Vous êtes sur la page 1sur 22

configure terminal

hostname HQSw1

---contrase�a cifrada �class� para el modo EXEC privilegiado.

enable secret class

---Establezca la contrase�a �cisco� para todas las l�neas, de modo que se requiera
iniciar sesi�n, comenzando por la l�nea de consola. Establezca las l�neas vty de 0
a 15.

line console 0
password cisco
login
line vty 0 15
password cisco
login
exit

---Para encriptar todas las claves

service password-encryption

--no busque nombres en la red

no ip domain-lookup

---Configure la VLAN 1 con la direcci�n IP 192.168.10.2/24 y active la interfaz.

HQSw1(config)# interface vlan 1


HQSw1(config-if)# ip address 192.168.10.2 255.255.255.0:
HQSw1(config-if)# no shutdown
HQSw1(config-if)# end

HQSw1# show running-configuration

---------------------------------------------------------------------Capitulo2
---------------------------------------------------------------------
-------comando creaCION DE VLANS para adminsitracion

configure terminal
interface vlan 99
ip address 172.17.99.11 255.255.0.0
no sh
end

----copio configuracion al incio

copy running-config startup-config

-------Acceder a una interfaz por una vlan

S1(config)# vlan id_de_vlan


S1(config-vlan)# name nombre_de_vlan
S1(config-vlan)# exit
S1(config)# interface interface_id
S1(config-if)# switchport access vlan id_de_vlan

S1(config)# vlan 15
S1(config-vlan)# name vlanAlumnos
S1(config-vlan)# exit

S1(config)# interface fa0/1


S1(config-if)# switchport access vlan vlan 15
S1(config-if)# no sh

-------Configuracion de puertos velocidad y modo duplex

configure terminal
interface fa 0/1
duplex full
speed 100
end

copy running-config startup-config

---mostrar solo la ip y estado de la interface


do show ip interface vlan1

--mostrar toda la informacion de la vlan1


show interface vlan1

--ver la version del sistema operativo


show version

--ver imagen del sistema opertivo


show flash

--ver directorio de la memoria flash


show flash

--ver estado de la interface,velacidad y duplex


show int fa0/6

--ver vlans
show vlan

--ver historial de comandos


sh history

--ver si existe MDIX (cables cruzados o directos)


show controllers ethernet-controller

-------crear VLAN 99 y darle acceso a estudiantes


vlan 99
name vlanEstudiantes
exit

interface vlan 99
ip address 192.168.1.2 255.255.255.0
no sh
exit

interface range fa0/1 - 24 ,g0/1 - 2


switchport access vlan 99
exit

ip default-gateway 192.168.1.1

line console 0
password cisco
login
logging synchronous

line vty 0 15
password cisco
login
exit

---en consola usar


telnet 192.168.1.2

--comando para mostrar la tabla de direcciones mac

show mac-add

show mac-address-table

--ingresar mac estaticamente al puerto


mac address-table static 000C.CF60.E36E vlan 99 interface fa0/6

--borrar archivo de vlan


show flash
delete vlan.dat
erase startup-config
reload

-------configuracion de ssh
conf t
ip domain-name cisco.com

--crea clave para establecer comunicacion


crypto key generate rsa

username admin secret ccna


line vty 0 15
transport input ssh
login local
exit
ip ssh version 2
exit

username administrator secret cisco


line vty 0
password cisco
transport input ssh
login local
login
end

------- configuracion de snooping DHCP


------- limitar DHCP en puertos no seguros

--seguros

ip dhcp snooping
ip dhcp snooping vlan 10,20

int fa 0/1
ip dhcp snooping trust

--no seguros
int range fa0/2 - 5
ip dhcp snooping limit rate 5

------- configuracion para agregar MAC de manera persistente

switchport port-security mac-address sticky

--se guarda en el startup para que sean permanentes

------- para que aprendan de manera dinamieca

no switchport port-security mac-address sticky

-------Seguridad de interfaces

show port-security interface

switchport port-security maximum 2

switchport port-security violation protect


switchport port-security violation restrict
switchport port-security violation shutdown

---------------------------------------------------------------------Capitulo3
---------------------------------------------------------------------
--creacion de varias vlan

conf t

vlan 100,102,105-107
name grupo1
end
int fa0/20
switchport mode access
switchport access vlan 20
end

--para ver a que vlan pertenece el puerto

show interfaces f0/18 switchport

--en modo global elimina vlans de los puertos


no switchport access vlan

--las vlan reemplazan a la existente en cada asginacion

-- todas las vlan


show vlan brief

--conteo todas las vlan configuradas


show vlan summary

-- muestra informacion de vlan por nombre


show vlan name estudiantes

---------------------------------------------------creacion de vlans asignacion


vlan 10
name Personal
exit

vlan 20
name Estudiantes
exit

vlan 30
name Invitado
exit

vlan 99
name Administracion
exit

interface vlan 10
ip address 172.17.10.0 255.255.255.0
no sh

interface vlan 20
ip address 172.17.20.0 255.255.255.0
no sh

interface vlan 30
ip address 172.17.30.0 255.255.255.0
no sh
int fa0/11
switchport mode access
switchport access vlan 10
no sh
end

int fa0/18
switchport mode access
switchport access vlan 20
no sh
end

int fa0/6
switchport mode access
switchport access vlan 30
no sh
end

----establecer en modo troncal, ambos extremos es mejor asi no hay


----conflictos de vlan nativas

int fa0/18
switchport mode trunk
switchport trunk native vlan 99
switchport trunk allowed vlan 10,20,30,99
no sh
end

----deshabilitar modo troncal

int fa0/18
no switchport mode trunk
no switchport trunk allowed vlan
no switchport trunk native vlan
no sh
end

--- para ver cambios en puertos


show interfaces f0/1 switchport

int g0/2
switchport mode trunk
switchport trunk native vlan 99
switchport trunk allowed vlan 10,20,30,99
no sh
end

int g0/1
switchport mode trunk
switchport trunk native vlan 30
switchport trunk allowed vlan 10,20,30,99
no sh
end

-------Mostrar modos troncales


show dtp interface

-------Despues de ingresar modos troncales desabilitar DTP


switchport nonegotiate

-------Mostrar vlans
show vlan
show interfaces
show interfaces switchport

show interfaces trunk

------- No Mostrar el trafico entre vlans vecinas


switchport protected

---------------------------------------------------------------------Capitulo4
---------------------------------------------------------------------

----comando traceroute para ver saltos

traceroute

-----Rastreo y descubrimiento de direcciones


1----veo dominio y dns

nslookup b2server.pt.pka

2----veo saltos hacia el dominio

tracert b2server.pt.pka

3----telnet a los saltos que obtuve

------ver ip de las interfaces y estado


show ip inte brief

how ipv6 interface brief

------veo las rutas con su mascara


show ip route connected

-----ver ip y mascara interfaz


show running-config int g0/0

int loopback 0
ip address 10.0.0.1 255.255.255.0
exit
---------------------------------------------------------------------Capitulo5
---------------------------------------------------------------------

------Enrutamiento vlan antiguo

IP PC1) 172.17.10.21 255.255.255.0


IP PC2) 172.17.30.23 255.255.255.0

---1 switch

vlan 10
vlan 30

-- va a la pc
int f0/11
switchport access vlan 10

-- va a al router

int f0/4
switchport access vlan 10

-- va a la pc

int f0/6
switchport access vlan 30

-- va a al router

int f0/5
switchport access vlan 30

---2 router

int g0/0
ip address 172.17.10.1 255.255.255.0
no sh

int g0/1
ip address 172.17.30.1 255.255.255.0
no sh

------Enrutamiento vlan ROUTER on a stick

IP PC1) 172.17.10.21 255.255.255.0


IP PC2) 172.17.30.23 255.255.255.0

---1 switch

vlan 10
vlan 30
int g0/1
switchport mode trunk
switchport trunk allowed vlan 10,30
no sh
end

int f0/11
switchport access vlan 10
no sh

int f0/06
switchport access vlan 30
no sh

---2 router

int g0/0.10
encapsulation dot1q 10
ip address 172.17.10.1 255.255.255.0
no sh

int g0/0.30
encapsulation dot1q 30
ip address 172.17.30.1 255.255.255.0
no sh

int g0/0
no sh

--- para ver las sub interfaces


show vlan

---para validar vlan configurada


show interfaces g 0/1 switchport.

---ver encapsulacion
show interfaces

---------------------------------------------------------------------Capitulo6
---------------------------------------------------------------------

----ver rutas estatica


show ip route static

---ver configuracion de rutas estaticas

show running-config | section ip route

---------------------Router MAIN
hostname Main
no ip domain-lookup
enable secret cisco

line console 0
password class
login
line vty 0 15
password class
login
exit

service password-encryption

int s0/0/0
description PrincipalOut
ip address 128.107.0.1 255.255.255.252
ipv6 address 2001:db8:2:1::1/64
ipv6 address fe80::1 link-local
no sh

int s0/0/1
description RespaldoOut
ip address 128.107.0.5 255.255.255.252
ipv6 address 2001:db8:3:1::1/64
ipv6 address fe80::1 link-local
no sh

int s0/1/1
description principalIn
ip address 10.10.20.1 255.255.255.252
ipv6 address 2001:db8:1:1::1/64
ipv6 address fe80::1 link-local
no sh

ipv6 unicast-routing

ip route 10.10.1.0 255.255.255.0 S0/1/1


ip route 10.10.2.0 255.255.255.0 S0/1/1
ipv6 route 2001:db8:1:a::/64 S0/1/1
ipv6 route 2001:db8:1:b::/64 S0/1/1

ip route 0.0.0.0 0.0.0.0 s0/0/0


ip route 0.0.0.0 0.0.0.0 s0/0/1 2
ipv6 route ::/0 s0/0/0
ipv6 route ::/0 s0/0/1 2

---------------------Router MAIN

hostname Bldg-1

int s0/0/0
description principalIN
ip address 10.10.20.2 255.255.255.252
ipv6 address 2001:db8:1:1::2/64
ipv6 address fe80::2 link-local
no sh

int G0/0
description zona1
ip address 10.10.1.254 255.255.255.0
ipv6 address 2001:db8:1:a::1/64
ipv6 address fe80::2 link-local
no sh

int G0/0
description zona2
ip address 10.10.2.254 255.255.255.0
ipv6 address 2001:db8:1:b::1/64
ipv6 address fe80::2 link-local
no sh

ipv6 unicast-routing

ip route 0.0.0.0 0.0.0.0 s0/0/0


ipv6 route ::/0 s0/0/0

---------------------HOST A

10.10.1.100
255.255.255.0
10.10.1.254
64.100.100.10

2001:db8:1:a::a

fe80::2
2001:db8:ff:f::10

---------------------mostrar ipv6
show ipv6 route

show ipv6 route static

ipv6 route ::/0

ipv6 route 2001:DB8:1:2::/64 2001:DB8:1:A001::2


ipv6 route 2001:db8:1:a002::/64 2001:DB8:1:A001::2
ipv6 route 2001:db8:1:3::/64 2001:DB8:1:A001::2

ipv6 route 2001:db8:1:1::/64 2001:DB8:1:A001::1


ipv6 route 2001:db8:1:3::/64 2001:DB8:1:A002::2

ipv6 route ::/0 2001:DB8:1:A002::1

ipv6 unicast-routing
Red 192.168.72.0 /24

Subredes

enlace R1-R2 /30

ASW-1 (7)
2potencia(4)=16 - 2 = 14 host disponibles
mascara 32-4 = /28

ASW-2 (15)
2potencia(5)=32 - 2 = 30 host disponibles
mascara 32-5 = /27

ASW-3 (29)
2potencia(5)=32 - 2 = 30 host disponibles
mascara 32-5 = /27

ASW-4 (58)
2potencia(6)=32 - 2 = 64 host disponibles
mascara 32-6 = /26

Subdivision
ASW-4 (58) primera ultima brocast mascara
192.168.72.0 192.168.72.1 192.168.72.62 192.168.72.63
192 /26

ASW-3 (29) primera ultima brocast mascara


192.168.72.64 192.168.72.65 192.168.72.94 192.168.72.95 224
/27

ASW-2 (15) primera ultima brocast mascara


192.168.72.96 192.168.72.97 192.168.72.126 192.168.72.127 224
/27

ASW-1 (7) primera ultima brocast mascara


192.168.72.128 192.168.72.129 192.168.72.142 192.168.72.143 240
/28

R1-R2 (2) primera ultima brocast mascara


192.168.72.144 192.168.72.145 192.168.72.146 192.168.72.147
252 /30

-----Building 1
---router ASW-2
int g0/1
ip address 192.168.72.97 255.255.255.224
no sh

---router ASW-1
int g0/0
ip address 192.168.72.129 255.255.255.240
no sh
-----Building 2
---router ASW-4

int g0/1
ip address 192.168.72.1 255.255.255.192
no sh

---router ASW-3

int g0/0
ip address 192.168.72.65 255.255.255.224
no sh

ip default-gateway 192.168.72.65

ip route 192.168.3.0 255.255.255.0 fa0/1

------------------------------------------------------------
------------------------------
------------------------------
------------------------------

Red 10.10.16.0/24

Subredes

Parte 1
2potencia(7)=128 - 2 = 126 host disponibles
mascara 32-7 = /25

Parte 2
2potencia(7)=128 - 2 = 126 host disponibles
mascara 32-7 = /25

Subdivision
Parte 1 primera ultima brocast
mascara
10.10.16.0 10.10.16.1 10.10.16.126 10.10.16.127
255.255.255.128 /25

Parte 2 primera ultima brocast


mascara
10.10.16.128 10.10.16.129 10.10.16.254 10.10.16.255 128
/25
ip route 10.10.16.0 255.255.255.0 s0/1/1

ipv6 route ::/0 s0/0/0

ipv6 route ::/0 s0/0/1

ipv6 route 2001:db8:1:a::/63 s0/0/0

---------------------------------------------------------------------Capitulo7
---------------------------------------------------------------------

-------------------------------- rutas diractamente conectadas!!!


--------------------------------RIP IPV4

router rip
version 2
no auto-summary
network 192.168.1.0
network 192.168.2.0
passive-interface g0/0

--desabilita todas las interfaces


passive-interface default

--mostrar protocolos
show ip protocols

ip route 0.0.0.0 0.0.0.0 S0/0/1


router rip
version 2
no auto-summary
network 192.168.4.0
network 192.168.5.0
passive-interface g0/0

default-information originate

--------------------------------
--------------------------------RIP IPV6

--------------------------------Configurar en la interface

ipv6 unicast-routing

ipv6 router rip CISCO


int g0/1
ipv6 rip CISCO enable
no sh
exit

int s0/0/0
ipv6 rip CISCO enable
no sh
exit

int s0/0/1
ipv6 rip CISCO enable
no sh
exit

show ipv6 protocols

---------------------------------------------------------------------Capitulo8
---------------------------------------------------------------------

--------------------------------
--------------------------------OSPF ipv4
--router con mayor id es el DR

--para validar
show ip protocols

router ospf 10
router-id 1.1.1.1

--borrar procesos de ospf


clear ip ospf process

--si no hay como ingresar router id se usa interfaz loopback

int loopback 0
ip address 1.1.1.1 255.255.255.255
end

--activar en la interface
network direcci�n-red m�scara-wildcard area id-�rea.

---wildcard /26
255.255.255.192
tengo: 0.0.0.63

---interfaz pasiva
passive-interface g0/0

-----------------asignar costos
-----------------10 Gigabit Ethernet
auto-cost reference-bandwidth 10000
-----------------Gigabit Ethernet:
auto-cost reference-bandwidth 1000

-----------------asignar bandwidth kilobits


----------------- 64 kbps
bandwidth 64

-----------------ver vecinos
show ip ospf neighbor

show ip ospf
show ip ospf interface brief
show ip ospf interface serial 0/0/0

router ospf 10
router-id 1.1.1.1
passive-interface g0/0

network 172.16.1.0 0.0.0.255 area 0


network 172.16.3.0 0.0.0.3 area 0
network 192.168.10.5 0.0.0.3 area 0

interface g0/0
ip address 172.16.1.1 255.255.255.0
no sh

interface S0/0/0
ip address 172.16.3.1 255.255.255.252
no sh

interface S0/0/1
ip address 192.168.10.5 255.255.255.252
no sh

router ospf 10
router-id 2.2.2.2
passive-interface g0/0

network 172.16.2.0 0.0.0.255 area 0


network 172.16.3.0 0.0.0.3 area 0
network 192.168.10.9 0.0.0.3 area 0

router ospf 10
router-id 3.3.3.3
passive-interface g0/0

network 192.168.1.0 0.0.0.255 area 0


network 192.168.10.6 0.0.0.3 area 0
network 192.168.10.10 0.0.0.3 area 0

--------NO ESTOY SEGURO SI ES LA IP DE LA INTERFACE O RED


--------mas probable ip interface
--------si existe vlms no usar ip de red

show ip interface brief


show ipv6 ospf neighbor
clear ipv6 ospf process
show ipv6 protocols

------configuracion de link local ipv6

int G0/0
ipv6 address fe80::2 link-local
ipv6 ospf 10 area 0
no sh

int S0/0/0
ipv6 address fe80::2 link-local
ipv6 ospf 10 area 0
no sh

int S0/0/1
ipv6 address fe80::2 link-local
ipv6 ospf 10 area 0
no sh

---------------------------------------configuracion ipv6 ospf

ipv6 unicast-routing
ipv6 router ospf 10
router-id 1.1.1.1
passive-interface g0/0

int g0/0
ipv6 address fe80::1 link-local
ipv6 ospf 10 area 0

int S0/0/0
ipv6 address fe80::1 link-local
ipv6 ospf 10 area 0
no sh

int S0/0/1
ipv6 address fe80::1 link-local
ipv6 ospf 10 area 0
no sh

ipv6 unicast-routing
ipv6 router ospf 10
router-id 2.2.2.2
passive-interface g0/0

int g0/0
ipv6 address fe80::2 link-local
ipv6 ospf 10 area 0

int S0/0/0
ipv6 address fe80::2 link-local
ipv6 ospf 10 area 0
no sh

int S0/0/1
ipv6 address fe80::2 link-local
ipv6 ospf 10 area 0
no sh

ipv6 unicast-routing
ipv6 router ospf 10
router-id 3.3.3.3
passive-interface g0/0

int g0/0
ipv6 address fe80::3 link-local
ipv6 ospf 10 area 0

int S0/0/0
ipv6 address fe80::3 link-local
ipv6 ospf 10 area 0
no sh

int S0/0/1
ipv6 address fe80::3 link-local
ipv6 ospf 10 area 0
no sh

show ip ospf

---------------------------------------------------------------------Capitulo9
---------------------------------------------------------------------

--------------------------------
--------------------------------Access list
--1 a 99 y de 1300 a 1999 estandar

Parametros estandar: access-list-number deny/permit remark(comentario) ipOrigen


Wildcard(validar solo un rango de ip) log(guardar)
--permitir todo
access-list 1 permit 0.0.0.0 255.255.255.255
access-list 1 permit any

