Cont security password min length 8 aaa local

Info icon This preview shows pages 52–63. Sign up to view the full content.

View Full Document Right Arrow Icon
cont’ Security password min-length 8 Aaa local authentication attempts max-fail 3 Show aaa local user lockout Do clear aaa local user lockout all Login block-for 300 attempts 10 within 60 Ip domian-name teddy.com Crypto key generate rsa modules 1024 Ip http server Ip http secure-server Ip http authentication local Line vty 0 4 Transport input ssh exit
Image of page 52

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
11 - RSA SSH Authentication Our SSH Authentication done by using RSA On router SSH setup on router Add user’s key to pubkey-chain On ubuntu Ssh-keygen –t rsa cd .ssh Ls –l Less id_rsa.pub
Image of page 53
Cont’ For windows use this puttygen.exe The router need public key and client need private key for verification. Username keith privilege 15 secret cisco123 Ip ssh pubkey-chain Username keith Key-string Past the public key Exit End Show run | section ssh(to see the hash associated with public key)
Image of page 54

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Show run | begin line To specify management protocol allowed interface Control-plane host Management-interface gig 1/0 allow https ssh
Image of page 55
12 - SNMPv3 - CPPr CPPr:control plane protection Control Plane Protection (CPPr) can be used to restrict and/or police control plane traffic destined to the route processor of the Cisco IOS devic SNMPv3 support Authentication Encryption(Priv) Integrity Show clock Pacific Standard Time, Pacific Time (PT) Coordinated Universal Time (UTC) Clock timezone PST -8(8 hours off when we compare with UTC)
Image of page 56

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Clock summer-time PDT recurring(use this for Daylight saving time zone) Do clock set 4:13:55 Apr 17 2017(to set time) Do debug ntp packet Do ping 38.229.71.1 repeat 1 Ntp server 38.229.71.1 Do show ntp associations Do show ntp status Do show ntp associations detail
Image of page 57
Cont’ Ntp authentication Ntp authentication-key 1 mds cisco123 Ntp trusted-key 1 Ntp authenticate To send information to other device Logging on Logging buffered informational Logging host 192.168.1.23 Logging trap debugging(any thing at level 7 or below regarding sys send to syslog server )
Image of page 58

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Do show logging Do debug ip icmp Do ping 8.8.8.8 Do undebug all snmp-server engineID local 123456789A Do show access-list 5
Image of page 59
Cont’ No auth no priv(noauth) Auth no priv(auth) Auth +priv(priv) Snmp-server group G1 v3 priv access 5 Snmp-server user U1 G1 v3 auth sha a-pass priv aes 128 e-pass Do show run | inc U1(we don’t see any thing because it is secured and not found in run-conf.it stored a private section of NVRAM) Do show snmp user(to see on snmp user)
Image of page 60

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Snmp-server host 192.168.1.23 traps version 3 auth U1 Snmp-server enable traps syslog Do show process cpu Ip access-list extended LIMIT-ACL Permit udp any any eq snmp Permit tcp any any eq 22 exit
Image of page 61
Cont’ Class-map LIMIT-CLASS Match access-group name LIMIT-ACL Exit Policy-map LIMIT-POLICY Class LIMIT-CLASS
Image of page 62

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 63
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern