CBT IT Certification Training

Unlimited IT Certification Courses via Streaming Video

Login to this site requires ssl communication.
Click here to reload the page over ssl.

  • Lost your password?

  • Back to login
Loading
Login to this site requires ssl communication.
Click here to reload the page over ssl.

  • Lost your password?

  • Back to login
Loading
  • Home
  • Courses
        • Amazon
          • Solutions Architect
          • SysOps Associate
        • CompTIA
          • CASP+
          • Cloud Essentials
          • CySA+
          • Data+
          • Linux+
          • Network+
          • PenTest+
          • Project+
          • Security+
        • Juniper
          • JNCIA-Junos
          • JNCIA-SEC
          • JNCIS-ENT
          • JNCIS-SEC
        • Wireshark
          • WCNA
        • Career
          • How to Break into IT
          • IT Freelancing
          • Ace Your IT Exams
        • DevOps
          • DevOps Foundations
          • Docker Basics
        • Linux
          • CompTIA Linux+
          • Linux LPI Essentials
          • Linux LPIC-1
          • Linux LPIC-2
          • Linux LPIC-3 Security
          • Red Hat RHCSA
        • TCP-IP
          • IP Subnetting
          • IPv6 Associate
          • IPv6 Professional
          • IPv6 Expert
        • Python
          • PCEP
          • PCAP
        • Cisco
          • CCNA Primer
          • CCNA Exam Coaching
          • CCNA
          • CCNA CyberOps
          • DevNet Associate
          • CCNP – ENARSI
          • CCNP ENCOR Primer
          • CCNP – ENCOR
          • CCST – Networking
        • Google
          • Cloud Architect
        • Microsoft
          • Microsoft SQL Server
          • Windows 10
          • Windows Server 2016
          • Microsoft Security
          • Azure Fundamentals
          • Azure Administrator
          • Azure Developer
        • ITIL
          • ITIL Foundations
        • Coding Academy
          • PhP Fundamentals
          • MySQL Fundamentals
          • Web Development
          • Python For Beginners
        • EC Council
          • Certified Ethical Hacker
        • ISC2
          • SSCP
        • VMware
          • VCA Data Center
        • Wireless
          • CWNA
          • CWSP
  • Racks
    • GNS3 VM – Virtual Cisco Rack
    • Live Cisco Racks
  • Tour
  • Blog
  • Join
  • Join
  • Free IT Training
    • Free CCNA Study and Lab Guide
    • CCNA Security Study and Lab Guide
    • CompTIA Network+ Study Guide
    • CompTIA Security+ Study Guide
    • Network Design Workbook
    • Free IT Webinars
    • Free IT Exams
    • Free Labs
  • Meet the Trainers
  • Help
    • Helpdesk
    • FAQ
    • Contact Us
    • Privacy
    • Meet the Trainers
  • Products
    • IT Study Guides
  • Start $1 Trial
  • Login
  • Members
    • Account
    • Exam Coaching
    • Exams
    • Forum
    • Live Cisco Rack Training
    • Members Training
    • Member Bonuses
    • My Courses
    • Nuggets
  • Home
  • Courses
        • Amazon
          • Solutions Architect
          • SysOps Associate
        • CompTIA
          • CASP+
          • Cloud Essentials
          • CySA+
          • Data+
          • Linux+
          • Network+
          • PenTest+
          • Project+
          • Security+
        • Juniper
          • JNCIA-Junos
          • JNCIA-SEC
          • JNCIS-ENT
          • JNCIS-SEC
        • Wireshark
          • WCNA
        • Career
          • How to Break into IT
          • IT Freelancing
          • Ace Your IT Exams
        • DevOps
          • DevOps Foundations
          • Docker Basics
        • Linux
          • CompTIA Linux+
          • Linux LPI Essentials
          • Linux LPIC-1
          • Linux LPIC-2
          • Linux LPIC-3 Security
          • Red Hat RHCSA
        • TCP-IP
          • IP Subnetting
          • IPv6 Associate
          • IPv6 Professional
          • IPv6 Expert
        • Python
          • PCEP
          • PCAP
        • Cisco
          • CCNA Primer
          • CCNA Exam Coaching
          • CCNA
          • CCNA CyberOps
          • DevNet Associate
          • CCNP – ENARSI
          • CCNP ENCOR Primer
          • CCNP – ENCOR
          • CCST – Networking
        • Google
          • Cloud Architect
        • Microsoft
          • Microsoft SQL Server
          • Windows 10
          • Windows Server 2016
          • Microsoft Security
          • Azure Fundamentals
          • Azure Administrator
          • Azure Developer
        • ITIL
          • ITIL Foundations
        • Coding Academy
          • PhP Fundamentals
          • MySQL Fundamentals
          • Web Development
          • Python For Beginners
        • EC Council
          • Certified Ethical Hacker
        • ISC2
          • SSCP
        • VMware
          • VCA Data Center
        • Wireless
          • CWNA
          • CWSP
  • Racks
    • GNS3 VM – Virtual Cisco Rack
    • Live Cisco Racks
  • Tour
  • Blog
  • Join
  • Join
  • Free IT Training
    • Free CCNA Study and Lab Guide
    • CCNA Security Study and Lab Guide
    • CompTIA Network+ Study Guide
    • CompTIA Security+ Study Guide
    • Network Design Workbook
    • Free IT Webinars
    • Free IT Exams
    • Free Labs
  • Meet the Trainers
  • Help
    • Helpdesk
    • FAQ
    • Contact Us
    • Privacy
    • Meet the Trainers
  • Products
    • IT Study Guides
  • Start $1 Trial
  • Login
  • Members
    • Account
    • Exam Coaching
    • Exams
    • Forum
    • Live Cisco Rack Training
    • Members Training
    • Member Bonuses
    • My Courses
    • Nuggets

