Professional Documents
Culture Documents
ROUTER OSPF 1
DEFAULT-INFORMATION ORIGINATE
EXIT
——
Shh-
hostname orlando
enable secret cisco
line con 0
password cisco
login
Telnet-
line vty 0 4
password cisco
login
exit
Banner de aviso-
——
R1
INTER SER0/0/0
ENCAPSULATION PPP
PPP AUTHENTICATION CHAP
HOSTNAME R1
USERNAME R2 PASS CISCO
--------------------------------------
R2
INTER SER0/0/0
ENCAPSULATION PPP
PPP AUTHENTICATION PAP
PPP PAP SENT-USERNAME R1 PASS CISCO
EXIT
HOSTNAME R2
USERNAME R2 PASS CISCO
———
SERVER:
VTP MODE SERVER
VTP DOMAIN CCNA
VTP PASSWORD CISCO
CLIENT:
VTP MODE CLIENT
VTP DOMAIN CCNA
VTP PASSWORD CISCO
——
Troncal
SEGURIDAD DE PUERTOS:
(NOTA: SOLO PARA PUERTOS DE ACCCESO)
INTER FAST0/1
SW MODE ACCESS
SWITCHPORT PORT-SECURITY
SWITCHPORT PORT-SECURITY MAC-ADDRESS STICKY
SWITCHPORT PORT-SECURITY MAXIMUM 2
SWITCHPORT PORT-SECURITY VIOLATION SHUTDOWN
EXIT
REINICIAR EL PUERTO:
INTER FAST0/1
SHUTDOWN
NO SHUTDOWN
EXIT
——
COMANDOS DE STP:
Ejemplo
MLS1
SPANNING-TREE VLAN 1,10,20,30,40,99,100 Priority 4096
Ejemplo
MLS1
SPANNING-TREE VLAN 1,10,20,30,40,99,100 ROOT PRIMARY
INTER FAST0/10
SPANNING-TREE PORTFAST
SPANNING-TREE BPDUGUARD ENABLE
EXIT
ETHERCHANNEL:
INTERFACE PORTCHANNEL 1
SW MODE TRUNK
SW TRUNK NATIVE VLAN (pone la nativa que USA)
EXIT
---------------------------------------
INTERFACE PORT-CHANNEL 1
SW MODE TRUNK
SW TRUNK NATIVE VLAN 99
EXIT
Ejemplo
PASO 9:
PO1:
ALFA-OMEGA:
INTERFACE PORT-CHANNEL 1
SW MODE TRUNK
EXIT
INTER RANGE FAST0/20-21
CHANNEL-GROUP 1 MODE DESIRABLE
EXIT
-----------------------------------------
PO2:
ALFA-DELTA:
INTERFACE PORT-CHANNEL 2
SW MODE TRUNK
EXIT
--------------------------------------------
PO3
OMEGA - DELTA
OMEGA
INTERFACE PORT-CHANNEL 3
SW MODE TRUNK
EXIT
DELTA
INTERFACE PORT-CHANNEL 3
SW MODE TRUNK
EXIT
VERIFICACION:
SHOW ETHERCHANNEL SUMMARY
Ejemplo
CONFIGURAR ETHERCHANNEL:
PO1: PAGP
MLS1
INTER PORT-CHANNEL 1
SW TRUNK ENCAPSULATION DOT1Q
SW MODE TRUNK
SW TRUNK NATIVE VLAN 99
EXIT
INTER RANGE FAST0/23-24
CHANNEL-GROUP 1 MODE DESIRABLE
EXIT
S3
INTER PORT-CHANNEL 1
SW MODE TRUNK
SW TRUNK NATIVE VLAN 99
EXIT
------------------------------------------------------
PO2: LACP
MLS1
INTER PORT-CHANNEL 2
SW TRUNK ENCAPSULATION DOT1Q
SW MODE TRUNK
SW TRUNK NATIVE VLAN 99
EXIT
S1
INTER PORT-CHANNEL 2
SW MODE TRUNK
SW TRUNK NATIVE VLAN 99
EXIT
——
DHCP
SINTAXIS:
IP DHCP POOL (NOMBRE)
NETWORK (RED) (MASCARA)
DEFAULT-ROUTER (IP GATEWAY)
DNS-SERVER (IP DNS)
EXIT
IP DHCP EXCLUDED-ADDRESS (IP / RANGO DE IPS)
RETRANSMISION DE DHCP:
INTER FAST0/0
IP HELPER-ADDRESS (IP SERVER)
EXIT
CONFIGURAR DHCP:
MLS1
———
VLAN ADMINISTRATIVA
MLS1
VLAN 100
EXIT
------------------------------------------
S1
INTER VLAN 100
IP ADD 192.168.100.2 255.255.255.0
EXIT
IP DEFAULT-GATEWAY 192.168.100.1
S2
INTER VLAN 100
IP ADD 192.168.100.3 255.255.255.0
EXIT
IP DEFAULT-GATEWAY 192.168.100.1
S3
INTER VLAN 100
IP ADD 192.168.100.4 255.255.255.0
EXIT
IP DEFAULT-GATEWAY 192.168.100.1
——
ACL
ACL STANDARD: SOLO FILTRAN POR IP DE ORIGEN (TODO LO QUE VENGA DESDE?)
