Copia de VLSM Networkin 2022
Copia de VLSM Networkin 2022
servidor dn
servidor
sw normal
router multi capaa
pc ssh y ping
idor web
or dns
idor dhcp
ROUTER INALAMBRICO
SVI
swmlc
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all
ssh -l 192.168.130.3
Router on stick
router
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all
ssh -l 192.168.130.3
INT FA 0/2
switchport mode access
switchport access Vlan 50
switchport port -security
multi capa
SW Multicapa
enable
conf terminal
hostname "swmulticapa"
ip routing
interface gi 1/0/1
no switchport
ip add 100.150.200.1 255.255.255.252
exit
interface gi 1/0/10
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 40
exit
interface vlan 10
ip address 192.168.110.1 255.255.255.0
interface vlan 20
ip address 192.168.120.1 255.255.255.0
interface vlan 30
ip address 192.168.130.1 255.255.255.0
interface vlan 40
ip address 192.168.140.1 255.255.255.0
EXIT
VLAN 10
VLAN 20
VLAN 30
VLAN 40
exit
router rip
version 2
network 192.168.110.0
network 192.168.120.0
network 192.168.130.0
network 192.168.140.0
network 100.150.200.0
no auto-summary
exit
int range gi 1/0/2-9
shutdown
int range gi 1/0/11-24
shutdown
int range gi 1/1/1-4
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name LABNET.CL
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
CONF T
hostname "routerderecha"
INT GI 0/0
NO SHU
INT GI 0/0.55
ENCAPSULATION DOT1Q 55
IP ADD 10.10.55.1 255.255.255.0
INT GI 0/0.66
ENCAPSULATION DOT1Q 66
IP ADD 10.10.66.1 255.255.255.0
INT GI 0/0.77
ENCAPSULATION DOT1Q 77
IP ADD 10.10.77.1 255.255.255.0
INT GI 0/0.88
ENCAPSULATION DOT1Q 88 NATIVE
IP ADD 10.10.88.1 255.255.255.0
INT GI 0/1
ip add 200.200.200.1 255.255.255.252
no shu
EXIT
ROUTER RIP
VERSION 2
network 10.10.55.0
network 10.10.66.0
network 10.10.77.0
network 10.10.88.0
network 200.200.200.0
no auto-summary
DO WR
username ARIEL privilege 15 secret INACAP123
ip domain-name INACAP.COM
crypto key generate rsa
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
sw
sw 1
ENA
VLAN DATABASE
VLAN 55 NAME DIRECCION
VLAN 66 NAME RRHH
VLAN 77 NAME ADMINISTRATIVA
VLAN 88 NAME NATIVA
EXIT
CONF T
hostname "sw1"
INT GI 0/1
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/1
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/2
switchport mode trunk
SWitchport Trunk Native Vlan 88
interface vlan 77
ip address 10.10.77.2 255.255.255.0
IP DEFAULT-GATEWAY 10.10.77.1
int range fast 0/3-24, gi 0/2
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
APAGADA
APAGA VARIAS INT
int acceso
PUERTO SEGURO
seleccionar filtrado
dinamico/ por defecto
estatico
persistente
elevado
0
1
2
3
4
5
6
7
8
9
10
11
12
13
ejecutable (enable)
show running-config
show ip interface brief
show ip router
show vlan brief
show running-config
Switch#show vlan
show interfaces trunk
show interfaces switchport
show MAC-ADDRESS-TABLE
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all
ssh -l 192.168.130.3
1/1/2001
,
CONF T
hostname "routerizquierda"
INT GI 0/0
NO SHU
ip add 200.200.200.2 255.255.255.252
INT GI 0/1
ip add 200.200.200.2 255.255.255.252
no shu
EXIT
ROUTER RIP
VERSION 2
network 200.200.200.0
network 172.20.0.0
no auto-summary
DO WR
hostname "sw2"
ENA
VLAN DATABASE
VLAN 55 NAME DIRECCION
VLAN 66 NAME RRHH
VLAN 77 NAME ADMINISTRATIVA
VLAN 88 NAME NATIVA
EXIT
CONF T
hostname "sw2"
INT FA 0/1
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/2
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/3
switchport mode access
switchport access Vlan 55
switchport port-security
switchport port-security maximum 5
d-4v5ro
switchport port-security mac sticky
INT FA 0/4
switchport mode access
switchport access Vlan 66
switchport port-security
switchport port-security maximum 5
switchport port-security violation SHUTD
switchport port-security mac sticky
interface vlan 77
ip address 10.10.77.3 255.255.255.0
IP DEFAULT-GATEWAY 10.10.77.1
exit
int range fast 0/5-24, gi 0/1-2
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
32
32
32
32
32
32
32
32
32
32
32
32
32
confi del pc mac
INT GI 0/0.55
ENCAPSULATION DOT1Q 55
IP ADD 10.10.55.1 255.255.255.0
INT GI 0/0.66
ENCAPSULATION DOT1Q 66
IP ADD 10.10.66.1 255.255.255.0
INT GI 0/0.77
ENCAPSULATION DOT1Q 77
IP ADD 10.10.77.1 255.255.255.0
INT GI 0/0.88
ENCAPSULATION DOT1Q 88 NATIVE
IP ADD 10.10.88.1 255.255.255.0
network 10.10.77.0
network 10.10.88.0
hostname "sw3"
ENA
VLAN DATABASE
VLAN 55 NAME DIRECCION
VLAN 66 NAME RRHH
VLAN 77 NAME ADMINISTRATIVA
VLAN 88 NAME NATIVA
EXIT
CONF T
hostname "sw2"
INT FA 0/1
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/2
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/4
switchport mode access
switchport access Vlan 55
switchport port-security
switchport port-security maximum 5
switchport port-security violation SHUTD
switchport port-security mac sticky
INT FA 0/3
switchport mode access
switchport access Vlan 66
switchport port-security
switchport port-security maximum 5
switchport port-security violation SHUTD
switchport port-security mac sticky
interface vlan 77
ip address 10.10.77.4 255.255.255.0
IP DEFAULT-GATEWAY 10.10.77.1
exit
int range fast 0/5-24, gi 0/1-2
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
mask
31
30
29
28
27
26
25
24
23
22
21
20
19
int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#
int de salida
ip desconocida isp
direccion ip siguente salto
ip desconocida isp
int de salida rirec ip salto
ip desconocida isp
int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#
int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#
se suma
2
4
8
16
32
64
128
1
2
4
8
16
32
ipv4
rutas estaticas
estandar r1 a r2
ip route "red a al que quiero llegar" "mascara" "interface de salida"
ip route 172.168.2.1 255.255.255.255 gi 0/0
ip route 172.168.2.1 255.255.255.255 "ip de destino"
ip route 172.168.2.1 255.255.255.255 182.182.1823.182
ip route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino"
ip route 172.168.2.1 255.255.255.255 gi 0/0 182.182.1823.182
predeterminada r2 a r1
ip route "red a al que quiero llegar" "mascara" "interface de salida"
ip route 0.0.0.0 0.0.0.0 gi 0/1
ip route 0.0.0.0 0.0.0.0 "ip de destino"
ip route 0.0.0.0 0.0.0.0 182.182.1823.182
ip route 0.0.0.0 0.0.0.0 "interface de salida" "ip de destino"
ip route 0.0.0.0 0.0.0.0 gi 0/0 182.182.1823.182
sumarizadas r1 a r2
ip route "red a al que quiero llegar" "mascara" "interface de salida"
ip route 172.168.0.0 255.255.252.0 gi 0/0
ip route 0.0.0.0 0.0.0.0 "ip de destino"
ip route 172.168.0.0 255.255.252.0 182.182.1823.182
ip route 0.0.0.0 0.0.0.0 "interface de salida" "ip de destino"
ip route 172.168.0.0 255.255.252.0 gi 0/0 182.182.1823.182
flotantes r1 a r2
ip route "red a al que quiero llegar" "mascara" "interface de salida" "numero distancia
ip route 172.168.2.1 255.255.255.255 gi 0/0 121
ip route 172.168.2.1 255.255.255.255 "ip de destino" "numero distancia administrativa
ip route 172.168.2.1 255.255.255.255 182.182.1823.182 121
ip route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino" "numero dis
ip route 172.168.2.1 255.255.255.255 gi 0/0 182.182.1823.182 121
int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#
int de salida
ip desconocida isp
direccion ip siguente salto
ip desconocida isp
int de salida rirec ip salto
ip desconocida isp
int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#
int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#
ipv6
rutas estaticas
estandar r1 a r2
ipv6 route "red a al que quiero llegar" "mascara" "interface de salida"
ipv6 route 2002:abcd:café:a::/64 gi 0/0
ipv6 route 172.168.2.1 255.255.255.255 "ip de destino"
ipv6 route 2002:abcd:café:a::/64 2002:1234:acab:1::2
ipv6 route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino"
ipv6 route 2002:abcd:café:a::/64 gi 0/0 2002:1234:acab:1::2
predeterminada r2 a r1
ipv6 route "red a al que quiero llegar" "mascara" "interface de salida"
ipv6 route ::/0 gi 0/0
ipv6 route 172.168.2.1 255.255.255.255 "ip de destino"
ipv6 route ::/0 2002:1234:acab:1::1
ipv6 route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino"
ipv6 route ::/0 gi 0/0 2002:1234:acab:1::1
sumarizadas r1 a r2
ipv6 route "red a al que quiero llegar" "mascara" "interface de salida"
ipv6 route 2002:abcd:café:8::/61 gi 0/0
ipv6 route 172.168.2.1 255.255.255.255 "ip de destino"
ipv6 route 2002:abcd:café:8::/61 2002:1234:acab:1::2
ipv6 route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino"
ipv6 route 2002:abcd:café:8::/61 gi 0/0 2002:1234:acab:1::2
flotantes r1 a r2
ipv6 route "red a al que quiero llegar" "mascara" "interface de salida" "numero distanc
ipv6 route 2002:abcd:café:a::/64 gi 0/0 121
ipv6 route 172.168.2.1 255.255.255.255 "ip de destino" "numero distancia administrati
ipv6 route 2002:abcd:café:a::/64 2002:1234:acab:1::2 121
ipv6 route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino" "numero
ipv6 route 2002:abcd:café:a::/64 gi 0/0 2002:1234:acab:1::2 121
SW CAPA 2
Press RETURN to get started!
Router>ena
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host
Router(config)#hostname RTA
RTA(config)#INT Gi
RTA(config)#INT GigabitEthernet 0/0/0
RTA(config-if)#ip add 172.16.1.1 255.255.255.0
RTA(config-if)#no shut
RTA(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up
RTA(config-if)#do wr
Building configuration...
[OK]
RTA(config-if)#exit
RTA(config)#service pas
RTA(config)#service password-encryption
RTA(config)#security
RTA(config)#security pas
RTA(config)#security passwords min
RTA(config)#security passwords min-length 10
RTA(config)#enable se
RTA(config)#enable secret cisco12345
RTA(config)#no ip d
RTA(config)#no ip domain
RTA(config)#no ip domain-lo
RTA(config)#no ip domain-lookup
RTA(config)#ip doma
RTA(config)#ip domain-na
RTA(config)#ip domain-name netsec.com
RTA(config)#do wr
Building configuration...
[OK]
RTA(config)#
RTA(config)#usrna
RTA(config)#userna
RTA(config)#username admin secret cisco12345
RTA(config)#crypto key generate rsa
The name for the keys will be: RTA.netsec.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
RTA(config)#do wr
*Mar 1 4:31:54.912: %SSH-5-ENABLED: SSH 1.99 has been enabled
Building configuration...
[OK]
RTA(config)#
RTA(config)#login bl
RTA(config)#login block-for 180 att
RTA(config)#login block-for 180 attempts 4 wi
RTA(config)#login block-for 180 attempts 4 within 120
RTA(config)#li
RTA(config)#lin
RTA(config)#line v
RTA(config)#line vty 0
RTA(config)#line vty 0 4
RTA(config-line)#tra
RTA(config-line)#transport impu
RTA(config-line)#transport inp
RTA(config-line)#transport input ssh
RTA(config-line)#login
RTA(config-line)#login lo
RTA(config-line)#login local
RTA(config-line)#exec
RTA(config-line)#exec-timeout 6
RTA(config-line)#
RTA(config-line)#do wr
Building configuration...
[OK]
RTA(config-line)#exit
RTA(config)#copy runn
RTA(config)#copy running
RTA(config)#copy running-config
RTA(config)#copy running-config exit
^
% Invalid input detected at '^' marker.
RTA(config)#do wr
Building configuration...
[OK]
RTA(config)#end
RTA#
%SYS-5-CONFIG_I: Configured from console by console
RTA#cop
RTA#copy runn
RTA#copy running-config start
RTA#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
RTA#do wr
^
% Invalid input detected at '^' marker.
wr
Building configuration...
[OK]
RTA#
Instrucciones
Parte 1: configurar la seguridad básica en el enrutador
una. Configure el direccionamiento IP en PCA según la tabla de direccionamiento.
i. Establezca el nombre de dominio en netsec.com (se distingue entre mayúsculas y minúsculas para la puntuación en PT).
Nota: En Packet Tracer, ingrese el comando crypto key generate rsa y presione Enter para continuar.
Teclas de propósito general. Elegir un módulo de tecla superior a 512 puede llevar
unos minutos.
RTA (config) # bloque de inicio de sesión: para 180 intentos 4 dentro de 120
metro. Configure todas las líneas VTY para el acceso SSH y use los perfiles de usuario locales para la autenticación.
RTA (config) # línea vty 0 4
norte. Establezca el tiempo de espera del modo EXEC en 6 minutos en las líneas VTY.
pags. Acceda al símbolo del sistema en el escritorio de PCA para establecer una conexión SSH a RTA.
C:\> ssh /?
C:\>
Nota: en un conmutador, es una buena práctica de seguridad deshabilitar los puertos no utilizados. Un método para hacer es
<Salida omitida>
El comando usó el rango de puertos de 2 a 24 para los puertos FastEthernet y luego un rango de puerto único de GigabitEthe
i. Establezca el nombre de dominio en netsec.com (se distingue entre mayúsculas y minúsculas para la puntuación en PT).
yo Configure todas las líneas VTY para el acceso SSH y use los perfiles de usuario locales para la autenticación.
metro. Establezca el tiempo de espera del modo EXEC en 6 minutos en todas las líneas VTY.
la autenticación.
de configuración en el enrutador si necesita ayuda adicional.
s. Un método para hacer esto es simplemente apagar cada puerto con el comando "apagar". Esto requeriría acceder a cada puerto individ
puerto único de GigabitEthernet0/2.
utenticación.
Switch>ena
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#host
Switch(config)#hostname
Switch(config)#hostname SW1
SW1(config)#int vlan 1
SW1(config-if)#ip add 172.16.1.2 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
SW1(config-if)#exit
SW1(config)#def
SW1(config)#default
% Incomplete command.
SW1(config)#default-fa
^
% Invalid input detected at '^' marker.
SW1(config)#default-ga
^
% Invalid input detected at '^' marker.
SW1(config)#defaultga
^
% Invalid input detected at '^' marker.
SW1(config)#ip de
SW1(config)#ip default-gateway 172.16.1.1
SW1(config)#INT RANG
SW1(config)#INT RANGe f0/2-24, gi
SW1(config)#INT RANGe f0/2-24, gigabitEthernet 0/2
SW1(config-if-range)#shut
SW1(config)#do wr
*Mar 1 3:5:29.787: %SSH-5-ENABLED: SSH 1.99 has been enabled
Building configuration...
[OK]
SW1(config)#line vty 0 15
SW1(config-line)#transport inp
SW1(config-line)#transport input ssh
SW1(config-line)#login local
SW1(config-line)#exec
SW1(config-line)#exec-timeout 6
SW1(config-line)#exit
SW1(config)#exit
SW1#
%SYS-5-CONFIG_I: Configured from console by console
login block-for 600 attempts 4 within 120
SW1#copy
SW1#copy runn
SW1#copy running-config startu
SW1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
SW1#wr
Building configuration...
[OK]
SW1#
do para hacer esto es simplemente apagar cada puerto con el comando "apagar". Esto requeriría acceder a cada puerto individualmente.
o de GigabitEthernet0/2.
ación en PT).
der a cada puerto individualmente. Existe un método abreviado para realizar modificaciones en varios puertos a la vez utilizando el coman
a la vez utilizando el comando de rango de interfaz. En SW1, todos los puertos excepto FastEthernet0/1 y GigabitEthernet0/1 se pueden a
bitEthernet0/1 se pueden apagar con el siguiente comando:
R1>
R1>ena
R1#
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#area 0 atu
R1(config-router)#area 0 aut
R1(config-router)#area 0 authentication mess
R1(config-router)#area 0 authentication message-digest
R1(config-router)#exit
R1(config)#
04:09:10: %OSPF-5-ADJCHG: Process 1, Nbr 10.2.2.2 on GigabitEthernet0/0/0 from FULL to DOWN, Neighbor Down: Dead tim
04:09:10: %OSPF-5-ADJCHG: Process 1, Nbr 10.2.2.2 on GigabitEthernet0/0/0 from FULL to DOWN, Neighbor Down: Interface
R1(config)#
R1(config)#int g0/0/0
R1(config-if)#ip osp mess
R1(config-if)#ip osp message-digest-key 1 md5 MD5pa55
R1(config-if)#EXIT
R1(config)#
R1(config)#DO WR
Building configuration...
[OK]
R1(config)#DO SHUW OSPF INTE
R1(config)#DO SHUW OSPF INTE
SHUW OSPF INTE
^
% Invalid input detected at '^' marker.
R1(config)#EXIT
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#SHOW OSP
R1#SHOW IP OSPF INTERFACE
^
% Invalid input detected at '^' marker.
R1#SHOW I
R1#SHOW IP ?
access-lists List access lists
arp IP ARP table
bgp BGP information
cache IP fast-switching route cache
cef Cisco Express Forwarding
dhcp Show items in the DHCP database
eigrp IP-EIGRP show commands
inspect CBAC (Context Based Access Control) information
interface IP interface status and configuration
ips IPS (Intrusion Prevention System) information
nat IP NAT information
nbar Network-Based Application Recognition
ospf OSPF information
protocols IP routing protocol process parameters and statistics
rip IP RIP show commands
route IP routing table
ssh Information on SSH
R1#SHOW IP OSPF ?
<1-65535> Process ID number
border-routers Border and Boundary Router Information
database Database summary
interface Interface information
neighbor Neighbor list
virtual-links Virtual link information
<cr>
R1#SHOW IP OSPF INTERFACE
Device
R1
R1
R2
R2
R3
R3
PC-A
PC-B
PC-C
Blank Line, No additional information
Objectives
Background / Scenario
In this activity, you will configure OSPF MD5 authentication for secure routing updates.
Instructions
Part 1: Configure OSPF MD5 Authentication
Step 1: Test connectivity. All devices should be able to ping all other IP addresses.
Step 2: Configure OSPF MD5 authentication for all the routers in area 0.
Configure OSPF MD5 authentication for all the routers in area 0.
R1(config)# router ospf 1
R1(config-router)# area 0 authentication message-digest
Step 3: Configure the MD5 key for all the routers in area 0.
Configure an MD5 key on the GigabitEthernet interfaces on R1, R2 and R3. Use the password MD5pa55 for key 1.
R1(config)# interface g0/0/0
R1(config-if)# ip ospf message-digest-key 1 md5 MD5pa55
Step 4: Verify configurations.
a. Verify the MD5 authentication configurations using the commands show ip ospf interface.
b. Verify end-to-end connectivity.
End of document
ospf normal
R1>ena
R1#
R1#exit
R1>ping 209.165.200.225
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.225, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms
R1>ping 209.165.200.225
R1>sho
R1>show ntp en
R1>show ntp status
^
% Invalid input detected at '^' marker.
R1>show ntp sta
R1>show ntp st
R1>config t
^
% Invalid input detected at '^' marker.
R1>
R1>config t
^
% Invalid input detected at '^' marker.
R1>exit
R1>ena
R1#show ntp st
R1#show ntp status
%NTP is not enabled.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ntp server 209.165.200.225
R1(config)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#sho clo
R1#sho clock det
R1#sho clock detail
13:16:46.23 UTC Sat Oct 12 2019
Time source is NTP
R1#show ntp stat
R1#show ntp status
Clock is synchronized, stratum 2, reference is 209.165.200.225
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is E1222127.00000326 (13:18:31.806 UTC Sat Oct 12 2019)
clock offset is 4.00 msec, root delay is 8.00 msec
root dispersion is 10.20 msec, peer dispersion is 0.48 msec.
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s system poll interval is 6, last update w
R1#show ntp as
R1#show ntp associations
Packe
t
Trace
r-
Confi
gure
and
Verify
NTP
Addres
sing
Table
Subnet
Device Interface IP Address Mask
255.255.2
N1 NIC 209,165,200,225 55.0
255.255.2
R1 G0/0/0 209,165,200,226 55.0
255.255.2
R2 G0/0/0 209,165,200,227 55.0
Objecti
ves
In this
activity,
you will
configure
NTP on
R1 and
R2 to
allow time
synchroni
zation.
Backgr
ound /
Scenari
o
require
synchroni
zed time,
this lab
will focus
on
correlating
events
that are
listed in
the
system
log and
other
time-
specific
events
from
multiple
network
devices.
NTP uses
the User
Datagram
Protocol
(UDP) as
its
transport
protocol.
All NTP
communic
ations use
Coordinat
ed
Universal
Time
(UTC).
server
usually
receives
its time
from an
authoritati
ve time
source,
such as
an atomic
clock
attached
to a time
server.
The NTP
server
then
distributes
this time
across the
network.
NTP is
extremely
efficient.
No more
than one
packet per
minute is
necessary
to
synchroni
ze two
devices to
within a
millisecon
d of each
other.
Instruc
tions
Part 1:
NTP
Server
a. Server
N1 is
already
configured
as the
NTP
Server for
this
topology.
Verify its
configurati
on
under Ser
vices > N
TP.
b. From
R1, ping
N1
(209.165.
200.225)
to verify
connectivi
ty. The
ping
should be
successful
.
c. Repea
t the ping
to N1 from
R2 to
verify
connectivi
ty to N1.
Part 2:
Configu
re the
NTP
Clients
Cisco
devices
can be
configured
to refer to
an NTP
server to
use to
synchroni
ze their
clocks. It
is
important
to keep
time
consistent
among all
devices.
Configure
R1 and
R2 as
NTP
clients so
their
clocks are
synchroni
zed. Both
R1 and
R2 will
use N1
server as
their NTP
server.
a. Check
the
current
NTP and
clock
settings
as shown
below:
R1# sho
w ntp
status
%NTP is
not
enabled.
R1# sho
w clock
detail
*0:1:53.
745 UTC
Mon Mar
1 1993
Time
source
is
hardware
calendar
b. Config
ure R1
and R2 as
NTP
Clients.
Use
the ntp
server co
mmand to
specify an
NTP
server, as
shown
below:
R1# con
f t
R1(conf
ig)# nt
p
server
209.165
.200.22
5
c. Repea
t this
configurati
on on R2.
Part 3:
Verify
NTP
settings
a. Check
the clocks
on R1 and
R2 again
to verify
that they
are
synchroni
zed:
R1# sho
w clock
detail
12:7:18
.451
UTC Sat
Oct 12
2019
Time
source
is NTP
Note:
When
working
on
physical
routers,
allow a
few
minutes
before R1
and R2
clocks are
synchroni
zed. With
Packet
Tracer
you can
use the
Fast
Forward
Time
button to
speed up
synchroni
zation.
Execute
the same
command
on R2.
Question:
Are the
clocks
synchroni
zed?
b. Check
the NTP
status and
NTP
associatio
ns by
using the
following
command
s to verify
NTP
operation
and
configurati
on.
R1# sho
w ntp
status
Clock is
synchron
ized,
stratum
2,
referenc
e is
209.165.
200.225
<Output
omitted>
R1# sho
w ntp
associa
tions
address
ref
clock st
when
poll
reach
delay
offset
disp
*~209.16
5.200.22
5127.127
.1.1 1
11 32
377 9.00
4.00
0.24
*
sys.peer
, #
selected
, +
candidat
e, -
outlyer,
x
falsetic
ker, ~
configur
ed
oll interval is 6, last update was 20 sec ago.
032909 StartFragment:0000000127 EndFragment:0000032891
C:\>ssh -l SSHuser 10.0.1.2
#logging 10.0.1.254
R1(config)#logging 10.0.1.254
R1#
%SYS-5-CONFIG_I: Configured from console by console
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.0.1.254 port 514 started - CLI initiated
ntp server
service timestamps log datetimemsec
Step 2: Configure a
named list AAA
authentication method for
the vty lines on R1.
Configure a named list
called SSH-LOGIN to
authenticate logins using local
AAA.
t:0000000127 EndFragment:0000013529
reiniciar encende apagar control + pausa
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all
ssh -l 192.168.130.3
Router# configure terminal
Router(config)# hostname R1
R1(config)# ip domain name inacap
R1(config)# crypto key generate rsa general-keys modulus 1024
R1(config)# username inacap secret inacap
NTP
R1(config)# ntp master
R1(config)# ntp server x.x.x.x
Syslog
R1(config)# logging 192.168.1.1
R1(config)#
R1(config)# logging trap facility informational
SSH
R1# show ip ssh
R1# configure terminal
R1(config)# interface g0/0/0
R1(config-if)# shutdown
R1(config-if)# exit
R1(config)# service timestamps log datetime
R1(config)# interface g0/0/0
R1(config-if)# no shutdown
R1(config-if)#
ntp
R1# show clock detail
R1(config)# ntp server 192.168.1.1
R1(config)# end
R1# show clock detail
AAA
R1(config)# username inacap algorithm-type scrypt secret inacap
R1(config)# username inacap algorithm-type scrypt secret inacap
R1(config)# aaa new-model
R1(config)# aaa authentication login default grup radius local enable
R1(config)# line vty 0 4
R1(config-line)# login authentication defaut
SNMP
snmp-server comunity x.x.x.x
rommon 1 confreg 0x2142
rommon 2 reset
al-keys modulus 1024
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all
ssh -l 192.168.130.3
Router on stick
router
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all
ssh -l 192.168.130.3
VLAN 10 GERENCIA 192.168.110.0/24
VLAN 20 CONTABILIDAD 192.168.120.0/24
VLAN 30 ADMINISTRATIVA 192.168.130.0/24
VLAN 40 NATIVA 192.168.140.0/24
INT FA 0/20
SHUTDONW
INT DE ACCESO
INT RANGE FAST 0/5-20,23
SHUTDONW
INT FA 0/2
switchport mode access
switchport access Vlan 50
switchport port -security
enable
conf terminal
hostname "swmulticapa"
ip routing
interface gi 1/0/1
no switchport
ip add 100.150.200.1 255.255.255.252
exit
interface gi 1/0/10
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 40
exit
CONF T
hostname "swmulticapa"
INT GI 0/0
NO SHU
INT GI 0/0.50
ENCAPSULATION DOT1Q 50
IP ADD 172.16.50.1 255.255.255.0
INT GI 0/0.60
ENCAPSULATION DOT1Q 60
IP ADD 172.16.60.1 255.255.255.0
INT GI 0/0.70
ENCAPSULATION DOT1Q 70
IP ADD 172.16.70.1 255.255.255.0
INT GI 0/0.80
ENCAPSULATION DOT1Q 80 NATIVE
IP ADD 172.16.80.1 255.255.255.0
INT GI 0/1
ip add 100.150.200.2 255.255.255.252
no shu
EXIT
ROUTER RIP
VERSION 2
network 172.16.50.200
network 172.16.50.0
network 172.16.60.0
network 172.16.70.0
network 172.16.80.0
no auto-summary
DO WR
username ARIEL privilege 15 secret INACAP123
ip domain-name INACAP.COM
crypto key generate rsa
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
sw
sw 1
ENA
VLAN DATABASE
VLAN 10 NAME GERENCIA
VLAN 20 NAME CONTABILIDAD
VLAN 30 NAME ADMINISTRATIVA
VLAN 40 NAME NATIVA
EXIT
CONF T
hostname "sw1"
INT GI 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/2
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
interface vlan 30
ip address 192.168.130.2 255.255.255.0
IP DEFAULT-GATEWAY 192.168.130.1
int range fast 0/3-24, gi 0/2
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
APAGADA
PUERTO SEGURO
seleccionar filtrado
dinamico/ por defecto
estatico
persistente
elevado
0
1
2
3
4
5
6
7
8
9
10
11
12
13
ejecutable (enable)
show running-config
show ip interface brief
show ip router
show vlan brief
show running-config
Switch#show vlan
show interfaces trunk
show interfaces switchport
show MAC-ADDRESS-TABLE
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all
ssh -l 192.168.130.3
1/1/2001
hostname "sw2"
ENA
VLAN DATABASE
VLAN 10 NAME GERENCIA
VLAN 20 NAME CONTABILIDAD
VLAN 30 NAME ADMINISTRATIVA
VLAN 40 NAME NATIVA
EXIT
CONF T
hostname "sw2"
INT FA 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/2
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/10
switchport mode access
switchport access Vlan 10
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky
INT FA 0/11
switchport mode access
switchport access Vlan 20
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky
interface vlan 30
ip address 192.168.130.3 255.255.255.0
IP DEFAULT-GATEWAY 192.168.130.1
exit
int range fast 0/3-9, gi 0/1-2
shutdown
int range fast 0/12-24
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
32
32
32
32
32
32
32
32
32
32
32
32
32
confi del pc mac
hostname "sw3"
ENA
VLAN DATABASE
VLAN 10 NAME GERENCIA
VLAN 20 NAME CONTABILIDAD
VLAN 30 NAME ADMINISTRATIVA
VLAN 40 NAME NATIVA
EXIT
CONF T
hostname "sw3"
INT FA 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/2
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/3
switchport mode access
switchport access Vlan 10
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky
INT FA 0/4
switchport mode access
switchport access Vlan 20
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky
interface vlan 30
ip address 192.168.130.4 255.255.255.0
IP DEFAULT-GATEWAY 192.168.130.1
exit
int range fast 0/5-24, gi 0/1-2
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
mask
31
30
29
28
27
26
25
24
23
22
21
20
19
se suma
2
4
8
16
32
64
128
1
2
4
8
16
32
ENA
VLAN DATABASE
VLAN 10 NAME DATOS
VLAN 20 NAME VCO
VLAN 30 NAME TOIP
VLAN 40 NAME MGNT_WIFI
VLAN 50 NAME CCTV
VLAN 70 NAME WIFI_BRAFI
VLAN 80 NAME WAN
VLAN 90 NAME MGNT_SW
EXIT
CONF T
hostname "sw1"
INT GI 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/2
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
interface vlan 30
ip address 192.168.130.2 255.255.255.0
IP DEFAULT-GATEWAY 192.168.130.1
int range fast 0/3-24, gi 0/2
shutdown
do wr
exit
username admin privilege 15 secret admin
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret admin
SW CAPA 2
grupo2(config-if)#exit
grupo2(config)#username admin privilege 15 secret admin
grupo2(config)#ip domain-name INACAP.ORG
grupo2(config)#crypto key generate RSA
The name for the keys will be: grupo2.INACAP.ORG
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
grupo2#show runn
grupo2#show running-config
Building configuration...
portable...
rom console by consoler
11 2024
n 11 2024
i6/vXxH/tFTaX7RCJ.0
grupo2>ena
grupo2#show runn
grupo2#show running-config
Building configuration...
0,50,70,80,90
SW Multicapa
enable
conf terminal
hostname "swmulticapa"
ip routing
interface gi 1/0/1
no switchport
ip add 100.150.200.1 255.255.255.252
exit
interface gi 1/0/10
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 40
exit
interface vlan 10
ip address 192.168.110.1 255.255.255.0
interface vlan 20
ip address 192.168.120.1 255.255.255.0
interface vlan 30
ip address 192.168.130.1 255.255.255.0
interface vlan 40
ip address 192.168.140.1 255.255.255.0
EXIT
VLAN 10
VLAN 20
VLAN 30
VLAN 40
exit
router rip
version 2
network 192.168.110.0
network 192.168.120.0
network 192.168.130.0
network 192.168.140.0
network 100.150.200.0
no auto-summary
exit
int range gi 1/0/2-9
shutdown
int range gi 1/0/11-24
shutdown
int range gi 1/1/1-4
shutdown
do wr
exit
R2#sh run
Building configuration...
Current configuration : 1734 bytes
!
! Last configuration change at 22:32:17 UTC Fri Nov 17 2023
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
memory-size iomem 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
cts logging verbose
!
!
license udi pid CISCO2901/K9 sn FJC2016A2F7
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ***** HACIA ROUTER 1 *****
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description ***** HACIA ROUTER 2 *****
ip address 192.168.24.1 255.255.255.0
duplex auto
speed auto
!
!
router bgp 200
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback1
neighbor 4.4.4.4 remote-as 400
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 1.1.1.1 255.255.255.255 192.168.12.1
ip route 4.4.4.4 255.255.255.255 192.168.24.2
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
Router#show running-config
Router#show running-config
Building configuration...
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
cts logging verbose
!
!
license udi pid CISCO2901/K9 sn FJC2016A2FR
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.17.0.2 255.255.255.0
duplex auto
speed auto
!
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 172.17.0.0 0.0.0.255 area 0
!
router bgp 100
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 ebgp-multihop 2
neighbor 2.2.2.2 update-source Loopback1
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 2.2.2.2 255.255.255.255 192.168.12.2
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
Router
ejecutable (enable)
show running-config
show ip interface brief
show ip router
show vlan brief
show running-config
Switch#show vlan
show interfaces trunk
show interfaces switchport
show MAC-ADDRESS-TABLE
show ip interfaces bief
para eliminar un comando se niega
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all
ssh -l 192.168.130.3
R2#sh run
Building configuration...
Current configuration : 1734 bytes
!
! Last configuration change at 22:32:17 UTC Fri Nov 17 2023
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
memory-size iomem 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
cts logging verbose
!
!
license udi pid CISCO2901/K9 sn FJC2016A2F7
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ***** HACIA ROUTER 1 *****
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description ***** HACIA ROUTER 2 *****
ip address 192.168.24.1 255.255.255.0
duplex auto
speed auto
!
!
router bgp 200
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback1
neighbor 4.4.4.4 remote-as 400
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 1.1.1.1 255.255.255.255 192.168.12.1
ip route 4.4.4.4 255.255.255.255 192.168.24.2
!
!
!
!
router ospf 1
router-id 10.10.10.10
network 10.10.10.10 0.0.0.0 area 0
network 172.16.100.10 0.0.0.0 area 0
network 172.16.102.10 0.0.0.0 area 0
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
CONF T
hostname "routerderecha"
INT GI 0/0
NO SHU
INT GI 0/0.55
ENCAPSULATION DOT1Q 55
IP ADD 10.10.55.1 255.255.255.0
INT GI 0/0.66
ENCAPSULATION DOT1Q 66
IP ADD 10.10.66.1 255.255.255.0
INT GI 0/0.77
ENCAPSULATION DOT1Q 77
IP ADD 10.10.77.1 255.255.255.0
INT GI 0/0.88
ENCAPSULATION DOT1Q 88 NATIVE
IP ADD 10.10.88.1 255.255.255.0
INT GI 0/1
ip add 200.200.200.1 255.255.255.252
no shu
EXIT
ROUTER RIP
VERSION 2
network 10.10.55.0
network 10.10.66.0
network 10.10.77.0
network 10.10.88.0
network 200.200.200.0
no auto-summary
DO WR
username ARIEL privilege 15 secret INACAP123
ip domain-name INACAP.COM
crypto key generate rsa
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
router3MPLS_LER#show running-config
Building configuration...
enable
config t
router ospf 10
PARA BORRAR
WRITE ERASE
RELOAD
ip domain-name INACAP.COM
config t
line vty 0 4
transport input telnet
login local
exit
username admin privilege 15 password cisco
do wr
servvice pass-encry
secret encryp ta
banner noll
ip de red+wildcast
r1(config-if)#do sh runn
Building configuration...
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
cts logging verbose
!
!
license udi pid CISCO2901/K9 sn FJC2016A2FR
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 172.1.0.1 255.255.255.0
ip summary-address eigrp 10 172.1.0.0 255.255.252.0
!
interface Loopback2
ip address 172.1.1.1 255.255.255.0
ip summary-address eigrp 10 172.1.0.0 255.255.252.0
!
interface Loopback3
ip address 172.1.2.1 255.255.254.0
para sacar contraseña
administrador de dispositivo
pc en linea
IP A INTERFACES
ADM.
CREAR DOMINIO
CONTRASEÑA DE LA CONSOLA
CREAR USUARIO
MIRAR RELOJ
cambiar hora
LO HACE MASTER
opcional
administrador de SNMP
Agentes SNMP (nodo gestionado)
Base de información de gestión (MIB)
guardar confi
servidor NETACD
servidor NETACAD
aaa local
6
SSH para asegurar la comunicación
AAA para proporcionar autenticación y
autorización
local
rommon 1
rommon 2
WRITE ERASE
borrar la configuracion
router
enable
erase startup-config
reload
WRITE ERASE
ssh -l usuario 192.168.130.3
C:\>SSH -L CISCOARIEL 192.168.1.1
desde puty en puerto com serial
se busca el puerto enadministrador de dispositivos.
