C. Configure the enable secret and console passwords.

S1(config)#enable secret cisco12345 S1(config)#line console 0 S1(config-line)#password ciscoconpass S1(config-line)#exec-timeout 5 0 S1(config-line)#login S1(config-line)#logging synchronous ---------------------------------HTTP S1(config)#no ip http server S1(config)#no ip http secure-server ------------------------------------PASS LENGTH security passwords min-length 10 ------------------------------------conf console pass, exectimeout och logging synchronous line console 0 ? R1(config-line)#password ciscocon ? R1(config-line)#exec-timeout 5 0 ? R1(config-line)#login ? R1(config-line)#logging synchronous ------------------------------------Conf password for the AUX port for R R(config)#line aux 0 R(config-line)#password ciscoauxpass R(config-line)#exec-timeout 5 0 R(config-line)#login ------------------------------------Encrypt clear text passwords. R(config)# service password-encryption ------------------------------------Conf local user database ? R(config)#username user01 secret user01pass ------------------------------------p3 S1Conf local user database. Create a local user account with MD5 hashing to encrypt the password. R(config)#username Admin01 privilege 15 secret Admin01pass ------------------------------------Enable AAA services. R(config)#aaa new-model S2 Implement AAA services for console access using the local database. R(config)#aaa authentication login default local none ..................................... SSH Configure a domain name. ?R#conf t ?R(config)#ip domain-name ccnasecurity.com Configure a privileged user for login from the SSH client. ? R(config)#username admin privilege 15 secret cisco12345

? R1(config)#username admin privilege 15 secret cisco12345 ? S3 Confincoming vty lines.

? ? ? ? ?

R(config)#line vty 0 4 R(config-line)#privilege level 15 R(config-line)#login local R(config-line)#transport input ssh R(config-line)#exit

earse ? R(config)#crypto key zeroize rsa

S5 Generate RSA encryption key pair for the router. ? R(config)#crypto key generate rsa general-keys modulus 1024 ? R(config)#exit ? R(config)# ? S6: Verify SSH configuration. show ip ssh ? S7: Configure SSH timeouts and authentication parameters. ? Rconfig)#ip ssh time-out 90 ? Rconfig)#ip ssh authentication-retries 2 ???????????????????????????????????????????????????????????????????????????????? ???

SITE TO SITE S2 crypto map to the R R(config)#interface s0/0/1 R(config-if)#crypto map SDM_CMAP_1

show crypto ipsec transform-set show crypto ipsec transform-set

S2: Configure trunk ports on S and S. S1(config)#interface FastEthernet 0/1 S1(config-if)#switchport mode trunk Configure port Fa0/1 on S2 as a trunk port. S2(config)#interface FastEthernet 0/1

S2(config-if)#switchport mode trunk c. Verify that S1 port Fa0/1 is in trunking mode with the show interfaces trunk command. S1#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/1 on 802.1q trunking 1

(config)#interface FastEthernet 0/1 S(config-if)#storm-control broadcast level 50

Enable BPDU guard S1(config)#interface FastEthernet 0/5 S1(config-if)#spanning-tree bpduguard enable S1(config)#interface FastEthernet 0/6 S1(config-if)#spanning-tree bpduguard enable S2(config)#interface FastEthernet 0/18 S2(config-if)#spanning-tree bpduguard enable