CCNA Security All contents are Copyright © 1992 –2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 13 of 62 R1config crypto key generate rsa general-keys modulus 1024 The name for the keys will be: R1.ccnasecurity.com The key modulus size is 1024 bits Generating 1024 bit RSA keys, keys will be non-exportable...[OK] R1config Feb 11 19:08:58.215: SSH-5-ENABLED: SSH 1.99 has been enabled R1config exit Step 5: Verify SSH connectivity to R1 from PC-A. a. If the SSH client is not already installed, download either TeraTerm or PuTTY. b. Launch the SSH client, enter the Fa01 IP address, and enter the Admin01 username and password Admin01pa55. Task 3: Configure a Synchronized Time Source Using NTP Chapter 2 Step 1: Set up the NTP master using Cisco IOS commands. R2 will be the master NTP server. All other routers and switches learn their time from it, either directly or indirectly. a. Ensure that R2 has the correct coordinated universal time. Set the time if it is not correct. R2 show clock 17:28:40.303 UTC Tue Feb 10 2009 R2 clock set 19:30:00 Feb 11 2009 R2 show clock 19:30:09.079 UTC Wed Feb 11 2009 b. Configure R2 as the NTP master with a stratum number of 3. R2config ntp master 3 Step 2: Configure R1 and R3 as NTP clients. a. Configure R1 and R3 to become NTP clients of R2. R1config ntp server 10.1.1.2 R1config ntp update-calendar R3config ntp server 10.2.2.2 R3config ntp update-calendar

b. Verify that R1 and R3 have made an association with R2 using the show ntp associations

command. R1 show ntp associations address ref clock st when poll reach delay offset disp ~10.1.1.2 127.127.1.1 3 15 64 3 0.000 -54108. 3937.7 sys.peer, selected, + candidate, - outlyer, x falseticker, ~ configured CCNA Security All contents are Copyright © 1992 –2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 14 of 62 Task 4: Configure Router Syslog Support Chapter 2 Step 1: Optional Install the syslog server on PC-A and PC-C. If a syslog server is not currently installed on the host, download the latest version of Kiwi from http:www.kiwisyslog.com or Tftpd32 from http:tftpd32.jounin.net and install it on your desktop. If it is already installed, go to Step 2. Step 2: Configure R1 to log messages to the PC-A syslog server. a. Verify that you have connectivity between R1 and host PC-A by pinging the R1 Fa01 interface IP address 192.168.1.1 from PC-A. If the pings are not successful, troubleshoot as necessary before continuing. b. Configure logging on the router to send syslog messages to the syslog server. R1config logging 192.168.1.3 Step 3: Configure R3 to log messages to the PC-C syslog server. a. Verify that you have connectivity between R3 and the host PC-C by pinging the R3 Fa01 interface IP address 192.168.3.1 from PC-C. If the pings are not successful, troubleshoot as necessary before continuing. b. Configure logging on the router to send syslog messages to the syslog server. R3config logging 192.168.3.3 Task 5: Configure Authentication Using AAA and RADIUS Chapter 3 PC-A will serve as the local RADIUS server for the remote site, and R1 accesses the external RADIUS server for user authentication. The freeware RADIUS server WinRadius is used for this section of the lab. Step 1: Optional Download and configure the WinRadius software. a. If WinRadius is not currently installed on R1, download the latest version from http:www.suggestsoft.comsoftitconsult2000winradius , http:winradius.soft32.com , http:www.brothersoft.comwinradius-20914.html . There is no installation setup. The extracted WinRadius.exe file is executable. b. Start the WinRadius.exe application. If the application is being started for the first time, follow the instructions to configure the WinRadius server database. Note: If WinRadius is used on a PC that uses the Microsoft Windows Vista operating system or the Microsoft Windows 7 operating system, ODBC may fail to create successfully because it cannot write to the registry. Possible solutions: 1. Compatibility settings: a. Right click on the WinRadius.exe icon and select Properties. b. While in the Properties dialog box, select the Compatibility tab. In this tab, select the checkbox for Run this program in compatibility mode for. Then in the drop down menu below, choose Windows XP Service Pack 3 for example, if it is appropriate for your system.

c. Click OK. 2. Run as Administrator settings: