Cisco Router Configuration for Secure Network Connectivity

Posted on May 6, 2024 in Technology

Router R1 Configuration

Basic Configuration

no ip domain lookup
hostname R1
enable secret ciscoenpass
line console 0
password ciscoconpass
login
exit
security passwords min-length 10
service password-encryption
banner motd #Unauthorized Access is Prohibited#

Interface Configuration

interface GigabitEthernet0/0/0
description Connection to R2
ip address 198.51.100.1 255.255.255.252
no shutdown
interface GigabitEthernet0/0/1
description Connection to S2
ip address 192.168.1.1 255.255.255.0
no shutdown
interface GigabitEthernet0/0/2
description Connection to S1
ip address 64.100.1.1 255.255.255.248
no shutdown

Domain Name and User Authentication

ip domain name ccna-lab.com
username admin secret admin1pass

Secure Remote Access

line vty 0 15
login local
transport input ssh
exit
crypto key generate rsa
1024
ip ssh version 2

OSPF Routing

router ospf 1
router-id 0.0.0.1
network 64.100.1.0 0.0.0.7 area 0
network 198.51.100.0 0.0.0.3 area 0
passive-interface GigabitEthernet0/0/1
passive-interface GigabitEthernet0/0/2
auto-cost reference-bandwidth 1000
exit
interface GigabitEthernet0/0/0
ip ospf network point-to-point
ip ospf hello-interval 30

NAT Configuration

ip nat inside source static 192.168.1.5 64.100.1.7
interface GigabitEthernet0/0/0
ip nat outside
interface GigabitEthernet0/0/1
ip nat inside

VTY Access Control

ip access-list standard R1-VTY-LIMIT
permit host 192.168.1.5
line vty 0 15
access-class R1-VTY-LIMIT in

Router R2 Configuration

Basic Configuration

no ip domain lookup
hostname R2
enable secret ciscoenpass
line console 0
password ciscoconpass
login
exit
security passwords min-length 10
service password-encryption
banner motd #Unauthorized Access is Prohibited#

Interface Configuration

interface GigabitEthernet0/0/0
description Connection to R1
ip address 198.51.100.2 255.255.255.252
no shutdown
interface GigabitEthernet0/0/1
description Connection to S4
ip address 172.16.2.1 255.255.255.0
no shutdown
interface GigabitEthernet0/0/2
description Connection to S3
ip address 209.165.202.129 255.255.255.224
no shutdown

Domain Name and User Authentication

ip domain name ccna-lab.com
username admin secret admin1pass

Secure Remote Access

line vty 0 15
login local
transport input ssh
exit
crypto key generate rsa
1024
ip ssh version 2

OSPF Routing

router ospf 1
router-id 0.0.0.2
network 209.165.202.128 0.0.0.31 area 0
network 198.51.100.0 0.0.0.3 area 0
passive-interface GigabitEthernet0/0/1
passive-interface GigabitEthernet0/0/2
auto-cost reference-bandwidth 1000
exit
interface GigabitEthernet0/0/0
ip ospf network point-to-point
ip ospf hello-interval 30

NAT Configuration

ip nat pool IPNAT1 209.165.202.140 209.165.202.150 netmask 255.255.255.224
ip nat inside source list 1 pool IPNAT1 overload
access-list 1 permit 172.16.2.0 0.0.0.15
interface GigabitEthernet0/0/1
ip nat inside

VTY Access Control

ip access-list standard R2-VTY-LIMIT
permit host 172.16.2.5
line vty 0 15
access-class R2-VTY-LIMIT in
exit

Security Access Control List

ip access-list extended R2-SECURITY
permit tcp host 64.100.1.7 host 209.165.202.131 eq ftp
deny tcp any any eq ftp
deny tcp any any eq 22
permit ip any any
interface GigabitEthernet0/0/0
ip access-group R2-SECURITY in
ip nat outside

Switch S1 Configuration

Basic Configuration

hostname S1

Interface Configuration

interface Vlan1
ip address 64.100.1.2 255.255.255.248
no shutdown
ip default-gateway 64.100.1.1

VTY Access Control

ip access-list standard S1-VTY-LIMIT
permit host 192.168.1.5
line vty 0 15
access-class S1-VTY-LIMIT in
exit

Switch S2 Configuration

Basic Configuration

hostname S2

Interface Configuration

interface Vlan1
ip address 192.168.1.2 255.255.255.0
no shutdown
ip default-gateway 192.168.1.1

Switch S3 Configuration

Basic Configuration

hostname S3

Interface Configuration

interface Vlan1
ip address 209.165.202.130 255.255.255.224
no shutdown
ip default-gateway 209.165.202.129

VTY Access Control

ip access-list standard S3-VTY-LIMIT
permit host 172.16.2.5
line vty 0 15
access-class S3-VTY-LIMIT in

Switch S4 Configuration

Basic Configuration

hostname S4

Interface Configuration

interface Vlan1
ip address 172.16.2.2 255.255.255.0
no shutdown
ip default-gateway 172.16.2.1