=====================Criar LOG========================

logging 192.168.0.254 <-- ip do syslog server

logging trap debugging <--- o router vai logar como um debug
logging buffered 8192 informational <-- tamanho do log
===========colocar data e hora no log===========
service timestamp log datetime msec
ntp authentication-key 1 md5 senha123
ntp authenticate
ntp trusted-key 1
ntp update-calendar
ntp server 192.168.0.3 key 1
show ntp status
show ntp association
snmp-server location 10.1.0.26 <- ip do servidor
snmp-server contact SagaraJGR <- nome do administrador
snmp-server community super-secret RW <- senha da comunidade
snmp-server host 10.1.0.26 trap cisK0tRap^ <- host NMS e senha
========Criar contas locais com nveis de privilgio===============
username cisco privilege 1 secret cisco
username admcisco privilege 3 secret passw0rd
username sagara privilege 5 secret senha123
username manager1 privilege 8 secret p455w0rd
username adm25 privilege 15 secret cisco123
========== Criar ipsec tunnel
crypto isakmp policy 2
hash md5
auth pre-share
group 2
lifetime 600
encr aes 128

====================

//sha
//rsa-sig
//3,5
//192,256

=========Pre shared key==============================

crypto isakmp key cisco123 address 200.100.50.2
=============access list para match address==========
access-list 100 permit ip 172.16.32.0 0.0.0.23 192.168.0.0 0.0.1.255
===========criar transform-set============================
crypto ipsec transform-set my-set1 esp-aes 256 esp-sha-hmac
===============Criar Mapa===============
crypto map meu-map 1 ipsec-isakmp
set transform my-set1
match address 100
set peer 200.100.50.2
set pfs 2

==========colocar mapa na interface=====

int s0/0/0
crypto map meu-map
==========configurar conexo ao servidor aaa=============
aaa new-model <-- define novo aaa no router
tacacs-server host 192.168.0.254 <- ip do servidor tacacs+
tacacs-server key senha123
<-senha do servidor tacacs+
====definir aaa authentication default em todo o router========
aaa authentication login default group tacacs+ local enable
====definir aaa authentication especifico em uma uma linha.========
aaa authentication login Lista1 group tacacs+ local
definir em uma linha de administrao:
line vty 0 4
login authentication Lista1
==============definir aaa para authorizao===============
aaa authorization commands 1 nomelista1 group tacacs+ local <-- privilege 1
aaa authorization commands 15 nomelista15 group tacacs+ local <-- privilege

15

definir em uma linha: authrorization commands 1 nomelista1

authrorization commands 1 nomelista15
=============definir aaa para accounting==================
aaa accounting commands 1 lista-acc1 start-stop group tacacs+

<--log de lvl1

aaa accounting commands 15 lista-acc15 start-stop group tacacs+ <--log lvl15

definir em uma linha: accounting commands 1 lista-acc1
accounting commands 15 lista-acc15

===========criar uma nova view=======

enable secret senha123 <- colocar uma senha no enable antes
aaa new-model <-- define new-model
enable view <-- habilitar o modo de views
parser view Nova-view <--- criar a nova view
secret senha123da123view <-- define a senha da view
commands exec include all show <--adciona um comando exec para a view
commands exec include all ping <--adciona um comando exec para a view
commands exec include configure <-- adciona um comando exec para a view
commands configure include interface <--- adciona um comando configure para a view

para logar na view

enable view Nova-view
enable secret level 1 0 senha123

<-lvl 1 sem hash

enable secret level 8 0 senha123

<-lvl 8 sem hash

enable secret level 14 5 senha123 <-lvl 14 com hash

enable 15 <- entrar no nivel escolhido

======definir commandos para um nivel de privilgio especifico=========

privilege exec level 8 configure terminal <- conf t pode ser usado por lvl 8
====================Proteger imagem em caso de deletada==================
secure boot-image
secure boot-config
show secure bootset

==================Siglas==============================

Network Admissions Control (NAC)

Identity Services Engine (ISE)
*Adaptive Security Appliance (ASA)
*intrusion prevention systems (IPS)
*Cisco Security Manager (CSM)
*Cisco Access Control Server (ACS)
authentication, authorization, accounting (AAA)
*Secure Sockets Layer (SSL)
security group tags (SGT)
*Adaptive Security Device Manager (ASDM)
*Cisco Configuration Professional (CCP)
*IPS Device Manager (IDM)
IDM Express (IME)
network foundation protection (NFP)
*Authenticated Network Time Protocol (NTP)
Transport Layer Security (TLS)
Simple Network Management Protocol Version 3 (SNMPv3)
Control plane policing (CoPP)
Control plane protection (CPPr)
*Perfect Forward Secrecy (PFS)
*Security Association (SA)
*Secure Hash Algorithm (SHA)
*Advanced Encryption Standard (AES)
*Authentication Header (AH)
*Certification Authority (CA)
*Certificate Revocation List (CRL)
*Data Encryption Standard (DES)
*Diffie-Hellman(DH)
*Encapsulating Security Payload (ESP)
*Internet Security Association and Key Management Protocol (ISAKMP)