Academia CISCO da ESTSetbal

ndice
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.

Jorge Martins

Truques e Dicas..................................................................................................................................2
Portos de Alguns dos Servios mais Comuns ....................................................................................3
VLSM (Sub Class C) .........................................................................................................................3
Routers - Geral...................................................................................................................................3
Routers - Access Control Lists (ACLs) ............................................................................................3
Routers Rotas Estticas ...................................................................................................................4
Router RIP .........................................................................................................................................4
Router IGRP ......................................................................................................................................4
Router EIGRP ....................................................................................................................................4
Router OSPF ......................................................................................................................................5
Routers NAT e PAT........................................................................................................................6
Routers DHCP ................................................................................................................................7
Routers PPP ....................................................................................................................................7
Routers Frame-Relay ......................................................................................................................7
Routers SNMP ................................................................................................................................8
Switches Geral ................................................................................................................................8
Switch Port Security........................................................................................................................9
Switches - VLANs............................................................................................................................9
Anexo 1 Mapa para SubDiviso de uma Classe C........................................................................10

1. TRUQUES E DICAS
Escape Sequence: <Ctrl><Shift><6> seguindo de x
Router#show ip interface brief
Desactivar o servio de procura remota de comandos desconhecidos
Router(config)#no ip domain lookup
Resolver o erro %Error opening tftp://255.255.255.255/network-confg (Socket error) no arranque dos
routers sem startup-config
Router(config)#no service config
Ver a descrio das interfaces
Router #show interface description
Dar um comando no modo EXEC a partir de qualquer nvel de configurao
Router(config-if)#do show ip int brief
Substituit a running-config pela configurao de um ficheiro na flash
R1# configure replace flash:file
Num sh run de diversos ecrans, ir para a seco desejada
/interface
Filtragem do contedo mostrado
R1# show run | [section|include] interface
Agendar um Reload em 3 minutes (til para a realizao de alteraes remotas)
R1# reload in 3
Cancelar um Reload agendado
R1# reload cancel

Academia CISCO da ESTSetbal

Jorge Martins

2. PORTOS DE ALGUNS DOS SERVIOS MAIS COMUNS

Servio
File Transfer Protocol
Telnet
Simple Mail Transfer Protocol
Domain Name Server
Trivial File Transfer Protocol
Protocolo HTTP
Simple Network Management Protocol
Protocolo de Routing RIP
DHCP (protocolo Bootp)

Sigla
Protoc.
FTP
TCP
TELNET TCP
SMTP
TCP
DNS
UDP
TFTP
UDP
HTTP
TCP
SNMP
UDP
RIP
UDP
BOOTP
UDP

Porto
21/22
23
25
53
69
80
161/162
520
67/68

3. VLSM (SUB CLASS C)

N Hosts
Netmask
WildCard

254
/24
0
255

126
/25
128
127

62
/26
192
63

30
/27
224
31

14
/28
240
15

6
/29
248
7

2
/30
252
3

4. ROUTERS - GERAL
Configurao das interfaces
Router(config)#int s0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#clock rate 56000
Router(config-if)#description Rede de Gesto
Router(config-if)#no shut
Ver se uma interface srie DCE ou DTE, e se tem relgio
Router#show controllers s0
Desactivar o teste de hosts ligados a uma porta Ethernet
Router#no keepalives
Definir a menagem do menu inicial
Router#banner motd # message #
Configurar um Servidor de DNS
Router(config)#ip name-server ip_address (garantir ligao ao server)
Router(config)#ip domain-lookup

5. ROUTERS - ACCESS CONTROL LISTS (ACLS)

Colocar uma ACL numa interface
Router(config-if)#ip access-group 100 {in|out}
ACLs Standart
Router(config)#access-list 1 {permit|deny} 172.30.16.0 0.0.0.255
Router(config)#access-list 1 {permit|deny} any
Router(config)#access-list 1 {permit|deny} host 172.30.16.29
ACLs Estendidas
Router(config)#access-list 100 permit
host 172.30.16.0

{ip|icmp}

host

172.30.16.0

Academia CISCO da ESTSetbal

Jorge Martins

Router(config)#access-list 100 permit {tcp|udp} host 172.30.16.0

host 172.31.16.0 {lt|gt|eq|neq|range} port
Router(config)#access-list 100 permit tcp host 172.30.16.0 host
172.31.16.0 eq 80 established
ACLs identificadas pelo nome (CISCO IOS 11.2 ou superior)
Router(config)#ip access-list {standart|extended} ACL_Name
Apagar a linha 30 numa Named Access-List
Router(config)#no 30
Renumerar as linas de uma Named Access-List
Router(config)#ip access-list resequence ACL_NAME 1linha Incremento
Router(config)#ip access-list resequence ACL_FROM_INTERNET 10 10

6. ROUTERS ROTAS ESTTICAS

ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18
Rotas por omisso
ISP(config)#ip route 0.0.0.0 0.0.0.0 [ 200.2.2.18 | s0 ]

7. ROUTER RIP
Configurar o protocolo
Warsaw(config)#router rip
Warsaw(config-router)#network 192.168.2.0
Para uma interface no anunciar rotas
Warsaw(config-router)#passive-interface s0
Propagar Rotas Estticas por RIP
Warsaw(config-router)#redistribute static
Propagar a rota por omisso
Warsaw(config-router)# default-information originate

8. ROUTER IGRP
Configurar o protocolo
Warsaw(config)#router igrp [AS]
Warsaw(config-router)#network 192.168.2.0

9. ROUTER EIGRP
Incluir sub redes
R1(config-router)# network 192.168.10.4 0.0.0.3
Desligar a sumarizao automtica de rotas
router(config-router)# no auto-summary
Desligar as mensgens de warning
Router(config-router)# no eigrp log-neighbor-warnings
Ver a configurao do eigrp
R1# show ip eigrp interfaces [interface-id] [AS]
Ver a vizinhana de Routers
R1#show ip eigrp neighbors [interface-id]

Academia CISCO da ESTSetbal

Jorge Martins

Ver as rotas de backup

R1#show ip eigrp topology [rede] [AS]
Ver os pacotes EIGRP recebidos e enviados
R1#show ip eigrp trafic [AS]
Elimina os vizinhos da tabela de vizinhana
R1#clear ip eigrp neighbors
Propagar rotas estticas e rotas por onisso
R1(config-router)#redistribute [rip] [static] [ospf]
Configurar a temporizao de hello
Router(config-if)#ip hello-interval eigrp AS seconds
Configurar a temporizao de hold-time
Router(config-if)#ip hold-time eigrp AS seconds
Sumarizao Manual
Router(config-if)#ip
summary-address
subnet-mask

eigrp

AS

network-address

Para verificar a largura de banda actual utilizar o comando

Router#show interface
Alterar a largura de banda de uma interface
Router(config-if)#bandwidth kilobits
Alterar os pesos da frmula para o clculo da mtrica
R1(config-router)#metric weighth tos k1 k2 k3 k4 k5
Permitir balanceamento de trfego por links de custo desigual (at 1 para 4 neste exemplo)
R1(config-router)# variance 4
R1(config-router)# clear ip eigrp neighbors

10. ROUTER OSPF

Configurar o protocolo OSPF
Berlin(config)# router
Berlin(config-router)#
Berlin(config-router)#
Berlin(config-router)#

ospf process-id
network 192.168.1.128 0.0.0.63 area 0
network 192.168.15.0 0.0.0.3 area 0
end

Avisos de alterao da configurao de Routers vizinhos

Berlin(config-router)# log-adjacency-changes
Criar interfaces de loopback para definir o Designeted Router
London(config)# interface loopback 0
London(config-if)# ip address 192.168.31.11 255.255.255.255
Propagar por OSPF a rota por omisso
R1(config-router)# default-information originate
Propagar rotas de outros protocolos/rotas estticas
R1(config-router)# redistribute [rip] [static] [eigrp]
R1(config-router)# redistribute rip [subnets] [metric 10]
Configurar o router ID
R1(config)#router ospf process-id

