리모트 접속 관리 & DNS & SSH & NTP

 

@[예제 8-1] 배너 문구 설정 preconfig.txt

[LAB-19] TELNET & SSH & NTP.txt

 

 

13.13.1.1

[Lo0]

  R1[F0/0]------------------------------------[F0/0]R4

      150.1.13.1                                          150.1.13.254

 

 

[참고] DNS 구성

 

@ R1

 

int lo 10
 ip address 168.126.63.1 255.255.255.0
 ip address 198.133.219.25 255.255.255.0 sec
 ip address 202.131.30.12 255.255.255.0 sec
 ip address 173.194.117.212 255.255.255.0 sec
!
router rip
 default-information originate
!

ip dns server
!
ip host www.cisco.com 198.133.219.25
ip host www.naver.com 202.131.30.12
ip host www.google.com 173.194.117.212

 

@ R4

 

ip domain-lookup
!
ip name-server 168.126.63.1

 

R4#ping www.cisco.com
R4#ping www.naver.com
R4#ping www.google.com

 

R4#www.cisco.com
R4#www.naver.com
R4#www.google.com

 

 

 

 

 

 

 

 

 

 

 

 

1. 다음 조건에 맞게 R2에서 Telnet 관련 설정을 실시하여라.

 

 1.1 R2로 텔넷 접속시 ‘### Welcome To R2 ###’ 배너 문구가 출력되도록 하여라.

 

R2(config)#banner motd ^ Enter TEXT message.  End with the character '^'. ### Welcome to R2 ### ^ R2(config)#

R2#exit   R2 con0 is now available Press RETURN to get started.   ### Welcome to R2 ###   User Access Verification   Password: R2>en Password: R2#

 

 

1.2 ‘admin’이라는 관리자 계정과 ‘guest’라는 사용자 계정을 통하여 텔넷 접속 가능하도록 하여라.

1.3 이때, ‘admin’ 접속 패스워드는 ‘cisco’이며, ‘guest’ 접속 패스워드는 ‘cisco1234’로 하여라.

1.4 ‘admin’ 관리자 계정은 모든 명령어를 수행할 수 있도록 하여라.

1.5 ‘guest’ 사용자 계정은 ‘undebug all’, ‘copy run start’, ‘ip address’ 명령어만 수행할 수 있도록 하여라.

1.6 R1에서 R2로 텔넷을 접속할 때, ‘R2’이라는 도메인을 이용하여 접속 가능하도록 하며, 이때, 접속 IP 주소가 보이지 않도록 하여라.

 

@ R2   username admin privilege 15 password cisco username guest privilege 5 password cisco1234 ! privilege exec level 5 undebug all privilege exec level 5 copy run start privilege exec level 5 conf t privilege configure level 5 interface privilege interface level 5 ip address ! line vty 0 4  login local

@ R1   ip host R2 13.13.2.2 ! service hide-telnet-addresses

R1#r2 Translating "r2" Trying r2 address #1 ... Open   ### Welcome to R2 ###   User Access Verification   Username: guest Password: R2# R2#erase startup-config     ^ % Invalid input detected at '^' marker.   R2#conf t Enter configuration commands, one per line.  End with CNTL/Z. R2(config)#router rip             ^ % Invalid input detected at '^' marker.   R2(config)#interface lo 0 R2(config-if)#ip address 13.13.2.2 255.255.255.0 R2(config-if)# R2#exit   [Connection closed by foreign host] R1#

 

 

1.7 Username은 ‘user’, 패스워드는 ‘cisco5678’로 사용자 계정을 추가한 이후, ‘User’ 계정으로 텔넷 접속시에 ‘show ip int brief’ 명령어가 자동으로 실행된 이후 접속 종료가 되도록 하여라.

