Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Conf Lab ACL

    Hochgeladen von

    Eimer Castro Hincapie
    63 Ansichten5 Seiten
    - The document contains configurations for basic router setup including hostname, banners, passwords, SSH, OSPF, ACLs, NAT, DHCP, PPP, and Frame Relay. - Configurations include enabling services like SSH, setting passwords, configuring OSPF routing, creating standard and extended ACLs for access control and traffic filtering, and configuring NAT, DHCP, PPP, and Frame Relay. - Access lists, NAT, DHCP, PPP, and Frame Relay are configured to control access, translate addresses, automate IP assignment, authenticate connections, and encapsulate protocols.

    Originalbeschreibung:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    - The document contains configurations for basic router setup including hostname, banners, passwords, SSH, OSPF, ACLs, NAT, DHCP, PPP, and Frame Relay. - Configurations include enabling services like SSH, setting passwords, configuring OSPF routing, creating standard and extended ACLs for access control and traffic filtering, and configuring NAT, DHCP, PPP, and Frame Relay. - Access lists, NAT, DHCP, PPP, and Frame Relay are configured to control access, translate addresses, automate IP assignment, authenticate connections, and encapsulate protocols.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    63 Ansichten5 Seiten

    Conf Lab ACL

    Hochgeladen von

    Eimer Castro Hincapie
    - The document contains configurations for basic router setup including hostname, banners, passwords, SSH, OSPF, ACLs, NAT, DHCP, PPP, and Frame Relay. - Configurations include enabling services like SSH, setting passwords, configuring OSPF routing, creating standard and extended ACLs for access control and traffic filtering, and configuring NAT, DHCP, PPP, and Frame Relay. - Access lists, NAT, DHCP, PPP, and Frame Relay are configured to control access, translate addresses, automate IP assignment, authenticate connections, and encapsulate protocols.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 5

    BASICA enable config t hostname R2 BANNER MOTD #Solo acceso a personal autorizado# enable secret class no ip domain lookup

    ip domain-name cisco.com line console 0 password cisco logging synchronous login exit line vty 0 4 password cisco LOGIn LOCal TRAnsport INput SSh exit ######################################################### IP DOMAIN-NAME cisco.com USERNAME ccna4 PRIVILEGE 15 PASSWORD cisco CRypto Key Generate RSa 1024 IP SSH AUthentication-retries 3 IP SSH TIMe-out 120 NO IP DOMAIN-LOOKUP ENABLE PASSWORD cisco BANNER MOTD #Solo acceso a personal autorizado# LINE CONSOLE 0 PASSWORD cisco LOGIN LINE VTY 0 4 LOGIn LOCal TRAnsport INput SSh END WR ######################################################### SSH access-list 10 remark Solo permitir a la LAN de R1 hacer SSH access-list 10 permit 10.0.0.0 0.0.0.255 access-list 10 deny any line vty 0 4 access-class 10 in ######################################################### router ospf 10 log-adjacency-changes passive-interface FastEthernet0/0 network 192.168.1.0 0.0.0.255 area 0 network 192.168.2.0 0.0.0.255 area 0 network 192.168.0.0 0.0.0.255 area 0 ****conf acl Numerada (Standrad) conf t access-list 100 remark lista para permitir trafico web a LAN1 access-list 100 permit tcp 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 eq 80

    access-list 100 remark para permitir trafico a server2 access-list 100 permit tcp 192.168.0.0 0.0.0.255 192. host 192.168.3.1 eq 80 interface FastEthernet0/0 ip access-group 100 in *********eliminar la acl y crearla como ACL Nombrada (EXtendida) no ip access-group 100 no access-list 100 ip access-list extended WEB_ALLOW remark permite trafico Web a server1 *tres formas permit tcp Origen Destino Port permit tcp host 192.168.0.1 192.168.1.0 0.0.0.255 eq 80 192.168.0.1 0.0.0.0 192.168.0.1 permit tcp 192.168.0.0 0.0.0.255 host 192.168.3.1 eq 80 interface FastEthernet0/0 ip access-group WEB_ALLOW in *********para permitir respuesta de Lan1 a Lan2 *-Los equipos con direccion Ip entre .1 y .7 de lan2 deben poder hacer ping a los equipos comparando 00000001 00000010 00000011 00000100 00000101 00000110 00000111 -------------192.168.4.0 0 . 0 .0.7 willcard conf t ip access-list extended WEB_ALLOW remark permitir la respuesta de ping a Lan2 permit icmp 192.168.0.0 0.0.0.255 192.168.4.0 0.0.0.7 echo-reply /*los equipos pares de Lan 1 y Lan2 le pueden hacer telnet a todos los routers Lista de control de acceso aplicado a la line vty en R1 y R2 solo se necesario el destino comparando conf t access-list 1 permit 192.168.0.0 0.0.0.254 access-list 1 permit 192.168.4.0 0.0.0.254 conf t line vty 0 4 access-class 1 in transport input telnet conf t ip access-list extended WEB_ALLOW permit tcp any any eq 23

