Chap 5 â Internet : Virtual Private Network (VPN). setup and ... #snmp-server enable host 192.168.1.1 ver ? #snmp-serv
PUSAT PENGAJIAN DIPLOMA UNIVERSITI TUN HUSSEIN ONN MALAYSIA
DAT21203 BASIC NETWORKS YEAR / PROGRAM: DEPARTMENT
2/DAT SEM JABATAN TEKNOLOGI MAKLUMAT
LAB NO./DESCRIPTIONS
LAB 7:
II Rev No.
Chap 7 – Adv Network SNMP Configuring
Rev 1 / 2013
Chap 5 – Internet : Virtual Private Network (VPN) setup and Capturing Packet
EQUIPMENTS AND PROCEDURE
WILL BE PROVIDED
INSTRUCTOR
1. LECTURER 2. TECHNICIAN
INSTRUCTION
1. GROUP WORK OF THREE (5) STUDENTS 2. REPORT SUMMISION DUE IS ONE WEEK AFTER THE LAB EXERCISE 3. USE PROVIDED REPORT FRONT PAGE ONLY
1
Objectives (a) SNMP Configuring (b) Virtual Private Network (VPN) setup (c) Capturing Packet
Part A: SNMP configuration
Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks". Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.
Configuration commands
community contact enable ...trap location trap host
Example #snmp-server ? #snmp-server community cisco ro #snmp-server community uthm rw
// community string read only // community string read write
#snmp-server location Campus Bandar IT department // location #snmp-server contact
[email protected]
//contact persen email
#snmp-server enable trap ? //choose the trap to be enable option 1 #snmp-server enable trap
//enable all traps 2
option 2 #snmp-server enable trap ? // list trap to enable choose authentication >> acl #snmp-server enable host 192.168.1.1 ver ? #snmp-server enable host 192.168.1.1 ver 2c #snmp-server enable host 192.168.1.1 ver 2c cisco //version and string # exit # show run | ? # show run | begin snmp
# show snmp // to view sys log
EXERCISE (a) Create a LAN below;
(b) (c) (d) (e)
Interconnect them Configure the IP and netmasks Test the connections Configure SNMP (not available on certain packet Tracer) 3
Part B: Virtual Private Network (VPN) setup
Virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions. A virtual private network connection across the Internet is similar to a wide area network (WAN) link between sites. From a user perspective, the extended network resources are accessed in the same way as resources available within the private network. VPNs allow employees to securely access their company's intranet while traveling outside the office. Similarly, VPNs securely connect geographically disparate offices of an organization, creating one cohesive network. VPN technology is also used by Internet users to connect to proxy servers for the purpose of protecting personal identity and location.
Example
Configurations VPN configurations steps - ipsec (not available on certain packet Tracer) 1. Phase 1 - isakmp tunnel 2. Phase 2 - ipsec tunnel 3. access list trafics 4. create crypto and apply to the interface 5. optional- create unencryted trafic 4
Command example --(1)-PHASE 1 (config)#crypto isakmp policy 1 (config-isakmp)#authentication pre-share (config-isakmp)#hash ? //md5 or sha ..must be equal
(config-isakmp)#encryption aes ? (config-isakmp)#encryption aes 128 (config-isakmp)#group 2 (config-isakmp)#lifetime 86400 (config-isakmp)#exit (config)#crypto isakmp key cisco address 172.16.1.2 // host B router from A to B or B to A =172.16.1.1
--(2)-PHASE 2
(config)#crypto ipsec transform-set myset ?
//name myset
(config)#crypto ipsec transform-set myset esp-aes esp-sha (cfg-crypto-trans)#exit
--(3)-(config)#access-list 101 permit ip
5
192.168.1.0 0.0.0.255 10.0.1.0 0.0.0.255 //source to dest the other router should riverse (config)#crypto map router_A_to_router_B 10 (config)#ipsec-isakmp
//map name,
policy and ipsec-isakamp (config -crypto-map)#set peer 172.16.1.2 //router B address (config-crypto-map)#match address 101 (config-crypto-map)#set transform-set myset (config-crypto-map)#exit
--(4)--
(config)# int s1/0
//apply to serial
interface (config-if)#crypto map router_A_to_router_B //apply the crypto map ==now its ON === #show run // to see the settings
DO THE SAME ON THE OTHER ROUTER
# show cryto session
6
EXERCISE 1. Create a remotely separated LANs of a company; the HQ and for the branch like in the exercise example. Use class A and for HQ and B for the branch private IP address. Each LAN should have a PC and server. 2. Interconnect all the devices and assign their IPs 3. Configure the router for the VPN services; used double ipsec crypto; esp-aes esp-sha 4. Test the VPN services by sending ping ICMP commands
7
Part C: Capturing Packet
Packet to be capture: o http o telnet www pages- sample of wireshark capture ; http://wiki.wireshark.org/SampleCaptures#Captures_used_in_Wireshark_testing Figure show an example of http packet capture
To capture; a) b) c) d) e) f)
Click capture menu Choose interface to capture Open browser Click start Keyin the http address in the browser Observe the captured data in the wireshark
8
EXERCISE 1. Connects your computer to the internet networks and capture the following frames/packets; (a) http (b) telnet (c) udp (d) tcp 2. Examine the result and explain what you have captured
9