ROUTER
Router# configure terminal
Router(config)# hostname ROUTER PRUEBA
ROUTERPRUEBA(config)#BANner MOTD "NO INGRESAR, SOLO PERSONAL AUTORIZADO"
ROUTERPRUEBA(config)#INT G0/0/0
ROUTERPRUEBA(config-if)#IP ADD 192.168.1.1 255.255.255.0
ROUTERPRUEBA(config-if)#NO SHUtdown
ROUTERPRUEBA(config)#INTerface VLAN1
ROUTERPRUEBA(config-if)#IP ADD 192.168.1.100 255.255.255.0
ROUTERPRUEBA(config-if)#NO SHUtdown
ROUTERPRUEBA(config)#IP DOMAIN-NAme INACAP.CL
ROUTERPRUEBA(config)#SERVice PASSword-encryption
ROUTERPRUEBA(config)#SECURIty PASswords min-length 5
ROUTERPRUEBA(config)#LINE CONsole 0
ROUTERPRUEBA(config-line)#PASsword CISCOCONSOLA
ROUTERPRUEBA(config-line)#PLOGIN
ROUTERPRUEBAconfig)#LINE VTY 0 15
ROUTERPRUEBA(config-line)#transport input all
ROUTERPRUEBA(config-line)#login local
ntp
ROUTERPRUEBA#SHOW CLOCK DETAIL
ROUTERPRUEBA#CLOck set 16:00:00 oct 2 2022
ROUTERPRUEBA(config)#NTP MASTER
Syslog
R1(config)# logging 192.168.1.1
R1(config)# logging trap facility informational
R1(config)# logging trap informational
R1(config)# logging source-interface lo0
R1(config)# logging on
R1(config)# service timestamps log datetime
tacacs aaa
R1(config)# aaa new-model
R1(config)#
R1(config)# tacacs server Server-T
R1(config-server-tacacs)# address ipv4 192.168.1.101
R1(config-server-tacacs)# single-connection
R1(config-server-tacacs)# key TACACS-Pa55w0rd
R1(config-server-tacacs)# exit
R1(config)#
R1(config)# aaa authentication login default group tacacs+ group radius local-case
R1(config)# aaa new-model
Por ejemplo, un administrador podría aplicar un inicio de sesión especial para SSH y luego tener el método de inicio
aaa local
Descripción
Utiliza la contraseña de activación para la autenticación.
Utiliza la base de datos de nombres de usuario local para la autenticación.
Utiliza autenticación de nombre de usuario local que distingue entre mayúsculas y minúsculas.
No utiliza autenticación.
Utiliza la lista de todos los servidores RADIUS para la autenticación.
Utiliza la lista de todos los servidores TACACS+ para la autenticación.
Utiliza un subconjunto de servidores RADIUS o TACACS+ para la autenticación según lo define el comando aaa grou
administrador de dispositivos
confreg 0x2142
reset
ADM.
CREAR DOMINIO
CONTRASEÑA DE LA CONSOLA
CREAR USUARIO
NTP
opcional
guardar confi
AAA
el método de inicio de sesión predeterminado para la consola de línea, como se muestra en el ejemplo.
comando aaa group server radius o aaa group server tacacs+.
Conectar el cable de consola (cable azul) al puerto de consola del switch.
Por medio de un emulador de terminal (Hyperterminal) verificar que la contraseña conocida no permita el acceso a
Apagar el switch.
Encender el switch y dejar presionado el botón “Mode”.
Soltar el botón cuando el puerto 1x se apague.
En el emulador de terminal deberá aparecer:
n
https://www.solvetic.com/tutoriales/article/303-como-recuperar-el-password-en-los-switches-cisco-catalyst/
SW
Router# configure terminal
Router(config)# hostname XXX
ROUTERPRUEBA(config)#BANner MOTD "NO INGRESAR, SOLO PERSONAL AUTORIZADO"
SWPRUEBA(config)#INTerface VLAN1
SWPRUEBA(config-if)#IP ADD 192.168.1.10 255.255.255.0
SWPRUEBA(config-if)#NO SHUtdown
SWPRUEBA(config)#IP DOMAIN-NAme INACAP.CL
SWPRUEBA(config)#SERVice PASSword-encryption
SWPRUEBA(config)#LINE CONsole 0
SWPRUEBA(config-line)#PASSword CISCOCONSOLA
SWPRUEBA(config-line)#LOGIN
SWPRUEBA(config)#LINE VTY 0 15
SWPRUEBA(config-line)#transport input all
SWPRUEBA(config-line)#login local
Syslog
R1(config)# logging 192.168.1.1
R1(config)# logging trap facility informational
R1(config)# logging trap informational
R1(config)# logging source-interface lo0
R1(config)# logging on
R1(config)# service timestamps log datetime
SNMP
snmp-server comunity x.x.x.x
R1(config)# end
R1#
R1(config)# aaa new-model
SWPRUEBA(config)#aaa authentication login grup-radius local
estra en el ejemplo.
permita el acceso a lashow running-config
show ip interface brief
show ip router
show vlan brief
show running-config
Switch#show vlan
show interfaces trunk
show interfaces switchport
show MAC-ADDRESS-TABLE
cisco-catalyst/
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all
ssh -l 192.168.130.3
switch:
switch:
switch:
switch: co
switch:
switch:
switch:
switch: sh ?
? -- Present list of available commands
boot -- Load and boot an executable image
cat -- Concatenate (type) file(s)
copy -- Copy a file
delete -- Delete file(s)
dir -- List files in directories
flash_init -- Initialize flash filesystem(s)
format -- Format a filesystem
fsck -- Check filesystem consistency
help -- Present list of available commands
memory -- Present memory heap utilization information
mkdir -- Create dir(s)
more -- Concatenate (display) file(s)
ping -- Send ICMP ECHO_REQUEST packets to a network host
switch:
switch: flash_init
Unknown cmd: fh_init
switch: flash_init
Initializing Flash...
mifs[9]: 630 files, 20 directories
mifs[9]: Total bytes : 122185728
mifs[9]: Bytes used : 23488000
mifs[9]: Bytes available : 98697728
mifs[9]: mifs fsck took 28 seconds.
...done Initializing Flash.
switch:
switch:
switch:
switch: dir
bs[1]: (read-only)
flash[9]: (read-write)
xmodem[10]: (read-only)
null[11]: (read-write)
tftp[12]: (read-only)
switch: ?
? -- Present list of available commands
boot -- Load and boot an executable image
cat -- Concatenate (type) file(s)
copy -- Copy a file
delete -- Delete file(s)
dir -- List files in directories
flash_init -- Initialize flash filesystem(s)
format -- Format a filesystem
fsck -- Check filesystem consistency
help -- Present list of available commands
memory -- Present memory heap utilization information
mkdir -- Create dir(s)
more -- Concatenate (display) file(s)
ping -- Send ICMP ECHO_REQUEST packets to a network host
rename -- Rename a file
reset -- Reset the system
rmdir -- Delete empty dir(s)
set -- Set or display environment variables
sleep -- Pause (sleep) for a specified number of seconds
type -- Concatenate (type) file(s)
unset -- Unset one or more environment variables
-- MORE --
version -- Display boot loader version
switch:
switch:
Directory of flash:/
switch:
switch:
switch:
switch: ?
