SlideShare una empresa de Scribd logo

Configure Cisco Routers for Syslog, NTP, and SSH Operations

Descargar como DOCX, PDF
Kelson Silva
Kelson Silva

Configure Cisco Routers for Syslog, NTP, and SSH Operations

Ingeniería
1 de 5
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 5 Configure Cisco Routers for Syslog, NTP, and SSH Operations Topology Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 G0/1 192.168.1.1 255.255.255.0 N/A S1 F0/5 S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A R2 S0/0/0 10.1.1.2 255.255.255.252 N/A N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A R3 G0/1 192.168.3.1 255.255.255.0 N/A S3 F0/5 S0/0/1 10.2.2.1 255.255.255.252 N/A N/A PC-A NIC 192.168.1.5 255.255.255.0 192.168.1.1 S1 F0/6 PC-B NIC 192.168.1.6 255.255.255.0 192.168.1.1 S2 F0/18 PC-C NIC 192.168.3.5 255.255.255.0 192.168.3.1 S3 F0/18 Objectives  Configure OSPF MD5 authentication.  Configure NTP.  Configure routers to log messages to the syslog server.  Configure R3 to support SSH connections. Background / Scenario In this activity, you will configure OSPF MD5 authentication for secure routing updates.
Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 5 The NTP Server is the master NTP server in this activity. You will configure authentication on the NTP server and the routers. You will configure the routers to allow the software clock to be synchronized by NTP to the time server. Also, you will configure the routers to periodically update the hardware clock with the time learned from NTP. The Syslog Server will provide message logging in this activity. You will configure the routers to identify the remote host (Syslog server) that will receive logging messages. You will need to configure timestamp service for logging on the routers. Displaying the correct time and date in Syslog messages is vital when using Syslog to monitor a network. You will configure R3 to be managed securely using SSH instead of Telnet. The servers have been pre- configured for NTP and Syslog services respectively. NTP will not require authentication. The routers have been pre-configured with the following passwords:  Enable password: ciscoenpa55  Password for vty lines: ciscovtypa55 Note: Note: MD5 is the strongest encryption supported in the version of Packet Tracer used to develop this activity (v6.2). Although MD5 has known vulnerabilities, you should use the encryption that meets the security requirements of your organization. In this activity, the security requirement specifies MD5. Part 1: ConfigureOSPF MD5 Authentication Step 1: Test connectivity. All devices should be able to ping all other IP addresses. Step 2: Configure OSPF MD5 authentication for all the routers in area 0. Configure OSPF MD5 authentication for all the routers in area 0. R1(config)# router ospf 1 R1(config-router)# area 0 authentication message-digest Step 3: Configure the MD5 key for all the routers in area 0. Configure an MD5 key on the serial interfaces on R1, R2 and R3. Use the password MD5pa55 for key 1. R1(config)# interface s0/0/0 R1(config-if)# ip ospf message-digest-key 1 md5 MD5pa55 Step 4: Verify configurations. a. Verify the MD5 authentication configurations using the commands show ip ospf interface. b. Verify end-to-end connectivity. Part 2: ConfigureNTP Step 1: Enable NTP authentication on PC-A. a. On PC-A, click NTP under the Services tab to verify NTP service is enabled. b. To configure NTP authentication, click Enable under Authentication. Use key 1 and password NTPpa55 for authentication.
Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 5 Step 2: Configure R1, R2, and R3 as NTP clients. Verify client configuration using the command show ntp status. Step 3: Configure routers to update hardware clock. Configure R1, R2, and R3 to periodically update the hardware clock with the time learned from NTP. Exit global configuration and verify that the hardware clock was updated using the command show clock. Step 4: Configure NTP authentication on the routers. Configure NTP authentication on R1, R2, and R3 using key 1 and password NTPpa55. R1(config)# ntp authenticate R1(config)# ntp trusted-key 1 R1(config)# ntp authentication-key 1 md5 NTPpa55 Step 5: Configure routers to timestamp log messages. Configure timestamp service for logging on the routers. Part 3: ConfigureRouters to Log Messages to the Syslog Server Step 1: Configure the routers to identify the remote host (Syslog Server) that will receive logging messages. The router console will display a message that logging has started. Step 2: Verify logging configuration. Use the command show logging to verify logging has been enabled. Step 3: Examine logs of the Syslog Server. From the Services tab of the Syslog Server’s dialogue box, select the Syslog services button. Observe the logging messages received from the routers. Note: Log messages can be generated on the server by executing commands on the router. For example, entering and exiting global configuration mode will generate an informational configuration message. You may need to click a different service and then click Syslog again to refresh the message display. Part 4: ConfigureR3 to SupportSSH Connections Step 1: Configure a domain name. Configure a domain name of ccnasecurity.com on R3. Step 2: Configure users for login to the SSH server on R3. Create a user ID of SSHadmin with the highest possible privilege level and a secret password of ciscosshpa55. R3(config)# username SSHadmin privilege 15 secret ciscosshpa55 Step 3: Configure the incoming vty lines on R3. Use the local user accounts for mandatory login and validation. Accept only SSH connections.
Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 5 Step 4: Erase existing key pairs on R3. Any existing RSA key pairs should be erased on the router. Note: If no keys exist, you might receive this message: % No Signature RSA Keys found in configuration. Step 5: Generate the RSAencryption key pair for R3. The router uses the RSA key pair for authentication and encryption of transmitted SSH data. Configure the RSA keys with a modulus of 1024. The default is 512, and the range is from 360 to 2048. R3(config)# crypto key generate rsa The name for the keys will be: R3.ccnasecurity.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] Note: The command to generate RSA encryption key pairs for R3 in Packet Tracer differs from those used in the lab. Step 6: Verify the SSH configuration. Use the show ip ssh command to see the current settings. Verify that the authentication timeout and retries are at their default values of 120 and 3. Step 7: Configure SSH timeouts and authentication parameters. The default SSH timeouts and authentication parameters can be altered to be more restrictive. Set the timeout to 90 seconds, the number of authentication retries to 2, and the version to 2. Issue the show ip ssh command again to confirm that the values have been changed. Step 8: Attempt to connect to R3 via Telnet fromPC-C. Open the Desktop of PC-C. Select the Command Prompt icon. From PC-C, enter the command to connect to R3 via Telnet. PC> telnet 192.168.3.1 This connection should fail because R3 has been configured to accept only SSH connections on the virtual terminal lines. Step 9: Connect to R3 using SSH on PC-C. Open the Desktop of PC-C. Select the Command Prompt icon. From PC-C, enter the command to connect to R3 via SSH. When prompted for the password, enter the password configured for the administrator ciscosshpa55. PC> ssh –l SSHadmin 192.168.3.1 Step 10: Connect to R3 using SSH on R2. To troubleshoot and maintain R3, the administrator at the ISP must use SSH to access the router CLI. From the CLI of R2, enter the command to connect to R3 via SSH version 2 using the SSHadmin user account. When prompted for the password, enter the password configured for the administrator: ciscosshpa55. R2# ssh –v 2 –l SSHadmin 10.2.2.1
Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 5 Step 11: Check results. Your completion percentage should be 100%. Click Check Results to view the feedback and verification of which required components have been completed.

