Packet Tracer Lab Securing Router Admin Access

Posted by: admin  :  Category: CCNA, Lab Scenarios, Packet Tracer, Security

Security Lab1


The router is a key component that controls the movement of data into and out of the network and between devices within the network. It is particularly important to protect network routers because the failure of a routing device could make sections of the network or the entire network inaccessible. Controlling access to routers and enabling reporting on routers are critical to network security and should be part of a comprehensive security policy.

In this lab, you build a multi-router network and configure the routers and hosts. You use CLI to secure local and remote access to the routers, analyze potential vulnerabilities, and take steps to mitigate them. You also enable management reporting to monitor router configuration changes.

The router commands and output in this lab are from Cisco 2901s using Cisco IOS software, release 15.1(4)MS (advanced IP image). Other routers and Cisco IOS versions can be used. See the Router Interface Summary table at the end of the lab to determine which interface identifiers to use based on the equipment in the lab. Depending on the model of the router, the commands available and output produced may vary from what is shown in this lab.

IP Addressing Table:


Device Interface IP Address Subnet-Mask Gatway
R1 Gig0/0 N/A
S0/0/0 N/A
R2 Gig0/0 N/A
S0/0/0 N/A
S0/0/1 N/A
R3 Gig0/0 N/A
S0/0/1 N/A


Lab Objectives:

Part 1: Basic Network Device Configuration

  • Configure basic IP addressing for routers and PCs.
  • Configure static routing, including default routes.
  • Verify connectivity between hosts and routers.

Part 2: Control Administrative Access for Routers

  • Configure and encrypt all passwords.
  • Configure a login warning banner.
  • Configure enhanced username password security.
  • Configure enhanced virtual login security.
  • Configure an SSH server on a router.
  • Configure an SSH client and verify connectivity.

Part 3: Configure Cisco IOS Resilience and Management Reporting

  • Secure the Cisco IOS image and configuration files.
  • Configure a router as a synchronized time source for other devices using NTP.
  • Configure Syslog support on a router.
  • Install a Syslog server on a PC and enable it.
  • Configure trap reporting on a router using SNMP.
  • Make changes to the router and monitor syslog results on the PC.

Part 4: Configuring global access with Tacacs+.

  • Configure the Tacacs+ server.
  • Enable Tacacs+ on R1 and R3.
  • Verify Configuration.

Search for Additional Labs:

  Secure Router Admin Access (5,567 hits)

  Packet Tracer 6.1.1 (165.8 MiB, 221 hits)
You do not have permission to download this file.

If you have found this lab helpful please help us keep this site running.


 Also check out these other assume training resources:


One Response to “Packet Tracer Lab Securing Router Admin Access”

  1. Wobee Says:

    Very good

Leave a Reply

What is 7 + 12 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

* Site Meter