 Cisco Adaptive Security Appliances Lab 7-1 Overview of the Cisco ASA (Adaptive Security Appliances) Lab 7-2 Configuring ASA Enable and Username Authentication Lab 7-3 Configuring Login and MOTD Banners Lab 7-4 Configuring Interface Addressing, Names and Security Levels Lab 7-5 Configuring Static Routes on the ASA Lab 7-6 Configuring Dynamic Routing on the Cisco ASA Lab 7-7 Configuring SSH and Telnet Remote Management Access Lab 7-8 Configuring ASDM Remote Management Access Lab 7-9 Configuring RADIUS & TACACS+ on the Cisco ASA Lab 7-10 Configuring Cisco ASA Objects, Object Groups and Access Lists Section 8 Cisco Access Control Server 5.x Lab 8-1 Installing Cisco ACS 5.x on VMWare Workstation Lab 8-2 Configuring User Accounts on Cisco ACS 5.x Lab 8-3 Configuring ACS Device Profiles Lab 8-4 Configuring Radius and TACACS+ Servers on Cisco IOS Lab 8-5 Configuring Named AAA Server Group List Lab 8-6 Configuring Cisco IOS AAA Authentication List Lab 8-7 Configuring Cisco ACS Server 5.x Group Based Authentication Policies Lab 8-8 Configuring Cisco IOS AAA Authorization List Lab 8-9 Configuring Cisco ACS Server 5.x Group Based Authorization Policies Lab 8-10 Configuring Cisco IOS AAA Accounting List Lab 8-11 Configuring Cisco ACS Server 5.x Accounting Policies Lab 8-12 Viewing Cisco ACS Server 5.x Accounting Logs

LAB 1 Overview of the Cisco ASA Task From the below physical topology, design the below logical topology which meets the following requirements. Configure Firewall interfaces as follows: - Configure the IP addresses as per the logical topology with Router number in the last octet for Example Router-1 IP address is 10.0.0.1/24 - Enable telnet on all routers so they can be accessible directly into privilege level 15 without any authentication - Router-1 and Router-3 both should telnet to Router-2 and Router-4, Router-2 should also telnet to Router-4 - Use only static routing if required - Do not use access-list for this task - Unnecessary broadcasts are not allowed on any link and network should converge as fast as possible. Topology

Types of software version - 8.2.x and before, lots of features and syntax changes in ASA stating with 8.3 like NAT, Global ACL etc. - 8.4.x and 8.6.x and later, these are same except that 8.6.x (ASA-X) is for specific hardware release - Code 9.x further changes like support of VPNs in multi-context outside the scope The firewall connection to the switch is an 802.1q trunk (the ASA supports 802.1q only, not ISL), you can create sub-interfaces, corresponding to the VLANs carried over the trunk. Do not forget to assign a VLAN number to the sub-interface. The native (untagged) VLAN of the trunk connection maps to the physical interface, and it cannot be assigned to a sub-interface. When configuring interfaces on the ASA in routed mode, the following can be configured: - The command name if <NAME>; it is mandatory and gives the interface a logical name. Without it, even if the interface is in the UP/UP state, it cannot be used for traffic forwarding. - The command ip address <IP> <MASK> secondary <IP> <MASK>; it is mandatory. - Enable Interface configured with the command no shutdown; it is mandatory. - Security Level configured with the command security level <0-100>; it is optional and assigns the Interface a level of trust, based on which there are some implicit firewall rules. - The commands speed [10 100 1000 auto] and duplex [half full auto]; it is optional, and by default all Interfaces are set to auto negotiating both speed and duplex. By default, based on the configured name if, ASA assigns the following implicit security-levels to interfaces: - 100 to a nameif of inside. Most trusted and highest security level. - 0 to a nameif of outside. Least trusted and lowest security level. - 0 to all other nameifs. Least trusted and lowest security level. Without any configured access-lists, ASA implicitly allows or restricts traffic flows based on the securitylevels: - Traffic from high-security level to low-security level is allowed by default (for example, from 100 to 0). - Traffic from low-security level to high-security level is denied by default; to allow traffic in this direction, an ACL must be configured and applied (at interface level or global level). - Traffic between interfaces with an identical security level is denied by default (for example, from 20 to 20, or in our case from 0 to 0); to allow traffic in this direction, the command same-security-traffic permit inter-interface must be configured. The Management0/0 interface is used by default only for management purposes; this is because of the default interface-level command management-only under the management interface.

Firewall: Interface GigabitEthernet1 nameif inside security-level 100 ip address 10.0.0.10 255.255.255.0 interface GigabitEthernet3 nameif dmz security-level 50 ip address 30.0.0.10 255.255.255.0 interface GigabitEthernet2 nameif outside-1 security-level 0 ip address 20.0.0.10 255.255.255.0 interface GigabitEthernet4 nameif outside-2 security-level 0 ip address 40.0.0.10 255.255.255.0 Permit communication between different interfaces with the same security level This will allow telnet from Router2 to Router4 because they are in same security one. same-security-traffic permit inter-interface

Router1: interface GigabitEthernet1/0 ip address 10.0.0.1 255.255.255.0 line vty 0 4 privilege level 15 no login ip route 20.0.0.0 255.255.255.0 10.0.0.10 ip route 40.0.0.0 255.255.255.0 10.0.0.10 Router2: interface GigabitEthernet1/0 ip address 20.0.0.2 255.255.255.0 line vty 0 4 privilege level 15 no login ip route 10.0.0.0 255.255.255.0 20.0.0.10 ip route 30.0.0.0 255.255.255.0 20.0.0.10 ip route 40.0.0.0 255.255.255.0 20.0.0.10

Router3: interface GigabitEthernet1/0 ip address 30.0.0.3 255.255.255.0 line vty 0 4 privilege level 15 no login ip route 20.0.0.0 255.255.255.0 30.0.0.10 ip route 40.0.0.0 255.255.255.0 30.0.0.10 Router4: interface GigabitEthernet1/0 ip address 40.0.0.4 255.255.255.0 line vty 0 4 privilege level 15 no login ip route 10.0.0.0 255.255.255.0 40.0.0.10 ip route 30.0.0.0 255.255.255.0 40.0.0.10 ip route 40.0.0.0 255.255.255.0 40.0.0.10

Verification

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback