Part 1: Configure Basic Switch Security Configure the following on S1: o Privileged EXEC mode encrypted password is ciscoenpa44. o Console line password is ciscoconpa44, exec-timeout is 10 minutes, and enable login. o Password for the VTY lines is ciscovtypa44, exec-timeout is 10 minutes, enable login, and add the logging synchronous command. o Encrypt all plaintext passwords. Configure the following on S3: o An MOTD banner should include the word unauthorized. o Shut down all unused physical ports on the switch. o Enable port security on F0/3, where the MAC address should be dynamically learned and added to the running configuration. Part 2: Configure Basic Router Security Configure the following on R3: o Minimum password length is 10 characters. o Privileged EXEC mode encrypted password is ciscoenpa44. Enable SSH connections on R3as follows: o The domain name is skillsexam.com o It will only allow 2 authentication attempts. o It will timeout after 120 seconds. o Create a user account of Admin03 in the local database of the router with a secret password of Admin03pa44. o The RSA key should be generated with 1024 modulus bits. o Only SSH is allowed on the VTY lines. o Verify the SSH configuration SSH to R3 from the command prompt of PC-B and PC-C. Part 3: Configure AAA Authentication Configure AAA Local Authenticationon R2 as follows: o Create a local user account of Admin02 with a secret password of Admin02pa44. o Enable AAA services. o Configure a named list called Co-Login to authenticate logins using local AAA. o Configure the line console to use the defined named AAA method. o Verify the user EXEC login using the local database. Part 4: Configure Access Control Lists Configure a Numbered IP ACL 110 on R3 as follows: o Verify that PC-A can access both HTTP and HTTPS services on the Web Server. o Create a Numbered IP ACL 110 that permit any outside host to only access HTTPS service on the Web Server. o Apply the created access list to incoming traffic on interface S0/0/1. o Verify that PC-A can only access HTTPS service on the Web Server; PC-A cannot access HTTP service anymore.

Part 1: Configure Basic Switch Security Configure the following on S1: o Privileged EXEC mode encrypted password is ciscoenpa44. o Console line password is ciscoconpa44, exec-timeout is 10 minutes, and enable login. o Password for the VTY lines is ciscovtypa44, exec-timeout is 10 minutes, enable login, and add the logging synchronous command. o Encrypt all plaintext passwords. Configure the following on S3: o An MOTD banner should include the word unauthorized. o Shut down all unused physical ports on the switch. o Enable port security on F0/3, where the MAC address should be dynamically learned and added to the running configuration. Part 2: Configure Basic Router Security Configure the following on R3: o Minimum password length is 10 characters. o Privileged EXEC mode encrypted password is ciscoenpa44. Enable SSH connections on R3as follows: o The domain name is skillsexam.com o It will only allow 2 authentication attempts. o It will timeout after 120 seconds. o Create a user account of Admin03 in the local database of the router with a secret password of Admin03pa44. o The RSA key should be generated with 1024 modulus bits. o Only SSH is allowed on the VTY lines. o Verify the SSH configuration SSH to R3 from the command prompt of PC-B and PC-C. Part 3: Configure AAA Authentication Configure AAA Local Authenticationon R2 as follows: o Create a local user account of Admin02 with a secret password of Admin02pa44. o Enable AAA services. o Configure a named list called Co-Login to authenticate logins using local AAA. o Configure the line console to use the defined named AAA method. o Verify the user EXEC login using the local database. Part 4: Configure Access Control Lists Configure a Numbered IP ACL 110 on R3 as follows: o Verify that PC-A can access both HTTP and HTTPS services on the Web Server. o Create a Numbered IP ACL 110 that permit any outside host to only access HTTPS service on the Web Server. o Apply the created access list to incoming traffic on interface S0/0/1. o Verify that PC-A can only access HTTPS service on the Web Server; PC-A cannot access HTTP service anymore.

Computer Networking: A Top-Down Approach (7th Edition)

7th Edition

ISBN:9780133594140

Author:James Kurose, Keith Ross

Publisher:James Kurose, Keith Ross

Chapter1: Computer Networks And The Internet

Section: Chapter Questions

Problem R1RQ: What is the difference between a host and an end system? List several different types of end...

See similar textbooks

Related questions

Question

plz solve

Provided with the topology, the addressing table, you are asked to configure the devices based on the questions below.

Addressing Table:

Device	Interface	IP Address	Subnet Mask	Default Gateway
R1	G0/0	10.10.10.1	255.255.255.0	N/A
S0/0/0	172.20.20.1	255.255.255.252	N/A
R2	S0/0/0	172.20.20.2	255.255.255.252	N/A
S0/0/1	172.30.30.2	255.255.255.252	N/A
R3	G0/0	10.20.20.1	255.255.255.0	N/A
S0/0/1	172.30.30.1	255.255.255.252	N/A
PC-A	NIC	10.10.10.5	255.255.255.0	10.10.10.1
RADIUS Server	NIC	10.10.10.10	255.255.255.0	10.10.10.1
PC-B	NIC	10.20.20.5	255.255.255.0	10.20.20.1
PC-C	NIC	10.20.20.6	255.255.255.0	10.20.20.1
Web Server	NIC	10.20.20.10	255.255.255.0	10.20.20.1

Part 1: Configure Basic Switch Security

Configure the following on S1:

o Privileged EXEC mode encrypted password is ciscoenpa44.

o Console line password is ciscoconpa44, exec-timeout is 10 minutes, and enable login.

o Password for the VTY lines is ciscovtypa44, exec-timeout is 10 minutes, enable login, and add the logging synchronous command.

o Encrypt all plaintext passwords.

Configure the following on S3:

o An MOTD banner should include the word unauthorized.

o Shut down all unused physical ports on the switch.

o Enable port security on F0/3, where the MAC address should be dynamically learned and added to the running configuration.

Part 2: Configure Basic Router Security

Configure the following on R3:

o Minimum password length is 10 characters.

o Privileged EXEC mode encrypted password is ciscoenpa44.

Enable SSH connections on R3as follows:

o The domain name is skillsexam.com

o It will only allow 2 authentication attempts.

o It will timeout after 120 seconds.

o Create a user account of Admin03 in the local database of the router with a secret password of Admin03pa44.

o The RSA key should be generated with 1024 modulus bits.

o Only SSH is allowed on the VTY lines.

o Verify the SSH configuration SSH to R3 from the command prompt of PC-B and PC-C.

Part 3: Configure AAA Authentication

Configure AAA Local Authenticationon R2 as follows:

o Create a local user account of Admin02 with a secret password of Admin02pa44.

o Enable AAA services.

o Configure a named list called Co-Login to authenticate logins using local AAA.

o Configure the line console to use the defined named AAA method.

o Verify the user EXEC login using the local database.

Part 4: Configure Access Control Lists

Configure a Numbered IP ACL 110 on R3 as follows:

o Verify that PC-A can access both HTTP and HTTPS services on the Web Server.

o Create a Numbered IP ACL 110 that permit any outside host to only access HTTPS service on the Web Server.

o Apply the created access list to incoming traffic on interface S0/0/1.

o Verify that PC-A can only access HTTPS service on the Web Server; PC-A cannot access HTTP service anymore.

RADIUS Server
10.10.10.10
10.10.10.0/24
Fa0/3
Fa0/1
Fa0/2
PC-A
10.10.10.5
172.20.20.0/30
GO/O
R1
50/0/0
S0/0/0
DCE
R2 S0/0/1
172.30.30.0/30
S0/0/1
DCE
R3
GO/O
Fa0/2
PC-8
10.20.20.5
10.20.20.0/24
Fa0/1
S3
Fa0/4
Fa0/3
PC-C
10.20.20.6
Web Server
10.20.20.10

Expert Solution

Trending now

This is a popular solution!

Step by step

Solved in 6 steps with 2 images

SEE SOLUTION Check out a sample Q&A here