 

@ R2   username user password cisco5678 username user autocommand show ip interface brief

R1#r2 Translating "r2" Trying r2 address #1 ... Open   ### Welcome to R2 ###   User Access Verification   Username: user Password: Interface                  IP-Address      OK? Method Status                Protocol FastEthernet0/0            unassigned      YES unset  administratively down down    FastEthernet0/1            13.13.12.2      YES manual up                    up      Serial1/0                  unassigned      YES unset  up                    up      Serial1/0.123              13.13.9.2       YES manual up                    up       Serial1/1                  unassigned      YES unset  administratively down down    Serial1/2                  unassigned      YES unset  administratively down down    Serial1/3                  unassigned      YES unset  administratively down down    Loopback0                 13.13.2.2       YES manual up                    up      [Connection closed by foreign host] R1#

 

 

 

2. R1으로 원격 접속시 텔넷은 보안상 문제가 되므로 SSH 접속만 가능하도록 설정하여라.

 

 2.1 R1으로 원격 접속시 ‘13.13.3.3’만 SSH 접속을 허용한다. (username ‘admin, password ‘cisco’)

 2.2 R1에서 SSH 설정이 완료되었다면, R3 Lo 0(13.13.3.3)를 출발지로 하여 SSH 접속을 실시하여라.

 

@ R1   username admin password cisco ! access-list 10 permit 13.13.3.3 ! line vty 0 4  transport input ssh  login local  access-class 10 in ! ip ssh logging events ! ip domain-name cisco.com ! crypto key generate rsa	@ R3   ip ssh source-interface lo 0 ! ip domain-name cisco.com ! crypto key generate rsa
	R3#ssh -v 2 -l admin 13.13.1.1   Password:   R1>
R1# *Mar  1 00:27:26.411: %SSH-5-SSH2_SESSION: SSH2 Session request from 13.13.3.3 (tty = 0) using crypto cipher 'aes128-cbc', hmac 'hmac-sha1' Succeeded R1# *Mar  1 00:27:34.491: %SSH-5-SSH2_USERAUTH: User 'admin' authentication for SSH2 Session from 13.13.3.3 (tty = 0) using crypto cipher 'aes128-cbc', hmac 'hmac-sha1' Succeeded R1# R1#show tcp brief TCB       Local Address               Foreign Address             (state) 65F33628  13.13.1.1.22                13.13.3.3.52999             ESTAB R1# R1#show ssh Connection Version Mode Encryption  Hmac         State                 Username 0          2.0     IN   aes128-cbc  hmac-sha1    Session started       admin 0          2.0    OUT  aes128-cbc  hmac-sha1    Session started       admin %No SSHv1 server connections running.
R1>exit    [Connection to 13.13.1.1 closed by foreign host] R3#

 

 

 

3. 다음 조건에 맞게 NTP 서버 및 NTP 클라이언트를 구성하여라.

 

 3.1 R5에서 라우터 시간을 현재 세계 표준 시간으로 설정하여라.

 3.2 R5를 NTP 서버로 구성하며, NTP 정보가 전송될 때 ‘13.13.5.5’로 출발지가 되도록 하여라.

 3.3 R1, R2, R3, R4를 NTP 클라이언트로 구성하며, 시간이 동기화될 때 stratum이 ‘3’이 되도록 하여라.

 3.4 이때, NTP 서버와 NTP 클라이언트 간에 NTP 정보 교환시 인증을 실시하여라.

 3.5 R1, R3는 NTP 서버로부터 시간 동기화가 시작됐다면, 우리 나라 표준 시간으로 조정하여라.

 

R5#clock set 14:00:00 24 aug 2009
@ R5   ntp source lo 0 ntp master 2 ntp authenticate ntp authentication-key 13 md5 cisco ntp trusted-key 13	@ R1, R2, R3, R4   ntp server 13.13.5.5 key 13 ntp source lo 0 ntp authenticate ntp authentication-key 13 md5 cisco ntp trusted-key 13 ! clock timezone KST +9
R1#show clock detail 23:01:28.495 KST Mon Aug 24 2009 Time source is NTP R1# R1#show ntp status Clock is synchronized, stratum 3, reference is 13.13.5.5 nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18 reference time is CE3D1BA3.27EBF717 (23:01:07.155 KST Mon Aug 24 2009) clock offset is -1637.8208 msec, root delay is 20.00 msec root dispersion is 2454.85 msec, peer dispersion is 816.99 msec