Scribd Logo
Upload

Welcome to Scribd!

  • Configuracion Laboratorio Aulacerti

    Uploaded by

    Ing Edward Joves
    2 views4 pages
    configuracion

    Original Title

    configuracion laboratorio aulacerti

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    configuracion

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views4 pages

    Configuracion Laboratorio Aulacerti

    Uploaded by

    Ing Edward Joves
    configuracion

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    CONFIGURACION DE IP INTERFACES Y RUTAS POR DEFECTO.

    --------------------------------------------------------------------

    &&&&&&&&&&&&& Configuracion ip R5 &&&&&&&&&&&&&&&&


    enable
    conf t
    INTerface GIgabitEthernet 3/0
    ip address 191.0.0.2 255.255.255.252
    no shutdown
    INTerface GIgabitEthernet 5/0
    ip address 190.0.0.1 255.255.255.252
    no shutdown

    &&&&&&&&&&&&& Configuracion ip R2 &&&&&&&&&&&&&&&&


    enable
    conf t
    interface gigabitEthernet 3/0
    ip address 191.0.0.1 255.255.255.252
    no shutdown
    interface fastEthernet 0/0
    ip address 192.168.40.1 255.255.255.0
    no shutdown
    ip route 0.0.0.0 0.0.0.0 191.0.0.2

    &&&&&&&&&&&&&& configurar ip R1 &&&&&&&&&&&&&&&&&&&&


    enable
    conf t
    interface GigabitEthernet3/0.10
    description Default Gateway for VLAN 10
    encapsulation dot1Q 10
    ip add 192.168.10.1 255.255.255.0
    no shutdown
    exit
    interface GigabitEthernet3/0.20
    description Default Gateway for VLAN 20
    encapsulation dot1Q 20
    ip add 192.168.20.1 255.255.255.0
    no shutdown
    exit
    interface GigabitEthernet3/0.99
    description Default Gateway for VLAN 99
    encapsulation dot1Q 99
    ip add 192.168.99.1 255.255.255.0
    no shutdown
    interface gigabitEthernet 3/0
    no shutdown
    interface gigabitEthernet 5/0
    ip address 190.0.0.2 255.255.255.252
    no shutdown
    ip route 0.0.0.0 0.0.0.0 190.0.0.1

    &&&&&&&&& swtch: crear vlans &&&&&&&&&&&&&&


    enable
    configure terminal
    vlan 10
    name INVITADOS
    vlan 20
    name VENTAS
    exit
    vlan 99
    name nativa

    &&&&&&&&&&&&&&&&&&&&&&& switch: poner ip a las vlan &&&&&&&&&&&&&&&&&&


    enable
    conf t
    interface Vlan 10
    ip address 192.168.10.2 255.255.255.0
    !
    interface Vlan 20
    ip address 192.168.20.2 255.255.255.0
    !
    interface Vlan 99
    ip address 192.168.99.2 255.255.255.0
    !
    !
    &&&&&&&&& switch: configurar puertos de acceso a las vlans &&&&&&&&&&&&&&
    enable
    configure terminal
    interface GigabitEthernet0/0
    switchport mode access
    switchport access vlan 10
    no shutdown
    interface GigabitEthernet0/1
    switchport mode access
    switchport access vlan 20
    no shutdown
    interface GigabitEthernet0/2
    switchport mode access
    switchport access vlan 10
    no shutdown
    exit

    &&&&&&&&& switch: configurar vlan troncal del sw &&&&&&&&&&&&&&


    conf t
    interface GigabitEthernet3/0
    switchport trunk encapsulation dot1q
    switchport mode trunk
    switchport trunk native vlan 99
    switchport trunk allowed vlan all
    no shutdown

    &&&&&&&&&&&&&&&&& configuracion ip PC1 Y PC2 y PC6 &&&&&&&&&&&&&&&&&&&


    PC1
    -----
    ip 192.168.10.50/24 192.168.10.1
    save
    sh
    PC2
    -----
    ip 192.168.20.50/24 192.168.20.1
    save
    sh
    PC6
    -----
    ip 192.168.40.50/24 192.168.40.1
    save
    sh
    $$$$$$$$$$$$$$$$$$$$$$ vpn $$$$$$$$$$$$$$$$$$$$$$$$$$$
    fase 1
    ________________________________________________________
    R1:
    ________________________________
    enable
    conf t
    crypto isakmp policy 1
    authentication pre-share
    encryption aes 256
    hash sha
    group 5
    lifetime 21600
    crypto isakmp key 0 santiago address 191.0.0.1
    _____________________________________________
    R2:
    __________________________________________
    enable
    conf t
    crypto isakmp policy 1
    authentication pre-share
    encryption aes 256
    hash sha
    group 5
    lifetime 21600
    crypto isakmp key 0 santiago address 190.0.0.2

    FASE 2
    _________________________________________________________________
    R1:
    ______________________________________________
    enable
    conf t
    ip access-list extended TRAFFIC-TO-R2
    permit ip 192.168.10.0 0.0.0.255 192.168.40.0 0.0.0.255
    permit ip 192.168.20.0 0.0.0.255 192.168.40.0 0.0.0.255
    crypto ipsec transform-set TSET-TO-R2 esp-sha-hmac esp-aes 256
    crypto map CMAP 1 ipsec-isakmp
    match address TRAFFIC-TO-R2
    set transform-set TSET-TO-R2
    set peer 191.0.0.1
    exit
    interface g5/0
    crypto map CMAP

    ____________________________________________________
    R2:
    ________________________________________________

    ip access-list extended TRAFFIC-TO-R1


    permit ip 192.168.40.0 0.0.0.255 192.168.10.0 0.0.0.255
    permit ip 192.168.40.0 0.0.0.255 192.168.20.0 0.0.0.255
    crypto ipsec transform-set TSET-TO-R1 esp-sha-hmac esp-aes 256
    crypto map CMAP 1 ipsec-isakmp
    match address TRAFFIC-TO-R1
    set transform-set TSET-TO-R1
    set peer 190.0.0.2
    exit
    interface g3/0
    crypto map CMAP

    &&&&&&&&&&&&&& COMANDO COMPROBAR LA VPN &&&&&&&&&&&&&&&&&&&&&&&&&&&


    show crypto sess
    show crypto ipsec sa

    ___________________ MONITOREO __________________________________________

    &&&&&&&&&&&&&&&&&& syslog router cisco &&&&&&&&&&&&&&&&&&&&6


    enable
    conf t
    logging on
    logging host 192.168.10.2

    Cambiar hora para generar logs:


    r1# clock set 16:44:00 23 jan 2024
    r1# show clock

    $$$$$$$$$$$$$$$$$ snmp v2 $$$$$$$$$$$$$$$$$$$$$$$$$$$$


    enable
    conf t
    ip access-list standard SNMP-SERVER
    permit host 192.168.10.2
    snmp-server community CCNA ro SNMP-SERVER
    snmp-server enable trap

    &&&&&&&&&&&& ping con carga router cisco &&&&&&&&&&&&&&&&&&


    ping 190.0.0.2 source 191.0.0.1 size 4000 repeat 1000

    ping 191.0.0.1 source 190.0.0.2 size 1000 repeat 1000


    $$$$$$$$$$$$$$$$$$ vm gns3 toolkit $$$$$$$$$$$$$$$$$$$$$$$$
    nano /etc/network/interfaces
    tail -f /var/log/syslog

    You might also like