Options
Sharing a Home Lab
kinell
Member Posts: 6 ■□□□□□□□□□
in CCNA & CCENT
Hi everyone,
Some classmates and I are building a basic CCNA rack lab, and we are thinking in sharing with others students (like a rental rack but cheaper and only with few users).
The first step is access to a router 2610 with nm-16a and then reverse telnet to the other devices, to prevent (un)intentional changes the basic users cant reach the enable mode of this router.
But we found 2 major issues with this project:
1° Ios deleting.
2° (un)intentional changes in hosts configurations
The first one is inevitable, the only thing we can do is persuade the users to don't delete ios
, so we are focusing in second one
We need hosts with only three basic functionalities:
a)- The user can access remotely to the hosts.
b)- The user should be able to verify connectivity using commands such as ping, tracert, etc...
c)- The user should be able to change the ip address of the interface connected to the lab.
These hosts have 2 interfaces, the second one is connected to the ISP so this NIC should be blocked someway.
That's it, the user can't access to files, settings, or anything else.
I'm using an old notebook and testing with Windows Group Policy + VNC/RDP but I haven't found a way to restrict changes only to one network interface and I feel there is a easiest way to achieve it.
Do you have any idea or some light here?
Thank you in advance!
Some classmates and I are building a basic CCNA rack lab, and we are thinking in sharing with others students (like a rental rack but cheaper and only with few users).
The first step is access to a router 2610 with nm-16a and then reverse telnet to the other devices, to prevent (un)intentional changes the basic users cant reach the enable mode of this router.
But we found 2 major issues with this project:
1° Ios deleting.
2° (un)intentional changes in hosts configurations
The first one is inevitable, the only thing we can do is persuade the users to don't delete ios
, so we are focusing in second oneWe need hosts with only three basic functionalities:
a)- The user can access remotely to the hosts.
b)- The user should be able to verify connectivity using commands such as ping, tracert, etc...
c)- The user should be able to change the ip address of the interface connected to the lab.
These hosts have 2 interfaces, the second one is connected to the ISP so this NIC should be blocked someway.
That's it, the user can't access to files, settings, or anything else.
I'm using an old notebook and testing with Windows Group Policy + VNC/RDP but I haven't found a way to restrict changes only to one network interface and I feel there is a easiest way to achieve it.
Do you have any idea or some light here?
Thank you in advance!
Comments
-
OptionsTechGuru80
Member Posts: 1,539 ■■■■■■□□□□
Research secure boot-image to prevent tampering with the ios.
Research parser views to limit commands. -
Optionstheodoxa
Member Posts: 1,340 ■■■■□□□□□□
For the hosts, you could use Virtual Machines and (after setting it up how you want), reconfigure their disks as Non-Persistent (VMware)/Immutable (VirtualBox). Alternatively, you could just back up the virtual disk files once you have it set up the way you like.R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ]