Implentar la licencia de seguridad en los router necesarios

Comandos del examen mauricio

NOTA: IMPLENTAR LA LICENCIA DE SEGURIDAD EN LOS ROUTER NECESARIOS, license boot module c1900 technology-package securityk9

Hacer cambios de ROUTER RHQ**

Cambiar dirección ip en la serial s0/1/0

ip address 155.34.12.5 255.255.255.252

La dirección es: 155.34.12.1 255.255.255.252

Cambiar dirección de ip route mala:

ip route 0.0.0.0 0.0.0.0 155.34.12.4

La dirección es: ip route 0.0.0.0 0.0.0.0 155.34.12.1

=============================

Hacer cambios de ROUTER BRANCH**

Cambiar dirección ip en la serial s0/1/1

ip address 89.78.56.6 255.255.255.252

La dirección es: 89.78.56.2 255.255.255.252

Cambiar dirección de ip route mala: 0.0.0.0 0.0.0.0 89.78.56.2

La dirección es: 0.0.0.0 0.0.0.0 89.78.56.1

=============================

ITEM 2: Protección de acceso al dispositivo

===============================

1 y 2.-

security passwords min-length 10

service password-encryption

enable secret cisco12345

3.-

banner motd #SOLO ACCESO PERSONAL AUTORIZADO#

4.-

login block-for 45 attempts 3 within 60

5.-

*Acceso remoto*

ip domain-name cisco.com

crypto key generate rsa

yes

2048

ip ssh version 2

line vty 0 4

transport input ssh

login local

exec-timeout 0 30

exit

username admin secret cisco12345

ip ssh authentication-retries 2

logging host 177.32.24.254

=============================

ITEM 3: Control de acceso a dispositivos

=============================

*Creación de usuario*

*RHQ*

username tecnico1 password cisco12345

enable secret level 2 cisco12345

privilege exec level 2 configure terminal

privilege exec level 2 enable

privilege configure level 2 hostname

privilege configure level 2 router

privilege configure level 2 router eigrp

privilege configure level 2 router ospf

privilege router level 2 network

*Acceso por consola*

aaa new-model

aaa authentication login consola local

username USER15 privilege 15 secret cisco12345

(Hacer el USER15 también en el seviro-remoto AAA)

============================

*BRANCH*

aaa new-model

enable secret cisco12345

end

enable view root

cisco12345

conf ter

parser view tecnico2

secret cisco12345

commands exec include show ip route

commands exec include show flash

commands exec include show arp

ex

parser view tecnico3

secret cisco12345

commands exec include configure terminal

commands exec include interface

commands configure include ip address

commands configure include ipv6 address

commands configure include hostname

==========================================

ITEM 4: Control de Acceso por AAA y monitoreo

==========================================

*RHQ*

radius server remoto

address ipv4 177.32.24.254 auth-port 1645

key secreto123

aaa new-model

aaa authentication login default group radius local

aaa authorization exec default group radius local

*Servidor REMOTO en RHQ(en los demás)*

ntp authenticate

ntp authentication-key md5 cisco12345

ntp trusted-key 1

ntp server 177.32.24.254 key 1

para comprabar

show clock

Alumno - cisco

=========================================

ITEM 5:Protección perimetral

=========================================

*Configuración de ASA*

hostname FWASA

domain-name cisco.com

enable password cisco12345

passwd cisco12345

*Implementación DMZ en ASA*

interface Vlan1

nameif inside

security-level 100

ip address 192.168.10.1 255.255.255.0

ex

int e0/2

no shut

switchport mode access

switchport access vlan 1

interface Vlan2

nameif outside

security-level 0

ip address 201.185.88.1 255.255.255.248

ex

int e0/0

switchport mode access

switchport access vlan 2

interface Vlan3

...