[ Pobierz całość w formacie PDF ]
.SDM isfaster than typing each command and gives you more control than the AutoSecure feature.Verify whether SDM is installed on your router:R2#show flash-#- --length-- -----date/time------ path1 13937472 Sep 12 2007 08:31:42 +00:00 c1841-ipbase-mz.124-1c.bin2 1821 May 05 2007 21:29:36 +00:00 sdmconfig-18xx.cfg3 4734464 May 05 2007 21:30:14 +00:00 sdm.tar4 833024 May 05 2007 21:30:42 +00:00 es.tar5 1052160 May 05 2007 21:31:10 +00:00 common.tar6 1038 May 05 2007 21:31:36 +00:00 home.shtml7 102400 May 05 2007 21:32:02 +00:00 home.tar8 491213 May 05 2007 21:32:30 +00:00 128MB.sdf9 1684577 May 05 2007 21:33:16 +00:00 securedesktop-ios-3.1.1.27-k9.pkg10 398305 May 05 2007 21:33:50 +00:00 sslclient-win-1.1.154.pkg11 2261 Sep 25 2007 23:20:16 +00:00 Tr(RIP)12 2506 Sep 26 2007 17:11:58 +00:00 save.txtIf SDM is NOT installed on your router, it must be installed to continue.Please consult yourinstructor for directions.Step 1: Connect to R2 using TFTP Server.Create a username and password on R2.R2(config)#username ccna password ciscoccnaEnable the http secure server on R2 and connect to R2 using a web browser on TFTP Server.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 21 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationR2(config)#ip http secure-server% Generating 1024 bit RSA keys, keys will be non-exportable.[OK]R2(config)#*Nov 16 16:01:07.763: %SSH-5-ENABLED: SSH 1.99 has been enabled*Nov 16 16:01:08.731: %PKI-4-NOAUTOSAVE: Configuration was modified.Issue"write memory" to save new certificateR2(config)#endR2#copy run startFrom TFTP Server, open a web browser and navigate to https://192.168.20.1/.Login with the previouslyconfigured username and password:username: ccnapassword: ciscoccnaSelect Cisco Router and Security Device ManagerOpen Internet Explorer and enter the IP address for R2 in the address bar.A new window opens.Makesure that you have all popup blockers turned off in your browser.Also make sure that JAVA is installedand updated.After it is done loading, a new window opens for SDM.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 22 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationStep 2: Navigate to the Security Audit feature.Click the Configure button in the top left side of the window.Now navigate down the left panel to Security Audit and click on it.When you click on Security Audit, another window opens.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 23 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationStep 3: Perform a Security Audit.This gives a brief explanation of what the Security Audit feature does.Click on Next to open the SecurityAudit Interface configuration window.An interface should be classified as outside (untrusted) if you cannot be sure of the legitimacy of thetraffic coming into the interface.In this example, both FastEthernet0/1 and Serial0/1/0 are untrustedbecause Serial0/1/0 is facing the Internet, and Fastethernet0/1 is facing the access part of the networkand illegitimate traffic could be generated.After selecting outside and inside interfaces, click Next.A new window opens indicating that SDM isconducting a security audit.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 24 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationAs you can see, the default configuration is unsecure.Click the Close button to continue.Step 4: Apply settings to the router.Click the Fix All button to make all the suggested security changes.Then click the Next button.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 25 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationEnter a banner message to use as the message of the day for the router, and then click Next.Next, set the level of severity of log traps that you want the router to send to the syslog server.Theseverity level is set to debugging for this scenario.Click Next to view a summary of the changes about tobe made to the router.Step 5: Commit the configuration to the router.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 26 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationAfter reviewing the changes about to be committed, click Finish.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 27 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationClick OK and exit SDM [ Pobierz caÅ‚ość w formacie PDF ]
zanotowane.pl doc.pisz.pl pdf.pisz.pl odbijak.htw.pl