Recomendados

4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...Salem Trabelsi
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructorSalem Trabelsi
 
cisco ccna cheat_sheet
cisco ccna cheat_sheetcisco ccna cheat_sheet
cisco ccna cheat_sheetGuntaka Reddy
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccnasinghsukdeep
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-express10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-expressNguyen Thanh
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorialopenflow
 

Recomendados

4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...Salem Trabelsi
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructorSalem Trabelsi
 
cisco ccna cheat_sheet
cisco ccna cheat_sheetcisco ccna cheat_sheet
cisco ccna cheat_sheetGuntaka Reddy
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccnasinghsukdeep
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-express10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-expressNguyen Thanh
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorialopenflow
 
Chapter 10 - DHCP
Chapter 10 - DHCPChapter 10 - DHCP
Chapter 10 - DHCPYaser Rahmati
 
Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designAlexander Petrovskiy
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructorSalem Trabelsi
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Application Layer and Socket Programming
Application Layer and Socket ProgrammingApplication Layer and Socket Programming
Application Layer and Socket Programmingelliando dias
 
Monitoring Dual Stack IPv4/IPv6 Networks
Monitoring Dual Stack IPv4/IPv6 NetworksMonitoring Dual Stack IPv4/IPv6 Networks
Monitoring Dual Stack IPv4/IPv6 NetworksVance Shipley
 
Networking
NetworkingNetworking
NetworkingPravesh Hidko
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracerAnabia Anabia
 
Ccna command
Ccna commandCcna command
Ccna commandSiddhartha Rajbhatt
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab GuideSalachudin Emir
 
JUNOS: OSPF and BGP
JUNOS: OSPF and BGPJUNOS: OSPF and BGP
JUNOS: OSPF and BGPZenith Networks
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhsTim Martin
 
[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack Firmware
[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack Firmware[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack Firmware
[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack FirmwareSimen Li
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheetEZREIG OMAR
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
Cisco packet tracer dhcp
Cisco packet tracer dhcpCisco packet tracer dhcp
Cisco packet tracer dhcprishi ram khanal
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet3Anetwork com
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And AnswersCCNAResources
 
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Netgate
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
Sc manual
Sc manualSc manual
Sc manualMugdhaDeodhar
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1milkux
 

Más contenido relacionado

La actualidad más candente

Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designAlexander Petrovskiy
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructorSalem Trabelsi
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Application Layer and Socket Programming
Application Layer and Socket ProgrammingApplication Layer and Socket Programming
Application Layer and Socket Programmingelliando dias
 
Monitoring Dual Stack IPv4/IPv6 Networks
Monitoring Dual Stack IPv4/IPv6 NetworksMonitoring Dual Stack IPv4/IPv6 Networks
Monitoring Dual Stack IPv4/IPv6 NetworksVance Shipley
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracerAnabia Anabia
 
[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack Firmware
[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack Firmware[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack Firmware
[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack FirmwareSimen Li
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheetEZREIG OMAR
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet3Anetwork com
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And AnswersCCNAResources
 
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Netgate
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 

La actualidad más candente (20)

Chapter 10 - DHCP
Chapter 10 - DHCPChapter 10 - DHCP
Chapter 10 - DHCP
 
Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network design
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)
 
Application Layer and Socket Programming
Application Layer and Socket ProgrammingApplication Layer and Socket Programming
Application Layer and Socket Programming
 
Monitoring Dual Stack IPv4/IPv6 Networks
Monitoring Dual Stack IPv4/IPv6 NetworksMonitoring Dual Stack IPv4/IPv6 Networks
Monitoring Dual Stack IPv4/IPv6 Networks
 
Networking
NetworkingNetworking
Networking
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracer
 
Ccna command
Ccna commandCcna command
Ccna command
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
 
JUNOS: OSPF and BGP
JUNOS: OSPF and BGPJUNOS: OSPF and BGP
JUNOS: OSPF and BGP
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
 
[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack Firmware
[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack Firmware[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack Firmware
[ZigBee 嵌入式系統] ZigBee 應用實作 - 使用 TI Z-Stack Firmware
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheet
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
Cisco packet tracer dhcp
Cisco packet tracer dhcpCisco packet tracer dhcp
Cisco packet tracer dhcp
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And Answers
 
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorial
 

Similar a Configure Cisco Routers for Syslog, NTP, and SSH Operations

Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1milkux
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxAll contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxgalerussel59292
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxketurahhazelhurst
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp ukJohnsmith5188
 
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracerCcnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracerĐồng Quốc Vương
 
managing your network environment
managing your network environmentmanaging your network environment
managing your network environmentscooby_doo
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornmentAsif
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccnarobertoxe
 
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02Abhilash Kuniyil
 
CCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxCCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxHugoGamez7
 
Ccna 4 v5 practice skills assessment – packet tracer
Ccna 4 v5 practice skills assessment – packet tracerCcna 4 v5 practice skills assessment – packet tracer
Ccna 4 v5 practice skills assessment – packet tracerĐồng Quốc Vương
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.Louis Göhl
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleFaisal Khan
 
