0% found this document useful (0 votes)

34 views504 pages

Copia de VLSM Networkin 2022

Uploaded by

Ariel Contreras

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

34 views504 pages

Copia de VLSM Networkin 2022

Uploaded by

Ariel Contreras

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

You are on page 1/ 504

servidor w

servidor dn
servidor
sw normal
router multi capaa
pc ssh y ping
idor web
or dns
idor dhcp
ROUTER INALAMBRICO
SVI
swmlc

interface GIG 1/0/1

switchport mode trunk
switchport trunk encapsulation dot1q
exit
interface vlan 10
ip address 192.168.10.0 255.255.255.0
interface vlan 20
ip address 192.168.20.0 255.255.255.0
interface vlan 101
ip address 192.168.1.0 255.255.255.0

VLAN 10 GERENCIA 192.168.110.0/24

VLAN 20 CONTABILIDAD 192.168.120.0/24
VLAN 30 ADMINISTRATIVA 192.168.130.0/24
VLAN 40 NATIVA 192.168.140.0/24

VLAN 50 DIRECCION 172.16.50.0/24

VLAN 60 RRHH 172.16.60.0/24
VLAN 70 ADMINISTRATIVA 172.16.70.0/24
VLAN 80 NATIVA 172.16.80.0/24
show running-config
show ip interface brief
show ip router
show vlan brief
show running-config
Switch#show vlan
show interfaces trunk
show interfaces switchport
show MAC-ADDRESS-TABLE

para eliminar un comando se niega

borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all

ssh -l 192.168.130.3
Router on stick
router

Interface giga 0/0

no shutdown
interface giga 0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
exit
interface giga 0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
interface giga 0/0.101
exit
encapsulation dot1Q 101
ip address 192.168.1.3 255.255.255.0
exit

- Interfaces activas deben ser seguras

- interfaces que no se utilizan deben estar apagadas
- Solo debe aprender 5 direcciones MAC address por interfaz.
- Si hay intrusion por un puerto los paquetes deben descartarse
-Enrutamiento a traves de RIP
VLAN 55 DIRECCION 10.10.55.0/24
VLAN 66 RRHH 10.10.66.0/24
VLAN 77 ADMINISTRATIVA 10.10.77.0/24
VLAN 88 NATIVA 10.10.88.0/24
show running-config
show ip interface brief
show ip router
show vlan brief
show running-config
Switch#show vlan
show interfaces trunk
show interfaces switchport
show MAC-ADDRESS-TABLE

para eliminar un comando se niega

borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all

ssh -l 192.168.130.3

- Interfaces activas deben ser seguras

- interfaces que no se utilizan deben estar apagadas
- Solo debe aprender 5 direcciones MAC address por interfaz.
- Si hay intrusion por un puerto los paquetes deben descartarse
-Enrutamiento a traves de RIP
VLAN 55 DIRECCION 10.10.55.0/24
VLAN 66 RRHH 10.10.66.0/24
VLAN 77 ADMINISTRATIVA 10.10.77.0/24
VLAN 88 NATIVA 10.10.88.0/24
INT FA 0/20
SHUTDONW
INT DE ACCESO
INT RANGE FAST 0/5-20,23
SHUTDONW

INT FA 0/2
switchport mode access
switchport access Vlan 50
switchport port -security

switchport port -security mac-address "mac"

switchport port -security maximun "numero de mac"

switchport port -security mac-address sticky
host
1
2
4
8
16
32
64
128
256
512
1024
2048
4096
8192
delete flash:vlan.dat

multi capa
SW Multicapa

sw
sw 1

ENA
VLAN DATABASE
VLAN 55 NAME DIRECCION
VLAN 66 NAME RRHH
VLAN 77 NAME ADMINISTRATIVA
VLAN 88 NAME NATIVA
EXIT
CONF T
hostname "sw1"
INT GI 0/1
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/1
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/2
switchport mode trunk
SWitchport Trunk Native Vlan 88
interface vlan 77
ip address 10.10.77.2 255.255.255.0
IP DEFAULT-GATEWAY 10.10.77.1
int range fast 0/3-24, gi 0/2
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123

APAGADA
APAGA VARIAS INT

int acceso

PUERTO SEGURO
seleccionar filtrado
dinamico/ por defecto

estatico

persistente
elevado
0
1
2
3
4
5
6
7
8
9
10
11
12
13
ejecutable (enable)

show running-config
show ip interface brief
show ip router
show vlan brief
show running-config
Switch#show vlan
show interfaces trunk
show interfaces switchport
show MAC-ADDRESS-TABLE

para eliminar un comando se niega

borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all

ssh -l 192.168.130.3
1/1/2001

,
CONF T
hostname "routerizquierda"
INT GI 0/0
NO SHU
ip add 200.200.200.2 255.255.255.252
INT GI 0/1
ip add 200.200.200.2 255.255.255.252
no shu
EXIT
ROUTER RIP
VERSION 2
network 200.200.200.0
network 172.20.0.0
no auto-summary
DO WR
hostname "sw2"

ENA
VLAN DATABASE
VLAN 55 NAME DIRECCION
VLAN 66 NAME RRHH
VLAN 77 NAME ADMINISTRATIVA
VLAN 88 NAME NATIVA
EXIT
CONF T
hostname "sw2"
INT FA 0/1
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/2
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/3
switchport mode access
switchport access Vlan 55
switchport port-security
switchport port-security maximum 5
d-4v5ro
switchport port-security mac sticky
INT FA 0/4
switchport mode access
switchport access Vlan 66
switchport port-security
switchport port-security maximum 5
switchport port-security violation SHUTD
switchport port-security mac sticky
interface vlan 77
ip address 10.10.77.3 255.255.255.0
IP DEFAULT-GATEWAY 10.10.77.1
exit
int range fast 0/5-24, gi 0/1-2
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
32
32
32
32
32
32
32
32
32
32
32
32
32
confi del pc mac
INT GI 0/0.55
ENCAPSULATION DOT1Q 55
IP ADD 10.10.55.1 255.255.255.0
INT GI 0/0.66
ENCAPSULATION DOT1Q 66
IP ADD 10.10.66.1 255.255.255.0
INT GI 0/0.77
ENCAPSULATION DOT1Q 77
IP ADD 10.10.77.1 255.255.255.0
INT GI 0/0.88
ENCAPSULATION DOT1Q 88 NATIVE
IP ADD 10.10.88.1 255.255.255.0

network 10.10.77.0
network 10.10.88.0
hostname "sw3"

ENA
VLAN DATABASE
VLAN 55 NAME DIRECCION
VLAN 66 NAME RRHH
VLAN 77 NAME ADMINISTRATIVA
VLAN 88 NAME NATIVA
EXIT
CONF T
hostname "sw2"
INT FA 0/1
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/2
switchport mode trunk
SWitchport Trunk Native Vlan 88
INT FA 0/4
switchport mode access
switchport access Vlan 55
switchport port-security
switchport port-security maximum 5
switchport port-security violation SHUTD
switchport port-security mac sticky
INT FA 0/3
switchport mode access
switchport access Vlan 66
switchport port-security
switchport port-security maximum 5
switchport port-security violation SHUTD
switchport port-security mac sticky
interface vlan 77
ip address 10.10.77.4 255.255.255.0
IP DEFAULT-GATEWAY 10.10.77.1
exit
int range fast 0/5-24, gi 0/1-2
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
mask

31
30
29
28
27
26
25
24
23
22
21
20
19
int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#

int de salida
ip desconocida isp
direccion ip siguente salto
ip desconocida isp
int de salida rirec ip salto
ip desconocida isp

int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#

int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#
se suma

2
4
8
16
32
64
128
1
2
4
8
16
32
ipv4
rutas estaticas
estandar r1 a r2
ip route "red a al que quiero llegar" "mascara" "interface de salida"
ip route 172.168.2.1 255.255.255.255 gi 0/0
ip route 172.168.2.1 255.255.255.255 "ip de destino"
ip route 172.168.2.1 255.255.255.255 182.182.1823.182
ip route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino"
ip route 172.168.2.1 255.255.255.255 gi 0/0 182.182.1823.182

predeterminada r2 a r1
ip route "red a al que quiero llegar" "mascara" "interface de salida"
ip route 0.0.0.0 0.0.0.0 gi 0/1
ip route 0.0.0.0 0.0.0.0 "ip de destino"
ip route 0.0.0.0 0.0.0.0 182.182.1823.182
ip route 0.0.0.0 0.0.0.0 "interface de salida" "ip de destino"
ip route 0.0.0.0 0.0.0.0 gi 0/0 182.182.1823.182

sumarizadas r1 a r2
ip route "red a al que quiero llegar" "mascara" "interface de salida"
ip route 172.168.0.0 255.255.252.0 gi 0/0
ip route 0.0.0.0 0.0.0.0 "ip de destino"
ip route 172.168.0.0 255.255.252.0 182.182.1823.182
ip route 0.0.0.0 0.0.0.0 "interface de salida" "ip de destino"
ip route 172.168.0.0 255.255.252.0 gi 0/0 182.182.1823.182

flotantes r1 a r2
ip route "red a al que quiero llegar" "mascara" "interface de salida" "numero distancia
ip route 172.168.2.1 255.255.255.255 gi 0/0 121
ip route 172.168.2.1 255.255.255.255 "ip de destino" "numero distancia administrativa
ip route 172.168.2.1 255.255.255.255 182.182.1823.182 121
ip route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino" "numero dis
ip route 172.168.2.1 255.255.255.255 gi 0/0 182.182.1823.182 121
int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#

int de salida
ip desconocida isp
direccion ip siguente salto
ip desconocida isp
int de salida rirec ip salto
ip desconocida isp

int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#

int de salida
#
direccion ip siguente salto
#
int de salida rirec ip salto
#
ipv6
rutas estaticas
estandar r1 a r2
ipv6 route "red a al que quiero llegar" "mascara" "interface de salida"
ipv6 route 2002:abcd:café:a::/64 gi 0/0
ipv6 route 172.168.2.1 255.255.255.255 "ip de destino"
ipv6 route 2002:abcd:café:a::/64 2002:1234:acab:1::2
ipv6 route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino"
ipv6 route 2002:abcd:café:a::/64 gi 0/0 2002:1234:acab:1::2

predeterminada r2 a r1
ipv6 route "red a al que quiero llegar" "mascara" "interface de salida"
ipv6 route ::/0 gi 0/0
ipv6 route 172.168.2.1 255.255.255.255 "ip de destino"
ipv6 route ::/0 2002:1234:acab:1::1
ipv6 route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino"
ipv6 route ::/0 gi 0/0 2002:1234:acab:1::1

sumarizadas r1 a r2
ipv6 route "red a al que quiero llegar" "mascara" "interface de salida"
ipv6 route 2002:abcd:café:8::/61 gi 0/0
ipv6 route 172.168.2.1 255.255.255.255 "ip de destino"
ipv6 route 2002:abcd:café:8::/61 2002:1234:acab:1::2
ipv6 route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino"
ipv6 route 2002:abcd:café:8::/61 gi 0/0 2002:1234:acab:1::2

flotantes r1 a r2
ipv6 route "red a al que quiero llegar" "mascara" "interface de salida" "numero distanc
ipv6 route 2002:abcd:café:a::/64 gi 0/0 121
ipv6 route 172.168.2.1 255.255.255.255 "ip de destino" "numero distancia administrati
ipv6 route 2002:abcd:café:a::/64 2002:1234:acab:1::2 121
ipv6 route 172.168.2.1 255.255.255.255 "interface de salida" "ip de destino" "numero
ipv6 route 2002:abcd:café:a::/64 gi 0/0 2002:1234:acab:1::2 121

SW CAPA 2
Press RETURN to get started!

Router>ena
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host
Router(config)#hostname RTA
RTA(config)#INT Gi
RTA(config)#INT GigabitEthernet 0/0/0
RTA(config-if)#ip add 172.16.1.1 255.255.255.0
RTA(config-if)#no shut

RTA(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up

RTA(config-if)#do wr
Building configuration...
[OK]
RTA(config-if)#exit
RTA(config)#service pas
RTA(config)#service password-encryption
RTA(config)#security
RTA(config)#security pas
RTA(config)#security passwords min
RTA(config)#security passwords min-length 10
RTA(config)#enable se
RTA(config)#enable secret cisco12345
RTA(config)#no ip d

RTA(config)#no ip domain
RTA(config)#no ip domain-lo
RTA(config)#no ip domain-lookup
RTA(config)#ip doma
RTA(config)#ip domain-na
RTA(config)#ip domain-name netsec.com
RTA(config)#do wr
Building configuration...
[OK]
RTA(config)#
RTA(config)#usrna
RTA(config)#userna
RTA(config)#username admin secret cisco12345
RTA(config)#crypto key generate rsa
The name for the keys will be: RTA.netsec.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

RTA(config)#do wr
*Mar 1 4:31:54.912: %SSH-5-ENABLED: SSH 1.99 has been enabled
Building configuration...
[OK]
RTA(config)#
RTA(config)#login bl
RTA(config)#login block-for 180 att
RTA(config)#login block-for 180 attempts 4 wi
RTA(config)#login block-for 180 attempts 4 within 120
RTA(config)#li
RTA(config)#lin
RTA(config)#line v
RTA(config)#line vty 0
RTA(config)#line vty 0 4
RTA(config-line)#tra
RTA(config-line)#transport impu
RTA(config-line)#transport inp
RTA(config-line)#transport input ssh
RTA(config-line)#login
RTA(config-line)#login lo
RTA(config-line)#login local
RTA(config-line)#exec
RTA(config-line)#exec-timeout 6
RTA(config-line)#
RTA(config-line)#do wr
Building configuration...
[OK]
RTA(config-line)#exit
RTA(config)#copy runn
RTA(config)#copy running
RTA(config)#copy running-config
RTA(config)#copy running-config exit
^
% Invalid input detected at '^' marker.
RTA(config)#do wr
Building configuration...
[OK]
RTA(config)#end
RTA#
%SYS-5-CONFIG_I: Configured from console by console

RTA#cop
RTA#copy runn
RTA#copy running-config start
RTA#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
RTA#do wr
^
% Invalid input detected at '^' marker.
wr
Building configuration...
[OK]
RTA#

la primera vez por ssh

Guión
El administrador de red le ha pedido que prepare RTA y SW1 para la implementación. Antes de que puedan conectarse a la re

Instrucciones
Parte 1: configurar la seguridad básica en el enrutador
una. Configure el direccionamiento IP en PCA según la tabla de direccionamiento.

b. Consola en RTA desde la Terminal en PCA.

C. Configure el nombre de host como RTA.

d. Configure el direccionamiento IP en RTA y habilite la interfaz.

mi. Cifre todas las contraseñas de texto sin formato.

Cifrado de contraseña de servicio RTA (config) #

F. Establezca la longitud mínima de la contraseña en 10.

RTA (config) # contraseñas de seguridad min-length 10

gramo. Establezca una contraseña secreta segura de su elección.

Nota: Elija una contraseña que recordará, o deberá restablecer la actividad si no puede acceder al dispositivo.

H. Deshabilite la búsqueda de DNS.

RTA (config) # sin búsqueda de dominio ip

i. Establezca el nombre de dominio en netsec.com (se distingue entre mayúsculas y minúsculas para la puntuación en PT).

RTA (config) # ip nombre de dominio netsec.com

j. Cree un usuario de su elección con una contraseña cifrada segura.

RTA (config) # nombre de usuario cualquier_usuario secreto cualquier_contraseña

k. Genere claves RSA de 1024 bits.

Nota: En Packet Tracer, ingrese el comando crypto key generate rsa y presione Enter para continuar.

RTA (config) # clave criptográfica generar rsa

El nombre de las claves será: RTA.netsec.com

Elija el tamaño del módulo clave en el rango de 360 a 2048 para su

Teclas de propósito general. Elegir un módulo de tecla superior a 512 puede llevar

unos minutos.

Cuántos bits en el módulo [512]: 1024

Bloquee a cualquier persona durante tres minutos que no pueda iniciar sesión después de cuatro intentos en un período de d

RTA (config) # bloque de inicio de sesión: para 180 intentos 4 dentro de 120

metro. Configure todas las líneas VTY para el acceso SSH y use los perfiles de usuario locales para la autenticación.
RTA (config) # línea vty 0 4

RTA (línea de configuración) # entrada de transporte ssh

RTA (línea de configuración) # inicio de sesión local

norte. Establezca el tiempo de espera del modo EXEC en 6 minutos en las líneas VTY.

RTA (línea de configuración) # exec-tiempo de espera 6

o Guarde la configuración en NVRAM.

pags. Acceda al símbolo del sistema en el escritorio de PCA para establecer una conexión SSH a RTA.

C:\> ssh /?

Packet Tracer PC SSH

Uso: SSH -l destino de nombre de usuario

C:\>

Parte 2: configurar la seguridad básica en el conmutador

Configure el interruptor SW1 con las medidas de seguridad correspondientes. Consulte los pasos de configuración en el enrut

una. Consola en SW1 desde la Terminal en PCA.

b. Configure el nombre de host como SW1.

C. Configure el direccionamiento IP en SW1 VLAN1 y habilite la interfaz.

d. Configure la dirección de la puerta de enlace predeterminada.

mi. Deshabilite todos los puertos de conmutador no utilizados.

Nota: en un conmutador, es una buena práctica de seguridad deshabilitar los puertos no utilizados. Un método para hacer es

SW1 (config) # rango de interfaz F0/2-24, G0/2

SW1 (config-if-range) # apagado

%LINK-5-CAMBIADO: interfaz FastEthernet0/2, cambió el estado a administrativamente inactivo

%LINK-5-CAMBIADO: interfaz FastEthernet0/3, cambió el estado a administrativamente inactivo

%LINK-5-CAMBIADO: interfaz FastEthernet0/24, cambió el estado a administrativamente inactivo

%LINK-5-CHANGED: interfaz GigabitEthernet0/2, cambió el estado a administrativamente inactivo

El comando usó el rango de puertos de 2 a 24 para los puertos FastEthernet y luego un rango de puerto único de GigabitEthe

F. Cifre todas las contraseñas de texto sin formato.

gramo. Establezca una contraseña secreta segura de su elección.

H. Deshabilite la búsqueda de DNS.

i. Establezca el nombre de dominio en netsec.com (se distingue entre mayúsculas y minúsculas para la puntuación en PT).

j. Cree un usuario de su elección con una contraseña cifrada segura.

k. Genere claves RSA de 1024 bits.

yo Configure todas las líneas VTY para el acceso SSH y use los perfiles de usuario locales para la autenticación.

metro. Establezca el tiempo de espera del modo EXEC en 6 minutos en todas las líneas VTY.

norte. Guarde la configuración en NVRAM.

ue puedan conectarse a la red, se deben habilitar las medidas de seguridad.
dispositivo.

ara la puntuación en PT).

intentos en un período de dos minutos.

la autenticación.
de configuración en el enrutador si necesita ayuda adicional.

s. Un método para hacer esto es simplemente apagar cada puerto con el comando "apagar". Esto requeriría acceder a cada puerto individ
puerto único de GigabitEthernet0/2.

ara la puntuación en PT).

utenticación.
Switch>ena
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#host
Switch(config)#hostname
Switch(config)#hostname SW1
SW1(config)#int vlan 1
SW1(config-if)#ip add 172.16.1.2 255.255.255.0
SW1(config-if)#no shut

SW1(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

SW1(config-if)#exit
SW1(config)#def
SW1(config)#default
% Incomplete command.
SW1(config)#default-fa
^
% Invalid input detected at '^' marker.
SW1(config)#default-ga
^
% Invalid input detected at '^' marker.
SW1(config)#defaultga
^
% Invalid input detected at '^' marker.
SW1(config)#ip de
SW1(config)#ip default-gateway 172.16.1.1
SW1(config)#INT RANG
SW1(config)#INT RANGe f0/2-24, gi
SW1(config)#INT RANGe f0/2-24, gigabitEthernet 0/2
SW1(config-if-range)#shut

%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/7, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/9, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/16, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/21, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/23, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administratively down

%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down

SW1(config-if-range)#
SW1(config-if-range)#do wr
Building configuration...
[OK]
SW1(config-if-range)#exit
SW1(config)#serv
SW1(config)#service pass
SW1(config)#service password-encryption
SW1(config)#ena
SW1(config)#enable a
SW1(config)#enable s
SW1(config)#enable secret cisco12345
SW1(config)#
SW1(config)#no ip
SW1(config)#no ip do
SW1(config)#no ip dom
SW1(config)#no ip doma
SW1(config)#no ip domain-loo
SW1(config)#no ip domain-lookup
SW1(config)#ip domain-name
SW1(config)#ip domain-name netsec.com
SW1(config)#username admin secret cisco12345
SW1(config)#crypto ke
SW1(config)#crypto key gene
SW1(config)#crypto key generate rsa
The name for the keys will be: SW1.netsec.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

SW1(config)#do wr
*Mar 1 3:5:29.787: %SSH-5-ENABLED: SSH 1.99 has been enabled
Building configuration...
[OK]
SW1(config)#line vty 0 15
SW1(config-line)#transport inp
SW1(config-line)#transport input ssh
SW1(config-line)#login local
SW1(config-line)#exec
SW1(config-line)#exec-timeout 6
SW1(config-line)#exit
SW1(config)#exit
SW1#
%SYS-5-CONFIG_I: Configured from console by console
login block-for 600 attempts 4 within 120
SW1#copy
SW1#copy runn
SW1#copy running-config startu
SW1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
SW1#wr
Building configuration...
[OK]
SW1#

conectarse a la red, se deben habilitar las medidas de seguridad.

ación en PT).

n un período de dos minutos.

ación en el enrutador si necesita ayuda adicional.

do para hacer esto es simplemente apagar cada puerto con el comando "apagar". Esto requeriría acceder a cada puerto individualmente.
o de GigabitEthernet0/2.

ación en PT).
der a cada puerto individualmente. Existe un método abreviado para realizar modificaciones en varios puertos a la vez utilizando el coman
a la vez utilizando el comando de rango de interfaz. En SW1, todos los puertos excepto FastEthernet0/1 y GigabitEthernet0/1 se pueden a
bitEthernet0/1 se pueden apagar con el siguiente comando:
R1>
R1>ena
R1#
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#area 0 atu
R1(config-router)#area 0 aut
R1(config-router)#area 0 authentication mess
R1(config-router)#area 0 authentication message-digest
R1(config-router)#exit
R1(config)#
04:09:10: %OSPF-5-ADJCHG: Process 1, Nbr 10.2.2.2 on GigabitEthernet0/0/0 from FULL to DOWN, Neighbor Down: Dead tim

04:09:10: %OSPF-5-ADJCHG: Process 1, Nbr 10.2.2.2 on GigabitEthernet0/0/0 from FULL to DOWN, Neighbor Down: Interface

R1(config)#
R1(config)#int g0/0/0
R1(config-if)#ip osp mess
R1(config-if)#ip osp message-digest-key 1 md5 MD5pa55
R1(config-if)#EXIT
R1(config)#
R1(config)#DO WR
Building configuration...
[OK]
R1(config)#DO SHUW OSPF INTE
R1(config)#DO SHUW OSPF INTE
SHUW OSPF INTE
^
% Invalid input detected at '^' marker.
R1(config)#EXIT
R1#
%SYS-5-CONFIG_I: Configured from console by console

R1#SHOW OSP
R1#SHOW IP OSPF INTERFACE
^
% Invalid input detected at '^' marker.
R1#SHOW I
R1#SHOW IP ?
access-lists List access lists
arp IP ARP table
bgp BGP information
cache IP fast-switching route cache
cef Cisco Express Forwarding
dhcp Show items in the DHCP database
eigrp IP-EIGRP show commands
inspect CBAC (Context Based Access Control) information
interface IP interface status and configuration
ips IPS (Intrusion Prevention System) information
nat IP NAT information
nbar Network-Based Application Recognition
ospf OSPF information
protocols IP routing protocol process parameters and statistics
rip IP RIP show commands
route IP routing table
ssh Information on SSH
R1#SHOW IP OSPF ?
<1-65535> Process ID number
border-routers Border and Boundary Router Information
database Database summary
interface Interface information
neighbor Neighbor list
virtual-links Virtual link information
<cr>
R1#SHOW IP OSPF INTERFACE

GigabitEthernet0/0/1 is up, line protocol is up

Internet address is 192.168.1.1/24, Area 0
Process ID 1, Router ID 192.168.1.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 192.168.1.1, Interface address 192.168.1.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
No Hellos (Passive interface)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
No key configured, using default key id 0
GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 10.1.1.1/30, Area 0
Process ID 1, Router ID 192.168.1.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 192.168.1.1, Interface address 10.1.1.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1
R1#

en tods los router

Version:1.0 StartHTML:0000000107 EndHTML:0000033288 StartFragment:0000000127 EndFragment:0000033270

Packet Tracer - Configure OSPF Authentication
Addressing Table

Device
R1

R2
R2

PC-A

PC-B

PC-C
Blank Line, No additional information

Objectives
Background / Scenario
In this activity, you will configure OSPF MD5 authentication for secure routing updates.
Instructions
Part 1: Configure OSPF MD5 Authentication
Step 1: Test connectivity. All devices should be able to ping all other IP addresses.
Step 2: Configure OSPF MD5 authentication for all the routers in area 0.
Configure OSPF MD5 authentication for all the routers in area 0.
R1(config)# router ospf 1
R1(config-router)# area 0 authentication message-digest
Step 3: Configure the MD5 key for all the routers in area 0.
Configure an MD5 key on the GigabitEthernet interfaces on R1, R2 and R3. Use the password MD5pa55 for key 1.
R1(config)# interface g0/0/0
R1(config-if)# ip ospf message-digest-key 1 md5 MD5pa55
Step 4: Verify configurations.
a. Verify the MD5 authentication configurations using the commands show ip ospf interface.
b. Verify end-to-end connectivity.
End of document

ospf normal

R1# show run | begin router ospf

router ospf 1
passive-interface GigabitEthernet0/1
network 10.1.1.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
!
<output omitted>
!--------------------------------
R2# show run | begin router ospf
router ospf 1
passive-interface GigabitEthernet0/1
network 10.1.1.0 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0
IP Default Switch
Interface Address Subnet Mask Gateway Port
G0/0/0 10.1.1.1 255,255,255,252 N/A N/A
192.168.1
G0/0/1 .1 255.255.255.0 N/A S1 F0/5
G0/0/0 10.1.1.2 255,255,255,252 N/A N/A
G0/0/1 10.2.2.2 255,255,255,252 N/A N/A
G0/0/0 10.2.2.1 255,255,255,252 N/A N/A
192.168.3
G0/0/1 .1 255.255.255.0 N/A S3 F0/5
192.168.1 192.168.1
NIC .5 255.255.255.0 .1 S1 F0/6
192.168.1 192.168.1
NIC .6 255.255.255.0 .1 S2 F0/18
192.168.3 192.168.3
NIC .5 255.255.255.0 .1 S3 F0/18
Press RETURN to get started!

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up

R1>ena
R1#
R1#exit

R1 con0 is now available

Press RETURN to get started.

R1>ping 209.165.200.225
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.225, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms

R1>ping 209.165.200.225

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 209.165.200.225, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/2 ms

R1>sho
R1>show ntp en
R1>show ntp status
^
% Invalid input detected at '^' marker.
R1>show ntp sta
R1>show ntp st
R1>config t
^
% Invalid input detected at '^' marker.
R1>
R1>config t
^
% Invalid input detected at '^' marker.
R1>exit

R1 con0 is now available

Press RETURN to get started.

R1>ena
R1#show ntp st
R1#show ntp status
%NTP is not enabled.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ntp server 209.165.200.225
R1(config)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console

R1#sho clo
R1#sho clock det
R1#sho clock detail
13:16:46.23 UTC Sat Oct 12 2019
Time source is NTP
R1#show ntp stat
R1#show ntp status
Clock is synchronized, stratum 2, reference is 209.165.200.225
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is E1222127.00000326 (13:18:31.806 UTC Sat Oct 12 2019)
clock offset is 4.00 msec, root delay is 8.00 msec
root dispersion is 10.20 msec, peer dispersion is 0.48 msec.
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s system poll interval is 6, last update w
R1#show ntp as
R1#show ntp associations

address ref clock st when poll reach delay offset disp

*~209.165.200.225127.127.1.1 1 38 64 377 8.00 4.00 0.48
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
R1#

Version:1.0 StartHTML:0000000107 EndHTML:0000032909 StartFragment:00000

Packe
t
Trace
r-
Confi
gure
and
Verify
NTP
Addres
sing
Table
Subnet
Device Interface IP Address Mask
255.255.2
N1 NIC 209,165,200,225 55.0
255.255.2
R1 G0/0/0 209,165,200,226 55.0
255.255.2
R2 G0/0/0 209,165,200,227 55.0

Objecti
ves
In this
activity,
you will
configure
NTP on
R1 and
R2 to
allow time
synchroni
zation.

Backgr
ound /
Scenari
o
require
synchroni
zed time,
this lab
will focus
on
correlating
events
that are
listed in
the
system
log and
other
time-
specific
events
from
multiple
network
devices.
NTP uses
the User
Datagram
Protocol
(UDP) as
its
transport
protocol.
All NTP
communic
ations use
Coordinat
ed
Universal
Time
(UTC).
server
usually
receives
its time
from an
authoritati
ve time
source,
such as
an atomic
clock
attached
to a time
server.
The NTP
server
then
distributes
this time
across the
network.
NTP is
extremely
efficient.
No more
than one
packet per
minute is
necessary
to
synchroni
ze two
devices to
within a
millisecon
d of each
other.
Instruc
tions
Part 1:
NTP
Server
a. Server
N1 is
already
configured
as the
NTP
Server for
this
topology.
Verify its
configurati
on
under Ser
vices > N
TP.

b. From
R1, ping
N1
(209.165.
200.225)
to verify
connectivi
ty. The
ping
should be
successful
.

c. Repea
t the ping
to N1 from
R2 to
verify
connectivi
ty to N1.

Part 2:
Configu
re the
NTP
Clients
Cisco
devices
can be
configured
to refer to
an NTP
server to
use to
synchroni
ze their
clocks. It
is
important
to keep
time
consistent
among all
devices.
Configure
R1 and
R2 as
NTP
clients so
their
clocks are
synchroni
zed. Both
R1 and
R2 will
use N1
server as
their NTP
server.

a. Check
the
current
NTP and
clock
settings
as shown
below:
R1# sho
w ntp
status
%NTP is
not
enabled.
R1# sho
w clock
detail
*0:1:53.
745 UTC
Mon Mar
1 1993

Time
source
is
hardware
calendar

b. Config
ure R1
and R2 as
NTP
Clients.
Use
the ntp
server co
mmand to
specify an
NTP
server, as
shown
below:
R1# con
f t

R1(conf
ig)# nt
p
server
209.165
.200.22
5

c. Repea
t this
configurati
on on R2.

Part 3:
Verify
NTP
settings
a. Check
the clocks
on R1 and
R2 again
to verify
that they
are
synchroni
zed:
R1# sho
w clock
detail

12:7:18
.451
UTC Sat
Oct 12
2019
Time
source
is NTP

Note:
When
working
on
physical
routers,
allow a
few
minutes
before R1
and R2
clocks are
synchroni
zed. With
Packet
Tracer
you can
use the
Fast
Forward
Time
button to
speed up
synchroni
zation.
Execute
the same
command
on R2.
Question:

Are the
clocks
synchroni
zed?

b. Check
the NTP
status and
NTP
associatio
ns by
using the
following
command
s to verify
NTP
operation
and
configurati
on.
R1# sho
w ntp
status

Clock is
synchron
ized,
stratum
2,
referenc
e is
209.165.
200.225
<Output
omitted>

R1# sho
w ntp
associa
tions
address
ref
clock st
when
poll
reach
delay
offset
disp

*~209.16
5.200.22
5127.127
.1.1 1
11 32
377 9.00
4.00
0.24

*
sys.peer
, #
selected
, +
candidat
e, -
outlyer,
x
falsetic
ker, ~
configur
ed
oll interval is 6, last update was 20 sec ago.
032909 StartFragment:0000000127 EndFragment:0000032891
C:\>ssh -l SSHuser 10.0.1.2

C:\>ssh -l SSHuser 10.0.1.2

#logging 10.0.1.254
R1(config)#logging 10.0.1.254
R1#
%SYS-5-CONFIG_I: Configured from console by console
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.0.1.254 port 514 started - CLI initiated

ntp server
service timestamps log datetimemsec

Version:1.0 StartHTML:0000000107 EndHTML:0000013547 StartFragment:0000000127 EndFragment:0

Part 1: Configure Local

AAA Authentication for
Console Access on R1
Step 1: Configure a local
username on R1.
Configure a username
of Admin1 with a secret
password of admin1pa55.

Step 2: Configure local

AAA authentication for
console access on R1.
Enable AAA on R1 and
configure AAA authentication
for the console login to use
the local database.

Step 3: Configure the line

console to use the
defined AAA
authentication method.
Enable AAA on R1 and
configure AAA authentication
for the console login to use
the default method list.
Step 4: Verify the AAA
authentication method.
Verify the user EXEC login
using the local database.

Part 2: Configure Local

AAA Authentication for
vty Lines on R1

Step 1: Configure domain

name and crypto key for
use with SSH.
a. Use netsec.com as the
domain name on R1.
b. Create an RSA crypto key
using 1024 bits.

Step 2: Configure a
named list AAA
authentication method for
the vty lines on R1.
Configure a named list
called SSH-LOGIN to
authenticate logins using local
AAA.

Step 3: Configure the vty

lines to use the defined
AAA authentication
method.
Configure the vty lines to use
the named AAA method and
only allow SSH for remote
access.
Step 4: Verify the AAA
authentication method.
Verify the SSH configuration
SSH to R1 from the command
prompt of PC-A.
PC> ssh –l Admin1
192.168.1.1
Open
Password: admin1pa55
End of document
started - CLI initiated

t:0000000127 EndFragment:0000013529
reiniciar encende apagar control + pausa
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all

ssh -l 192.168.130.3
Router# configure terminal
Router(config)# hostname R1
R1(config)# ip domain name inacap
R1(config)# crypto key generate rsa general-keys modulus 1024
R1(config)# username inacap secret inacap

NTP
R1(config)# ntp master
R1(config)# ntp server x.x.x.x

Syslog
R1(config)# logging 192.168.1.1
R1(config)#
R1(config)# logging trap facility informational

R1(config)# username inacap secret inacap

R1(config)# line vty 0 4
R1(config-line)# login local
R1(config-line)# transport input ssh
R1(config-line)# exit

SSH
R1# show ip ssh
R1# configure terminal
R1(config)# interface g0/0/0
R1(config-if)# shutdown
R1(config-if)# exit
R1(config)# service timestamps log datetime
R1(config)# interface g0/0/0
R1(config-if)# no shutdown
R1(config-if)#

ntp
R1# show clock detail
R1(config)# ntp server 192.168.1.1
R1(config)# end
R1# show clock detail

AAA
R1(config)# username inacap algorithm-type scrypt secret inacap
R1(config)# username inacap algorithm-type scrypt secret inacap
R1(config)# aaa new-model
R1(config)# aaa authentication login default grup radius local enable
R1(config)# line vty 0 4
R1(config-line)# login authentication defaut
SNMP
snmp-server comunity x.x.x.x
rommon 1 confreg 0x2142
rommon 2 reset
al-keys modulus 1024

pe scrypt secret inacap

lt grup radius local enable

SVI
swmlc

interface GIG 1/0/1

VLAN 10 GERENCIA 192.168.110.0/24

VLAN 20 CONTABILIDAD 192.168.120.0/24
VLAN 30 ADMINISTRATIVA 192.168.130.0/24
VLAN 40 NATIVA 192.168.140.0/24

VLAN 50 DIRECCION 172.16.50.0/24

para eliminar un comando se niega

borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all

ssh -l 192.168.130.3

Router on stick
router

Interface giga 0/0

VLAN 10 GERENCIA 192.168.110.0/24

VLAN 20 CONTABILIDAD 192.168.120.0/24
VLAN 30 ADMINISTRATIVA 192.168.130.0/24
VLAN 40 NATIVA 192.168.140.0/24

VLAN 50 DIRECCION 172.16.50.0/24

para eliminar un comando se niega

borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all

ssh -l 192.168.130.3
VLAN 10 GERENCIA 192.168.110.0/24
VLAN 20 CONTABILIDAD 192.168.120.0/24
VLAN 30 ADMINISTRATIVA 192.168.130.0/24
VLAN 40 NATIVA 192.168.140.0/24

VLAN 50 DIRECCION 172.16.50.0/24

VLAN 60 RRHH 172.16.60.0/24
VLAN 70 ADMINISTRATIVA 172.16.70.0/24
VLAN 80 NATIVA 172.16.80.0/24

INT FA 0/20
SHUTDONW
INT DE ACCESO
INT RANGE FAST 0/5-20,23
SHUTDONW
INT FA 0/2
switchport mode access
switchport access Vlan 50
switchport port -security

switchport port -security mac-address "mac"

switchport port -security maximun "numero de mac"

switchport port -security mac-address sticky
host
1
2
4
8
16
32
64
128
256
512
1024
2048
4096
8192
multi capa
SW Multicapa

ip address 192.168.110.1 255.255.255.0

interface vlan 20
ip address 192.168.120.1 255.255.255.0
interface vlan 30
ip address 192.168.130.1 255.255.255.0
interface vlan 40
ip address 192.168.140.1 255.255.255.0
EXIT
VLAN 10
VLAN 20
VLAN 30
VLAN 40
exit
router rip
version 2
network 192.168.110.0
network 192.168.120.0
network 192.168.130.0
network 192.168.140.0
network 100.150.200.0
no auto-summary
exit
int range gi 1/0/2-9
shutdown
int range gi 1/0/11-24
shutdown
int range gi 1/1/1-4
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr

CONF T
hostname "swmulticapa"
INT GI 0/0
NO SHU
INT GI 0/0.50
ENCAPSULATION DOT1Q 50
IP ADD 172.16.50.1 255.255.255.0
INT GI 0/0.60
ENCAPSULATION DOT1Q 60
IP ADD 172.16.60.1 255.255.255.0
INT GI 0/0.70
ENCAPSULATION DOT1Q 70
IP ADD 172.16.70.1 255.255.255.0
INT GI 0/0.80
ENCAPSULATION DOT1Q 80 NATIVE
IP ADD 172.16.80.1 255.255.255.0
INT GI 0/1
ip add 100.150.200.2 255.255.255.252
no shu
EXIT
ROUTER RIP
VERSION 2
network 172.16.50.200
network 172.16.50.0
network 172.16.60.0
network 172.16.70.0
network 172.16.80.0
no auto-summary
DO WR
username ARIEL privilege 15 secret INACAP123
ip domain-name INACAP.COM
crypto key generate rsa
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr

sw
sw 1

ENA
VLAN DATABASE
VLAN 10 NAME GERENCIA
VLAN 20 NAME CONTABILIDAD
VLAN 30 NAME ADMINISTRATIVA
VLAN 40 NAME NATIVA
EXIT
CONF T
hostname "sw1"
INT GI 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/2
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
interface vlan 30
ip address 192.168.130.2 255.255.255.0
IP DEFAULT-GATEWAY 192.168.130.1
int range fast 0/3-24, gi 0/2
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123

APAGADA

APAGA VARIAS INT

int acceso

PUERTO SEGURO
seleccionar filtrado
dinamico/ por defecto

estatico

persistente
elevado
0
1
2
3
4
5
6
7
8
9
10
11
12
13
ejecutable (enable)

show running-config
show ip interface brief
show ip router
show vlan brief
show running-config
Switch#show vlan
show interfaces trunk
show interfaces switchport
show MAC-ADDRESS-TABLE

para eliminar un comando se niega

borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all

ssh -l 192.168.130.3
1/1/2001
hostname "sw2"

ENA
VLAN DATABASE
VLAN 10 NAME GERENCIA
VLAN 20 NAME CONTABILIDAD
VLAN 30 NAME ADMINISTRATIVA
VLAN 40 NAME NATIVA
EXIT
CONF T
hostname "sw2"
INT FA 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/2
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/10
switchport mode access
switchport access Vlan 10
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky
INT FA 0/11
switchport mode access
switchport access Vlan 20
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky
interface vlan 30
ip address 192.168.130.3 255.255.255.0
IP DEFAULT-GATEWAY 192.168.130.1
exit
int range fast 0/3-9, gi 0/1-2
shutdown
int range fast 0/12-24
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
32
32
32
32
32
32
32
32
32
32
32
32
32
confi del pc mac
hostname "sw3"

ENA
VLAN DATABASE
VLAN 10 NAME GERENCIA
VLAN 20 NAME CONTABILIDAD
VLAN 30 NAME ADMINISTRATIVA
VLAN 40 NAME NATIVA
EXIT
CONF T
hostname "sw3"
INT FA 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/2
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/3
switchport mode access
switchport access Vlan 10
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky
INT FA 0/4
switchport mode access
switchport access Vlan 20
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky
interface vlan 30
ip address 192.168.130.4 255.255.255.0
IP DEFAULT-GATEWAY 192.168.130.1
exit
int range fast 0/5-24, gi 0/1-2
shutdown
do wr
exit
username ARIEL privilege 15 secret CONTRERAS
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
mask

31
30
29
28
27
26
25
24
23
22
21
20
19
se suma

2
4
8
16
32
64
128
1
2
4
8
16
32
ENA
VLAN DATABASE
VLAN 10 NAME DATOS
VLAN 20 NAME VCO
VLAN 30 NAME TOIP
VLAN 40 NAME MGNT_WIFI
VLAN 50 NAME CCTV
VLAN 70 NAME WIFI_BRAFI
VLAN 80 NAME WAN
VLAN 90 NAME MGNT_SW

EXIT
CONF T
hostname "sw1"
INT GI 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/1
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
INT FA 0/2
switchport mode trunk
switchport trunk Allowed vlan 10,20,30
SWitchport Trunk Native Vlan 40
interface vlan 30
ip address 192.168.130.2 255.255.255.0
IP DEFAULT-GATEWAY 192.168.130.1
int range fast 0/3-24, gi 0/2
shutdown
do wr
exit
username admin privilege 15 secret admin
ip domain-name INACAP.ORG
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret admin
SW CAPA 2

grupo2(config-if)#exit
grupo2(config)#username admin privilege 15 secret admin
grupo2(config)#ip domain-name INACAP.ORG
grupo2(config)#crypto key generate RSA
The name for the keys will be: grupo2.INACAP.ORG
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 2 seconds)

grupo2(config)#ip ssh version 2

grupo2(config)#line vty 0 4
grupo2(config-line)#transport input ssh
grupo2(config-line)#login local
grupo2(config-line)#exit
grupo2(config)#enable secret admin
grupo2(config)#exit
grupo2#do w
Jun 11 18:10:02.743: %SYS-5-CONFIG_I: Configured from console by consoler
^
% Invalid input detected at '^' marker.

grupo2#show runn
grupo2#show running-config
Building configuration...

Current configuration : 2999 bytes

!
! Last configuration change at 18:10:02 UTC Tue Jun 11 2024
! NVRAM config last updated at 18:07:25 UTC Tue Jun 11 2024
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname grupo2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$5cB8$PImcvAfyUNTyn4EcBcDys.
!
username admin privilege 15 secret 5 $1$FFXY$/M5i6/vXxH/tFTaX7RCJ.0
no aaa new-model
switch 1 provision ws-c2960x-24ps-l
!
!
ip domain-name INACAP.ORG
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
!
!
interface Port-channel20
description LACP_LAN
switchport trunk allowed vlan 10,20,30,40,50,70,80,90
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
switchport access vlan 90
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
switchport access vlan 80
!
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 10,20,30,40,50,70,80,90
switchport mode trunk
switchport nonegotiate
channel-group 20 mode active
!
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 10,20,30,40,50,70,80,90
switchport mode trunk
switchport nonegotiate
channel-group 20 mode active
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address dhcp
!
interface Vlan20
ip address dhcp
!
interface Vlan30
ip address dhcp
!
interface Vlan40
ip address dhcp
!
interface Vlan50
ip address dhcp
!
interface Vlan70
ip address dhcp
!
interface Vlan80
ip address dhcp
!
interface Vlan90
ip address 192.168.24.50 255.255.255.240
!
ip default-gateway 192.168.24.49
ip http server
ip http secure-server
!
!
!
!
line con 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login
!
end
60 to 4096 for your
ater than 512 may take

portable...
rom console by consoler

11 2024
n 11 2024

i6/vXxH/tFTaX7RCJ.0
grupo2>ena
grupo2#show runn
grupo2#show running-config
Building configuration...

Current configuration : 2530 bytes

!
! Last configuration change at 19:08:58 UTC Fri Jun 7 2024
! NVRAM config last updated at 18:59:29 UTC Fri Jun 7 2024
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname grupo2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-24ps-l
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Port-channel20
description LACP_LAN
switchport trunk allowed vlan 10,20,30,40,50,70,80,90
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
switchport access vlan 80
!
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 10,20,30,40,50,70,80,90
switchport mode trunk
switchport nonegotiate
channel-group 20 mode active
!
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 10,20,30,40,50,70,80,90
switchport mode trunk
switchport nonegotiate
channel-group 20 mode active
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address dhcp
!
interface Vlan20
ip address dhcp
!
interface Vlan30
ip address dhcp
!
interface Vlan40
ip address dhcp
!
interface Vlan50
ip address dhcp
!
interface Vlan70
ip address dhcp
!
interface Vlan80
ip address dhcp
!
interface Vlan90
ip address 192.168.24.50 255.255.255.240
!
ip default-gateway 192.168.24.49
ip http server
ip http secure-server
!
!
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end
C Fri Jun 7 2024
UTC Fri Jun 7 2024
0,50,70,80,90
0,50,70,80,90

0,50,70,80,90
SW Multicapa

enable
conf terminal
hostname "swmulticapa"
ip routing
interface gi 1/0/1
no switchport
ip add 100.150.200.1 255.255.255.252
exit
interface gi 1/0/10
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 40
exit
interface vlan 10
ip address 192.168.110.1 255.255.255.0
interface vlan 20
ip address 192.168.120.1 255.255.255.0
interface vlan 30
ip address 192.168.130.1 255.255.255.0
interface vlan 40
ip address 192.168.140.1 255.255.255.0
EXIT
VLAN 10
VLAN 20
VLAN 30
VLAN 40
exit
router rip
version 2
network 192.168.110.0
network 192.168.120.0
network 192.168.130.0
network 192.168.140.0
network 100.150.200.0
no auto-summary
exit
int range gi 1/0/2-9
shutdown
int range gi 1/0/11-24
shutdown
int range gi 1/1/1-4
shutdown
do wr
exit
R2#sh run
Building configuration...
Current configuration : 1734 bytes
!
! Last configuration change at 22:32:17 UTC Fri Nov 17 2023
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
memory-size iomem 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
cts logging verbose
!
!
license udi pid CISCO2901/K9 sn FJC2016A2F7
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ***** HACIA ROUTER 1 *****
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description ***** HACIA ROUTER 2 *****
ip address 192.168.24.1 255.255.255.0
duplex auto
speed auto
!
!
router bgp 200
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback1
neighbor 4.4.4.4 remote-as 400
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 1.1.1.1 255.255.255.255 192.168.12.1
ip route 4.4.4.4 255.255.255.255 192.168.24.2
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
Router#show running-config
Router#show running-config
Building configuration...

Current configuration : 1691 bytes

!
! Last configuration change at 22:15:54 UTC Fri Dec 1 2023
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
cts logging verbose
!
!
license udi pid CISCO2901/K9 sn FJC2016A2FR
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.17.0.2 255.255.255.0
duplex auto
speed auto
!
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 172.17.0.0 0.0.0.255 area 0
!
router bgp 100
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 ebgp-multihop 2
neighbor 2.2.2.2 update-source Loopback1
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 2.2.2.2 255.255.255.255 192.168.12.2
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

Router
ejecutable (enable)

show running-config
show ip interface brief
show ip router
show vlan brief
show running-config
Switch#show vlan
show interfaces trunk
show interfaces switchport
show MAC-ADDRESS-TABLE
show ip interfaces bief
para eliminar un comando se niega

borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all

ssh -l 192.168.130.3
R2#sh run
Building configuration...
Current configuration : 1734 bytes
!
! Last configuration change at 22:32:17 UTC Fri Nov 17 2023
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
memory-size iomem 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
cts logging verbose
!
!
license udi pid CISCO2901/K9 sn FJC2016A2F7
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ***** HACIA ROUTER 1 *****
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description ***** HACIA ROUTER 2 *****
ip address 192.168.24.1 255.255.255.0
duplex auto
speed auto
!
!
router bgp 200
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback1
neighbor 4.4.4.4 remote-as 400
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 1.1.1.1 255.255.255.255 192.168.12.1
ip route 4.4.4.4 255.255.255.255 192.168.24.2
!
!
!
!

router ospf 1
router-id 10.10.10.10
network 10.10.10.10 0.0.0.0 area 0
network 172.16.100.10 0.0.0.0 area 0
network 172.16.102.10 0.0.0.0 area 0

control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
CONF T
hostname "routerderecha"
INT GI 0/0
NO SHU
INT GI 0/0.55
ENCAPSULATION DOT1Q 55
IP ADD 10.10.55.1 255.255.255.0
INT GI 0/0.66
ENCAPSULATION DOT1Q 66
IP ADD 10.10.66.1 255.255.255.0
INT GI 0/0.77
ENCAPSULATION DOT1Q 77
IP ADD 10.10.77.1 255.255.255.0
INT GI 0/0.88
ENCAPSULATION DOT1Q 88 NATIVE
IP ADD 10.10.88.1 255.255.255.0
INT GI 0/1
ip add 200.200.200.1 255.255.255.252
no shu
EXIT
ROUTER RIP
VERSION 2
network 10.10.55.0
network 10.10.66.0
network 10.10.77.0
network 10.10.88.0
network 200.200.200.0
no auto-summary
DO WR
username ARIEL privilege 15 secret INACAP123
ip domain-name INACAP.COM
crypto key generate rsa
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr
router3MPLS_LER#show running-config
Building configuration...

Current configuration : 1272 bytes

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router3MPLS_LER
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 3.3.3.3 255.255.255.255
ip ospf network point-to-point
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface Serial1/0
ip address 120.0.0.2 255.255.255.252
ip ospf 10 area 0
mpls ip
serial restart-delay 0
no fair-queue
!
interface Serial1/1
ip address 23.0.0.1 255.255.255.252
ip ospf 10 area 0
mpls ip
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface GigabitEthernet2/0
no ip address
shutdown
negotiation auto
!
router ospf 10
router-id 3.3.3.3
log-adjacency-changes
network 120.0.0.0 0.0.0.3 area 0
!
!
no ip http server
no ip http secure-server
!
!
!
!
mpls ldp router-id Loopback1
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
line vty 0 4
!
!
end
show ip protocols
show ip interfaces brief
r1
enable
config t
router ospf 10
router-id 1.1.1.1
network 192.168.10.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.3 area 0
network 192.168.10.0 0.0.0.255 area 0

enable
config t
router ospf 10

PARA BORRAR
WRITE ERASE
RELOAD

ip domain-name INACAP.COM

username admin privilege 15 secret clase cisco

ip domain-name INACAP.COM
crypto key generate rsa
1024
ip telnet version 2

enable secret cisco

config t
line vty 0 4
transport input telnet
login local
exit
username admin privilege 15 password cisco
do wr

servvice pass-encry

secret encryp ta

banner noll
ip de red+wildcast
r1(config-if)#do sh runn
Building configuration...

Current configuration : 2016 bytes

!
! Last configuration change at 22:13:59 UTC Fri Oct 13 2023
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!

administrador de dispositivo

pc en linea

IP A INTERFACES

ADM.
CREAR DOMINIO

encrypta las claves

LARGO DE CLAVES
Si hay más de tres intentos fallidos de
inicio de sesión de VTY en 60 segundos,
bloquee las líneas de VTY durante 120
segundos.

CONTRASEÑA DE LA CONSOLA

CONTRASEÑA EXC PRIVILEGIADO

CREAR USUARIO

encryptado con lagoritmo y privilegio

ACCESO TELNET O SSH

puedeser shh o telnet

MIRAR RELOJ
cambiar hora

LO HACE MASTER
opcional

administrador de SNMP
Agentes SNMP (nodo gestionado)
Base de información de gestión (MIB)

guardar confi

servidor NETACD

servidor NETACAD
aaa local

numero de intentos fallidos

6
SSH para asegurar la comunicación
AAA para proporcionar autenticación y
autorización
local

Palabras clave de tipo de método

habilitar
local
caso-local
ninguna
radio de grupo
grupo tacacs+
grupo nombre-grupo
reiniciar encender apagar control + pausa

rommon 1
rommon 2

WRITE ERASE
borrar la configuracion
router
enable
erase startup-config
reload
WRITE ERASE
ssh -l usuario 192.168.130.3
C:\>SSH -L CISCOARIEL 192.168.1.1
desde puty en puerto com serial
se busca el puerto enadministrador de dispositivos.

ROUTER
Router# configure terminal
Router(config)# hostname ROUTER PRUEBA
ROUTERPRUEBA(config)#BANner MOTD "NO INGRESAR, SOLO PERSONAL AUTORIZADO"

ROUTERPRUEBA(config)#INT G0/0/0
ROUTERPRUEBA(config-if)#IP ADD 192.168.1.1 255.255.255.0
ROUTERPRUEBA(config-if)#NO SHUtdown

ROUTERPRUEBA(config)#INTerface VLAN1
ROUTERPRUEBA(config-if)#IP ADD 192.168.1.100 255.255.255.0
ROUTERPRUEBA(config-if)#NO SHUtdown
ROUTERPRUEBA(config)#IP DOMAIN-NAme INACAP.CL

ROUTERPRUEBA(config)#SERVice PASSword-encryption
ROUTERPRUEBA(config)#SECURIty PASswords min-length 5

ROUTERPRUEBA(config)#LOGIN BLOCK-for 120 attempts 3 within 60

ROUTERPRUEBA(config)#LINE CONsole 0
ROUTERPRUEBA(config-line)#PASsword CISCOCONSOLA
ROUTERPRUEBA(config-line)#PLOGIN

ROUTERPRUEBA(config)#enable secret CISCOEXC

ROUTERPRUEBA(config)#USErname CISCOARIEL SECRET CISCOARIEL

ROUTERPRUEBA(config)#CRYpto KEy GENERATE rsa
1024
R1(config)# username Bob privilege 15 algorithm-type scrypt secret cisco12345
R1(config)# crypto key generate rsa general-keys modulus 2048

ROUTERPRUEBAconfig)#LINE VTY 0 15
ROUTERPRUEBA(config-line)#transport input all
ROUTERPRUEBA(config-line)#login local

ntp
ROUTERPRUEBA#SHOW CLOCK DETAIL
ROUTERPRUEBA#CLOck set 16:00:00 oct 2 2022

ROUTERPRUEBA(config)#NTP MASTER

Syslog
R1(config)# logging 192.168.1.1
R1(config)# logging trap facility informational
R1(config)# logging trap informational
R1(config)# logging source-interface lo0
R1(config)# logging on
R1(config)# service timestamps log datetime

SNMP SNMPv3 6.7.7

snmp-server comunity x.x.x.x
R1(config)# ip access-list standard PERMIT-ADMIN
R1(config-std-nacl)# permit 192.168.1.0 0.0.0.255
R1(config-std-nacl)# exit

R1(config)# snmp-server group ADMIN v3 priv read SNMP-RO access PERMIT-ADMIN

R1(config)# snmp-server user BOB ADMIN v3 auth sha cisco12345 priv aes 128 cisco54321

ROUTERPRUEBA#copy running-config startup-config

R1(config)# aaa new-model

R1(config)#
R1(config)# radius server SERVER-R
R1(config-radius-server)# address ipv4 192.168.1.100 auth-port 1812 acct-port 1813
R1(config-radius-server)# key RADIUS-Pa55w0rd
R1(config-radius-server)# exit
R1(config)#
R1(config)# aaa authentication login default group tacacs+ group radius local-case

tacacs aaa
R1(config)# aaa new-model
R1(config)#
R1(config)# tacacs server Server-T
R1(config-server-tacacs)# address ipv4 192.168.1.101
R1(config-server-tacacs)# single-connection
R1(config-server-tacacs)# key TACACS-Pa55w0rd
R1(config-server-tacacs)# exit
R1(config)#
R1(config)# aaa authentication login default group tacacs+ group radius local-case
R1(config)# aaa new-model

Por ejemplo, un administrador podría aplicar un inicio de sesión especial para SSH y luego tener el método de inicio

R1(config)# username JR-ADMIN algorithm-type scrypt secret Str0ng5rPa55w0rd

R1(config)# username ADMIN algorithm-type scrypt secret Str0ng5rPa55w0rd
R1(config)# aaa new-model
R1(config)# aaa authentication login default local-case enable
R1(config)# aaa authentication login SSH-LOGIN local-case
SWPRUEBA(config)#aaa authentication login grup-radius local-case enable
line console 0
login authentication default
R1(config)# line vty 0 4
R1(config-line)# login authentication SSH-LOGIN
transpost input shh
Router(config)# aaa local authentication attempts max-fail [number-of-unsuccessful-attempts]

aaa local

R1(config)# ip domain-name span.com

R1(config)# crypto key generate rsa general-keys modulus 2048
R1(config)# username Bob privilege 15 algorithm-type scrypt secret cisco12345
R1(config)# aaa new-model
R1(config)# aaa authentication login default local
R1(config)# aaa authorization exec default local
R1(config)# ip scp server enable

R1# show aaa local user lockout

show aaa sessions

Descripción
Utiliza la contraseña de activación para la autenticación.
Utiliza la base de datos de nombres de usuario local para la autenticación.
Utiliza autenticación de nombre de usuario local que distingue entre mayúsculas y minúsculas.
No utiliza autenticación.
Utiliza la lista de todos los servidores RADIUS para la autenticación.
Utiliza la lista de todos los servidores TACACS+ para la autenticación.
Utiliza un subconjunto de servidores RADIUS o TACACS+ para la autenticación según lo define el comando aaa grou
administrador de dispositivos

confreg 0x2142
reset

ADM.
CREAR DOMINIO

encrypta las claves

CONTRASEÑA DE LA CONSOLA

CONTRASEÑA EXC PRIVILEGIADO

CREAR USUARIO

ACCESO TELNET O SSH

NTP
opcional

crea lista acl

permite la red xx

crea usuario admini

crea grupo admin, que pueda lee el usuario admin, permite la lista de acceso
crea usuario+una contraseña de cifrado

guardar confi
AAA

el método de inicio de sesión predeterminado para la consola de línea, como se muestra en el ejemplo.
comando aaa group server radius o aaa group server tacacs+.
Conectar el cable de consola (cable azul) al puerto de consola del switch.
Por medio de un emulador de terminal (Hyperterminal) verificar que la contraseña conocida no permita el acceso a
Apagar el switch.
Encender el switch y dejar presionado el botón “Mode”.
Soltar el botón cuando el puerto 1x se apague.
En el emulador de terminal deberá aparecer:

Teclear el comando “flash_init”

load_helper
Ahora ejecutar “dir flash:”
Teclear “flash:config.text flash:config.old” para renombrar el archivo de configuración.
boot

n
https://www.solvetic.com/tutoriales/article/303-como-recuperar-el-password-en-los-switches-cisco-catalyst/

SW
Router# configure terminal
Router(config)# hostname XXX
ROUTERPRUEBA(config)#BANner MOTD "NO INGRESAR, SOLO PERSONAL AUTORIZADO"

SWPRUEBA(config)#INTerface GIgabitEthernet 0/1

SWPRUEBA(config-if)#SWitchport MODe TRunk
SWPRUEBA(config-if)#NO SHUtdown

SWPRUEBA(config)#INTerface VLAN1
SWPRUEBA(config-if)#IP ADD 192.168.1.10 255.255.255.0
SWPRUEBA(config-if)#NO SHUtdown
SWPRUEBA(config)#IP DOMAIN-NAme INACAP.CL

SWPRUEBA(config)#SERVice PASSword-encryption

SWPRUEBA(config)#LINE CONsole 0
SWPRUEBA(config-line)#PASSword CISCOCONSOLA
SWPRUEBA(config-line)#LOGIN

SWPRUEBA(config)#enable secret ciscoexc

SWPRUEBA(config)#USERname CISCOARIEL SECRET CISCOARIEL

SWPRUEBA(config)#CRYpto Key GEnerate rsa
1024
R1(config)# username Bob privilege 15 algorithm-type scrypt secret cisco12345
R1(config)# crypto key generate rsa general-keys modulus 2048

SWPRUEBA(config)#LINE VTY 0 15
SWPRUEBA(config-line)#transport input all
SWPRUEBA(config-line)#login local

ROUTERPRUEBA#SHOW CLOCK DETAIL

SWPRUEBA(config)#ntp server 192.168.1.1

SNMP
snmp-server comunity x.x.x.x

SWPRUEBA#copy running-config startup-config

R1(config)# end
R1#
R1(config)# aaa new-model
SWPRUEBA(config)#aaa authentication login grup-radius local

estra en el ejemplo.
permita el acceso a lashow running-config
show ip interface brief
show ip router
show vlan brief
show running-config
Switch#show vlan
show interfaces trunk
show interfaces switchport
show MAC-ADDRESS-TABLE

para eliminar un comando se niega

cisco-catalyst/
borrar la configuracion
router
enable
erase startup-config
reload
pc ip config /all

ssh -l 192.168.130.3

- Interfaces activas deben ser seguras

switch:

switch: dir flash:

unable to stat flash:/: invalid argument

switch:

switch: co

switch:

switch: sh ?
? -- Present list of available commands
boot -- Load and boot an executable image
cat -- Concatenate (type) file(s)
copy -- Copy a file
delete -- Delete file(s)
dir -- List files in directories
flash_init -- Initialize flash filesystem(s)
format -- Format a filesystem
fsck -- Check filesystem consistency
help -- Present list of available commands
memory -- Present memory heap utilization information
mkdir -- Create dir(s)
more -- Concatenate (display) file(s)
ping -- Send ICMP ECHO_REQUEST packets to a network host

rename -- Rename a file

reset -- Reset the system
rmdir -- Delete empty dir(s)
set -- Set or display environment variables
sleep -- Pause (sleep) for a specified number of seconds
type -- Concatenate (type) file(s)
unset -- Unset one or more environment variables
-- MORE --
version -- Display boot loader version

switch:

switch: flash_init
Unknown cmd: fh_init

switch: flash_init
Initializing Flash...
mifs[9]: 630 files, 20 directories
mifs[9]: Total bytes : 122185728
mifs[9]: Bytes used : 23488000
mifs[9]: Bytes available : 98697728
mifs[9]: mifs fsck took 28 seconds.
...done Initializing Flash.

switch:

switch: dir flash

unable to stat flash/: no such device
switch: no dir flash
Unknown cmd: no

switch: dir

List of filesystems currently registered:

bs[1]: (read-only)
flash[9]: (read-write)
xmodem[10]: (read-only)
null[11]: (read-write)
tftp[12]: (read-only)

switch: dir flash:

Directory of flash:/

2 -rwx 916 <date> vlan.dat.renamed

3 -rwx 624 <date> express_setup.debug
4 -rwx 796 <date> vlan.dat
5 -rwx 2960 <date> config.text
6 -rwx 1920 <date> private-config.text
7 drwx 512 <date> c2960x-universalk9-mz.150-2.EX5
646 drwx 512 <date> dc_profile_dir
648 -rwx 3040 <date> config.text.renamed
649 -rwx 5 <date> private-config.text.renamed
650 -rwx 2072 <date> multiple-fs

96384K bytes available (22937K bytes used)

switch: mv flash:config.text flash:config.old

Unknown cmd: mflash:config.text

switch: ?
? -- Present list of available commands
boot -- Load and boot an executable image
cat -- Concatenate (type) file(s)
copy -- Copy a file
delete -- Delete file(s)
dir -- List files in directories
flash_init -- Initialize flash filesystem(s)
format -- Format a filesystem
fsck -- Check filesystem consistency
help -- Present list of available commands
memory -- Present memory heap utilization information
mkdir -- Create dir(s)
more -- Concatenate (display) file(s)
ping -- Send ICMP ECHO_REQUEST packets to a network host
rename -- Rename a file
reset -- Reset the system
rmdir -- Delete empty dir(s)
set -- Set or display environment variables
sleep -- Pause (sleep) for a specified number of seconds
type -- Concatenate (type) file(s)
unset -- Unset one or more environment variables
-- MORE --
version -- Display boot loader version

switch: remane flash:config.text flash:config.old

Unknown cmd: remane

switch:

switch: dir flash:

Directory of flash:/

2 -rwx 916 <date> vlan.dat.renamed

96384K bytes available (22937K bytes used)

switch: re

switch:

switch: rename flash:config.text flash:config.old

switch: dir flash:

Directory of flash:/

2 -rwx 916 <date> vlan.dat.renamed

3 -rwx 624 <date> express_setup.debug
4 -rwx 796 <date> vlan.dat
5 -rwx 2960 <date> config.old
6 -rwx 1920 <date> private-config.text
7 drwx 512 <date> c2960x-universalk9-mz.150-2.EX5
646 drwx 512 <date> dc_profile_dir
648 -rwx 3040 <date> config.text.renamed
649 -rwx 5 <date> private-config.text.renamed
650 -rwx 2072 <date> multiple-fs

96384K bytes available (22937K bytes used)

switch:

switch: del

switch: delete flash:config.text.remaned

Unknown cmd: dele▒te

switch: delete flash:config.text.renamed

Are you sure you want to delete "flash:config.text.renamed" (y/n)?y
File "flash:config.text.renamed" deleted

switch:

switch: bo
extendida nombrada

acl ip access-list extended contreras-out

permit tcp 192.168.1.0 0.0.0.255 any eq 80
deny udp 192.168.1.0 0.0.0.255 any red y puerto
deny icmp 192.168.1.0 0.0.0.255 any
permit ip any any

ip access-list extended contreras-permitir

remark permit inside http traffic
permit tcp 192.168.1.0 0.0.0.255 any eq 80
permit icmp 192.168.1.0 0.0.0.255 any
permit ip any any

ip access-list extended contreras-denegar

remark denny inside udp and icmp traffic
permit udp 192.168.1.0 0.0.0.255 any eq xx
permit ip 192.168.1.0 0.0.0.255 any
ip access-list 100 permit ip any any

int g0/0/0
ip access-group contreras-permitir in
ip access-group contreras-denegar out

int g0/0/0
ip add 192.168.100.2 255.255.255.0
no shut
Puerto TCP
1✔

5✔

7✔

9✔

11 ✔
13 ✔

17 ✔

18 ✔

19 ✔

20 ✔

21 ✔

22 ✔

23 ✔

25 ✔
37 ✔

39 ✔

42 ✔

43 ✔

49 ✔

50 ✔
53 ✔

70 ✔

71 ✔

79 ✔
80 ✔

81 ✔

88 ✔

101 ✔

102 ✔

105 ✔

107 ✔
109 ✔

110 ✔

111 ✔

113

115 ✔
117 ✔

119 ✔

123

137 ✔

138 ✔

139 ✔
143 ✔

161

162 ✔

177 ✔

179 ✔

194 ✔

199 ✔

201 ✔

209 ✔
210 ✔

213 ✔

220 ✔

369 ✔

370 ✔

389 ✔

427 ✔

443 ✔
444 ✔

445 ✔

464 ✔

500

512 ✔

512

513 ✔

513

514 ✔

514
515 ✔

517

518

520 ✔

520

521

525

530 ✔

531 ✔

532 ✔

533
540 ✔

543 ✔

544 ✔

546 ✔

547 ✔

548 ✔

554 ✔

556 ✔

563 ✔

587 ✔

631 ✔
631 ✔

636 ✔

674 ✔

694 ✔

749 ✔

750

873 ✔

992 ✔

993 ✔
995 ✔

Registered ports
Puerto TCP
1080 ✔

1433 ✔

1434 ✔

1494 ✔

1512 ✔

1524 ✔

1701

1719
1720 ✔
1812 ✔

1813 ✔

1985
2008 ✔

2010

2049 ✔

2102 ✔

2103 ✔

2104 ✔

2401 ✔

2809 ✔

3306 ✔

4321 ✔

5999 ✔
6000 ✔

11371 ✔

13720 ✔

13721 ✔

13724 ✔

13782 ✔

13783 ✔

22273 ✔

23399

25565 ✔
26000 ✔

27017

33434 ✔
no
UDP
✔

✔
✔

✔
UDP

✔
✔

✔
R1(config)# access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
rate-limit Simple rate-limit specific access list
template Enable IP template acls
R1(config)# access-list

extendida nombrada
R1(config)# ip access-list extended FTP-FILTER
R1(config-ext-nacl)# permit tcp 192.168.10.0 0.0.0.255 any eq ftp
R1(config-ext-nacl)# permit tcp 192.168.10.0 0.0.0.255 any eq ftp-data
R1(config-ext-nacl)#
extendida
R1(config)# access-list 120 permit tcp any 192.168.10.0 0.0.0.255 established

estandar
R1(config)# access-list 10 permit 192.168.10.10 0.0.0.0
R1(config)# access-list 11 permit 0.0.0.0 255.255.255.255
R1(config)#
standar nombrada
R1(config)# ip access-list standard NO-ACCESS
R1(config-std-nacl)# ?
Standard Access List configuration commands:
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
R1(config-std-nacl)#
Descripci
Nombre ón
tcpmux Multiplex
or TCP
rje Entrada
de tarea
remota
(remote
job entry)

echo Protocolo
Echo
discard Protocolo
Discard
(evaluaci
ón de
conexion
es)

systat Informaci
ón del
sistema
(enumera
los
puertos
conectad
os)
daytime Protocolo
Daytime:
indica
fecha y
hora

qotd Envía la
cita del
día
(quote of
the day)

msp Protocolo
de envío
de
mensajes

chargen Protocolo
Chargen:
envía
una
cadena
infinita de
caractere
s

ftp-data Transmis
ión de
datos
FTP
ftp Conexión
FTP

ssh Servicio
Secure
Shell

telnet Servicio
Telnet
smtp Simple
Mail
Transfer
Protocol
time Protocolo
de
tiempo
legible de
forma
mecaniza
da

rlp Protocolo
de envío
de
recursos
(Resourc
e
Location
Protocol)

nameserver Servicio
de
nombres

nicname Servicio
de
directorio
WHOIS

tacacs Terminal
Access
Controlle
r Access
Control
System

re-mail-ck Protocolo
de
verificaci
ón de
correo
remoto
(Remote
Mail
Checking
)
domain Resoluci
ón de
nombres
por DNS

bootps Protocolo
Bootstrap
(servidor)

bootpc Protocolo
Bootstrap
(cliente)

tftp Protocolo
Trivial de
Transfere
ncia de
Ficheros
(Trivial
File
Transfer
Protocol)

gopher Búsqued
a de
documen
tos
genius Protocolo
Genius

finger Proporcio
na
informaci
ón de
contacto
de
usuarios
http Protocolo
de
Transfere
ncia de
HiperTex
to
(Hyperte
xt
Transfer
Protocol)

Torpark:
Onion-
Routing
(no
oficial)

Torpark:
Control
(no
oficial)
kerberos Sistema
de
autentica
ción de
red

hostname Servicios
de
nombres
de host
(NIC
Host
Name)

Iso-tsap Protocolo
ISO-
TSAP
csnet-ns Servidor
de correo

rtelnet Telnet
remoto
pop2 Post
Office
Protocol
v2 para
comunica
ción de
correo
electrónic
o

pop3 Post
Office
Protocol
v3 para
comunica
ción de
correo
electrónic
o

sunrpc Protocolo
RPC
para NFS

auth (Antiguo)
servicio
de
autentica
ción

sftp Protocolo
de
transfere
ncia de
archivos
seguros
o Simple
File
Transfer
Protocol
(versión
simplifica
da de
FTP)
uucp-path Transmis
ión de
datos
entre
sistemas
Unix

nntp Transmis
ión se
noticias
en
Newsgro
ups

ntp Protocolo
de
sincroniz
ación de
tiempo

netbios-ns NETBIO
S
Servicio
de
nombres

netbios-dgm NETBIO
S
Servicio
de envío
de
datagram
as

netbios-ssn NETBIO
S
Servicio
de
sesiones
imap Internet
Message
Access
Protocol
para
comunica
ción de
correo
electrónic
o

snmp Simple
Network
Manage
ment
Protocol

snmptrap Simple
Network
Manage
ment
Protocol
Trap

xdmcp X Display
Manager

bgp Border
Gateway
Protocol
irc Internet
Relay
Chat
smux SNMP
UNIX
Multiplex
er
at-rtmp Enrutami
ento
AppleTal
k
qmtp Quick
Mail
Transfer
Protocol
z39.50 Sistema
de
informaci
ón
bibliográfi
co

ipx Internetw
ork
Packet
Exchang
e

imap3 IMAP v3
para
comunica
ción de
correo
electrónic
o

rpc2portmap Coda
Filesyste
m
Portmap
per

codaauth2 Servicio
Coda
Filesyste
m
Authentic
ation

ldap Lightweig
ht
Directory
Access
Protocol

svrloc Service
Location
Protocol
https HTTPS
(HTTP a
través de
SSL/TLS
)
snpp Simple
Network
Paging
Protocol
microsoft-ds SMB a
través de
TCP/IP

kpasswd Modificac
ión de
contrase
ña para
Kerberos

isakmp Protocolo
de
segurida
d
exec Remote
Process
Executio
n
comsat/biff Mail
Client y
Mail
Server
login Inicio de
sesión en
ordenado
r remoto

who Whod
User
Logging
Daemon
shell Remote
Shell
syslog Servicio
Unix
System
Logging
printer Servicios
de
impresió
n Line
Printer
Daemon

talk Talk
Remote
Calling
ntalk Network
Talk
efs Extended
Filename
Server

router Routing
Informati
on
Protocol
ripng Routing
Informati
on
Protocol
para IPv6

timed Servidor
de
tiempo
courier Courier
Remote
Procedur
e Call
conference Chat a
través de
AIM y
IRC
netnews Servicio
Netnews
Newsgro
up
netwall Broadcas
t de
emergen
cia
uucp Unix-to-
Unix
Copy
Protocol
klogin Kerberos
v5
Remote
Login
kshell Kerberos
v5
Remote
Shell
dhcpv6-client DHCP v6
Client
dhcpv6-server DHCP v6
Server

afpovertcp Apple
Filing
Protocol
a través
de TCP

rtsp Control
de
streams
remotefs Remote
Filesyste
m
nntps NNTP a
través de
SSL/TLS

submission Message
Submissi
on Agent

ipp Internet
Printing
Protocol
Common
Unix
Printing
System
(no
oficial)

ldaps LDAP a
través de
SSL/TLS

acap Applicati
on
Configur
ation
Access
Protocol

ha-cluster Servicio
Heartbea
t
kerberos-adm Kerberos
v5
Administr
ation
kerberos-iv Servicios
Kerberos
v4

rsync Servicios
de
transmisi
ón de
datos
rsync

telnets Telnet a
través de
SSL/TLS

imaps IMAP a
través de
SSL/TLS
pop3s POP3 a
través de
SSL/TLS

Descripci
Nombre ón
socks SOCKS
Proxy
ms-sql-s Microsoft
SQL
Server
ms-sql-m Microsoft
SQL
Monitor
ica Citrix ICA
Client

wins Windows
Internet
Name
Service

ingreslock Ingres
DBMS
l2tp Layer 2
Tunnelin
g
Protocol/
Layer 2
Forwardi
ng

h323gatestat H.323
h323hostcall H.323
radius Autentica
ción
RADIUS
radius-acct Acceso
RADIUS
hsrp Cisco
HSRP
Teamspe
ak 3
Accounti
ng (no
oficial)

Teamspe
ak 3
Weblist
(no
oficial)

nfs Network
File
System
zephyr-srv Zephyr
Server
zephyr-clt Zephyr
Client
zephyr-hm Zephyr
Host
Manager
cvspserver Concurre
nt
Versions
System
corbaloc Common
Object
Request
Broker
Architect
ure

mysql Servicio
de bases
de datos
MySQL
(también
para
MariaDB)

rwhois Remote
Whois
Service
cvsup CVSup
X11 Servicios
X
Windows
System

pgpkeyserver Keyserve
r público
para
PGP

bprd Symante
c/Veritas
NetBack
up

bpdbm Symante
c/Veritas
Database
Manager

vnetd Symante
c/Veritas
Network
Utility

bpcd Symante
c/Veritas
NetBack
up

vopied Symante
c/Veritas
VOPIE
wnn6 Conversi
ón
Kana/Ka
nji
Skype
(no
oficial)
Minecraft
quake Quake y
otros
juegos
multijuga
dor

MongoD
B
traceroute Seguimie
nto de
red
Parámetro Descripción
Este es el número decimal de la
ACL.

número de lista de acceso

El rango de números de ACL

extendido es de 100 a 199 y de
2000
Esto a 2699.el acceso si se cumple
deniega
negar
la condición.
Esto permite el acceso si se cumple
permiso
la condición.
(Opcional) Agrega una entrada de
comentario de texto texto con fines de documentación.
comentario de texto Cada comentario está limitado a
100 caracteres.
Nombre o número de un protocolo
de Internet.
Las palabras clave comunes
protocolo
incluyen ip , tcp , udp e icmp .
La palabra clave ip coincide con
todos los protocolos IP.
Esto identifica la red de origen o la
dirección del host para filtrar.
Utilice la palabra clave any para
especificar todas las redes.
fuente Utilice la palabra clave de la
dirección IP del host o simplemente
ingrese una dirección IP (sin la
palabra clave del host ) para
identificar una dirección IP
específica.
(Opcional) Una máscara comodín de
fuente-comodín
32 bits que se aplica al origen.

Esto identifica la red de destino o la

dirección del host para filtrar.

Utilice la palabra clave any para

destino especificar todas las redes.

Utilice la palabra clave de la

dirección IP del host o la
dirección IP .

(Opcional) Esta es una máscara

destino-comodín comodín de 32 bits que se aplica al
destino.
(Opcional) Esto compara los
puertos de origen o destino.

operador

Algunos operadores
incluyen lt (menor que), gt (mayor
que), eq (igual) y neq (distinto).

(Opcional) El número decimal o el

Puerto
nombre de un puerto TCP o UDP.

(Opcional) Solo para el protocolo

TCP.

establecido

Esta es una función de firewall

de primera generación.

(Opcional) Esta palabra clave

genera y envía un mensaje
informativo cada vez que coincide
con el ACE.
Este mensaje incluye el número de
ACL, la condición coincidente (es
decir, permitida o denegada), la
Iniciar sesión dirección de origen y la cantidad de
paquetes.
Este mensaje se genera para el
primer paquete coincidente.
Esta palabra clave solo debe
implementarse para solucionar
problemas o por motivos de
seguridad.
show
habilitar licencia

crear acl

IKE Phase 1 ISAKMP policy

la contraseña en la puerta contraria donde se usara

IKE Phase 2 ISAKMP policy

Create the transform-set VPN-SET

vpn-map es un nombre que se asgina

ip del otro router

crear vpn en int

license boot module c1900 technology-package securityk9
reload

access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

1(config)# crypto isakmp policy 10

R1(config-isakmp)# encryption aes 256
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 5
R1(config-isakmp)# lifetime 86400
R1(config-isakmp)# exit
R1(config)# crypto isakmp key vpnpa55 address 10.2.2.2

vpn-set es un nombre que se asigna

R1(config)# crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac

R1(config)# crypto map VPN-MAP 10 ipsec-isakmp

R1(config-crypto-map)# description VPN connection to R3
R1(config-crypto-map)# set peer 10.2.2.2
R1(config-crypto-map)# set transform-set VPN-SET
R1(config-crypto-map)# match address 110
R1(config-crypto-map)# exit

vpn-map es un nombre que se asgina

R1(config)# interface s0/0/0
R1(config-if)# crypto map VPN-MAP

show crypto map o isakmp o key

R1(config)# crypto isakmp policy 1
R1(config-isakmp)# encryption aes 256
R1(config-isakmp)# hash sha
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 24
R1(config-isakmp)# lifetime 3600
R1(config-isakmp)# end
R1# show crypto isakmp policy

Global IKE policy

Protection suite of priority 1
encryption algorithm: AES - Advanced Encryption Standard (256 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #24 (2048 bit, 256 bit subgroup)
lifetime: 3600 seconds, no volume limit

Router(config)# crypto isakmp key keystring address peer-address

Router(config)# crypto isakmp key keystring hostname peer-hostname

R1# conf t
R1(config)# crypto isakmp key cisco12345 address 172.30.2.2
R1(config)#

Configure la política ISAKMP con prioridad 1 usando los siguientes parámetros SA:
Hachís es SHA
La autenticación se comparte previamente
El Grupo Diffie-Hellman tiene 24 años
La vida útil es de 3600 segundos.
El cifrado es AES con una clave de 256 bits

Version:1.0 StartHTML:0000000107 EndHTML:0000011836 StartFragment:0000000127 EndFragment:0000011818

Parameters
Key Distribution Method

Encryption Algorithm
Hash Algorithm

Authentication Method

Key Exchange

IKE SA Lifetime
ISAKMP Key
R1 R3
Manual or ISAKMP ISAKMP ISAKMP
DES, 3DES,
or AES AES 256 AES 256
MD5 or SHA-1 SHA-1 SHA-1
Pre-shared
keys or RSA pre-share pre-share

DH Group 1, 2, or 5 DH 5 DH 5
86400 seconds or
less 86400 86400
vpnpa55 vpnpa55
· Contraseña para línea de consola: ciscoconpa55

· Contraseña para líneas vty: ciscovtypa55

· Habilitar contraseña: ciscoenpa55

· Usuario y contraseña SSH: SSHadmin/ciscosshpa55

· OSPF101
-----------------------------------------
(para entrar en router R1)
User Access Verification
Password:ciscoconpa55
R1>ena
Password: ciscoenpa55
R1#
----------------
COMANDO PARA VER LA LICENCIA
R1#show version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 14:19 by pt_team

ROM: System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1)

cisco1941 uptime is 1 hours, 6 minutes, 54 seconds
System returned to ROM by power-on
System image file is "flash0:c1900-universalk9-mz.SPA.151-1.M4.bin"
Last reload type: Normal Reload

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO1941/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FTX152400KS
2 Gigabit Ethernet interfaces
2 Low-speed serial(sync/async) network interface(s)
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
249856K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO1941/K9 FTX1524F8G8

Technology Package License Information for Module:'c1900'

----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
-----------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security disable None None
data disable None None

Configuration register is 0x2102

-----------------------------------------------

COMANDO PARA HABILITAR LA LICENCIA C1900

R1(config)# license boot module c1900 technology-package securityk9
--------------------------------------------------------------

CONFIGURAR ACL 100 PARA PREPARAR CAMINO PARA VPN

-------------------------------------------------
Paso 4
R1(config)# crypto isakmp policy 10
R1(config-isakmp)# encryption aes 256

R1(config-isakmp)# authentication pre-share

R1(config-isakmp)# group 5

R1(config-isakmp)# exit

R1(config)# crypto isakmp key vpnpa55 address 10.2.2.2

---------------------------
COMANDO PARA VER LAS COBFIGURACION HECHAS EN EL ROUTER
R1(config)# do sh run
-------------------------------------------------
PASO 5///FASE 2

COMANDO PARA
R1(config)#crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac
---------------------------------------------------
R1(config)# crypto map VPN-MAP 10 ipsec-isakmp

R1(config-crypto-map)# description VPN connection to R3

R1(config-crypto-map)# set peer 10.2.2.2

R1(config-crypto-map)# set transform-set VPN-SET

R1(config-crypto-map)# match address 110

R1(config-crypto-map)# exit
-----------------------------------------
PASO 6--COMANDO PARA APLICAR CONFI A INTERF

R1(config)#interface s0/0/0
R1(config-if)#CRypto map VPN-MAP
--------------------
COMANDO PARA VER CRYPTO IPSEC

R1#show crypto ipsec sa

EASE SOFTWARE (fc2)
Version:1.0 StartHTML:0000000107 EndHTML:0000003309 StartFragment:0000000127 EndFragment:0000003291
i) Configurar el ASA para que permita que salga la red 192.168.1.0 a la red 192.168.2.0 con servicios tcp port 80 y
443, además de ICMP.
ii) Configurar la salida de DMZ1 hacia OUTSIDE
iii) Configurar la salida de DMZ2 solo hacia INSIDE.
iv) Se debe permitir el ICMP desde todos las zonas .
v) Los nombres de las ACL es OUTSIDE-INSIDE, DMZ1-ANY y DMZ2-ANY.

access-list DMZ2-ANY EXTended PERMIT Icmp ANY any

access-list DMZ2-ANY EXTended PERMIT IP 192.168.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list DMZ2-ANY EXTended PERMIT IP 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list DMZ2-ANY EXTended deny IP any any

access-list DMZ1-ANY EXtended PERMIt ICMP ANY ANY

access-list DMZ1-ANY EXtended PERMIt IP 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list OUTSIDE-INSIDE extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq www
access-list OUTSIDE-INSIDE extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq 443
access-list OUTSIDE-INSIDE extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq www
access-list OUTSIDE-INSIDE extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 443
access-list OUTSIDE-INSIDE extended permit icmp ANY any
access-list OUTSIDE-INSIDE extended permit IP 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list OUTSIDE-INSIDE extended permit IP 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-group DMZ2-ANY out interface DMZ2

access-group DMZ1-ANY out interface DMZ1
access-group OUTSIDE-INSIDE OUT interface INSIDE

ASA Version 9.6(1)

!
hostname FW1-INACAP
domain-name CONTRERAS.CL
names
!
interface GigabitEthernet1/1
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/2
nameif OUTSIDE
security-level 0
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1/3
nameif DMZ1
security-level 50
ip address 192.168.3.1 255.255.255.0
!
interface GigabitEthernet1/4
nameif DMZ2
security-level 75
ip address 192.168.4.1 255.255.255.0
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
!
!
access-list OUTSIDE-INSIDE extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq www
access-list OUTSIDE-INSIDE extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq 443
access-list OUTSIDE-INSIDE extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq www
access-list OUTSIDE-INSIDE extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 443
access-list OUTSIDE-INSIDE extended permit icmp any any
access-list OUTSIDE-INSIDE extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list OUTSIDE-INSIDE extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list DMZ1-ANY extended permit icmp any any
access-list DMZ1-ANY extended permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list DMZ2-ANY extended permit icmp any any
access-list DMZ2-ANY extended permit ip 192.168.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list DMZ2-ANY extended permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list DMZ2-ANY extended deny ip any any
!
!
access-group OUTSIDE-INSIDE out interface INSIDE
access-group DMZ1-ANY out interface DMZ1
access-group DMZ2-ANY out interface DMZ2
aaa authentication ssh console LOCAL
!
ntp authentication-key 1 md5 *****
ntp authenticate
ntp server 192.168.3.10
username admin password TQaTZQ6borpImUez encrypted
username admin1 password TQaTZQ6borpImUez encrypted
!
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect tftp
!
service-policy global_policy global
!
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 INSIDE
ssh 192.168.2.0 255.255.255.0 OUTSIDE
ssh 192.168.3.0 255.255.255.0 DMZ1
ssh 192.168.4.0 255.255.255.0 DMZ2
ssh timeout 10
!
dhcpd address 192.168.1.10-192.168.1.40 INSIDE
dhcpd dns 192.168.4.10 interface INSIDE
dhcpd enable INSIDE
FW1-INACAP(config)#
FW1-INACAP(config)#show run
FW1-INACAP(config)#show run
: Saved
:
ASA Version 9.6(1)
!
hostname FW1-INACAP
domain-name CONTRERAS.CL
names
!
interface GigabitEthernet1/1
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/2
nameif OUTSIDE
security-level 0
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1/3
nameif DMZ1
security-level 50
ip address 192.168.3.1 255.255.255.0
!
interface GigabitEthernet1/4
nameif DMZ2
security-level 75
ip address 192.168.4.1 255.255.255.0
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
!
!
access-list OUTSIDE-INSIDE extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq www
access-list OUTSIDE-INSIDE extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq 443
access-list OUTSIDE-INSIDE extended permit icmp 192.168.1.0 255.255.255.0 any
access-list OUTSIDE-INSIDE extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list OUTSIDE-INSIDE extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq www
access-list OUTSIDE-INSIDE extended permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 443
access-list OUTSIDE-INSIDE extended permit icmp 192.168.2.0 255.255.255.0 any
access-list DMZ1-ANY extended permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list DMZ1-ANY extended permit icmp 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list DMZ1-ANY extended permit icmp 192.168.3.0 255.255.255.0 any
access-list DMZ1-ANY extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list DMZ1-ANY extended permit icmp 192.168.2.0 255.255.255.0 any
access-list DMZ2-ANY extended permit icmp 192.168.4.0 255.255.255.0 any
access-list DMZ2-ANY extended permit ip 192.168.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list DMZ2-ANY extended deny ip 192.168.4.0 255.255.255.0 any
access-list DMZ2-ANY extended permit icmp any 192.168.4.0 255.255.255.0
access-list DMZ2-ANY extended permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
!
!
access-group OUTSIDE-INSIDE out interface INSIDE
access-group DMZ1-ANY out interface DMZ1
access-group DMZ2-ANY out interface DMZ2
aaa authentication ssh console LOCAL
!
ntp authentication-key 1 md5 *****
ntp authenticate
ntp server 192.168.3.10
username admin password TQaTZQ6borpImUez encrypted
username admin1 password TQaTZQ6borpImUez encrypted
!
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect tftp
!
service-policy global_policy global
!
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 INSIDE
ssh 192.168.2.0 255.255.255.0 OUTSIDE
ssh 192.168.3.0 255.255.255.0 DMZ1
ssh 192.168.4.0 255.255.255.0 DMZ2
ssh timeout 10
!
dhcpd address 192.168.1.10-192.168.1.41 INSIDE
dhcpd dns 192.168.4.10 interface INSIDE
dhcpd enable INSIDE
!
!
!
!
FW1-INACAP(config)#
Router#show running-config
Router#show running-config
Building configuration...

Current configuration : 1691 bytes

Router
PARA FIREWALL

PARA ENLACES

crear vlan

activarlas
ospf

loopback administracion
disponibles

ruta estatica

ntp

AAA
SW Multicapa

enable
conf terminal
hostname "swmulticapa"
ip routing
interface (interfaz de fibra GLS)
no switchport
ip add xxxxx. xxxxx
exit
interface (interfaz de fibra GLS)
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk Allowed vlan 10,20,30

exit
interface vlan 10
ip address xxxx xxxx
interface vlan 20
ip address xxxx xxxx
interface vlan 30
ip address xxxx xxxx

VLAN 10
VLAN 20
VLAN 30
VLAN 40
router ospf 100
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network XXXX XXXX area 0

interface Loopback1
ip address XXXX XXXX

exit
int range gi 1/0/1-15
no shutdown
switchport access Vlan 10
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky

int range gi 1/0/16-30

no shutdown
switchport access Vlan 20
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky

int range gi 1/0/31-40

no shutdown
switchport access Vlan 30
switchport port-security
switchport port-security maximum 2
switchport port-security violation SHUTD
switchport port-security mac sticky

int range gi 1/0/40-48

shutdown

ip route 172.168.2.1 255.255.255.255 gi 0/0

R1# show clock detail

R1(config)# ntp server 192.168.1.1
R1(config)# end
R1# show clock detail

R1(config)# username inacap algorithm-type scrypt secret inacap

R1(config)# username inacap algorithm-type scrypt secret inacap
R1(config)# aaa new-model
R1(config)# aaa authentication login default grup radius local enable
R1(config)# line vty 0 4
R1(config-line)# login authentication defaut

username ARIEL privilege 15 secret CONTRERAS

ip domain-name INACAP.ORG(serv dominio crear dominio)
crypto key generate RSA
1024
ip ssh version 2
line vty 0 4
transport input ssh
login local
exit
enable secret INACAP123
do wr

sd wan en fortinet
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/1cfb712e-

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/313888/con
hments/1cfb712e-72a5-11ee-a142-fa163e15d75b/SD-WAN-7.2-Deployment_Guide_for_MSSPs

guide/313888/configuration-examples
ment_Guide_for_MSSPs.pdf

Comandos de Clase
No ratings yet
Comandos de Clase
10 pages
Commands 2.1
No ratings yet
Commands 2.1
16 pages
Comandos Administrativos de Red
No ratings yet
Comandos Administrativos de Red
9 pages
Cisco CCNA Command Guide
No ratings yet
Cisco CCNA Command Guide
5 pages
CCNA 2 & 3 Packet Tracer Practice
No ratings yet
CCNA 2 & 3 Packet Tracer Practice
18 pages
Cisco Switch Basic Configuration Guide
No ratings yet
Cisco Switch Basic Configuration Guide
13 pages
Cisco Remote Management Configuration Guide
No ratings yet
Cisco Remote Management Configuration Guide
3 pages
Comandos de Configuracion
No ratings yet
Comandos de Configuracion
9 pages
CCNA2 Commands Summary
100% (1)
CCNA2 Commands Summary
10 pages
Examen Borja
No ratings yet
Examen Borja
7 pages
Comandos Lab Intervlan 9 Feb
No ratings yet
Comandos Lab Intervlan 9 Feb
4 pages
Configuration R2
No ratings yet
Configuration R2
7 pages
CCNA Networking Commands Guide
No ratings yet
CCNA Networking Commands Guide
17 pages
Packet Tracer: VLAN & NAT Configuration
No ratings yet
Packet Tracer: VLAN & NAT Configuration
7 pages
Configuración de Switch y Router VLANs
No ratings yet
Configuración de Switch y Router VLANs
5 pages
Examen Terminado
100% (1)
Examen Terminado
15 pages
Commands
No ratings yet
Commands
19 pages
CommandReference NET126 SRWEv7
No ratings yet
CommandReference NET126 SRWEv7
33 pages
Swacc2 Pia
No ratings yet
Swacc2 Pia
3 pages
Paso A Paso de Ccna 2
No ratings yet
Paso A Paso de Ccna 2
18 pages
Lab Virtual Ce
No ratings yet
Lab Virtual Ce
23 pages
Cisko Switch Komande
No ratings yet
Cisko Switch Komande
6 pages
Packet Tracer 8.6.1.3
0% (1)
Packet Tracer 8.6.1.3
16 pages
Examen Redes
No ratings yet
Examen Redes
5 pages
Configurations
No ratings yet
Configurations
7 pages
Edgecore
No ratings yet
Edgecore
4 pages
Examecisco
No ratings yet
Examecisco
5 pages
Script
No ratings yet
Script
5 pages
Cheatsheet Packet Tracer/Cisco IOS: Mode Navigation Show Commands VLAN Configuration Subnetting 101
No ratings yet
Cheatsheet Packet Tracer/Cisco IOS: Mode Navigation Show Commands VLAN Configuration Subnetting 101
2 pages
Complete CCNA CLI Reference Guide - Expanded With Every Detail and Variation
No ratings yet
Complete CCNA CLI Reference Guide - Expanded With Every Detail and Variation
93 pages
Quiz Telematica
No ratings yet
Quiz Telematica
2 pages
Command
No ratings yet
Command
40 pages
Comandos Configurar Switch Cisco
No ratings yet
Comandos Configurar Switch Cisco
12 pages
Routing and ..
No ratings yet
Routing and ..
36 pages
Configuración de VLAN y Enrutamiento IP
No ratings yet
Configuración de VLAN y Enrutamiento IP
6 pages
Tabla de Direccionamiento
No ratings yet
Tabla de Direccionamiento
8 pages
CCNA Cheat Sheets
No ratings yet
CCNA Cheat Sheets
16 pages
Borrador
No ratings yet
Borrador
12 pages
Cisco Switch Configuration Guide
100% (2)
Cisco Switch Configuration Guide
11 pages
Cisco Command Guide for Engineers
100% (1)
Cisco Command Guide for Engineers
22 pages
Resumen Cisco Vs Juniper Commands
No ratings yet
Resumen Cisco Vs Juniper Commands
5 pages
Herramientas Ip Prueba Red
No ratings yet
Herramientas Ip Prueba Red
30 pages
Configuracion Switch y Router Cisco
No ratings yet
Configuracion Switch y Router Cisco
3 pages
BGP Configuration Guide for ATM Interfaces
No ratings yet
BGP Configuration Guide for ATM Interfaces
5 pages
Comandos Packet Treacer de Cisco
No ratings yet
Comandos Packet Treacer de Cisco
3 pages
CCNA Command Cheat Sheet 2025
No ratings yet
CCNA Command Cheat Sheet 2025
8 pages
Comando Configuracion Routing ROAS y Switch Capa3
No ratings yet
Comando Configuracion Routing ROAS y Switch Capa3
3 pages
123
No ratings yet
123
6 pages
CCNA Command Cheat Sheet
100% (1)
CCNA Command Cheat Sheet
33 pages
Comandos CLI, Router Cisco
No ratings yet
Comandos CLI, Router Cisco
6 pages
Configuracion SSH en Gns3
No ratings yet
Configuracion SSH en Gns3
8 pages
Vlan 2,3,4,5
No ratings yet
Vlan 2,3,4,5
5 pages
Comandos Practica Ospf, Enrutamiento
No ratings yet
Comandos Practica Ospf, Enrutamiento
14 pages
Linux Networking
No ratings yet
Linux Networking
14 pages
R&S Command
No ratings yet
R&S Command
4 pages
????????
No ratings yet
????????
4 pages
Cisco Ucertify 400-007 Study Guide 2022-Sep-22 by Hale 53q Vce PDF
No ratings yet
Cisco Ucertify 400-007 Study Guide 2022-Sep-22 by Hale 53q Vce PDF
12 pages
Networking Command Overview and Usage
No ratings yet
Networking Command Overview and Usage
18 pages
Cisco IOS XE Automation Innovations
No ratings yet
Cisco IOS XE Automation Innovations
61 pages
MQTT Protocol: Features & Functions
No ratings yet
MQTT Protocol: Features & Functions
11 pages
Chapter - 4 - Process and Process Management
No ratings yet
Chapter - 4 - Process and Process Management
14 pages
Aws Solution Architect Associate - 6
No ratings yet
Aws Solution Architect Associate - 6
24 pages
Cpe Wi SR 1041y RP0102 26112021
No ratings yet
Cpe Wi SR 1041y RP0102 26112021
60 pages
CSPs Details 210624
No ratings yet
CSPs Details 210624
1 page
x86 Stderr
No ratings yet
x86 Stderr
3 pages
Tech Manager's Career Journey
No ratings yet
Tech Manager's Career Journey
4 pages
Practical Subnetting Network Design Guide
No ratings yet
Practical Subnetting Network Design Guide
25 pages
20-Subnetting in IPv4 Addressing-17!02!2025
No ratings yet
20-Subnetting in IPv4 Addressing-17!02!2025
20 pages
Swat Sd-Wan v2 Lab Guide
No ratings yet
Swat Sd-Wan v2 Lab Guide
584 pages
BRKCRS-2810 Cisco Software-Defined Access
No ratings yet
BRKCRS-2810 Cisco Software-Defined Access
83 pages
Ccna Day 1 Assignment: WWW - Ironlink.asia
50% (2)
Ccna Day 1 Assignment: WWW - Ironlink.asia
5 pages
MPLS L3VPN Internet Access
No ratings yet
MPLS L3VPN Internet Access
10 pages
09-BSC6900 BSC6910 WCDMA V900R015 Initial Data Configuration Based On CME ISSUE 1.00
100% (1)
09-BSC6900 BSC6910 WCDMA V900R015 Initial Data Configuration Based On CME ISSUE 1.00
116 pages
TP Link Er707 m2 Omada Multi Gigabit VPN Router Datasheet
No ratings yet
TP Link Er707 m2 Omada Multi Gigabit VPN Router Datasheet
9 pages
Networking Quiz for IT Enthusiasts
No ratings yet
Networking Quiz for IT Enthusiasts
24 pages
Multicast PIM Dense Mode Lab Guide
No ratings yet
Multicast PIM Dense Mode Lab Guide
15 pages
Socket Programming in C Guide
No ratings yet
Socket Programming in C Guide
21 pages
Loadbalanceradministrationv8 1 PDF
No ratings yet
Loadbalanceradministrationv8 1 PDF
269 pages
Answer All Questions. 2. Part A - Each 1 Mark 3. Part B - Each 3 Marks 4. Part C - Each 10 Marks
No ratings yet
Answer All Questions. 2. Part A - Each 1 Mark 3. Part B - Each 3 Marks 4. Part C - Each 10 Marks
1 page
Process & Process State
No ratings yet
Process & Process State
25 pages
SAP BTP Admin - Training Course
No ratings yet
SAP BTP Admin - Training Course
15 pages
Networking Basics
No ratings yet
Networking Basics
9 pages
Huawei CloudEngine S5332-H Series Switches Brochure - V1.0
No ratings yet
Huawei CloudEngine S5332-H Series Switches Brochure - V1.0
9 pages
Script Mikrotik
No ratings yet
Script Mikrotik
3 pages
BGP PDF
No ratings yet
BGP PDF
100 pages
BGP LAB Guide v1.2
No ratings yet
BGP LAB Guide v1.2
26 pages

Copia de VLSM Networkin 2022

Uploaded by

Copia de VLSM Networkin 2022

Uploaded by

servidor w

interface GIG 1/0/1

VLAN 10 GERENCIA 192.168.110.0/24

VLAN 50 DIRECCION 172.16.50.0/24

para eliminar un comando se niega

Interface giga 0/0

- Interfaces activas deben ser seguras

para eliminar un comando se niega

- Interfaces activas deben ser seguras

switchport port -security mac-address "mac"

switchport port -security maximun "numero de mac"

para eliminar un comando se niega

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up

How many bits in the modulus [512]: 1024

la primera vez por ssh

b. Consola en RTA desde la Terminal en PCA.

C. Configure el nombre de host como RTA.

d. Configure el direccionamiento IP en RTA y habilite la interfaz.

mi. Cifre todas las contraseñas de texto sin formato.

F. Establezca la longitud mínima de la contraseña en 10.

RTA (config) # contraseñas de seguridad min-length 10

gramo. Establezca una contraseña secreta segura de su elección.

H. Deshabilite la búsqueda de DNS.

RTA (config) # sin búsqueda de dominio ip

RTA (config) # ip nombre de dominio netsec.com

j. Cree un usuario de su elección con una contraseña cifrada segura.

RTA (config) # nombre de usuario cualquier_usuario secreto cualquier_contraseña

k. Genere claves RSA de 1024 bits.

RTA (config) # clave criptográfica generar rsa

El nombre de las claves será: RTA.netsec.com

Elija el tamaño del módulo clave en el rango de 360 ​a 2048 para su

Cuántos bits en el módulo [512]: 1024

RTA (línea de configuración) # entrada de transporte ssh

RTA (línea de configuración) # inicio de sesión local

RTA (línea de configuración) # exec-tiempo de espera 6

o Guarde la configuración en NVRAM.

Packet Tracer PC SSH

Uso: SSH -l destino de nombre de usuario

Parte 2: configurar la seguridad básica en el conmutador

una. Consola en SW1 desde la Terminal en PCA.

b. Configure el nombre de host como SW1.

C. Configure el direccionamiento IP en SW1 VLAN1 y habilite la interfaz.

d. Configure la dirección de la puerta de enlace predeterminada.

mi. Deshabilite todos los puertos de conmutador no utilizados.

SW1 (config) # rango de interfaz F0/2-24, G0/2

SW1 (config-if-range) # apagado

%LINK-5-CAMBIADO: interfaz FastEthernet0/2, cambió el estado a administrativamente inactivo

%LINK-5-CAMBIADO: interfaz FastEthernet0/24, cambió el estado a administrativamente inactivo

%LINK-5-CHANGED: interfaz GigabitEthernet0/2, cambió el estado a administrativamente inactivo

F. Cifre todas las contraseñas de texto sin formato.

gramo. Establezca una contraseña secreta segura de su elección.

H. Deshabilite la búsqueda de DNS.

j. Cree un usuario de su elección con una contraseña cifrada segura.

k. Genere claves RSA de 1024 bits.

norte. Guarde la configuración en NVRAM.

ara la puntuación en PT).

intentos en un período de dos minutos.

ara la puntuación en PT).

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/7, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/9, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/16, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administratively down

Elija el tamaño del módulo clave en el rango de 360 a 2048 para su