Scribd
Upload
22 views12 pages

Borrador

The document outlines the configuration of VLANs, trunking, and HSRP for routers and switches in a network. It specifies IP addresses, DHCP pools, and port security settings for various interfaces. Additionally, it includes commands for enabling SSH and configuring authentication for network devices.

Uploaded by

manigoldo 14
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
22 views12 pages

Borrador

The document outlines the configuration of VLANs, trunking, and HSRP for routers and switches in a network. It specifies IP addresses, DHCP pools, and port security settings for various interfaces. Additionally, it includes commands for enabling SSH and configuring authentication for network devices.

Uploaded by

manigoldo 14
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 12

vlan 12

name Redes
vlan 24
name Logistica
vlan 36
name Ventas
vlan 48
name Management
vlan 60
name Servers
vlan 200
name Aislamiento
vlan 400
name Nativa

int range f0/14-15,f0/12-13


switchport mode trunk
switchport trunk allowed vlan 12,24,36,48,60,200,400
switchport trunk native vlan 400
exit

conf t
int range f0/14-15
channel-protocol lacp
channel-group 3 mode active
exit
interface port-channel 3
switchport mode trunk
switchport trunk allowed vlan 12,24,36,48,60,200,400
switchport trunk native vlan 400

conf t
int range f0/10-11
channel-group 1 mode desirable
interface port-channel 1
switchport mode trunk
switchport trunk allowed vlan 12,24,36,48,60,200,400
switchport trunk native vlan 400
show etherchannel summary
sh int status
sh int trunk

int range f0/12-13


channel-group 2 mode desirable
exit
interface port-channel 2
switchport mode trunk
switchport trunk allowed vlan 12,24,36,48,60,200,400
switchport trunk native vlan 400

enable
conf t
int range f0/12-13
channel-protocol lacp
channel-group 2 mode active
interface port-channel 2
switchport mode trunk
switchport trunk allowed vlan 5,15,25,40,50,300,500

switchport mode access


switchport access vlan 500
no shut

###########################################################

conf t
interface g0/0.12
encapsulation dot1Q 12
ip add 172.17.111.1 255.255.255.128
exit

interface g0/0.24
encapsulation dot1Q 24
ip add 172.17.110.1 255.255.255.0
exit

interface g0/0.36
encapsulation dot1Q 36
ip add 172.17.111.129 255.255.255.192
exit

interface g0/0.48
encapsulation dot1Q 48
ip add 172.17.111.193 255.255.255.224
exit

interface g0/0.60
encapsulation dot1Q 60
ip add 172.17.111.225 255.255.255.240
exit

interface g0/0.400
encapsulation dot1Q 400 native
ip add 172.17.111.241 255.255.255.240
exit
////////////////////////////////////////////////////// RO
interface g0/0.12
encapsulation dot1Q 12
ip add 172.17.111.2 255.255.255.128
exit

interface g0/0.24
encapsulation dot1Q 24
ip add 172.17.110.2 255.255.255.0
exit

interface g0/0.36
encapsulation dot1Q 36
ip add 172.17.111.130 255.255.255.192
exit

interface g0/0.48
encapsulation dot1Q 48
ip add 172.17.111.194 255.255.255.224
exit

interface g0/0.60
encapsulation dot1Q 60
ip add 172.17.111.226 255.255.255.240
exit

interface g0/0.400
encapsulation dot1Q 400 native
ip add 172.17.111.242 255.255.255.240
exit
///////////////////////////////////////////////////////R1
interface g0/0.12
encapsulation dot1Q 12
ip add 172.17.111.3 255.255.255.128
exit

interface g0/0.24
encapsulation dot1Q 24
ip add 172.17.110.3 255.255.255.0
exit

interface g0/0.36
encapsulation dot1Q 36
ip add 172.17.111.131 255.255.255.192
exit

interface g0/0.48
encapsulation dot1Q 48
ip add 172.17.111.195 255.255.255.224
exit

interface g0/0.60
encapsulation dot1Q 60
ip add 172.17.111.227 255.255.255.240
exit

interface g0/0.400
encapsulation dot1Q 400 native
ip add 172.17.111.243 255.255.255.240
exit

########################################################################## HSRP R1
conf t
interface g0/0.12
standby 2 ip 172.17.111.126
standby 2 priority 150
standby 2 preempt
exit

interface g0/0.24
standby 2 ip 172.17.110.254
standby 2 priority 120
standby 2 preempt
exit

interface g0/0.36
standby 2 ip 172.17.111.190
standby 2 priority 100
standby 2 preempt
exit

interface g0/0.48
standby 2 ip 172.17.111.222
standby 2 priority 150
standby 2 preempt
exit

interface g0/0.60
standby 2 ip 172.17.111.238
standby 2 priority 120
standby 2 preempt
exit

interface g0/0.400
standby 2 ip 172.17.111.254
standby 2 priority 150
standby 2 preempt
exit
////////////////////////////////////////////////////// R2
interface g0/0.12
standby 2 ip 172.17.111.126
standby 2 priority 120
standby 2 preempt
exit

interface g0/0.24
standby 2 ip 172.17.110.254
standby 2 priority 150
standby 2 preempt
exit

interface g0/0.36
standby 2 ip 172.17.111.190
standby 2 priority 120
standby 2 preempt
exit

interface g0/0.48
standby 2 ip 172.17.111.222
standby 2 priority 120
standby 2 preempt
exit

interface g0/0.60
standby 2 ip 172.17.111.238
standby 2 priority 150
standby 2 preempt
exit

interface g0/0.400
standby 2 ip 172.17.111.254
standby 2 priority 120
standby 2 preempt
exit
///////////////////////////////////////////////////////R3
interface g0/0.12
standby 2 ip 172.17.111.126
standby 2 priority 100
standby 2 preempt
exit

interface g0/0.24
standby 2 ip 172.17.110.254
standby 2 priority 100
standby 2 preempt
exit

interface g0/0.36
standby 2 ip 172.17.111.190
standby 2 priority 150
standby 2 preempt
exit

interface g0/0.48
standby 2 ip 172.17.111.222
standby 2 priority 100
standby 2 preempt
exit

interface g0/0.60
standby 2 ip 172.17.111.238
standby 2 priority 100
standby 2 preempt
exit

interface g0/0.400
standby 2 ip 172.17.111.254
standby 2 priority 100
standby 2 preempt
exit

#######################################################################
conf t
interface g0/0.10
standby 2 ip 192.18.10.254
standby 2 priority 100
standby 2 preempt

interface g0/0.40
standby 2 ip 192.18.40.254
standby 2 priority 100
standby 2 preempt

interface g0/0.200
standby 2 ip 192.18.200.254
standby 2 priority 100
standby 2 preempt

interface g0/0.20
standby 2 ip 192.18.20.254
standby 2 priority 100
standby 2 preempt

interface g0/0.50
standby 2 ip 192.18.50.254
standby 2 priority 100
standby 2 preempt

interface g0/0.30
standby 2 ip 192.18.30.254
standby 2 priority 100
standby 2 preempt

ip route 192.18.10.0 255.255.255.0 172.17.18.2


ip route 192.18.10.0 255.255.255.0 172.17.18.3
ip route 192.18.10.0 255.255.255.0 172.17.18.4

ip route 192.18.20.0 255.255.255.0 172.17.18.2


ip route 192.18.20.0 255.255.255.0 172.17.18.3
ip route 192.18.20.0 255.255.255.0 172.17.18.4

ip route 192.18.30.0 255.255.255.0 172.17.18.2


ip route 192.18.30.0 255.255.255.0 172.17.18.3
ip route 192.18.30.0 255.255.255.0 172.17.18.4

##############################################################
switchport mode access
interface f0/1
switchport mode access
switchport port-security
switchport port-security maximum 3
switchport port-security mac-address 00D0.BCC2.9538
switchport port-security mac-address 0004.9AEB.E60E
switchport port-security mac-address 0010.118E.4516
switchport port-security violation shutdown
exit

interface f0/2
switchport mode access
switchport port-security
switchport port-security maximum 4
switchport port-security mac-address 0004.9AEB.E60E
switchport port-security mac-address sticky
switchport port-security violation protec
exit
interface f0/3
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict

- R1 debe ser el router activo para la vlan 12, 48 y 400


- R2 debe ser el router activo para la vlan 24 y 60
- R3 debe ser el router activo para la vlan 36
172.17.110.0/23

11111111.11111111.11111110.00000000=

140 =2*8-2=254
80= 2*7-2=126
40=2*6-2=62
18=2*5-2=30
12=2*4-2=14
10=2*4-2=14

sh spanning-tree
spanning-tree mode rapid-pvst
spanning-tree vlan 1 root primary
spanning-tree vlan 12 root primary
spanning-tree vlan 24 root primary
spanning-tree vlan 36 root primary
spanning-tree vlan 48 root primary
spanning-tree vlan 60 root primary
spanning-tree vlan 200 root primary
spanning-tree vlan 400 root primary
spanning-tree vlan 10 priority 32768 4096
spanning-tree vlan 10 root primary

###############################################
ip dhcp excluded-address 172.17.111.254
ip dhcp excluded-address 172.17.111.241
ip dhcp excluded-address 172.17.111.242
ip dhcp excluded-address 172.17.111.243
ip dhcp pool vlan-400
network 172.17.111.240 255.255.255.240
default-router 172.17.111.254
dns-server 8.8.8.8

###########################################################

ip dhcp excluded-address 172.17.111.1


ip dhcp excluded-address 172.17.111.2
ip dhcp excluded-address 172.17.111.3
ip dhcp excluded-address 172.17.111.126
ip dhcp pool vlan-12
network 172.17.111.0 255.255.255.128
default-router 172.17.111.126
dns-server 8.8.8.8
exit

ip dhcp excluded-address 172.17.110.1


ip dhcp excluded-address 172.17.110.2
ip dhcp excluded-address 172.17.110.3
ip dhcp excluded-address 172.17.110.254
ip dhcp pool vlan-24
network 172.17.110.0 255.255.255.0
default-router 172.17.110.254
dns-server 8.8.8.8
exit

ip dhcp excluded-address 172.17.111.129


ip dhcp excluded-address 172.17.111.130
ip dhcp excluded-address 172.17.111.131
ip dhcp excluded-address 172.17.111.190
ip dhcp pool vlan-36
network 172.17.111.128 255.255.255.192
default-router 172.17.111.190
dns-server 8.8.8.8

##################################################################3

172.17.111.225 255.255.255.240
carlos carlos123
anthony anthony123
peter peter123
juana juana123
maria maria123
beatriz beatriz123

username R1 secret R1123

hostname R1
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius local
radius-server host 172.17.110.229 key admin

ip domain-name cisco.com
ip ssh version 2
crypto key generate rsa

line vty 0 4
transport input ssh
login authentication default

hostname R3
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius local
radius-server host 172.17.109.229 key admin

ip domain-name cisco.com
enable secret cisco
ip ssh version 2
crypto key generate rsa

line vty 0 4
transport input ssh
login authentication default

hostname R3
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius local
radius-server host 172.17.111.229 key admin

ip domain-name cisco.com
ip ssh version 2
crypto key generate rsa

line vty 0 4
transport input ssh
login authentication default

hostname SW1
int vlan 48
ip add 172.17.111.197 255.255.255.224
no sh
ip default-gateway 172.17.111.222
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius local
radius-server host 172.17.111.229 key admin

ip domain-name cisco.com
ip ssh version 2
crypto key generate rsa

line vty 0 4
transport input ssh
login authentication default

hostname SW2
int vlan 48
ip add 172.17.111.198 255.255.255.224
no sh
ip default-gateway 172.17.111.222
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius local
radius-server host 172.17.111.229 key admin

ip domain-name cisco.com
ip ssh version 2
crypto key generate rsa

line vty 0 4
transport input ssh
login authentication default

hostname SW3
int vlan 48
ip add 172.17.111.199 255.255.255.224
no sh
ip default-gateway 172.17.111.222
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius local
radius-server host 172.17.111.229 key admin

ip domain-name cisco.com
ip ssh version 2
crypto key generate rsa

line vty 0 4
transport input ssh
login authentication default
######################################################################### VPN ACL

ip route 172.17.111.0 255.255.255.128 20.20.110.2


ip route 172.17.111.0 255.255.255.128 20.20.110.3
ip route 172.17.111.0 255.255.255.128 20.20.110.4
ip route 172.17.110.0 255.255.255.0 20.20.110.2
ip route 172.17.110.0 255.255.255.0 20.20.110.3
ip route 172.17.110.0 255.255.255.0 20.20.110.4
ip route 172.17.111.128 255.255.255.192 20.20.110.2
ip route 172.17.111.128 255.255.255.192 20.20.110.3
ip route 172.17.111.128 255.255.255.192 20.20.110.4
no ip route 0.0.0.0 0.0.0.0 20.20.110.2
no ip route 0.0.0.0 0.0.0.0 20.20.110.3
no ip route 0.0.0.0 0.0.0.0 20.20.110.4

ISP
ip route 172.17.111.0 255.255.255.128 144.110.110.2
ip route 172.17.110.0 255.255.255.0 144.110.110.2
ip route 172.17.111.128 255.255.255.192 144.110.110.2

