CIS-4080 Homework #2: Views, Logging, and NTP

Due: Friday, February 10, 2023

Reading: ...

Part 1

In this part you will build on the network created in Homework #1 by configuring some views as a way of organizing user access to the router's functionality.

Proceed as follows:

Views

In this section, you will create and test some views. Views are described starting on slide #20 of Securing Net Devices, Part 2.

1. The file homework-02.pkt is a file you can use as a starting point for this assignment. It is, in effect, the solution to Homework #1 and has all the configuration specified by that previous assignment already completed (alternatively, you could use your own solution to Homework #1 if you are confident that it is correct).

2. Create a view named RELOAD-VIEW that contains only the reload command. Create a second view named MONITOR-VIEW that contains the show ip route command. This view can be used to monitor the router's routing table. In both cases, use a view secret of "class" (no quotes).

3. Create a new user student with password frenchfry, using privilege level 0.

4. Do not forget! Copy the running configuration on R1 to the startup configuration so that you don't lose your changes if R1 is rebooted.

5. Verify the functionality of this configuration. The student user should be able to log in and see the routing table after enabling the MONITOR-VIEW, but not be able to do anything else. [NOTE: In "real life" the view passwords would be different so that students would not able to access the other views.] What commands are available to the student user immediately after logging in (i.e., at privilege level 0)? The jr-admin user should be able to log in, enable the RELOAD-VIEW, and then reboot the router.

Logging

In this section you will configure syslog-style logging via a log server.

1. Add a server system to your network model, connecting it to the switch on the 192.168.1.0/24 subnetwork. Use an IP address of 192.168.1.253 for the server and give it the name "Fluffy". Verify that Fluffy can ping the other systems in the network (specifically Carol's system; that checks Fluffy's IP address assignment and default gateway setting).

2. On Fluffy, verify that the SYSLOG service is turned on (it should be on by default). Enable the DNS service and add the name "fluffy" with address 192.168.1.253 to the DNS database.

3. On R1 enable DNS lookup (this undoes one of the steps in the "Basic Settings" you did in the last assignment). You will need to specify the location of the name server using its IP address.

         R1(config)# ip name-server 192.168.1.253
         R1(config)# ip domain lookup
       

   Check your work by doing the following:

         R1# ping fluffy
       

4. Configure R1 to add a loop back interface with an IP address of 192.168.100.1/32. This can be done as follows:

         R1(config)# interface Loopback 0
         R1(config-if)# ip address 192.168.100.1 255.255.255.255
         R1(config-if)# no shutdown
         R1(config-if)# exit
       

   We will use addresses in the range 192.168.100.1 through 192.168.100.254 for loop back interfaces. But to conserve address space, since these interfaces can't be connected to a real network, we will use "host addresses" with a full-sized netmask. This causes only one address to exist on each loop back interface. The router can still be reached by using this address.

   Add the name "R1" to Fluffy's DNS database using the loop back interface address you just configured. Check your work using Alice's workstation to SSH to the router using a command such as:

         C:\> ssh -l admin R1
       

   OPTIONAL: Feel free to add DNS entries for the other systems in the network (alice, bob, mallory, carol). You will also need to configure the PCs to use 192.168.1.253 as their DNS server. After doing this you should be able to, for example, open Carol's workstation and do:

         C:\> ping alice
       

5. Configure the router R1 to send all syslog-style log messages to Fluffy. The configuration process is described starting on Slide #13 of Securing Net Devices, Part 3.

   Check your work by generating a log message on R1 (for example, when you leave configuration mode a level 5 message is generated), and verify that it appears in Fluffy's SYSLOG service.

6. Do not forget! Copy the running configuration on R1 to the startup configuration so that you don't lose your changes if R1 is rebooted.

Submit to Canvas your modified homework-02.pkt

Last Revised: 2023-02-08
© Copyright 2023 by Peter C. Chapin <pchapin@vtc.edu>