Upload File

config.docx

prev
next
out of 7
Download config.docx

Upload: alejandro-llanos

Post on 30-Oct-2015

8 views

Category:

Documents


0 download

Report

TRANSCRIPT

config-if)#encapsulation hdlcconfig)# interface s0/0/0config-if)#encapsulation ppp

show interfacesshow interfaces serialdebug pppundebug all

R1# hostname R1username R2 password cisco

ppp authenticarion papppp pap sent-username R1 password ciscooooooppp auhentication CHAP

R2# hostname R2username R1 password cisco

ppp authenticarion papppp pap sent-username R2 password ciscooooooppp auhentication CHAP

show frame-relay map

config)# interface s0/0/0encapsulation frame-relay

encapsulation frame-relay ietfframe-relay interface-dlci 110exitexit

.interface s0/0/0.ip address 10.1.1.1 255.255.255.0.encapsulation frame-relay.bandwidth 64.no frame-relay inverse-arp(opcional si es que se quiere que no ).frame-relay map ip 10.1.1.2 102 broadcast

cisco(mapa estatico)(frame relay publica al vecino con la ip

10.1.1.1 su etiqueta 102).no shutdown

interface s0/0/0no ip addressencapsulation frame-relayno shutexit

interface s0/0/0.102 point-to-pointip address 10.1.1.1 255.255.255.252bandwidth 64frame-relay interface-dlci 102exit

interface s0/0/0.103 point-to-pointip address 10.1.1.5 255.255.255.252bandwidth 64frame-relay interface-dlci 103exit

debug frame-relay lmi

sh interfacessh frame-relay lmish frame-relay pvcsh frame-relay map

Lineas VTY--------------------------------config)#hostname r2config)# ip domain-name cisco.comconfig)#crypto key generate rsaconfig)#username student secret cisco

config)#line vty 0 4config-line)#no transport inputconfig-line)#transport input sshconfig-line)#login localconfig-line)#exec-tomeout 3 (tiempode sesion inactiva)config-line)#exitconfig)#ip ssh time-out 15config)#ip ssh autentication-retries 2

--------------------------------Inabilitar por seguridad--------------------------------no cdp runno ip source-routeno ip classlessno ip service tcp-small-serversno ip service udp-small-serverno ip fingerno service fingerno ip bootp serverno ip http serverno ip name-server

no boot networkno service config

no access-list 0access-list 70 deny deny

no snmp-server enable trapsno snmp-server system-shutdownno snmp-server trap-auth

----------------------------------Comandos relacionados con Debug:----------------------------------config)# service timestamps debug datetime msec/agrega una marca horaria a un debug o mensaje de registro/

#show processes/muestra el uso del cpu por procesos/

#no debug all/inabilita todos los comandos debug/

#terminal monitor/muestra el resultado de debug en la version actual vty/

----------------------------------RIP-----------------------------------config)#router ripconfig-router)#passive-interface defaultconfig-router)#no passive-interface s0/0/0

config)#key chain RIP_KEY(nombre)config-keychain)#key 1(identificador)config-keychain-key)#key-string ciscoexitexit

config)# int s0/0/0config-if)#ip rip authentication mode md5config-if)#ip rip authentication key-chain RIP_KEY

--------------------------------EIGRP--------------------------------config)#key chain EIGRP_KEY(nombre)config-keychain)#key 1(identificador)config-keychain-key)#key-string ciscoexitexit

config)# int s0/0/0config-if)#ip authentication mode eigrp 1 md5config-if)#ip authentication key-chain eigrp 1 EIGRP_KEY

-------------------------------------OSPF-------------------------------------config)#interface s0/0/0config-if)#ip ospf message-digest-key 1 md5 ciscoconfig-if)#ip ospf authentication message-digestconfig-if)#exitconfig)#router ospf 10config-router)# area 0 authentication message-digest

--------------------------------------bloqueo de router--------------------------------------#auto secure

acl estandar (1-199 y 1300-1999) mas cerca al destinoacl extendida(100-199 y 2000-2699) mas cerca al origen---------------------------------------

-estandar-----------------------config)#access-list 10 permit 192.168.10.0

#show access-listconfig)#no access-list 10

config)#access-list 10 remark Permit host from the 192.168.10.0 LAN(inserta un comentario con remark de maximo 100 caracteres)config)#access-list 10 permit 192.168.10.0

192.168.10.10 0.0.0.0 = host 192.168.10.10

0.0.0.0 255.255.255.255. = deny

denegar un host de una red o subredconfig)#no access-list 1config)#access-list 1 deny 192.168.10.10 0.0.0.0config)#access-list permit 192.168.10.0 0.0.0.255(red o subred 0.0.255.255)config)#interface s0/0/0config-if)#ip access-group 1 out

-----------------------------------------access-list con vty

config)#access-list 21 permit 192.168.10.0 0.0.0.255config)#access-list 21 permit 192.168.11.0 0.0.0.255config)#access-list 21 deny any

config)# line vty 0 4config-line)#loginconfig-line)#password secretconfig-line)#access-class 21 in------------------------------------------

