Switch>en

Switch#confi ter
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int vlan 1
Switch(config-if)#ip address 192.168.10.2 255.255.255.0
Switch(config-if)#no sh

Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

Switch(config-if)#do wr
Building configuration...
[OK]

Switch#
Switch#sh flash
Directory of flash:/

1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin

2 -rw- 1094 <no date> config.text

64016384 bytes total (59600369 bytes free)

Switch#copy flash: tftp:
Source filename []?
Switch#copy flash: tftp:
Source filename []? c2960-lanbase-mz.122-25.FX.bin
Address or name of remote host []? 192.168.10.10 (IPdelservidor)
Destination filename [c2960-lanbase-mz.122-25.FX.bin]?

Writing c2960-lanbase-mz.122-
25.FX.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 4414921 bytes]

4414921 bytes copied in 0.052 secs (2306802 bytes/sec)

Switch#delete c2960-lanbase-mz.122-25.FX.bin
Delete filename [c2960-lanbase-mz.122-25.FX.bin]?
Delete flash:/c2960-lanbase-mz.122-25.FX.bin? [confirm]

Switch#copy tftp: flash:

Address or name of remote host []? 192.168.10.10
Source filename []? c2960-lanbasek9-mz.150-2.SE4.bin
Destination filename [c2960-lanbasek9-mz.150-2.SE4.bin]?

Accessing tftp://192.168.10.10/c2960-lanbasek9-mz.150-2.SE4.bin...
Loading c2960-lanbasek9-mz.150-2.SE4.bin from
192.168.10.10: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 4670455 bytes]

4670455 bytes copied in 0.067 secs (5604294 bytes/sec)

Switch#wr
Building configuration...
[OK]
Switch#sh flash
Directory of flash:/

3 -rw- 4670455 <no date> c2960-lanbasek9-mz.150-2.SE4.bin

2 -rw- 1094 <no date> config.text

64016384 bytes total (59344835 bytes free)

Se reinicia router
Switch>
Switch>en
Switch#sh flash
Directory of flash:/

3 -rw- 4670455 <no date> c2960-lanbasek9-mz.150-2.SE4.bin

2 -rw- 1094 <no date> config.text

64016384 bytes total (59344835 bytes free)

Switch#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#do sh sdm prefer
The current template is "default" template.
The selected template optimizes the resources in
the switch to support this level of features for
0 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 8K

number of IPv4 IGMP groups + multicast routes: 0.25K
number of IPv4 unicast routes: 0
number of IPv6 multicast groups: 0
number of directly-connected IPv6 addresses: 0
number of indirect IPv6 unicast routes: 0
 number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.125k
number of IPv4/MAC security aces: 0.375k
number of IPv6 policy based routing aces: 0
number of IPv6 qos aces: 20
number of IPv6 security aces: 25

Switch(config)#sdm prefer ?
default Default bias
dual-ipv4-and-ipv6 Support both IPv4 and IPv6
lanbase-routing Lanbase routing
qos Qos bias

Switch(config)#sdm prefer dual-ipv4-and-ipv6 default

Changes to the running SDM preferences have been stored, but cannot take effect until the next
reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
Switch(config)#
Switch(config)# do wr

Switch(config)#do reload

Se pone el nombre

Switch>en
Switch(config)#hostname SW1-Rk1-Piso1
SW1-Rk1-Piso1(config)#do WR
Building configuration...
[OK]

SW1-Rk1-Piso1(config)#enable password cisco

SW1-Rk1-Piso1(config)#banner motd #*****Uso privado*****#
SW1-Rk1-Piso1(config)#enable secret cisco
SW1-Rk1-Piso1(config)#
SW1-Rk1-Piso1#wr

*****Uso privado*****

W1-Rk1-Piso1#
SW1-Rk1-Piso1#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
SW1-Rk1-Piso1(config)#
SW1-Rk1-Piso1(config)#

SW1-Rk1-Piso1(config)#line console 0
SW1-Rk1-Piso1(config-line)#password cisco
SW1-Rk1-Piso1(config-line)#do wr

SW1-Rk1-Piso1(config)#service password-encryption
SW1-Rk1-Piso1(config)#

SW1-Rk1-Piso1#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
SW1-Rk1-Piso1(config)#int
SW1-Rk1-Piso1(config)#interface vlan1
SW1-Rk1-Piso1(config-if)#ipv6 add 2001:DB8:CAFE::2/64
SW1-Rk1-Piso1(config-if)#ipv6 add fe80::2 link-local
SW1-Rk1-Piso1(config-if)#do wr

SW1-Rk1-Piso1#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
SW1-Rk1-Piso1(config)#line vty 0 1
SW1-Rk1-Piso1(config-line)#password cisco
SW1-Rk1-Piso1(config-line)#login
SW1-Rk1-Piso1(config-line)#transport input telnet
SW1-Rk1-Piso1(config-line)#do wr
Building configuration...
[OK]
SW1-Rk1-Piso1(config-line)#
**********************************************************************
**********************************************************************
**********************************************************************
SW1-Rk1-Piso2#conf ter
SW1-Rk1-Piso2(config)#ip domain-name www.cisco.com
SW1-Rk1-Piso2(config)#ip default-gateway 192.168.10.1
SW1-Rk1-Piso2(config)#crypto key generate rsa
The name for the keys will be: SW1-Rk1-Piso2.www.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
SW1-Rk1-Piso2#
SW1-Rk1-Piso2#
W1-Rk1-Piso2#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
SW1-Rk1-Piso2(config)#username ral privilege 15 password cisco
SW1-Rk1-Piso2(config)#
SW1-Rk1-Piso2(config)#
SW1-Rk1-Piso2(config)#username damian privilege 15 password cisco
SW1-Rk1-Piso2(config)#
SW1-Rk1-Piso2(config)#do wr

**********************************

SW1-Rk1-Piso2(config)#
SW1-Rk1-Piso2(config)#line vty 0
SW1-Rk1-Piso2(config-line)#^Z
SW1-Rk1-Piso2#

SW1-Rk1-Piso2#conf ter
SW1-Rk1-Piso2(config)#crypto key generate rsa
% You already have RSA keys defined named SW1-Rk1-Piso2.www.cisco.com .
% Do you really want to replace them? [yes/no]: no
SW1-Rk1-Piso2(config)#
SW1-Rk1-Piso2(config)#
SW1-Rk1-Piso2(config)#line vty 0
SW1-Rk1-Piso2(config-line)#login local
SW1-Rk1-Piso2(config-line)#transport input all
SW1-Rk1-Piso2(config-line)#do wr

W1-Rk1-Piso2#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
SW1-Rk1-Piso2(config)#line console 0
SW1-Rk1-Piso2(config-line)#login local
SW1-Rk1-Piso2(config-line)#do wr
Building configuration...
[OK]

se borra el telnet

nter configuration commands, one per line. End with CNTL/Z.

SW1-Rk1-Piso2(config)#
SW1-Rk1-Piso2(config)#line vty 0
SW1-Rk1-Piso2(config-line)#transport input ssh
SW1-Rk1-Piso2(config-line)#

Se entra a un pc de la re y se hace la prueba

C:\>telnet 192.168.0.3
Trying 192.168.0.3 ...
% Connection timed out; remote host not responding
:\>ssh -l damian 192.168.10.3

Password:

*****Uso privado*****

SW1-Rk1-Piso2#

Apagar puertos que no se usaran

SW1-Rk1-Piso1(config)# interface range f0/1-10

SW1-Rk1-Piso1(config-if-range)#switchport mode access
SW1-Rk1-Piso1(config-if-range)#shutdown

se pone en modo de accesooo

SW1-Rk1-Piso1(config)#int f0/1

SW1-Rk1-Piso1(config-if)#switchport mode access

SW1-Rk1-Piso1(config-if)#
SW1-Rk1-Piso1(config-if)#do sh int f0/1 sw

*********************
se shutea si se conecta otro equipo

SW1-Rk1-Piso1(config)#int f0/1
SW1-Rk1-Piso1(config-if)#switchport port-security maximum 1

SW1-Rk1-Piso1(config-if)#switchport port-security violation ?

protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode
SW1-Rk1-Piso1(config-if)#switchport port-security violation shutdown

SW1-Rk1-Piso1(config-if)#switchport port-security mac-address ?

H.H.H 48 bit mac address
sticky Configure dynamic secure addresses as sticky

SW1-Rk1-Piso1(config-if)#switchport port-security mac-address sticky

SW1-Rk1-Piso1(config)#int range f0/2-3

SW1-Rk1-Piso1(config-if-range)#switchport port-security
SW1-Rk1-Piso1(config-if-range)#
SW1-Rk1-Piso1(config-if)#do wr
Building configuration...
[OK]

SW1-Rk1-Piso1#sh por
SW1-Rk1-Piso1#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
--------------------------------------------------------------------
Fa0/1 1 0 0 Shutdown
----------------------------------------------------------------------
SW1-Rk1-Piso1#
SW1-Rk1-Piso1#
SW1-Rk1-Piso1#sh port-security in
SW1-Rk1-Piso1#sh port-security interface f0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses :0
Configured MAC Addresses : 0
Sticky MAC Addresses :0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0

SW1-Rk1-Piso1#
SW1-Rk1-Piso1#ping 192.168.10.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms
 Radios en el SW 1

SW1-Rk1-Piso1(config)#
SW1-Rk1-Piso1(config)#

SW1-Rk1-Piso1(config)#aaa new-model
SW1-Rk1-Piso1(config)#aaa authentication ?
dot1x Set authentication lists for IEEE 802.1x.
enable Set authentication lists for enable.
login Set authentication lists for logins.
ppp Set authentication lists for ppp.
SW1-Rk1-Piso1(config)#aaa authentication dot1x ?
default The default authentication list.

SW1-Rk1-Piso1(config)#aaa authentication dot1x default group radius

SW1-Rk1-Piso1(config)#radius-server host 192.168.10.10 key cisco

SW1-Rk1-Piso1(config)#dot1x system-auth-control
SW1-Rk1-Piso1(config)#
SW1-Rk1-Piso1(config)#do wr
Building configuration...
[OK]
SW1-Rk1-Piso1(config)#
SW1-Rk1-Piso1(config)#int range f0/2-24

SW1-Rk1-Piso1(config-if-range)#switchport mode access

SW1-Rk1-Piso1(config-if-range)#authentication port-control auto

SW1-Rk1-Piso1(config-if-range)#dot1x pae authenticator

SW1-Rk1-Piso1(config-if-range)#
SW1-Rk1-Piso1(config-if-range)#dot1x pae authenticator