CCNAv7 ENSA Skills Assessment

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
cesium Everson 7 enterprise and working in security and automation the NSA skills assessment this topology you can use 4321 router for our one and another 4321 router for our two two switches 2960 1029 60s - and as well - pcs you see - a and PC - we connect gigabit zero zero zero between routers it'll be zero zero one from r12 as one for the terminal 5 on this one on our - you can eat zero zero one two facet or not five on assume for the time at 6 - PC from s1 to PC I was at about 18 from s2 to pca to PCB there are two bug interfaces while debug interface over one and another the bug interface are two a dressing-table are 1 2 gigabytes interfaces and loop back or two two gigabit interfaces a loop bug as well and that's who we belong wrong or real up to rather cisco 4221 two switches the new 962 pcs console cable settlement cables initialize reload and configure basic device settings initialize and reload routers and switches racist arab configuration and belongs from the router and switch and reload devices for example access to r1 use the console on v CA access the console on our one I'm going to pc a terminal under now enable here eyes startup - config enter enter and then reload the same process for r2 from console on PCB to console are two rather access PCB terminal gate now enable here eyes the startup - coffee sorry coffee enter enter their reloads enter access the console from PCA access the console of us one console that's SPCA close terminal open terminal again under enabled here is stop - coffee and the render delet belong database they let Vela touch that enter enter enter then reload from PCB access switch s2 that's a specific close terminal open again under enable erase start-up - Corphish under under the net space below that that enter enter enter their reloads that's it for devices come routers r1 and r2 remember r1 and r2 from BC a console of r1 close this up in the terminal okay no enable configure terminal disable DNS lookup now I be the main pick up router name first name this is her 1k sensitive the main aim is CCNA lab calm I beat my name CCNA - love.com encrypted privilege exit password enable secret Cisco and pass console access password learning console zero password cisco comm-pass login to enable the password XE set the minimum length for passwords 10 characters security pass would mean length to create an administrative user in the local database username admin password admin one pass username admin secret password min 1 plus so login commit violence you see in the local database line vty 0 to 4 or 0 to 4 or if you want 0 to 15 login local 12 to authenticate with the local user name and pass it's a bit wise to accept SSH connections only transport in with SSH encrypt clear text passwords this is some global configuration mode exit from line service password encryption - encryption configure message of the day banner by the message of the day we know to rise and ok banner space message of the day and configure interface gigabit zero zero one description I do for others activating interface you can be to zero description IP address activate the interface go to addressing table or on r1 configure this all this interface you go b200 might be a description Jacob eight gigabit zero zero zero is connected to our tool so the description can be connection to or to IP address 767 to 54.2 subnet mask 252 shutdown you give it to oh wow gigabit zero wrong is this connection to as one can be any description but I'm using this connection to as well IP address private IP 1 I 2 and 60 a 1:1 subnet mask 24 now shut down and don't forget the loopback interface interface back zero and the description for example network network time IP address that 5201 turn that 5201 Sublette mass 248 it's not necessary to apply the not shut down command bug interface click on view interface robot 0 already configurate liubot 0 generate RSA crypto key 1024 bits exit should be configured on global configuration mode crypto key generates a module use 1034 ok this will work real device on Pocket razor only use crypto key generate parasite module is 1024 hello very good now don't forget to make the same configurations but for our - ok all this connect from PC we connect the console of our to close this open again in the terminal and there no enable confusion terminal now no I be the main lookup first name or - I beat the main name CCNA - lab comm enable secret since got em pass line console 0 password Cisco comp us login exit security pass words mean the same username admin secret password me one pass line vty 0 to 15 under logging local transport the input as a sage exit surveys password - encryption banner space message of the day to rise absence continue with this go to a dressing table this interface your 0 0 description you got it 0 0 0 is the connection to r1 connect connection to IP address 1067 250 4.4 to blood mass 252 and no shutdown gigabit 0 0 1 description connection to as to the another side IBM's the 67 1 1 285 285 285 0 now shut down you bug little bug interface look bad 0 description this can be networked to um my IP address 265 to 1.1 so net mass 224 very good and on our - didn't write RSA crypto key exit trip the key generate or say modulus 1024 okay the tracer does not support this comment on the only supported real devices only use this on pocket whistle heresay enter module is 1010 enter very good now configure s1 and s2 connect the console of pca to console of as well close this open again ok ok enter in naval configure terminal disable dns lookup no I beat the main lookup switch name last name as one the main name CCNA - lab calm IP domain name CCNA - laughs calm encrypted privilege except password Cisco and pass neighbourhood secret Cisco and pass console access password Cisco compass line console 0 Cisco comm-pass logging don't forget that exit shut down all and use it interfaces verify what interfaces are used 5 & 6 long as one interface wrench for settlement from 1 to 4 comma 0 7 to 24 gigabit WAN 0 1 and 0 to shut down very good create administrative user in local database username admin password admin Wampus on global configuration mode exit from interface username admin secret password admin one pass set login to vty lines on the local database line with device hero 250 login local between lines except SSH connections only transport him to SSH encrypted the clear text passwords exit surveys password - encryption configure message of the day banner banner message of the day well now is it's in the right RSA crypto key 1024 bits character cage and say mod 1,024 this is not supported on Pocket racer only on real devices so a pocket racer used this crypto key generate RSA and their model is 1024 configure management interface SPI switch builder interface for villain wanna set the IP others think that the fall gateway go to a dressing table and configure this dislike interface vlan1 description Manish man under IP address when I to 160 160 a 1.2 so now about 24 not shut down that's it IP in default gateway 182 and 60 a 1-1 very good sign configurations for us to connect from PCB to console of us to close this open again the terminal under enable configure terminal no I be the main lookup first name as to IP the main name CCNA - no comm enabled see secret Cisco and pass line console 0 password Cisco calm us logging don't forget that galaxy ok shut down all induce it interfaces verify what interfaces are in use 5 and 18 five and eighty interface range for certain one to four comma four Saturn add 6 to 17 comma for the 19 to 24 comma t ee 0 1 and 0 2 ok 1 2 4 5 in use 6 and 17 18 use 19 to 24 Giga bit 0 warrant under shutdown very good you exit from interface global configuration mode user name secret password and in one pass in line vty 0 to 15 logging local transport in boot SSH exit service password - encryption banner space message of the day on which arise is enter character key gem yet right I say motive news on 2024 okay use only RSA 1,024 go to dressing-table and configure this line interface vlan1 the scripture management IP address 67 1.2 to let mass 24 not shutdown exit I beat the file to get way turns 67 1 1 very good configure single layer OSPF - ok on r1 r2 so from pca access consolable r1 close terminal open again ok enter password cisco comm-pass naval cisco and pass computer me on the on r1 SPF process 1 SPF under configure router ID is here as heroes hero one for r1 there - ID 0 0 0 1 network statements configure a net worth statement for each luckily attached' network using our white card mask that matches each networks subnet mask ok and show that directly when I did that was to show IP route connected now you can see your three directly connected networks two gigabit interfaces and look back notify our network 52 to zero the wild card 429 is seven place on area zero because it says single area and when you configure single area to configure area zero network 67 254 and the white car for field E is three okay this is the network between r1 and r2 idea zero enter in that work when I to and sixty a one zero while car 424 is 255 areas here very good same configuration on our to the same process going to console pc be closed terminal open again okay enter cisco comm-pass enabled cisco and pass compute terminal rather OSPF one router - ID 0 0 0 - 4 hour to show the directly connected networks do show IP route connected look at this art to look back 0 network should not be included into the Oh SPF process okay look bug zero to subnet should not be included so only notify these two okay that's why look back zero ohm r2 is simulating internet will not be included on OSPF okay notify these two networks network sixty seven one zero well car 424 is this zero then the another network 1067 250 for the Welker for few ds3 LSU you and you will see it a night over at the SNC this is the rather idea of our one and now is the OSPF night world very good optimizing the idea or SPF brush onto our one go to our one on pc i enter configure passive interfaces configure all interfaces that are not directly connected to an OS PF knife or to be perceived okay verify you are rather configuration mode when you enter this command rather or SPF you enter to rather configuration mode sip - interface on r1 this should be gigabit zero zero one should be passive in the face because it does not harm our router is an iPhone ok gigabit zero zero one thing also the loopback interface is passive look back zero very good configure the refers bad wide adjust the reference but why - one gigabit auto - cause reference band white 1000 megabits that is equal to 1 gigabit ok enter okay is auto cost okay very good Oh - cause reference but why 1000 megabits that is equal to 1 gigabit leash and Shura France bad way is consistent across all routers okay later you will configure these two are one configured luboc zero a spite the point network for OSPF configurable 0 to report the mask it is configured with instead of a horse mask okay exit from router configuration mode enter to interface blue bug 0 IP ospf network point to point and case OSPF OSPF very good exit from beginner face now timers for your network coffee or the hello time for 50 seconds ok it's not necessary to apply hello timer all interfaces home r1 only necessary on gigabit 0 0 0 because this interface has router as OSPF Nyholm so coffee you're only on gigabit 0 0 0 only here is necessary ok interface gigabit 0 0 0 IP ospf hello - interval 30 seconds enter now configure our to PCB passive interfaces ok verify you are router configuration mode if not enter with router OSPF one sip - interface is gigabit zero zero one because on this side does not have rather a sniper and loopback zero okay sorry enter router configuration mode passive interface gigabit zero zero one okay this interface gigabit zero zero one and loop back zero very good configure reference band wide one gigabit router - cause reference - band wide 1000 megabits quanta very good don't worry about this message provide the full routing for the OSPF domain configure static default route with blue box zero as the exit interface then share the default information with other OSPF speakers shirts configure a static default route with loop at zero as the exit interface exit from router configuration mode exit on global configuration mode IP route they found route what zero loopback zero is the exit interface no bugs here oh don't worry about this message now share the default information with other OSPF speakers enter to process rather or SPF process 1 the found information space originated under very good timers for your network hello time for 30 seconds exit from router configuration mode only configure on r2 on gigabit zero zero zero because it has OSPF neighbor it has a rather as an iPhone ok only necessary and gigabit zero zero zero interface gigabit 0 0 0 IP ospf hello - interval 30 enter the designated router and bukka backup designated router election to favor are to set the OSPF priority for our - - value of 50 ok also on this interface you have it 0 0 that is connected to another OSPF router enter on the same interface interface ago--but 0 0 on interface configuration mode IP ospf priority 50 very good then accident configure access control not that were a loose translation and perform configuration backup configure host computers PCI VCB IP before addresses okay for PC I use this IP subnet mask and default gateway PC a close the terminal IP configuration when ID 160 a 1.50 24 when 82 and 60 a 1.1 PCB for pc IP subnet mask and default gateway turn 67 152 blood mass 24 the for graduate turn 67 1 1 they close this after configuring each host computer perform the following test from pc a target destination PCB pink should be success from pca go to command prompt pink IP address of PCB 1067 150 turn 67 150 better success from pca access the HTTP secure to of 9 165 to of 1:1 using a web browser protocol HTTP but what IP addresses is to apply was justified to a 1 1 is this the loop box hero interface of our to the loop of 0 interface on our - okay so the source is PCI and the destination is luboc 0 or R 2 but using HTTP ok and go to PCA and close command prompt open web browser HTTP colon slash slash don't forget as for security 209 165 201 1k go server receipt connection Papa tracer does not support the web server on browsers neither on switches so that's why it says server receipt connection but that means that is trying to connect with HTTPS and it's working very well on a real device on a real app this will show the web page of the web server on r2 but if this message is request timeout you are not configuring very well the previous steps but several receipt connection is a good message for packet tracer and consider these success ok from PCA now to the same address access with SSH protocol close web browser command prompt there are two methods to access SH I will use the first as a search option l remember the username configured on the device previously or r1 and r2 the username is admin and password admin one pass and remember that the username is happening and the IP address or my 165 - of 1:1 these IP others enter password admin Wampus very good that's it close this the another way to access and society is using this client ssh client protocol as a sage IP address to a gua once 165 sorry to open I 165 - of 1 and 1 username admin Connect password admin one pass very good taxi ok anyway and you can paint the this IP address to only 165 to on 1 1 okay just finish after success is an additional test and now from vcv access ssh to look back zero on our to blue bar zero on our - from PCB from PCB command prompt as a sage of chanel admin and the IP address to open I was 65 201 one password admin one pass very good exit if the that IP address is an additional test success and also from PCP you can pinch PCI IP address when I to a CCA 1.50 being 102 and 68 1.50 success very good if you get different results should be shoot your OSPF and host configurations if you are enabled to access to a 9 1 6 if I drop one 1 BR HTTP and their IP HTTP secure server are to command-line interface okay this okay for example from PCB go to terminal of r2 on terminal okay under Cisco comm-pass enabled Cisco and pass are to global configuration mode configure terminal and try to enter this command IP HTTP secure - server and it's not supported by pocket riser this is very good entry bit it's not supported but by packet tracer so that's why I'm saying that the web server or r2 will not work on packet tracer configure access control on our to create an apply an access control list or are to name it are true - security can sensitive create an access control list to configure on our to access PCB to the console okay this access list has a source and destination and obviously a a protocol TCP protocol so that's why it's extended not standard and create an extended access list or not to IP access please extend and the name case assitive are are to say qee enter only hosts for 1000 network allow it to reach the webserver 209 165 to a11 the destination is the server or r2 on new box only permit Hassan Tang Network when sighs host is trying to say host like for example PCB hosts and devices like PCB and you can configure this like only host from PCB network are allowed to reach the web server so when I was 65 to a11 okay only a yahoo hosts from this network the network of PCB this network the network a subnet of gigabit zero zero one or not - okay and you only permit this and deny or any other any other source okay and permit this deny this and deny any other networks okay I'm not to configure the following then I the protocol is TCP the source and the source and the destination is a hospital the destination host is 265 201 1 and is equal to the web port is 80 with 80 is a non secure port ok only use HTTPS for security and use the port for HTTP 443 and very good the sauce is any because I will apply the access list on gigabit zero-zero-zero to deny all traffic originating from this section that's why I'm using the deny and that's why I'm using any source because I will place gigabit zero zero zero honor to incoming traffic deny all this control ssh traffic ssh is not allow it to the others to apply 165 201 1 okay the night tcp here is not specifying the source so it's any any souls not a yah width to the host the same host to apply 165 to of 1 1 use import of SSH or 22 enter permit traffic or other traffic regardless of protocol is allowed per made IP from any to any all protocols when you use the IP key word enter filter applied access list fit the traffic originating from r1 okay that's why I'm using the I will place the access list on gigabit 0 0 0 1 or 2 because the filter should be originating from our 1 if is originating from r1 the accessories should be applied on GW 0 0 / - okay exit from access list interface gigabit 0 0 0 IP access group the name of the access list case a city r2 security and if this is the souls look box here is the destination incoming traffic to gigabit zero zero incoming incoming traffic better okay now after configuring and applying the access list perform the following tests from BCA PCB pink success okay access PC I come abroad pink PCB the IP address of PCB is 1017 150 go to PC a pink - 1017 150 success PC a HTTP as to the box luboc zero on our to 209 165 201 one HTTP protocol should fail expect expected result failure should fight from PC a web browser HTTP colon slash slash 202 m9 165 201 1 okay HTTP no D HTTP colon slash last when I was 6 if I to a 1-1 go may take Hawaii should fail request timeout that means you are not being able to access I am very good PCI SSH to the same destination and should failure and should fail come on prom okay as a sage add me into an Iowa City Phi 2 R 1 1 enter he's trying to connect connection timeout remote house not responding okay very good failure expect the result failure very good and from PCB will be able to access with ssh PCB as a sage option I'll admit when I was six if I to enter password admin one pass very good had to exit and it's an additional tests from PCB tried to access the web browser loop bugs here interface home are to using HTTP HTTP colon slash slash HTTP colon slash slash to arrive at 65 to of one one go server receipt connection that means isn't working very well okay packet tracer does not support the server room are true but this message says that you are connecting you are connecting very well configure nuts the decision has been made that the entire organization should be using addresses in the 10000 a network space our one slang is out of compliance there are applications and services running in the r-1 LAN that cannot have the IP address changing without the entire system being rebuilt so not is in order here are the configuration tasks at r1 ok on our one PC a close command prompt open terminal okay enter Cisco called pass the neighbors Cisco and pass configure turbulent on r1 remove one I to 160 a10 24 from OSPF remove the appropriate network state man at our one okay exit from global configuration mode shall run in coffee on router OSPF process one you configured this network when 81 68 1 0 24 remove this configure terminal rather SPF process 1 know that go an 81 68 1 0 24 wild card is this area's you enter now create an access list to identify house allow it to be translated create an access list that matches the 181 CCA wants your network okay exit from router configuration mode on global context on global