2 SESION

CONFIGURACIÓN INICIAL CONFIGURACION ROUTER ABRIR ADMINISTADOR enable CONFIGURAR MODO GLOBAL conf t CAMBIAR NOMBRE HABILITAN TELNET (0,1,2,3,4, ACCEDEN DE MODO REMOTO) hostname R-PIU-CHI enable secret class // CONTRASEÑA MODO PRIVILIEGEADA line vty 0 4 pass cisco login line console 0 pass cisco login MENSAJE DE BIENVENIDA Banner motd %BIENVENIDOS AL ROUTER PIURA-CHICLAYO% ENCRIPTAR CONTRASEÑAS Service password-encryption LINE CONSOLE: CONFIGURACIÓN DESDE PC CON PROGRAMA PUTTY GUARDAR CONTRASEÑA do copy running-config startup-config copy running-config startup-config CONFIGURAR ROUTER CON LOS GATEWAY PARA CONEXIÓN DE PC´S EN AMBAS REDES interface g0/0 ip add 172.16.0.5 255.255.224.0 no shut int g0/1 ip add 172.16.32.5 255.255.224.0 no shut int s0/0/0 ip add 172.16.122.1 255.255.255.252 no shut CONFIGURACION SWITCH PARA TELNET enable conf t hostname SW-PIURA enable secret class line vty 0 15 pass cisco login line console 0 pass cisco login Banner motd %BIENVENIDOS AL SWITCH PIURA% Service password-encryption do copy running-config startup-config ASIGNAR IP EN SWITCH ES EN VLAN Interface vlan 1 Ip add 172.16.0.10 255.255.224.0 no shut CONFIGURACION ROUTER PARA SSH enable conf t ip domain-name UCV.com username admin privilege 15 secret adminssh username mhurtadoc privilege 15 secret 12345678 line vty 0 4 transport input ssh login local exit crypto key generate rsa (512/1024) EJECUTAR SSH DESDE PC TERMINAL ---------- ssh -l admin 172.16.0.5 EJECUTAR TELNET DESDE PC TERMINAL telnet 172.16.0.5 (ip de router asignado en uta estatica) TELNET (SWITCH) 1.CONECTIVIDAD 2. IP DE ADMINISTRACION 3. CONTRASEÑAS A. VTY B. CONSOLA C. ENABLE SECRET RIP router rip ver 2 network 15.15.32.0 network 15.15.40.0 network 15.15.80.6 network 15.15.80.10 network 15.15.80.0 no auto-summary GG router rip ver 2 network 172.16.64.0 network 172.16.80.0 network 172.16.122.0 no auto-summary vlans router rip ver 2 network 172.16.96.0 network 172.16.104.0 network 172.16.112.0 network 172.16.120.0 network 172.16.122.6 no auto-summary CREAR VLAN vlan 10 name Lima vlan 20 name Arequipa vlan 30 name Cuzco vlan 99 name administrativa PARA VER LOS VLAN show vlan brief ASIGNAR VLAN EN RANGOS DE PUERTOS. interface range f0/1 - 8 switchport mode Access sw acces vlan 10 interface range f0/9 - 16 sw mode access sw acces vlan 20 interface range f0/17 - 24 sw mode access sw acces vlan 30 CONECTAR ENLACE TRONCAL SWITCHS: interface range g0/1 - 2 sw mode trunk CONFIGURACIÓN DE ROUTER interface g0/1.10 encapsulation dot1Q 10 ip address 11.11.96.5 255.255.248.0 interface g0/1.20 encapsulation dot1Q 20 ip address 172.16.104.5 255.255.248.0 interface g0/1.30 encapsulation dot1Q 30 ip address 172.16.112.5 255.255.248.0 interface g0/1.99 encapsulation dot1Q 99 ip address 172.16.120.5 255.255.254.0 CONFIGURAR VLAN 2º PISO ADMINISTRATIVA interface vlan 30 ip address 15.15.72.10 255.255.248.0 no shutdown CONFIGURAR VLAN 1º PISO ADMINISTRATIVA interface vlan 99 ip address 172.16.120.11 255.255.254.0 no shutdown DHCP PIURA Exclusion de ip Ip dhcp excluded-address 172.16.0.5 Ip dhcp excluded-address 172.16.0.10 Ip dhcp excluded-address 172.16.0.6 Crear pool de direcciones DHCP Ip dhcp pool R_PIURA network 172.16.0.0 255.255.224.0 default-router 172.16.0.5 dns-server 172.16.0.6 CHICLAYO Ip dhcp excluded-address 172.16.32.5 Ip dhcp excluded-address 172.16.32.10 Ip dhcp excluded-address 172.16.32.6 Crear pool de direcciones DHCP Ip dhcp pool R_PIURA network 172.16.32.0 255.255.224.0 default-router 172.16.32.5 dns-server 172.16.32.6 TRUILLO do copy running-config startup-config Ip dhcp excluded-address 172.16.64.5 Ip dhcp excluded-address 172.16.64.10 Ip dhcp excluded-address 172.16.64.6 Ip dhcp pool R_TRUJILLO network 172.16.64.0 255.255.240.0 default-router 172.16.64.5 dns-server 172.16.64.6 Chimbote Ip dhcp excluded-address 172.16.80.5 Ip dhcp excluded-address 172.16.80.10 Ip dhcp excluded-address 172.16.80.6 Ip dhcp pool R_CHIMBOTE network 172.16.80.0 255.255.240.0 default-router 172.16.80.5 dns-server 172.16.80.6 Lima Ip dhcp excluded-address 172.16.96.5 Ip dhcp excluded-address 172.16.96.10 Ip dhcp excluded-address 172.16.96.6 Ip dhcp pool R_LIMA network 172.16.96.0 255.255.248.0 default-router 172.16.96.5 dns-server 172.16.96.6 Arequipa Ip dhcp excluded-address 172.16.104.5 Ip dhcp excluded-address 172.16.104.10 Ip dhcp excluded-address 172.16.104.6 Ip dhcp pool R_arequipa network 172.16.104.0 255.255.248.0 default-router 172.16.104.5 dns-server 172.16.104.6 cuzco Ip dhcp excluded-address 172.16.112.5 Ip dhcp excluded-address 172.16.112.10 Ip dhcp excluded-address 172.16.112.6 Ip dhcp pool R_CHIMBOTE network 172.16.112.0 255.255.248.0 default-router 172.16.112.5 dns-server 172.16.112.6 R_VLANS(config)#router rip R_VLANS(config-router)#ver 2 R_VLANS(config-router)#net 172.16.96.0 R_VLANS(config-router)#net 172.16.104.0 R_VLANS(config-router)#net 172.16.112.0 R_VLANS(config-router)#net 172.16.120.0 R_VLANS(config-router)#net 172.16.122.0 R_VLANS(config-router)#no auto-summary SEGURIDAD DE PUERTOS EN SWITCH Únicamente se realiza en el switch para restringir nuevos usuarios (pc, laptop, u otro equipo) Para bloquear por rangos: int range f0/1 - 5 MAC ESTATICA int f0/3 shutdown switchport mode access switchport port-security switchport port-security mac-address 0003.E401.1C04 switchport port-security violation shutdown no shut end 0001.960E.7396 00D0.5866.40EE BLOQUEAR POR PUERTOS: EL MAXIMUS 1 O VARIOS REGISTRA LOS QUE SI ESTAN AUTORIZADOS PARA PODER ENVIAR PAQUETES, DIFERENCIA ES QUE NO APAGA EL PUERTO. int range f0/1 - 24 shutdown switchport mode access sw port-security sw port-security maximum 2 sw port-security mac-address sticky switchport port-security violation restrict no shutdown CONECTIVIDAD DE ENRUTAMIENTO ESTATICO siguiente salto do copy running-config startup-config DESACTIVAR IP ROUTE no router rip PIURA CHICLAYO IP ROUTE 172.16.64.0 255.255.240.0 172.16.122.2 IP ROUTE 172.16.80.0 255.255.240.0 172.16.122.2 IP ROUTE 172.16.122.4 255.255.255.252 172.16.122.2 IP ROUTE 172.16.96.0 255.255.248.0 172.16.122.2 IP ROUTE 172.16.104.0 255.255.248.0 172.16.122.2 IP ROUTE 172.16.112.0 255.255.248.0 172.16.122.2 IP ROUTE 172.16.120.0 255.255.254.0 172.16.122.2 no IP ROUTE 172.16.64.0 255.255.240.0 172.16.122.2 no IP ROUTE 172.16.80.0 255.255.240.0 172.16.122.2 no IP ROUTE 172.16.122.4 255.255.255.252 172.16.122.2 no IP ROUTE 172.16.96.0 255.255.248.0 172.16.122.2 no IP ROUTE 172.16.104.0 255.255.248.0 172.16.122.2 no IP ROUTE 172.16.112.0 255.255.248.0 172.16.122.2 NO IP ROUTE 172.16.120.0 255.255.254.0 172.16.122.2 TRUJILLO CHIMBOTE IP ROUTE 172.16.0.0 255.255.224.0 172.16.122.1 IP ROUTE 172.16.32.0 255.255.224.0 172.16.122.1 IP ROUTE 172.16.96.0 255.255.248.0 172.16.122.6 IP ROUTE 172.16.104.0 255.255.248.0 172.16.122.6 IP ROUTE 172.16.112.0 255.255.248.0 172.16.122.6 IP ROUTE 172.16.120.0 255.255.254.0 172.16.122.6 no IP ROUTE 172.16.0.0 255.255.224.0 172.16.122.1 no IP ROUTE 172.16.32.0 255.255.224.0 172.16.122.1 no IP ROUTE 172.16.96.0 255.255.248.0 172.16.122.6 no IP ROUTE 172.16.104.0 255.255.248.0 172.16.122.6 no IP ROUTE 172.16.112.0 255.255.248.0 172.16.122.6 no IP ROUTE 172.16.120.0 255.255.254.0 172.16.122.6 ROUTER VLANS IP ROUTE 172.16.0.0 255.255.224.0 172.16.122.6 IP ROUTE 172.16.32.0 255.255.224.0 172.16.122.6 IP ROUTE 172.16.122.0 255.255.255.252 172.16.122.6 IP ROUTE 172.16.64.0 255.255.240.0 172.16.122.6 IP ROUTE 172.16.80.0 255.255.240.0 172.16.122.6 IP ROUTE 172.16.0.0 255.255.224.0 s0/0/0 IP ROUTE 172.16.32.0 255.255.224.0 s0/0/0 IP ROUTE 172.16.96.0 255.255.248.0 s0/0/1 IP ROUTE 172.16.104.0 255.255.248.0 s0/0/1 IP ROUTE 172.16.112.0 255.255.248.0 s0/0/1 IP ROUTE 172.16.120.0 255.255.254.0 s0/0/1 CONETIVIDAD POR SERIAL ip route conectado directamente PIURA CHICLAYO IP ROUTE 172.16.64.0 255.255.240.0 s0/0/0 IP ROUTE 172.16.80.0 255.255.240.0 s0/0/0 IP ROUTE 172.16.122.4 255.255.255.252 s0/0/0 IP ROUTE 172.16.96.0 255.255.248.0 s0/0/0 IP ROUTE 172.16.104.0 255.255.248.0 s0/0/0 IP ROUTE 172.16.112.0 255.255.248.0 s0/0/0 IP ROUTE 172.16.120.0 255.255.254.0 s0/0/0 NO NO IP ROUTE 172.16.64.0 255.255.240.0 s0/0/0 NO IP ROUTE 172.16.80.0 255.255.240.0 s0/0/0 NO IP ROUTE 172.16.122.4 255.255.255.252 s0/0/0 NO IP ROUTE 172.16.96.0 255.255.248.0 s0/0/0 NO IP ROUTE 172.16.104.0 255.255.248.0 s0/0/0 NO IP ROUTE 172.16.112.0 255.255.248.0 s0/0/0 NO IP ROUTE 172.16.120.0 255.255.254.0 s0/0/0 TRUJILLO CHIMBOTE IP ROUTE 172.16.0.0 255.255.224.0 s0/0/0 IP ROUTE 172.16.32.0 255.255.224.0 s0/0/0 ip route 172.16.96.0 255.255.248.0 s0/0/1 ip route 172.16.104.0 255.255.248.0 s0/0/1 ip route 172.16.112.0 255.255.248.0 s0/0/1 ip route 172.16.120.0 255.255.254.0 s0/0/1 NO NO IP ROUTE 172.16.0.0 255.255.224.0 s0/0/0 NO IP ROUTE 172.16.32.0 255.255.224.0 s0/0/0 NO ip route 172.16.96.0 255.255.248.0 s0/0/1 NO ip route 172.16.104.0 255.255.248.0 s0/0/1 NO ip route 172.16.112.0 255.255.248.0 s0/0/1 NO ip route 172.16.120.0 