Escolar Documentos
Profissional Documentos
Cultura Documentos
Case Study
Objectives
Class ____________
Network Diagram
.10 2nd
Scenario
inside
Company XYZ has a firewall router placed on its perimeter network. The firewall
router needs to be configured to allow only secure telnet from any remote access. This
trusted
secure telnet uses SSHv1 protocol that uses a local database for its username and
password pair. In addition to this, the company’s administrator needs to enable
server
CBAC filtering to monitor any SSH session that occurs through its firewall.
Tools/Preparation
4 2611XM routers (2 are loaded with Advanced Security IOS version 12.3(14)T )
(inside)
2 student notebooks with built-in wireless LAN
Fa0/0
PCMCIA wireless card – for notebooks without built-in wireless LAN
PUTTY SSH Client software
There are two basic segments for the IOS Firewall Router topology.
.11 .1
Inside Trusted (100%) Private LAN 10.0.X.0/24 FastEthernet 0/0
X represents the student number; e.g. the inside network for student1 is 10.0.1.0/24.
EXPT_CASE_STUDY.DOC 2
10.0.1.0/24 Oct 2010 Rev 1.1
Ngee Ann Polytechnic
Electronic and Computer Engineering Division
Figure 1 shows the logical topology for this case study. The main task for students is
to configure RouterX based on the following policy:
b. VTY Access
i). Login using local username and password pair.
Username: netwarrior
Password: Student1234
ii). Only SSH protocol may be used for VTY access.
iii). Use only SSH version 1 protocol
iv). SSH domain–name: np.com
v). Generate 512-bit RSA keys
vi). SSH maximum timeout value allowed: 15 seconds
vii). SSH maximum amount of authentication retries allowed: 3
c. Password requirements
i). All passwords used must be at least eight-characters long and consist
of a mixture of alphanumeric, upper-case and lower-case characters.
Dictionary words (regardless of length) are not to be used as passwords.
ii). All passwords in the configuration file must be encrypted.
(Find out this command in cisco.com on how to turn on password
encryption.)
8. From your router, establish a SSH connection to your peer router 172.30.P.2
using local username-password pair
9. From your router, disconnect the current SSH connection to your peer router
172.30.P.2.
10. Save your configuration in your router and then copy the running-configuration
to a text file putting it as Part I configuration.
.
b. From your router, test the connectivity to your peer router 172.30.P.2.
From the output displayed, how can this session be identified as a Telnet
connection?
6. Save and copy the current configuration to the same text file as above putting it
as Part II configuration.
Part III - Complete all sections and submit the completed worksheet in the
Group Journal in MeL.
2. Record the username/password, line password and enable secret password you
have used on top of the same text file that you have captured. Your text file must
follow the structure below:
i). Username password - XXXXXXXXX
ii). Console line password - XXXXXXXX
iii). Enable secret password – XXXXXXXX
iv). Part I configuration show run output
v). RouterX# show crypto key mypubkey rsa capture output
vi). Part II configuration shown run output
3. Save the text document again and then submit INDIVIDUALLY to Journal as
follows: