33% found this document useful (3 votes)

1K views

Chapter 11 - Comprehensive Lab - txt-1

The document contains configurations for several network devices, including routers R1, R2 and R3, switches S1 and S2, and a Cisco ASA firewall. Key configurations include interface IP addresses, routing, NTP, SSH, AAA, and VPN settings on the routers. Switch port security and VLAN configurations are shown for S1. The ASA is configured with interfaces for inside, outside and DMZ networks, and HTTP management access is enabled on the inside interface.

Uploaded by

Arwin Ilagan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

33% found this document useful (3 votes)

1K views

Chapter 11 - Comprehensive Lab - txt-1

Uploaded by

Arwin Ilagan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 7

=========================================================

======================
R1

#no ip domain-lookup

#int g0/0
#ip add 209.165.200.225 255.255.255.248
#no shut

#int s0/0/0
#ip add 10.1.1.1 255.255.255.252
#clock rate 128000
#no shut

#int lo1
#ip add 172.20.1.1 255.255.255.0

#ip route 0.0.0.0 0.0.0.0 10.1.1.2

#security passwords min-length 10

#service password-encryption
#banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED
AND PROSECUTED TO THE FULL EXTENT OF THE LAW!$
#enable algorithm-type scrypt secret cisco12345

#username Admin01 privilege 15 secret Admin01pa55

#line con 0
#privilege 15
#exec-timeout 15 0
#logging synchronous
#login
#exi

#line vty 0 4
#privilege 15
#exec-timeout 15 0
#logging synchronous
#transport input ssh
#login
#exi

#aaa new-model
#aaa authentication login default local

#login on-success log

#login on-failure log every 2
#exi

#ip http server

#ip http authentication local

#ip domain-name ccnasecurity.com

#crypto key generate rsa general-keys modulus 1024

#ip ssh version 2

#ip ssh time-out 90
#ip ssh authentication-retries 2

#login block-for 60 attempts 2 within 30

#login on-failure log every 2

#secure boot-image
#secure boot-config

#copy running-config startup-config

#no secure boot-image

#no secure boot-config

#ntp authenticate
#ntp authentication-key 1 md5 NTPpassword
#ntp trusted-key 1
#ntp server 10.1.1.2
#ntp update-calendar
#do show ntp associations
#do show ntp status

#copy running-config startup-config

=========================================================
======================
R2

#no ip domain-lookup

#int s0/0/0
#ip add 10.1.1.2 255.255.255.252
#no shut

#int s0/0/1
#ip add 10.2.2.2 255.255.255.252
#clock rate 128000
#no shut

#ip route 209.165.200.224 255.255.255.248 10.1.1.1

#ip route 172.16.3.0 255.255.255.0 10.2.2.1

#show clock
#clock set 19:30:00 Jan 26 2017
#show clock

#ntp authenticate
#ntp authentication-key 1 md5 NTPpassword
#ntp trusted-key 1
#ntp master 3

#copy running-config startup-config

=========================================================
======================
R3

#no ip domain-lookup

#int g0/1
#ip add 172.16.3.1 255.255.255.0
#no shut

#int s0/0/1
#ip add 10.2.2.1 255.255.255.252
#no shut

#ip route 0.0.0.0 0.0.0.0 10.2.2.2

#security passwords min-length 10

#service password-encryption
#banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED
AND PROSECUTED TO THE FULL EXTENT OF THE LAW!$
#enable algorithm-type scrypt secret cisco12345

#username Admin01 privilege 15 secret Admin01pa55

#line con 0
#privilege 15
#exec-timeout 15 0
#logging synchronous
#login
#exi

#line vty 0 4
#privilege 15
#exec-timeout 15 0
#logging synchronous
#transport input ssh
#login
#exi

#aaa new-model
#aaa authentication login default local

#login on-success log

#login on-failure log every 2
#exi

#ip http server

#ip http authentication local

#ip domain-name ccnasecurity.com

#crypto key generate rsa general-keys modulus 1024

#ip ssh version 2

#ip ssh time-out 90
#ip ssh authentication-retries 2

#ntp authenticate
#ntp authentication-key 1 md5 NTPpassword
#ntp trusted-key 1
#ntp server 10.2.2.1
#ntp update-calendar
#do show ntp associations
#do show ntp status

#service timestamps log datetime msec

#logging 172.16.3.3

#logging trap 4
#show logging

#zone security INSIDE

#zone security OUTSIDE

#class-map type inspect match-any INSIDE_PROTOCOLS

#match protocol tcp
#match protocol udp
#match protocol icmp

#policy-map type inspect INSIDE_TO_OUTSIDE

#class type inspect INSIDE_PROTOCOLS
#inspect

#zone-pair security INSIDE_TO_OUTSIDE source INSIDE

destination OUTSIDE

#zone-pair security INSIDE_TO_PROTOCOLS

#service-policy type inspect INSIDE_TO_OUTSIDE

#int g0/1
#zone-member security INSIDE

#int s0/0/1
#zone-member security OUTSIDE

#do show zone-pair security

#do show policy-map type inspect zone-pair
#do show zone security

#crypto isakmp enable

#crypto isakmp policy 1
#authentication pre-share
#encryption 3des
#hash sha
#group 2
#end

#crypto isakmp Site2SiteKEY1 address 209.165.200.226

#do show crypto isakmp policy

#crypto ipsec transform-set TRNSFRM-SET esp-aes (256)

esp-sha-hmac

#ip access-list extended 101

#permit ip 172.16.3.0 0.0.0.255 192.168.1.0 0.0.0.255
#exi

#crypto map CMAP 1

#match address 101
#set peer 209.165.200.226
#set transform-set TRNSFRM-SET

#int s0/0/1
#crypto map CMAP
#end

#do show crypto map

#do show crypto ipsec sa

#copy running-config startup-config

=========================================================
======================
S1

#no ip domain-lookup

#int vlan1
#ip add 192.168.2.11 255.255.255.0
#ip default-gateway 192.168.2.1
#no shut

#no ip http server

#no ip http secure-server

#enable algorithm-type scrypt secret cisco12345

#banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED$

#ip domain-name ccnasecurity.com

#username Admin01 privilege 15 secret Admin01pa55

#crypto key generate rsa general-keys modulus 1024

#ip ssh version 2

#ip ssh time-out 90
#ip ssh authentication-retries 2

#line con 0
#privilege 15
#exec-timeout 5 0
#logging synchronous
#login
#exi

#line vty 0 4
#privilege 15
#exec-timeout 5 0
#logging synchronous
#transport input ssh
#login
#exi

#int f0/6
#switchport mode access
#switchport nonegotiate
#switchport port-security
#switchport port-security maximum 1
#switchport port-security mac-address sticky
#switchport port-security violation shutdown
#spanning-tree portfast
#spanning-tree portfast bpduguard default
#int range f0/1-5
#shut
#spanning-tree loopguard
#int range f0/7-23
#shut
#spanning-tree loopguard

#copy running-config startup-config

=========================================================
======================
S2

#no ip domain-lookup

#int vlan1
#ip add 192.168.1.11 255.255.255.0
#ip default-gateway 192.168.1.1
#no shut

#copy running-config startup-config

=========================================================
======================
S3

#no ip domain-lookup

#int vlan1
#ip add 172.16.1.11 255.255.255.0
#ip default-gateway 172.30.3.1
#no shut

#copy running-config startup-config

=========================================================
======================
ASA

#write erase
#reload

#int vlan1
#nameif inside
#ip address 192.168.1.1 255.255.255.0
#security-level 100
#no shut

#int vlan2
#nameif outside
#ip address 209.165.200.226 255.255.255.248
#security-level 0
#no shut

#int vlan3
#nameif dmz
#ip address 192.168.2.1 255.255.255.0
#security-level 70
#no shut

#int e0/0
#switchport access vlan 2
#no shut

#int e0/1
#switchport access vlan 1
#no shut

#int e0/2
#switchport access vlan 3
#no shut

#do sh int ip br
#do sh ip add
#do sh switch vlan

#http server enable

#http 192.168.1.0 255.255.255.0

=========================================================
============================

100-490 V12.35
No ratings yet
100-490 V12.35
14 pages
H12 811 ENU V12.35 DataComs
No ratings yet
H12 811 ENU V12.35 DataComs
116 pages
11.3.1.2 CCNAS Configs
100% (3)
11.3.1.2 CCNAS Configs
7 pages
Ccna Brush Up Notes
100% (6)
Ccna Brush Up Notes
215 pages
Ccna Voice Interview Questions
No ratings yet
Ccna Voice Interview Questions
10 pages
Teldat Infointernet Modelo + DHCP + NAT + WIFI
No ratings yet
Teldat Infointernet Modelo + DHCP + NAT + WIFI
9 pages
SIte To Site IPSEC VPN With ASA 5505
No ratings yet
SIte To Site IPSEC VPN With ASA 5505
4 pages
8.4.1.2 Packet Tracer - Configure and Verify A Site-To-Site IPsec VPN Using CLI
No ratings yet
8.4.1.2 Packet Tracer - Configure and Verify A Site-To-Site IPsec VPN Using CLI
5 pages
PaloAlto - CustomAppSignatures
100% (1)
PaloAlto - CustomAppSignatures
13 pages
Ccna 2 Commands
No ratings yet
Ccna 2 Commands
4 pages
Ccnpv6 Route Lab4-2
No ratings yet
Ccnpv6 Route Lab4-2
21 pages
CCNP Route Sba Notes
100% (1)
CCNP Route Sba Notes
3 pages
Lab Report Ipsec
No ratings yet
Lab Report Ipsec
11 pages
Firewall Types
No ratings yet
Firewall Types
26 pages
6.3.6 Lab - Basic Device Configuration and OSPF Authentication
No ratings yet
6.3.6 Lab - Basic Device Configuration and OSPF Authentication
7 pages
4.4.1.2 Lab - Configuring Zone-Based Policy Firewalls
No ratings yet
4.4.1.2 Lab - Configuring Zone-Based Policy Firewalls
13 pages
DC1
No ratings yet
DC1
4 pages
Cisco Operazioni Di Base
No ratings yet
Cisco Operazioni Di Base
2 pages
Routers: Modular Fixed
No ratings yet
Routers: Modular Fixed
17 pages
S1 OpenLab Ver16062013
100% (1)
S1 OpenLab Ver16062013
2 pages
Lab 5.5.1: Basic Spanning Tree Protocol: Topology Diagram
No ratings yet
Lab 5.5.1: Basic Spanning Tree Protocol: Topology Diagram
10 pages
Cisco Lab :building A Simple Network With Answers
50% (2)
Cisco Lab :building A Simple Network With Answers
14 pages
Configure EIGRP and Verify Path Control Using Policy Based Routing PBR
No ratings yet
Configure EIGRP and Verify Path Control Using Policy Based Routing PBR
8 pages
11.6.2 Lab - Switch Security Configuration - ILM
No ratings yet
11.6.2 Lab - Switch Security Configuration - ILM
19 pages
PASSLEADER BY aNTON DUMP CCNA SEC
No ratings yet
PASSLEADER BY aNTON DUMP CCNA SEC
36 pages
Test CCNA
No ratings yet
Test CCNA
8 pages
ASA 5506 10-3-1-2 Lab D - Configure AnyConnect Remote Access SSL VPN Using ASDM
100% (1)
ASA 5506 10-3-1-2 Lab D - Configure AnyConnect Remote Access SSL VPN Using ASDM
31 pages
Ccna Security Sba
No ratings yet
Ccna Security Sba
16 pages
4.13 - Lab - Manual - 13 - CN - CISCO IOS Backup and Recovery Using Packet Tracer
No ratings yet
4.13 - Lab - Manual - 13 - CN - CISCO IOS Backup and Recovery Using Packet Tracer
5 pages
BGP Confederation and Communities Labb
100% (1)
BGP Confederation and Communities Labb
11 pages
10.4.4 Lab - Build A Switch and Router Network
No ratings yet
10.4.4 Lab - Build A Switch and Router Network
13 pages
Mapjncis SP
No ratings yet
Mapjncis SP
1 page
Jncia Lab Guide
No ratings yet
Jncia Lab Guide
18 pages
8.4.1.3 Lab - Configure Site-To-Site VPN Using CLI - Instructor
100% (1)
8.4.1.3 Lab - Configure Site-To-Site VPN Using CLI - Instructor
16 pages
Which Two Capabilities Are Supported With The CSRX Firewall? (Choose Two)
100% (2)
Which Two Capabilities Are Supported With The CSRX Firewall? (Choose Two)
65 pages
3.4.2.6 Lab - Configuring A Point-To-Point GRE VPN Tunnel
100% (1)
3.4.2.6 Lab - Configuring A Point-To-Point GRE VPN Tunnel
7 pages
Lab 1: Basic Cisco Device Configuration: Topology Diagram
No ratings yet
Lab 1: Basic Cisco Device Configuration: Topology Diagram
16 pages
CCNA2 Lab Inst 3 1 4 en
No ratings yet
CCNA2 Lab Inst 3 1 4 en
8 pages
Nip Ichk
No ratings yet
Nip Ichk
37 pages
3.6.1.1 Lab - Securing Administrative Access Using AAA and RADIUS PDF
100% (1)
3.6.1.1 Lab - Securing Administrative Access Using AAA and RADIUS PDF
20 pages
26.1.4 Lab - Configure Local and Server-Based AAA Authentication
No ratings yet
26.1.4 Lab - Configure Local and Server-Based AAA Authentication
12 pages
2 5 3
No ratings yet
2 5 3
13 pages
CiscoKits CCNA Self Lab
No ratings yet
CiscoKits CCNA Self Lab
2 pages
CCNP3V30 Lab Correction
No ratings yet
