Download What is Cisco SDM? - College of DuPage

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
Document related concepts

Power over Ethernet wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Spanning Tree Protocol wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Cisco Systems wikipedia , lookup

Transcript 
Network Security
Accessing the WAN – Chapter 4 - PART II
Modified by Tony Chen
07/20/2008
ITE I Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Notes:

If you see any mistake on my PowerPoint slides or if
you have any questions about the materials, please
feel free to email me at [email protected].
Thanks!
Tony Chen
College of DuPage
Cisco Networking Academy
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
2
What is Cisco SDM?
 The Cisco Security Device Manager (SDM) is a
web-based device-management tool designed
for configuring LAN, WAN, and security features
on Cisco IOS software-based routers.
–It provides easy-to-use smart wizards,
–automates router security management,
–assists through comprehensive online help.
 Cisco SDM ships preinstalled by default on all
new Cisco integrated services routers.
–If it is not preinstalled, you will have to install it.
–If SDM is pre-installed, Cisco recommends using
Cisco SDM to perform the initial configuration
 SDM files can be installed on router, PC, or
both.
–An advantage of installing SDM on the PC is that
it saves router memory, and allows you to use
SDM to manage other routers on the network..
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
Cisco SDM Features
 Cisco SDM simplifies router and security
configuration through the use of intelligent
wizards to enable efficient configuration of key
router VPN and Cisco IOS firewall parameters.
 Cisco SDM smart wizards
–guide users step-by-step through router and
security configuration workflow by systematically
configuring LAN and WAN interfaces, firewall,
IPS, and VPNs.
–intelligently detect incorrect configurations and
propose fixes, such as allowing DHCP traffic
through a firewall if the WAN interface is DHCPaddressed.
 Online help embedded within Cisco SDM
contains appropriate background information.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
4
Configuring Router to Support SDM
 Before you can install SDM on an
operational router, you must ensure that
a few configuration settings are present
in the router configuration file.
–Step 1. Access the router's Cisco CLI
interface using Telnet or the console
connection
–Step 2. Enable the HTTP and HTTPS
servers on the router
–Step 3 Create a user account defined with
privilege level 15 (enable privileges).
–Step 4 Configure SSH and Telnet for local
login and privilege level 15.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
Starting Cisco SDM
 To launch the Cisco SDM use the HTTPS
protocol and put the IP address of the router into
the browser.
–The figure shows the browser with an address of
https://198.162.20.1 and the launch page for
Cisco SDM.
–The http:// prefix can be used if SSL is not
available.
 When the username and password dialog box
appears (not shown), enter a username and
password for the privileged (privilege level 15)
account on the router.
 After the launch page appears a signed Cisco
SDM Java applet appears which must remain
open while Cisco SDM is running.
–Because it is a signed Cisco SDM Java applet you
may be prompted to accept a certificate.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
6
Cisco SDM Home Page Overview
 After you logged in, the Overview page displays
–the router model,
–total amount of memory,
–the versions of flash, IOS, and SDM,
–the hardware installed,
–a summary of security features, such as firewall
status and the number of active VPN connections.
 Specifically, it provides basic information about:
–Menu bar - The top of the screen has a typical
menu bar with File, Edit, View, Tools, and Help.
–Tool bar - Below the menu bar, it has the SDM
wizards and modes you can select.
–Router information - The current mode is
displayed on the left side under the tool bar.
–Configuration overview - Summarizes the
configuration settings.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
7
About Your Router Area
 The area of the SDM page that shows:
–Host Name - It shows the configured hostname for
the router, which is RouterX
–Hardware - It shows the router model number, the
available and total amounts of RAM available, and
the amount of Flash memory available.
–Software - It describes the Cisco IOS software
and Cisco SDM versions running on the router.
–The Feature Availability bar, found across the
bottom of the About Your Router tab, shows the
features available in the Cisco IOS image that the
router is using.
•If the indicator beside each feature is green, the
feature is available.
•If it is red it is not available.
•Check marks show that the feature is
configured.
•In the figure, it shows that IP, firewall, VPN, IPS,
and NAC are available, but only IP is configured.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
8
Configuration Overview Area
 Interfaces and Connections –
–the number of connections that are up and down,
–the total number of LAN and WAN interfaces that are
present in the router, and the number of LAN and WAN
interfaces currently configured on the router.
–It also displays DHCP information.
 Firewall Policies –
–if a firewall is in place, it displays
–the number of trusted (inside) interfaces, untrusted
(outside) interfaces, and DMZ interfaces.
