1 / 46

Providing Teleworker Services

Providing Teleworker Services. Accessing the WAN – Chapter 6. Objectives. Describe the enterprise requirements for providing teleworker services Explain how broadband services extend Enterprise Networks including DSL, cable, and wireless

hinz
Download Presentation

Providing Teleworker Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Providing Teleworker Services Accessing the WAN– Chapter 6

  2. Objectives • Describe the enterprise requirements for providing teleworker services • Explain how broadband services extend Enterprise Networks including DSL, cable, and wireless • Describe how VPN technology provides secure teleworker services in an Enterprise setting

  3. Describe the Enterprise Requirements for Providing Teleworker Services • Describe the benefits of teleworkers for business, society and the environment.

  4. Connection Options

  5. Describe the Enterprise Requirements for Providing Teleworker Services • Describe the key differences between private and public network infrastructures

  6. Explain How Broadband Services extend Enterprise Networks

  7. Explain How Broadband Services extend Enterprise Networks • Describe how Enterprises use cable connectivity to extend their reach

  8. Explain How Broadband Services extend Enterprise Networks

  9. Explain How Broadband Services extend Enterprise Networks • Describe how Enterprises use broadband wireless connectivity to extend their reach

  10. Explain How Broadband Services extend Enterprise Networks

  11. Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting

  12. Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting • Compare site-to-site VPNs to remote-access VPNs

  13. Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting • Describe the hardware and software components that typically make up a VPN

  14. Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting • Describe the characteristics of secure VPNs

  15. Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting • Describe the concept of VPN tunneling

  16. Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting • Describe the concept of VPN encryption

  17. Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting • Describe the concept of IPsec Protocols

  18. Summary • Requirements for providing teleworker services are: • Maintains continuity of operations • Provides for increased services • Secure & reliable access to information • Cost effective • Scalable • Components needed for a teleworker to connect to an organization’s network are: • Home components • Corporate components

  19. Summary • Broadband services used • Cable • transmits signal in either direction simultaneously • DSL • requires minimal changes to existing telephone infrastructure • delivers high bandwidth data rates to customers • Wireless • increases mobility • wireless availability via: • municipal WiFi • WiMax • satellite internet

  20. Summary • Securing teleworker services • VPN security achieved through using • Advanced encryption techniques • Tunneling • Characteristics of a secure VPN • Data confidentiality • Data integrity • authentication

  21. Practise LABCCNA4 http://download.fw.sk/cviko/opakovanie4sem.pkt

  22. Network topology

  23. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Basic configuration Nitra-L2(config)# interface FastEthernet 0/0 Nitra-L2(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L2(config-if)# no shutdown Presov(config)# interface FastEthernet 0/0 Presov(config-if)# ip address 10.10.10.1 255.255.255.0 Presov(config-if)# no shutdown Nitra-L2(config)# interface Serial 0/0/0 Nitra-L2(config-if)# ip address 10.10.1.6 255.255.255.252 Nitra-L2(config-if)# no shutdown Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Nitra(config)# interface Serial 0/0/1 Nitra(config-if)# ip address 10.10.1.1 255.255.255.252 Nitra(config-if)# clock rate 128000 Nitra(config-if)# no shutdown Nitra-L1(config)# ipv6 unicast-routing Nitra-L1(config)# interface FastEthernet 0/1 Nitra-L1(config-if)# ipv6 address 2001:ac4::1/64 Nitra-L1(config-if)# no shutdown Nitra(config)# interface Serial 0/1/0 Nitra(config-if)# ip address 10.10.1.5 255.255.255.252 Nitra(config-if)# clock rate 128000 Nitra(config-if)# no shutdown Nitra-L2(config)# ipv6 unicast-routing Nitra-L2(config)# interface FastEthernet 0/1 Nitra-L2(config-if)# ipv6 address 2001:ac2::1/64 Nitra-L2(config-if)# no shutdown BA-GW(config)# interface FastEthernet 0/1 BA-GW(config-if)# ip address 10.10.254.1 255.255.255.0 BA-GW(config-if)# no shutdown Nitra-L1(config)# interface Serial 0/0/0 Nitra-L1(config-if)# ip address 10.10.1.2 255.255.255.252 Nitra-L1(config-if)# no shutdown

