*******************************NTP*********************************** switch1,2(ping) enable secret cisco service password-encryption interface vlan 1 ip add 192.168.10.100 255.255.255.0 no shutdown exit ip default-gateway 192.168.10.1 ********** server1(ntp) services ntp,authuntication : on key : 1 , password : cisco ********* router,switch1,2 السويتش مفيهوش الكاليندر ntp server 192.168.10.10 ntp authentication-key 1 md5 cisco ntp upadte-calender show clock ******** server2(syslog) services syslog : on ******* router or switch service timestamps log datetime msec logging host 192.168.10.20 int g0/1 shutdown no shutdown ******************************************************************** *******************************AAA********************************** router1,2,3 (ping) power off put (HWIC-2T) power on ******** turn ospf on router 1,2,3 R1 router ospf 1 network 192.168.10.0 0.0.0.255 area 0 network 192.168.20.0 0.0.0.255 area 0 R2 router ospf 1 network 192.168.20.0 0.0.0.255 area 0 network 192.168.30.0 0.0.0.255 area 0 R3 router ospf 1 network 192.168.30.0 0.0.0.255 area 0 network 192.168.40.0 0.0.0.255 area 0 ********** server1(tacacs) services AAA service : on network conf---add 3 router, server type tacacs user setup-----add user ******* server2 (radius) services AAA service : on network conf---add 3 router, server type radius user setup-----add user ********* (aaa) router1 (privlige) tacacs-server host 192.168.10.2 tacacs-server key tacacs1 aaa new-model aaa authentication enable default group tacacs+ ****** router2 (console) tacacs-server host 192.168.10.2 tacacs-server key tacacs2 radius-server host 192.168.10.3 radius-server key radius2 username user1 secret 12345 aaa new-model aaa authentication login default group tacacs+ group radius local line console 0 login authentication default ************ router3 (ssh) tacacs-server host 192.168.10.2 tacacs-server key tacacs3 radius-server host 192.168.10.3 radius-server key radius3 username user2 secret 12345 aaa new-model aaa authentication login SSH-Login group tacacs+ group radius local ip domain-name BFCAI.com crypto key generate rsa 1024 line vty 0 4 login authentication SSH-Login transport input ssh *********** ping on router3 ssh -l admin1 192.168.40.1 ******************************************************************* *************************authentication**************************** **************************IPS************************************** router1 license boot module c1900 technology-package securityk9 ctrl+z copy running-config startup-config reload mkdir ipsdir ip ips config location ipsdir ip ips name iosips ip ips notify log (server services -- ntp,sysylog : on ) logging host 192.168.10.10 service timestamps log datatime msec ntp server 192.168.10.10 ntp update-calender ip ips signature-category category all retired true exit category ios ips basic retired false int g0/0 ip ips iosips out ip ips signature-definition signature 2004 0 status enabled true retired false exit engine event-action produce-alert event-action deny-packet-inline exit ******************************************************************** ****************************VPN************************************* router1,2 license boot module c2900 technology-package securityk9 ctrl+z write reload crypto isakmp policy 10 authentication pre-share encryption aes hash sha group 5 exit crypto isakmp key cisco12345 address 205.205.205.2 (بتاع الراوتر التاني) crypto ipsec transform-set R1-R3 esp-aes esp-sha-hmac ******** access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 ******* crypto map R1-R3-map 10 ipsec-isakmp match address 100 set peer 205.205.205.2 (بتاع الراوتر التاني) set transform-set R1-R3 exit ******* int g0/1 (الانترفيس اللي فوق) crypto map R1-R3-map ******* show crypto isakmp policy show crypto ipsec transform-set show crypto ipsec sa