configuration mode to write an access list okay you can use our standard access list or extended access list any of any of dogs will work very well but I will use the standard access list for simplicity this for example number 1 permit permit the accessory is 1 8 the network 182 and 68 1 0 but use white cards don't forget that 24 uses this wildcard enter very good configure port address translation report others translation means to use overloads because it's not network address translation is port others translation so you will just overload configure not association between uncertainties and the interface gigabit zero zero zero okay outside interface of our one the outside interface on our one for the this network for the network of PCI is Gigabit Co Co Co Co okay this is the network when I to and sixty a10 24 for this network the exit interface is gigabit co-co-co and not will be configured here not here on this interface okay great and I pin up inside souls list the list is the list number one and associated with the interface the exit interface gigabit zero zero zero zero zero zero but remember for port address translation port address translation juices juice overloads don't forget that all where loads enter very good identified interfaces involvement in not specify inside or outside on the appropriate interfaces okay like I side here gigabit zero zero zero is the outside interface in the value got zero zero zero I beam up outside and you have eight zero zero one the inside interface because you will translate this network interface you go with zero zero I've been inside okay do not configure loopback is not included and not ok you can make a test for example from PCIe pinch the PCB close the console or one command prompt remember the IP others of PCB is 10 767 150 ok this IP 1067 dot one dot 50 enter success go to PC I go to PC I close this terminal access the console on r1 and show IP nut translations you will see the nut the inside locale the IP address of PC i1 i2 168 150 the inside global the IP address of interface gigabit gigabit 0 0 0 Omar 1 is this IP address when you configure the nuts this is the port and the outside global on both cases outside local and outside global the destination IP IP address of PCB okay also from PCI pink loopback zero or more to this from PCI pink to debug zero over to to an Iowa City Phi 2 upon one success and uncommon prompt console of our one on terminal repeat show a peanut translations inside local IP address of PCA inside global IP others of gigabit 0 0 over 1 and outside local and outside global the IP address our blue box here on are two very good and finally using the TFTP server on PCB back up the running configuration of all of your devices to PCB using the TFTP protocol ok enable the the TFTP server or PCB ok but use a server like this server connect this to the new PCB that will be the server ok this should be a PCB - be - configure the IP address the same value for PCB duck stop signal mast 24 255 255 255 0 forget wait 767 one one very good okay remember server is connected to fathom at 18 on s to switch back up the running configuration of all of your devices okay for example from our one privileged access mode copy from running configuration from running config to TFTP server enter address of the remote host the IP address of the remote host that the ftp server is this then 67 150 1067 150 enter destination file you can use this r1 config by default entered and very good now from as one consult from PCIe close this open terminal enter seized Cisco comm-pass enabled Cisco m+ copy running-config to TFTP okay 10 667 1 567 150 enter use this name by default enter ok wait a moment ok here or try again should speak to the server the 67 150 okay success and then copy running-config to the FTP 1067 150 use this name enter okay this transfer using TFTP protocol is failing from switch to the TFTP server pocket racer is failing with real lab will work very well because if you are able to ping the the server from from s 1 also you will be able to transfer files using TFTP but pocket racer is not supporting that ok so I think the nut configurate on Pocket racer here is not permitting the pass of s 1 using the FTP protocol on a real network using real devices will work very well with the pocket racer the nut is permitting us as one to PCB server specifically FTP server but it's not permitted to pass from PCB server 2 as well but on real devices will work very well ok now go to r2 terminal come on the consult from our to Cisco comm-pass enabled Cisco and pass copy returning coffee to the FTP server 67 150 the whole name enter very good ok go to console of s2 ECB close this open again under Cisco Cisco come us ok Cisco comp us enabled Cisco and pass copy Ronnie coffee to TFTP server 67 150 use this name by default other very good now on the server review services TFTP you will see that running configurations of your devices also here should be included as one coffee thank you very much you
Info
Channel: Christian Augusto Romero Goyzueta
Views: 14,661
Rating: undefined out of 5
Keywords: ensa, enterprise networking, security, automation, ccna, version 7, ccna 7, ssh, https, access list, acl, ospf, ospfv2, single area ospf, nat, pat
Id: jXJqcGygI-Q
Channel Id: undefined
Length: 70min 35sec (4235 seconds)
Published: Sat Apr 04 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.