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfcisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfAsgarAlam6
 

Similar a Configure Cisco Routers for Syslog, NTP, and SSH Operations (20)

Sc manual
Sc manualSc manual
Sc manual
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxAll contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp uk
 
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracerCcnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
Ccnav5.org ccna 4-v5_practice_skills_assessment__packet_tracer
 
managing your network environment
managing your network environmentmanaging your network environment
managing your network environment
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPN
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornment
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
 
lab1
lab1lab1
lab1
 
ENSA_Module_10.pptx
ENSA_Module_10.pptxENSA_Module_10.pptx
ENSA_Module_10.pptx
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccna
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccna
 
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
 
CCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxCCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptx
 
Ccna 4 v5 practice skills assessment – packet tracer
Ccna 4 v5 practice skills assessment – packet tracerCcna 4 v5 practice skills assessment – packet tracer
Ccna 4 v5 practice skills assessment – packet tracer
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
 
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfcisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
 

Último

An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxPurva Nikam
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 

Último (20)

young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptx
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 

Configure Cisco Routers for Syslog, NTP, and SSH Operations

  • 1. © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 5 Configure Cisco Routers for Syslog, NTP, and SSH Operations Topology Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 G0/1 192.168.1.1 255.255.255.0 N/A S1 F0/5 S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A N/A R2 S0/0/0 10.1.1.2 255.255.255.252 N/A N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A N/A R3 G0/1 192.168.3.1 255.255.255.0 N/A S3 F0/5 S0/0/1 10.2.2.1 255.255.255.252 N/A N/A PC-A NIC 192.168.1.5 255.255.255.0 192.168.1.1 S1 F0/6 PC-B NIC 192.168.1.6 255.255.255.0 192.168.1.1 S2 F0/18 PC-C NIC 192.168.3.5 255.255.255.0 192.168.3.1 S3 F0/18 Objectives  Configure OSPF MD5 authentication.  Configure NTP.  Configure routers to log messages to the syslog server.  Configure R3 to support SSH connections. Background / Scenario In this activity, you will configure OSPF MD5 authentication for secure routing updates.
  • 2. Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 5 The NTP Server is the master NTP server in this activity. You will configure authentication on the NTP server and the routers. You will configure the routers to allow the software clock to be synchronized by NTP to the time server. Also, you will configure the routers to periodically update the hardware clock with the time learned from NTP. The Syslog Server will provide message logging in this activity. You will configure the routers to identify the remote host (Syslog server) that will receive logging messages. You will need to configure timestamp service for logging on the routers. Displaying the correct time and date in Syslog messages is vital when using Syslog to monitor a network. You will configure R3 to be managed securely using SSH instead of Telnet. The servers have been pre- configured for NTP and Syslog services respectively. NTP will not require authentication. The routers have been pre-configured with the following passwords:  Enable password: ciscoenpa55  Password for vty lines: ciscovtypa55 Note: Note: MD5 is the strongest encryption supported in the version of Packet Tracer used to develop this activity (v6.2). Although MD5 has known vulnerabilities, you should use the encryption that meets the security requirements of your organization. In this activity, the security requirement specifies MD5. Part 1: ConfigureOSPF MD5 Authentication Step 1: Test connectivity. All devices should be able to ping all other IP addresses. Step 2: Configure OSPF MD5 authentication for all the routers in area 0. Configure OSPF MD5 authentication for all the routers in area 0. R1(config)# router ospf 1 R1(config-router)# area 0 authentication message-digest Step 3: Configure the MD5 key for all the routers in area 0. Configure an MD5 key on the serial interfaces on R1, R2 and R3. Use the password MD5pa55 for key 1. R1(config)# interface s0/0/0 R1(config-if)# ip ospf message-digest-key 1 md5 MD5pa55 Step 4: Verify configurations. a. Verify the MD5 authentication configurations using the commands show ip ospf interface. b. Verify end-to-end connectivity. Part 2: ConfigureNTP Step 1: Enable NTP authentication on PC-A. a. On PC-A, click NTP under the Services tab to verify NTP service is enabled. b. To configure NTP authentication, click Enable under Authentication. Use key 1 and password NTPpa55 for authentication.
