Лабораторно упражнение N 7

Забележка:  Провежда се след Модул 17

1.  Настройки по сигурността на мрежовите устройства - Cisco рутер/суич:

Router-1 (config) # service password-encryption

Router-1 (config) # security passwords min-length 10

Router-1 (config) # login block-for 120 attempts 3 within 30

Router-1 (config) # enable secret Enablep@55

Router-1 (config) # line console 0

Router-1 (config-line) # exec-timeout 5 0

Router-1 (config-line) # line vty 0 4

Router-1 (config-line) # exec-timeout 5 0

Router-1 # show login

Router-1 # show ip ports all /IOS-XE/

Router-1 # show control-plane host open-ports /prior IOS-XE/

2. Конфигуриране на SSH отдалечен достъп до Cisco рутер/суич:

Router (config) # hostname Router-1

Router-1 (config) # ip domain-name ccna-lab.com

Router-1 (config) # username admin1 privilege 15 secret adminpass1

Router-1 (config) # username admin2 privilege 15 secret adminpass2

Router-1 (config) # crypto key generate rsa

Router-1 (config) # ip ssh version 2 /ако не се въведе тази команда, ssh-сървъра работи на най-високата версия която ssh-клиента поддържа/

Router-1 (config) # ip ssh time-out 60

Router-1 (config) # ip ssh authentication-retries 3

Router-1 # show ip ssh

Router-1 # show ssh

Router-1 (config) # line vty 0 4

Router-1 (config-line) # login local

Router-1 (config-line) # transport input ssh /осигурява достъп единствено по SSH/

Router-1 (config) # crypto key zeroize rsa /изтрива генерираните крипто ключове/

3. Команди за верификация и отстраняване на проблеми:

Router-1 # ping

Router-1 # traceroute

Router-1 # show version

Router-1 # show running-config

Router-1 # show interfaces

Router-1 # show ip interface

Router-1 # show arp

Router-1 # show ip route

Router-1 # show protocols

Router-1 # show cdp neighbors

Router-1 # show cdp neighbors detail