######################################################## VPN
Rtr_borde
license boot module c1900 technology-package securityk9
reload

crypto isakmp policy 10


encryption aes 256
authentication pre-share
group 5
exit
crypto isakmp key cisco123 address 100.5.110.2
crypto ipsec transform-set R1-R3 esp-aes 256 esp-sha-hmac

crypto map IPSEC-MAP 10 ipsec-isakmp


set peer 100.5.110.2
set pfs group5
set security-association lifetime seconds 86400
set transform-set R1-R3
match address VPN

interface GigabitEthernet0/0
crypto map IPSEC-MAP

ip access-list extended VPN


permit ip host 172.17.111.12 host 10.10.110.10
permit ip host 172.17.110.24 host 10.10.110.10
permit ip host 172.17.111.136 host 10.10.110.10
permit ip host 172.17.111.4 host 10.10.110.10
permit ip host 172.17.110.4 host 10.10.110.10
permit ip host 172.17.111.132 host 10.10.110.10

router service

license boot module c1900 technology-package securityk9


reload

crypto isakmp policy 10


encryption aes 256
authentication pre-share
group 5
exit
crypto isakmp key cisco123 address 144.110.110.2
crypto ipsec transform-set R3-R1 esp-aes 256 esp-sha-hmac

crypto map IPSEC-MAP 10 ipsec-isakmp


set peer 144.110.110.2
set pfs group5
set security-association lifetime seconds 86400
set transform-set R3-R1
match address VPN

interface GigabitEthernet0/0
crypto map IPSEC-MAP

ip access-list extended VPN

ip access-list extended VPN


permit ip host 10.10.110.10 host 172.17.111.12
permit ip host 10.10.110.10 host 172.17.110.24
permit ip host 10.10.110.10 host 172.17.111.136
permit ip host 10.10.110.10 host 172.17.111.4
permit ip host 10.10.110.10 host 172.17.110.4
permit ip host 10.10.110.10 host 172.17.111.132

################################################################### CREAR NAT


Router borde
ip access-list extended NAT
deny ip host 172.17.111.12 host 10.10.110.10
deny ip host 172.17.110.24 host 10.10.110.10
deny ip host 172.17.111.136 host 10.10.110.10
deny ip host 172.17.111.4 host 10.10.110.10
deny ip host 172.17.110.4 host 10.10.110.10
deny ip host 172.17.111.132 host 10.10.110.10
permit ip any any
ip nat inside source list NAT interface g0/0 overload

Router service provider


no ip nat pool POOL1 100.5.110.3 100.5.110.3 netmask 255.255.255.248
ip access-list extended NAT1
deny ip host 10.10.110.10 host 172.17.111.12
deny ip host 10.10.110.10 host 172.17.110.24
deny ip host 10.10.110.10 host 172.17.111.136
deny ip host 10.10.110.10 host 172.17.111.4
deny ip host 10.10.110.10 host 172.17.110.4
deny ip host 10.10.110.10 host 172.17.111.132
permit ip any any
no ip nat inside source list NAT1 pool POOL1

ip access-list extended NAT2


deny ip host 10.10.110.10 host 172.17.111.12
deny ip host 10.10.110.10 host 172.17.110.24
deny ip host 10.10.110.10 host 172.17.111.136
deny ip host 10.10.110.10 host 172.17.111.4
deny ip host 10.10.110.10 host 172.17.110.4
deny ip host 10.10.110.10 host 172.17.111.132
permit any any
no ip nat inside source list NAT1 interface g0/0 overload
ip route 172.17.111.224 255.255.255.240 144.110.110.2
ip route 172.17.111.224 255.255.255.240 20.20.110.2
ip route 172.17.111.224 255.255.255.240 20.20.110.3
ip route 172.17.111.224 255.255.255.240 20.20.110.4

no ip route 144.110.110.0 255.255.255.248 100.5.110.1


no ip route 20.20.110.0 255.255.255.240 100.5.110.1
no ip route 172.17.111.0 255.255.255.128 100.5.110.1

no ip route 100.5.110.0 255.255.255.248 144.110.110.1


no ip route 10.10.110.0 255.255.255.0 144.110.110.1
no ip route 172.17.111.224 255.255.255.240 20.20.110.2
no ip route 172.17.111.224 255.255.255.240 20.20.110.3
no ip route 172.17.111.224 255.255.255.240 20.20.110.4

You might also like