Actualiar sistema operativo en sw

Se asigna IP al servidor:

Se activa el TFTP
 Se entra Al SW

Switch(config)#

Switch(config)#int vlan 1

Switch(config-if)#ip address 192.168.10.2

Switch(config-if)#no sh

Se hace copia de sistema en el servidor

Switch#sh flash
Directory of flash:/
1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin ----el sistema operativo

Switch#copy flash: tftp:

Source filename []? c2960-lanbase-mz.122-25.FX.bin
Address or name of remote host []? 192.168.10.10 (IPdelservidor)
Destination filename [c2960-lanbase-mz.122-25.FX.bin]? c2960-lanbase-mz.122-
25.FX.bin

Writing c2960-lanbase-mz.122-25.FX.bin.....

Se elimina sistema operativo

Switch#delete c2960-lanbase-mz.122-25.FX.bin
Delete filename [c2960-lanbase-mz.122-25.FX.bin]?
Delete flash:/c2960-lanbase-mz.122-25.FX.bin? [confirm]

Se Copia la actualización desde el server

Switch#copy tftp: flash:

Address or name of remote host []? 192.168.10.10
Source filename []? c2960-lanbasek9-mz.150-2.SE4.bin
Destination filename [c2960-lanbasek9-mz.150-2.SE4.bin]?

Se verifica si tiene IPv6

Switch(config)#do sh sdm prefer
The current template is "default" template.
The selected template optimizes the resources in
the switch to support this level of features for
0 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 8K

number of IPv4 IGMP groups + multicast routes: 0.25K
number of IPv4 unicast routes: 0
number of IPv6 multicast groups: 0
number of directly-connected IPv6 addresses: 0
number of indirect IPv6 unicast routes: 0

Se reinicia equipo

Switch(config)#do reload
Se activa IPV6
Switch(config)#sdm prefer ?
default Default bias
dual-ipv4-and-ipv6 Support both IPv4 and IPv6
lanbase-routing Lanbase routing
qos Qos bias
Switch(config)#sdm prefer dual-ipv4-and-ipv6 default
Changes to the running SDM preferences have been stored, but cannot take effect until the next
reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
Switch(config)#
Switch(config)# do wr
Switch(config)#do reload

Se pone el nombre

Switch>en
Switch(config)#hostname SW1-Rk1-Piso1
SW1-Rk1-Piso1(config)#do WR
Building configuration...
[OK]

SW1-Rk1-Piso1(config)#enable password cisco

SW1-Rk1-Piso1(config)#banner motd #*****Uso privado*****#
SW1-Rk1-Piso1(config)#enable secret cisco
SW1-Rk1-Piso1(config)#
SW1-Rk1-Piso1#wr

*****Uso privado*****

SW1-Rk1-Piso1(config)#line console 0
SW1-Rk1-Piso1(config-line)#password cisco
SW1-Rk1-Piso1(config-line)#do wr
SW1-Rk1-Piso1(config)#service password-encryption
SW1-Rk1-Piso1(config)#

SW1-Rk1-Piso1(config)#int
SW1-Rk1-Piso1(config)#interface vlan1
SW1-Rk1-Piso1(config-if)#ipv6 add 2001:DB8:CAFE::2/64
SW1-Rk1-Piso1(config-if)#ipv6 add fe80::2 link-local
SW1-Rk1-Piso1(config-if)#do wr

SW1-Rk1-Piso1#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
SW1-Rk1-Piso1(config)#line vty 0 1
SW1-Rk1-Piso1(config-line)#password cisco
SW1-Rk1-Piso1(config-line)#login
SW1-Rk1-Piso1(config-line)#transport input telnet
SW1-Rk1-Piso1(config-line)#do wr
Building configuration...
[OK]
SW1-Rk1-Piso1(config-line)#
**********************************************************************
**********************************************************************
**********************************************************************
SW1-Rk1-Piso2#conf ter
SW1-Rk1-Piso2(config)#ip domain-name www.cisco.com
SW1-Rk1-Piso2(config)#ip default-gateway 192.168.10.1
SW1-Rk1-Piso2(config)#crypto key generate rsa
The name for the keys will be: SW1-Rk1-Piso2.www.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
SW1-Rk1-Piso2#
SW1-Rk1-Piso2#

W1-Rk1-Piso2#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
SW1-Rk1-Piso2(config)#username ral privilege 15 password cisco
SW1-Rk1-Piso2(config)#username damian privilege 15 password cisco
SW1-Rk1-Piso2(config)#do wr
**********************************

SW1-Rk1-Piso2(config)#
SW1-Rk1-Piso2(config)#line vty 0
SW1-Rk1-Piso2(config-line)#^Z
SW1-Rk1-Piso2#

SW1-Rk1-Piso2#conf ter
SW1-Rk1-Piso2(config)#crypto key generate rsa
% You already have RSA keys defined named SW1-Rk1-Piso2.www.cisco.com .
% Do you really want to replace them? [yes/no]: no
SW1-Rk1-Piso2(config)#
SW1-Rk1-Piso2(config)#line vty 0
SW1-Rk1-Piso2(config-line)#login local
SW1-Rk1-Piso2(config-line)#transport input all
SW1-Rk1-Piso2(config-line)#do wr

W1-Rk1-Piso2#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
SW1-Rk1-Piso2(config)#line console 0
SW1-Rk1-Piso2(config-line)#login local
SW1-Rk1-Piso2(config-line)#do wr
Building configuration...
[OK]

se borra el telnet

nter configuration commands, one per line. End with CNTL/Z.

SW1-Rk1-Piso2(config)#
SW1-Rk1-Piso2(config)#line vty 0
SW1-Rk1-Piso2(config-line)#transport input ssh
SW1-Rk1-Piso2(config-line)#

Se entra a un pc de la re y se hace la prueba

C:\>telnet 192.168.0.3
Trying 192.168.0.3 ...
% Connection timed out; remote host not responding
:\>ssh -l damian 192.168.10.3

Password:
*****Uso privado*****

SW1-Rk1-Piso2#

Apagar puertos que no se usaran

SW1-Rk1-Piso1(config)# interface range f0/1-10

SW1-Rk1-Piso1(config-if-range)#switchport mode access
SW1-Rk1-Piso1(config-if-range)#shutdown

se pone en modo de acceso

SW1-Rk1-Piso1(config)#int f0/1
SW1-Rk1-Piso1(config-if)#switchport mode access
SW1-Rk1-Piso1(config-if)#
SW1-Rk1-Piso1(config-if)#do sh int f0/1 sw

*********************
se shutea si se conecta otro equipo

SW1-Rk1-Piso1(config)#int f0/1
SW1-Rk1-Piso1(config-if)# switchport mode access
SW1-Rk1-Piso1(config-if)#switchport port-security maximum 1
SW1-Rk1-Piso1(config-if)#switchport port-security violation ?
protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode

SW1-Rk1-Piso1(config-if)#switchport port-security violation shutdown

SW1-Rk1-Piso1(config-if)#switchport port-security mac-address ?

H.H.H 48 bit mac address
sticky Configure dynamic secure addresses as sticky

SW1-Rk1-Piso1(config-if)#switchport port-security mac-address sticky

SW1-Rk1-Piso1(config)#int range f0/2-3

SW1-Rk1-Piso1(config-if-range)#switchport port-security
SW1-Rk1-Piso1(config-if-range)#
SW1-Rk1-Piso1(config-if)#do wr
Building configuration...
[OK]
SW1-Rk1-Piso1#sh por
SW1-Rk1-Piso1#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
--------------------------------------------------------------------
Fa0/1 1 0 0 Shutdown
----------------------------------------------------------------------
SW1-Rk1-Piso1#
SW1-Rk1-Piso1#
SW1-Rk1-Piso1#sh port-security in
SW1-Rk1-Piso1#sh port-security interface f0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses :0
Configured MAC Addresses : 0
Sticky MAC Addresses :0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0

SW1-Rk1-Piso1#
SW1-Rk1-Piso1#ping 192.168.10.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms

Radios en el SW 1 IEEE802.1X
 Se va al SW
SW1-Rk1-Piso1(config)#aaa new-model
SW1-Rk1-Piso1(config)#aaa authentication ?
dot1x Set authentication lists for IEEE 802.1x.
enable Set authentication lists for enable.
login Set authentication lists for logins.
ppp Set authentication lists for ppp.
SW1-Rk1-Piso1(config)#aaa authentication dot1x ?
default The default authentication list.

SW1-Rk1-Piso1(config)#aaa authentication dot1x default group radius

SW1-Rk1-Piso1(config)#radius-server host 192.168.10.10 key cisco
SW1-Rk1-Piso1(config)#dot1x system-auth-control
SW1-Rk1-Piso1(config)#do wr
SW1-Rk1-Piso1(config)#
SW1-Rk1-Piso1(config)#int range f0/2-24

SW1-Rk1-Piso1(config-if-range)#switchport mode access

SW1-Rk1-Piso1(config-if-range)#authentication port-control auto
SW1-Rk1-Piso1(config-if-range)#dot1x pae authenticator
********************************************************************************
****************************************************************************

SW1

Creación de vlan capa2 SW FINAL

Switch>en
Switch#confi ter
Switch(config)#vlan 10
Switch(config-vlan)#name compras

Se pone M-acceso el puerto

Switch(config)#int range f0/1-5

Switch(config-if-range)#switchport mode access
Switch(config-if-range)#sw access vlan 10

Troncalizar puertos INTERMEDIO entre SW A SW

Switch(config-if-range)#int g0/1
Switch(config-if)#sw mode trunk
Switch(config-if)#switchport trunk allowed vlan 10,20,30,100,200

Se verifica como van troncalizados los puertos

Switch(config-if)# do sh int trunk

*********************************************

SW2 INTERMEDIO

***Para puertos de SW intermedio eliminar la ID de VLAN nativa de la interfaz Ethernet virtual,

utilice la forma no de este comando.

Switch(config-vlan)#int g0/1
Switch(config-if)#sw mode trunk
Switch(config-if)#switchport trunk native vlan 200

Se nombran las Vlan en equipo

Switch(config)#vlan 10
Switch(config-vlan)#vlan 20
Switch(config-vlan)#vlan 30
Switch(config-vlan)#vlan 10
Switch(config-vlan)#vlan 100
Switch(config-vlan)#vlan 200

Switch(config)#interface range 0/1-2

Switch(config-if-range)#switchport trunk allowed vlan 10,20,30,100,200

*****************************

Router capa3

Router(config)#int g0/0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0