CCNP3V30 Lab Correction
16 pages
Access - List
No ratings yet
Access - List
43 pages
1.3.1.1 Layered Network Design Simulation Instructions - IG PDF
100% (4)
1.3.1.1 Layered Network Design Simulation Instructions - IG PDF
5 pages
8.1.5.5 Lab Configuring Advanced EIGRP For IPv4 Features
No ratings yet
8.1.5.5 Lab Configuring Advanced EIGRP For IPv4 Features
11 pages
Infusion Zebos Advanced Routing Suite: June, 2003
No ratings yet
Infusion Zebos Advanced Routing Suite: June, 2003
118 pages
Bangkokbank srx345 Cluster
No ratings yet
Bangkokbank srx345 Cluster
194 pages
Teldat M1CDU
No ratings yet
Teldat M1CDU
6 pages
Hands On Skills Assessment Script
No ratings yet
Hands On Skills Assessment Script
6 pages
CCNA (1)
No ratings yet
CCNA (1)
5 pages
Konfiguracija Cisco Rutera
No ratings yet
Konfiguracija Cisco Rutera
5 pages
2.6.1.2 Lab
No ratings yet
2.6.1.2 Lab
15 pages
Configuring CBAC and Zone-Base Firewalls
No ratings yet
Configuring CBAC and Zone-Base Firewalls
33 pages
Core Router - Branch Configs
No ratings yet
Core Router - Branch Configs
12 pages
Eveng Dockers Ip File 280523
No ratings yet
Eveng Dockers Ip File 280523
7 pages
ExamenJerson y Josue CCNA3
No ratings yet
ExamenJerson y Josue CCNA3
34 pages
RSE Practice Skills Assessment Part 1 - PT
No ratings yet
RSE Practice Skills Assessment Part 1 - PT
5 pages
04.01.2021 - Script Laboratório
No ratings yet
04.01.2021 - Script Laboratório
6 pages
R3 Startup-Config
No ratings yet
R3 Startup-Config
3 pages
Examenfinal
No ratings yet
Examenfinal
15 pages
TP 1
No ratings yet
TP 1
3 pages
Ethernet: Network Fundamentals - Chapter 9
No ratings yet
Ethernet: Network Fundamentals - Chapter 9
27 pages
PPA TRAINING v1.2
No ratings yet
PPA TRAINING v1.2
67 pages
D-Link DPN-6040 Series Datasheet
No ratings yet
D-Link DPN-6040 Series Datasheet
5 pages
NN46205-701 03.01 Logs-Reference PDF
No ratings yet
NN46205-701 03.01 Logs-Reference PDF
2,302 pages
Why Can't I Browse The Internet When Using A GRE Tunnel
No ratings yet
Why Can't I Browse The Internet When Using A GRE Tunnel
4 pages
UNV NSW2010 Series Ethernet Switches V1.01
No ratings yet
UNV NSW2010 Series Ethernet Switches V1.01
3 pages
VSS Migration Overall
No ratings yet
VSS Migration Overall
8 pages
Seeren Cos Junos Module1
No ratings yet
Seeren Cos Junos Module1
75 pages
Configuring A LAN With DHCP and VLANs (Support) - Cisco Systems
No ratings yet
Configuring A LAN With DHCP and VLANs (Support) - Cisco Systems
8 pages
331 - Analyzing Address Resolution
No ratings yet
331 - Analyzing Address Resolution
9 pages
Technical Note: Gofree Wifi-1 Web Interface Settings
No ratings yet
Technical Note: Gofree Wifi-1 Web Interface Settings
14 pages
Datasheet of DS 7616NI M2 - V4.63.010 - 20230805
No ratings yet
Datasheet of DS 7616NI M2 - V4.63.010 - 20230805
5 pages
Api Conversion Guide
No ratings yet
Api Conversion Guide
29 pages
OptiX OSN 3500 V200R015C20 Quick Guide
100% (1)
OptiX OSN 3500 V200R015C20 Quick Guide
502 pages
IEEE 802.11 Architecture: Protocol - HTML
No ratings yet
IEEE 802.11 Architecture: Protocol - HTML
8 pages
SRWE - Module - 11-Switch Security Configuration-Modified
100% (1)
SRWE - Module - 11-Switch Security Configuration-Modified
45 pages
KB 0209 00 en Adresses and Ports Used by Talk2m
No ratings yet
KB 0209 00 en Adresses and Ports Used by Talk2m
12 pages
Ping Pong Client and Server Application in TCP
No ratings yet
Ping Pong Client and Server Application in TCP
8 pages
TBH042D
0% (1)
TBH042D
14 pages
WORKING Torrent Tracker List JULY 2018
No ratings yet
WORKING Torrent Tracker List JULY 2018
5 pages
Ghostlight Script
No ratings yet
Ghostlight Script
61 pages
AT&T Bell Laboratories.: Icmp Icmp TCP UDP
No ratings yet
AT&T Bell Laboratories.: Icmp Icmp TCP UDP
8 pages
COMPUTER NETWORKS OSI MODEL MCQs
No ratings yet
COMPUTER NETWORKS OSI MODEL MCQs
52 pages
This Chapter Describes The Cisco NX-OS Interfaces Commands
No ratings yet
This Chapter Describes The Cisco NX-OS Interfaces Commands
308 pages
Dell EMCNetworking MX9116 N Spec Sheet
No ratings yet
Dell EMCNetworking MX9116 N Spec Sheet
4 pages
Data Communication and Networks
No ratings yet
Data Communication and Networks
17 pages
Chapter 5 Exam
100% (1)
Chapter 5 Exam
10 pages

Chapter 11 - Comprehensive Lab - txt-1

Uploaded by

Chapter 11 - Comprehensive Lab - txt-1

Uploaded by

=========================================================

#ip route 0.0.0.0 0.0.0.0 10.1.1.2

#security passwords min-length 10

#username Admin01 privilege 15 secret Admin01pa55

#login on-success log

#ip http server

#ip domain-name ccnasecurity.com

#ip ssh version 2

#login block-for 60 attempts 2 within 30

#copy running-config startup-config

#no secure boot-image

#copy running-config startup-config

#ip route 209.165.200.224 255.255.255.248 10.1.1.1

#copy running-config startup-config

#ip route 0.0.0.0 0.0.0.0 10.2.2.2

#security passwords min-length 10

#username Admin01 privilege 15 secret Admin01pa55

#login on-success log

#ip http server

#ip domain-name ccnasecurity.com

#ip ssh version 2

#service timestamps log datetime msec

#zone security INSIDE

#class-map type inspect match-any INSIDE_PROTOCOLS

#policy-map type inspect INSIDE_TO_OUTSIDE

#zone-pair security INSIDE_TO_OUTSIDE source INSIDE

#zone-pair security INSIDE_TO_PROTOCOLS

#do show zone-pair security

#crypto isakmp enable

#crypto isakmp Site2SiteKEY1 address 209.165.200.226

#crypto ipsec transform-set TRNSFRM-SET esp-aes (256)

#ip access-list extended 101

#crypto map CMAP 1

#do show crypto map

#copy running-config startup-config

#no ip http server

#enable algorithm-type scrypt secret cisco12345

#ip domain-name ccnasecurity.com

#crypto key generate rsa general-keys modulus 1024

#ip ssh version 2

#copy running-config startup-config

#copy running-config startup-config

#copy running-config startup-config

#http server enable

You might also like