255.255.254.0 s0/0/1 VLANS IP ROUTE 172.16.0.0 255.255.224.0 s0/0/0 IP ROUTE 172.16.32.0 255.255.224.0 s0/0/0 IP ROUTE 172.16.64.0 255.255.240.0 s0/0/0 IP ROUTE 172.16.80.0 255.255.240.0 s0/0/0 IP ROUTE 172.16.122.4 255.255.255.252 s0/0/0 NO NO IP ROUTE 172.16.0.0 255.255.224.0 s0/0/0 NO IP ROUTE 172.16.32.0 255.255.224.0 s0/0/0 NO IP ROUTE 172.16.64.0 255.255.240.0 s0/0/0 NO IP ROUTE 172.16.80.0 255.255.240.0 s0/0/0 NO IP ROUTE 172.16.122.4 255.255.255.252 s0/0/0 CONECTIVIDAD ENTRE TODAS LAS REDES A TRAVEZ DE ROUTER´S (ruta predeterminada) do copy running-config startup-config RED PIURA CHIMBOTE ip route 0.0.0.0 0.0.0.0 Serial0/0/0 RED TRUJILLO CHIMBOTE ip route 0.0.0.0 0.0.0.0 Serial0/0/0 ip route 0.0.0.0 0.0.0.0 Serial0/0/1 RED VLANS ip route 0.0.0.0 0.0.0.0 Serial0/0/0 RIP ROUTER PIURA CHIMBOTE router rip ver 2 network 172.16.64.0 network 172.16.80.0 network 172.16.122.0 network 172.16.122.4 network 10.0.10.50 no auto-summary TRIJILLO CHIMBOTE router rip ver 2 network 172.16.96.0 network 172.16.104.0 network 172.16.112.0 network 172.16.120.0 network 172.16.122.4 no auto-summary VLANS router rip ver 2 network 172.16.96.0 network 172.16.104.0 network 172.16.112.0 network 172.16.120.0 network 172.16.122.6 no auto-summary CONFIGURACIÓN OTRO ROUTER ISP interface s0/0/0 ip add 200.20.209.2 255.255.255.252 no shut CONFIGURACIÓN ROUTER VLANS interface s0/0/1 ip add 200.20.209.1 255.255.255.252 no shut ETHER CHANNEL: Cuando se cae un puerto pueden funcionar otros demás 2º piso interface range G0/2, F0/24 shutdown channel-group 1 mode desirable no shutdown interface port-channel 1 switchport mode trunk 1er Piso Para conexión con 2do piso interface range G0/2, F0/24 shutdown channel-group 1 mode desirable no shutdown interface port-channel 1 switchport mode trunk Para conexión con sótano interface range G0/1, F0/23 shutdown channel-group 1 mode desirable no shutdown interface port-channel 1 switchport mode trunk CONEXIÓN DE MAS PUERTOS LACP interface range G0/1, f0/23, f0/11, f0/12, f0/3 shutdown channel-group 2 mode active no shutdown interface port-channel 2 switchport mode trunk ENRUTAMIENTO EIGRP passive-interface -- desactiva el puerto serial para no ser usado ROUTER PIURA_CHICLAYO router eigrp 1 network 172.16.0.0 0.0.31.255 network 172.16.32.0 0.0.31.255 network 172.16.122.0 0.0.0.3 passive-interface s0/0/1 no auto-summary ROUTER TRU-CHI router eigrp 1 network 172.16.64.0 0.0.15.255 network 172.16.80.0 0.0.25.255 network 172.16.122.0 0.0.0.3 no auto-summary ROUTER VLANS router eigrp 1 network 172.16.96.0 0.0.7.255 network 172.16.104.0 0.0.7.255 network 172.16.112.0 0.0.7.255 network 172.16.120.0 0.0.1.255 network 172.16.122.0 0.0.0.3 network 172.16.122.6 0.0.0.3 no auto-summary COMPUTACIÓN 3. ASIGNACIÓN IP ENTRE ROUTERS . CONFIGURACION OSPF: Router(config)#router ospf <ID PROCESO> Router(config-router)#network <Red_conectada_1> <Wildcard Mask> area o Router(config-router)#network <Red_conectada_2> <Wildcard Mask> area o