1.

- Create a new username and password for yourself with "full controll" settings (config)# username mike password PaSSwOrd level 15 2.- Start a new AAA Configuration (config)# aaa new-model 3.- Set AAA to authenticate all logins (config)# aaa authentication login "databasename" local <-- Database name is just a way for you to refer to the local users database, it can be something like UDB <--meaning Users DataBase 4.- Set your VTY Lines to use AAA (Config)# line vty 0 15 (config-line)# login authentication UDB <-- Making reference to the local users database (config-line)#exit 5.- Set your Router's HTTP Server to authenticate using the local database. (config)# ip http server (config)# ip http authentication local You then now be ready to go, anyway, I will still recommend you to create at least one standard ACL that will allow only connectionf from your computer and attach it to your VTY lines and HTTP Service so it will be a bit more secure. Another thing I will recommend is to set a proper name to the router, set a domain name on it, and then enable HTTP over SSL on your router, so all the communication between your computer running SDM and your router will be encrypted. If you need any further assistance, please do not hesitate in posting it here...

Task 3: Configure Your Router to Support SDM You can install and run SDM on a router that is already in use without disruptin g network traffic, but you must ensure that a few configuration settings are pre sent in the router configuration file. Access the CLI using Telnet or the console connection to modify the existing con figuration before installing SDM on your router. Step 1 Enable the HTTP and HTTPS servers on your router by entering the followi ng commands in global configuration mode:

Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip http server Router(config)# ip http secure-server Router(config)# ip http authentication local Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000 If the router supports HTTPS, the HTTPS server will be enabled. If not, the HTTP server will be enabled. HTTPS is supported in all images that support the Crypt o/IPSec feature set, starting from Cisco IOS release 12.25(T). Step 2 Create a user account defined with privilege level 15 (enable privileges ). Enter the following command in global configuration mode, replacing username and password with the strings that you want to use: Router(config)# username username privilege 15 secret 0 password For example, if you chose the username tomato and the password vegetable, you wo uld enter: Router(config)# username tomato privilege 15 secret 0 vegetable You will use this username and password to log in to SDM. Step 3 Configure SSH and Telnet for local login and privilege level 15. Use the following commands: Router(config)# line Router(config-line)# Router(config-line)# Router(config-line)# Router(config-line)# vty 0 4 privilege level 15 login local transport input telnet ssh exit

If your router supports 16 vty lines, you can add the following lines to the con figuration file: Router(config)# line Router(config-line)# Router(config-line)# Router(config-line)# Router(config-line)# Router(config)# vty 5 15 privilege level 15 login local transport input telnet ssh exit

Step 4 (Optional) Enable local logging to support the log monitoring function. Enter the following command in global configuration mode: Router(config)# logging buffered 51200 warning Step 5 Enter the end command to leave configuration mode: Router(config)# end Router#

########################################################## How to configure VLAN on a Cisco Switch? ########################################################## VLAN stands for virtual LAN and technically we can say, a VLAN is a broadcast do main created by switch. When managing a switch, the management domain is always VLAN 1, the default VLAN. All ports of switch are assigned to VLAN 1 by default. VLAN increase the performance of a network because it divide a network logical ly in different parts and limit the broadcasts. Any member of VLAN 2 can not talk with any member of VLAN 3 without router but a ll the members of VLAN 2 and VLAN 3 can talk with other members within their VLA Ns. This Lab will also help how VLANs can be used to separate traffic and reduce bro adcast domains. To create a VLAN, first enter global configuration mode to run the following com mands. Configuration to create VLAN 2 SwitchA(config)#configure terminal (enter in global configuration mode) SwitchA(config)#vlan 2 (defining the vlan 2) SwitchA(config)#vlan 2 name marketing (assigning the name marketing to vla n 2) SwitchA(config)#exit (exit from vlan 2) Configuration to create VLAN 3 SwitchA(config)#configure terminal (enter in global configuratio n mode) SwitchA(config)#vlan 3 (defining the vlan 3) SwitchA(config)#vlan 3 name management (assigning the name management to vl an 3) SwitchA(config)#exit (exit from vlan 3) Now assigning the ports 2 and 3 to VLAN 2, it must be done from the interface m ode. Enter the following commands to add port 2 and 3 to VLAN 2. SwitchA(config)#configure terminal (enter in glo bal configuration mode) SwitchA(config)#interface fastethernet 0/2 (select the Ether net 0 of port 2) SwitchA(config-if)#switchport access vlan 2 (allot the membersh ip of vlan 2) SwitchA(config-if)#exit ( exit from interface 2)

Now adding port 3 to VLAN 2 SwitchA(config)#interface fastethernet 0/3 net 0 of port 3) SwitchA(config-if)#switchport access vlan 2 ip of vlan 2) SwitchA(config-if)#exit exit from interface 3)

(select the Ether (allot the membersh (

Now assigning the ports 4 and 5 to VLAN 3, enter the following commands to add p ort 4 and 5 to VLAN 3. SwitchA(config)#configure terminal (enter in glo bal configuration mode) SwitchA(config)#interface fastethernet 0/4 (select the Ether net 0 of port 4) SwitchA(config-if)#switchport access vlan 3 (allot the membersh ip of vlan 3) SwitchA(config-if)#exit ( exit from interface 4) Now adding port 5 to VLAN 3 SwitchA(config)#interface fastethernet 0/5 (select the Ether net 0 of port 5) SwitchA(config-if)#switchport access vlan 3 (allot the membersh ip of vlan 3) SwitchA(config-if)#exit ( exit from interface 5) To show the VLAN interface information, run the command show vlan.

########################################## DHCP CONFIGURATION ######################################### ip dhcp pool 198.18.0.x network 198.18.0.0 255.255.255.0 default-router 198.18.0.1 dns-server 198.18.0.1 ! To configure Cisco IOS DHCP, follow these steps, whichinclude sample commands: Configure an IP address on the router's Ethernet port, and bring up the interfac e. (On an existing router, you would have already done this.) Router(config)# interface ethernet0/0 Router(config-if)#ip address 1.1.1.1 255.0.0.0 Router(config-if)# no shutdown Create a DHCP IP address pool for the IP addresses you want to use. Router(config)# ip dhcp pool mypool Specify the network and subnet for the addresses you want to use from the pool.

Router(dhcp-config)# network 1.1.1.0 /8 Specify the DNS domain name for the clients. Router(dhcp-config)#domain-name mydomain.com Specify the primary and secondary DNS servers. Router(dhcp-config)#dns-server 1.1.1.10 1.1.1.11 Specify the default router (i.e., default gateway). Router(dhcp-config)#default-router 1.1.1.1 Specify the lease duration for the addresses you're using from the pool. Router(dhcp-config)#lease 7 Exit Pool Configuration Mode. Router(dhcp-config)#exit This takes you back to the global configuration prompt. Next,exclude any address es in the pool range that you don't want to hand out. For example, let's say that you've decided that all IP addressesup to .100 will be for static IP devices such as servers and printers. All IPaddresses above .10 0 will be available in the pool for DHCP clients. Here's an example of how to exclude IP addresses .100 andbelow: Router(config)#ip dhcp excluded-address 1.1.1.0 1.1.1.100