SlideShare una empresa de Scribd logo

2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh operations instructor

Salem Trabelsi
Salem Trabelsi

cisco

Educación
1 de 6
Descargar para leer sin conexión
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 6 Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 Fa0/1 192.168.1.1 255.255.255.0 N/A S1 Fa0/5 S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A R2 S0/0/0 10.1.1.2 255.255.255.252 N/A N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A R3 Fa0/1 192.168.3.1 255.255.255.0 N/A S3 Fa0/5 S0/0/1 10.2.2.1 255.255.255.252 N/A N/A PC-A NIC 192.168.1.5 255.255.255.0 192.168.1.1 S1 Fa0/6 PC-B NIC 192.168.1.6 255.255.255.0 192.168.1.1 S2 Fa0/18 PC-C NIC 192.168.3.5 255.255.255.0 192.168.3.1 S3 Fa0/18 Objectives  Configure routers as NTP clients.  Configure routers to update the hardware clock using NTP.  Configure routers to log messages to the syslog server.  Configure routers to timestamp log messages.  Configure local users.
Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 6  Configure VTY lines to accept SSH connections only.  Configure RSA key pair on SSH server.  Verify SSH connectivity from PC client and router client. Background / Scenario The network topology shows three routers. You will configure NTP and Syslog on all routers. You will configure SSH on R3. Network Time Protocol (NTP) allows routers on the network to synchronize their time settings with an NTP server. A group of NTP clients that obtain time and date information from a single source have more consistent time settings and Syslog messages generated can be analyzed more easily. This can help when troubleshooting issues with network problems and attacks. When NTP is implemented in the network, it can be set up to synchronize to a private master clock, or to a publicly available NTP server on the Internet. The NTP Server is the master NTP server in this lab. You will configure the routers to allow the software clock to be synchronized by NTP to the time server. Also, you will configure the routers to periodically update the hardware clock with the time learned from NTP. Otherwise, the hardware clock will tend to gradually lose or gain time (drift) and the software clock and hardware clock may become out of synchronization with each other. The Syslog Server will provide message logging in this lab. You will configure the routers to identify the remote host (Syslog server) that will receive logging messages. You will need to configure timestamp service for logging on the routers. Displaying the correct time and date in Syslog messages is vital when using Syslog to monitor a network. If the correct time and date of a message is not known, it can be difficult to determine what network event caused the message. R2 is an ISP connected to two remote networks: R1 and R3. The local administrator at R3 can perform most router configurations and troubleshooting; however, because R3 is a managed router, the ISP needs access to R3 for occasional troubleshooting or updates. To provide this access in a secure manner, the administrators have agreed to use Secure Shell (SSH). You use the CLI to configure the router to be managed securely using SSH instead of Telnet. SSH is a network protocol that establishes a secure terminal emulation connection to a router or other networking device. SSH encrypts all information that passes over the network link and provides authentication of the remote computer. SSH is rapidly replacing Telnet as the remote login tool of choice for network professionals. The servers have been pre-configured for NTP and Syslog services respectively. NTP will not require authentication. The routers have been pre-configured with the following:  Enable password: ciscoenpa55  Password for vty lines: ciscovtypa55  Static routing Part 1: Configure Routers as NTP Clients Step 1: Test Connectivity.  Ping from PC-C to R3.  Ping from R2 to R3.  Telnet from PC-C to R3. Exit the Telnet session.  Telnet from R2 to R3. Exit the Telnet session.
Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 6 Step 2: Configure R1, R2, and R3 as NTP clients. R1(config)# ntp server 192.168.1.5 R2(config)# ntp server 192.168.1.5 R3(config)# ntp server 192.168.1.5 Verify client configuration using the command show ntp status. Step 3: Configure routers to update hardware clock. Configure R1, R2, and R3 to periodically update the hardware clock with the time learned from NTP. R1(config)# ntp update-calendar R2(config)# ntp update-calendar R3(config)# ntp update-calendar Verify that the hardware clock was updated using the command show clock. Step 4: Configure routers to timestamp log messages. Configure timestamp service for logging on the routers. R1(config)# service timestamps log datetime msec R2(config)# service timestamps log datetime msec R3(config)# service timestamps log datetime msec Part 2: Configure Routers to Log Messages to the Syslog Server Step 1: Configure the routers to identify the remote host (Syslog Server) that will receive logging messages. R1(config)# logging host 192.168.1.6 R2(config)# logging host 192.168.1.6 R3(config)# logging host 192.168.1.6 The router console will display a message that logging has started. Step 2: Verify logging configuration using the command show logging. Step 3: Examine logs of the Syslog Server. From the Services tab of the Syslog Server’s dialogue box, select the Syslog services button. Observe the logging messages received from the routers. Note: Log messages can be generated on the server by executing commands on the router. For example, entering and exiting global configuration mode will generate an informational configuration message. Part 3: Configure R3 to Support SSH Connections Step 1: Configure a domain name. Configure a domain name of ccnasecurity.com on R3. R3(config)# ip domain-name ccnasecurity.com
Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 6 Step 2: Configure users for login to the SSH server on R3. Create a user ID of SSHadmin with the highest possible privilege level and a secret password of ciscosshpa55. R3(config)# username SSHadmin privilege 15 secret ciscosshpa55 Step 3: Configure the incoming VTY lines on R3. Use the local user accounts for mandatory login and validation. Accept only SSH connections. R3 (config)# line vty 0 4 R3 (config-line)# login local R3(config-line)# transport input ssh Step 4: Erase existing key pairs on R3. Any existing RSA key pairs should be erased on the router. R3(config)# crypto key zeroize rsa Note: If no keys exist, you might receive this message: % No Signature RSA Keys found in configuration. Step 5: Generate the RSA encryption key pair for R3. The router uses the RSA key pair for authentication and encryption of transmitted SSH data. Configure the RSA keys with a modulus of 1024. The default is 512, and the range is from 360 to 2048. R3(config)# crypto key generate rsa The name for the keys will be: R3.ccnasecurity.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] Note: The command to generate RSA encryption key pairs for R3 in Packet Tracer differs from those used in the lab. Step 6: Verify the SSH configuration. Use the show ip ssh command to see the current settings. Verify that the authentication timeout and retries are at their default values of 120 and 3. Step 7: Configure SSH timeouts and authentication parameters. The default SSH timeouts and authentication parameters can be altered to be more restrictive. Set the timeout to 90 seconds, the number of authentication retries to 2, and the version to 2. R3(config)# ip ssh time-out 90 R3(config)# ip ssh authentication-retries 2 R3(config)# ip ssh version 2 Issue the show ip ssh command again to confirm that the values have been changed.
Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 6 Step 8: Attempt to connect to R3 via Telnet from PC-C. Open the Desktop of PC-C. Select the Command Prompt icon. From PC-C, enter the command to connect to R3 via Telnet. PC> telnet 192.168.3.1 This connection should fail because R3 has been configured to accept only SSH connections on the virtual terminal lines. Step 9: Connect to R3 using SSH on PC-C. Open the Desktop of PC-C. Select the Command Prompt icon. From PC-C, enter the command to connect to R3 via SSH. When prompted for the password, enter the password configured for the administrator ciscosshpa55. PC> ssh –l SSHadmin 192.168.3.1 Step 10: Connect to R3 using SSH on R2. In order to troubleshoot and maintain R3, the administrator at the ISP must use SSH to access the router CLI. From the CLI of R2, enter the command to connect to R3 via SSH version 2 using the SSHadmin user account. When prompted for the password, enter the password configured for the administrator: ciscosshpa55. R2# ssh –v 2 –l SSHadmin 10.2.2.1 Step 11: Check results. Your completion percentage should be 100%. Click Check Results to view the feedback and verification of which required components have been completed. !!!Scripts for R1 and R2!!!! conf t service timestamps log datetime msec logging 192.168.1.6 ntp server 192.168.1.5 ntp update-calendar end !!!Scripts for R3!!!! conf t service timestamps log datetime msec logging 192.168.1.6 ntp server 192.168.1.5 ntp update-calendar ip domain-name ccnasecurity.com username SSHadmin privilege 15 secret ciscosshpa55 line vty 0 4 login local transport input ssh crypto key zeroize rsa crypto key generate rsa 1024 ip ssh time-out 90
Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 6 ip ssh authentication-retries 2 ip ssh version 2 end

Recomendados

6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor
Salem Trabelsi
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
Salem Trabelsi
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And Answers
CCNAResources
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
Salachudin Emir
 
Voip phone setup
Voip phone setupVoip phone setup
Voip phone setup
Picky Airi
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
Salem Trabelsi
 
CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4
Nil Menon
 

Recomendados

6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor
Salem Trabelsi
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
Salem Trabelsi
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And Answers
CCNAResources
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
Salachudin Emir
 
Voip phone setup
Voip phone setupVoip phone setup
Voip phone setup
Picky Airi
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
Salem Trabelsi
 
CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4
Nil Menon
 
Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014
Santiago Bassett
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet
3Anetwork com
 
CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7
Nil Menon
 
CCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksCCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networks
Vuz Dở Hơi
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
Eng. Emad Al-Atoum
 
Chapter 15 : routing concepts
Chapter 15 : routing conceptsChapter 15 : routing concepts
Chapter 15 : routing concepts
teknetir
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
IGZ Software house
 
CCNA 2 Routing and Switching v5.0 Chapter 6
CCNA 2 Routing and Switching v5.0 Chapter 6CCNA 2 Routing and Switching v5.0 Chapter 6
CCNA 2 Routing and Switching v5.0 Chapter 6
Nil Menon
 
CCNA 2 Routing and Switching v5.0 Chapter 8
CCNA 2 Routing and Switching v5.0 Chapter 8CCNA 2 Routing and Switching v5.0 Chapter 8
CCNA 2 Routing and Switching v5.0 Chapter 8
Nil Menon
 
Subnetting
SubnettingSubnetting
Subnetting
Kishore Kumar
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 Vlans
Vuz Dở Hơi
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2
Nil Menon
 
Ccna
CcnaCcna
Ccna
AdityaKumar1548
 
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
CCNAv5 - S3: Chapter1 Introduction to Scaling NetworksCCNAv5 - S3: Chapter1 Introduction to Scaling Networks
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
Vuz Dở Hơi
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced training
Jignesh H. Bhalsod
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
Prasenjit Gayen
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
Cours routage inter-vlan
Cours routage inter-vlanCours routage inter-vlan
Cours routage inter-vlan
EL AMRI El Hassan
 
CCNA2 Verson6 Chapter3
CCNA2 Verson6 Chapter3CCNA2 Verson6 Chapter3
CCNA2 Verson6 Chapter3
Chaing Ravuth
 
Cisco Commands
Cisco CommandsCisco Commands
Cisco Commands
Fredrick Hall
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1
milkux
 
Sc manual
Sc manualSc manual
Sc manual
MugdhaDeodhar
 

Más contenido relacionado

La actualidad más candente

Chapter 15 : routing concepts
Chapter 15 : routing conceptsChapter 15 : routing concepts
Chapter 15 : routing concepts
teknetir
 

La actualidad más candente (20)

Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet
 
CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7
 
CCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksCCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networks
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
 
Chapter 15 : routing concepts
Chapter 15 : routing conceptsChapter 15 : routing concepts
Chapter 15 : routing concepts
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
 
CCNA 2 Routing and Switching v5.0 Chapter 6
CCNA 2 Routing and Switching v5.0 Chapter 6CCNA 2 Routing and Switching v5.0 Chapter 6
CCNA 2 Routing and Switching v5.0 Chapter 6
 
CCNA 2 Routing and Switching v5.0 Chapter 8
CCNA 2 Routing and Switching v5.0 Chapter 8CCNA 2 Routing and Switching v5.0 Chapter 8
CCNA 2 Routing and Switching v5.0 Chapter 8
 
Subnetting
SubnettingSubnetting
Subnetting
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 Vlans
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2
 
Ccna
CcnaCcna
Ccna
 
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
CCNAv5 - S3: Chapter1 Introduction to Scaling NetworksCCNAv5 - S3: Chapter1 Introduction to Scaling Networks
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced training
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
 
Bgp
BgpBgp
Bgp
 
Cours routage inter-vlan
Cours routage inter-vlanCours routage inter-vlan
Cours routage inter-vlan
 
CCNA2 Verson6 Chapter3
CCNA2 Verson6 Chapter3CCNA2 Verson6 Chapter3
CCNA2 Verson6 Chapter3
 
Cisco Commands
Cisco CommandsCisco Commands
Cisco Commands
 

Similar a 2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh operations instructor

All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxAll contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
galerussel59292
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
keturahhazelhurst
 
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracerCcnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Đồng Quốc Vương
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornment
Asif
 
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
Salem Trabelsi
 
Linux hpc-cluster-setup-guide
Linux hpc-cluster-setup-guideLinux hpc-cluster-setup-guide
Linux hpc-cluster-setup-guide
jasembo
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
Louis Göhl
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccna
robertoxe
 

Similar a 2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh operations instructor (20)

Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1
 
Sc manual
Sc manualSc manual
Sc manual
 
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxAll contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
 
managing your network environment
managing your network environmentmanaging your network environment
managing your network environment
 
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracerCcnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornment
 
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp uk
 
ENSA_Module_10.pptx
ENSA_Module_10.pptxENSA_Module_10.pptx
ENSA_Module_10.pptx
 
Linux hpc-cluster-setup-guide
Linux hpc-cluster-setup-guideLinux hpc-cluster-setup-guide
Linux hpc-cluster-setup-guide
 
CCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxCCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptx
 
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccna
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccna
 
Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: Network
 
lab1
lab1lab1
lab1
 

Último

Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
ssuserdda66b
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 

Último (20)

Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 

2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh operations instructor

  • 1. © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 6 Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 Fa0/1 192.168.1.1 255.255.255.0 N/A S1 Fa0/5 S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A R2 S0/0/0 10.1.1.2 255.255.255.252 N/A N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A R3 Fa0/1 192.168.3.1 255.255.255.0 N/A S3 Fa0/5 S0/0/1 10.2.2.1 255.255.255.252 N/A N/A PC-A NIC 192.168.1.5 255.255.255.0 192.168.1.1 S1 Fa0/6 PC-B NIC 192.168.1.6 255.255.255.0 192.168.1.1 S2 Fa0/18 PC-C NIC 192.168.3.5 255.255.255.0 192.168.3.1 S3 Fa0/18 Objectives  Configure routers as NTP clients.  Configure routers to update the hardware clock using NTP.  Configure routers to log messages to the syslog server.  Configure routers to timestamp log messages.  Configure local users.
  • 2. Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 6  Configure VTY lines to accept SSH connections only.  Configure RSA key pair on SSH server.  Verify SSH connectivity from PC client and router client. Background / Scenario The network topology shows three routers. You will configure NTP and Syslog on all routers. You will configure SSH on R3. Network Time Protocol (NTP) allows routers on the network to synchronize their time settings with an NTP server. A group of NTP clients that obtain time and date information from a single source have more consistent time settings and Syslog messages generated can be analyzed more easily. This can help when troubleshooting issues with network problems and attacks. When NTP is implemented in the network, it can be set up to synchronize to a private master clock, or to a publicly available NTP server on the Internet. The NTP Server is the master NTP server in this lab. You will configure the routers to allow the software clock to be synchronized by NTP to the time server. Also, you will configure the routers to periodically update the hardware clock with the time learned from NTP. Otherwise, the hardware clock will tend to gradually lose or gain time (drift) and the software clock and hardware clock may become out of synchronization with each other. The Syslog Server will provide message logging in this lab. You will configure the routers to identify the remote host (Syslog server) that will receive logging messages. You will need to configure timestamp service for logging on the routers. Displaying the correct time and date in Syslog messages is vital when using Syslog to monitor a network. If the correct time and date of a message is not known, it can be difficult to determine what network event caused the message. R2 is an ISP connected to two remote networks: R1 and R3. The local administrator at R3 can perform most router configurations and troubleshooting; however, because R3 is a managed router, the ISP needs access to R3 for occasional troubleshooting or updates. To provide this access in a secure manner, the administrators have agreed to use Secure Shell (SSH). You use the CLI to configure the router to be managed securely using SSH instead of Telnet. SSH is a network protocol that establishes a secure terminal emulation connection to a router or other networking device. SSH encrypts all information that passes over the network link and provides authentication of the remote computer. SSH is rapidly replacing Telnet as the remote login tool of choice for network professionals. The servers have been pre-configured for NTP and Syslog services respectively. NTP will not require authentication. The routers have been pre-configured with the following:  Enable password: ciscoenpa55  Password for vty lines: ciscovtypa55  Static routing Part 1: Configure Routers as NTP Clients Step 1: Test Connectivity.  Ping from PC-C to R3.  Ping from R2 to R3.  Telnet from PC-C to R3. Exit the Telnet session.  Telnet from R2 to R3. Exit the Telnet session.
