Scribd Logo
Upload

Welcome to Scribd!

  • PT Activity: Configure Cisco Routers For Syslog, NTP, and SSH Operations - 1 %

    Uploaded by

    alb3rtlin
    17 views4 pages
    fad

    Original Title

    daf

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    fad

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views4 pages

    PT Activity: Configure Cisco Routers For Syslog, NTP, and SSH Operations - 1 %

    Uploaded by

    alb3rtlin
    fad

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH

    Operations -1
    Topology Diagram
    Addressing Table
    Device Interface IP Address Subnet Mask Default Gateway Switch Port
    R1 !A"#1 1$%&1'(&1&1 %))&%))&%))&" N#A S1 !A"#)
    S"#"#" *+C,- 1"&1&1&1 %))&%))&%))&%)% N#A N#A
    R% S"#"#" 1"&1&1&% %))&%))&%))&%)% N#A N#A
    S"#"#1 *+C,- 1"&%&%&% %))&%))&%))&%)% N#A N#A
    R. !A"#1 1$%&1'(&.&1 %))&%))&%))&" N#A S. !A"#)
    S"#"#1 1"&%&%&1 %))&%))&%))&%)% N#A N#A
    PC-A N/C 1$%&1'(&1&) %))&%))&%))&" 1$%&1'(&1&1 S1 !A"#'
    PC-0 N/C 1$%&1'(&1&' %))&%))&%))&" 1$%&1'(&1&1 S% !A"#1(
    PC-C N/C 1$%&1'(&.&) %))&%))&%))&" 1$%&1'(&.&1 S. !A"#'
    All contents are Copyrig1t 2 1$$%3%"1% Cisco Syste4s, /nc& All rig1ts reserved& T1is docu4ent is Cisco Pu5lic /nfor4ation& Page 1 of 6
    CCNA Security
    earning !b"ectives
    Configure routers as NTP clients&
    Configure routers to update t1e 1ard7are cloc8 using NTP&
    Configure routers to log 4essages to t1e syslog server&
    Configure routers to ti4esta4p log 4essages&
    Configure local users&
    Configure 9T: lines to accept SSH connections only&
    Configure RSA 8ey pair on SSH server&
    9erify SSH connectivity fro4 PC client and router client&
    Introduction
    T1e net7or8 topology s1o7s t1ree routers& :ou 7ill configure NTP and Syslog on all routers& :ou 7ill configure
    SSH on R.&
    Net7or8 Ti4e Protocol *NTP- allo7s routers on t1e net7or8 to sync1roni;e t1eir ti4e settings 7it1 an NTP
    server& A group of NTP clients t1at o5tain ti4e and date infor4ation fro4 a single source 1ave 4ore consistent
    ti4e settings and Syslog 4essages generated can 5e analy;ed 4ore easily& T1is can 1elp 71en
    trou5les1ooting issues 7it1 net7or8 pro5le4s and attac8s& <1en NTP is i4ple4ented in t1e net7or8, it can 5e
    set up to sync1roni;e to a private 4aster cloc8, or to a pu5licly availa5le NTP server on t1e /nternet&
    T1e NTP Server is t1e 4aster NTP server in t1is la5& :ou 7ill configure t1e routers to allo7 t1e soft7are cloc8 to
    5e sync1roni;ed 5y NTP to t1e ti4e server& Also, you 7ill configure t1e routers to periodically update t1e
    1ard7are cloc8 7it1 t1e ti4e learned fro4 NTP& Ot1er7ise, t1e 1ard7are cloc8 7ill tend to gradually lose or gain
    ti4e *drift- and t1e soft7are cloc8 and 1ard7are cloc8 4ay 5eco4e out of sync1roni;ation 7it1 eac1 ot1er&
    T1e Syslog Server 7ill provide 4essage logging in t1is la5& :ou 7ill configure t1e routers to identify t1e re4ote
    1ost *Syslog server- t1at 7ill receive logging 4essages&
    :ou 7ill need to configure ti4esta4p service for logging on t1e routers& +isplaying t1e correct ti4e and date in
