Content

Securing Networks with Cisco Routers and Switches v3.0

This set of lab exercises (lab bundle) contains all exercises associated with the Securing Networks with Cisco Routers and Switches (SNRS) v3.0 course. The exercises address all aspects of security, from Layer 2 security to Layer 3 secure VPNs with IPsec and SSL. Lab exercises also cover application layer security with classic and zone-based firewall. The last exercise in the bundle covers IOS IPS as well.

Content

This set of lab exercises contains the following exercises:

Objectives

Upon finishing this set of exercises, you will be able to:

  • Enable DHCP snooping
  • Configure PVLAN Edge per given requirements and verify its operations
  • Configure an ACL on a router to mitigate PVLAN attacks
  • Configure a user account on Cisco Secure ACS
  • Configure Cisco Secure ACS to support a RADIUS client
  • Configure a Cisco switch as a RADIUS client, and enable 802.1X authentication globally on your switch
  • Enable 802.1X on an access port of a switch
  • Verify the Cisco IBNS configuration
  • Create VLANs for segmentation according to a security policy
  • Configure a restricted VLAN
  • Configure a guest VLAN
  • Configure Cisco Secure ACS for MAC authentication bypass
  • Configure a switch for MAC authentication bypass
  • Manually re-authenticate a client connected to a port
  • Remove MAC authentication bypass
  • Create VLANs to assign to different clients according to their identity (dynamic VLAN assignment)
  • Configure the Cisco Secure ACS interface
  • Configure Cisco Secure ACS groups to support 802.1X authentication
  • Configure Cisco Secure ACS users to support 802.1X authentication
  • Configure an unknown user policy in Cisco Secure ACS
  • Configure dynamic VLAN assignments
  • Install and use the Cisco Secure Services Client application
  • Test the dynamic VLAN assignment configuration
  • Configure OSPF to support authentication
  • Enable HTTPS and other management protocols on your router
  • Configure the SNMPv3 management protocol
  • Configure NetFlow
  • Configure the hub router to act as a CA and NTP server
  • Synchronize a clock and acquire a digital certificate for the router from the hub router
  • Configure a PKI-based site-to-site VPN with another spoke router
  • Use the CLI to verify the CA configuration
  • Use the CLI to verify and test the IPsec configuration
  • Configure a secure GRE tunnel between two spoke routers using Cisco SDM
  • Generate a mirror configuration
  • Verify and test the GRE over IPsec tunnel configuration
  • Configure spoke routers for mGRE and IPsec integration using Cisco SDM
  • Use the CLI to verify and test DMVPN operation and EIGRP routing over the DMVPN
  • Verify the DMVPN configuration using Cisco SDM
  • Configure an IKE policy for interacting with the hub router
  • Configure a router to join GET VPN
  • Use the CLI to test and verify the GET VPN configuration, and to verify routing over the GET VPN
  • Configure your router for AAA services
  • Configure Cisco Easy VPN Server
  • Configure the Cisco VPN software client
  • Verify the remote VPN connection
  • Configure Cisco Easy VPN Remote
  • Verify that the IKE and IPsec SAs have been created by testing network connectivity
  • Configure Cisco Secure ACS for Cisco IOS SSL VPN
  • Configure AAA for Cisco IOS SSL VPN
  • Configure the Cisco AnyConnect client for SSL
  • Configure Cisco IOS SSL VPN for both clientless and Full Tunnel Client services on the router using Cisco SDM
  • Add a second context to your SSL VPN configuration
  • Test clientless SSL VPN connectivity
  • Remove an ACL that blocks remote access VPN traffic
  • Test full client connectivity
  • Verify the Cisco IOS SSL VPN operation
  • Remove the Cisco IOS SSL VPN configuration
  • Configure dynamic PAT and static PAT port mapping
  • Use the CLI to verify the PAT configuration
  • Run the Advanced Firewall Wizard to configure a Cisco IOS Classic Advanced Firewall
  • Use Cisco SDM and the CLI to verify the firewall configuration
  • Test the firewall operation
  • Configure dynamic PAT and static NAT using the CLI
  • Use the CLI to verify the NAT and PAT configuration
  • Use Cisco SDM to create a Cisco IOS Zone-Based Policy Firewall
  • Examine the Cisco IOS Zone-Based Policy Firewall configuration
  • Test the Cisco IOS Zone-Based Policy Firewall operation
  • Examine a static URL list
  • Configure routers to use static lists for URL filtering
  • Verify and test URL filtering
  • Configure and test HTTP application inspection
  • Initialize IPS on the router
  • Tune a signature
  • Install Cisco IPS Manager Express
  • Test the Cisco IOS IPS configuration
  • Configure and test the Cisco IOS IPS router SEAP setting
  • Verify the Cisco IOS IPS configuration

Importance

The lab exercises in this bundle are of utmost importance for all network engineers and designers involved in designing, implementing, and operating security solutions based on Cisco IOS security.

Target Audience

The primary audience for this set of lab exercises comprises network engineers and systems engineers responsible for security solutions deployment using Cisco routers and switches. Because most of the exercises are done using the Cisco SDM, labs are suitable for administrators who wish to expedite and simplify router configuration process, as well as for less-experienced users who are not familiar with the CLI.

Prerequisite Knowledge

To successfully complete this set of lab exercises, a good knowledge of basic TCP/IP principles, as well as skills in configuring IOS security features and technologies are needed. This knowledge is best gained by attending the Securing Networks with Cisco Routers and Switches (SNRS) v3.0 course.

Right sidebar

Associated Products

SNRS

E-Course

 

Details

SNRS

Remote Lab Bundle

 

Details
  •  

Get More Info

More To Discover