Estudio de caso

Enrutamiento

Programa de las Academias de Networking de Cisco CCNA 2: Principios bsicos de routers y enrutamiento v3.1

Situacin 1 - Fase 1: Descripcin del proyecto

Una empresa tiene un grupo de personas a cargo del mantenimiento de las diversas secciones de la infraestructura de redes. Varios tcnicos han hecho un excelente trabajo dentro de las pequeas secciones de la red de la cuales son responsables. Uno de los responsables de una seccin ms amplia de la infraestructura renuncia repentinamente a la empresa. Esto deja a mitad de camino el rediseo y la puesta en marcha de dicha seccin de la red. Se le asigna a un tcnico la tarea de finalizar el diseo y la puesta en marcha que quedaron inconclusas. Despus de estudiar la documentacin en casa durante el fin de semana, el tcnico descubre por qu el otro renunci repentinamente a su trabajo. Los escasos documentos que existan estaban muy mal escritos. Por lo tanto, durante el fin de semana, el tcnico reconstruye el diagrama mostrado arriba a partir de un croquis que encontr. Este diagrama representa el nuevo diseo de la red y las subredes. Muestra los routers, concentradores y switches, los circuitos y las estaciones de trabajo y los servidores planificados para cada lugar. El servidor en el lugar llamado 'Center' es un servidor de archivos al cual tienen acceso slo las estaciones de trabajo de la subred local. Todos los routers de la red se administran desde una estacin de trabajo en Center. Al volver al trabajo el lunes, el tcnico presenta el nuevo diagrama al jefe de infraestructura de redes, a cargo del proyecto. Luego de conversarlo, se determina que es necesario desarrollar nueva documentacin sobre el proyecto. El jefe de redes, el instructor en nuestro caso, debe aprobar la documentacin en cada fase del proceso. Utilice la siguiente informacin para poner en marcha la red. mbito de direcciones de red Cantidad requerida de subredes Protocolo de enrutamiento Clase C 192.168.1.0/27 5 Subredes EIGRP

Fase 2: Asignacin de direcciones de IP

Ahora que existe un plan bsico, el jefe de redes asigna al tcnico la tarea de desarrollar un prototipo de la nueva red. Utilice el mbito de direcciones de red asignado, junto con los requisitos relativos a las subredes, para dividir la red. A partir del esquema de direcciones de IP, asigne direcciones de IP a las interfaces correspondientes en todos los routers y computadoras de la red. Use como gua el diagrama que aparece a continuacin. Obtenga la aprobacin de esta fase por parte del instructor, antes de proceder con la Fase 3.
192.168.1.0/27

Diagrama de red Asignacin de direcciones de IP

Fase 3: Configuracin bsica de los routers y las estaciones de trabajo

Una vez que el jefe de equipo ha inspeccionado el cableado del prototipo, se le asigna al tcnico la tarea de crear configuraciones bsicas en el router y las estaciones de trabajo. Utilice el diagrama y las planillas de planificacin para establecer una configuracin bsica de los routers. La lista a continuacin ser til para hacer el seguimiento del proceso de configuracin.

Boaz Nombre de host Contrasea de la consola Contrasea secreta Contrasea VTY Direccin de IP I/F Serial 0/0 Direccin de IP I/F Serial 0/1 *Velocidad de sincronizacin I/F Serial 0/0 *Velocidad de sincronizacin I/F Serial 0/1 Direccin de IP I/F Fa 0/0 Direccin deIP I/F Fa 0/1 Activar interfaces Agregar protocolo de enrutamiento Agregar afirmaciones de red * Tabla de host contiene todos los routers y servidores Mensaje del da Descripcin I/F Serial 0/0 Descripcin I/F Serial 0/1 Descripcin I/F Fa 0/0 Boaz class cisco class 192.168.1.34 -

Center Center class cisco class 192.168.1.1 192.168.1.33 64000

Eva Eva class cisco class 192.168.1.2 -

192.168.1.97 -

64000 192.168.1.65 -

192.168.1.129 -

EIGRP

EIGRP

EIGRP

Bienvenidos al router Boaz Interfaz que conecta con el router Center Interfaz que conecta la red Boaz

Bienvenidos al router Center Interfaz que conecta con el router Eva Interfaz que conecta con el router Boaz Interfaz que conecta con la red Center

Bienvenidos al router Eva Interfaz que conecta con el router center Interfaz que conecta con la red Eva

Descripcin I/F Fa 0/1

Fase 4: Listas de control de acceso

Al efectuar pruebas en la red, el jefe de redes descubre que no se ha tomado en cuenta la seguridad de la red. Si se implementa la configuracin de la red segn el diseo, cualquier usuario en la red tendra acceso a todos los dispositivos y estaciones de trabajo de la red. El jefe de redes le solicita al tcnico que configure listas de control de acceso (ACL) a los routers. El jefe de redes tiene algunas sugerencias en cuanto a la seguridad. Antes de agregar las listas de control de acceso (ACL), se debe hacer una copia de seguridad de la configuracin en uso del router. Adems, se debe comprobar que haya conectividad total en la red antes de activar cualquier lista de control de acceso (ACL). Las siguientes condiciones deben ser tomadas en cuenta durante la creacin de las listas de control de acceso: y La estacin de trabajo 2 y el servidor de archivos 1 se encuentran en la subred de administracin. Cualquier dispositivo en la subred de administracin debe tener acceso a cualquier otro dispositivo en cualquier parte de la red. Las estaciones de trabajo en las subredes Eva y Boaz no deben tener acceso a ningn dispositivo fuera de su subred, salvo para interconectarse con el servidor de archivos 1. Cada router debe poder hacer telnet en los dems routers y tener acceso a cualquier dispositivo en la red.

El jefe de redes solicita al tcnico que escriba un corto resumen del propsito de cada ACL, las interfaces en las que se utilizarn y la direccin del trfico. Luego haga una lista de los comandos exactos que se utilizarn para crear y activar las ACL en las interfaces de los routers. Hacer telnet de Boaz a Eva Hacer telnet de la estacin de trabajo 4 a Eva Hacer telnet de la estacin de trabajo 5 a Boaz Hacer telnet de la estacin de trabajo 2 a Boaz Hacer telnet de la estacin de trabajo 2 a Boaz Hacer ping de la estacin de trabajo 5 al servidor de archivos 1 Hacer ping de la estacin de trabajo 3 al servidor de archivos 1 Hacer ping de la estacin de trabajo 3 a la estacin de trabajo 4 Hacer ping de la estacin de trabajo 5 a la estacin de trabajo 6 Hacer ping de la estacin de trabajo 3 a la estacin de trabajo 5 Hacer ping de la estacin de trabajo 2 a la estacin de trabajo 5 Hacer ping de la estacin de trabajo 2 a la estacin de trabajo 3 Hacer ping del router Eva a la estacin de trabajo 3 Hacer ping del router Boaz a la estacin de trabajo 5 CON XITO BLOQUEADO BLOQUEADO CON XITO CON XITO CON XITO CON XITO CON XITO CON XITO BLOQUEADO CON XITO CON XITO CON XITO CON XITO

Fase 5: Documentacin de la red

A efectos de dar un apoyo adecuado a la red, es necesario documentarla. Elabore una documentacin organizada con lgica, para simplificar el diagnstico de fallas.

Documentacin de la configuracin
show cdp neighbors Device ID Local Intrfce Holdtme Capability Platform Port ID Switch Fas 0/0 146 S 2950 Fas 0/1 Center Ser 0/0/0 146 R C1841 Ser 0/0/1 show ip route 192.168.1.0/27 is subnetted, 5 subnets D 192.168.1.0 [90/2681856] via 192.168.1.33, 02:24:35, Serial0/0/0 C 192.168.1.32 is directly connected, Serial0/0/0 D 192.168.1.64 [90/2172416] via 192.168.1.33, 02:24:35, Serial0/0/0 C 192.168.1.96 is directly connected, FastEthernet0/0 D 192.168.1.128 [90/2684416] via 192.168.1.33, 02:24:33, Serial0/0/0 show ip protocol Gateway Distance Last Update 192.168.1.33 90 6284 Distance: internal 90 external 170 show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.97 YES manual up up FastEthernet0/1 unassigned YES unset administratively down down Serial0/0/0 192.168.1.34 YES manual up up Serial0/0/1 unassigned YES unset administratively down down Vlan1 unassigned YES unset administratively down down show version Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Processor board ID FTX0947Z18E M860 processor: part number 0, mask 49 2 FastEthernet/IEEE 802.3 interface(s) 2 Low-speed serial(sync/async) network interface(s) 191K bytes of NVRAM. 63488K bytes of ATA CompactFlash (Read/Write) show hosts show startup-config Using 928 bytes version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption

Boaz

! hostname Boaz ! enable password cisco ! interface FastEthernet0/0 description #interfaz que conecta la red Boaz# ip address 192.168.1.97 255.255.255.224 ip access-group 101 in duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 description #interfaz que conecta con el router Center# ip address 192.168.1.34 255.255.255.224 ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address shutdown ! router eigrp 1 network 0.0.0.0 no auto-summary ! ip classless ! access-list 101 permit ip 192.168.1.96 0.0.0.31 host 192.168.1.66 ! banner motd ^Cbienvenidos al router Boaz^C ! line con 0 password class login line vty 0 4 password class login ! End

Center

show cdp neighbors Device ID Local Intrfce Holdtme Capability Platform Port ID Switch Fas 0/0 136 S 2950 Fas 0/1 Boaz Ser 0/0/1 142 R C1841 Ser 0/0/0 Eva Ser 0/0/0 143 R C1841 Ser 0/0/0 show ip route 192.168.1.0/27 is subnetted, 5 subnets C 192.168.1.0 is directly connected, Serial0/0/0 C 192.168.1.32 is directly connected, Serial0/0/1 C 192.168.1.64 is directly connected, FastEthernet0/0 D 192.168.1.96 [90/2172416] via 192.168.1.34, 02:43:19, Serial0/0/1 D 192.168.1.128 [90/2172416] via 192.168.1.2, 02:43:18, Serial0/0/0 show ip protocol Gateway Distance Last Update 192.168.1.34 90 6283 192.168.1.2 90 7417 Distance: internal 90 external 170 show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.65 YES manual up up FastEthernet0/1 unassigned YES unset administratively down down Serial0/0/0 192.168.1.1 YES manual up up Serial0/0/1 192.168.1.33 YES manual up up Vlan1 unassigned YES unset administratively down down show versin Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Processor board ID FTX0947Z18E M860 processor: part number 0, mask 49 2 FastEthernet/IEEE 802.3 interface(s) 2 Low-speed serial(sync/async) network interface(s) 191K bytes of NVRAM. 63488K bytes of ATA CompactFlash (Read/Write) show hosts show startup-config Using 951 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Center ! enable password cisco ! interface FastEthernet0/0

Eva

description #interfaz que conecta con la red Center# ip address 192.168.1.65 255.255.255.224 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 description #interfaz que conecta con el router Eva# ip address 192.168.1.1 255.255.255.224 clock rate 64000 ! interface Serial0/0/1 description #interfaz que conecta con el router Boaz# ip address 192.168.1.33 255.255.255.224 clock rate 64000 ! interface Vlan1 no ip address shutdown ! router eigrp 1 network 0.0.0.0 no auto-summary ! ip classless ! banner motd ^CBienvenidos al router Center^C ! line con 0 password class login line vty 0 4 password cisco login ! end show cdp neighbors Device ID Local Intrfce Holdtme Capability Platform Port ID Switch Fas 0/0 149 S 2950 Fas 0/1 show ip route 192.168.1.0/27 is subnetted, 5 subnets C 192.168.1.0 is directly connected, Serial0/0/0 D 192.168.1.32 [90/2681856] via 192.168.1.1, 00:01:30, Serial0/0/0