Academia CISCO da ESTSetbal

Jorge Martins

Configurar a prioridade do OSPF numa interface

London(config-if)#ip ospf priority 50
Configurar a bandwidth de referncia para o clculo da mtrica
R1(config-router)#auto-cost reference-bandwidth 10000
normalizar a 10 Gbit
Configurar a temporizao de hello
R1(config-if)#ip ospf hello-interval seconds
Configurar a temporizao de dead
R1(config-if)#ip ospf dead-interval seconds
Apagar todos os dados do processo OSPF
R1# clear ip ospf process
Visualizao de dados relativos ao processo OSPF
R1#show ip ospf
R1#show ip ospf neighbour
R1#show ip ospf interface interface-id
Cifrar trfego de Routing
R1(config)#interface interface-id
R1(config-if)#ip ospf message-digest-key 1 md5 7 password
R1(config-if)#router ospf process-id
R1(config-router)#area 0 authentication message-digest
Sumarizao das redes da rea 1 num ABR
R1(config-router)# area 1 range 192.168.0.0 255.255.0.0
Sumarizao das rotas externas num ASBR
R1(config-router)# summary-address 192.168.0.9 255.255.0.0

11. ROUTERS NAT E PAT

Definio de uma pilha de endereos IP utilizveis
Gateway(config)#ip nat pool public-access 199.99.9.40 199.99.9.62
netmask 255.255.255.224
Criao de uma ACL para indicar os IPs a serem traduzidos (NAT e PAT dinmicos)
Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255
Definio do tipo de interface: interna ou externa
Gateway(config)#interface f0
Gateway(config-if)#ip nat inside
Gateway(config-if)#interface s0
Gateway(config-if)#ip nat outside
Traduo tipo
Esttica: Gateway(config)#ip
nat
inside
source
static
10.10.10.10
199.99.9.33 <no necessita de Access List>
NAT:
Gateway(config)#ip nat inside source list 1 pool public-access
PAT:
Gateway(config)#ip nat inside source list 1 interface serial 0
overload
Apagar todas transaes em utilizao
Gateway#clear ip nat translation *

Academia CISCO da ESTSetbal

Jorge Martins

12. ROUTERS DHCP

Excluir uma gama de endereos
campus(config)#ip dhcp excluded-address 172.16.12.1 172.16.12.11
Configurar o servio de DHCP
campus(config)#ip dhcp pool campus
campus(dhcp-config)#network 172.16.12.0 255.255.255.0
campus(dhcp-config)#default-router 172.16.12.1
campus(dhcp-config)#dns-server 172.16.1.2
campus(dhcp-config)#domain-name foo.com
campus(dhcp-config)#netbios-name-server 172.16.1.10
Encaminhar os broadcasts como unicast para um IP especfico
remote(config)#interface f0/0
remote(config-if)#ip helper-address 172.16.12.1
Ver os endereos atribuidos pelo servio de DHCP
campus#show ip dhcp binding

13. ROUTERS PPP

Compresso de dados
Router(config-if)#encapsulation ppp
Router(config-if)#compress [predictor|stac]
Monitorizao dos dados descartados na ligao:
Router(config-if)#encapsulation ppp
Router(config-if)#ppp quality percentage
Balanceamento de carga atravs de vrias ligaes:
Router(config-if)#encapsulation ppp
Router(config-if)#ppp multilink
Autenticao PAP
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication PAP
R1(config-if)#ppp pap sent-username hostname_do_outro_router password sameone
Autenticao CHAP
R1(config)#username hostname_do_outro_Router password sameone
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication CHAP

14. ROUTERS FRAME-RELAY

Data Link Channel Identification (DLCI).
Configurao de uma ligao router to frame relay network
Washington#configure terminal
Washington(config)#interface serial 0
Washington(config-if)#encapsulation frame-relay ietf
Washington(config-if)#no keepalive
Washington(config-if)#ip address 192.168.1.1 255.255.255.0
Washington(config-if)#no shutdown
Washington(config-if)#frame-relay
map
ip
192.168.1.2
102
ietf
broadcast (Mapeamente IP DLCI Manual)
Configurao de uma ligao router to frame relay network, utilizando sub interfaces

Academia CISCO da ESTSetbal

Jorge Martins

Amsterdam#configure terminal
Amsterdam(config)#interface serial 0
Amsterdam(config-if)#encapsulation frame-relay ietf
Amsterdam(config-if)#frame-relay lmi-type ansi
Amsterdam(config-if)#no shutdown
Amsterdam(config-if)#interface serial 0.102 point-to-point
Amsterdam(config-if)#ip address 192.168.4.1 255.255.255.0
Amsterdam(config-if)#frame-relay interface-dlci 102

Switch Frame-Relay
Router(config)#frame-relay switching
Router(config)#interface s0
Router(config-if)#no ip address
Router(config-if)#encapsulation frame-relay ietf
Router(config-if)#frame-relay lmi-type ansi
Router(config-if)#frame-relay intf-type dce
Router(config-if)#frame-relay route 100 interface s1 200
Router(config-if)#frame-relay route 101 interface s1 201
Router(config-if)#clockrate 56000

15. ROUTERS SNMP

Configurao de senhas de leitura e de leitura/escrita
Router(config)#snmp-server community string ro (s leitura)
Router(config)#snmp-server community string rw (leitura e escrita)
Contactos do gestor do sistema
Router(config)#snmp-server location text
Router(config)#snmp-server contact text

16. SWITCHES GERAL

Configurar a password de consola
ALSwitch(config)#line con 0
ALSwitch(config-line)#password cisco
ALSwitch(config-line)#login
Configurar a password de telnet
ALSwitch(config)#line vty 0 15
ALSwitch(config-line)#password cisco
ALSwitch(config-line)#login
Configurar a password do modo privilegiado
ALSwitch(config)#enable password cisco
ALSwitch(config)#enable secret class

ou

Configurar o endereo IP de gesto

ALSwitch(config)#interface VLAN 1
ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0
ALSwitch(config-if)#no shut
ALSwitch(config-if)#exit
ALSwitch(config)#ip default-gateway 192.168.1.1
Recuperao de passwords
Ligue o switch mantendo pressionado o boto MODE na frente.
D os comandos:
flash_init
load_helper

Academia CISCO da ESTSetbal

Jorge Martins

dir flash:
rename flash:config.text flash:config.old
boot
Apagar a Tabela de Endereos MAC
ALSwitch#clear mac-address-table dynamic

17. SWITCH PORT SECURITY

Configurar a Porta F0/12 de um Switch para funcionar com um nico MAC Address
Switch(config)# interface fastethernet0/12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security violation shutdown
Switch(config-if)# switchport port-security mac-address 0000.02000.0004

18. SWITCHES - VLANS

Ver as VLANs Configuradas
Switch_A#show vlan
Switch_A#show vlan id 2
Switch_A#show vlan name VLAN2
Switch_A#show interface F0/1 switchport
Switch_A#show interface VLAN 1
Criar VLANs
Switch_A#vlan database
Switch_A(vlan)#vlan 2 name VLAN2
Atribuir a Porta F0/2 a uma VLAN
Switch_A(config)#interface fastethernet 0/2
Switch_A(config-if)#switchport mode access
Switch_A(config-if)#switchport access vlan 2
Atribuir as Portas F0/1 a F0/20 VLAN 10
Switch(config)#interface range f0/1 - f0/20 (ou f0/1 20)
Switch_A(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Configurar uma porta F0/1 como Trunk
Switch_A(config)#interface fastethernet 0/1
Switch_A(config-if)#switchport mode trunk
Configurar um Switch como VTP server/client
Switch_A#vlan database
Switch_A(vlan)#vtp {server|client}
Switch_A(vlan)#vtp domain group1
Configurar Sub-Interfaces de um Router para Ligarem a VLAN de Swtchs (Trunk Links) Exemplo apenas
para a VLAN 1
Router_A(config)#interface F0/0
Router_A(config-if)#no shutdown
Router_A(config-if)#interface F0/0.10
Router_A(config-subif)#encapsulation dot1q 10 <- VLAN Number
Router_A(config-subif)#ip address 192.168.1.1 255.255.255.0

Academia CISCO da ESTSetbal

Jorge Martins

19. ANEXO 1 MAPA PARA SUBDIVISO DE UMA CLASSE C

N Hosts
Netmask
WildCard

126
/25
128
127

62
/26
192
63

30
/27
224
31

14
/28
240
15

6
/29
248
7
.0 (1-6)

.0 (1-14)
.8 (9-14)
.0 (1-30)
.16 (17-22)
.16 (17-30)
.24 (25-30)
.0 (1-62)
.32 (33-38)
.32 (33-46)
.40 (42-46)
.32 (33-62)
.48 (49-54)
.48 (49-62)
.56 (57-62)
.0 (1-126)
.64 (65-70)
.64 (65-78)
.72 (73-78)
.64 (65-94)
.80 (81-86)
.80 (81.94)
.88 (89-94)
.64 (65-126)
.96 (97-102)
.96 (97-110)
.104 (105-110)
.96 (97-126)
.112 (113-118)
.112 (113-126)
.120 (121-126)
.128 (129-134)
.128 (129-142)
.136 (137-142)
.128 (129-158)
.144 (145-150)
.144 (145-158)
.152 (153-158)
.128 (129-190)
.160 (161-166)
.160 (161-174)
.168 (169-174)
.160 (161-190)
.176 (177-182)
.176 (177-190)
.184 (185-190)
.128 (129-254)
.192 (193-198)
.192 (193-206)
.200 (201-206)
.192 (193-222)
.208 (209-214)
.208 (209-222)
.216 (217-222)
.192 (193-254)
.224 (225-230)
.224 (225-238)
.232 (233-238)
.224 (225-254)
.240 (241-246)
.240 (241-254)
.248 (249-254)

Sintax: .Endereo da Rede (1 Host - ltimo Host)

2
/30
252
3
.0 (1-2)
.4 (5-6)
.8 (9-10)
.12 (13-14)
.16 (17-18)
.20 (21-22)
.24 (25-26)
.28 (29-30)
.32 (33-34)
.36 (37-38)
.40 (41-42)
.44 (45-46)
.48 (49-50)
.52 (53-54)
.56 (57-58)
.60 (61-62)
.64 (65-66)
.68 (69-70)
.72 (73-74)
.76 (77-78)
.80 (81-82)
.84 (85-86)
.88 (89-90)
.92 (93-94)
.96 (97-98)
.100 (101-102)
.104 (105-106)
.108 (109-110)
.112 (113-114)
.116 (117-118)
.120 (121-122)
.124 (125-126)
.128 (129-130)
.132 (133-134)
.136 (137-138)
.140 (141-142)
.144 (145-146)
.148 (149-150)
.152 (153-154)
.156 (157-158)
.160 (161-162)
.164 (165-166)
.168 (169-170)
.172 (173-174)
.176 (177-178)
.180 (181-182)
.184 (185-186)
.188 (198-190)
.192 (193-194)
.196 (197-198)
.200 (201-202)
.204 (205-206)
.208 (209-210)
.212 (213-214)
.216 (217-218)
.220 (221-222)
.224 (225-226)
.228 (229-230)
.232 (233-234)
.236 (237-238)
.240 (241-242)
.244 (245-246)
.248 (249-250)
.252 (253-254)