Ccna security Chapter 2 Lab A: Securing the Router for Administrative Access Instructor Version Topology ip addressing Table
Router R1 (after SDM Security Audit lockdown)
Download 392.14 Kb.
|
Router R1 (after SDM Security Audit lockdown) Building configuration... Current configuration : 6591 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname R1 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging message-counter syslog no logging buffered logging console critical enable secret 5 $1$qiT9$TsdzaYNSjevWaC1VDKYgF0 ! aaa new-model ! aaa authentication login local_authen local aaa authorization exec local_author local ! aaa session-id common dot11 syslog no ip source-route ! ip cef no ip bootp server no ip domain lookup ! no ipv6 cef multilink bundle-name authenticated ! crypto pki trustpoint TP-self-signed-1301487169 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1301487169 revocation-check none rsakeypair TP-self-signed-1301487169 ! ! crypto pki certificate chain TP-self-signed-1301487169 certificate self-signed 01 3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31333031 34383731 3639301E 170D3038 31323231 31363238 33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33303134 38373136 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100CACC 53A913D4 424F2294 B8EAC5BF E4CADFC5 FCBD03D2 C40D6BF7 9B582413 8C478ADC B02FB6BF 481512E1 3BDE9FDE 88DFAFE1 A76621C3 10EBBC35 62D7331E E820D588 8F703464 0FE6258C 96BE38C2 111DAC8C A2D2C800 D61390C0 16CD886C BA036712 E3ADC4F8 DC477457 CEB68C1F 8064C9BD CF3AC037 9DEE8B8D 9906C165 6CF50203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603 551D1104 06300482 02523130 1F060355 1D230418 30168014 511FE4C9 4A1A8667 F2BB73CC F3FDCCE3 DE9CBCA7 301D0603 551D0E04 16041451 1FE4C94A 1A8667F2 BB73CCF3 FDCCE3DE 9CBCA730 0D06092A 864886F7 0D010104 05000381 810098BE 697A56AA 40E7D56A AB7C86A2 9A76D57E DD17150E D35382F5 792C6A54 C9272E0C ED0FE4EC 3CFE585D 2C0DE8ED 37BD10F8 49110181 3462D1DC 9E35A052 0C74585C CA2FB05F E965BA45 4BFEBB14 DB07F28C ABE06ECA 0DBBD791 1CF0E3C0 775EB127 65734982 309AD84E 2AE3C3A6 A16B83E5 328F5D2C 3A31D8D4 5E71538C AE34 quit ! username admin privilege 15 secret 5 $1$uKGH$dq8qkvBLt5L4nED5bNTK4. archive log config hidekeys ! ip tcp synwait-time 10 ip ssh time-out 60 ip ssh authentication-retries 2 ! class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-insp-traffic match class-map sdm-cls-insp-traffic class-map type inspect match-any SDM-Voice-permit match protocol h323 match protocol skinny match protocol sip class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all sdm-icmp-access match class-map sdm-cls-icmp-access class-map type inspect match-all sdm-protocol-http match protocol http ! ! policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access inspect class class-default pass policy-map type inspect sdm-inspect class type inspect sdm-invalid-src drop log class type inspect sdm-insp-traffic inspect class type inspect sdm-protocol-http inspect class type inspect SDM-Voice-permit inspect class class-default pass policy-map type inspect sdm-permit class class-default drop ! zone security out-zone zone security in-zone zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect ! interface Null0 no ip unreachables ! interface FastEthernet0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress shutdown duplex auto speed auto no mop enabled ! interface FastEthernet0/1 description $FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress zone-member security in-zone duplex auto speed auto no mop enabled ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 description $FW_OUTSIDE$ ip address 10.1.1.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress zone-member security out-zone clock rate 64000 ! interface Serial0/0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress shutdown clock rate 2000000 ! interface Vlan1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 10.1.1.2 no ip http server ip http access-class 1 ip http authentication local ip http secure-server ! logging trap debugging logging 192.168.1.3 access-list 1 remark HTTP Access-class list access-list 1 remark SDM_ACL Category=1 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 deny any access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip 10.1.1.0 0.0.0.3 any access-list 101 remark VTY Access-class list access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip 192.168.1.0 0.0.0.255 any access-list 101 deny ip any any no cdp run ! control-plane ! banner login ^CUnauthorized access prohibited^C ! line con 0 login authentication local_authen transport output telnet line aux 0 login authentication local_authen transport output telnet line vty 0 4 access-class 101 in authorization exec local_author login authentication local_authen transport input telnet ssh ! scheduler allocate 20000 1000 end R1# All contents are Copyright © 1992–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page of Directory: ~kotfid -> secvoice10 -> labs labs -> Chapter 3 Lab A, Securing Administrative Access Using aaa and radius instructor Version Download 392.14 Kb. Share with your friends:
|