++++++++SSH+++++++ enable secret cisco line vty 0 15 pass cisco login exit username admin privilege 15 pass cisco

ip domain-name ccna4.com crypto key generate rsa 1024 line vty 0 15 transport input ssh login exit +++++++++++++++++++++++++++ .....NATEO ROUTER PRINCIPAL se define que solo se utilizaran 3 ips publicas de las cuales son: ip para el servidor ip publica para la red 172.16.10.0 para q salga a internet ip publica para la red 172.16.0.0 para q salga a internet(Vlan 3) las demas subredes como indican no pueden salir a internet es por que solo se definen mascara 30. 200.1.1.0/30 200.1.1.0-->ip servidor 200.1.1.1-->red 172.16.10.0 200.1.1.2-->red 172.16.0.0 200.1.1.3 ===Para que salga el servidor salga hacia afuera de la nube ip nat inside source static 172.16.10.2 200.1.1.0 ===Para que salga la subred LanEdificio salga hacia afuera de la nube ip nat pool RedLanEdificio 200.1.1.1 200.1.1.1 net 255.255.255.252 access-list 2 permit 172.16.10.0 0.0.1.255 ip nat inside source list 2 pool RedLanEdificio overload ===Para que salga la subred LanVLAN3 salga hacia afuera de la nube ip nat pool RedLanVlan3 200.1.1.2 200.1.1.2 net 255.255.255.252 access-list 3 permit 172.16.12.0 0.0.0.3 access-list 4 permit 172.16.0.0 0.0.3.255 ip nat inside source list 3 pool RedLanVlan3 overload ip nat inside source list 4 pool RedLanVlan3 overload ++++++++++++++++++++++++++++++++++++++++++++++++++++ ip dhcp pool REDP1 network 172.16.10.0 255.255.254.0 default-router 172.16.10.1 dns-server 8.8.8.8 exit ip dhcp excluded-address 172.16.10.1 ip dhcp excluded-address 172.16.10.2 +++++++++++++++++++++++++++++++++++++++ interface fa 0/0.1 encap dot1q 1 ip add 172.16.8.1 255.255.254.0 exit +++++++++++++++++++++++++++++++++ =====Principal======= access-list 101 remark permite acceso a la vlan al server al puerto 80 y 25 access-list 101 permit tcp 172.16.8.0 0.0.1.255 host 172.16.10.2 eq 80

access-list access-list access-list access-list access-list

101 101 101 101 101

permit permit permit permit permit

tcp tcp tcp tcp tcp

172.16.4.0 172.16.0.0 172.16.8.0 172.16.4.0 172.16.0.0

0.0.3.255 0.0.3.255 0.0.1.255 0.0.3.255 0.0.3.255

host host host host host

172.16.10.2 172.16.10.2 172.16.10.2 172.16.10.2 172.16.10.2

eq eq eq eq eq

80 80 25 25 25

access-list 101 remark deniega al servicio de internet a la vlan 1 access-list 101 deny tcp 172.16.8.0 0.0.1.255 any eq 80 access-list 101 remark deniega al servicio de internet a la vlan 2 access-list 101 deny tcp 172.16.4.0 0.0.3.255 any eq 80 access-list 101 remark acceso al servicio de internet a la vlan 3 access-list 101 permit tcp 172.16.0.0 0.0.3.255 any eq 80 access-list 101 permit ip any any -----R-Sucursal interface FastEthernet1/0 ip access-group 101 out exit +++++++++++++++++++++++++++++++++++++++++++ int range fa0/24 sw mod trunk sw trunk native vlan 3 exit interface range FastEthernet 0/1 - 5 switchport access vlan 1 switchport mode access spanning-tree portfast exit +++++++++++++++++++++++++++++++++++++ ESCRITORIO REMOTO ip nat pool lan1 10.1.1.3 10.1.1.3 netmask 255.255.255.248 ip nat pool lan2 10.1.1.4 10.1.1.4 netmask 255.255.255.248 ip nat inside source list 1 pool lan1 overload ip nat inside source list 2 pool lan2 overload ip nat inside source static tcp 172.16.2.10 3389 10.1.1.1 3389 ip classless ip route 0.0.0.0 0.0.0.0 10.1.1.1 ! ! access-list 1 permit 172.16.1.0 0.0.0.255 access-list 2 permit 172.16.2.0 0.0.0.255 +++++++++++++++++++++++++++++++++++++++++++++++ HELPER...... interface FastEthernet0/0.400 encapsulation dot1Q 400 native ip address 192.168.4.1 255.255.255.0 ip helper-address 100.0.0.1 ++++++++++++++++++++++++++++++++++++++++++++

NATEO RED UDEP -------- R1.-----------fast k punta al carrier-udep router interface FastEthernet0/0 ip address dhcp ip nat outside no shut exit fast de mi router local interface FastEthernet0/1 ip qaddress 172.16.1.1 255.255.255.0 ip nat inside no shut exit router rip version 2 network 172.16.0.0 no auto-summary router local ip nat inside source list 1 interface FastEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 access-list 1 permit any ++++++++++++++++++++++++++++++++++ - red 11, no puede pasar a red 10 Crear ACL access-list 1 deny 192.168.11.0 0.0.0.255

Aplicar la ACL inter fa 1/0 ip access-group 1 in - PC 11.3, no puede pasar a red 10 Crear ACL access-list 1 deny 192.168.11.3 0.0.0.0 access-list 1 permit any - PC 11.5, 11.6, 11.7, no puede pasar a red 10 Crear ACL access-lis 1 permit 192.168.11.4 0.0.0.0 access-list 1 deny 192.168.11.5 0.0.0.3 access-list 1 permit any

SW2 vlan 1 exit vlan 2 exit int range fa0/24 sw mod trunk sw trunk native vlan 2 exit interface range FastEthernet 0/1 - 5 switchport access vlan 1 switchport mode access spanning-tree portfast exit interface range FastEthernet 0/6 - 10 switchport access vlan 2 switchport mode access spanning-tree portfast exit interface FastEthernet0/0.1 encapsulation dot1Q 1 ip address 172.16.0.1 255.255.252.0 ip helper-address 192.168.1.66 interface FastEthernet0/0.2 encapsulation dot1Q 2 native ip address 172.17.1.1 255.255.255.240 ip helper-address 192.168.1.66 enable secret cisco line vty 0 15 pass cisco login exit username admin privilege 15 pass cisco ip domain-name ccna4.com crypto key generate rsa 1024 line vty 0 15 transport input ssh login exit

interface Vlan1 ip address 172.16.0.2 255.255.252.0 ip default-gateway 172.16.0.1 exit router ospf 100 network 172.16.0.0 0.0.3.255 area 0 network 172.17.1.0 0.0.0.15 area 0 network 192.168.1.64 0.0.0.7 area 0 default-information originate

router ospf 100 network 192.168.1.64 0.0.0.7 area 0 network 192.168.1.0 0.0.0.31 area 0