    Syslog 4essages is vital 71en using Syslog to 4onitor a net7or8& /f t1e correct ti4e and date of a 4essage is
    not 8no7n, it can 5e difficult to deter4ine 71at net7or8 event caused t1e 4essage&
    R% is an /SP connected to t7o re4ote net7or8s: R1 and R.& T1e local ad4inistrator at R. can perfor4 4ost
    router configurations and trou5les1ooting= 1o7ever, since R. is a 4anaged router, t1e /SP needs access to R.
    for occasional trou5les1ooting or updates& To provide t1is access in a secure 4anner, t1e ad4inistrators 1ave
    agreed to use Secure S1ell *SSH-&
    :ou use t1e C>/ to configure t1e router to 5e 4anaged securely using SSH instead of Telnet& SSH is a net7or8
    protocol t1at esta5lis1es a secure ter4inal e4ulation connection to a router or ot1er net7or8ing device& SSH
    encrypts all infor4ation t1at passes over t1e net7or8 lin8 and provides aut1entication of t1e re4ote co4puter&
    SSH is rapidly replacing Telnet as t1e re4ote login tool of c1oice for net7or8 professionals&
    T1e servers 1ave 5een pre-configured for NTP and Syslog services respectively& NTP 7ill not re?uire
    aut1entication& T1e routers 1ave 5een pre-configured 7it1 t1e follo7ing:
    ,na5le pass7ord: ciscoenpa##
    Pass7ord for vty lines: ciscovtypa##
    Static routing
    All contents are Copyrig1t 2 1$$%3%"1% Cisco Syste4s, /nc& All rig1ts reserved& T1is docu4ent is Cisco Pu5lic /nfor4ation& Page % of 6
    CCNA Security
    Task $% &onfigure routers as 'TP &lients(
    Step 1. Test Connectivity
    Ping fro4 PC-C to R.&
    Ping fro4 R% to R.&
    Telnet fro4 PC-C to R.& ,@it t1e Telnet session&
    Telnet fro4 R% to R.& ,@it t1e Telnet Session&
    Step 2. Confgure R1, R2 and R3 as NTP clients.
    9erify client configuration using t1e co44and show ntp status&
    Step 3. Confgure routers to update hardware cloc.
    Configure R1, R% and R. to periodically update t1e 1ard7are cloc8 7it1 t1e ti4e learned fro4 NTP&
    9erify t1at t1e 1ard7are cloc8 7as updated using t1e co44and show clock&
    Step !. Confgure routers to ti"esta"p log "essages.
    &onfigure ti4esta4p service for logging on t1e routers&
    Task )% &onfigure routers to log messages to the Syslog Server(
    Step #. Confgure the routers to identi$y the re"ote host %Syslog Server& that will
    receive logging "essages.
    T1e router console 7ill display a 4essage t1at logging 1as started&
    Step '. (eri$y logging confguration using the co""and show logging.
    Step ). *+a"ine logs o$ the Syslog server.
    !ro4 t1e &onfig ta5 of t1e Syslog serverAs dialogue 5o@, select t1e Syslog services 5utton& O5serve t1e
    logging 4essages received fro4 t1e routers&
    'ote% >og 4essages can 5e generated on t1e server 5y e@ecuting co44ands on t1e router& !or e@a4ple,
    entering and e@iting glo5al configuration 4ode 7ill generate an infor4ational configuration 4essage&
    Task *% &onfigure +* to support SS, connections(
    Step ,. Confgure a do"ain na"e.
    Configure a do4ain na4e of ccnasecurity(com on R.&
    Step -. Confgure users $or login $ro" the SS. client on R3.
    Create a user /+ of SS,admin 7it1 t1e 1ig1est possi5le privilege level and a secret pass7ord of
    ciscosshpa##&
    Step 1/. Confgure the inco"ing (T0 lines on R3.
