The solution of the WorldSkills tasks of the Network module in the CICA competency. Part 1 - Basic Setup
The WorldSkills movement is aimed at obtaining by participants mainly practical skills in demand in the modern labor market. The competence "Network and system administration" consists of three modules: Network, Windows, Linux. Tasks vary from championship to championship, conditions of conduct change, but the structure of tasks for the most part remains unchanged.
Island Network will be the first because of its simplicity regarding the islands of Linux and Windows.
The article will cover the following tasks:
')
The network topology at the physical level is presented in the following diagram:
If the information is easier to perceive in the video format, then the entire solution of these tasks can be found in the following video:
To set the device name (hostname), you must enter the
You can even check the setting clearly - instead of the pre-installed Switch , SW1 has become:
The main task after making any settings is to save the configuration.
This can be done from the global configuration mode with the
Or from privileged mode with the
You can set the default domain name wsrvuz19.ru from the global configuration mode using the
Verification is performed with the do show hosts summary command from the global configuration mode:
It is necessary to create such a user so that he has the highest level of privileges, and the password was stored as a hash function. All these conditions are taken into account by the
Here:
The show
Model AAA - system of authentication, authorization and accounting of events. To accomplish this task, the first step is to enable the AAA model and specify that authentication will be performed using the local database:
The tasks define two types of consoles: local and remote. Remote console allows you to implement remote connections, for example, via SSH or Telnet protocols.
To complete this task, you must enter the following commands:
The
The
Exit the remote console configuration mode using the
A reliable test is a test connection via Telnet from one device to another. It should be borne in mind that for this, basic switching and ip-addressing on the selected equipment must be configured.
To solve this problem, you need to go back to setting up virtual terminal lines and set the privilege level with the command
The test will be a solution from the last sub-item - remote connection via Telnet:
After authentication, the user immediately enters the privileged mode, bypassing the unprivileged one, which means that the task was performed correctly.
The command structure in these tasks coincides with the previously solved tasks 4.a and 4.b. The
As already mentioned, the minimum privilege level is determined by the number 0. The check can be made as follows:
After authentication, the user enters unprivileged mode, as stated in the tasks.
Setting up a local console on BR1 will look like this:
Verification is carried out in the same way as in the previous paragraph:
After authentication occurs, re-enters the privileged mode.
The tasks say that the password for the privileged mode should be stored in the open format as standard, but the encryption mode of all passwords will not allow viewing the password in the clear. To set a password for entering privileged mode, use the command
You can check the settings from the current configuration view:
It can be seen that the user's password is stored in an encrypted form, and the password for entering the privileged mode is stored in clear text, as stated in the tasks.
To ensure that all passwords are stored in encrypted form, use the
The password is no longer available for viewing in clear view.
Island Network will be the first because of its simplicity regarding the islands of Linux and Windows.
The article will cover the following tasks:
')
- Set the names of ALL devices according to the topology.
- Assign a domain name for ALL devices wsrvuz19.ru
- Create a user wsrvuz19 on ALL devices with the password cisco
- The user password must be stored in the configuration as a result of the hash function.
- The user must have the highest level of privileges.
- For ALL devices, implement the AAA model.
- Authentication on a remote console should be done using a local database (except for the RTR1 and RTR2 devices)
- After successful authentication, when logging in from a remote console, the user must immediately enter the mode with the highest level of privileges.
- Configure the need for authentication on the local console.
- Upon successful authentication on the local console, the user must enter the mode with a minimum level of privileges.
- On BR1, upon successful authentication on the local console, the user must enter the mode with the highest level of privileges
- On ALL devices, set a wsr password to enter privileged mode.
- The password should not be stored in the configuration as a result of the hash function.
- Set the mode in which all passwords in the configuration are stored in an encrypted form.
The network topology at the physical level is presented in the following diagram:
If the information is easier to perceive in the video format, then the entire solution of these tasks can be found in the following video:
1. Set the names of ALL devices according to the topology.
To set the device name (hostname), you must enter the
hostname SW1 command from the global configuration mode, where instead of SW1 you need to write the equipment name given in the tasks.You can even check the setting clearly - instead of the pre-installed Switch , SW1 has become:
Switch(config)# hostname SW1 SW1(config)# The main task after making any settings is to save the configuration.
This can be done from the global configuration mode with the
do write command: SW1(config)# do write Building configuration... Compressed configuration from 2142 bytes to 1161 bytes[OK] Or from privileged mode with the
write command: SW1# write Building configuration... Compressed configuration from 2142 bytes to 1161 bytes[OK] 2. Assign a domain name for ALL devices wsrvuz19.ru
You can set the default domain name wsrvuz19.ru from the global configuration mode using the
ip domain-name wsrvuz19.ru .Verification is performed with the do show hosts summary command from the global configuration mode:
SW1(config)# ip domain-name wsrvuz19.ru SW1(config)# do show hosts summary Name lookup view: Global Default domain is wsrvuz19.ru ... 3. Create a user wsrvuz19 on ALL devices with the password cisco
It is necessary to create such a user so that he has the highest level of privileges, and the password was stored as a hash function. All these conditions are taken into account by the
username wsrvuz19 privilege 15 secret cisco command username wsrvuz19 privilege 15 secret cisco .Here:
username wsrvuz19 - username;privilege 15 - graft level (0 - minimum level, 15 - maximum level);secret cisco - password storage in the form of MD5 hash function.The show
running-config command allows you to check the current configuration settings, where you can find the line with the added user and make sure that the password is stored in encrypted form: SW1(config)# username wsrvuz19 privilege 15 secret cisco SW1(config)# do show running-config ... username wsrvuz19 privilege 15 secret 5 $1$EFRK$RNvRqTPt5wbB9sCjlBaf4. ... 4. For ALL devices, implement model AAA
Model AAA - system of authentication, authorization and accounting of events. To accomplish this task, the first step is to enable the AAA model and specify that authentication will be performed using the local database:
SW1(config)# aaa new-model SW1(config)# aaa authentication login default local a. Authentication on a remote console should be done using a local database (except for the RTR1 and RTR2 devices)
The tasks define two types of consoles: local and remote. Remote console allows you to implement remote connections, for example, via SSH or Telnet protocols.
To complete this task, you must enter the following commands:
SW1(config)# line vty 0 4 SW1(config-line)# login authentication default SW1(config-line)# exit SW1(config)# The
line vty 0 4 command line vty 0 4 to the configuration of the virtual terminal lines from 0 to 4.The
login authentication default command enables the login authentication default mode on the virtual console, and the default mode was set in the last task with the aaa authentication login default local command.Exit the remote console configuration mode using the
exit .A reliable test is a test connection via Telnet from one device to another. It should be borne in mind that for this, basic switching and ip-addressing on the selected equipment must be configured.
SW3#telnet 2001:100::10 User Access Verification Username: wsrvuz19 Password: SW1> b. After successful authentication at the entrance from a remote console, the user must immediately enter the mode with the highest level of privileges
To solve this problem, you need to go back to setting up virtual terminal lines and set the privilege level with the command
privilege level 15 , where 15 is the maximum level again and 0 is the minimum level of privileges: SW1(config)# line vty 0 4 SW1(config-line)# privilege level 15 SW1(config-line)# exit SW1(config)# The test will be a solution from the last sub-item - remote connection via Telnet:
SW3#telnet 2001:100::10 User Access Verification Username: wsrvuz19 Password: SW1# After authentication, the user immediately enters the privileged mode, bypassing the unprivileged one, which means that the task was performed correctly.
cd Configure the need for a local console and, if authentication is successful, the user must enter the mode with a minimum level of privileges.
The command structure in these tasks coincides with the previously solved tasks 4.a and 4.b. The
line vty 0 4 command is replaced with console 0 : SW1(config)# line console 0 SW1(config-line)# login authentication default SW1(config-line)# privilege level 0 SW1(config-line)# exit SW1(config)# As already mentioned, the minimum privilege level is determined by the number 0. The check can be made as follows:
SW1# exit User Access Verification Username: wsrvuz19 Password: SW1> After authentication, the user enters unprivileged mode, as stated in the tasks.
e. On BR1, upon successful authentication on the local console, the user must enter the mode with the highest level of privileges
Setting up a local console on BR1 will look like this:
BR1(config)# line console 0 BR1(config-line)# login authentication default BR1(config-line)# privilege level 15 BR1(config-line)# exit BR1(config)# Verification is carried out in the same way as in the previous paragraph:
BR1# exit User Access Verification Username: wsrvuz19 Password: BR1# After authentication occurs, re-enters the privileged mode.
5. On ALL devices, set the wsr password to enter privileged mode
The tasks say that the password for the privileged mode should be stored in the open format as standard, but the encryption mode of all passwords will not allow viewing the password in the clear. To set a password for entering privileged mode, use the command
enable password wsr . Using the password keyword, the type in which the password will be stored is determined. If the password must be encrypted when creating a user, the keyword was the word secret , and password used to store it in an open form.You can check the settings from the current configuration view:
SW1(config)# enable password wsr SW1(config)# do show running-config ... enable password wsr ! username wsrvuz19 privilege 15 secret 5 $1$5I66$TB48YmLoCk9be4jSAH85O0 ... It can be seen that the user's password is stored in an encrypted form, and the password for entering the privileged mode is stored in clear text, as stated in the tasks.
To ensure that all passwords are stored in encrypted form, use the
service password-encryption command. Viewing the current configuration will now look like this: SW1(config)# do show running-config ... enable password 7 03134819 ! username wsrvuz19 privilege 15 secret 5 $1$5I66$TB48YmLoCk9be4jSAH85O0 ... The password is no longer available for viewing in clear view.
Source: https://habr.com/ru/post/457286/
All Articles