–It also displays the name of the interface to which a
firewall has been applied, and if the NAT rule has been
applied to this interface.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
9
Configuration Overview Area
 VPN –
–It displays the number of active VPN connections,
–the number of configured site-to-site VPN
connections,
–the number of active VPN clients.
 Routing –
–This area displays the number of static routes and
which routing protocols are configured.
 Intrusion Prevention
 View Running Config
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
10
Cisco SDM Wizard
 Cisco SDM provides a number of
wizards to help you configure a
Cisco ISR router.
– The figure shows various Cisco SDM
GUI screens for the Basic NAT
wizard.
– NAT is discussed later in the IP
Addressing Services sections
course.
 Check
http://www.cisco.com/go/sdm for
the latest information about the
Cisco SDM wizards and the
interfaces they support.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
11
Locking Down a Router with Cisco SDM
 The one-step lockdown wizard is accessed
from the Configure GUI interface by clicking
the Security Audit task.
–The Cisco SDM one-step lockdown wizard
implements almost all of the security
configurations that Cisco AutoSecure offers.
 Do not assume that the network is secure
simply because you executed a one-step
lockdown.
–Not all the features of Cisco AutoSecure are
implemented in Cisco SDM.
–AutoSecure features that are implemented
differently in Cisco SDM include the following:
• SDM Disables SNMP, and does not configure
SNMP version 3.
• Enables and configures SSH on crypto Cisco IOS
images
• Does not enable Service Control Point or disable
other access and file transfer services, such as
FTP.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
 Check the
accuracy of these
statements
12
Locking Down a Router with Cisco SDM
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
13
Maintaining Cisco IOS Software Images
 There are certain guidelines that you must follow when
changing the Cisco IOS software on a router.
–Updates: An update replaces one release with another
without upgrading the feature set.
• The software might be updated to fix a bug
• Updates are free.
–Upgrades: An upgrade replaces a release with one that has
an upgraded feature set.
• Software is upgraded to add new features or technologies
• Upgrades are not free.
–It is not always a good idea to upgrade to the latest version
of IOS software. Many times that release is not stable.
 Cisco recommends a four-phase migration process to
simplify network operations and management.
–Plan - Set goals, identify resources, profile network hardware and
software, and create a schedule for migrating to new releases.
–Design - Choose new Cisco IOS releases.
–Implement - Schedule and execute the migration.
–Operate - Monitor the migration progress and make backup copies of
images that are running on your network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
14
Maintaining Cisco IOS Software Images
 There are a number of tools available on Cisco.com to
aid in migrating Cisco IOS software.
 The following tools do not require a Cisco.com login:
–Cisco IOS Reference Guide - Covers the basics of the Cisco IOS
software family
–Cisco IOS software technical documents - Documentation for each
release of Cisco IOS software
–Cisco Feature Navigator - Finds releases that support a set of
software features and hardware, and compares releases
 The following tools require valid Cisco.com login
accounts:
–Download Software - Cisco IOS software downloads
–Bug Toolkit - Searches for known software fixes based on software
version, feature set, and keywords
–Software Advisor - Compares releases, matches Cisco IOS
software and Cisco Catalyst OS features to releases, and finds out
which software release supports a given hardware device
–Cisco IOS Upgrade Planner - Finds releases by hardware, release,
and feature set, and downloads images of Cisco IOS software
 For a complete listing of tools available, go to
http://www.cisco.com/en/US/support/tsd_most_requested_tools.html.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
15
Cisco IOS File Systems and Devices
 Cisco IOS devices provide a feature called the Cisco
IOS Integrated File System (IFS).
– The directories available depend on the platform.
– The show file systems command lists all file systems.
• It provides information such as the amount of available
and free memory, type of file system and its permissions.
• Permissions include read only (ro), write only (wo), and
read and write (rw).
 Flash
– The flash file system has an asterisks preceding it
indicates that this is the current default file system.
– the pound symbol (#) appended to the flash listing
indicates that this is a bootable disk.
– It contains the file of the current IOS running in RAM.
 NVRAM
– To change the file system using the cd command.
– The pwd command verifies that are in NVRAM
– The dir command lists the contents of NVRAM.
– It contains the startup-configuration file.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
16
URL Prefixes for Cisco Devices
 Administrators do not have visual cues when
working at a router CLI.
–File locations are specified in Cisco IFS using the
URL convention.
–The URLs used by Cisco IOS platforms look
similar to the format you know from the web.
 For instance, the TFTP example in the figure is:
tftp://192.168.20.254/configs/backup-configs.
–The expression "tftp:" is called the prefix.
–Everything after the double-slash (//) defines the
location.
–192.168.20.254 is the location of the TFTP server.
–"configs" is the master directory.
–"backup-configs" is the filename.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
17
Commands for Managing Configuration Files
 The copy command is used to move files from one device to
another, such as RAM, NVRAM, or a TFTP server.
– The examples list two methods to accomplish the same tasks.
 Copy the running configuration from RAM to the startup
configuration in NVRAM:
– R2# copy running-config startup-config
– R2# copy system:running-config nvram:startup-config
 Copy running configuration from RAM to a remote location:
– R2# copy running-config tftp:
– R2# copy system:running-config tftp:
 Copy configuration from a remote to the running configuration:
– R2# copy tftp: running-config
– R2# copy tftp: system:running-config
 Copy configuration from a remote to the startup configuration:
– R2# copy tftp: startup-config
– R2# copy tftp: nvram:startup-config
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
18
Cisco IOS File Naming Conventions
 The IOS image file is based on a special naming
convention. The name for the Cisco IOS image file
contains multiple parts, each with a specific meaning.
– The first part, c1841, identifies the platform on which
the image runs. In this example, is a Cisco 1841.
– The second part, ipbase, specifies the feature set. In
this case, "ipbase" refers to the basic IP
internetworking image. Other feature set possibilities:
• i - Designates the IP feature set
• j - Designates the enterprise feature set (all protocols)
• s - Designates a PLUS feature set
• 56i - Designates 56-bit IPsec DES encryption
• 3 - Designates the firewall/IDS
• k2 - Designates the 3DES IPsec encryption (168 bit)
– The third part, mz, indicates where the image runs and
if the file is compressed. For example, "mz" indicates
that the file runs from RAM and is compressed.
– The fourth part, 12.3-14.T7, is the version number.
– The final part, bin, is the file extension. The .bin
extension indicates that this is a binary executable file.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
19
Using TFTP Servers to Manage IOS Images
 For any network, it is always prudent to retain a
backup copy of the IOS image in case the image in
the router becomes corrupted or accidentally erased.
–Using a network TFTP server allows image and
configuration uploads and downloads over the network.
–TFTP server can be another router, or a workstation.
 Before changing a Cisco IOS image on the router,
you need to complete these tasks:
–Determine the memory required for the update.
–Set up and test the file transfer capability.
–Schedule the required downtime.
 When you are ready to do the update, follow steps:
–Shut down all interfaces not needed to perform the update.
–Back up the current operating system and the current
configuration file to a TFTP server.
–Load the update for either the operating system or the
configuration file.
–Test to confirm that the update works properly. If the tests are
successful, you can then re-enable the interfaces you disabled.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
20
Using TFTP Servers to Manage IOS Images
 A new Cisco IOS software resilient
configuration feature enables a router to
secure and maintain a working copy of
the running operating system image and
configuration so that those files can
withstand malicious attempts to erase
the contents of persistent storage
(NVRAM and flash).
–This feature is available only on platforms
that support a Personal Computer Memory
Card International Association (PCMCIA)
Advanced Technology Attachment (ATA)
disk.
–http://www.cisco.com/en/US/docs/ios/12_3t/1
2_3t8/feature/guide/gtrescfg.html
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
21
Backing up IOS Software Images
 To copy a IOS image software from flash to the
network TFTP server, follow these steps.
 Step 1. Ping the TFTP server to make sure you
have access to it.
 Step 2. Verify that the TFTP server has
sufficient disk space for the Cisco IOS image.
–Use the show flash: command to determine :
•Total amount of flash memory on the router
•Amount of flash memory available
•Name of all the files stored in the flash memory
 Step 3. Copy current file from the router to TFTP
server, using the copy flash: tftp: command.
–The command requires that you to enter the IP address
of the remote host and the name of the source and
destination system image files.
–During the copy process, exclamation points (!) indicate
the progress. Each exclamation point signifies that one
UDP segment has successfully transferred.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
22
Upgrade IOS Software Images
 Upgrading a system to a newer version requires
a different system image file to be loaded.
–Use the copy tftp: flash: command to download the new
image from the network TFTP server.
–The command prompts you for the IP address of the
remote host and the name of the source and destination
system image file.
–After these entries are confirmed, the Erase flash:
prompt appears.
•Erase flash memory if there is not sufficient flash memory
for more than one Cisco IOS image. If no free flash memory
is available, the erase routine is required before new files
can be copied.
–Each exclamation point (!) means that one UDP
segment has successfully transferred.
