16.5.1 Packet Tracer - Secure Network Devices

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi friends welcome to all in this video we are going to discuss CCNA version 7 packet tracer activity secure networks devices before coming to this activity fronts if you are watching our channel first time or if you like to get this type of technical videos in future considered subscribing also don't forget to enable that bill icon near to the subscribe button so that you will get notification message whenever we upload a new video and also if you like to get more a technical contents or if you like to contact our team you can visit our website link you will get from our Facebook page no coming back to our packet tracer activity so we can see our addressing table with the device interface its address and mask sure is all our requirements to keep this activity brief and easy to manage some security configuration settings how not been made the other cases security best practices have not been followed in this activity we will configure a router and a switch based on a list of requirements now coming to the instructions in step 1 document the network complete the addressing table with the missing information coming to our addressing table here we can see a default gateways are not set for these devices SW - 1 PC laptop and a remote PC we have to update these devices gateway coming to our topology here we can see PC laptop and SW - one is connected to this interface there is a Gigabit Ethernet 0 / 0 / 0 in this router RT R - a hence gateway for these devices will be the IP address of this interface a gigabit the turn 0 / 0 / 0 in this our RT R - a we will update this information coming to our so here we can see the IP address of the interface editor on 0 / 0 / 0 in this lower our TR - a we will copy this IP address and we will have seen as gateway for SW - 1 then for PC and for this a laptop know we can see this a remote PC is connected to this interface gigabit the turn 0 / 0 / 1 in this outer are TR - a so obviously the default gateway for these devices will be the IP address of this interface Gigabit the turn 0 / 0 / 1 in this order are TR - a now we will go to our spreadsheet and we will copy this IP address and for Gateway of a remote PC we will have seen this IP address as gateway now we will come to step 2 router configuration requirements prevent iOS from attempting to resolve miss type 2 commands - domain names ok we can do that we will go to a router CL I press ENTER enable configure terminal sure we will give no IEP now we have to give a domain lookup yes/no IP domain lookup next is the host names that match the values in the addressing table okay in addressing table it's given our TR - a we will copy this device name we have to set the hostname it's here okay it's done no require that newly-created passwords be at least 10 characters in length that means we have to set the security passwords minimum length so here we can give that security passwords minimum length 10 next is a strong 10 character password for the console line use this password ok we will copy this password then coming to our TR - a we will go to line console 0 then we will set the password as a specified ok then press Enter now we have to give login next is ensure that console and the V device sessions close after a 7 minutes exactly ok we can do that now we are in line console here we can give the commands exicting out time out in minutes so they specified 7 time out in seconds ok we will give 0 or R we will leave as it is then we'll press ENTER now we will exit then we will go to line vty 0 to 15 all the lines then we will give x''k timeout 7 minutes next is a strong encrypted 10 character password for the privileged x ik mode for this activity it is permissible to use the same password as the console line ok here we can see our console line password we will copy it and coming to a router we will exit then we will enable a secret and here is the pathway next is a.m. or TD banner that is message of the day banner that wants about unauthorized access to the devices okay we can do that we will set the banner motd we will start with the delimiter we'll give this dollar symbol then we will give a message and authorized access is strictly prohibited then we will end up with the same delimiter okay no password encryption for all passwords okay we can do that service password encryption sorry is password - encryption then press Enter next is a username of net admin did the encrypted password log admin exclamation 9 okay we will set that we will copy this username so here we will give a username it's here then the password we will give us a secret we will copy this password okay then press Enter now enable SSH I use security calm as the domain name then use a modulus of 1 0 to 4 then the vty lines should use SSH for incoming connections ok we will do that first of all it'll give a crypto key generate RSA so please a define a domain name first exactly so we have to give that first IP domain name its security calm no we will give a crypto key generate RSA so how many bits in the modulus as persuade one zero to four now we will go to line vty I will give for all the lines from 0 to 15 okay then transport input SSH then we have to give a login local now the V TV line should use the username and password that were configured to authenticate logins yes already be given this a username and password and given this a login local so that it will use this a username and password that were configured to authenticate elegance next is impaired brute force alone in atoms by using a command that blocks the login attempts for 45 seconds if someone fails three attempts within 100 seconds we will do that we will exit from this line vty sure we will give login block for its forty five four three attempts within hundred seconds okay that's all in this router after your - a no we will come to step three switch configuration or requirements all unused switch ports are administratively down yes now we are going to configure this switch SW - one we are not going to configure this SW - - and it's already locked okay here we will verify they use the ports in this switch it's connected to gigabit the turn 0/1 this RT r - a is connected to this interface PC is connected to first a third 0 / - and there is a laptop is connected to a faster third 0/10 now we will shut down all other unused ports so coming to SW - 1 enable configure a terminal we will go to the interface as a range so we have to disable fastethernet 0/1 - is used then faster per net 0 / 3 till 9 because the 10 is used now Fast Ethernet 0 / 11 till 24 also we have to disable gigabit 1/3 + 0 / - because gigabit 1/3 0 / 1 is already used okay now we will give shadow on next is the SW - 1 default management interface should accept connections over the network use the information as shown in the dressing-table the switch should be reachable from the remote networks okay we will configure a management interface in this switch here we can see its IP address we will copy etc and here we can see it's a mask also we have to set its gateway now we will exit from these interfaces then we will go to the interface vlan1 and we will have set IP address it's here then it's mask now we will give an Asha down okay also we will have seen it's a default gateway we will exit and will give an IP default gateway it's 100 to 1 right now use this password as the password for the privileged exit mode ok we can do that we will copy this password it's enable secret and here is your password then press enter next is the configure SSH as was done for the router ok we can do that first of all we will set the IP domain name as security calm ok now we will create the crypto key generate RSA oh please define a hostname ok we have to define the hostname as SW - 1 hostname SW - 1 now we have to give a crypto key generate RSA how many bits in the models it's a 1 0 - 4 now we will go to a line vty for all the lines of 0 to 15 or even we can give us 0 to 4 also sure we will give all the lines from 0 to 15 ok here we will give transport input ssh also we will give a login local so we have to create the username and password ok we will do that later so login locally next is create a username of net admin with encrypted secret password here ok so we will copy this username we will exit and we will give a username already copy that then a secret password it's here and we will paste here then press enter now the V TV lines should only accept connections over SSH yes we given transport input SSH the V TV lines should only allow the network administrator account to access the switch management interface we given that a login local so that it will ask for this username and password but we sit now house on both the Lancer should be able to ping the switch management interface ok we will try that we will get our switch IP address then we will the ping from this PC first command prompt ping to our switch and we are waiting for the replies it's working now we will go to a remote PC command prompt we will try to ping to our a switch requests you timed out maybe one or two requests timed out come yes no it works once more we will try sure we can see is sent for or received for zero percentage lowers yes so friends in this video we discussed our packet tracer activity secure and network devices and here we can see our completion status it's hundred percentage now dear friends if you have any doubt any suggestions or regarding this the packet racer activity please comment below also if you liked our video give a thumb and share with all your friends support subscribe and stay tuned for the future videos thank you

Info

Channel: Tech Acad

Views: 39,595

Rating: undefined out of 5

Keywords: CISCO, CISCO Certification, CCNA, Network Device, Packet Tracer

Id: RpOK_HOBQmE

Channel Id: undefined

Length: 17min 44sec (1064 seconds)

Published: Mon Mar 23 2020