enable secret 4 DvvsjMpHj9oJbgvhEFTTqmgtf20sdK0w5KjvvEu4tBg ! aaa new-model ! ! aaa authentication login default group tacacs+ enable aaa authentication enable default group tacacs+ enable aaa authorization commands 1 default group tacacs+ none aaa authorization commands 15 default group tacacs+ none aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+ aaa accounting connection default start-stop group tacacs+ ! ! ! ! ! aaa session-id common ! memory-size iomem 10 clock timezone GMT -5 0 crypto pki token default removal timeout 0 ! ! no ip source-route ! tacas= servidor de acceso de usuarios, ===================== DHCP ===================================== ! ! ip dhcp excluded-address 192.168.10.1 192.168.10.10(el dhcp excluye dicha ip del rango dhcp) ! ip dhcp pool LAN(creamos un pool dhcp con nombre LAN) network 192.168.10.0 255.255.255.0(debemos declarar q red deseamos q salga por el dhcp) default-router 192.168.10.1 (ip defaul no se debe tocar se separav para q sea l a default) dns-server 200.62.191.12 200.24.191.11 200.62.191.11 200.24.191.12 (los dns son de claro, traduccion servidor) ! ====================== SERVIDORES DNS ========================== ! ip cef no ip bootp server ip name-server 200.62.191.11 ip name-server 200.24.191.11 ip name-server 200.62.191.12 ip name-server 200.24.191.12 no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO881-SEC-K9 sn FTX170181DM ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0 no ip address duplex full speed 100 ! interface FastEthernet1 no ip address duplex full(velocidad de transmision) speed 100 ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface FastEthernet4 description Interface Wan CID 1520813 ip address 200.24.182.131 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat outside ip virtual-reassembly in load-interval 30 duplex full(velocidad de tx) speed 100 ! interface Vlan1 description Interface Lan ip address 192.168.10.1 255.255.255.0 secondary(ip privada se puede configurar a los usuarios) ip address 190.81.61.89 255.255.255.248(ip publica q me da salida al internet) no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat inside(ip de entrada) ip virtual-reassembly in(permitir el acceso a redes de entrada) load-interval 30(tiempo de actualizacion) ! ip forward-protocol nd no ip http server no ip http secure-server ! `============================== NAT ================================== ! ip nat translation tcp-timeout 300 ip nat pool ALFALAB 190.81.61.89 190.81.61.89 netmask 255.255.255.248 ip nat inside source list 10 pool ALFALAB overload(over load traduce las ip priv adas a una publica ejemplo un cliente solo desea acceder a internet, over load= pat ) ip route 0.0.0.0 0.0.0.0 200.24.182.129 ! access-list 10 permit 192.168.10.0 0.0.0.255(acces list, permite acceder a toda la red, la mascara wilcar es lo contrario) access-list 25 permit 200.14.241.34 access-list 25 permit 200.14.241.43 access-list 25 permit 200.24.182.129 ! ! ! ! tacacs-server host 200.14.241.43 tacacs-server host 200.14.241.30 tacacs-server key 7 050D120C2C0A5D0C1A4A(tacas cifrado) ! ! PAT. traduccion de direcciones por puertos para poder comunicar una red publica y una privada NAT. traduccion d e direcciones por red ruta default. es la comunicacion de la wan con el cpe 0.0.0.0(ip) 0.0.0.0(mas) i p al siguiente salto