ACL CON NOMBRE

config)#ip access-list standard NO_FTPconfig-std-nacl)#deny host 192.168.11.10config-std-nacl)#permit 192.168.11.0 0.0.0.255config-std-nacl)#interface fa0/0config-if)#ip access-group NO_FTP out

show access-listconfig tip access-list standar WERBSERVER15 permit host 192.168.11.10end

en acls con nombre se pueden editar entrads

------------------------------------------

ACLS EXTENDIDAS

access-list 114 permit tcp 192.168.20.0 0.0.0.255 any eq 23access-list 114 permit tcp 192.168.20.0 0.0.0.255 any eq 21access-list 114 permit tcp 192.168.20.0 0.0.0.255 any eq 20

access-list 114 permit tcp 192.168.20.0 0.0.0.255 any eq telnetaccess-list 114 permit tcp 192.168.20.0 0.0.0.255 any eq ftpaccess-list 114 permit tcp 192.168.20.0 0.0.0.255 any eq ftp-data

ejemplo con filtrado de trafico web 80 y 443-------------------------------------------access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 443access-list 104 permit tcp any 192.168.10.0 0.0.0.255 any eq established

interface s0/0/0ip access-group 103 outip access-group 104 in

ejemplo para denergar ftp--------------------------------------------access-list 102 tcp deny 192.168.11.0 0.0.0.255 192.168.10.0many eq 20access-list 102 tcp deny 192.168.11.0 0.0.0.255 192.168.10.0 any eq 21access-list 102 permit ip any anyinterface fa0/1ip access-group 101 in

ejemplo para denegar telnet-------------------------------------------access-list 101 deny tcp 192.168.11.0 0.0.0.255 any eq 23access-list 101 permit ip any any

interface fa0/0ip access-group 101 out

ACL EXTENDIDAS DENOMINADAS--------------------------------------ejemplo permitir navegar solo paginas web:

access-list extended SURFINGpermit tcp 192.168.10.0 0.0.0.255 any eq 80permit tcp 192.168.10.0 0.0.0.255 any eq 443

access-list extended BROWSINGpermir tco 192.168.10.0 0.0.0.255 stablised

interface s0/0/0ip access-group SURFING outip access-group BROWSING in

--------------------------------------

ACL DINAMICAS:-----------------------ejemplo: conexion por medio de telnet ip router 10.2.2.2 la red conectada es 192.168.30.0 y la red a la que se va ha conectar es 192.168.10.0

config)#username student password 0 ciscoconfig)# access-list 110 permit any host 10.2.2.2 eq telnetconfig)#access-list 110 dynamic testlist timeout 15 permit ip 192.168.10.0 0.0.255.255 192.168.30.0 0.0.0.255 (establece el tiempo de 15 minutos de conexion )

interfac s0/0/1ip access-group 101 in(se configura la lista de acceso en la entrada)

line vty 0 4login localautocoomand access-enable host timeout 5 (cuando el usuario se conecte a la linea vty tendra que estar en actiuvudad minimo 5 minutos )

------------------------------------------ACL REFLEXIVA------------------------------------------ip access-list extended OUTBOUNDFILTERSpermit tcp 192.168.0.0 0.0.255.255 any reflect TCPTRAFICTpermit icmp 192.168.0.0 0.0.255.255 any reflect ICMPTRAFICT

ip access-list extended INBOUNDFILTERSevaluate TCPTRAFFICevaluate ICMPTRAFFIC

interface s0/0/0ip access-group INBOUNDFILTERS inip access-group OUTFILTERS out

------------------------------------------ACL BASADA EN TIEMPO------------------------------------------time-range EVERYOTHERDAYperidoic Monday Wednesday Friday 8:00 to 17:00

access-list 101 permi tcp 192.168.10.0 0.0.0.255 any eq telnet time-rage EVERYOTHERDAY

interface s0/0/0ip access-group 101 out

#copy running-confgi startup-config

#copy running-config tftp:

#copy tftp: running-config

#copy tftp: startup-config

#show flash

rommon1>IP_ADDRESS=192.168.1.2rommon2>IP_SUBNET_MASK=255.255.255.0rommon3>DEFAULT_GATEWAY=192.168.1.1rommon4>TFTP_SERVER=192.168.1.1rommon5>TFTP_FILE=c1841-ipbase-mz.123-14.t7.bin

rommon1>tftpdnld

--------------------------------reset password--------------------------------

rommon1>confreg 0x2142rommon2>resetrouter>enable

cargar la configuracion, cambiar la clave y luego:

config)#config-register 0x2102#wr

-------------------------Servidor dhcp-------------------------config)#ip dhcp excluded-address (ips excluidas)config)#ip dhcp excluded-address 192.168.10.1 192.168.10.9

config)#ip dhcp pool LAN-POOL-1dhcp-config)#network 192.168.10.0 255.255.255.0dhcp-config)#default-router 192.168.10.1dhcp-config)#domain-name span.comdhcp-config)#end