EJEMPLO1:
ACCESS-LIST 1 PERMIT 192.168.0.0 0.0.0.255
ACCESS-LIST 1 DENY ANY (IMPLICITO)
EJEMPLO2:
ACCESS-LIST 1 DENY 192.168.0.0 0.0.0.255
ACCESS-LIST 1 PERMIT ANY
ACCESS-LIST 1 DENY ANY (IMPLICITO)
EJEMPLO3:
ACCESS-LIST 1 PERMIT 192.168.0.10 0.0.0.0
ACCESS-LIST 1 DENY 192.168.0.0 0.0.0.255
ACCESS-LIST 1 PERMIT ANY
ACCESS-LIST 1 DENY ANY (IMPLICITO)
EJEMPLO4 MALO:
ACCESS-LIST 1 DENY 192.168.0.0 0.0.0.255
ACCESS-LIST 1 PERMIT 192.168.0.10 0.0.0.0
ACCESS-LIST 1 PERMIT ANY
ACCESS-LIST 1 DENY ANY (IMPLICITO)
EJEMPLO:
IP ACCESS-LIST STANDARD JUANA
PERMIT 192.168.0.0 0.0.0.255
DENY ANY (IMPLICITO)
EXIT
EJEMPLO2:
IP ACCESS-LIST STANDARD JUANA
DENY 192.168.0.0 0.0.0.255
PERMIT ANY
DENY ANY (IMPLICITO)
EXIT
-----------------------------------------------------------------------
ACL EXTENDED: FILTRAN POR : IP DE ORIGEN (TODO LO QUE VENGA DESDE?)
IP DE DESTINO (TODO LO QUE VAYA PARA?)
PROTOCOLO (IP, ICMP, TCP/UDP)
PUERTO (80 , 443 , 53 , 25 , 110)
HTTP HTTPS DNS SMTP POP
NUMERADA: RANGO 100-199
SINTAXIS:
ACCESS-LIST # CONDICION PROTOCOLO (ORIGEN WILD) (DESTINO WILD) EQ PUERTO
EJEMPLO:
ACCESS-LIST 100 PERMIT TCP 192.168.0.0 0.0.0.255 ANY EQ 80
ACCESS-LIST 100 DENY IP ANY ANY (IMPLICITO)
EJEMPLO2:
ACCESS-LIST 100 DENY TCP 192.168.0.0 0.0.0.255 ANY EQ 80
ACCESS-LIST 100 PERMIT IP ANY ANY
ACCESS-LIST 100 DENY IP ANY ANY (IMPLICITO)
EJEMPLO3:
ACCESS-LIST 100 PERMIT TCP 192.168.0.10 0.0.0.0 ANY EQ 80
ACCESS-LIST 100 DENY TCP 192.168.0.0 0.0.0.255 ANY EQ 80
ACCESS-LIST 100 PERMIT IP ANY ANY
ACCESS-LIST 100 DENY IP ANY ANY (IMPLICITO)
:():
NOMBRADA:
SINTAXIS:
IP ACCESS-LIST EXTENDED (NOMBRE)
CONDICION PROTOCOLO (ORIGEN WILD) (DESTINO WILD) EQ (PUERTO)
EXIT
EJEMPLO:
IP ACCESS-LIST EXTENDED JUANA2
PERMIT TCP 192.168.0.0 0.0.0.255 ANY EQ 80
DENY IP ANY ANY (IMPLICITO)
EXIT
EJEMPLO2:
IP ACCESS-LIST EXTENDED JUANA2
DENY TCP 192.168.0.0 0.0.0.255 ANY EQ 80
PERMIT IP ANY ANY (IMPLÍCITO)
APLICACION DE LA ACL:
EJEMPLO:
INTER FAST0/0
IP ACCESS-GROUP 1 OUT
EXIT
——
ROUTER OSPF 1
DEFAULT-INFORMATION ORIGINATE
EXIT
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::.