.SDM isfaster than typing each command and gives you more control than the AutoSecure feature.Verify whether SDM is installed on your router:R2#show flash-#- --length-- -----date/time------ path1 13937472 Sep 12 2007 08:31:42 +00:00 c1841-ipbase-mz.124-1c.bin2 1821 May 05 2007 21:29:36 +00:00 sdmconfig-18xx.cfg3 4734464 May 05 2007 21:30:14 +00:00 sdm.tar4 833024 May 05 2007 21:30:42 +00:00 es.tar5 1052160 May 05 2007 21:31:10 +00:00 common.tar6 1038 May 05 2007 21:31:36 +00:00 home.shtml7 102400 May 05 2007 21:32:02 +00:00 home.tar8 491213 May 05 2007 21:32:30 +00:00 128MB.sdf9 1684577 May 05 2007 21:33:16 +00:00 securedesktop-ios-3.1.1.27-k9.pkg10 398305 May 05 2007 21:33:50 +00:00 sslclient-win-1.1.154.pkg11 2261 Sep 25 2007 23:20:16 +00:00 Tr(RIP)12 2506 Sep 26 2007 17:11:58 +00:00 save.txtIf SDM is NOT installed on your router, it must be installed to continue.Please consult yourinstructor for directions.Step 1: Connect to R2 using TFTP Server.Create a username and password on R2.R2(config)#username ccna password ciscoccnaEnable the http secure server on R2 and connect to R2 using a web browser on TFTP Server.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 21 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationR2(config)#ip http secure-server% Generating 1024 bit RSA keys, keys will be non-exportable.[OK]R2(config)#*Nov 16 16:01:07.763: %SSH-5-ENABLED: SSH 1.99 has been enabled*Nov 16 16:01:08.731: %PKI-4-NOAUTOSAVE: Configuration was modified.Issue"write memory" to save new certificateR2(config)#endR2#copy run startFrom TFTP Server, open a web browser and navigate to https://192.168.20.1/.Login with the previouslyconfigured username and password:username: ccnapassword: ciscoccnaSelect Cisco Router and Security Device ManagerOpen Internet Explorer and enter the IP address for R2 in the address bar.A new window opens.Makesure that you have all popup blockers turned off in your browser.Also make sure that JAVA is installedand updated.After it is done loading, a new window opens for SDM.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 22 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationStep 2: Navigate to the Security Audit feature.Click the Configure button in the top left side of the window.Now navigate down the left panel to Security Audit and click on it.When you click on Security Audit, another window opens.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 23 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationStep 3: Perform a Security Audit.This gives a brief explanation of what the Security Audit feature does.Click on Next to open the SecurityAudit Interface configuration window.An interface should be classified as outside (untrusted) if you cannot be sure of the legitimacy of thetraffic coming into the interface.In this example, both FastEthernet0/1 and Serial0/1/0 are untrustedbecause Serial0/1/0 is facing the Internet, and Fastethernet0/1 is facing the access part of the networkand illegitimate traffic could be generated.After selecting outside and inside interfaces, click Next.A new window opens indicating that SDM isconducting a security audit.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 24 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationAs you can see, the default configuration is unsecure.Click the Close button to continue.Step 4: Apply settings to the router.Click the Fix All button to make all the suggested security changes.Then click the Next button.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 25 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationEnter a banner message to use as the message of the day for the router, and then click Next.Next, set the level of severity of log traps that you want the router to send to the syslog server.Theseverity level is set to debugging for this scenario.Click Next to view a summary of the changes about tobe made to the router.Step 5: Commit the configuration to the router.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 26 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationAfter reviewing the changes about to be committed, click Finish.All contents are Copyright © 1992 2007 Cisco Systems, Inc.All rights reserved.This document is Cisco Public Information.Page 27 of 28CCNA ExplorationAccessing the WAN: Enterprise Network Security Lab 4.6.1: Basic Security ConfigurationClick OK and exit SDM [ Pobierz caÅ‚ość w formacie PDF ]