#show ip dhcp binding

#show ip dhcp server statistics

#show ip dhcp pool

----------------------------una interface con cliente----------------------------config)#interface fa0/0config-if)#ip address dhcpconfig-if)#no shut

#show ip int fa0/0

---------------------------dhcp relay (cuando dhcp se encuentra en otra red)---------------------------#config tconfig)#interface fa0/0config-if)#ip helper-address 192.168.11.5config-if)#end

en la PC:ipconfig /releaseipconfig /renew---------------------------como router relay se puede configurar lo siguiente:Puerto 37: Tiempo Puerto 49: TACACSPuerto 53: DNSPuerto 67: Cliente DHCP/BOOTPPuerto 68: Servidor de DHCP/BOOTPPuerto 69: TFTPPuerto 137: Servicio de nombres NetBIOSPuerto 138: Servicio de datagrama NetBIOS)----------------------------Verificacion de Relay DHCP-----------------------------# show runing-config

---- depuracion del dhcp#access-list 100 permit ip host 0.0.0.0 host 255.255.255.255#debug ip packet detail 100

NAT estatico------------------en este escenrio la interface s0/0/0 esta conectada a la red internay la s0/1/0 a la red externa con la ip publica--------------------------#ip nat inside source static 192.168.10.254 209.165.200.154#interface serial0/0/0#ip nat inside#interface serial0/1/0#ip nat outside

-------------------NAT DINAMICO-------------------se sebe de traducir un rango ip privado a un rango publicos0/0/0 interface a redes privadass0/1/0 interface a redes publicas----------------------

#ip nat pool NAT-POLL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224(se crea rango de direciones publicas)#access-list 1 permit 192.168.0.0 0.0.255.255 (se crea la lista de direcciones privadas)

#ip nat inside source list 1 poll NAT-POOL1(SI SOLO SE TIENE UNA DIRECCION DE SALIDA)#ip nat inside source list 1 interface serial0/1/0

#interface s0/0/0#ip nat inside#interface s0/1/0#ip nat outside

---------------------------

NAT DINAMICO SOBRECARGA-------------------se sebe de traducir un rango ip privado a un rango publicos0/0/0 interface a redes privadass0/1/0 interface a redes publicas----------------------

#ip nat pool NAT-POLL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224(se crea rango de direciones publicas)#access-list 1 permit 192.168.0.0 0.0.255.255 (se crea la lista de direcciones privadas)

#ip nat inside source list 1 poll NAT-POOL1 overload(SI SOLO SE TIENE UNA DIRECCION DE SALIDA)#ip nat inside source list 1 interface serial0/1/0 overload

#interface s0/0/0#ip nat inside#interface s0/1/0#ip nat outside

-----------------------------------comprobaciones-----------------------------------

#show ip nat translations

#show ip nat translations verbose

#show ip nat statistics

#clear ip nat translation *(elimina todas las entradas de la tabla)#show ip nat translations(elimina la entrada a la tabla )#debug ip nat

----------------------config)#ipv6 address 2001.DB8:2222:7272::72/64

dual stack:config)#ipv6 unicast-routing(habilita el envio de trafico ipv6)config)#interface fa0/0config-if)#ip address 192.168.99.1 255.255.255.0config-if)#ipv6 address 3ffe:b00:c18:1::3/127

config-if)ipv6 address ipv6prefix/prefix-lengh eui-64

-------ipv6 unicast-routingipv6 router rip rt0

interface fa0/0ipv6 address 2001:db8:1:1::/64 eui-64ipv6 rip rt0 enable

sh ipv6 interfacesh ipv6 interface briefsh ipv6 neighborssh ipv6 protocolssh ipv6 ripsh ipv6 routesh ipv6 route summaysh ipv6 staticsh ipv6 static 2001:db8:666:0/16sh ipv6 static interface s0/0/0sh ipv6 static detail


Star Wars Original Trilogy Trivia (Episodes IV-VI)

Introduction to Six Sigma

Star Wars Trivia!

Keyboard Shortcuts for the Opera Browser for Mac OS X

Personality Development

Basic Buffer Overflows Explained

Heidegger Kritik

xCDC14a

Rubik's cube solution

Cakes Recipes

Tragic Heroes

Compressing And Decompressing Folders

How Computer Keyboards Work

Life Is Just A Dream - Or Is It?

Improve the Color Quality Of Your Monitor

Simple Functions in Haskell

18 Tricks to Teach Your Body

Do you admire Leonardo da Vinci?

Chapter-01

Barclays1

(Tesla) - The Tesla Magnetic Car Engine

The Last Carnival I Ever Saw

Fortran

Steve Jobs' Commencement Speech at Stanford

Effective Parenting: Establishing Boundaries

Jan Van Eyck and the Man In A Red Turban

Aesops Fables

United States Constitution

The Best American Humorous Short Stories

Explore The Levels of Creation

Venture Capital

Acetone Peroxide

Star Wars Prequel Trilogy Trivia (Episodes I-III)

The Dutch Republic In International Trade

Algorithms