  24. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown DHCP service BA-GW(config)# ip dhcp pool LAN6 BA-GW(config-dhcp)# network 10.10.254.0 255.255.255.0 BA-GW(config-dhcp)# default-route 10.10.254.1 BA-GW(config-dhcp)# dns-server 147.232.22.1 BA-GW(config-dhcp)# domain cnl.tuke.sk BA-GW(config-dhcp)# lease 0 1 30

  25. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown DHCP service Nitra-L1(config)# ip dhcp excluded-address 10.10.10.1 10.10.10.10 Nitra-L2(config)# ip dhcp excluded-address 10.10.10.1 10.10.10.10 Presov(config)# ip dhcp excluded-address 10.10.10.1 10.10.10.10 Nitra-L2(config)# ip dhcp pool LAN1 Nitra-L2(config-dhcp)# network 10.10.10.0 255.255.255.0 Nitra-L2(config-dhcp)# default-route 10.10.10.1 Nitra-L2(config-dhcp)# dns-server 147.232.22.1 Nitra-L2(config-dhcp)# domain cnl.tuke.sk Nitra-L2(config-dhcp)# lease 0 1 30 Presov(config)# ip dhcp pool LAN5 Presov(config-dhcp)# network 10.10.10.0 255.255.255.0 Presov(config-dhcp)# default-route 10.10.10.1 Presov(config-dhcp)# dns-server 147.232.22.1 Presov(config-dhcp)# domain cnl.tuke.sk Presov(config-dhcp)# lease 0 1 30 Nitra-L1(config)# ip dhcp pool LAN3 Nitra-L1(config-dhcp)# network 10.10.10.0 255.255.255.0 Nitra-L1(config-dhcp)# default-route 10.10.10.1 Nitra-L1(config-dhcp)# dns-server 147.232.22.1 Nitra-L1(config-dhcp)# domain cnl.tuke.sk Nitra-L1(config-dhcp)# lease 0 1 30

  26. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown DHCP client BA-GW(config)# interface FastEthernet 0/0 BA-GW(config-if)# ip address dhcp BA-GW(config-if)# no shutdown KE-GW(config)# interface FastEthernet 0/0 KE-GW(config-if)# ip address dhcp KE-GW(config-if)# no shutdown BA-GW# show ip route C 10.10.254.0 is directly connected, FastEthernet0/1 C 172.16.1.0 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [254/0] via 172.16.1.1 KE-GW# show ip route C 172.16.1.0 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [254/0] via 172.16.1.1

  27. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Static/Dynamic NAT Presov(config)# interface FastEthernet 0/0 Presov(config-if)# ip nat inside Presov(config)# interface Serial 0/0/0 Presov(config-if)# ip nat outside Presov(config)#ip nat inside source static 10.10.10.1 10.10.104.2 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip nat inside Nitra-L1(config)# interface Serial 0/0/0 Nitra-L1(config-if)# ip nat outside Nitra-L1(config)#ip nat inside source static 10.10.10.1 10.10.121.2 Nitra-L2(config)# interface FastEthernet 0/0 Nitra-L2(config-if)# ip nat inside Nitra-L2(config)# interface Serial 0/0/0 Nitra-L2(config-if)# ip nat outside Nitra-L2(config)#ip nat inside source static 10.10.10.1 10.10.122.2 Static/Dynamic NAT: Configure static NAT on Presov, Nitra-L1 and Nitra-L2 routers, So IP address 10.10.10.2 statically assigned in LAN1,3,5 will be Mapped to IP address: 10.10.104.2(LAN5), 10.10.121.2(LAN3), 10.10.122.2 (LAN1)

  28. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Dynamic NAT:LAN5->10.10.104.0/24 LAN3->10.10.121.0/24 LAN1->10.10.122.0/24 Nitra-L1(config)# ip nat pool POOL10.10.121.3 10.10.121.254 netmask 255.255.255.0 Nitra-L1(config)# ip access-list standard ACL Nitra-L1(config-std-nacl)# permit 10.10.10.0 0.0.0.255 Nitra-L1(config)# ip nat inside source list ACL pool POOL Nitra-L2(config)# ip nat pool POOL10.10.122.3 10.10.122.254 netmask 255.255.255.0 Nitra-L2(config)# ip access-list standard ACL Nitra-L2(config-std-nacl)# permit 10.10.10.0 0.0.0.255 Nitra-L2(config)# ip nat inside source list ACL pool POOL Presov(config)# ip nat pool POOL10.10.104.3 10.10.104.254 netmask 255.255.255.0 Presov(config)# ip access-list standard ACL Presov(config-std-nacl)# permit 10.10.10.0 0.0.0.255 Presov(config)# ip nat inside source list ACL pool POOL

  29. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown PPP (PAP,CHAP) Nitra-L1(config)# interface Serial 0/0/0 Nitra-L1(config-if)# encapsulation ppp Nitra-L1(config-if)# ppp authentication pap Nitra-L1(config-if)# ppp pap sent-username NIRLONE password n1rl0n3 Nitra-L1(config)# username NIRCENTRAL password n1rc3ntr4l Nitra-L2(config)# interface Serial 0/0/0 Nitra-L2(config-if)# encapsulation ppp Nitra-L2(config-if)# ppp authentication chap Nitra-L2(config-if)# ppp chap hostname NIRLTWO Nitra-L2(config-if)# ppp chap password n1rltw0 Nitra(config)# username NIRCENTRAL password n1rc3ntr4l Nitra(config)# interface Serial 0/1/0 Nitra(config-if)# encapsulation ppp Nitra(config-if)# ppp authentication chap Nitra(config-if)# ppp chap hostname NIRCENTRAL Nitra(config-if)# ppp chap password n1rc3ntr4l Nitra(config)# username NIRLTWO password n1rltw0 Nitra(config)# interface Serial 0/0/1 Nitra(config-if)# encapsulation ppp Nitra(config-if)# ppp authentication pap Nitra(config-if)# ppp pap sent-username NIRCENTRAL password n1rc3ntr4l Nitra(config)# username NIRLONE password n1rl0n3

  30. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown IPv6 Nitra(config)# ipv6 unicast-routing Nitra(config)# ipv6 router rip ROUTING Nitra(config)# interface Serial 0/0/1 Nitra(config-if)# ipv6 address autoconfig Nitra(config-if)# ipv6 rip ROUTING enable Nitra(config)# interface Serial 0/1/0 Nitra(config-if)# ipv6 address autoconfig Nitra(config-if)# ipv6 rip ROUTING enable Nitra-L2(config)# ipv6 router rip ROUTING Nitra-L2(config)# interface FastEthernet 0/1 Nitra-L2(config-if)# ipv6 rip ROUTING enable Nitra-L2(config)# interface Serial 0/0/0 Nitra-L2(config-if)# ipv6 address autoconfig Nitra-L2(config-if)# ipv6 rip ROUTING enable Nitra-L1(config)# ipv6 router rip ROUTING Nitra-L1(config)# interface FastEthernet 0/1 Nitra-L1(config-if)# ipv6 rip ROUTING enable Nitra-L1(config)# interface Serial 0/0/0 Nitra-L1(config-if)# ipv6 address autoconfig Nitra-L1(config-if)# ipv6 rip ROUTING enable

  31. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown IPv6 Nitra-L2#sh ipv6 route C 2001:AC2::/64 [0/0] via ::, FastEthernet0/1 L 2001:AC2::1/128 [0/0] via ::, FastEthernet0/1 R 2001:AC4::/64 [120/2] via FE80::260:2FFF:FE00:D401, Serial0/0/0 L FF00::/8 [0/0] via ::, Null0