--permitir solo 1 host especifico -- mascaraWildcard 0.0.0.0


access-list 1 permit 192.168.10.10 0.0.0.0
access-list 1 permit host 192.168.10.10

--eliminar access list


show access-lists
no access-list 1

--Asignar a grupo

access-list 1 permit 192.168.10.10 0.0.0.255

interace s0/0/0
ip access-group 1 out

show ipv4 access-lists

---------------------------------------------------------------------Capitulo10
---------------------------------------------------------------------

--------------------------------
--------------------------------DHCP

ip dhcp excluded-address 192.168.10.1 192.168.10.9


ip dhcp excluded-address 192.168.10.254

ip dhcp pool LAN-POOL-1


network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.11.5
domain-name example.com
end

show running-config | section dhcp


show ip dhcp binding
show ip dhcp server statistics

---------------cuando el servidor dhcp esta en una red diferente


int S0/0/0
ip helper-address 192.168.11.6

---------------asignar dhcp a una interfaz


interface g0/0
ip address dhcp
no sh

show ip interface g0/1


----------------------------------------------Ejercicio

----router 2
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.30.1 192.168.30.10

ip dhcp pool R1-LAN


network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.20.254

ip dhcp pool R3-LAN


network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 192.168.20.254

-----------retransmision DHCP R1
----------configure como la ip de la interfacez
int g0/0
ip helper-address 10.1.1.2

-----------retransmision DHCP R3
----------configure como la ip de la interfacez
int g0/0
ip helper-address 10.2.2.2

-----------configuracion al enlace wan como


-----------cliente dhcp en R2
int g0/1
ip address dhcp
no sh

show ip interface brief


show ip dhcp binding
show ip dhcp conflict

---------access list al dhcp client y server

access-list 100 permit udp any any eq 67


access-list 100 permit udp any any eq 68

debug ip dhcp server events

excluded-address 10.0.15.1 10.0.15.15

---------------------------------------------------------------------Capitulo11
---------------------------------------------------------------------
--------------------------------
--------------------------------Nateo estatico

----1)configurar equivalencias
----2) configurar puertos de entrada y salida

ip nat inside source static 192.168.1.101 209.165.201.5

interface s0/0/0
ip nat inside

interface s0/1/0
ip nat outside

------verificar traduccion nat


show ip nat translations

----- verificar interfaces salida entrada nat


show ip nat statistics

----- para borrar estadisticas anteriores


clear ip nat statistics

--------Ejercicio

ip nat inside source static 172.16.16.1 64.100.50.1

interface s0/0/0
ip nat outside

interface g0/0
ip nat inside

--------------------------------
--------------------------------Nateo dinamico

----1)configurar pool con primera y ultima direccion

ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224

----2) configurar ACL standar


access-list 1 permit 192.168.0.0 0.0.255.255

----3) vincular pool al access list


ip nat inside source list 1 pool NAT-POOL1

----4) configurar adentro y afuera


interface s0/0/0
ip nat outside

interface g0/0
ip nat inside

----mostrar
show ip nat translations
show ip nat translations verbose

--------Ejercicio

ip nat pool NAT 209.165.76.197 209.165.76.198 netmask 255.255.255.252


access-list 1 permit 172.16.0.0 0.0.255.255
ip nat inside source list 1 pool NAT
interface s0/0/1
ip nat inside
interface s0/0/0
ip nat outside

--------------------------------
--------------------------------Nateo sobrecarga PAT multiples ip publicas
ip nat pool NAT 209.165.76.197 209.165.76.198 netmask 255.255.255.252

access-list 1 permit 172.16.0.0 0.0.255.255

ip nat inside source list 1 pool NAT overload

interface s0/0/1
ip nat inside
interface s0/0/0
ip nat outside

-------una ip publicas

access-list 1 permit 172.16.0.0 0.0.255.255


ip nat inside source list 1 interface s0/0/1 overload

show ip nat translations