Blocking Brute-Force Logins and Adding a Banner on R1
Harden the management plane of a single IOS router by throttling brute-force login attempts and presenting a legal-warning banner. You will enable SSH-based management, configure login block-for and delay to resist password-guessing, and verify behavior from an ADMIN Linux workstation.
SSH Hardening to Version 2
Harden the management-plane SSH service on a single Cisco IOS router so only SSHv2 is permitted and session limits are tightened. The baseline lab already has working SSH. You will enforce SSH version 2, set a 60-second authentication timeout, and limit authentication retries to 2. You will also regenerate a 2048-bit RSA key (an exec-only step) and validate with show commands.
AAA Authentication with a Local User Database
Harden R1’s management plane by moving SSH login authentication and exec authorization under the IOS AAA framework using the local user database. You will start from a secure SSH-only baseline that still uses login local, enable aaa new-model, define default AAA methods that point at local, and bind VTY lines to AAA. Success is proven by authenticating from the ADMIN host over SSH and landing at the user’s privilege level.
Secure-Access Troubleshooting Capstone: SSH VTY Fix
Advanced CCNP management-plane troubleshooting on a single IOS router. You inherit a pre-broken remote-management config where SSH access is completely failing despite a hostname, domain name, and local admin user. Two independent VTY faults are seeded: the wrong transport and an incorrect login method. Your job is to diagnose with show commands, fix both issues, and validate SSH access from the ADMIN workstation.
CCNA: Console and VTY Line Hardening
Harden the console and VTY lines on a single Cisco IOS router so idle sessions close automatically and every access path requires authentication. You will configure login local on both console and VTY, set 5-minute exec timeouts, enable logging synchronous on the console, and restrict VTY to SSH. Verification uses show outputs; grading evaluates the deterministic running-config.
AAA Named Method Lists with Fallback (VTY vs Console)
Harden a single Cisco IOS router’s management plane using AAA named method lists applied per-line. Create VTY-AUTH (local then enable) to protect remote SSH access without lockout risk, and CONSOLE-AUTH (local only) to secure the console independently. Verify using show/run sections and test SSH from the ADMIN workstation.
SSH-Only Management: Disabling Telnet on R1
Harden a Cisco IOS router so remote management is allowed only via SSH. You will remove Telnet from the VTY lines, keep local authentication, and add an idle-session timeout. Verify success from a Linux ADMIN host by confirming SSH works and Telnet is refused.
CCNA: SSH Access Fundamentals on R1
Bring up secure remote management (SSH) on a single Cisco IOS router using a dedicated management LAN. You will configure the deterministic set of running-config lines that enable SSH with a local admin account, restrict VTY to SSH, and verify from a Linux workstation. RSA key generation is performed as an exec step and is not graded; the grading focuses on the presence of the configuration lines that make SSH functional and secure.
Privilege Levels for Tiered CLI Access
Harden a single IOS router’s management plane and create tiered CLI access using custom privilege levels. Build two local accounts: a full admin (level 15) and a junior operator (level 5). Elevate only specific exec commands to level 5 so the operator can run them without gaining full configuration rights. Verify behavior from a Linux admin workstation over SSH.