  32. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Frame-Relay

  33. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Frame-Relay

  34. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Frame-Relay Presov(config)# interface Serial 0/0/0 Presov(config-if)# encapsulation frame-relay Presov(config-if)# frame-relay lmi-type cisco Presov(config-if)# no shutdown Presov(config)# interface Serial 0/0/0.1 multipoint Presov(config-subif)# frame-relay interface-dlci 201 Presov(config-subif)# ip address 10.10.124.4 255.255.255.0 Presov(config)# interface Serial 0/0/0.2 multipoint Presov(config-subif)# frame-relay interface-dlci 203 Presov(config-subif)# ip address 10.10.234.4 255.255.255.0 Presov(config)# interface Serial 0/0/0.402 point-to-point Presov(config-subif)# frame-relay interface-dlci 402 Presov(config-subif)# ip address 10.10.24.4 255.255.255.0 KE-GW(config)# interface Serial 0/0/0 KE-GW(config-if)# encapsulation frame-relay KE-GW(config-if)# frame-relay lmi-type cisco KE-GW(config-if)# no shutdown KE-GW(config)# interface Serial 0/0/0.1 multipoint KE-GW(config-subif)# frame-relay interface-dlci 304 KE-GW(config-subif)# frame-relay interface-dlci 302 KE-GW(config-subif)# ip address 10.10.234.3 255.255.255.0 Nitra(config)# interface Serial 0/0/0 Nitra(config-if)# encapsulation frame-relay Nitra(config-if)# frame-relay lmi-type cisco Nitra(config-if)# no shutdown Nitra(config)# interface Serial 0/0/0.1 multipoint Nitra(config-subif)# frame-relay interface-dlci 201 Nitra(config-subif)# ip address 10.10.124.2 255.255.255.0 Nitra(config)# interface Serial 0/0/0.2 multipoint Nitra(config-subif)# frame-relay interface-dlci 203 Nitra(config-subif)# ip address 10.10.234.2 255.255.255.0 Nitra(config)# interface Serial 0/0/0.204 point-to-point Nitra(config-subif)# frame-relay interface-dlci 204 Nitra(config-subif)# ip address 10.10.24.2 255.255.255.0 BA-GW(config)# interface Serial 0/0/0 BA-GW(config-if)# encapsulation frame-relay BA-GW(config-if)# frame-relay lmi-type cisco BA-GW(config-if)# no shutdown BA-GW(config)# interface Serial 0/0/0.1 multipoint BA-GW(config-subif)# frame-relay interface-dlci 104 BA-GW(config-subif)# frame-relay interface-dlci 102 BA-GW(config-subif)# ip address 10.10.124.1 255.255.255.0

  35. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Routing Nitra-L2(config)# show ip route C 10.10.1.4/30 is directly connected, Serial0/0/0 C 10.10.10.0/24 is directly connected, FastEthernet0/0 Nitra-L1(config)# show ip route C 10.10.1.0/30 is directly connected, Serial0/0/0 C 10.10.10.0/24 is directly connected, FastEthernet0/0 Nitra-L1(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.1 Nitra-L2(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.5

  36. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Routing Nitra# show ip route C 10.10.1.0/30 is directly connected, Serial0/0/1 C 10.10.1.4/30 is directly connected, Serial0/1/0 C 10.10.24.0/24 is directly connected, Serial0/0/0.204 C 10.10.124.0/24 is directly connected, Serial0/0/0.1 C 10.10.234.0/24 is directly connected, Serial0/0/0.2 Nitra(config)# ip route 10.10.121.0 255.255.255.0 10.10.1.2 Nitra(config)# ip route 10.10.122.0 255.255.255.0 10.10.1.6 Nitra(config)# ip route 10.10.104.0 255.255.255.0 10.10.24.4 Nitra(config)#ip route 0.0.0.0 0.0.0.0 10.10.124.1 10 Nitra(config)#ip route 0.0.0.0 0.0.0.0 10.10.234.3 20

  37. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Routing Presov# show ip route C 10.10.10.0 is directly connected, FastEthernet0/0 C 10.10.24.0 is directly connected, Serial0/0/0.402 C 10.10.124.0 is directly connected, Serial0/0/0.1 C 10.10.234.0 is directly connected, Serial0/0/0.2 Presov(config)# ip route 10.10.121.0 255.255.255.0 10.10.24.2 Presov(config)# ip route 10.10.122.0 255.255.255.0 10.10.24.2 Presov(config)#ip route 0.0.0.0 0.0.0.0 10.10.124.1 10 Presov(config)#ip route 0.0.0.0 0.0.0.0 10.10.234.3 20 Presov(config)# Interface Serial 0/0/0.1 Presov(config-subif)# ip nat outside Presov(config)# Interface Serial 0/0/0.2 Presov(config-subif)# ip nat outside Presov(config)# Interface Serial 0/0/0.402 Presov(config-subif)# ip nat outside

