Você está na página 1de 9

JUN 1717

enable
configure terminal
hostname S1
service password-encryption
enable secret class
no ip domain-lookup
no cdp run

banner motd #warn#


interface vlan 99
ip address 192.168.1.2 255.255.255.0
no shutdown
ip default-gateway 192.168.1.1
interface range f0/1 24,g0/1 - 2
switchport access vlan 99
mac address-table static 0050.56BE.6C89 vlan 99 interface fastethernet 0/6
ip dhcp snooping
ip dhcp snooping vlan
interface range f0/1
ip dhcp snooping trust -----puertos como confiable
ip dhcp snooping limit rate 5
ip domain-name cisco.com
crypto key generate rsa
crypto key zeroize rsa
username admin password ccna
line vty 0 4
transport input ssh
login local
ip ssh version 2
interface fastEthernet 0/2
switchport mode access
switchport port-security
switchport port-security mac-address sticky ---MAC dinmicamente en MAC seguras
switchport port-security maximum 3
switchport port-security violation shutdown
switchport port-security mac-address 2222.4444.6666 -----MAC seguras estticas
switchport port-security aging time 60
switchport port-security mac-address sticky 2222.4444.6666 -----MAC seguras estti
cas
line con 0
login
password cisco
logging synchronous
line vty 0 4
login
password cisco
transport input ssh
login local
mac address-table static 00E0.B027.2245 vlan 1 interface fastethernet 0/1
vlan 10
name Faculty/Staff
vlan 20
name Students
vlan 30
name Guest(Default)
vlan 99
name Management&Native
interface FastEthernet0/1
switchport trunk native vlan 99
switchport trunk allowed vlan 10,99
switchport mode trunk
interface range FastEthernet 0/2-24
switchport access vlan 20
switchport mode access

------------------------------------------------------------------
show ipv6 route static
show ip route 2001:DB8:ACAD:3::
C:\Users\User1> ping -6
statico ipv6
R1(config)#
interface g0/1
ipv6 address 2001:DB8:ACAD:A::/64 eui-64
no shutdown
interface serial 0/0/1
ipv6 address FC00::1/64
no shutdown
ipv6 route 2001:DB8:ACAD:B::/64 serial 0/0/1
ipv6 route 2001:DB8:ACAD:B::/64 FC00::2
ipv6 route ::/0 serial 0/0/1

R3(config)#
interface gigabit 0/1
ipv6 address 2001:DB8:ACAD:B::/64 eui-64
no shutdown
interface serial 0/0/0
ipv6 address FC00::2/64
clock rate 128000
no shutdown
ipv6 route 2001:DB8:ACAD:A::/64 serial 0/0/0
ipv6 route 2001:DB8:ACAD:A::/64 FC00::1
----------------------------------------------------------
interface Serial0/0/0
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:1:A001::1/64
ipv6 unicast-routing
ipv6 route ::/0 s0/0/0
ipv6 route 2001:DB8:1:2::/64 2001:DB8:1:A001::2
ipv6 route 2001:DB8:1:3::/64 2001:DB8:1:A001::2
ipv6 route 2001:DB8:1:2::/64 2001:DB8:1:A001::2
ipv6 route 2001:DB8:1:2::/64 Serial0/0/0
ipv6 route 2001:DB8:1:3::/64 Serial0/0/0
ipv6 route 2001:DB8:1:2::/64 Serial0/0/0
ipv6 route 2001:DB8:1:2::/64 fe80::1
ipv6 route 2001:DB8:1:3::/64 fe80::1
ipv6 route 2001:DB8:1:2::/64 fe80::1

show ipv6 route ospf


R1
interface GigabitEthernet0/0
ipv6 address fe80::1 link-local
ipv6 address 2001:db8:cafe:2::1/64
interface Serial0/0/0
ipv6 address fe80::1 link-local
ipv6 address 2001:db8:cafe:a001::2/64

interface Serial0/0/1
ipv6 address fe80::1 link-local
ipv6 address 2001:db8:cafe:a002::1/64
clock rate 64000

R3
interface GigabitEthernet0/0
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:1:3::1/64
interface Serial0/0/1
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:1:A002::2/64
ipv6 unicast-routing
ipv6 route ::/0 2001:DB8:1:A002::1
-----------------------------------------------------------------------
router rip
version 2
no auto-summary
default-information originate
passive-interface g0/1
network 172.30.10.0 0.0.0.255
network 10.10.10.0 0.0.0.3

ipv6 unicast-routing
ipv6 router rip CISCO
ipv6 rip CISCO default-information originate
ipv6 route 0::/0 2001:DB8:FEED:1::1
int g0/0
ipv6 rip CISCO enable
int s0/0/0
ipv6 rip CISCO enable
-------------------------------------------------------------------
show ip ospf interface
show ip ospf neighbor
show ip protocols
clear ipv6 ospf process
show ipv6 ospf interface
show ipv6 ospf interface brief
show ipv6 route ospf
interface s0/0/0
bandwidth 128
ip ospf cost 1565
auto-cost reference-bandwidth 100
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.12.0 0.0.0.3 area 0
network 192.168.13.0 0.0.0.3 area 0
router-id 1.1.1.1
log-adjacency-changes
passive-interface GigabitEthernet0/0

ipv6 router ospf 1


router-id 3.3.3.3
log-adjacency-changes
passive-interface GigabitEthernet0/0
interface s0/0/0
ipv6 router ospf 1
------------------------------------------------
ipv6 unicast-routing
ipv6 rip
ipv6 route ::/0 2001:DB8:1:A002::1
ipv6 router ospf 1
router-id 1.1.1.1
log-adjacency-changes
clear ip ospf process
interface g0/1
ipv6 address 2001:DB8:ACAD:A::/64 eui-64
no shutdown
interface serial 0/0/1
ipv6 address FC00::1/64
no shutdown
ipv6 route 2001:DB8:ACAD:B::/64 serial 0/0/1 O
ipv6 route 2001:DB8:ACAD:B::/64 FC00::2 O
ipv6 route ::/0 serial 0/0/1
------------------------------------------------------------
interface GigabitEthernet0/0
description R1 LAN
no ip address
duplex auto
speed auto
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:1::1/64
ipv6 ospf 10 area 0
interface Serial0/0/0
description Link to R2
no ip address
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:A001::1/64
ipv6 ospf 1 area 0
clock rate 64000
!
interface Serial0/0/1
description Link to R3
no ip address
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:A003::1/64
ipv6 ospf 10 area 0

interface Loopback0
ipv6 address 2001:DB8:5F73:6::1/64
ipv6 router ospf 10
router-id 1.1.1.1
log-adjacency-changes
passive-interface GigabitEthernet0/0
network 172.16.2.0 0.0.0.255 area 0
network 192.168.10.8 0.0.0.3 area 0
network 172.16.3.0 0.0.0.3 area 0
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
passive-interface GigabitEthernet0/0
network 172.31.0.0 0.0.1.255 area 0
network 172.31.4.0 0.0.0.3 area 0
router eigrp 100
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/1
network 192.168.10.0
network 192.168.11.0
network 10.0.0.0
no auto-summary
---------------------------------------------
access-list 1 deny 192.168.11.0 0.0.0.255
access-list 1 permit any
interface GigabitEthernet0/0
ip access-group 1 out
ip access-list standard File_Server_Restrictions
permit host 192.168.20.4
deny any
ip access-group File_Server_Restrictions out

access-list 1 deny 192.168.11.0 0.0.0.255


access-list 1 permit any
interface GigabitEthernet0/0 ip access-group 1 out
access-list 1 deny 192.168.10.0 0.0.0.255
access-list 1 permit any
interface GigabitEthernet0/0
ip access-group 1 out
access-list 1 remark Allow R1 LANs Access
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 deny any
interface g0/1
ip access-group 1 out
ip access-list standard BRANCH-OFFICE-POLICY
permit host 192.168.30.3
permit 192.168.40.0 0.0.0.255
interface g0/1
ip access-group BRANCH-OFFICE-POLICY out

ip access-list standard File_Server_Restrictions


permit host 192.168.20.4
deny any
ip access-group File_Server_Restrictions out
access-list 99 permit host 10.0.0.1
access-list 99 deny any
line vty 0 4
login local
transport input ssh
access-class 99 in

access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ftp


access-list 100 permit icmp 172.22.34.64 0.0.0.31 host 172.22.34.62
interface gigabitEthernet 0/0
ip access-group 100 in
permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 eq www
permit icmp 172.22.34.96 0.0.0.15 host 172.22.34.62
interface gigabitEthernet 0/1
ip access-group HTTP_ONLY in
access-list 199 permit tcp 10.101.117.32 0.0.0.15 10.101.117.0 0.0.0.31 eq telne
t
access-list 199 permit icmp any any
access-list 100 remark Allow Web & SSH Access
access-list 100 permit tcp host 192.168.10.3 host 10.2.2.1 eq 22
access-list 100 permit tcp any any eq 80
int s0/0/0
ip access-group 100 out
ip access-list extended WEB-POLICY
permit tcp 192.168.30.0 0.0.0.255 host 10.1.1.1 eq 80
permit tcp 192.168.30.0 0.0.0.255 209.165.200.224 0.0.0.31 eq 80
int S0/0/1
ip access-group WEB-POLICY out
ip access-list extended 100
30 permit ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255
ip access-list extended WEB-POLICY
30 permit ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
deny tcp any host 2001:DB8:1:30::30 eq www
deny tcp any host 2001:DB8:1:30::30 eq 443 ipv6 traffic-filter BLOCK_HTTP in
ipv6 access-list RESTRICT-VTY
permit tcp 2001:db8:acad:a::/64 any
permit tcp any any eq 22
line vty 0 4
ipv6 access-class RESTRICT-VTY in
ipv6 access-list RESTRICTED-LAN
remark Block Telnet from outside
deny tcp any 2001:db8:acad:a::/64 eq telnet
permit ipv6 any any
int g0/1
ipv6 traffic-filter RESTRICTED-LAN out
ipv6 access-list RESTRICTED-LAN
permit tcp 2001:db8:acad:b::/64 host 2001:db8:acad:a::a eq 23 sequence 15
permit tcp any host 2001:db8:acad:a::3 eq www
int g0/1
ipv6 traffic-filter RESTRICTED-LAN out
R1
router eigrp 1
network 192.168.0.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.252 0.0.0.3
no auto-summary
interface g0/0
ip helper-address 192.168.2.254
interface g0/1
ip helper-address 192.168.2.254
R2
router eigrp 1
network 192.168.2.252 0.0.0.3
redistribute static
ip route 0.0.0.0 0.0.0.0 209.165.200.225
ip route 192.168.0.0 255.255.252.0 209.165.200.226
ip dhcp excluded-address 192.168.0.1 192.168.0.9
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp pool R1G1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 209.165.200.225
domain-name ccna-lab.com
lease 2
ip dhcp pool R1G0
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 209.165.200.225
domain-name ccna-lab.com
lease 2

interface g0/0
ip address dhcp
interface GigabitEthernet0/0
ip address 192.168.10.1 255.255.255.0
ip helper-address 10.1.1.1
ip helper-address 10.1.1.2
duplex auto
speed auto
iip dhcp excluded-address 10.10.4.1
!
ip dhcp pool R4
network 10.10.4.0 255.255.255.0
default-router 10.10.4.1
dns-server 209.165.44.2

interface GigabitEthernet0/0
ip address 10.10.4.1 255.255.255.0
duplex auto
speed auto
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:A:4::1/64
ipv6 ospf 1 area 0
!
!
interface Serial0/0/1
ip address 64.103.17.2 255.255.255.252
ipv6 address FE80::4 link-local
ipv6 address 2001:DB8:A:103::2/64
ipv6 ospf 1 area 0
router ospf 1
log-adjacency-changes
passive-interface GigabitEthernet0/0
network 10.10.4.0 0.0.0.255 area 0
network 64.103.17.0 0.0.0.3 area 0
!
ipv6 router ospf 1
router-id 1.1.1.1
log-adjacency-changes
!
ipv6 route ::/0 Serial0/0/1
!
!

interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
encapsulation ppp
ppp authentication pap
ppp pap sent-username R1 password 0 cisco

Você também pode gostar