Scribd
Upload
18 views6 pages

Practical Imp

The document outlines practical configurations for network devices, including Access Control Lists (ACLs), OSPF, NTP, Syslog, SSH, AAA, STP, and Zone-Based Policy Firewalls. It also provides a series of questions and answers related to networking concepts, such as the differences between standard and extended ACLs, the importance of NTP, and the function of IPsec VPNs. Additionally, it discusses security measures like Cisco IOS IPS and the significance of Spanning Tree Protocol in preventing network loops.

Uploaded by

dcruzsophia24
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views6 pages

Practical Imp

The document outlines practical configurations for network devices, including Access Control Lists (ACLs), OSPF, NTP, Syslog, SSH, AAA, STP, and Zone-Based Policy Firewalls. It also provides a series of questions and answers related to networking concepts, such as the differences between standard and extended ACLs, the importance of NTP, and the function of IPsec VPNs. Additionally, it discusses security measures like Cisco IOS IPS and the significance of Spanning Tree Protocol in preventing network loops.

Uploaded by

dcruzsophia24
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

PRACTICAL IMP

ACL - HTTP, FTP, ICMP, DNS, SMTP*

Router(config)# access-list 100 permit tcp any any eq 80 ! Allow HTTP


Router(config)# access-list 100 permit tcp any any eq 443 ! Allow HTTPS
Router(config)# access-list 100 permit tcp any any eq 21 ! Allow FTP
Router(config)# access-list 100 permit icmp any any ! Allow ICMP (Ping)
Router(config)# access-list 100 permit udp any any eq 53 ! Allow DNS
Router(config)# access-list 100 permit tcp any any eq 25 ! Allow SMTP
Router(config)# access-list 100 deny ip any any ! Block all other traffic

! Apply ACL to an interface


Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip access-group 100 in
Router(config-if)# exit

!View ACL
Router# show access-lists

If ipv6 address:
ipv6 unicast-routing
interface gigabitEthernet0/0
ipv6 address 2002::1/64
ipv6 rip a enable
no shutdown
exit

[OSPF MD5, NTP, Syslog, SSH]**


OSPF
Router(config)# router ospf 1
Router(config-router)# network 192.168.1.0 0.0.0.255 area 0
Router(config-router)# exit

Router# show ip ospf neighbor

Router(config)# interface GigabitEthernet0/0


Router(config-if)# ip ospf authentication message-digest
Router(config-if)# ip ospf message-digest-key 1 md5 sophia
Router(config-if)# exit

Router# show ip ospf neighbor


NTP
Router(config)# ntp server 192.168.1.100

Router# show ntp status


Router# show clock

Syslog:
Router(config)# logging host 192.168.1.200
Router(config)# logging trap informational
Router(config)# logging on

SSH:
On Router:
crypto key generate rsa
line vty 0 4
transport input ssh
login local
exit
username sophia privilege 15 password sophia24

Router# show ip ssh

On Command Prompt:
ssh -l sophia 192.168.1.1

AAA
Router(config)# aaa new-model
Router(config)# username sophia privilege 15 secret sophia24
Router(config)# aaa authentication login CONSOLE_AUTH local
Router(config)# line console 0
Router(config)# login authentication CONSOLE_AUTH
Router(config)# exit
Router(config)# line vty 0 4
Router(config-line)# login authentication CONSOLE_AUTH
Router(config-line)# exit

STP and CAM - Content-Addressable Memory


show spanning-tree
spanning-tree vlan 1 root primary
spanning-tree vlan 1 root secondary
do show spanning-tree
en
conf t
interface range fastEthernet 0/1-2
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
exit

en
conf t
interface range fastEthernet 0/1-2
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation shutdown
exit

show port-security interface fastEthernet 0/1


en
conf t
interface range fastEthernet 0/3-22
shutdown
exit

Zone Based Policy Firewall *


en
conf t
license boot module c1900 technology-package securityk9
accept
exit
reload
conf t
zone security in-zone
exit
zone security out-zone
exit
access-list 101 permit ip 192.168.4.0 0.0.0.255 any
class-map type inspect match-all in-map
match access-group 101
exit
policy-map type inspect in-out
class type inspect in-map
inspect
exit
zone-pair security in-out-zone source in-zone destination out-zone
service-policy type inspect in-out
exit
interface g0/0
zone-member security in-zone
exit
interface s0/1/1
zone-member security out-zone
exit
copy running-config startup-config

IPsec VPN
IOS IPS
PRACTICAL VIVA
Q1: What is an Access Control List (ACL)?
An ACL is a set of rules used to filter network traffic based on IP addresses, protocols, and
ports. It helps in controlling access to network resources by allowing or denying packets.

Q2: What is the difference between Standard and Extended ACLs?


Standard ACL filters traffic based only on the source IP address.
Extended ACL filters traffic based on source/destination IP, protocol (HTTP, FTP, ICMP, DNS,
SMTP), and port numbers.

Q3: Where should you place a standard and extended ACL in a network?
Standard ACL: Close to the destination to avoid blocking unintended traffic.
Extended ACL: Close to the source to filter unwanted traffic early.

Q4: What is OSPF MD5 authentication?


OSPF MD5 authentication secures OSPF messages by encrypting them with an MD5 hash,
preventing unauthorized route updates.

Q5: What is OSPF?


OSPF (Open Shortest Path First) is a link-state routing protocol that dynamically finds the best
path for IP packets.

Q6: Why is NTP important in networking?


A: NTP synchronizes the clocks of network devices to ensure accurate timestamping for logs,
security events, and time-sensitive applications.

Q7: What does NTP stand for?


Network Time Protocol

Q8: What is Syslog, and why is it used?


A: Syslog is a protocol used for collecting and storing log messages from network devices for
troubleshooting, auditing, and security monitoring.

Q9: What is SSH?


SSH (Secure Shell) is a cryptographic network protocol that provides secure remote access to
network devices and servers by encrypting communication, preventing unauthorized access
and data interception.

Q10: Why is SSH preferred over Telnet?


SSH encrypts communication between the client and the server, ensuring secure remote access,
while Telnet sends data in plaintext.

Q11: Difference between Authentication and Authorization?


Authentication is checking (credentials) and authorization is verifying (Permissions)
Q12: What is AAA, and why is it used in networks?
AAA is a framework for secure access control:
Authentication: Verifies user identity
Authorization: Defines user permissions
Accounting: Tracks user activities

Q13: What is an IPsec VPN, and how does it work?


IPsec VPN secures network communication by encrypting data between remote sites or users.
It uses encryption and authentication protocols like ESP (Encapsulating Security Payload) and
IKE (Internet Key Exchange).

Q14: What is STP, and why is it important?


Spanning Tree Protocol STP prevents loop formation in Layer 2 networks by blocking
redundant links, ensuring only one active path exists between switches.

Q15: What happens when a MAC address table is full (CAM overflow attack)?
The switch floods all frames, behaving like a hub, allowing attackers to sniff network traffic.

Q16: What is a Zone-Based Policy Firewall?


ZBF is an advanced firewall feature in Cisco routers that controls traffic between different
security zones based on policy-based rules.

Q17: What is Cisco IOS IPS?


Cisco IOS IPS detects and prevents threats like malware, DoS attacks, and unauthorized access
by analyzing network traffic.

Q18: How is IOS IPS different from a traditional firewall?


A: A firewall blocks traffic based on rules, while an IPS inspects traffic for threats and actively
prevents malicious activities.

Q.19: What is a Spanning Tree?


A spanning tree is a subset of a network's topology that connects all nodes without forming
loops, ensuring a single active path between switches while allowing redundancy for fault
tolerance.

Q.20 Three D's of Security?


Detect, Defense, Deter

You might also like