// 2: CONFIGURACION DE VLANS

ena
conf t
vlan 18
name A
exit
vlan 19
name B
exit
interface fa0/1
switchport mode access
switchport access vlan 18
interface fa0/2
switchport mode access
switchport access vlan 19
interface fa0/3
switchport mode trunk
---------// 3: CONFIGURACION SEGURIDAD POR PUERTO
// security
interface fa 0/2
sw port-security maximum 1
sw port-security mac-address sticky
// 4: DIRECCIONAMIENTO IP
// a: ROUTER REMOTO
enable
conf t
int gi0/0
int gi0/0.18
encapsulation dot1Q 18
ip address 172.16.18.1 255.255.255.0
no shutdown
exit
int g0/0.19
encapsulation dot1Q 19
ip add 172.16.19.1 255.255.255.0
no shutdown
----REMOTO(config)#ip dhcp pool vlan18
REMOTO(dhcp-config)#network 172.16.18.0 255.255.255.0
REMOTO(dhcp-config)#default-router 172.16.18.1
REMOTO(dhcp-config)#dns 200.18.18.2
REMOTO(dhcp-config)#exit
REMOTO(config)#ip dhcp pool vlan19
REMOTO(dhcp-config)#network 172.16.19.0 255.255.255.0
REMOTO(dhcp-config)#default-router 172.16.19.1
REMOTO(dhcp-config)#dns 200.18.18.2
REMOTO(dhcp-config)#exit
---

//PRINCIPAL
int s0/0/0
ip add 10.10.10.1 255.255.255.252
no shutdown
route rip
version 2
network 10.10.10.0
network 172.16.20.0
//REMOTO
int s0/0/0
ip add 10.10.10.2 255.255.255.252
no shutdown
exit
route rip
version 2
network 172.16.18.0
network 172.16.19.0
network 10.10.10.0
// PARTE 2 INTERNET
2: DIRECCIONAMIENTO IP
----- Router PRINCIPAL
enable
conf t
int s0/0/1
ip add 180.18.18.2 255.255.255.224
no shutdown
exit
-----ROUTER ISP1
enable
conf t
host ISP1
int s0/0/0
ip add 180.18.18.1 255.255.255.224
no shutdown
exit
int s0/0/1
ip add 190.18.18.1 255.255.255.252
no shut
exit
int g0/0
ip add 200.18.18.1 255.255.255.0
no shut
exit
------ROUTER ISP2
enable
conf t
int s0/0/0

ip add 190.18.18.2 255.255.255.252

no shut
exit
int g0/0
ip add 210.18.18.1 255.255.255.0
no shut
exit
// 3: ENRUTAMIENTO
-----ISP1
enable
conf t
router ospf 1
network 180.18.18.0 255.255.255.224 area 0
net 190.18.18.0 255.255.255.252 area 0
net 200.18.18.0 255.255.255.0 area 0
auto-cost reference-bandwidth 1000
exit
-----ISP2
enable
conf t
router ospf 1
net 190.18.18.0 255.255.255.252 area 0
net 210.18.18.0 255.255.255.0 area 0
auto-cost reference-bandwidth 1500
exit
-----PRINCIPAL
enable
conf t
auto-cost reference-bandwidth 1000
///

PARTE 3: NAT Y ACL

2. DIRECCIONES IP, Y ENRUTAMIENTO ADICIONAL.

----CASA
enable
conf t
host CASA
int g0/0
ip add 200.18.18.5 255.255.255.0
no shutdown
exit
int g0/1
ip add 192.168.1.1 255.255.255.0
no shut
exit
----- RUTAS POR DEFECTO
// d: router CASA
ip route 0.0.0.0 0.0.0.0 200.18.18.1
// e: PRINCIPAL

ip route 0.0.0.0 0.0.0.0 180.18.18.1

// f:

// g: ruta por defecto router REMOTO

enable
conf t
REMOTO(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
3. NAT y PAT:
// a: NAT PRINCIPAL
conf t
ip nat inside source static 172.16.20.2 180.18.18.3
interface gi 0/0
ip nat inside
exit
inter se 0/0/1
ip nat outside
exit
inter se 0/0/0
ip nat inside
exit
// c: PAT PRINCIPAL
ip nat pool NAT-LAN 180.18.18.4 180.18.18.10 netmask 255.255.255.224
access-list 1 permit 172.16.18.0 0.0.0.255
access-list 1 permit 172.16.19.0 0.0.0.255
ip nat inside source list 1 pool NAT-LAN overload
interface serial 0/0/0
ip nat inside
exit
interface serial 0/0/1
ip nat outside
exit
// e: PAT CASA
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface Gi 0/0 overload
interface Gi 0/1
ip nat inside
exit
interface Gi 0/0
ip nat outside
exit

.....
PRINCIPAL#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PRINCIPAL(config)#acc
PRINCIPAL(config)#access-list 12 per
PRINCIPAL(config)#access-list 12 permit host 172.16.18.2
PRINCIPAL(config)#ac
PRINCIPAL(config)#access-list de
PRINCIPAL(config)#access-list 12 de
PRINCIPAL(config)#access-list 12 deny any
PRINCIPAL(config)#access-list 12 deny any
PRINCIPAL(config)#line vt
PRINCIPAL(config)#line vty 0 4
PRINCIPAL(config-line)#ac
PRINCIPAL(config-line)#acc
PRINCIPAL(config-line)#acce
PRINCIPAL(config-line)#access-class 12 in
PRINCIPAL(config-line)#
PRINCIPAL(config-line)#
PRINCIPAL#
%SYS-5-CONFIG_I: Configured from console by console
PRINCIPAL#show cla
PRINCIPAL#show c
PRINCIPAL#show ac
PRINCIPAL#show access-lists
Standard IP access list 1
10 permit 172.16.18.0 0.0.0.255 (36 match(es))
20 permit 172.16.19.0 0.0.0.255 (14 match(es))
Standard IP access list 12
10 permit host 172.16.18.2
20 deny any
PRINCIPAL#

....
REMOTO(config)#access-list
REMOTO(config)#access-list
REMOTO(config)#access-list
REMOTO(config)#access-list
REMOTO(config)#access-list
REMOTO(config)#inte

1
1
1
1
1

per
permit 172.16.20.2
permit 210.18.18.3
permit 200.18.18.3
deny any