Download pdf - Free Books

More documents

Recommendations

Info

IPexpert’s Ultimate Preparation Workbook for the CCIE Security Lab Exam – Version 4.1 Section 13 Setup authorization for User2 such that the user can type all commands specified in Privilege Level 7. Privilege Level 7 should allow the user to type all commands for snmpserver in global configuration mode. This privilege level should also allow the user to change the hostname of the Router. f) Configure Accounting for all commands typed by users from Telnet. You should be able to charge the users based on usage times. g) Only allow VLAN 6 to be able to telnet into R2. 5.2 - HTTP Management (2 Points) a) Configure HTTP Management on R2. b) Only Users from the VLAN 49 should be able to manage this router through HTTP. c) HTTP should authenticate to the already configured AAA. 5.3 – ASA Management (2 points) 1. ASA1 is configured to allow SSH management. Configure ASA1 to authenticate SSH sessions via TACACS+. Create a user asamgr with password !p3xp3rt on the ACS server. Verify that you can connect to ASA1 via SSH from R2. 6 - IP Services Configuration (8 Points) 6.1 - Creating Core Dumps (2 Points) a) Configure R5 to send a Core Dump to a TFTP Server located at 192.1.12.100. b) Set the Dump size to 32768. c) The router should use the source address of 5.5.5.5, the Loopback address on R5. 6.2 - DHCP Server (4 Points) a) Enable R4 as a DHCP Server with the following information: IP ADDRESS : 192.1.49.0/24 WINS ADDRESS : 192.1.49.135 DNS ADDRESS : 192.1.49.53 DEFAULT GATEWAY : 192.1.49.4 LEASE TIME : 6 Days b) Enable conflict logging on R4. c) Configure option 19 to tell the client should configure its IP layer for packet forwarding. d) Specifies four ping attempts by the DHCP server before ceasing any further ping attempts. e) Configure switch1 for DHCP snooping for this VLAN. Copyright IPexpert, Inc. (http://www.ipexpert.com) 2007. All Rights Reserved. 105
Section 13 IPexpert’s Ultimate Preparation Workbook for the CCIE Security Lab Exam – Version 4.1 6.3 - NTP (2 Points) a) Configure R2 as the NTP clock master. b) Configure R6 to use NTP clock from R2 in a secured way. R2 should not have any NTP authentication keys configured to achieve this task. 7 - Virtual Private Networks Configuration (18 Points) 7.1 - Basic Concentrator Configuration (3 Points) a) Configure the IP Address of the Private Interface through the CLI. b) The Public interface should be configured from the Graphical interface. c) Make sure the PC can access the Concentrator. You are allowed a static route on the Concentrator to accomplish this. d) Configure the concentrator to send routes using RIP on the private interface. e) Configure a Default Route on the Public Interface pointing towards R2. 7.2 - Setup a Site-to-Site IPSec VPN between the Concentrator and R5 (4 Points) a) Encrypt traffic between the 10.2.2.0/24 and 10.5.5.0/24 networks using the following parameters: Authentication is based on Pre-shared key of ccie. Use MD5 for the Hashing algorithm. Use defaults for the rest of the ISAKMP parameters. For IPSec, use ESP-DES for encryption and ESP-SHA-HMAC for Data Authentication in Tunnel Mode. b) You can use static routes on R5 and R1 to accomplish this. 7.3 - Setup a Remote Access VPN from the Cisco Secure Client and the Concentrator (4 points) a) Use the following parameters to setup Concentrator with the following options: Assign IP Address in the range of 10.3.3.1 – 10.3.3.254. The pool should be created on the Concentrator. Set the username as VPNUser with a password of ccie1234. Create a group called Remote with a password of ccie. b) The network 10.3.3.0 should be propagated to R1 through RIP. 7.4 - Setup a Site-to-Site IPSec VPN between the R2 and R6 (4 Points) a) Create the following loopbacks on R2 and R6: R2 - Int loo 10 : 192.168.102.2/24 R6 - Int loo 10 : 192.168.106.6/24 b) Create a GRE tunnel from R2 S 0/1/0.6 to R6 S 4/0. Route the newly created loopbacks over the tunnel using EIGRP in AS 26. 106 Copyright IPexpert, Inc. (http://www.ipexpert.com) 2007. All Rights Reserved.
Page 1 and 2: Ultimate Lab Preparation Workbook F
Page 3 and 4: Introduction IPexpert’s Ultimate
Page 5 and 6: Introduction IPexpert’s Ultimate
Page 7 and 8: EULA IPexpert’s Ultimate Preparat
Page 9 and 10: Table of Contents IPexpert’s Ulti
Page 11 and 12: Table of Contents IPexpert’s Ulti
Page 13 and 14: Section 6 IPexpert’s Ultimate Pre
Page 15 and 16: Section 6 IPexpert’s Ultimate Pre
Page 17 and 18: Section 13 IPexpert’s Ultimate Pr
Page 21: Section 13 IPexpert’s Ultimate Pr
Page 27 and 28: IPexpert’s CCIE Security Proctor
Page 73 and 74:
IPexpert’s CCIE Security Proctor
Page 75 and 76:
IPexpert’s CCIE Security Proctor
Page 77:
IPexpert, Inc. Product Order Form F
show all

Download pdf - Free Books

Create successful ePaper yourself

Delete template?

Save as template?