 Note: Make sure that the Cisco IOS image
loaded is appropriate for the router platform. If
the wrong Cisco IOS image is loaded, the router
could be made unbootable, requiring ROM
monitor (ROMmon) intervention.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
23
Using tftpdnld to Restore an IOS Image
 When an IOS on a router is accidentally deleted from
flash, the router is still operational because the IOS is
running in RAM.
–However, it is crucial that the router is not rebooted
since it would not be able to find a valid IOS in flash.
–When the router is rebooted and can no longer load an
IOS. It is now loading the ROMmon prompt by default.
 In the figure, the IOS on router R1 has accidentally
been deleted from flash. Unfortunately, the router has
been rebooted and can no longer load an IOS.
Follow the 3 steps below to restore the IOS.
–Step 1. Connect the devices.
ITE 1 Chapter 6
•
Connect the PC to the console port on the affected router.
•
Connect the TFTP server to the first Ethernet port on the router.
•
Configure it with a static IP address 192.168.1.1/24.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
24
Using tftpdnld to Restore an IOS Image
 Step 2. Set the ROMmon variables.
–Because the router does not have a valid Cisco IOS
image, the router boots into ROMmon mode.
–You must enter all of the variables listed in the figure.
Be aware of the following:
• Variable names are case sensitive.
• Do not include any spaces before or after the = symbol.
• Navigational keys are not operational.
–Although the IP addresses, subnet mask, and image
name in the figure are only examples. The actual
variables will vary depending on your configuration.
 Step 3. Enter the tftpdnld command at the prompt.
–The command displays the required variables and
warns that all existing data in flash will be erased.
–Type y to proceed, and press Enter.
–When connected, the download begins as indicated by
the exclamation mark (!) marks.
–You can use the reset command to reload the router
with the new Cisco IOS image.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
25
Using xmodem to Restore an IOS Image
 Using the tftpdnld command is a very quick way of
copying the image file.
 Another method for restoring a Cisco IOS image to a
router is by using Xmodem.
– However, the file transfer is accomplished using the
console cable and is therefore very slow when
compared to the tftpdnld command.
 Follow the 4 steps below to restore the IOS.
 Step 1. Connect the PC of the system administrator
to the console port on the affected router.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
26
Using xmodem to Restore an IOS Image
 Step 2. Boot the router and issue the xmodem
command at the ROMmon command prompt.
– The command syntax is xmodem [-cyr] [filename].
– The cyr option varies depending on the configuration.
For instance, -c specifies CRC-16, y specifies the
Ymodem protocol, and r copies the image to RAM.
 Step 3. The figure shows the process for sending a
file using HyperTerminal.
– In this case, Select Transfer > Send File.
 Step 4. Browse to the location of the IOS image you
want to transfer and choose the Xmodem protocol.
– Click Send. A dialog box appears displaying the status
of the download. It takes several seconds before the
host and the router begin transferring the information.
– The download time could be dramatically improved if
you change the connection speed of HyperTerminal
and the router from 9600 b/s to 115000 b/s.
– When the transfer is complete, the router automatically
reloads with the new Cisco IOS.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
27
Troubleshooting Cisco IOS Configurations
 Two commands that are used in network administration
– Show command.
• A show command lists the configured parameters and their values.
• Use the show command to verify configurations.
– Debug command
• The debug command allows you to trace the execution of a process.
• Use the debug command to identify traffic flows through interfaces and
router processes.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
28
Using the show Command
 The show command displays
static information.
– Use show commands when
gathering facts for isolating
problems in an internetwork,
including problems with interfaces,
nodes, media, servers, clients, or
applications.
– You may also use it frequently to
confirm that configuration changes
have been implemented.
– When you are at the command
prompt, type show ? for a list of
available show commands for the
level and mode you are operating.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
29
Using the debug Command
 The debug command displays dynamic events.
– Use debug to check the flow of protocol traffic for
problems, protocol bugs, or misconfigurations.
 By default, the router sends the output from
debug commands to the console.
– You can redirect debug output to a syslog server.
 Debugging output is assigned high priority in the
CPU process queue and can therefore interfere
with normal production processes on a network.
– use debug commands during quiet hours and only
to troubleshoot specific problems.
 All debug commands are entered in privileged
EXEC mode.
– To list a brief description of all the debugging
command options, enter the debug ? command.
 The best way to ensure there are no lingering
debugging operations running is to use the no
debug all command.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
30
Considerations when using the debug Command
 It is one thing to use debug commands to troubleshoot a lab network that lacks
end-user application traffic. It is another thing to use debug commands on a
production network that users depend on for data flow. Without proper
precautions, the impact of a broadly focused debug command could make
matters worse.