  38. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Routing BA-GW(config)# ip route 10.10.121.0 255.255.255.0 10.10.124.2 BA-GW(config)# ip route 10.10.122.0 255.255.255.0 10.10.124.2 BA-GW(config)# ip route 10.10.104.0 255.255.255.0 10.10.124.4 BA-GW# show ip route C 10.10.124.0 is directly connected, Serial0/0/0.1 C 10.10.254.0 is directly connected, FastEthernet0/1 C 172.16.1.0 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [254/0] via 172.16.1.1 KE-GW(config)# ip route 10.10.121.0 255.255.255.0 10.10.234.2 KE-GW(config)# ip route 10.10.122.0 255.255.255.0 10.10.234.2 KE-GW(config)# ip route 10.10.104.0 255.255.255.0 10.10.234.4

  39. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Port Address Translation KE-GW(config)# ip access-list standard NAT KE-GW(config-std-nacl)# permit 10.10.254.0 0.0.0.255 KE-GW(config-std-nacl)# permit 10.10.121.0 0.0.0.255 KE-GW(config-std-nacl)# permit 10.10.122.0 0.0.0.255 KE-GW(config-std-nacl)# permit 10.10.104.0 0.0.0.255 KE-GW(config)#ip nat inside source list NAT interface Fa0/0 overload KE-GW(config)# interface FastEthernet 0/0 KE-GW(config-if)# ip nat outside KE-GW(config)# interface Serial 0/0/0.2 KE-GW(config-subif)# ip nat inside BA-GW(config)# ip access-list standard NAT BA-GW(config-std-nacl)# permit 10.10.254.0 0.0.0.255 BA-GW(config-std-nacl)# permit 10.10.121.0 0.0.0.255 BA-GW(config-std-nacl)# permit 10.10.122.0 0.0.0.255 BA-GW(config-std-nacl)# permit 10.10.104.0 0.0.0.255 BA-GW(config)#ip nat inside source list NAT interface Fa0/0 overload BA-GW(config)# interface FastEthernet 0/0 BA-GW(config-if)# ip nat outside BA-GW(config)# interface FastEthernet 0/1 BA-GW(config-if)# ip nat inside BA-GW(config)# interface Serial 0/0/0.1 BA-GW(config-subif)# ip nat inside

  40. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Access control lists Nitra-L1(config)# ip access-list extended FILTER Nitra-L1(config-ext-nacl)# permit icmp any any Nitra-L1(config-ext-nacl)# permit tcp any any eq 110 Nitra-L1(config-ext-nacl)# permit tcp any any eq 995 Nitra-L1(config-ext-nacl)# permit tcp any any eq 25 Nitra-L1(config-ext-nacl)# permit tcp any any eq 143 Nitra-L1(config-ext-nacl)# deny ip any 10.10.104.0 0.0.0.255 Nitra-L1(config-ext-nacl)# permit ip any any Allow communication between LAN3 and LAN5 only when ICMP,POP3, SMTP or IMAP protocol is used. Nitra-L1(config)# interface Serial 0/0/0 Nitra-L1(config-if)# ip access-group FILTER out

  41. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Access control lists Presov(config)# ip access-list extended FILTER Presov(config-ext-nacl)# permit icmp any any Presov(config-ext-nacl)# permit tcp any any eq 110 Presov(config-ext-nacl)# permit tcp any any eq 995 Presov(config-ext-nacl)# permit tcp any any eq 25 Presov(config-ext-nacl)# permit tcp any any eq 143 Presov(config-ext-nacl)# deny ip any 10.10.121.0 0.0.0.255 Presov(config-ext-nacl)# permit ip any any Presov(config)# interface FastEthernet 0/0 Presov(config-if)# ip access-group FILTER in

  42. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Access control lists Nitra(config)# ip access-list standard VTYFILTER Nitra(config-std-nacl)# permit 10.10.254.128 0.0.0.127 Nitra(config)# line vty 0 4 Nitra(config-line)# ip access-class VTYFILTER in Allow access to virtual terminal of Nitra router only from the upper half of LAN6 address space (10.10.254.129 – 10.10.254.254)

  43. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Security - SSH Nitra(config)# ip domain-name cnl.tuke.sk Nitra(config)# crypto key generate rsa Nitra(config)# ip ssh version 2 Nitra(config)# line vty 0 4 Nitra(config-line)# transport input ssh

  44. Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Security – local user database BA-GW(config)# username cisco password cisco BA-GW(config)# line console 0 BA-GW(config-line)# login local KE-GW(config)# username cisco password cisco KE-GW(config)# line console 0 KE-GW(config-line)# login local

More Related