    AUTENTICACION PPP R1(config)#username R1 password cisco R1(config)#int s0/0/0 R1(config-if)#ppp authentication pap R1(config-if)#ppp pap sent-username R2 password cisco R2(config)#username R2 password cisco R2(config)#interface Serial0/0/0 R2(config-if)#ppp authentication pap R2(config-if)#ppp pap sent-username R1 password cisco AUTENTICACION CHAP R2(config)#username R3 password cisco R2(config)#int s0/0/1 R2(config-if)#ppp authentication chap R3(config)#username R2 password cisco R3(config)#int s0/0/1 R3(config-if)#ppp authentication chap

    CONF FRAME RELAY R1 interface Serial0/0/0 encapsulation frame-relay ietf frame-relay lmi-type ansi ip ospf network broadcast clock rate 64000 ! interface Serial0/0/0.302 multipoint ip address 172.16.0.3 255.255.255.248 frame-relay map ip 172.16.0.2 302 broadcast ietf frame-relay map ip 172.16,0,1 301 broadcast ietf ip ospf network broadcast clock rate 2000000 R2 interface Serial0/0/1 encapsulation frame-relay ietf frame-relay lmi-type ansi ip ospf network broadcast clock rate 64000 ! interface Serial0/0/1.203 point-to-point ip address 172.216.0.2 255.255.255.248 frame-relay interface-dlci 203 ip ospf network broadcast clock rate 2000000 R3 interface Serial0/0/0 encapsulation frame-relay ietf

    frame-relay lmi-type ansi ip ospf network broadcast clock rate 64000 ! interface Serial0/0/0.103 point-to-point ip address 172.16.0.1 255.255.255.248 frame-relay interface-dlci 103 ip ospf network broadcast clock rate 2000000 CONF DE DHCP ip dhcp excluded-address 192.168.10.1 192.168.10.9 ip dhcp excluded-address 192.168.10.254 ip dhcp pool LAN-POOL-1 ip helper-address : AQUI VA DIP/IP DE ENTREDA A ROUTER DHCP network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 domain-name span.com CONFIGURACION DE NAT NAT ESTATICO (solo traduce uno a uno) Hacer que una nica publica se tradusca en una una nica privada, # ip nat inside source static 192.168.10.1(ip de mi LAN) 10.2.11.172 (la IP publica que voy a traducir, puede ser una interfaz X o puede ser la misma que este conectada) # inter fa1/0 (INTERNA) # ip nat inside # interface serial1(EXTERNA) # ip nat outside NAT DINAMICO Primero definir un pool de direcciones (las direcciones pblicas que nos asigne n uestro ISP) Router-Cisco#configure terminal Router-Cisco(config)# ip nat pool 1 200.42.1.1 200.42.1.10 netmask 255.255.255.0 2) Crear una lista de acceso Standard que permita las direcciones internas que s e deben traducir. Router-Cisco(config)# access-list 1 permit 172.16.129.0 0 0.0.0.255 3) Configurar la NAT dinmico basada en la direccin de origen especificando la lista de acceso definida en el paso anterior. Router-Cisco(config)# ip nat inside source list 1 pool 1 4) Especificar la interfaz interna y marcarla como conectada al interior. Router-Cisco(config)# interface etherne 0 Router-Cisco(config-if)# ip nat inside Router-Cisco(config-if)# exit

    CONFIGURACION PAT R# configure terminal R(config)# ip nat pool fib-xc 198.3.4.1 198.3.4.30 netmask 255.255.255.0 (config)# access-list 2 permit 10.1.1.0 0.0.0.255 R(config)# ip nat inside source list 2 pool fib-xc overload R(config)# interface e0 R(config-if)# ip nat inside R(config-if)# exit R(config)# interface s0 R(config-if)# ip nat outside

    Das könnte Ihnen auch gefallen