Upload
rolf-ramaker
View
32
Download
0
Embed Size (px)
DESCRIPTION
you shouldnt read this
Citation preview
enable
show vtp status
show vtp counters
show vlan brief
show interface fastethernet 0/1 switchport
show interfaces trunk
config t
vtp domain <naam>
vtp version <nummer>
vtp mode client
vtp password <pass>
vtp pruning
vlan <nummer> (ook 99 (trunk)
name <naam>
interface fastethernet 0/1
switchport mode trunk
switchport mode access
switchport trunk native vlan 99
switchport access vlan 10
interface range fa0/1-24
shutdown
//standaardmeuk
Switch(config)#hostname S1
S1(config)#enable secret class
S1(config)#no ip domain-lookup
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#end
//banner
banner motd # blablabla#
//set default route
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
//enable ripv2
RouterA(config)#router rip
RouterA(config-router)#version 2
RouterA(config-router)#network 192.168.10.0
RouterA(config-router)#network 195.14.25.0
RouterA(config-router)#network 195.14.125.0
RouterA(config-router)#no auto-summary
//enable ripv2 set passive and acl
ip route 0.0.0.0 0.0.0.0 s0/1/0
router rip
version 2
network 192.168.20.0
network 10.1.1.0
default-information originate
passive-interface s0/1/0
passive-interface fa0/1
no auto-summary
ip access-list extended FIREWALL
permit tcp host 192.168.1.10 host 192.168.20.254 eq www
permit tcp host 192.168.2.10 host 192.168.20.254 eq www
permit icmp any any echo-reply
permit tcp any any established
deny ip any any
int s0/1/0
ip access-group FIREWALL in
S1#copy running-config startup-config
//port security
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address sticky
//spanning tree
enable
show spanning tree
int f0/1
spanning-tree portfast
spanning-tree cost 25
spanning-tree port priority 112 (default is 128)
no spanning-tree cost
------------init config
Switch>enable
Switch#config term
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#enable secret class
S1(config)#no ip domain-lookup
S1(config)#ip default-gateway 172.17.99.1
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#copy running-config startup-config
Destination filename [startup-config]? [enter]
Building configuration...
------------config interface to acces mode
S2(config)#interface fa0/6
S2(config-if)#switchport mode access
S2(config-if)#no shutdown
S2(config-if)#interface fa0/11
S2(config-if)#switchport mode access
S2(config-if)#no shutdown
S2(config-if)#interface fa0/18
S2(config-if)#switchport mode access
S2(config-if)#no shutdown
-------------config vtp mode
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain Lab6
Changing VTP domain name from NULL to Lab6
S1(config)#vtp password cisco
Setting device VLAN database password to cisco
S1(config)#end
---------------config trunking ports on switches
S1(config)#interface fa0/1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk native vlan 99
S1(config-if)#no shutdown
S1(config)#end
------------config vlans on server switch
S1(config)#vlan 99
S1(config-vlan)#name management
S1(config)#vlan 10
S1(config-vlan)#name faculty-staff
S1(config)#vlan 20
S1(config-vlan)#name students
S1(config)#vlan 30
S1(config-vlan)#name guest
S1(config-vlan)#end
--------------config managament interface
S1(config)#interface vlan99
S1(config-if)#ip address 172.17.99.11 255.255.255.0
S2(config)#interface vlan99
S2(config-if)#ip address 172.17.99.12 255.255.255.0
S3(config)#interface vlan99
S3(config-if)#ip address 172.17.99.13 255.255.255.0
-------------config vlans to s2
S2(config)#interface fa0/6
S2(config-if)#switchport access vlan 30
S2(config-if)#interface fa0/11
S2(config-if)#switchport access vlan 10
S2(config-if)#interface fa0/18
S2(config-if)#switchport access vlan 20
S2(config-if)#end
S2#copy running-config startup-config
Destination filename [startup-config]? [enter]
Building configuration...
[OK]
--------------config router als router on a stick
R1(config)#interface fastethernet 0/0
R1(config-if)#no shutdown
R1(config-if)#interface fastethernet 0/0.1
R1(config-subif)#encapsulation dot1q 1
R1(config-subif)#ip address 172.17.1.1 255.255.255.0
R1(config-if)#interface fastethernet 0/0.10
R1(config-subif)#encapsulation dot1q 10
R1(config-subif)#ip address 172.17.10.1 255.255.255.0
R1(config-if)#interface fastethernet 0/0.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 172.17.20.1 255.255.255.0
R1(config-if)#interface fastethernet 0/0.30
R1(config-subif)#encapsulation dot1q 30
R1(config-subif)#ip address 172.17.30.1 255.255.255.0
R1(config-if)#interface fastethernet 0/0.99
R1(config-subif)#encapsulation dot1q 99 native
R1(config-subif)#ip address 172.17.99.1 255.255.255.0
-----------------------------------------------------------ppp
------------------ospf (optional)
router ospf 1
network 192.168.0.1 0.0.0.255 area 0
------------------ospf with simple auth
R2(config)#interface S0/0/0
R2(config-if)#ip ospf authentication
R2(config-if)#ip ospf authentication-key cisco123
------------------ospf with md5 auth
R2(config)#interface S0/0/0
R2(config-if)#ip ospf authentication
R2(config-if)#ip ospf authentication-key cisco123
-------------------static default route to isp
ip route 0.0.0.0 0.0.0.0 s0/1/0
default-information originate
---------------------ppp with PAP
R1(config)#username R2 password cisco123
R1(config)#interface s0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication pap
R1(config-if)#ppp pap sent-username R1 password cisco123
R1(config-if)#end
---------------------ppp with chap
R3(config)#username R2 password cisco123
R3(config)#interface s0/0/1
R3(config-if)#encapsulation ppp
R3(config-if)#ppp authentication chap
-----------------------------------------------------------frame relay
---------enable
R1(config)#interface serial0/0/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no shutdown
--------map
R1(config-if)#frame-relay map ip 10.1.1.2 102 broadcast
R1(config-if)#frame-relay map ip 10.1.1.3 103 broadcast
-----------conf ansi as LMI type
R1(config-if)#frame-relay lmi-type ansi
----------------------------------------------------------ACL
standard 1-99 extended 100+
---------------standaard
R1(config)#access-list 10 deny 192.168.10.0 0.0.0.255
R1(config)#access-list 10 permit any
R1(config)#interface fa0/1
R1(config-if)#ip access-group 10 out
---------------named acl
R3(config)#ip access-list standard NO_ACCESS
R3(config-std-nacl)#deny host 192.168.30.128
R3(config-std-nacl)#permit any
R3(config)#interface fa0/0
R3(config-if)#ip access-group NO_ACCESS in
------------- extended acl
R1(config)#access-list 110 deny tcp 192.168.10.0 0.0.0.255 any eq telnet
R1(config)#access-list 110 deny udp 192.168.10.0 0.0.0.255 host 192.168.20.254 eq tftp
R1(config)#access-list 110 permit ip any any
R1(config)#interface fa0/0
R1(config-if)#ip access-group 110 in
-----------------------------------------------------------DHCP
-----------excluded address range
R1(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.9
-----------config address pool
R3(config)#ip dhcp pool R3LAN
R3(dhcp-config)#network 192.168.30.0 255.255.255.0
R3(dhcp-config)#default-router 192.168.30.1
R3(dhcp-config)#dns-server 192.168.20.254
------------nat
R2(config)#ip nat inside source static 192.168.20.254 209.165.202.131
