16.4.6 Packet Tracer - Configure Secure Passwords and SSH

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi friends welcome to world in this video we are going to discuss ccna version 7 packet tracer activity configure secure passwords and ssh before coming to this activity friends if you are watching our channel first time or if you like to get this type of technical videos in future consider subscribing also don't forget to enable that bell icon new to the subscribe button for a notification and also if you like to get more technical contents or if you like to contact our team you can visit our website website link is given in our facebook page our facebook page a link i given below okay now back to our packet tracer activity here we can see our addressing table uh device interface ip address it's submitted to mask also its default gateway coming to our topology here we can see devices such as a switch sw1 router rta and our desktop pca and here is scenario the network administrator has asked you to prepare rta and sw14 deployment before they can be connected to the network security measures must be enabled here we can see the instructions in step one configure basic security on the router configure ip addressing on pca according to the addressing table yes we can do that so we will get a pcaip address this addressing table here we can see pca and its ip address we will copy this ip address and here we can see it submit to mask and it's a default gateway now we will go to pca desktop ip configuration here we will give ip address we already copied that okay then it's to mask we will edit as per our addressing table then it's a default gateway now console into our ta from the terminal on pca then configure the host name as rta coming to your topology here we can see this router rta is connected to this pca using a console cable hence we can access this rta using terminal on pca okay we will go to this pca and here we can see terminal port configuration we will leave its default and click ok press return to get started now we will configure host name enable configure terminal then we will set the host name as rta so now here we can see this router host name is rta now configure ip addressing on rta and enable the interface okay coming to our addressing table here we can see device rta for the interface gigabit the third zero snare zero we have to set this ip address okay we will copy this ip address and here we can see it's a submit to mask we will go to that interface gigabit zero slash zero then we are going to set the iep address it's here then it's subject to mask then we will give a notion command to activate this interface okay we configured ip addressing now encrypt all plain text passwords using this uh command service password encryption okay we can do that for that we have to go to global configuration mode we will exit then we will give a service password encryption press enter now set the minimum password length to 10 so security password minimum length 10. okay we can do that in global configuration mode you will give security password minimum length it's 10. next is set a strong secret password of your choosing note choose a password that you will remember or you will need to reset the activity if you are logged out of the device okay we can do that so we will enable secret we will try with the cisco and here we can see password too short must be at least 10 characters password not configured okay here are we given this uh password minimum length as a 10 so we have to uh configure accordingly we will give enable a secret password address one two three okay it's working now disable dns lookup in global configuration mode we have to give no ip domain lookup okay we can do that no ip domain lookup press enter next is set the domain name to ccna.com it's case sensitive for scoring in pt okay we can give any domain name but here for a scoring purpose we have to give uh as they specified so just we will copy this ccna.com and here we can see how we have to set it in global configuration mode we have to give ip domain name then specify the domain name okay ip domain name then we have to give domain name then press enter now create a user of your choosing with a strong encrypted password so username you have to give a username then we have to give secret then a password okay we can do that username we will give us admin then we have to give a secret we'll give password address one two three now generate one zero to four bit rsa keys in packet tracer enter the crypto key generate rsa command and press enter to continue okay we have to give this command a crypto key generate rsa then it will ask for this how many bits in the uh modulus so we have to give this a one zero two four coming to the configuration here we will give a crypto key generate rsa then press enter so now how many bits in the modulus okay it's a one zero two four now block anyone for three minutes who fails to login after four items within a two minute period so we have to give this command login block for 180 attempts 4 within 120 okay we can give in global configuration mode so it's login block for 180 atoms it's a four times okay within 120 then press enter now configure all vty lines for ssh access and use the local user profiles for authentication okay here we can see command line bty 024 that means five lines transport input ssh login local okay we can give that we will go to line vty 0 to 4 transport input ssh okay then we have to give login local now set the exit mode timeout to six minutes on the vty lines so we have to give exit timeout six okay exit timeout it's in minutes so we can give six now save the configuration to nvram okay we can do that we will press ctrl z so that we can go to privileged exec mode here we will give a copy running config startup config then press enter destination file name default file name okay press enter access the command prompt on the desktop