? -- Present list of available commands
boot -- Load and boot an executable image
cat -- Concatenate (type) file(s)
copy -- Copy a file
delete -- Delete file(s)
dir -- List files in directories
flash_init -- Initialize flash filesystem(s)
format -- Format a filesystem
fsck -- Check filesystem consistency
help -- Present list of available commands
memory -- Present memory heap utilization information
mkdir -- Create dir(s)
more -- Concatenate (display) file(s)
ping -- Send ICMP ECHO_REQUEST packets to a network host
rename -- Rename a file
reset -- Reset the system
rmdir -- Delete empty dir(s)
set -- Set or display environment variables
sleep -- Pause (sleep) for a specified number of seconds
type -- Concatenate (type) file(s)
unset -- Unset one or more environment variables
-- MORE --
version -- Display boot loader version
switch:
switch: del
switch:
switch:
switch: bo
extendida nombrada
int g0/0/0
ip access-group contreras-permitir in
ip access-group contreras-denegar out
int g0/0/0
ip add 192.168.100.2 255.255.255.0
no shut
Puerto TCP
1✔
5✔
7✔
9✔
11 ✔
13 ✔
17 ✔
18 ✔
19 ✔
20 ✔
21 ✔
22 ✔
23 ✔
25 ✔
37 ✔
39 ✔
42 ✔
43 ✔
49 ✔
50 ✔
53 ✔
67
68
69
70 ✔
71 ✔
79 ✔
80 ✔
81 ✔
82
88 ✔
101 ✔
102 ✔
105 ✔
107 ✔
109 ✔
110 ✔
111 ✔
113
115 ✔
117 ✔
119 ✔
123
137 ✔
138 ✔
139 ✔
143 ✔
161
162 ✔
177 ✔
179 ✔
194 ✔
199 ✔
201 ✔
209 ✔
210 ✔
213 ✔
220 ✔
369 ✔
370 ✔
389 ✔
427 ✔
443 ✔
444 ✔
445 ✔
464 ✔
500
512 ✔
512
513 ✔
513
514 ✔
514
515 ✔
517
518
520 ✔
520
521
525
530 ✔
531 ✔
532 ✔
533
540 ✔
543 ✔
544 ✔
546 ✔
547 ✔
548 ✔
554 ✔
556 ✔
563 ✔
587 ✔
631 ✔
631 ✔
636 ✔
674 ✔
694 ✔
749 ✔
750
873 ✔
992 ✔
993 ✔
995 ✔
Registered ports
Puerto TCP
1080 ✔
1433 ✔
1434 ✔
1494 ✔
1512 ✔
1524 ✔
1701
1719
1720 ✔
1812 ✔
1813 ✔
1985
2008 ✔
2010
2049 ✔
2102 ✔
2103 ✔
2104 ✔
2401 ✔
2809 ✔
3306 ✔
4321 ✔
5999 ✔
6000 ✔
11371 ✔
13720 ✔
13721 ✔
13724 ✔
13782 ✔
13783 ✔
22273 ✔
23399
25565 ✔
26000 ✔
27017
33434 ✔
no
UDP
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
UDP
✔
✔
✔
✔
✔
✔
✔
R1(config)# access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
rate-limit Simple rate-limit specific access list
template Enable IP template acls
R1(config)# access-list
extendida nombrada
R1(config)# ip access-list extended FTP-FILTER
R1(config-ext-nacl)# permit tcp 192.168.10.0 0.0.0.255 any eq ftp
R1(config-ext-nacl)# permit tcp 192.168.10.0 0.0.0.255 any eq ftp-data
R1(config-ext-nacl)#
extendida
R1(config)# access-list 120 permit tcp any 192.168.10.0 0.0.0.255 established
estandar
R1(config)# access-list 10 permit 192.168.10.10 0.0.0.0
R1(config)# access-list 11 permit 0.0.0.0 255.255.255.255
R1(config)#
standar nombrada
R1(config)# ip access-list standard NO-ACCESS
R1(config-std-nacl)# ?
Standard Access List configuration commands:
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
R1(config-std-nacl)#
Descripci
Nombre ón
tcpmux Multiplex
or TCP
rje Entrada
de tarea
remota
(remote
job entry)
echo Protocolo
Echo
discard Protocolo
Discard
(evaluaci
ón de
conexion
es)
systat Informaci
ón del
sistema
(enumera
los
puertos
conectad
os)
daytime Protocolo
Daytime:
indica
fecha y
hora
qotd Envía la
cita del
día
(quote of
the day)
msp Protocolo
de envío
de
mensajes
chargen Protocolo
Chargen:
envía
una
cadena
infinita de
caractere
s
ftp-data Transmis
ión de
datos
FTP
ftp Conexión
FTP
ssh Servicio
Secure
Shell
telnet Servicio
Telnet
smtp Simple
Mail
Transfer
Protocol
time Protocolo
de
tiempo
legible de
forma
mecaniza
da
rlp Protocolo
de envío
de
recursos
(Resourc
e
Location
Protocol)
nameserver Servicio
de
nombres
nicname Servicio
de
directorio
WHOIS
tacacs Terminal
Access
Controlle
r Access
Control
System
re-mail-ck Protocolo
de
verificaci
ón de
correo
remoto
(Remote
Mail
Checking
)
domain Resoluci
ón de
nombres
por DNS
bootps Protocolo
Bootstrap
(servidor)
bootpc Protocolo
Bootstrap
(cliente)
tftp Protocolo
Trivial de
Transfere
ncia de
Ficheros
(Trivial
File
Transfer
Protocol)
gopher Búsqued
a de
documen
tos
genius Protocolo
Genius
finger Proporcio
na
informaci
ón de
contacto
de
usuarios
http Protocolo
de
Transfere
ncia de
HiperTex
to
(Hyperte
xt
Transfer
Protocol)
Torpark:
Onion-
Routing
(no
oficial)
Torpark:
Control
(no
oficial)
kerberos Sistema
de
autentica
ción de
red
hostname Servicios
de
nombres
de host
(NIC
Host
Name)
Iso-tsap Protocolo
ISO-
TSAP
csnet-ns Servidor
de correo
rtelnet Telnet
remoto
pop2 Post
Office
Protocol
v2 para
comunica
ción de
correo
electrónic
o
pop3 Post
Office
Protocol
v3 para
comunica
ción de
correo
electrónic
o
sunrpc Protocolo
RPC
para NFS
auth (Antiguo)
servicio
de
autentica
ción
sftp Protocolo
de
transfere
ncia de
archivos
seguros
o Simple
File
Transfer
Protocol
(versión
simplifica
da de
FTP)
uucp-path Transmis
ión de
datos
entre
sistemas
Unix
nntp Transmis
ión se
noticias
en
Newsgro
ups
ntp Protocolo
de
sincroniz
ación de
tiempo
netbios-ns NETBIO
S
Servicio
de
nombres
netbios-dgm NETBIO
S
Servicio
de envío
de
datagram
as
netbios-ssn NETBIO
S
Servicio
de
sesiones
imap Internet
Message
Access
Protocol
para
comunica
ción de
correo
electrónic
o
snmp Simple
Network
Manage
ment
Protocol
snmptrap Simple
Network
Manage
ment
Protocol
Trap
xdmcp X Display
Manager
bgp Border
Gateway
Protocol
irc Internet
Relay
Chat
smux SNMP
UNIX
Multiplex
er
at-rtmp Enrutami
ento
AppleTal
k
qmtp Quick
Mail
Transfer
Protocol
z39.50 Sistema
de
informaci
ón
bibliográfi
co
ipx Internetw
ork
Packet
Exchang
e
imap3 IMAP v3
para
comunica
ción de
correo
electrónic
o
rpc2portmap Coda
Filesyste
m
Portmap
per
codaauth2 Servicio
Coda
Filesyste
m
Authentic
ation
ldap Lightweig
ht
Directory
Access
Protocol
svrloc Service
Location
Protocol
https HTTPS
(HTTP a
través de
SSL/TLS
)
snpp Simple
Network
Paging
Protocol
microsoft-ds SMB a
través de
TCP/IP
kpasswd Modificac
ión de
contrase
ña para
Kerberos
isakmp Protocolo
de
segurida
d
exec Remote
Process
Executio
n
comsat/biff Mail
Client y
Mail
Server
login Inicio de
sesión en
ordenado
r remoto
who Whod
User
Logging
Daemon
shell Remote
Shell
syslog Servicio
Unix
System
Logging
printer Servicios
de
impresió
n Line
Printer
Daemon
talk Talk
Remote
Calling
ntalk Network
Talk
efs Extended
Filename
Server
router Routing
Informati
on
Protocol
ripng Routing
Informati
on
Protocol
para IPv6
timed Servidor
de
tiempo
courier Courier
Remote
Procedur
e Call
conference Chat a
través de
AIM y
IRC
netnews Servicio
Netnews
Newsgro
up
netwall Broadcas
t de
emergen
cia
uucp Unix-to-
Unix