  • 3. Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 6 Step 2: Configure R1, R2, and R3 as NTP clients. R1(config)# ntp server 192.168.1.5 R2(config)# ntp server 192.168.1.5 R3(config)# ntp server 192.168.1.5 Verify client configuration using the command show ntp status. Step 3: Configure routers to update hardware clock. Configure R1, R2, and R3 to periodically update the hardware clock with the time learned from NTP. R1(config)# ntp update-calendar R2(config)# ntp update-calendar R3(config)# ntp update-calendar Verify that the hardware clock was updated using the command show clock. Step 4: Configure routers to timestamp log messages. Configure timestamp service for logging on the routers. R1(config)# service timestamps log datetime msec R2(config)# service timestamps log datetime msec R3(config)# service timestamps log datetime msec Part 2: Configure Routers to Log Messages to the Syslog Server Step 1: Configure the routers to identify the remote host (Syslog Server) that will receive logging messages. R1(config)# logging host 192.168.1.6 R2(config)# logging host 192.168.1.6 R3(config)# logging host 192.168.1.6 The router console will display a message that logging has started. Step 2: Verify logging configuration using the command show logging. Step 3: Examine logs of the Syslog Server. From the Services tab of the Syslog Server’s dialogue box, select the Syslog services button. Observe the logging messages received from the routers. Note: Log messages can be generated on the server by executing commands on the router. For example, entering and exiting global configuration mode will generate an informational configuration message. Part 3: Configure R3 to Support SSH Connections Step 1: Configure a domain name. Configure a domain name of ccnasecurity.com on R3. R3(config)# ip domain-name ccnasecurity.com
  • 4. Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 6 Step 2: Configure users for login to the SSH server on R3. Create a user ID of SSHadmin with the highest possible privilege level and a secret password of ciscosshpa55. R3(config)# username SSHadmin privilege 15 secret ciscosshpa55 Step 3: Configure the incoming VTY lines on R3. Use the local user accounts for mandatory login and validation. Accept only SSH connections. R3 (config)# line vty 0 4 R3 (config-line)# login local R3(config-line)# transport input ssh Step 4: Erase existing key pairs on R3. Any existing RSA key pairs should be erased on the router. R3(config)# crypto key zeroize rsa Note: If no keys exist, you might receive this message: % No Signature RSA Keys found in configuration. Step 5: Generate the RSA encryption key pair for R3. The router uses the RSA key pair for authentication and encryption of transmitted SSH data. Configure the RSA keys with a modulus of 1024. The default is 512, and the range is from 360 to 2048. R3(config)# crypto key generate rsa The name for the keys will be: R3.ccnasecurity.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] Note: The command to generate RSA encryption key pairs for R3 in Packet Tracer differs from those used in the lab. Step 6: Verify the SSH configuration. Use the show ip ssh command to see the current settings. Verify that the authentication timeout and retries are at their default values of 120 and 3. Step 7: Configure SSH timeouts and authentication parameters. The default SSH timeouts and authentication parameters can be altered to be more restrictive. Set the timeout to 90 seconds, the number of authentication retries to 2, and the version to 2. R3(config)# ip ssh time-out 90 R3(config)# ip ssh authentication-retries 2 R3(config)# ip ssh version 2 Issue the show ip ssh command again to confirm that the values have been changed.
  • 5. Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 6 Step 8: Attempt to connect to R3 via Telnet from PC-C. Open the Desktop of PC-C. Select the Command Prompt icon. From PC-C, enter the command to connect to R3 via Telnet. PC> telnet 192.168.3.1 This connection should fail because R3 has been configured to accept only SSH connections on the virtual terminal lines. Step 9: Connect to R3 using SSH on PC-C. Open the Desktop of PC-C. Select the Command Prompt icon. From PC-C, enter the command to connect to R3 via SSH. When prompted for the password, enter the password configured for the administrator ciscosshpa55. PC> ssh –l SSHadmin 192.168.3.1 Step 10: Connect to R3 using SSH on R2. In order to troubleshoot and maintain R3, the administrator at the ISP must use SSH to access the router CLI. From the CLI of R2, enter the command to connect to R3 via SSH version 2 using the SSHadmin user account. When prompted for the password, enter the password configured for the administrator: ciscosshpa55. R2# ssh –v 2 –l SSHadmin 10.2.2.1 Step 11: Check results. Your completion percentage should be 100%. Click Check Results to view the feedback and verification of which required components have been completed. !!!Scripts for R1 and R2!!!! conf t service timestamps log datetime msec logging 192.168.1.6 ntp server 192.168.1.5 ntp update-calendar end !!!Scripts for R3!!!! conf t service timestamps log datetime msec logging 192.168.1.6 ntp server 192.168.1.5 ntp update-calendar ip domain-name ccnasecurity.com username SSHadmin privilege 15 secret ciscosshpa55 line vty 0 4 login local transport input ssh crypto key zeroize rsa crypto key generate rsa 1024 ip ssh time-out 90
  • 6. Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 6 ip ssh authentication-retries 2 ip ssh version 2 end