 With proper, selective, and temporary use of debug commands, you can obtain
potentially useful information without needing a protocol analyzer or other thirdparty tool.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
31
Commands Related to the debug Command
 To optimize your efficient use of the debug
command, these commands can help you:
–The service timestamps command
• is used to add a time stamp to a debug message.
• This feature provide information about when debug
elements occurred.
–The show processes command
• displays the CPU use for each process.
• This data can influence decisions about using a
debug command if it indicates that the system is too
heavily used for adding a debug command.
–The no debug all command
• disables all debug commands.
• This command can free up system resources after
you finish debugging.
–The terminal monitor command
• displays debug output and system error messages for
the current terminal and session.
• When you Telnet to a device and issue a debug
command, you will not see output unless this
commands is entered.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
32
Recovering a Lost Router Password
 Recovering a Lost Router Password
– You need physical access to the router.
– You connect your PC to the router through a
console cable.
– The enable password and the enable secret
password protect access to privileged EXEC and
configuration modes.
– The enable password can be recovered,
– The enable secret password is encrypted and
must be replaced with a new password.
 The configuration register is similar to your PC
BIOS settings, which control the bootup
process.
– In a router, a configuration register, represented
by a single hexadecimal value, tells the router
what specific steps to take when powered on.
– Configuration registers have many uses, and
password recovery is probably the most used.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
33
Recovering a Lost Router Password
 Prepare the Device
– Step 1. Connect to the console port.
– Step 2. If still have access to user EXEC mode.
• Type show version at the prompt, and record the
configuration register setting.
R>#show version
<show command output omitted>
Configuration register is 0x2102
R1>
• Configuration register is usually set to 0x2102.
• If you can no longer access the router, you can
assume it is set to 0x2102.
– Step 3. Use the power switch to turn off the
router, and then turn the router back on.
– Step 4. Press Break on the terminal keyboard
within 60 seconds of power up to put the router
into ROMmon.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
34
Recovering a Lost Router Password
 Bypass Startup
– Step 5. Type confreg 0x2142 at the rommon
1> prompt.
• This causes the router to bypass the startup
configuration where the forgotten enable
password is stored.
– Step 6. Type reset at the rommon 2> prompt.
• The router reboots, but ignores the saved
configuration.
– Step 7. Type no after each setup question, or
press Ctrl-C to skip the initial setup procedure.
– Step 8. Type enable at the Router> prompt.
• This puts you into enable mode, and you should
be able to see the Router# prompt.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
35
Recovering a Lost Router Password
 Access NVRAM
– Step 9. Type copy startup-config runningconfig to copy the NVRAM into memory.
• Be careful! Do not type copy running-config
startup-config or you will erase your startup
configuration.
– Step 10. Type show running-config to view
passwords.
• In this configuration, the shutdown
command appears under all interfaces
because all the interfaces are currently shut
down.
• Most importantly though, you can now see
the passwords (enable password, enable
secret, vty, console passwords) either in
encrypted or unencrypted format.
• You can reuse unencrypted passwords.
• You must change encrypted passwords to a
new password.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
36
Recovering a Lost Router Password
 Reset Passwords
– Step 11. Type configure terminal.
– Step 12. Type enable secret password to
change the enable secret password.
• R1(config)# enable secret cisco
– Step 13. Issue the no shutdown command
on every interface that you want to use.
• You can issue a show ip interface brief
command to confirm that your interface
configuration is correct.
– Step 14. Type config-register
configuration_register_setting.
• R1(config)#config-register 0x2102
– Step 15. Press Ctrl-Z or type end.
– Step 16. Type copy running-config startupconfig to commit the changes.
You have now completed password recovery.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
37
Chapter Summary
 In this chapter, you have learned to:
– Identify security threats to enterprise networks
– Describe methods to mitigate
security
threats to enterprise
Tony Chen
COD
networks
Cisco Networking Academy
– Configure basic router security
– Disable unused router services and interfaces
– Use the Cisco SDM one-step lockdown feature
– Manage files and software images with the Cisco IOS Integrated
File System (IFS)
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
38
Related documents
Cisco on Cisco Chevron Presentation
Cisco on Cisco Chevron Presentation
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Career Highlights - University of the Pacific
Career Highlights - University of the Pacific
Course Overview
Course Overview
Learning Services
Learning Services
Network Addressing
Network Addressing
CCNP – Cisco Certified Network Professional -Routing and
CCNP – Cisco Certified Network Professional -Routing and
Computer Networks [Opens in New Window]
Computer Networks [Opens in New Window]
cisco certified network associate
cisco certified network associate
Cisco certified network associate
Cisco certified network associate
Mobile Experience Your Way
Mobile Experience Your Way