domingo, 22 de mayo de 2016

Listas de Control de Acceso Estándar


Armar la maqueta propuesta.


Se habilita protocolo de ruteo para que sean alcanzadas todas las redes.

Router2(config)#router rip
Router2(config-router)#net
Router2(config-router)#network 200.210.222.128
Router2(config-router)#network 200.210.221.0
Router2(config-router)#network 200.210.222.132
Router2(config-router)#version 2

 

Verificar mediante ping coneactividad.


 

 

 

 

 

 

 

 

 

 

 

 

 

 

Habilitar acceso por terminal virtual VTY.

Router2(config)#username admin secret ccna
Router2(config)#ip domain name cisco.com
Router2(config)#line vty 0 4
Router2(config-line)#enable secret class
Router2(config-line)#tran
Router2(config-line)#transport inp
Router2(config-line)#transport input ssh
Router2(config-line)#login local
Router2(config-line)#exit
Router2(config)#ip  ssh version 2

 

 

 Verificar que las PC puedan administrar remotamente a los routers:

login as: admin
Using keyboard-interactive authentication.
Password:
router_1>en
Password:
router_1#
 

 Aplicar listas de acceso a las interfaces para que las PC no accedan por administración remota.

Router2(config)#acc
Router2(config)#access-list 10 deny 200.210.220.2
Router2(config)#no access-list 10 deny 200.210.221.2
Router2(config)#access-list 10 deny 200.210.222.2
Router2(config)#permit any
Router2(config)#int g 0/0
Router2(config-if)#ip access-group 10 in
Router2(config-line)#access-class 10 in

Contestar las siguientes preguntas.

A.-Funcionan los pings entre PC´s?
        Si 
   
     B.- ¿Cómo se podría limitar el acceso a la consola sin limitar todo el tráfico?
         Con un rango especifico de redes a denegar y agregando el comando permit any al final.

 

Aplicar misma lista de control de acceso a terminales virtuales.

Router2(config)#int g 0/0
Router2(config-if)#ip access-group 10 in
Router2(config-if)#line vty 0 4
Router2(config-line)#access
Router2(config-line)#access-class 10 in
Router2(config-line)#end

 

 


Se ejecuta comando show running-config:

router_1#show running-config
Building configuration...

Current configuration : 1961 bytes
!
! Last configuration change at 02:27:44 UTC Fri May 6 2016
!

!
router rip
 version 2
 network 200.210.220.0
 network 200.210.222.0
 --More--         !
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
access-list 10 permit 200.210.220.2
access-list 10 deny   200.210.220.2
access-list 10 deny   200.210.221.2
access-list 10 deny   200.210.222.2
access-list 10 permit any
access-list 101 deny   tcp 10.0.0.0 0.31.255.255 10.64.0.0 0.31.255.255 eq www
access-list 101 permit ip any any
!
control-plane
!
!
!
line con 0
line aux 0
 --More--         line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 10 in
 login local
 transport input ssh
!
scheduler allocate 20000 1000
!
end

router_1# exit

 


Publicado por en No hay comentarios:

domingo, 1 de mayo de 2016

OSPF de área única

1. Armar la maqueta propuesta configurando solo interfaces ethernet y serial. Noteque la maqueta propuesta utiliza VLSM

2. Verificar conectividad con PING desde el Router hacia PC y Router vecinos.

Despues de introducir los comandos correspondientes para configurar las interfaces seriales y gigabyte, se realiza ping a los routers vecinos y a la PC conectada al router siendo el ping exitoso.

3. Habilite OSPF de área 0

Router(config)#router ospf 1
Router(config-router)# network 200.210.220.0 0.0.0.255 area 0
Router(config-router)# network 200.210.222.128 0.0.0.3 area 0
Router(config-router)#end

4. Verificar el anuncio de redes con "show ip route"

Router#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      200.210.220.0/24 is variably subnetted, 2 subnets, 2 masks
C        200.210.220.0/24 is directly connected, GigabitEthernet0/0
L        200.210.220.1/32 is directly connected, GigabitEthernet0/0
O     200.210.221.0/24 [110/65] via 200.210.222.130, 00:01:25, Serial0/0/1
      200.210.222.0/24 is variably subnetted, 4 subnets, 3 masks
O        200.210.222.0/25 [110/129] via 200.210.222.130, 00:01:25, Serial0/0/1
C        200.210.222.128/30 is directly connected, Serial0/0/1
L        200.210.222.129/32 is directly connected, Serial0/0/1
O        200.210.222.132/30
           [110/128] via 200.210.222.130, 00:01:25, Serial0/0/1

5. Conteste las siguientes preguntas:

○ ¿Cuantas redes aparecen en la tabla de enrrutamiento?
Aparecen 5 redes, 3 por OSPF y 2 Directamente conectadas.
○ ¿Cuantas deberían de aparecer?
5 redes.

6. Verifique estatus de OSPF

○ show ip ospf
Router#sh ip ospf
 Routing Process "ospf 1" with ID 200.210.222.129
 Start time: 00:41:22.652, Time elapsed: 00:05:38.500
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Supports NSSA (compatible with RFC 3101)
 Event-log enabled, Maximum number of events: 1000, Mode: cyclic
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 --More--         Number of areas transit capable is 0
 External flood list length 0
 IETF NSF helper support enabled
 Cisco NSF helper support enabled
 Reference bandwidth unit is 100 mbps
    Area BACKBONE(0) (Inactive)
        Number of interfaces in this area is 2
    Area has no authentication
    SPF algorithm last executed 00:04:07.416 ago
    SPF algorithm executed 1 times
    Area ranges are
    Number of LSA 1. Checksum Sum 0x00556C
    Number of opaque link LSA 0. Checksum Sum 0x000000
    Number of DCbitless LSA 0
    Number of indication LSA 0
    Number of DoNotAge LSA 0
    Flood list length 0

○ show ip ospf neighbor
Router#show ip ospf interface
Serial0/0/0 is down, line protocol is down
  Internet Address 200.210.222.129/30, Area 0, Attached via Network Statement
  Process ID 1, Router ID 200.210.222.129, Network Type POINT_TO_POINT, Cost: 64
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           64        no          no            Base
  Transmit Delay is 1 sec, State DOWN
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
GigabitEthernet0/0 is up, line protocol is up
  Internet Address 200.210.220.1/24, Area 0, Attached via Network Statement
  Process ID 1, Router ID 200.210.222.129, Network Type BROADCAST, Cost: 1
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 200.210.222.129, Interface address 200.210.220.1
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:03
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/1, flood queue length 0
 --More--           Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)

Router#sh ip  ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
200.210.222.133   0   FULL/  -        00:00:34    200.210.222.130 Serial0/0/1

○ show ip ospf interface

7. Documente:

○ Las direcciones de los neighbors
200.210.222.133   0   FULL/  -        00:00:34    200.210.222.130 Serial0/0/1
○ Identifique el Designated Router
Designated Router (ID) 200.210.222.129, Interface address 200.210.220.1
○ Anote cual es la distancia administrativa de OSPF:
  Length: 84
Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)