conf t

https://www.youtube.com/watch?v=xI065U7JFpc

LITERAL A:
ROUTER 2: (STANDARD)
access-list 1 deny host 192.4.1.1
access-list 1 permit any
interface fastEthernet 0/0.10
ip access-group 1 in
LITERAL B:
ROUTER 2:(STANDARD)
access-list 2 deny 192.4.4.0 0.0.0.255
access-list 2 permit any
interface fastEthernet 0/0.30
ip access-group 2 out

LITERAL C:
ROUTER 2:
access-list 100 deny tcp 192.4.2.0 0.0.0.255 192.4.4.0 0.0.0.255
eq www
access-list 100 permit ip any any
interface fastEthernet 0/0.20
ip access-group 100 in

LITERAL D:
ROUTER 1:

access-list 1 deny host 192.4.5.1

access-list 1 deny host 192.4.5.2
access-list 1 deny host 192.4.5.3
access-list 1 permit any
interface fastEthernet 0/0.50
ip access-group 1 in

como configurar rip protocolo

Router(config)#router rip
Router(config-router)#network [IP DE RED]
Router(config-router)#version 2 //Si queremos configurar RIPv1 no
ingresar este comando
Router(config-router)#no auto-summary //Est� explicado ac�
Router(config-router)#exit

R2#show ip route-->muestra los protocolos

show running-

R1#show ip interface brief-->muestra el serial

-------------------------------------------------------
configuraci�n VLAs

R1(config)#access-list [100-199] [permit|deny] [protocolo] [ip de origen] [wilcard]

[ip de destino] [wildcard] (1)
R1(config)#access-list 101 permit ip any any (2)
R1(config)#int [interfaz]
R1(config-if)#ip access-group 101 [in|out] (3)

----------------------------------------------------
VPN
Simulaci�n de una VPN en Cisco Packet Tracer.

Los comandos utilizados para configurar los routers son:

(Router 1)
crypto isakmp policy 10
authentication pre-share
hash sha
encryption aes 256
group 2
lifetime 86400
exit
crypto isakmp key toor address 10.0.0.2 (router 2)
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20sho.0 0.0.0.255
(Direccion red 1 y red 2)
crypto map CMAP 10 ipsec-isakmp
set peer 10.0.0.2 (Router 2)
match address 101
set transform-set TSET
exit
interface fa0/1 (Interface a Router 2)
crypto map CMAP
do wr

(Router 2)
crypto isakmp policy 10
authentication pre-share
hash sha
encryption aes 256
group 2
lifetime 86400
exit
crypto isakmp key toor address 10.0.0.1 (router 1)
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 (Direccion
red 2 y red 1)
crypto map CMAP 10 ipsec-isakmp
set peer 10.0.0.1 (Router 1)
match address 101
set transform-set TSET
exit
interface fa0/1 (Interface a Router 1)
crypto map CMAP
do wr

Los comandos para ver los paquetes enviados y recibidos y comprobar que fueron
encriptados/desencriptados son:

show crypto isakmp sa

show crypto ipsec sa

--------------------------
servidor http
Servidor:
interface FastEthernet0/0
ip address 172.50.67.6 255.255.248.0
no shutdown
 ip http path flash:
ip http max-connections 5
ip http port 5001
ip http server
show ip http server status
wr

Aqui explica uso de PING HTTP

https://rednectar.net/archives/vpcs-tutorial/
//That proves that Seville is indeed listening on port 80!:

ping 172.50.67.6 -P 6 -p 5001

-p = (TCP port 5001, HTTP)
-P = (protocol=6, TCP)
-------------------------------------------------------
**** HTTP ****

Se agrega el router y se lo conecta al Switch

Se agrega ip al router

interfaceFastEthernet 0/0
ip address 172.40.48.4 255.255.248.0
no shutdown

exit

Convertir al router en servidor

ip http server
ip route 0.0.0.0 0.0.0.0 fastEthernet 0/0

exit
write

Colocar el Access List en el router donde esta el/los equipos a negar

access-list 101 deny ip host 172.40.60.3 any

access-list 101 deny tcp host 172.40.60.4 host 172.40.48.4 eq www
access-list 101 permit ip any any
access-list 101 permit tcp any any eq www
interfaceFastEthernet 1/0
ip access-group 101 in

exit
write

Comprobar
ping -ip- -3 -P 6 -p 80