D 192.168.1.64 [90/2172416] via 192.168.1.1, 00:01:30, Serial0/0/0 D 192.168.1.96 [90/2684416] via 192.168.1.1, 00:01:30, Serial0/0/0 C 192.168.1.128 is directly connected, FastEthernet0/0 show ip protocol Gateway Distance Last Update 192.168.1.1 90 19388 Distance: internal 90 external 170 show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.129 YES manual up up FastEthernet0/1 unassigned YES unset administratively down down Serial0/0/0 192.168.1.2 YES manual up up Serial0/0/1 unassigned YES unset administratively down down Vlan1 unassigned YES unset administratively down dow show versin Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Processor board ID FTX0947Z18E M860 processor: part number 0, mask 49 2 FastEthernet/IEEE 802.3 interface(s) 2 Low-speed serial(sync/async) network interface(s) 191K bytes of NVRAM. 63488K bytes of ATA CompactFlash (Read/Write) show hosts show startup-config Using 930 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Eva ! enable password cisco ! interface FastEthernet0/0 description #interfaz que conecta con la red Eva# ip address 192.168.1.129 255.255.255.224 ip access-group 101 in duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto

shutdown ! interface Serial0/0/0 description #interfaz que conecta con el router center# ip address 192.168.1.2 255.255.255.224 ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address shutdown ! router eigrp 1 network 0.0.0.0 no auto-summary ! ip classless ! access-list 101 permit ip 192.168.1.128 0.0.0.31 host 192.168.1.66 ! banner motd ^CBienvenidos al router Eva^C ! line con 0 password class login line vty 0 4 password class login ! end

Documentacin de la seguridad
show ip interface FastEthernet0/0 is up, line protocol is up (connected) Internet address is 192.168.1.129/27 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 101 Proxy ARP is enabled

Boaz

Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is disabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled FastEthernet0/1 is administratively down, line protocol is down (disabled) Internet protocol processing disabled Serial0/0/0 is up, line protocol is up (connected) Internet address is 192.168.1.2/27 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is disabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled

Center

TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled Serial0/0/1 is administratively down, line protocol is down (disabled) Internet protocol processing disabled Vlan1 is administratively down, line protocol is down Internet protocol processing disabled show ip access lists permit ip 192.168.1.128 0.0.0.31 host 192.168.1.66 show ip interface FastEthernet0/0 is up, line protocol is up (connected) Internet address is 192.168.1.65/27 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is disabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled FastEthernet0/1 is administratively down, line protocol is down (disabled)

Internet protocol processing disabled Serial0/0/0 is up, line protocol is up (connected) Internet address is 192.168.1.1/27 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is disabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled Serial0/0/1 is up, line protocol is up (connected) Internet address is 192.168.1.33/27 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent

Eva

IP fast switching is disabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled Vlan1 is administratively down, line protocol is down Internet protocol processing disabled show ip access lists show ip interface FastEthernet0/0 is up, line protocol is up (connected) Internet address is 192.168.1.129/27 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 101 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is disabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled

Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled FastEthernet0/1 is administratively down, line protocol is down (disabled) Internet protocol processing disabled Serial0/0/0 is up, line protocol is up (connected) Internet address is 192.168.1.2/27 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is disabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled Serial0/0/1 is administratively down, line protocol is down (disabled) Internet protocol processing disabled Vlan1 is administratively down, line protocol is down Internet protocol processing disabled show ip access lists permit ip 192.168.1.128 0.0.0.31 host 192.168.1.66

show cdp neighbors show ip route show ip protocol show ip interface show version show hosts show startup-config

show ip access-list

Este comando muestra un reporte de todos los dispositivos Cisco al que estamos conectados. Muestra la tabla entera de IP routing Muestra informacin de los protocolos actuales de routing. Muestra informacin de las interfaces a nivel IP Este comando muestra la versin del IOS, las interfaces disponibles, el uptime del sistema, la ltima vez que se hizo un reload y porqu, y registros de configuracin. Muestra una lista en cach de los nombres de host y direcciones Comando para mostrar el archivo de configuracin guardado en la memoria no voltil que se utiliza para arrancar el sistema. Adems de mostrar las listas de acceso configuradas, tambin muestra el n de hits que cada lnea ha recibido, de este modo podemos hacer un mejor debug de cualquier problema con las access-list o listas de acceso.