Basic Security Configuration on Cisco Routers (1)

It’s been a long time since I didn’t post anything, because I’ve started working on the Final Task and when I make a conversation it’s getting less and less (^_^). But this time I’m going to introduce the basics of computer networking, this time using Cisco Packet Tracer.

Previously I have discussed many configurations using Cisco Packet Tracer, such as inactive routing configurations, RIP, OSPF and so on. Well, now I will go back to the beginning, namely the security of routers and other devices. Why I go home to the beginning, because I want this post & next-follows will help those who want to reach for CCNA certification.

We personally start, first let’s create a topology such as the following image:

Basic Topology for Percobaandanlt;/p>

“data-image-description=”” data-image-meta=””aperturedanquot;:”0″,”creditdanquot;:”,”cameradanquot;:””,”captiondanquot;:”,”created_timestampdanquot;:”0″,”copyrightdanquot;:”,”focal_length”:”0″,”iso”:”0″,”shutter_speeddanquot;:”0danquot;,”titledanquot;:””” data-image-title=”1″ data-large-file=”https://komputerdwi.files.wordpress.com/2012/10/1.png?w=391″ data-medium-file=”https://komputerdwi.files.wordpress.com/2012/10/1.png?w=300″data-orig-arsip=”https://komputerdwi.files.wordpress.com/2012/10/1.png” data-orig-size=”391,199″ data-permalink=”https://komputerdwi.wordpress.com/2012/10/21/konfigurasi-keamanan-dasar-dalam-router-cisco-1/1-4/” height=”152″ loading=”lazy” sizes=”(max-width: 300px) 100vw, 300px” src=”https://komputerdwi.files.wordpress.com/2012/10/1.png?w=300&h=152″ srcset=”https://komputerdwi.files.wordpress.com/2012/10/1.png?w=300&h=152 300w,https://komputerdwi.files.wordpress.com/2012/10/1.png?w=150danamp;h=76 150w, https://komputerdwi.files.wordpress.com/2012/10/1.png 391w” title=”1″ width=”300″>Basic Topology for Experiments

Maybe someone asked, what cable is light blue? It was a rollover cable or consolecable. We can configure the connected laptop using a rollover cable on the router or private through the router.

Let’s try configuring router 0 according to laptop 0. Click laptop 0, select the Desktop tab and select Terminal. Use the default Port Configuration and click OK. Then it looks like this:

Open Hyper Terminal on PC

” data-image-description=”” data-image-meta=””aperture”:”0danquot;,”credit”:””,”camera”:”,”captiondanquot;:”,”created_timestampdanquot;:”0″,”copyrightdanquot;:”,”focal_length”:”0danquot;,”iso”:”0″,”shutter_speed”:”0″,”titledanquot;:””” data-image-title=”2″ data-large-file=”https://komputerdwi.files.wordpress.com/2012/10/21.png?w=593″ data-medium-archive=”https://komputerdwi.files.wordpress.com/2012/10/21.png?w=300″ data-orig-file=” https://komputerdwi.files.wordpress.com/2012/10/21.png” data-orig-size=”650,514″ data-permalink=”https://komputerdwi.wordpress.com/2012/10/21/konfigurasi-keamanan-dasar-pada-router-cisco-1/2-tiga/” height=”237″ loading=”lazy” sizes=” (max-width: 300px) 100vw, 300px” src=”https://komputerdwi.files.wordpress.com/2012/10/21.png?w=300&h=237″ srcset=”https://komputerdwi.files.wordpress.com/2012/10/21.png?w=300&h=237 300w, https://komputerdwi.files.wordpress.com/2012/10/21.png?w=600&h=474 600w, https://komputerdwi.files.wordpress.com/2012/10/21.png?w=150danamp;h=119 150w” title=”2″ width=”300″>Open Hyper Terminal on PC

Well, the same as when we personally determine router 0, right?

After that enter privileged user mode by typing enable and re-entering global configuration mode using typing configuration terminal. To make it easier, we first rename router 0 as “my router” using typing my router hostname.

Provide IP Address on my router’s fa0/0 interface by:

fastEthernet interface 0/0

ip address 192.168.0.1 255.255.255.0

After making sure the interface was running normally (marked using the red dot to green on my router), we were able to continue. To secure my router, there are two types of security that we will do. First, prevent just anyone from being able to access my router with a rollover cable & second, prevents just anyone from being able to access my router remotely either using events such as telnet or SSH.

To understand it, try selecting my router & go to the Physicaltab, there we will find two ports namely console and auxiliary. The console port we have used, ad interim auxiliary port serves to connect the modem using my router, so we can configure using the way the modem diling.

Physical Device View Where Port Console & Port AUX Located;/p>

“data-image-description=”” data-image-meta=””aperturedanquot;:”0″,”credit”:””,”cameradanquot;:”,”captiondanquot;:”,”created_timestamp”:”0danquot;,”copyright”:””,”focal_lengthdanquot;:”0danquot;,”isodanquot;:”0danquot;,”shutter_speed”:”0danquot;,”title”:”””””data-image-title=”three” data-large-arsip=”https://komputerdwi.files.wordpress.com/2012/10/tiga.png?w=473″ data-medium-archive=”https://komputerdwi.files.wordpress.com/2012/10/3.png?w=300″data-orig-file=”https://komputerdwi.files.wordpress.com/2012/10/3.png” data-orig-size=”473,360″ data-permalink=”https://komputerdwi.wordpress.com/2012/10/21/konfigurasi-keamanan-dasar-dalam-router-cisco-1/attachment/3/” height=”228″ loading=”lazy” sizes=”(max-width: 300px) 100vw, 300px” src=”https://komputerdwi.files.wordpress.com/2012/10/tiga.png?w=300&h=228″ srcset=”https://komputerdwi.files.wordpress.com/2012/10/3.png?w=300danamp;h=228 300w,https://komputerdwi.files.wordpress.com/2012/10/tiga.png?w=150&h=114 150w, https://komputerdwi.files.wordpress.com/2012/10/3.png 473w” title=”3″ width=”300″>Physical Device View Where Port Console and Port AUX Are Located

In this experiment we will do security in the consoleport, because this port is more likely to be misused by others. Re-enter global configuration mode & type:

What do we do using the instructions above? We will lock access to my router via the console cable using the password that is “yahud”.  We can’t enter without knowing the password.

Well, that’s how to secure a “physical” or “personal” connection. How to use remote access such as Telnet and SSH? As we can see in the topology, my router is connected using a PC via a switch.

First, we must enable the remoteconnection. Of course try to be given a password. Enable remote connection permissions by going into global configuration mode and adding the command:

Then terminal access (e.g. Telnet & SSH) can be done through the PC (of course must be given the appropriate IP Address first). Go to the PC command prompt & try to log in via Telnet using the password “holmes”. This is roughly the result:

Leave a Reply

Your email address will not be published. Required fields are marked *