R1(config)#router ospf 10 R1(config-router)#network 192.168.11.0 0.0.0.255 area 0 R1(config-router)# R1(config-router)#network 192.168.12.0 0.0.0.255 area 0 R1(config-router)#network 4.4.4.0 0.0.0.3 area 0 R1(config-router)# R2(config)#router ospf 10 R2(config-router)#network 192.168.13.0 0.0.0.255 area 0 R2(config-router)#network 192.168.14.0 0.0.0.255 area 0 R2(config-router)#network 4.4.4.0 0.0.0.3 area 0 R2(config-router)# CLASE 2 SE TIENE QUE DECLARAR EN AMBOS ROUTER OSPF PARA QUE SE GENERE ADYACENCIA ALGO ASI COMO QUE HABLAN EN EL MISMO IDIOMA AMBOS ROUTER, CUANDO CONFIGURAS OSPF ENVIAN A TODOS POR DONDE ESTA CONECTADO UN OSPF HELLO. do copy running-config startup-config Router(config)#hostname R1 R2(config-if)#int s0/0/0 R2(config-if)#ip address 4.4.4.2 255.255.255.252 R2(config-if)#no shutdown R2(config-if)#int s0/0/1 R2(config-if)#no shutdown %LINK-5-CHANGED: Interface Serial0/0/1, changed state to down R2(config-if)#clock rate 128000 R2(config-if)#ip address 4.4.4.5 255.255.255.252 R2(config)#ROUTER OSPF 20 R2(config-router)#network 4.4.4.0 0.0.0.3 area 0 R2(config-router)#network 4.4.4.4 0.0.0.3 area 0 Crear loppback: R12(config)#interface loopback 12 R12(config-if)#ip address 22.22.22.22 255.255.255.255 7 R11#clear ip ospf process // reiniciar ospf R11#show ip ospf neighbor // ver los id 1: DR (DESIGNER ROUTER) 2: BDR (BACKUP DESIGNER ROUTER) JERARQUIA PARA DETERMINAR DR Y BDR: 1: ROUTER CON LA MAYOR DIRECCIÓN LOOPBACK. 2: ROUTER CON EL MAYOR ID (LA MAYOR IP DE TODAS LAS INTERFACES ACTIVAS). CLASE 03 BLOQUEAR PING DE UNA RED A OTRO, ACCESO DENEGADO. BLOQUEAR 202.2 RC(config)#access-list 10 deny 202.2.2.0 0.0.0.127 RC(config)#access-list 10 permit any RC(config)#interface g0/1 RC(config-if)#ip access-group 10 out RC(config-if)# BLOQUEAR LA RED 205 & 206 DESDE LA RED 204 RB(config)#access-list 30 deny 205.5.5.0 0.0.0.15 RB(config)#access-list 30 deny 206.6.6.0 0.0.0.7 RB(config)#access-list 30 permit any RB(config)# interface g0/1 RB(config-if)#ip access-group 30 out RB(config-if)# access-list 10 deny 201.1.1.0 0.0.0.255 access-list 10 deny 202.2.2.0 0.0.0.127 access-list 10 permit any interface g0/0 ip access-group 10 out access-list 20 deny 201.1.1.0 0.0.0.255 access-list 20 deny 202.2.2.0 0.0.0.127 access-list 20 permit any interface g0/1 ip access-group 20 out PERMITIR UNA RED Y DENEGAR OTRAS access-list 10 permit 203.3.3.0 0.0.0.63 access-list 10 deny any interface g0/0 ip access-group 10 out access-list 20 permit 203.3.3.0 0.0.0.63 access-list 20 deny any interface g0/1 ip access-group 20 out CLASE 4 BLOQUEA A DESTINO BLOQUEA A DESTINO 206.6.6.0 // 206.6.6.2 SERVIDOR BCP RC(config)#access-list 120 remark BLOQUEO DE PING A BCP RC(config)#access-list 120 deny icmp any 206.6.6.0 0.0.0.7 //deniega el protocolo icmp a la red 206 RC(config)#access-list 120 permit ip any 206.6.6.0 0.0.0.7 // permite a todas los demas protocolos RC(config)#interface g0/1 RC(config-if)#ip access-group 120 out RC(config-if)# access-list 120 