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::
DIRECCIONAMIENTO PUBLICO:
IANA:
RIR: REGISTROS REGIONALES DE INTERNET
ISP: INTERNET SERVICE PROVIDER
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::
TERMINOLOGIA DE NAT:
LOCAL: PRIVADA
GLOBAL: PUBLICA
INTERNA: MI RED
EXTERNA: RED DESTINO
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::
TIPOS DE NAT:
APLICACION:
INTER FAST0/0
IP NAT INSIDE
EXIT
INTER SER0/0/1
IP NAT OUTSIDE
EXIT
PARA VERIFICAR:
DEBUG IP NAT
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
CONFIGURAR RUTA ESTATICA DE VUELTA EN ISP:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
SINTAXIS:
IP NAT POOL (NOMBRE) (1ª UTILIZABLE) (ULT UTILIZABLE) NETMASK (MASCARA)
EJEMPLO:
IP NAT POOL CCNA 209.165.200.241 209.165.200.246 NETMASK 255.255.255.248
-------------------------------------------------------------------------
2 PASO: CONFIGURAR UNA ACL CON LAS PRIVADAS:
STANDAR NUMERADA:
ACCESS-LIST 1 PERMIT 192.168.10.0 0.0.0.255
ACCESS-LIST 1 PERMIT 192.168.11.0 0.0.0.255
STANDAR NOMBRADA:
IP ACCESS-LIST STANDARD NAT
PERMIT 192.168.10.0 0.0.0.255
PERMIT 192.168.11.0 0.0.0.255
EXIT
EXTENDIDA NUMERADA:
ACCESS-LIST 100 PERMIT IP 192.168.10.0 0.0.0.255 ANY
ACCESS-LIST 100 PERMIT IP 192.168.11.0 0.0.0.255 ANY
EXTENDIDA NOMBRADA:
IP ACESS-LIST EXTENDED NAT2
PERMIT IP 192.168.10.0 0.0.0.255 ANY
PERMIT IP 192.168.11.0 0.0.0.255 ANY
EXIT
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
EJEMPLO:
IP NAT INSIDE SOURCE LIST 1 POOL CCNA
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
INTER SER0/0/0
IP NAT INSIDE
EXIT
INTER SER0/0/1
IP NAT OUTSIDE
EXIT
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
R2(BORDE)
INTER SER0/0/0
IP NAT INSIDE
EXIT
INTER SER0/0/1
IP NAT OUTSIDE
EXIT
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
209.165.200.241 .11110001
209.165.200.242 .11110110
209.165.200.243 /29
209.165.200.244 .11110000
209.165.200.245 .240
209.165.200.246
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
BORRAR UN NAT:
INTER SER0/0/0
IP NAT INSIDE
EXIT
INTER SER0/0/1
IP NAT OUTSIDE
EXIT
INTER SER0/0/0
IP NAT INSIDE
EXIT
INTER SER0/0/1
IP NAT OUTSIDE
EXIT
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::.
R1
INTER SER0/0/0
ENCAPSULATION FRAME-RELAY
NO SHUTDOWN
EXIT
------------------------------------------
R2
INTER SER0/0/0
ENCAPSULATION FRAME-RELAY
NO SHUTDOWN
EXIT
------------------------------------------------
R3
INTER SER0/0/0
ENCAPSULATION FRAME-RELAY
NO SHUTDOWN
EXIT