Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • A Continuación Se Mostrará La Configuración de Cada Uno de Los Switches y El Router

    Enviado por

    García Emilio E
    29 visualizações14 páginas
    The document summarizes the configurations of a router, server, and two client switches in a network. Key details include: - The router has VLAN and DHCP configurations to serve multiple subnets and apply access control lists. - The server has VLAN trunk and port configurations to connect VLANs to switches and apply security to ports. - The client switches have VLAN access port configurations and trunk port configurations to connect to the server and router via LACP trunks.

    Descrição original:

    Título original

    lab.docx

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    DOCX, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    The document summarizes the configurations of a router, server, and two client switches in a network. Key details include: - The router has VLAN and DHCP configurations to serve multiple subnets and apply access control lists. - The server has VLAN trunk and port configurations to connect VLANs to switches and apply security to ports. - The client switches have VLAN access port configurations and trunk port configurations to connect to the server and router via LACP trunks.

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    29 visualizações14 páginas

    A Continuación Se Mostrará La Configuración de Cada Uno de Los Switches y El Router

    Enviado por

    García Emilio E
    The document summarizes the configurations of a router, server, and two client switches in a network. Key details include: - The router has VLAN and DHCP configurations to serve multiple subnets and apply access control lists. - The server has VLAN trunk and port configurations to connect VLANs to switches and apply security to ports. - The client switches have VLAN access port configurations and trunk port configurations to connect to the server and router via LACP trunks.

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 14

    A continuacin se mostrar la configuracin de cada uno de los switches y el router:

    Router:

    Router#show ru
    Building configuration...

    Current configuration : 1890 bytes
    !
    version 12.4
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname Router
    !
    !
    !
    enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
    !
    !
    !
    ip dhcp pool gestion
    network 192.168.10.0 255.255.255.0
    default-router 192.168.10.1
    ip dhcp pool tres
    network 192.168.30.0 255.255.255.0
    default-router 192.168.30.1
    ip dhcp pool cuatro
    network 192.168.40.0 255.255.255.0
    default-router 192.168.40.1
    ip dhcp pool cinco
    network 192.168.50.0 255.255.255.0
    default-router 192.168.50.1
    ip dhcp pool seis
    network 192.168.60.0 255.255.255.0
    default-router 192.168.60.1
    !
    !
    !
    !
    !
    !
    !
    !
    !
    spanning-tree mode pvst
    !
    !
    !
    !
    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet0/0.1
    encapsulation dot1Q 20
    ip address 192.168.10.1 255.255.255.0
    ip access-group 10 in
    ip access-group 10 out
    !
    interface FastEthernet0/0.2
    encapsulation dot1Q 30
    ip address 192.168.30.1 255.255.255.0
    ip access-group 101 in
    ip access-group 101 out
    !
    interface FastEthernet0/0.3
    encapsulation dot1Q 40
    ip address 192.168.40.1 255.255.255.0
    ip access-group 101 in
    !
    interface FastEthernet0/0.4
    encapsulation dot1Q 50
    ip address 192.168.50.1 255.255.255.0
    ip access-group 101 in
    !
    interface FastEthernet0/1
    no ip address
    duplex auto
    speed auto
    shutdown
    !
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan20
    no ip address
    !
    ip classless
    !
    !
    access-list 10 deny 192.168.30.0 0.0.0.255
    access-list 10 deny 192.168.40.0 0.0.0.255
    access-list 10 deny 192.168.50.0 0.0.0.255
    access-list 10 permit any
    access-list 101 deny tcp 192.168.30.0 0.0.0.255 any eq telnet
    access-list 101 deny tcp 192.168.40.0 0.0.0.255 any eq telnet
    access-list 101 deny tcp 192.168.50.0 0.0.0.255 any eq telnet
    access-list 101 permit ip any any
    !
    !
    !
    !
    !
    line con 0
    !
    line aux 0
    !
    line vty 0 4
    password cisco
    login
    !
    !
    !
    end


    De la configuracin anterior se pueden diferenciar las interfaces virtuales creadas, los
    pool de IP para el servidor DHCP y las listas de control de acceso utilizadas.
    SERVER:

    Building configuration...

    Current configuration : 2318 bytes
    !
    version 12.1
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname Server
    !
    enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
    enable password cisco
    !
    !
    spanning-tree mode pvst
    !
    interface FastEthernet0/1
    switchport access vlan 20
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    switchport port-security mac-address sticky 000A.41C0.C588
    !
    interface FastEthernet0/2
    switchport mode access
    !
    interface FastEthernet0/3
    switchport mode access
    !
    interface FastEthernet0/4
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet0/5
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet0/6
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet0/7
    switchport access vlan 40
    switchport mode access
    !
    interface FastEthernet0/8
    switchport access vlan 40
    switchport mode access
    !
    interface FastEthernet0/9
    switchport access vlan 40
    switchport mode access
    !
    interface FastEthernet0/10
    switchport access vlan 50
    switchport mode access
    !
    interface FastEthernet0/11
    switchport access vlan 50
    switchport mode access
    !
    interface FastEthernet0/12
    switchport access vlan 50
    switchport mode access
    !
    interface FastEthernet0/13
    switchport access vlan 60
    switchport mode access
    !
    interface FastEthernet0/14
    switchport access vlan 60
    switchport mode access
    !
    interface FastEthernet0/15
    switchport access vlan 60
    switchport mode access
    !
    interface FastEthernet0/16
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    switchport trunk allowed vlan 1,20,30,40,50,60
    switchport mode trunk
    !
    interface FastEthernet0/23
    switchport trunk allowed vlan 1,20,30,40,50,60
    channel-protocol lacp
    channel-group 1 mode active
    switchport mode trunk
    !
    interface FastEthernet0/24
    switchport trunk allowed vlan 1,20,30,40,50,60
    channel-protocol lacp
    channel-group 1 mode active
    switchport mode trunk
    !
    interface Port-channel 1
    switchport mode trunk
    !
    interface Vlan1
    no ip address
    !
    interface Vlan20
    ip address 192.168.10.100 255.255.255.0
    !
    !
    line con 0
    !
    line vty 0 4
    password cisco
    login
    line vty 5 15
    login
    !
    !
    end

    CLIENTE 1:

    Building configuration...

    Current configuration : 2549 bytes
    !
    version 12.1
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname cliente1
    !
    enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
    enable password cisco
    !
    !
    spanning-tree mode pvst
    !
    interface FastEthernet0/1
    switchport access vlan 20
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    switchport port-security mac-address sticky 0006.2A25.BD40
    !
    interface FastEthernet0/2
    switchport mode access
    !
    interface FastEthernet0/3
    switchport mode access
    !
    interface FastEthernet0/4
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet0/5
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet0/6
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet0/7
    switchport access vlan 40
    switchport mode access
    !
    interface FastEthernet0/8
    switchport access vlan 40
    switchport mode access
    !
    interface FastEthernet0/9
    switchport access vlan 40
    switchport mode access
    !
    interface FastEthernet0/10
    switchport access vlan 50
    switchport mode access
    !
    interface FastEthernet0/11
    switchport access vlan 50
    switchport mode access
    !
    interface FastEthernet0/12
    switchport access vlan 50
    switchport mode access
    !
    interface FastEthernet0/13
    switchport access vlan 60
    switchport mode access
    !
    interface FastEthernet0/14
    switchport access vlan 60
    switchport mode access
    !
    interface FastEthernet0/15
    switchport access vlan 60
    switchport mode access
    !
    interface FastEthernet0/16
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    switchport trunk allowed vlan 1,20,30,40,50,60
    channel-protocol lacp
    channel-group 2 mode passive
    switchport mode trunk
    !
    interface FastEthernet0/22
    switchport trunk allowed vlan 1,20,30,40,50,60
    channel-protocol lacp
    channel-group 2 mode passive
    switchport mode trunk
    !
    interface FastEthernet0/23
    switchport trunk allowed vlan 1,20,30,40,50,60
    channel-protocol lacp
    channel-group 1 mode passive
    switchport mode trunk
    !
    interface FastEthernet0/24
    switchport trunk allowed vlan 1,20,30,40,50,60
    channel-protocol lacp
    channel-group 1 mode passive
    switchport mode trunk
    !
    interface Port-channel 1
    switchport mode trunk
    !
    interface Port-channel 2
    switchport mode trunk
    !
    interface Vlan1
    no ip address
    !
    interface Vlan20
    ip address 192.168.10.110 255.255.255.0
    !
    !
    line con 0
    !
    line vty 0 4
    password cisco
    login
    line vty 5 15
    login
    !
    !
    end

    CLIENTE 2:

    Building configuration...

    Current configuration : 2345 bytes
    !
    version 12.1
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname cliente2
    !
    enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
    enable password cisco
    !
    !
    spanning-tree mode pvst
    !
    interface FastEthernet0/1
    switchport access vlan 20
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    switchport port-security mac-address sticky 0010.1179.85BA
    !
    interface FastEthernet0/2
    switchport mode access
    !
    interface FastEthernet0/3
    switchport mode access
    !
    interface FastEthernet0/4
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet0/5
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet0/6
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet0/7
    switchport access vlan 40
    switchport mode access
    !
    interface FastEthernet0/8
    switchport access vlan 40
    switchport mode access
    !
    interface FastEthernet0/9
    switchport access vlan 40
    switchport mode access
    !
    interface FastEthernet0/10
    switchport access vlan 50
    switchport mode access
    !
    interface FastEthernet0/11
    switchport access vlan 50
    switchport mode access
    !
    interface FastEthernet0/12
    switchport access vlan 50
    switchport mode access
    !
    interface FastEthernet0/13
    switchport access vlan 60
    switchport mode access
    !
    interface FastEthernet0/14
    switchport access vlan 60
    switchport mode access
    !
    interface FastEthernet0/15
    switchport access vlan 60
    switchport mode access
    !
    interface FastEthernet0/16
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    switchport trunk allowed vlan 1,20,30,40,50,60
    channel-protocol lacp
    channel-group 2 mode active
    switchport mode trunk
    !
    interface FastEthernet0/22
    switchport trunk allowed vlan 1,20,30,40,50,60
    channel-protocol lacp
    channel-group 2 mode active
    switchport mode trunk
    !
    interface FastEthernet0/23
    switchport trunk allowed vlan 1,20,30,40,50,60
    !
    interface FastEthernet0/24
    switchport trunk allowed vlan 1,20,30,40,50,60
    !
    interface Port-channel 2
    switchport mode trunk
    !
    interface Vlan1
    no ip address
    !
    interface Vlan20
    ip address 192.168.10.120 255.255.255.0
    !
    !
    line con 0
    !
    line vty 0 4
    password cisco
    login
    line vty 5 15
    login
    !
    !
    end


    En las configuraciones anteriores de los switches y para lo que respecta a sta prctica
    de laboratorio se observa las distribucin de puertos de los switches para cada una de las
    VLAN's creadas, se observa tambin la seguridad aplicada en los switches en el puerto
    donde estaba conectado cada equipo de gestin.


    Dado que la configuracin de los switches es muy similar se proceder a mostrar los
    comandos utilizados en este laboratorio para cada una de las etapas, se limitar a
    mostrar solo los comandos que se utilizaron especficamente para el objetivo planteado,
    debido a que las otras configuraciones se mostraron en informes anteriores:


    Configuracin de contraseas:
    En el modo de configuracin del switche
    *enable password cisco
    *enable secret cisco

    Configuracin para conexin telnet:
    En el modo de configuracin del switche
    *line vty 0 4
    *password cisco
    *exit
    *interface vlan 1
    *ip address ip mask
    *no shutdown

    Asignacin puertos a VLAN
    En el modo de configuracin del switche
    *interface fastethernet 0/1
    *switchport access vlan 20
    *exit

    Seguridad de puerto
    En el modo de configuracin del switche
    *interface fastEhthernet 0/1
    *switchport port-security
    * switchport port-security maximum (1-132)
    * switchport port-security mac-address H.H.H
    * switchport port-security violation (protect- restrict shutdown )
    *exit

    A continuacin se mostrarn los comandos utilizados en este laboratorio para cada una
    de las etapas en la configuracin del router:

    Creacin de Interfaces virtuales:
    En el modo de configuracin del router
    *Interface fastethernet 0.x (donde x es el nmero de la inerfaz)
    *encasulaption dot1Q z (Donde z en el identificador de la VLAN)
    *ip address x.x.x.x (IP gateway para cada una de las VLAN)
    *Interface 0
    *no shutdown


    Servidor DHCP
    En el modo de configuracin del router:
    *ip dhcp pool (nombre de la VLAN)
    *network x.x.x.x y.y.y.y (IP y mscara de la red)
    *default-router x.x.x.x (IP default del router para ste pool)

    ACL (Listas de Control de Acceso)
    --Primero se crean las listas.
    En el modo de configuracin del router:
    * access-list 10 deny 192.168.30.0 0.0.0.255
    *access-list 10 deny 192.168.40.0 0.0.0.255
    *access-list 10 deny 192.168.50.0 0.0.0.255
    *access-list 10 permit any
    *access-list 101 deny tcp 192.168.30.0 0.0.0.255 any eq telnet
    *access-list 101 deny tcp 192.168.40.0 0.0.0.255 any eq telnet
    *access-list 101 deny tcp 192.168.50.0 0.0.0.255 any eq telnet
    *access-list 101 permit ip any any




    --Segundo se aplica a la sub-interfaz deseada:
    Se ingresa a cada sub-interfaz y se aplica la lista de la siguiente manera:
    *ip access-group 101 in
    *ip access-group 101 out
    *ip access-group 10 in
    *ip access-group 10 out

    Você também pode gostar