Cisco IOS Secure Copy

Lab 15 

Cisco IOS Secure Copy

Back to book index.

Lab Objective:

The objective of this lab exercise is for you to learn and understand how configure the Cisco IOS Secure Copy feature on Cisco IOS routers.

Lab Purpose:

The Secure Copy (SCP) feature relies on Secure Shell (SSH) and provides a secure and authenticated method for copying router configuration or router image files.

Lab Difficulty:

This lab has a difficulty rating of 7/10.

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 15 minutes. 

Lab Topology:

Please use the following topology to complete this lab exercise:

Lab 15 1

Lab 15 Configuration Tasks 

Task 1:

Configure the hostnames and IP addresses on R1 and R2 as illustrated in the network diagram. Configure R2 to send R1 clocking information at a rate of 512Kbps. Ping between R1 and R2 to verify your configuration and ensure that the two routers have IP connectivity. 

Task 2:

Configure R1 as an SCP server as follows:

  • Configure a domain name of net
  • Use an RSA key size of 1024
  • The SSH session should time out after 30 seconds of inactivity
  • SSH users can only attempt to log in 2 times

Task 3:

Configure a user with the name admin, a privilege level of 15 and a secret of cisco on R1. 

Task 4:

Configure Authentication and Authorization on R1 as follows:

  • Authentication for inbound connections should be performed against the local database
  • Authorization for EXEC access should be granted based on local user privileges

Task 5:

Save the running configuration of R1 to Flash memory using the file name TEST. In addition to this, configure R1 as a TFTP server so that remote users can download this file.

Task 6: 

Securely copy the file TEST from R1 to the Flash memory of R2 and verify your work. 

Lab 15 Configuration and Verification

Task 1:

Router(config)#hostname R1

R1(config)#interface serial0/0

R1(config-if)#no shutdown

R1(config-if)#ip address 10.1.1.1 255.255.255.0

R1(config-if)#end

R1#

 

Router(config)#hostname R2

R2(config)#int serial0/0

R2(config-if)#no shutdown

R2(config-if)#ip address 10.1.1.2 255.255.255.252

R2(config-if)#clock rate 512000

R2(config-if)#exit

R2(config)#exit

R2#

R2#ping 10.1.1.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

Task 2:

R1(config)#ip domain-name howtonetwork.net

R1(config)#crypto key generate rsa

The name for the keys will be: R1.howtonetwork.net

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

 

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

 

R1(config)#ip ssh time-out 30

R1(config)#ip ssh authentication-retries 2

R1(config)#ip scp server enable

R1(config)#exit

R1#

 Task 3:

R1(config)#username admin privilege 15 secret cisco

R1(config)#exit

R1#

 Task 4:

R1(config)#aaa new-model

R1(config)#aaa authentication login default local

R1(config)#aaa authorization exec default local

R1(config)#exit

R1#

Task 5:

R1#copy running-config flash:

Destination filename [r1-confg]? TEST

Erase flash: before copying? [confirm]n

Verifying checksum…  OK (0x9A6B)

2746 bytes copied in 10.681 secs (257 bytes/sec)

R1(config)#tftp-server flash:TEST

R1(config)#exit

R1#

R1#show flash:

 

System flash directory:

File  Length   Name/status

1   19615064  c2600-advsecurityk9-mz.124-15.T9.bin

2   1038     home.shtml

3   2754     sdmconfig-26xx.cfg

4   112640   home.tar

5   1505280  common.tar

6   6389760  sdm.tar

7   931840   es.tar

  8   2766     TEST

[28567284 bytes used, 4462856 available, 33030140 total]

32768K bytes of processor board System flash (Read/Write)

Task 6:

R2#copy scp: flash:

Address or name of remote host []? 10.1.1.1

Source username [R2]? admin

Source filename []? TEST

Destination filename [TEST]?

Erase flash: before copying? [confirm]n

Password:

!

Verifying checksum…  OK (0x6C6)

2766 bytes copied in 3.843 secs (720 bytes/sec)

R2#

Lab 15 Configurations

R1 Configuration

R1#show running-config

Building configuration…

 

Current configuration : 2789 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

no logging console

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

aaa session-id common

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

no ip domain lookup

ip domain name howtonetwork.net

!

multilink bundle-name authenticated

!

!

crypto pki trustpoint TP-self-signed-533650306

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-533650306

revocation-check none

rsakeypair TP-self-signed-533650306

!

!

crypto pki certificate chain TP-self-signed-533650306

certificate self-signed 01

30820238 308201A1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 35333336 35303330 36301E17 0D303230 33303130 31303335

315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3533 33363530

33303630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

A10043E2 FB10C1D1 BA18F3AD 554F081C ACA14F4C EA48E0C1 4739653D B7759EE7

8EB29881 7F391723 E2BB7EC6 54EB6F25 B4E94520 DF8DA15C 3B9E6F7C 3AA57549

80AB643F A9427071 965DD56A 2D3E60CE 775F2ED5 C9014FCD F313F3EB B5189F62

09F461BC 32E3E78F F93C8B07 0740DDA8 7B880D1B A3185787 CE621B35 3511A9D5

02030100 01A36230 60300F06 03551D13 0101FF04 05300301 01FF300D 0603551D

11040630 04820252 31301F06 03551D23 04183016 8014CD63 D2C471B7 ABA4ACF9

C2B6020D 4A895471 C7F9301D 0603551D 0E041604 14CD63D2 C471B7AB A4ACF9C2

B6020D4A 895471C7 F9300D06 092A8648 86F70D01 01040500 03818100 6BE0FD98

BEC0DCDD AA6E3059 44434A63 DECC9224 22D81B23 35A29E70 74C17E92 14001495

9E01FEA1 373EB386 9A046E56 14910BC5 05671798 869B8753 96E711EA E51B8908

130D9B62 52F21D30 02B4C8AE FBB2919E 14815B80 E1C2FB39 97FEC0C2 190CAC10

DD5CB1E3 EE8724A7 9A256D79 11855629 06428889 E237A7B9 D2808A50

quit

!

!

username admin privilege 15 secret 5 $1$qMaz$S4.GkUbxDSA4iWn7CBQuU.

archive

log config

hidekeys

!

!

!

!

ip ssh time-out 30

ip ssh authentication-retries 2

ip scp server enable

!

!

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

ip address 10.1.1.1 255.255.255.252

!

ip forward-protocol nd

!

!

ip http server

ip http secure-server

!

!

!

!

tftp-server flash:TEST

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

password cisco

!

!

end

R2 Configuration

R2#show running-config

Building configuration…

 

Current configuration : 795 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

no logging console

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!

!

!

!

!

archive

log config

hidekeys

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 172.16.1.2 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

ip address 10.1.1.2 255.255.255.252

clock rate 512000

!

ip forward-protocol nd

!

!

ip http server

ip http authentication local

no ip http secure-server

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

password cisco

login

!

!

end

content-filler

ABOUT US

This site has been created to help you make the best out of your IT career. Whether you are trying to get your first job, get promoted, or start your own IT business, we have a course for you.

MOST POPULAR

  • Account
  • Forum
  • Live Cisco Rack Training
  • Members Training
  • Member Bonuses
  • My Courses

Members

  • Account
  • Forum
  • Live Cisco Rack Training
  • Members Training
  • Member Bonuses
  • My Courses

Newsletter

Subscription Form

Secure Site

website security secure

Copyright Reality Press Ltd . / Paul Browning

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.