  • 3. Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 5 Step 2: Configure R1, R2, and R3 as NTP clients. Verify client configuration using the command show ntp status. Step 3: Configure routers to update hardware clock. Configure R1, R2, and R3 to periodically update the hardware clock with the time learned from NTP. Exit global configuration and verify that the hardware clock was updated using the command show clock. Step 4: Configure NTP authentication on the routers. Configure NTP authentication on R1, R2, and R3 using key 1 and password NTPpa55. R1(config)# ntp authenticate R1(config)# ntp trusted-key 1 R1(config)# ntp authentication-key 1 md5 NTPpa55 Step 5: Configure routers to timestamp log messages. Configure timestamp service for logging on the routers. Part 3: ConfigureRouters to Log Messages to the Syslog Server Step 1: Configure the routers to identify the remote host (Syslog Server) that will receive logging messages. The router console will display a message that logging has started. Step 2: Verify logging configuration. Use the command show logging to verify logging has been enabled. Step 3: Examine logs of the Syslog Server. From the Services tab of the Syslog Server’s dialogue box, select the Syslog services button. Observe the logging messages received from the routers. Note: Log messages can be generated on the server by executing commands on the router. For example, entering and exiting global configuration mode will generate an informational configuration message. You may need to click a different service and then click Syslog again to refresh the message display. Part 4: ConfigureR3 to SupportSSH Connections Step 1: Configure a domain name. Configure a domain name of ccnasecurity.com on R3. Step 2: Configure users for login to the SSH server on R3. Create a user ID of SSHadmin with the highest possible privilege level and a secret password of ciscosshpa55. R3(config)# username SSHadmin privilege 15 secret ciscosshpa55 Step 3: Configure the incoming vty lines on R3. Use the local user accounts for mandatory login and validation. Accept only SSH connections.
  • 4. Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 5 Step 4: Erase existing key pairs on R3. Any existing RSA key pairs should be erased on the router. Note: If no keys exist, you might receive this message: % No Signature RSA Keys found in configuration. Step 5: Generate the RSAencryption key pair for R3. The router uses the RSA key pair for authentication and encryption of transmitted SSH data. Configure the RSA keys with a modulus of 1024. The default is 512, and the range is from 360 to 2048. R3(config)# crypto key generate rsa The name for the keys will be: R3.ccnasecurity.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] Note: The command to generate RSA encryption key pairs for R3 in Packet Tracer differs from those used in the lab. Step 6: Verify the SSH configuration. Use the show ip ssh command to see the current settings. Verify that the authentication timeout and retries are at their default values of 120 and 3. Step 7: Configure SSH timeouts and authentication parameters. The default SSH timeouts and authentication parameters can be altered to be more restrictive. Set the timeout to 90 seconds, the number of authentication retries to 2, and the version to 2. Issue the show ip ssh command again to confirm that the values have been changed. Step 8: Attempt to connect to R3 via Telnet fromPC-C. Open the Desktop of PC-C. Select the Command Prompt icon. From PC-C, enter the command to connect to R3 via Telnet. PC> telnet 192.168.3.1 This connection should fail because R3 has been configured to accept only SSH connections on the virtual terminal lines. Step 9: Connect to R3 using SSH on PC-C. Open the Desktop of PC-C. Select the Command Prompt icon. From PC-C, enter the command to connect to R3 via SSH. When prompted for the password, enter the password configured for the administrator ciscosshpa55. PC> ssh –l SSHadmin 192.168.3.1 Step 10: Connect to R3 using SSH on R2. To troubleshoot and maintain R3, the administrator at the ISP must use SSH to access the router CLI. From the CLI of R2, enter the command to connect to R3 via SSH version 2 using the SSHadmin user account. When prompted for the password, enter the password configured for the administrator: ciscosshpa55. R2# ssh –v 2 –l SSHadmin 10.2.2.1
  • 5. Configure Cisco Routers for Syslog, NTP, and SSH Operations © 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 5 Step 11: Check results. Your completion percentage should be 100%. Click Check Results to view the feedback and verification of which required components have been completed.