of pca to establish and search connection to rta okay we have to give ssh space slash question mark so packet tracer pc ssh so here we can see the command how we have to give okay we will close this terminal and we will go to command prompt then we will try to access this rta using ssh so here we can give ssh question mark and here we can see the format uh how we can give this ssh so we will get our router ip address okay now here we will give ssh space hyphen yell then our username it's admin then our target ip address it's here then press enter so now it's prompted for the password we have to give our password reset password address one two three yes now we accessed our router rta using ssh on this pca now we will go to step 2 configure basic security on the switch configure a switch sw one with the corresponding security measures refer to the configuration steps on the router if you need additional assistance click on sw1 and select the cli tab configure the host name as sw1 okay sure we will quit from this rta i will try exit okay now we will close this coming to our sw1 we'll go to cli enable configure terminal host name sw1 next is configure ip addressing on sw1 vlan 1 and enable the interface so we will get ip address for the interface vlan 1 we will copy this ip address and here we can see submit to mask and its default gateway coming to sw1 we will go to the interface vlan 1 and we will set its iep address as per our addressing table then it submit to mask now we will give no shutdown command also we have to set its default gateway we will exit and we'll give ip default gateway it's 172.16.1.1 configure the default gateway address yes we've done that now disable all unused switch ports they given a node here on a switch it is a good security practice to disable unused ports okay one method of doing this is to simply shutdown each port with the shutdown command this would require accessing each port individually there is a shortcut method for making modifications to several ports at once by using the interface range command yes we will access multiple ports uh using this interface or range command and we can shut down it on sw one all ports except faster than zero slash one and gigabit ethernet zero slash one can be shut down with the following command so interface range f 0 2 till 24 then g 0 slash 2 then we have to give shadow command so that it will shut down all the interfaces except faster than 0 one and gigabit third zero slash one we will do this now we will go to interface as a range because we are going to select multiple ports interface range fast ethernet zero slash two we are going to start from two uh we no need to shut down uh faster than or zero slash one okay then hyphen till 24 then also we required a gigabit port comma gigabit ethernet we can give gi okay 0 or simply we can give g 0 slash 2 then press enter see here we selected the ports from faster than our 0 slash 2 till 24 also we selected gigabit third here we did not select uh faster than zero slash one and a gigabit zero slash two uh sorry gigabit third zero slash one now here we can see we are in this uh interface range so here we are going to give a shutdown okay the command used the port range of 2 till 24 for the faster third ports and then uh a single port range of gigabit a third zero slash two yes it's correct now encrypt all plain text passwords we will exit from here and here we will give a service password encryption next is set a strong secret password of your choosing we can do that enable secret we will give us password address one two three now disable dns lookup okay we can give that no ip domain lookup and press enter next is set the domain name to ccna.com we'll copy that it's case sensitive for a scoring in pt okay we can give that ip domain name it's here ccna.com then create a user of your choosing with a strong encrypted password okay we can set that user name admin secret we will give password at the right 1 2 3 now we have to generate a one zero two four bit rsa keys we can do that crypto key generate rsa how many bits in the modulus 1024 now configure all vty lines for ssh access and use the local user profiles for authentication also we have to set the exit mode timeout to 6 minutes to all vty lines okay we will do that we will go to line it's a vty 0 2 4 and here we will give transport input ssh also we have to give a login local also we have to set exec timeout as 6 minute now save the configuration to nbram okay we will press ctrl z copy running config startup config okay now here our completion status shows 98 percentage i think we set ssh access uh only for zero to four we will set for all vty lines okay we will try that we will give a configure a terminal we will go to line vty we will give for all the lines from 0 to 15 then we will give a transport input ssh then we will give a login local also we will give exit timeout six minutes yes now it shows completion status hundred percentage now we will try to access this sw1 uh from this pca using ssh we will get this sw one ip address coming to pca command prompt we'll use up arrow and it's ssh hyphen l admin then target 172.16.1.2 our switch vlan 1 ip address now press enter here we can see it's prompted for the password her password is password address one two three yes it's working so friends in this video we have seen a packet tracer activity configure a secure passwords and ssh now if you have any doubt any suggestions please comment below also if you like our video give a thumb and share with all your friends and don't forget to visit our website link you will get from our facebook page stay tuned and we will meet again with the next video thank you

Info

Channel: Tech Acad

Views: 44,175

Rating: undefined out of 5

Keywords: CISCO, CISCO Certification, CCNA, SSH, Packet Tracer, Networking

Id: 99GPcMISKUw

Channel Id: undefined

Length: 22min 3sec (1323 seconds)

Published: Thu Mar 19 2020