Caso de estudio(ccna4)
-
Upload
irwin-viteri -
Category
Technology
-
view
537 -
download
0
description
Transcript of Caso de estudio(ccna4)
{https://twitter.com/IrWiN_ViTeRi} Página 1 de 23
ACADEMIA
REGIONAL CISCO
ESPOL CCNA 4
Acceso a la WAN
CASO DE ESTUDIO
NOMBRE: IRWIN ALBERTO VITERI RAMBAY
PROFESOR: Ing. JAIME LUCERO
{https://twitter.com/IrWiN_ViTeRi} Página 2 de 23
OBJETIVOS
{https://twitter.com/IrWiN_ViTeRi} Página 3 de 23
ROUTER ISP hostname ISP
! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
! ip dhcp excluded-address 10.10.0.1 ip dhcp excluded-address 10.10.0.5
! ip dhcp pool LANisp
network 10.10.0.0 255.255.0.0 default-router 10.10.0.1 dns-server 10.10.0.5
! no ip domain-lookup
! spanning-tree mode pvst
! interface FastEthernet0/0 ip address 10.10.0.1 255.255.0.0
ip access-group 110 in ip nat inside
duplex auto speed auto !
interface FastEthernet0/1 no ip address
{https://twitter.com/IrWiN_ViTeRi} Página 4 de 23
duplex auto
speed auto shutdown
! interface Serial0/0/0 ip address 192.168.4.97 255.255.255.252
encapsulation frame-relay frame-relay map ip 192.168.4.98 101 broadcast
ip nat outside ! interface Serial0/0/1
no ip address shutdown
! interface Vlan1 no ip address
shutdown !
ip nat pool pool-NATisp 192.168.100.11 192.168.100.20 netmask 255.255.255.0
ip nat inside source list listaNAT pool pool-NATisp ip nat inside source static 10.10.0.1 192.168.100.1 ip classless
ip route 172.16.0.0 255.255.0.0 192.168.4.98 ip route 192.168.0.0 255.255.0.0 192.168.4.98
! ip access-list extended listaNAT permit ip 10.10.0.0 0.0.255.255 any
access-list 110 permit tcp host 10.10.0.5 host 192.168.2.2 eq telnet access-list 110 permit tcp host 10.10.0.5 host 192.168.1.130 eq telnet
access-list 110 permit tcp host 10.10.0.5 host 192.168.4.98 eq telnet ! banner motd
*******************************UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
! line con 0 password cisco
logging synchronous login
! line aux 0 !
line vty 0 4 password cisco
logging synchronous login line vty 5 15
password cisco logging synchronous
login end
{https://twitter.com/IrWiN_ViTeRi} Página 5 de 23
{https://twitter.com/IrWiN_ViTeRi} Página 6 de 23
{https://twitter.com/IrWiN_ViTeRi} Página 7 de 23
{https://twitter.com/IrWiN_ViTeRi} Página 8 de 23
{https://twitter.com/IrWiN_ViTeRi} Página 9 de 23
ISP(config)#access-list 110 permit tcp host 10.10.0.5 host 192.168.4.98 eq telnet ISP(config)#access-list 110 permit tcp host 10.10.0.5 host 192.168.2.2 eq telnet ISP(config)#access-list 110 permit tcp host 10.10.0.5 host 192.168.1.130 eq telnet ISP(config)#end ISP(config)#interface fastEthernet 0/0 ISP(config-if)#ip access-group 110 in ISP(config-if)#end
Solamente desde el Servidor DNS se puede hacer Telnet a los ruteadores.
{https://twitter.com/IrWiN_ViTeRi} Página 10 de 23
{https://twitter.com/IrWiN_ViTeRi} Página 11 de 23
{https://twitter.com/IrWiN_ViTeRi} Página 12 de 23
ROUTER SIDNEY hostname SIDNEY
! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1 !
aaa new-model !
aaa authentication login SIDNEY_LOCAL local ! username AUCKLAND password 7 080D786B5D
username SIDNEY password 7 0822455D0A16 !
no ip domain-lookup ! spanning-tree mode pvst
! interface FastEthernet0/0
ip address 172.16.4.1 255.255.255.0 duplex auto
speed auto ! interface FastEthernet0/1
no ip address duplex auto
speed auto shutdown !
interface Serial0/1/0 ip address 192.168.4.98 255.255.255.252
encapsulation frame-relay frame-relay map ip 192.168.4.97 101 broadcast ip access-group 110 out
! interface Serial0/1/1
no ip address shutdown !
interface Serial0/3/0 ip address 192.168.1.129 255.255.255.252
clock rate 64000 ! interface Serial0/3/1
ip address 192.168.2.1 255.255.255.252 encapsulation ppp
ppp authentication chap ! interface Vlan1
no ip address
{https://twitter.com/IrWiN_ViTeRi} Página 13 de 23
shutdown
! router eigrp 100
redistribute static network 192.168.1.128 0.0.0.3 network 192.168.2.0 0.0.0.3
network 172.16.4.0 0.0.0.255 no auto-summary
! ip classless ip route 0.0.0.0 0.0.0.0 192.168.4.97
! access-list 110 permit udp any host 192.168.4.97 eq domain
access-list 110 permit tcp any host 192.168.4.97 eq smtp access-list 110 permit tcp any host 192.168.4.97 eq www access-list 110 deny ip any any
! banner motd
*******************************UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
! line con 0 logging synchronous
login authentication SIDNEY_LOCAL !
line aux 0 ! line vty 0 4
logging synchronous login authentication SIDNEY_LOCAL
line vty 5 15 logging synchronous login authentication SIDNEY_LOCAL
end
{https://twitter.com/IrWiN_ViTeRi} Página 14 de 23
{https://twitter.com/IrWiN_ViTeRi} Página 15 de 23
{https://twitter.com/IrWiN_ViTeRi} Página 16 de 23
SIDNEY(config)#access-list 110 permit udp any host 192.168.4.97 eq domain SIDNEY(config)#access-list 110 permit tcp any host 192.168.4.97 eq smtp SIDNEY(config)#access-list 110 permit tcp any host 192.168.4.97 eq www SIDNEY(config)#access-list 110 deny ip any any SIDNEY(config)#int s0/1/0 SIDNEY(config-if)#ip access-group 110 out SIDNEY(config-if)#end
{https://twitter.com/IrWiN_ViTeRi} Página 17 de 23
ROUTER TOKYO hostname TOKYO
! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
! no ip domain-lookup !
spanning-tree mode pvst !
interface FastEthernet0/0 ip address 172.16.20.1 255.255.255.0 duplex auto
speed auto !
interface FastEthernet0/1 no ip address duplex auto
speed auto shutdown
! interface Serial0/2/0 ip address 192.168.1.130 255.255.255.252
! interface Serial0/2/1
no ip address shutdown !
interface Vlan1 no ip address
shutdown ! router eigrp 100
network 172.16.20.0 0.0.0.255 network 192.168.1.128 0.0.0.3
auto-summary ! ip classless
! banner motd �
*******************************UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.�
! line con 0 password cisco
logging synchronous login
! line aux 0 !
{https://twitter.com/IrWiN_ViTeRi} Página 18 de 23
line vty 0 4
password cisco logging synchronous
login line vty 5 15 password cisco
logging synchronous login
! end
{https://twitter.com/IrWiN_ViTeRi} Página 19 de 23
{https://twitter.com/IrWiN_ViTeRi} Página 20 de 23
ROUTER AUCKLAND hostname AUCKLAND
! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
! username SIDNEY password 7 080D786B5D !
no ip domain-lookup !
spanning-tree mode pvst ! interface FastEthernet0/0
ip address 172.16.15.1 255.255.255.0 duplex auto
speed auto ! interface FastEthernet0/1
no ip address duplex auto
speed auto shutdown !
interface Serial0/1/0 ip address 192.168.2.2 255.255.255.252
encapsulation ppp ppp authentication chap clock rate 64000
! interface Serial0/1/1
no ip address shutdown !
interface Vlan1 no ip address
shutdown ! router eigrp 100
network 192.168.2.0 0.0.0.3 network 172.16.15.0 0.0.0.255
no auto-summary !
ip classless ! banner motd �
*******************************UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.�
! line con 0 password 7 0822455D0A16
{https://twitter.com/IrWiN_ViTeRi} Página 21 de 23
logging synchronous
login !
line aux 0 ! line vty 0 4
password 7 0822455D0A16 logging synchronous
login line vty 5 15 password 7 0822455D0A16
logging synchronous login
! end
{https://twitter.com/IrWiN_ViTeRi} Página 22 de 23
{https://twitter.com/IrWiN_ViTeRi} Página 23 de 23