    Bse t1e local user accounts for 4andatory login and validation& Accept only SSH connections&
    Step 11. *rase e+isting ey pairs on R3.
    Any e@isting RSA 8ey pairs s1ould 5e erased on t1e router&
    All contents are Copyrig1t 2 1$$%3%"1% Cisco Syste4s, /nc& All rig1ts reserved& T1is docu4ent is Cisco Pu5lic /nfor4ation& Page . of 6
    CCNA Security
    'ote% /f no 8eys e@ist, you 4ig1t receive t1is 4essage: % No Signature RSA Keys found in
    configuration&
    Step 12. 1enerate the RS2 encryption ey pair $or R3.
    T1e router uses t1e RSA 8ey pair for aut1entication and encryption of trans4itted SSH data& Configure t1e RSA
    8eys 7it1 a 4odulus of $-).& T1e default is )1%, and t1e range is fro4 .'" to %"6(&
    R3(config)# crypto key generate rsa [Enter]
    The name for the keys i!! "e# R3$ccnasecurity$com
    %hoose the si&e of the key modu!us in the range of 3'( to )(*+ for your
    ,enera! -ur.ose Keys$ %hoosing a key modu!us greater than /0) may take
    a fe minutes$
    1o many "its in the modu!us [/0)]#1024
    % ,enerating 0()* "it RSA keys2 keys i!! "e non3e4.orta"!e$$$[5K]
    'ote% T1e co44and to generate RSA encryption 8ey pairs for R. in Pac8et Tracer differs fro4 t1ose used in
    t1e la5&
    Step 13. (eri$y the SS. confguration.
    Bse t1e show ip ssh co44and to see t1e current settings& 9erify t1at t1e aut1entication ti4eout and retries
    are at t1eir default values of 1%" and .&
    Step 1!. Confgure SS. ti"eouts and authentication para"eters.
    T1e default SSH ti4eouts and aut1entication para4eters can 5e altered to 5e 4ore restrictive& Set t1e ti4eout
    to /- seconds, t1e nu45er of aut1entication retries to ), and t1e version to )&
    /ssue t1e show ip ssh co44and again to confir4 t1at t1e values 1ave 5een c1anged&
    Step 1#. 2tte"pt to connect to R3 via Telnet $ro" PC3C.
    Open t1e +es8top of PC-C& Select t1e Co44and Pro4pt icon& !ro4 PC-C, enter t1e co44and to connect to
    R. via Telnet&
    -%6 telnet 192.168.3.1
    T1is connection s1ould fail, since R. 1as 5een configured to accept only SSH connections on t1e virtual
    ter4inal lines&
    Step 1'. Connect to R3 using SS. on PC3C.
    Open t1e +es8top of PC-C& Select t1e Co44and Pro4pt icon& !ro4 PC-C, enter t1e co44and to connect to
    R. via SSH& <1en pro4pted for t1e pass7ord, enter t1e pass7ord configured for t1e ad4inistrator
    ciscosshpa##&
    -%6 ssh l SSHadin 192.168.3.1
    Step 1). Connect to R3 using SS. on R2.
    /n order to trou5les1oot and 4aintain t1e R. router, t1e ad4inistrator at t1e /SP 4ust use SSH to access t1e
    router C>/& !ro4 t1e C>/ of R%, enter t1e co44and to connect to R. via SSH version % using t1e SSHad4in
    user account& <1en pro4pted for t1e pass7ord, enter t1e pass7ord configured for t1e ad4inistrator:
    ciscosshpa##&
    R)# ssh ! 2 l SSHadin 10.2.2.1
    Step 1,. Chec results.
    :our co4pletion percentage s1ould 5e 1""& Clic8 &heck +esults to see feed5ac8 and verification of 71ic1
    re?uired co4ponents 1ave 5een co4pleted&
    All contents are Copyrig1t 2 1$$%3%"1% Cisco Syste4s, /nc& All rig1ts reserved& T1is docu4ent is Cisco Pu5lic /nfor4ation& Page 6 of 6

    You might also like