CONFIGURACOES BASICAS

Alterar Nome
conf t
hostname xxx
Senha Console
line console 0
password xxxx
login
Senha Vty
line vty 0 4
password xxxx
login
ou
username xxx password xxx
login local
Banner
banner motd ! Xxxxx !

Senha exec privilegiado

enable secret xxxx
Criptografar senhas
service password-encryption

Habilitar SSH
Router>enable
Router#configure terminal
Router(config)#hostname mick
mick(config)# ip domain-name mick.com (utilizado para o nome da chave rsa)
mick(config)# crypto key generate rsa (cria uma chave de criptografia rsa, escolha a quantidade de bits)
mick(config)# ip ssh time-out xx  (tempo para fechar a sessão caso o usuário fique sem utilizar a conexão)
mick(config)# ip ssh authentication-retries 2  (número máximo de re-tentativas de acesso)
mick(config)# username xxxx priv 15 secret xxxx
mick(config)# line vty 0 4 (entra na configuração de telnet)
mick(config)#login local (utiliza autenticação local)
mick(config-line)# transport input ssh (acesso telnet passa a ser via ssh)
 SWITCHES
Criar Vlans
Vlan ID
name xxxxx
end

Atribuir porta

conf t
interface xxxx ou interface range
switchport mode access
switchport access vlan (id vlan)

Vlan de voz
conf t
vlan 150
name voz
exit
interface xxxx ou interface range
switchport mode access
mls qos trust cos
switchport voice vlan 150

excluir vlan
no vlan id
delete flash:vlan.data ( exclui o arquivo vlan.data)

TRONCO VLAN
conf t
interface xxxx
switchport mode trunk
switchport allowed vlan x,y,z
switchport add vlan x,y,z ( para adicionar vlans)
switchport trunk allowed vlan remove x,y,z ( remover vlans)

colocar IP na interface gerenciamento

interface vlan xxx
ip address x.x.x.x mascara
no shut
ip default-gateway x.x.x.x
alterar vlan nativa

conf t
interface xxxx
switchport mode trunk
switchport trunk native vlan vlan-id

DTP
conf t
switchport mode trunk
switchport mode dynamic auto/desirable

ou
switchport mode trunk
switchport nonegotiate ( sem DTP)
show dtp interface xxx

STP
spanning-tree vlan vlan-id priority priority
spanning-tree vlan vlan-id root {primary | secondary}
Configurando Port-fast
S2(config)# interface range f0/x-y
S2(config-if-range)# switchport mode access
S2(config-if-range)# spanning-tree portfast
S2(config-if-range)# spanning-tree bpduguard enable
SWITCHES
configurar etherchannel
interface range fa 0/1-2
channel-group 1 mode active/passive
exit
interface port-channel 1
switchport mode trunk
switchport trunk allowed vlan x,y,z
Port Channel Layer 3
channel-group 1 mode on
no switchport
interface port-channel 1
no switchport
ip address x.x.x.x mascara
 Router

Subinterface Vlan (dot1.q)

interface g0/0/1.10
description xxxx
encapsulation dot1Q 10
ip address xxx masc
exit

Conf vlan nativa

encapsulation dot1q vlan-id native
Rotas staticas
ip router (colocar a rede + mascara) + endereco de saida do roteador ou interface

configurar OSPF
conf t
router ospf 1
network (rede + mascara invertida + area)
Router Id x.x.x.x
interface g0/0/1 ( ou subinterface)
ip ospf 1 area 0 ( ativer o ospf)

Configurar Rip v1
conf t
router rip
network ( rede)

Configurar Rip v2
router rip
version 2
no auto-sumary
network ( rede)
Configurar NAT estatico

R2(config)# ip nat inside source static 192.168.10.254 209.165.201.5

R2(config)# interface serial 0/1/0
R2(config-if)# ip address 192.168.1.2 255.255.255.252
R2(config-if)# ip nat inside
R2(config-if)# exit
R2(config)# interface serial 0/1/1
R2(config-if)# ip address 209.165.200.1 255.255.255.252
R2(config-if)# ip nat outside

clear ip nat statistics ( limpar as estatísticas)

Configurar NAT dinamico

ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224 ( define pool)

R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255 ( define o endereco a ser traduzido)
R2(config-if)# ip nat inside source list 1 pool NAT-POOL1 ( vincula o endereco ao pool)
R2(config)# interface serial 0/1/0 ( interface INTERNA)
R2(config-if)# ip nat inside
R2(config)# interface serial 0/1/1 ( interface externa)
er

Comando para configurar ipv6

 ipv6 address ipv6-address/prefix-length
ipv6 address link-local ipv6-link-local-address
ipv6 address 2001:DB8:1111:1::/64 eui-64
ipv6 enable ( add link local )
ipv6 address autoconfig

Comandos para configurar ACL Standard

access-list 1 permit /deny host x.x.x.x
access-list 1 permit /deny ( rede + mascara invertida)
obs: usar {1-99 | 1300-1999} para lista standard
access-list 1 permit any ( permite tudo)
access-list 1 deny any (descarta tudo)
Ativar a ACL na interface

R2(config-if)# ip access-group 1 in/out

Configurar ACL nomeada Standard

ip access-list standard name
permit ip + macara invertida
deny + IP + mascara invertida
Ativar a ACL nomeada na interface
R2(config-if)# ip access-group extended ou standard name in/out
Comandos para configurar ACL Extend
ip access-list extended name
deny/permit tcp /udp/ip origem + mascara invertira +(porta) destino +
mascara invertida
 comandos show
mac address table
ip route
vlan
numer
status
switch-port
vlan number
summary
interfaces port-channel
number etherchannnel

show

summary
etherchannel
port-channel

arp
ospf interface number
arp
ip
access-lists
nat translations
nat statistics
nat translation verbose ( mostra tudo)
 comando de verificacao de vlan
show vlan summary
show vlan brief
show id vlan
show vlan name
show interfaces interface-id switchport
show interfaces vlan vlan-id

show ipv6 interface brief

show ip route show ipv6 route connected
show ip interface brief show access-lists
show interfaces
show interfaces trunk

show ip ospf neighbor

show ip ospf database
show ip protocols