Log in as Admin01 with a password of Admin01pass. Were you able to login? Why or why not? Yes. Add a user named admin to the local database.
c. Add a user named admin to the local database.
R3config username admin privilege 15 secret cisco12345 d. Have CCP use the local database to authenticate web sessions. R3config ip http authentication local Step 2: Access CCP and discover R3. a. Start CCP on PC-C. In the Manage Devices window, add R3 IP address 192.168.3.1 in the first IP address field. Enter admin in the Username field, and cisco12345 in the Password field. b. At the CCP Dashboard, click the Discover button to discover and connect to R3. If discovery fails, click the Discovery Details button to determine the problem. Step 3: Use CCP to create an administrative user. a. Click the Configure button at the top of the screen. b. Choose Router Router Access User AccountsView. c. In the User AccountsView window, click Add. d. In the Add an Account window, enter Admin01 in the Username field. e. Enter the password Admin01pass in the New Password and Confirm New Password fields. Remember, passwords are case-sensitive. f. Confirm that the Encrypt password using MD5 hash algorithm check box is checked. g. Select 15 from the Privilege Level drop-down list and click OK. CCNA Security All contents are Copyright © 1992 –2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 10 of 31 h. In the Deliver Configuration to Router window, make sure that the Save Running Config to Router’s Startup Config check box is checked, and click Deliver. i. In the Commands Delivery Status window, click OK. Step 4: Create AAA method list for login. a. Click the Configure button at the top of the screen. b. Choose Router AAA Authentication Policies Login. c. In the Authentication Login window, click Add. d. In the Add a Method List for Authentication Login window, verify that Default is in the Name field. CCNA Security All contents are Copyright © 1992 –2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 31 e. Click Add in the Methods section. f. In the Select Method Lists for Authentication Login window, choose local and click OK. Take note of the other methods listed, which include RADIUS group radius and TACACS+ group tacacs+. CCNA Security All contents are Copyright © 1992 –2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 31 g. Click OK to close the window. h. Repeat steps 4f and 4g. Choose none as a second authentication method and click the OK button when done. i. In the Deliver Configuration to Router window, make sure that the Save Running Config to Routers Startup Config checkbox is checked, and click Deliver. In the Commands Delivery Status window, click OK. j. What command was delivered to the router? aaa authentication login default local none. This is the same Cisco IOS command that would have been entered at the CLI in Task 2, Step 2. Step 5: Verify the AAA username and profile for console login. a. Exit to the initial router screen that displays: R3 con0 is now available, Press RETURN to get started. b. Log in to the console as Admin01 with a password of Admin01pass. Were you able to login? Why or why not? Yes. The router verified the account against the local database. c. Exit to the initial router screen that displays: R3 con0 is now available, Press RETURN to get started. d. Attempt to log in to the console as baduser. Were you able to login? Why or why not? Yes. If the username is not found in the local database, the none option on the command aaa authentication login default local none requires no authentication. If no user accounts are configured in the local database, which users are permitted to access the device? All users can access the device, regardless of the name or password they use. e. Log in to the console as Admin01 with a password of Admin01pass. Access privileged EXEC mode using the enable secret password cisco12345 and then show the running config. What commands are associated with the CCP session? CCNA Security All contents are Copyright © 1992 –2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 13 of 31 aaa new-model aaa authentication login default local none username Admin01 privilege 15 secret 5 1w1TFFPwXTyg2tleLjrjqZpTSw Task 4: Observe AAA Authentication Using Cisco IOS Debug In this task, you use the debug command to observe successful and unsuccessful authentication attempts. Step 1: Verify that the system clock and debug time stamps are configured correctly.a. From the R3 user or privileged EXEC mode prompt, use the show clock command to determine
Parts
» CCNA Security 1.1 Instructor Lab Manual
» Lab A: Researching Network Attacks and Security Audit Tools
» Lab A: Securing the Router for Administrative Access
» Use the username command to create the user ID with the highest possible privilege level and a
» Issue the undebug all or the no debug ntp all command to turn off debugging.
» Click OK in the Commands Delivery Status window.
» Use the show logging command to see the type and level of logging enabled.
» Save the running config to the startup config using the copy run start command.
» Lab A: Securing Administrative Access Using AAA and RADIUS
» Click Send and you should see a Send Access_Request message indicating the server at
» Clear the log on the WinRadius server by choosing Log Clear from the main menu.
» Lab A: Configuring CBAC and Zone-Based Firewalls
» Issue the show run command to review the current basic configuration on R1.
» Display the Extended ACL named autosec_firewall_acl, which is applied to S000 inbound.
» Display the Extended ACL named autosec_firewall_acl that is applied to S000 inbound.
» Click Finish to complete the Firewall wizard.
» Lab A: Configuring an Intrusion Prevention System IPS Using the CLI and CCP
» From the R1 CLI, verify that the directory is present using the dir flash: or dir flash:ipsdir
» Apply the IPS rule to an interface with the ip ips name direction command in interface
» Verify connectivity between R1 and PC-A, the TFTP server, using the ping command.
» Use the show ip ips all command to see an IPS configuration status summary. To which
» For Protocol, select tftp from the drop-down menu. Enter the IP address of the PC-C TFTP server
» Lab A: Securing Layer 2 Switches Instructor Version
» From the router R1 CLI, use the show interface command and record the MAC address of the
» Set the SPAN source interface using the monitor session command in global configuration mode.
» Lab A: Exploring Encryption Methods Instructor
» Lab A: Configuring a Site-to-Site VPN Using Cisco IOS and CCP
» Verify the IKE policy with the show crypto isakmp policy command.
» Save the running config to the startup config for R1 and R3 using the copy run start command.
» Click the Launch the selected task button to begin the CCP Site-to-Site VPN wizard.
» Lab B: Configuring a Remote Access VPN Server and Client
» In the Command Delivery Status window, click OK. How many commands are delivered? 103 with
» Lab C Optional: Configuring a Remote Access VPN Server and Client
» Lab A: Security Policy Development and Implementation
» Verify that R1 and R3 have made an association with R2 using the show ntp associations
» Choose FastEthernet 01 as the Inside Trusted interface and Serial 001 as the Outside Untrusted
» From PC-A, Telnet to R2 at IP address 10.1.1.2 using the vty line password ciscovtypass.
» If the ipsdir directory is not listed, create it.
» Secure the router running configuration and securely archive it in persistent storage flash.
» Lab A: Configuring ASA Basic Settings and Firewall Using CLI
» Display the ASA file system using the show file system command to determine what prefixes are
» Display the current running configuration using the show running-config command.
» You can configure the ASA to accept HTTPS connections using the http command. This allows
» Issue the show route command to display the ASA routing table and the static default route just
» Save the RSA keys to persistent flash memory using either the copy run start or write mem
» Lab B: Configuring ASA Basic Settings and Firewall Using ASDM
» View this Access Rule in ASDM by choosing Configuration Firewall Access Rules. It appears
» Lab C: Configuring Clientless and AnyConnect Remote Access SSL VPNs Using ASDM
» Enable HTTP access to R1 using the ip http server command in global config mode. Also set
» From the Add Bookmark List window, click Add to open the Add Bookmark window. Enter Web Mail as
» Lab D: Configuring a Site-to-Site IPsec VPN Using CCP and ASDM
» Use the reload command to restart the ASA. This will cause the ASA to come up in CLI Setup
» In the Peer Identity section, select Peer with static IP address and enter the IP address of the
Show more