Академический Документы
Профессиональный Документы
Культура Документы
Setting VLAN
Int VLAN 1
Name Student
Assign ports to VLAN
Int f0/6
Switchport mode access
Switchport access vlan 10
Set to trunk
Switchport dynamic desirable
DCE:
Int s0/0/1
Clock rate 64000/128000
domain name
R1(config)# ip domain-name ccnasecurity.com
SSH
Configure a privileged user for login from the SSH client
R1(config)# username admin privilege 15 algorithm-type scrypt secret
cisco12345
R1(config)# line vty 0 4
R1(config-line)# privilege level 15
R1(config-line)# login local
R1(config-line)# transport input ssh
R1(config-line)# exit
SCP Server
Enable AAA on the router.
R1(config)# aaa new-model
R1(config)# aaa authentication login default local
R1(config)# aaa authorization exec default local
R1(config)# ip scp server enable
Copy config
R1# copy running-config R1-Config
R3# copy scp: flash:
Address or name of remote host []? 10.1.1.1 (Des)
Source username [R3]? admin
Source filename []? R1-Config
Destination filename [R1-Config]? [Enter]
Password: cisco12345
R1# copy running-config startup-config
NTP
Master:
R2(config)# ntp authentication-key 1 md5 NTPpassword
R2(config)# ntp trusted-key 1
R2(config)# ntp authenticate
R2(config)# ntp master 3
Client
R1(config)# ntp authentication-key 1 md5 NTPpassword
R1(config)# ntp trusted-key 1
R1(config)# ntp authenticate
R1(config)# ntp server 10.1.1.2
R1(config)# ntp update-calendar
Syslog
R1(config)# service timestamps log datetime msec
R1(config)# logging host 192.168.1.3
Auto Security
R3# auto secure
Is this router connected to internet? [no]: yes
Enter the interface name that is facing the internet: Serial0/0/1
Enter the security banner {Put the banner between
Verify that the system clock and debug time stamps are
configured correctly
R3# clock set 14:15:00 26 December 2014
R3# show run | include timestamps
R3(config)# service timestamps debug datetime msec
R3(config)# exit
R3# copy running-config startup-config
Enable PortFast
enables them to become active more quickly
Use the match address <access-list> command to specify which access list
defines which traffic to encrypt
R1(config-crypto-map)# match address 101
Setting a peer IP or hostname is required. Set it to R3’s remote VPN
endpoint interface using the following command
R1(config-crypto-map)# set peer 10.2.2.1
Use the set transform-set <tag> command to hard code the transform set to be
used with this peer. Set the perfect forwarding secrecy type using the set
pfs <type> command, and modify the default IPsec security association life
time with the set security-association lifetime seconds <seconds> command
R1(config-crypto-map)# set pfs group14
R1(config-crypto-map)# set transform-set 50
R1(config-crypto-map)# set security-association lifetime seconds 900
R1(config)# end
R3(config)# end