2.6.1.3 Packet Tracer – Configure Cisco Routers for Syslog, NTP, and SSH Operations Answers PDF

Title 2.6.1.3 Packet Tracer – Configure Cisco Routers for Syslog, NTP, and SSH Operations Answers
Author Amuel Wilson
Course Network security
Institution Algonquin College
Pages 8
File Size 323 KB
File Type PDF
Total Downloads 2
Total Views 151
Preview
CLICK TO PREVIEW PDF
Summary

Packet Tracer – Configure Cisco Routers for Syslog, NTP, and SSH Operations LAb...

Description

Packet Tracer – Configure Cisco Routers for Syslog, NTP, and SSH Operations Topology

Addressing Table

Objectives •Configur eOSPFMD5aut hent i cat i on. •Configur eNTP. •Configur er out er st ol ogmessagest ot hes y sl ogs er v er . •Configur eR3t os uppor tSSHc onnect i ons . Background / Scenario I nt hi sact i v i t y ,y ouwi l l c onfigur eOSPFMD5aut hent i cat i onf orsecur er out i ngupdat es. TheNTPSer v eri st hemas t erNTPser veri nt hi sact i vi t y .Youwi l lconfigur eaut hent i c at i onont heNTP s er v erandt her out er s .Youwi l lconfigur et her out er st oal l owt hesof t war ecl ockt obes y nc hr oni z edby NTPt ot het i mes er v er .Al so,y ouwi l lconfigur et her out er st oper i odi cal l yupdat et hehar dwar ecl ockwi t h t het i mel ear nedf r om NTP. TheSys l ogSer v erwi l lpr ovi demess agel oggi ngi nt hi sact i vi t y .Youwi l lconfigur et her out er st oi dent i f y t her emot ehost( Sy sl ogser v er )t hatwi l l r ecei v el oggi ngmessages . Youwi l l needt oconfigur et i mest amps er vi cef orl oggi ngont her out er s .Di spl ay i ngt hec or r ec tt i meand dat ei nSy s l ogmess agesi sv i t al whenusi ngSy sl ogt omoni t oranet wor k. Youwi l l confi gur eR3t obemanagedsecur el yusi ngSSHi nst eadofTel net .Thes er v er shav ebeenpr econfigur edf orNTPandSy sl ogs er vi cesr espect i v el y .NTPwi l lnotr equi r eaut hent i cat i on.Ther out er shav e beenpr econfigur edwi t ht hef ol l owi ngpas swor ds : •Enabl epass wor d:ciscoenpa55 •Pass wor df orvt yl i nes :ciscovtypa55 Note:Not e:MD5i st hest r ongestencr ypt i onsuppor t edi nt hev er s i onofPack etTr ac erusedt odev el op t hi sact i vi t y( v6. 2) .Al t houghMD5hasknownvul ner abi l i t i es ,y ous houl duset heenc r ypt i ont hatmeet st he s ec ur i t yr equi r ement sofy ouror gani z at i on.I nt hi sact i v i t y ,t hesecur i t yr equi r ementspeci fiesMD5. Part 1: Configure OSPF MD5 Authentication Step 1: Test connectivity. All devices should be able to ping all other IP addresses. Step 2: Configure OSPF MD5 authentication for all the routers in area 0. Configur eOSPFMD5aut hent i cat i onf oral l t her out er si nar ea0.

R1(config)# router ospf 1 R1(config-router)# area 0 authentication message-digest R2(config)# router ospf 1 R2(config-router)# area 0 authentication message-digest R3(config)# router ospf 1 R3(config-router)# area 0 authentication message-digest Step 3: Configure the MD5 key for all the routers in area 0. Configur eanMD5keyont hes er i al i nt er f acesonR1,R2 andR3.Us et hepass wor dMD5pa55 f or k ey1. R1(config)# interface s0/0/0 R1(config-if)# ip ospf message-digest-key 1 md5 MD5pa55 R2(config)# interface s0/0/0 R2(config-if)# ip ospf message-digest-key 1 md5 MD5pa55 R2(config-if)# interface s0/0/1 R2(config-if)# ip ospf message-digest-key 1 md5 MD5pa55 R3(config)# interface s0/0/1 R3(config-if)# ip ospf message-digest-key 1 md5 MD5pa55 Step 4: Verify configurations. a.Ver i f yt heMD5aut hent i cat i onconfigur at i onsusi ngt hecommandss howi pospfi nt er f ace. b.Ver i f yendt oendconnect i vi t y . Part 2: Configure NTP Step 1: Enable NTP authentication on PC-A. a.OnPC-A,cl i ckNTP undert heSer vi cest abt ov er i f yNTPs er vi cei senabl ed. b.T oc onfigur eNTPaut hent i cat i on,c l i ckEnable underAut hent i cat i on.Us ek ey1 and pass wor dNTPpa55 f oraut hent i cat i on. Step 2: Configure R1, R2, and R3 as NTP clients. R1(config)# ntp server 192.168.1.5 R2(config)# ntp server 192.168.1.5

R3(config)# ntp server 192.168.1.5 Ver i f yc l i entc onfi gur at i onus i ngt hecommandshow ntp status. Step 3: Configure routers to update hardware clock. Configur eR1,R2,andR3 t oper i odi cal l yupdat et hehar dwar ec l ockwi t ht het i mel ear nedf r om NTP. R1(config)# ntp update-calendar R2(config)# ntp update-calendar R3(config)# ntp update-calendar Ex i tgl obal configur at i onandv er i f yt hatt hehar dwar ecl ockwasupdat edusi ngt hecommandshow clock. Step 4: Configure NTP authentication on the routers. Configur eNTPaut hent i cat i ononR1,R2,andR3 usi ngk ey1 andpass wor dNTPpa55. R1(config)# ntp authenticate R1(config)# ntp trusted-key 1 R1(config)# ntp authentication-key 1 md5 NTPpa55 R2(config)# ntp authenticate R2(config)# ntp trusted-key 1 R2(config)# ntp authentication-key 1 md5 NTPpa55 R3(config)# ntp authenticate R3(config)# ntp trusted-key 1 R3(config)# ntp authentication-key 1 md5 NTPpa55 Step 5: Configure routers to timestamp log messages. Configur et i mest ampser vi cef orl oggi ngont her out er s . R1(config)# service timestamps log datetime msec R2(config)# service timestamps log datetime msec R3(config)# service timestamps log datetime msec Part 3: Configure Routers to Log Messages to the Syslog Server

Step 1: Configure the routers to identify the remote host (Syslog Server) that will receive logging messages. R1(config)# logging host 192.168.1.6 R2(config)# logging host 192.168.1.6 R3(config)# logging host 192.168.1.6 Ther out ercons ol ewi l ldi spl ayamessaget hatl oggi nghasst ar t ed. Step 2: Verify logging configuration. Us et hecommandshow logging t ov er i f yl oggi nghasbeenenabl ed. Step 3: Examine logs of the Syslog Server. Fr om t heServices t aboft heSyslog Server’s di al oguebox ,sel ectt heSyslog s er vi cesbut t on. Obs er v et hel oggi ngmessagesr ecei v edf r om t her out er s . Note:Logmes sagescanbegener at edont heser v erbyex ec ut i ngcommandsont her out er .For ex ampl e,ent er i ngandex i t i nggl obalc onfi gur at i onmodewi l l gener at eani nf or mat i onal configur at i on message.Youmayneedt oc l i ckadi ffer ents er vi ceandt hencl i ckSyslog agai nt or ef r es ht hemessage di spl ay . Part 4: Configure R3 to Support SSH Connections Step 1: Configure a domain name. Configur eadomai nnameofccnasecurity.com onR3. R3(config)# ip domain-name ccnasecurity.com Step 2: Configure users for login to the SSH server on R3. Cr eat eaus erI DofSSHadmin wi t ht hehi ghestpos si bl epr i vi l egel ev el andas ecr etpas swor d ofciscosshpa55. R3(config)# username SSHadmin privilege 15 secret ciscosshpa55 Step 3: Configure the incoming vty lines on R3. Us et hel ocalus eraccount sf ormandat or yl ogi nandv al i dat i on.Acceptonl ySSHconnect i ons . R3(config)# line vty 0 4 R3(config-line)# login local R3(config-line)# transport input ssh Step 4: Erase existing key pairs on R3. Anyexi s t i ngRSAk eypai r sshoul dbeer as edont her out er . R3(config)# crypto key zeroize rsa Note:I fnok ey sex i st ,y oumi ghtr ecei v et hi smes sage:

% No Signature RSA Keys found in configuration. Step 5: Generate the RSA encryption key pair for R3. Ther out erusest heRSAk eypai rf oraut hent i cat i onandencr ypt i onoft r ansmi t t edSSHdat a.Configur e t heRSAk eyswi t hamodul usof1024.Thedef aul ti s512,andt her angei sf r om 360t o2048. R3(config)# crypto key generate rsa The name for the keys will be: R3.ccnasecurity.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] Note:Thec ommandt ogener at eRSAenc r y pt i onk eypai r sf orR3i nPack etTr acerdi ffer sf r om t hose us edi nt hel ab. Step 6: Verify the SSH configuration. Us et heshow ip ssh commandt os eet hec ur r entset t i ngs .Ver i f yt hatt heaut hent i cat i ont i meoutand r et r i esar eatt hei rdef aul tv al uesof120and3. Step 7: Configure SSH timeouts and authentication parameters. Thedef aul tSSHt i meout sandaut hent i cat i onpar amet er scanbeal t er edt obemor er est r i ct i v e.Sett he t i meoutt o90 s econds,t henumberofaut hent i cat i onr et r i est o2,andt hev er s i ont o2. R3(config)# ip ssh time-out 90 R3(config)# ip ssh authentication-retries 2 R3(config)# ip ssh version 2 I s suet hes howi ps shcommandagai nt oc onfi r mt hatt hev al ueshav ebeenchanged. Step 8: Attempt to connect to R3 via Telnet from PC-C. Opent heDes kt opofPC-C.Sel ectt heCommandPr ompti c on.Fr om PC-C,ent ert hecommandt o connectt oR3 vi aTel net . PC> telnet 192.168.3.1 Thi sconnect i onshoul df ai lbecauseR3 hasbeenconfigur edt oacceptonl ySSHc onnect i onsont he v i r t ualt er mi nal l i nes. Step 9: Connect to R3 using SSH on PC-C.

Opent heDes kt opofPC-C. Sel ectt heCommandPr ompti con.Fr om PC-C,ent ert hecommandt o connectt oR3vi aSSH.Whenpr ompt edf ort hepass wor d,ent ert hepasswor dconfigur edf ort he admi ni s t r at orciscosshpa55. PC> ssh –l SSHadmin 192.168.3.1 Step 10: Connect to R3 using SSH on R2. Tot r oubl eshootandmai nt ai nR3,t headmi ni st r at oratt heI SPmustuseSSHt oaccesst her out erCLI . Fr om t heCLIofR2,ent ert hecommandt oconnec tt oR3 v i aSSHv er si on2 usi ngt heSSHadmin user account .Whenpr ompt edf ort hepass wor d,ent ert hepas swor dconfigur edf ort he admi ni s t r at or :ciscosshpa55. R2# ssh –v 2 –l SSHadmin 10.2.2.1 Step 11: Check results. Yourc ompl et i onper cent ageshoul dbe100%.Cl i ckCheck Results t ovi ewt hef eedbackand v er i ficat i onofwhi chr equi r edcomponent shav ebeencompl et ed. 

Scripts for R1

conf t interface s0/0/0 ip ospf message-digest-key 1 md5 MD5pa55 router ospf 1 area 0 authentication message-digest service timestamps log datetime msec logging 192.168.1.6 ntp server 192.168.1.5 ntp update-calendar ntp authentication-key 1 md5 NTPpa55 ntp authenticate ntp trusted-key 1 end



Scripts for R2

conf t interface s0/0/0 ip ospf message-digest-key 1 md5 MD5pa55 interface s0/0/1 ip ospf message-digest-key 1 md5 MD5pa55 router ospf 1 area 0 authentication message-digest service timestamps log datetime msec logging 192.168.1.6 ntp server 192.168.1.5 ntp update-calendar ntp authentication-key 1 md5 NTPpa55

ntp authenticate ntp trusted-key 1 end 

Scripts for R3

conf t interface s0/0/1 ip ospf message-digest-key 1 md5 MD5pa55 router ospf 1 area 0 authentication message-digest service timestamps log datetime msec logging 192.168.1.6 ntp server 192.168.1.5 ntp update-calendar ntp authentication-key 1 md5 NTPpa55 ntp authenticate...

Similar Free PDFs
2.6.1.3 Packet Tracer – Configure Cisco Routers for Syslog, NTP, and SSH Operations Answers
  • 8 Pages
2.6.1.3 Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations Instructor
  • 7 Pages
3.6.1.2 Packet Tracer – Configure AAA Authentication on Cisco Routers Answers
  • 8 Pages
1.3.6 Packet Tracer - Configure SSH
  • 2 Pages
3.6.1.2 Packet Tracer - Configure AAA Authentication on Cisco Routers
  • 7 Pages
3.6.1.2 Packet Tracer - Configure AAA Authentication on Cisco Routers
  • 4 Pages
16.4.6 Packet Tracer - Configure Secure Passwords and SSH
  • 3 Pages
PACKET TRACER CISCO
  • 19 Pages
Ebook Cisco Packet Tracer
  • 77 Pages
CISCO PACKET TRACER 10.4.4
  • 15 Pages
laboratorio cisco packet tracer
  • 15 Pages
Configure AAA Authentication on Cisco Routers
  • 4 Pages
Practical 12 Configure network topology using cisco packet tracer.
  • 5 Pages
Tutorial Cisco Packet Tracer Lengkap
  • 70 Pages
TUGAS PRAKTIKUM CISCO PACKET TRACER
  • 9 Pages
Cisco Packet Tracer 8.0.1 FAQ
  • 5 Pages
Popular Institutions