Practical 1

Also remember

Part 1
Step 1 Test connectivity. All devices should be able to ping all other IP addresses.

Step 2 Configure OSPF MD5 authentication for all routers in area 0

This can be done using the “Router OSPF 1” command.

Step 3 : Configure the MD5 key for all the routers in area 0
This can be done using the “ip ospf message-digest-key 1”
Step 4: Verify configurations.

Part 2

Step 1: Configure the NTP

Step 2: Configure R1, R2, and R3 as NTP clients.

Step 3: Configure routers to update hardware clocks.

Step 4: Configure NTP Authentication on Routers.

Step 5: Configure routers to timestamp log messages.

Part 3
Configure Routers to Log Messages to the Syslog Server

Step 1: Configure the routers to identify the remote host (Syslog Server) that will receive logging
messages

Step 2: Verify logging configuration. Use the command show logging to verify logging has been
enabled.

Step 3: Examine logs of the Syslog Server.

Part 4
Configure R3 to support SSH connections.
Step 1: Configure a Domain name

Step 2: Configure users for login to SSH server on R3

Step 3: Configure the incoming vty lines on R3.

Step 4: Erase existing key pairs on R3.

Step 5: Generate the RSA encryption key pair for R3.

Step 6: Verify the SSH configuration.

Step 7: Configure SSH time outs and parameters.

Step 8: Connect to R3 using SSH on PC-C

Step 9: Connect to R3 using SSH on R2

Step 10: Check results.

Practical 2

Part 1: Configure Local AAA Authentication for Console Access on R1

Step 1: Test connectivity.

Step 2: Configure a local username on R1.
Step 3: Configure local AAA authentication for console access on R1.
Step 4: Configure the line console to use the defined AAA authentication method.
Step 5: Verify the AAA authentication method.

Part 2: Configure AAA authentication for vty lines on R1.

Step 1: Configure domain name and crypto key for use with SSH.
Step 2: Configure a named list AAA authentication method for the vty lines on R1.
Step 3: Configure the vty lines to use the defined AAA authentication method.
Step 4: Verify the AAA authentication method.

Part 3: Configure Server-Based AAA Authentication Using TACACS+ on R2

Step 1: Configure a backup local database entry called Admin

Step 2: Verify the TACACS+ Server configuration.
Step 3: Configure the TACACS+ server specifics on R2.
Step 4: Configure AAA login authentication for console access on R2.
Step 5: Configure the line console to use the defined AAA authentication method.
Step 6: Verify the AAA authentication method.

Part 4: Configure Server-Based AAA authentication using Radius on R3.

Step1: Configure a backup local database entry called Admin.

Step2: Verify the Radius server configuration.
Step3: Configure the RADIUS server specifics on R3.
Step 4: Configure AAA login authentication for console access on R3.
Step 5: Configure the line console to use the defined AAA authentication method.
Step 6: Verify the AAA authentication method.
Practical 3 Scenario 1

Part 1: Configure, Apply and Verify an Extended Numbered ACL.

Step 1: Configure an ACL to permit FTP and ICMP.

Step 2: Apply ACL on the correct interface to filter traffic.
Verify the ACL implementation.

Part 2: Configure, Apply and Verify an Extended Named ACL

Step 1: Configure an ACL to permit HTTP access and ICMP.

Step 2: Apply the ACL on the correct interface to filter traffic.

Part 3: Verify the ACL implementation.

Practical 4

Part 1: Verify Basic Network Connectivity.

Step 1: From PC-A, verify connectivity to PC-C and R2.

Step 2: From PC-C, verify connectivity to PC-A and R2

Part 2: Secure Access to Routers.

Step1: Configure ACL 10 to block all remote access to the routers except from PC-c
Step 2: Apply ACL 10 to ingress traffic on the VTY lines. Use the access-class
Step 3: Verify exclusive access from management station PC-C.

Part 3: Create a Numbered IP ACL 120 on R1

Step 1: Verify that PC-C can access the PC-A via HTTPS using the web browser.
Step 2: Configure ACL 120 to specifically permit and deny the specified traffic.
Step 3: Apply the ACL to interface S0/0/0
Step 4: Verify that PC-C cannot access PC-A via HTTPS using the web browser.

Part 4: Modify an Existing ACL on R1

Step 1: Verify that PC-A cannot successfully ping the loopback interface on R2.
Step 2: Make any necessary changes to ACL 120 to permit and deny the specified traffic.
Step 3: Verify that PC-A can successfully ping the loopback interface on R2.

Part 5: Create a Numbered IP ACL 110 on R3

Step 1: Configure ACL 110 to permit only traffic from the inside network.
Step 2: Apply the ACL to interface G0/1. Use the ip access-group command

Part 6: Create a Numbered IP ACL 100 on R3

Step1: Configure ACL 100 to block all specified traffic from the opposite network.
Step 2: Apply the ACL to interface Serial 0/0/1. Use the ip access-group command.
Step 3: Confirm that the specified traffic entering interface Serial 0/0/1 is handled correctly.
Step 4: Check results.