Академический Документы
Профессиональный Документы
Культура Документы
ip domain-name ccna4.com crypto key generate rsa 1024 line vty 0 15 transport input ssh login exit +++++++++++++++++++++++++++ .....NATEO ROUTER PRINCIPAL se define que solo se utilizaran 3 ips publicas de las cuales son: ip para el servidor ip publica para la red 172.16.10.0 para q salga a internet ip publica para la red 172.16.0.0 para q salga a internet(Vlan 3) las demas subredes como indican no pueden salir a internet es por que solo se definen mascara 30. 200.1.1.0/30 200.1.1.0-->ip servidor 200.1.1.1-->red 172.16.10.0 200.1.1.2-->red 172.16.0.0 200.1.1.3 ===Para que salga el servidor salga hacia afuera de la nube ip nat inside source static 172.16.10.2 200.1.1.0 ===Para que salga la subred LanEdificio salga hacia afuera de la nube ip nat pool RedLanEdificio 200.1.1.1 200.1.1.1 net 255.255.255.252 access-list 2 permit 172.16.10.0 0.0.1.255 ip nat inside source list 2 pool RedLanEdificio overload ===Para que salga la subred LanVLAN3 salga hacia afuera de la nube ip nat pool RedLanVlan3 200.1.1.2 200.1.1.2 net 255.255.255.252 access-list 3 permit 172.16.12.0 0.0.0.3 access-list 4 permit 172.16.0.0 0.0.3.255 ip nat inside source list 3 pool RedLanVlan3 overload ip nat inside source list 4 pool RedLanVlan3 overload ++++++++++++++++++++++++++++++++++++++++++++++++++++ ip dhcp pool REDP1 network 172.16.10.0 255.255.254.0 default-router 172.16.10.1 dns-server 8.8.8.8 exit ip dhcp excluded-address 172.16.10.1 ip dhcp excluded-address 172.16.10.2 +++++++++++++++++++++++++++++++++++++++ interface fa 0/0.1 encap dot1q 1 ip add 172.16.8.1 255.255.254.0 exit +++++++++++++++++++++++++++++++++ =====Principal======= access-list 101 remark permite acceso a la vlan al server al puerto 80 y 25 access-list 101 permit tcp 172.16.8.0 0.0.1.255 host 172.16.10.2 eq 80
eq eq eq eq eq
80 80 25 25 25
access-list 101 remark deniega al servicio de internet a la vlan 1 access-list 101 deny tcp 172.16.8.0 0.0.1.255 any eq 80 access-list 101 remark deniega al servicio de internet a la vlan 2 access-list 101 deny tcp 172.16.4.0 0.0.3.255 any eq 80 access-list 101 remark acceso al servicio de internet a la vlan 3 access-list 101 permit tcp 172.16.0.0 0.0.3.255 any eq 80 access-list 101 permit ip any any -----R-Sucursal interface FastEthernet1/0 ip access-group 101 out exit +++++++++++++++++++++++++++++++++++++++++++ int range fa0/24 sw mod trunk sw trunk native vlan 3 exit interface range FastEthernet 0/1 - 5 switchport access vlan 1 switchport mode access spanning-tree portfast exit +++++++++++++++++++++++++++++++++++++ ESCRITORIO REMOTO ip nat pool lan1 10.1.1.3 10.1.1.3 netmask 255.255.255.248 ip nat pool lan2 10.1.1.4 10.1.1.4 netmask 255.255.255.248 ip nat inside source list 1 pool lan1 overload ip nat inside source list 2 pool lan2 overload ip nat inside source static tcp 172.16.2.10 3389 10.1.1.1 3389 ip classless ip route 0.0.0.0 0.0.0.0 10.1.1.1 ! ! access-list 1 permit 172.16.1.0 0.0.0.255 access-list 2 permit 172.16.2.0 0.0.0.255 +++++++++++++++++++++++++++++++++++++++++++++++ HELPER...... interface FastEthernet0/0.400 encapsulation dot1Q 400 native ip address 192.168.4.1 255.255.255.0 ip helper-address 100.0.0.1 ++++++++++++++++++++++++++++++++++++++++++++
NATEO RED UDEP -------- R1.-----------fast k punta al carrier-udep router interface FastEthernet0/0 ip address dhcp ip nat outside no shut exit fast de mi router local interface FastEthernet0/1 ip qaddress 172.16.1.1 255.255.255.0 ip nat inside no shut exit router rip version 2 network 172.16.0.0 no auto-summary router local ip nat inside source list 1 interface FastEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 access-list 1 permit any ++++++++++++++++++++++++++++++++++ - red 11, no puede pasar a red 10 Crear ACL access-list 1 deny 192.168.11.0 0.0.0.255
Aplicar la ACL inter fa 1/0 ip access-group 1 in - PC 11.3, no puede pasar a red 10 Crear ACL access-list 1 deny 192.168.11.3 0.0.0.0 access-list 1 permit any - PC 11.5, 11.6, 11.7, no puede pasar a red 10 Crear ACL access-lis 1 permit 192.168.11.4 0.0.0.0 access-list 1 deny 192.168.11.5 0.0.0.3 access-list 1 permit any
SW2 vlan 1 exit vlan 2 exit int range fa0/24 sw mod trunk sw trunk native vlan 2 exit interface range FastEthernet 0/1 - 5 switchport access vlan 1 switchport mode access spanning-tree portfast exit interface range FastEthernet 0/6 - 10 switchport access vlan 2 switchport mode access spanning-tree portfast exit interface FastEthernet0/0.1 encapsulation dot1Q 1 ip address 172.16.0.1 255.255.252.0 ip helper-address 192.168.1.66 interface FastEthernet0/0.2 encapsulation dot1Q 2 native ip address 172.17.1.1 255.255.255.240 ip helper-address 192.168.1.66 enable secret cisco line vty 0 15 pass cisco login exit username admin privilege 15 pass cisco ip domain-name ccna4.com crypto key generate rsa 1024 line vty 0 15 transport input ssh login exit
interface Vlan1 ip address 172.16.0.2 255.255.252.0 ip default-gateway 172.16.0.1 exit router ospf 100 network 172.16.0.0 0.0.3.255 area 0 network 172.17.1.0 0.0.0.15 area 0 network 192.168.1.64 0.0.0.7 area 0 default-information originate
router ospf 100 network 192.168.1.64 0.0.0.7 area 0 network 192.168.1.0 0.0.0.31 area 0