remark BLOQUEO DE PING A RED 201 access-list 120 deny icmp any 201.1.1.0 0.0.0.255 access-list 120 permit ip any 201.1.1.0 0.0.0.255 interface g0/0 ip access-group 120 out BLOQUEAR de ping acceso ping RC(config)#access-list 120 remark BLOQUEO DE PING A BCP RC(config)#access-list 120 deny icmp any 206.6.6.0 0.0.0.7 echo RC(config)#access-list 120 permit ip any 206.6.6.0 0.0.0.7 RC(config)# BOQUEAR ACCESO WEB RC(config)#access-list 130 deny tcp any 206.6.6.0 0.0.0.7 eq www RC(config)#access-list 130 permit ip any 206.6.6.0 0.0.0.7 RC(config)#interface g0/1 RC(config-if)#ip access-group 130 out BOQUEAR ACCESO DNS RC(config)#access-list 140 deny udp any 206.6.6.0 0.0.0.7 eq 53 RC(config)#access-list 140 permit ip any 206.6.6.0 0.0.0.7 RC(config)#interface g0/1 RC(config-if)#ip access-group 140 out CLASE 6 NAT RA(config)#ip nat inside source static 201.1.1.11 4.4.4.11 RA(config)#ip nat inside source static 201.1.1.12 4.4.4.12 RA(config)#ip nat inside source static 201.1.1.13 4.4.4.13 RA(config)#int g0/0 RA(config-if)#ip nat inside RA(config-if)#int s0/0/0 RA(config-if)#ip nat outside RA(config)#access-list 20 permit 201.1.1.0 0.0.0.255 RA(config)#ip nat inside source list 20 interface s0/0/0 RA(config)#int g0/0 RA(config-if)#ip nat inside RA(config-if)#int s0/0/0 RA(config-if)#ip nat outside RA(config-if)# NAT DINAMICA RA(config)#ip nat pool users 4.4.4.31 4.4.4.40 netmask 0.0.0.255 %Pool users mask 0.0.0.255 too small; should be at least 255.255.255.240 %Start and end addresses on different subnets RA(config)#access-list 10 permit 201.1.1.0 0.0.0.255 RA(config)#ip nat inside source list 10 pool users RA(config)#ip nat inside % Incomplete command. RA(config)#int g0/0 RA(config-if)#ip nat inside RA(config-if)#int s0/0/0 RA(config-if)#ip nat outside RA(config-if)# RA(config-if)#exit CLASE 8 VPN interface tunnel 0 tunnel mode gre ip ip address 192.168.13.11 255.255.255.0 tunnel source s0/0/0 tunnel destination 201.1.1.6 // es la salida del router de la otra red SESION 9 Ambos router si uno cae, el otro reemplaza ambos se colocan en un grupo que llega a ser el Gateway 192.168.11.1 RESPALDO(config)#int g0/0 RESPALDO(config-if)#standby version 2 RESPALDO(config-if)#standby 10 ip 192.168.11.1 RESPALDO(config-if)# %HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 10 state Init -> Init %HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 10 state Speak -> Standby RESPALDO(config-if)#standby 10 priority 50 RESPALDO(config-if)# PRINCIPAL(config)#int g0/0 PRINCIPAL (config-if)#standby version 2 PRINCIPAL (config-if)#standby 10 ip 192.168.11.1 PRINCIPAL (config-if)# %HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 10 state Init -> Init %HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 10 state Speak -> Standby PRINCIPAL (config-if)#standby 10 priority 60 PRINCIPAL (config-if)#

2 SESION

Productos

Apoyo

2 SESION

Añadir este documento a la recogida (s)

Añadir a este documento guardado

Sugiéranos cómo mejorar StudyLib