Content

Securing Networks with Cisco Routers and Switches v2.0

This set of lab exercises (lab bundle) contains all the exercises associated with the Securing Networks with Cisco Routers and Switches (SNRS) v2.0 course. The labs address all aspects of security - from layer-2 security to layer-3 secure Virtual Private Networks (VPNs) with IPsec and application-layer security including firewalls. The last exercise in the bundle addresses Intrusion Prevention Systems (IPS) as well.

Content

This set of lab exercises contains the following exercises:

Objectives

Upon finishing this set of exercises, you will be able to:
Mitigate MAC address table overflow and MAC spoofing attacks

  • Mitigate STP manipulation attacks
  • Mitigate Private VLAN bypass attacks
  • Mitigate DHCP attacks
  • Install Cisco Secure ACS 4.1 for Windows
  • Take a tour of the Cisco Secure ACS user interface
  • Configure the Cisco Secure ACS database for authentication
  • Configure the switch to authenticate network administrators against the Cisco Secure database
  • Configure separate per-user enable passwords
  • Configure 802.1x
  • Configure Control-Plane Policing (CoPP)
  • Configure a port-filter policy
  • Configure a queue-threshold policy
  • Configure Management Plane Protection (MPP)
  • Configure IKE parameters on both peers
  • Create and apply traffic protection (IPsec) rules
  • Establish the IPsec tunnel
  • Enroll routers into the PKI
  • Configure IKE parameters on both peers
  • Create and apply traffic protection (IPsec) rules
  • Establish the IPsec tunnel
  • Configure the tunnel interface
  • Configure IKE and IPsec policies on VPN routers
  • Configure DMVPN hub
  • Configure DMVPN spokes
  • Configure EIGRP across DMVPN for hub-and-spoke-only connectivity
  • Configure EIGRP across DMVPN for direct spoke-to-spoke connectivity
  • Configure AAA for SSL VPN (WebVPN)
  • Configure DNS for SSL VPN
  • Configure certificates and trustpoints for SSL VPN
  • Configure a SSL VPN gateway
  • Configure a SSL VPN context
  • Verify SSL VPN operation
  • Configure a Cisco IOS router with the Easy VPN functionality
  • Configure Mode Config for local authorization of VPN groups
  • Configure Extended Authentication for local authentication of VPN users
  • Install and configure Cisco VPN Client software
  • Test and monitor remote access connections from the Cisco VPN Client to the Easy VPN server
  • Configure Easy VPN Client on a Cisco IOS router
  • Test and monitor remote access connections from an IOS-based Easy VPN Client to the Easy VPN server
  • Enable syslog logging and the CBAC audit trail
  • Configure traffic filtering using CBAC and ACLs
  • Define an application firewall policy for IM and configure protocol-specific rules
  • Define an application firewall policy for HTTP and configure protocol-specific rules
  • Apply an application policy to a firewall for inspection
  • Configure a zone security policy
  • Create a security zone and assign interfaces to a security zone
  • Apply a policy to a zone pair
  • Modify the zone security policy
  • Configure CBAC firewalling
  • Configure the router for AAA services
  • Configure the user database on the AAA server
  • Configure the authentication proxy feature
  • Configure auth-proxy for telnet
  • Initialize IPS
  • Load signatures
  • Fine-tune IPS

Importance

The lab exercises in the bundle are of utmost importance for all network engineers and designers involved in designing, implementing and operating security solutions based on Cisco IOS security.

Target Audience

The primary audience for this course comprises network engineers and systems engineer responsible for security solutions deployment.

Prerequisite Knowledge

Cisco Certified Network Associate (CCNA) certification

  • Basic experience with the Windows operating system
  • Basic skills in configuring Cisco IOS and familiarity with network security concepts