------------dynamic nat
R2(config)#ip access-list standard R2NAT
R2(config-std-nacl)# permit 192.168.10.0 0.0.0.255
R2(config-std-nacl)# permit 192.168.20.0 0.0.0.255
R2(config-std-nacl)# permit 192.168.30.0 0.0.0.255
R2(config)#ip nat pool R2POOL 209.165.202.128 209.165.202.130 netmask 255.255.255.252
R2(config)#ip nat inside source list R2NAT pool R2POOL overload
interface s0/0/0
ip nat inside
of
ip nat outside
-------------show nat
show ip nat translations
7.5.1
R1:
hostname R1
enable secret class
line vty 0 4
password cisco
login
line con 0
password cisco
login
exit
banner motd %AUTHORIZED ACCESS ONLY!%
int fa0/0
ip addr 192.168.10.1 255.255.255.0
no shut
int fa0/1
ip addr 192.168.11.1 255.255.255.0
no shut
int s0/0/0
ip addr 10.1.1.1 255.255.255.252
clock rate 64000
no shut
exit
username R2 password cisco123
int s0/0/0
encapsulation ppp
ppp authentication chap
exit
router ospf 1
network 192.168.10.0 0.0.0.255 area 0
network 192.168.11.0 0.0.0.255 area 0
network 10.1.1.0 0.0.0.3 area 0
passive-interface fa0/0
passive-interface fa0/1
exit
ip dhcp excluded-address 192.168.10.1 192.168.10.9
ip dhcp excluded-address 192.168.11.1 192.168.11.9
ip dhcp pool R1LAN1
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.20.254
exit
ip dhcp pool R1LAN2
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
dns-server 192.168.20.254
!
R2:
hostname R2
enable secret class
line vty 0 4
password cisco
login
line con 0
password cisco
login
exit
banner motd %AUTHORIZED ACCESS ONLY!%
int fa0/0
ip addr 192.168.20.1 255.255.255.0
no shut
int s0/0/0
ip addr 10.1.1.2 255.255.255.252
no shut
int s0/0/1
ip addr 10.2.2.1 255.255.255.252
no shut
clock rate 64000
int s0/1/0
ip addr 209.165.200.225 255.255.255.224
no shut
exit
username R1 password cisco123
int s0/0/0
encapsulation ppp
ppp authentication chap
exit
username R3 password cisco123
int s0/0/1
encapsulation ppp
ppp authentication chap
exit
router ospf 1
network 192.168.20.0 0.0.0.255 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.2.2.0 0.0.0.3 area 0
passive-interface fa0/0
default-information originate
exit
ip route 0.0.0.0 0.0.0.0 s0/1/0
ip access-list standard R2NAT
permit 192.168.10.0 0.0.0.255
permit 192.168.20.0 0.0.0.255
permit 192.168.30.0 0.0.0.255
permit 192.168.11.0 0.0.0.255
exit
int fa0/0
ip access-group R2NAT in
exit
ip nat inside source static 192.168.20.254 209.165.202.131
ip nat pool R2POOL 209.165.202.129 209.165.202.130 netmask 255.255.255.252
int fa0/0
ip nat inside
int s0/0/0
ip nat inside
int s0/0/1
ip nat inside
int s0/1/0
ip nat outside
exit
ip nat inside source list R2NAT pool R2POOL overload
!
R3:
hostname R3
enable secret class
line vty 0 4
password cisco
login
line con 0
password cisco
login
exit
banner motd %AUTHORIZED ACCESS ONLY!%
int fa0/0
ip addr 192.168.30.1 255.255.255.0
no shut
int s0/0/1
ip addr 10.2.2.2 255.255.255.252
clock rate 64000
no shut
exit
username R2 password cisco123
int s0/0/1
encapsulation ppp
ppp authentication chap
exit
router ospf 1
network 192.168.30.0 0.0.0.255 area 0
network 10.2.2.0 0.0.0.3 area 0
passive-interface fa0/0
exit
ip dhcp excluded-address 192.168.30.1 192.168.30.9
ip dhcp pool R3LAN
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 192.168.20.254
!
ISP:
ip route 209.165.202.128 255.255.255.224 s0/0/0
!
PC1, 2, 3:
Go to config tab and click DHCP
pt practica sba