Copy
Protocol
klogin Kerberos
v5
Remote
Login
kshell Kerberos
v5
Remote
Shell
dhcpv6-client DHCP v6
Client
dhcpv6-server DHCP v6
Server
afpovertcp Apple
Filing
Protocol
a través
de TCP
rtsp Control
de
streams
remotefs Remote
Filesyste
m
nntps NNTP a
través de
SSL/TLS
submission Message
Submissi
on Agent
ipp Internet
Printing
Protocol
Common
Unix
Printing
System
(no
oficial)
ldaps LDAP a
través de
SSL/TLS
acap Applicati
on
Configur
ation
Access
Protocol
ha-cluster Servicio
Heartbea
t
kerberos-adm Kerberos
v5
Administr
ation
kerberos-iv Servicios
Kerberos
v4
rsync Servicios
de
transmisi
ón de
datos
rsync
telnets Telnet a
través de
SSL/TLS
imaps IMAP a
través de
SSL/TLS
pop3s POP3 a
través de
SSL/TLS
Descripci
Nombre ón
socks SOCKS
Proxy
ms-sql-s Microsoft
SQL
Server
ms-sql-m Microsoft
SQL
Monitor
ica Citrix ICA
Client
wins Windows
Internet
Name
Service
ingreslock Ingres
DBMS
l2tp Layer 2
Tunnelin
g
Protocol/
Layer 2
Forwardi
ng
h323gatestat H.323
h323hostcall H.323
radius Autentica
ción
RADIUS
radius-acct Acceso
RADIUS
hsrp Cisco
HSRP
Teamspe
ak 3
Accounti
ng (no
oficial)
Teamspe
ak 3
Weblist
(no
oficial)
nfs Network
File
System
zephyr-srv Zephyr
Server
zephyr-clt Zephyr
Client
zephyr-hm Zephyr
Host
Manager
cvspserver Concurre
nt
Versions
System
corbaloc Common
Object
Request
Broker
Architect
ure
mysql Servicio
de bases
de datos
MySQL
(también
para
MariaDB)
rwhois Remote
Whois
Service
cvsup CVSup
X11 Servicios
X
Windows
System
pgpkeyserver Keyserve
r público
para
PGP
bprd Symante
c/Veritas
NetBack
up
bpdbm Symante
c/Veritas
Database
Manager
vnetd Symante
c/Veritas
Network
Utility
bpcd Symante
c/Veritas
NetBack
up
vopied Symante
c/Veritas
VOPIE
wnn6 Conversi
ón
Kana/Ka
nji
Skype
(no
oficial)
Minecraft
quake Quake y
otros
juegos
multijuga
dor
MongoD
B
traceroute Seguimie
nto de
red
Parámetro Descripción
Este es el número decimal de la
ACL.
operador
Algunos operadores
incluyen lt (menor que), gt (mayor
que), eq (igual) y neq (distinto).
establecido
crear acl
R1# conf t
R1(config)# crypto isakmp key cisco12345 address 172.30.2.2
R1(config)#
Configure la política ISAKMP con prioridad 1 usando los siguientes parámetros SA:
Hachís es SHA
La autenticación se comparte previamente
El Grupo Diffie-Hellman tiene 24 años
La vida útil es de 3600 segundos.
El cifrado es AES con una clave de 256 bits
Encryption Algorithm
Hash Algorithm
Authentication Method
Key Exchange
IKE SA Lifetime
ISAKMP Key
R1 R3
Manual or ISAKMP ISAKMP ISAKMP
DES, 3DES,
or AES AES 256 AES 256
MD5 or SHA-1 SHA-1 SHA-1
Pre-shared
keys or RSA pre-share pre-share
DH Group 1, 2, or 5 DH 5 DH 5
86400 seconds or
less 86400 86400
vpnpa55 vpnpa55
· Contraseña para línea de consola: ciscoconpa55
· OSPF101
-----------------------------------------
(para entrar en router R1)
User Access Verification
Password:ciscoconpa55
R1>ena
Password: ciscoenpa55
R1#
----------------
COMANDO PARA VER LA LICENCIA
R1#show version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 14:19 by pt_team
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO1941/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FTX152400KS
2 Gigabit Ethernet interfaces
2 Low-speed serial(sync/async) network interface(s)
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
249856K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO1941/K9 FTX1524F8G8
----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
-----------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security disable None None
data disable None None
-----------------------------------------------
R1(config-isakmp)# group 5
R1(config-isakmp)# exit
---------------------------
COMANDO PARA VER LAS COBFIGURACION HECHAS EN EL ROUTER
R1(config)# do sh run
-------------------------------------------------
PASO 5///FASE 2
COMANDO PARA
R1(config)#crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac
---------------------------------------------------
R1(config)# crypto map VPN-MAP 10 ipsec-isakmp
R1(config-crypto-map)# exit
-----------------------------------------
PASO 6--COMANDO PARA APLICAR CONFI A INTERF
R1(config)#interface s0/0/0
R1(config-if)#CRypto map VPN-MAP
--------------------
COMANDO PARA VER CRYPTO IPSEC
access-list OUTSIDE-INSIDE extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq www
access-list OUTSIDE-INSIDE extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq 443
access-list OUTSIDE-INSIDE extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq www
access-list OUTSIDE-INSIDE extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 443
access-list OUTSIDE-INSIDE extended permit icmp ANY any
access-list OUTSIDE-INSIDE extended permit IP 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list OUTSIDE-INSIDE extended permit IP 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
cts logging verbose
!
!
license udi pid CISCO2901/K9 sn FJC2016A2FR
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.17.0.2 255.255.255.0
duplex auto
speed auto
!
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 172.17.0.0 0.0.0.255 area 0
!
router bgp 100
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 ebgp-multihop 2
neighbor 2.2.2.2 update-source Loopback1
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 2.2.2.2 255.255.255.255 192.168.12.2
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
Router
PARA FIREWALL
PARA ENLACES
crear vlan
activarlas
ospf
loopback administracion
disponibles
ruta estatica
ntp
AAA
SW Multicapa
enable
conf terminal
hostname "swmulticapa"
ip routing
interface (interfaz de fibra GLS)
no switchport
ip add xxxxx. xxxxx
exit
interface (interfaz de fibra GLS)
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk Allowed vlan 10,20,30
exit
interface vlan 10
ip address xxxx xxxx
interface vlan 20
ip address xxxx xxxx
interface vlan 30
ip address xxxx xxxx
VLAN 10
VLAN 20
VLAN 30
VLAN 40
router ospf 100
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network XXXX XXXX area 0
interface Loopback1
ip address XXXX XXXX
exit
int range gi 1/0/1-15
no shutdown
switchport access Vlan 10
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky
sd wan en fortinet
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/1cfb712e-
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/313888/con
hments/1cfb712e-72a5-11ee-a142-fa163e15d75b/SD-WAN-7.2-Deployment_Guide_for_MSSPs
guide/313888/configuration-examples
ment_Guide_for_MSSPs.pdf