Apontamentos Packet Tracer TIIGR0917A

# Apontamentos Packet Tracer TIIGR0917A # Aviso Todos os comandos que se seguem são puros exemplos e devem ser adaptados de acordo com os exercicios que estão a fazer Se quiserem podem meter mais apontamentos desde que ajudem no desenvolvimento de exercicios ## Telnet & SSH Telnet: SW username (“username”) secret (“password”) enable secret (“password”) line con 0 login local line vty 0 15 login local int vlan 1 ip address (“ip na mesma rede de quem vai aceder”) ("subnet) no shutdown do wr SSH: SW hostname (“nome do equipamento”) ip domain-name (“nome do dominio”) username (“username”) secret (“password”) enable secret (“password”) line con 0 login local line vty 0 15 login local int vlan 1 ip address (“ip na mesma rede de quem vai aceder”) ("subnet) no shutdown crypto key generate rsa 1024 ip ssh authentications-retry (“numero de tentativas para logar”) ip ssh time-out (“segundos para meter a password”) ip ssh version 2 do wr ## Tunneling: RT interface tunnel (“numero da interface”) ip address (“ip”) tunnel source (“porta do router”) tunnel destination (“ip next-hop”) tunnel mode gre ip do wr ## Voip Neste tutorial usei: 1 Router 2811 1 Switch 2 Ip Phones (Networking) RT enable configure terminal int (a que estiver ligada a rede com os telefones) ip address (gateway da rede) (subnet) no shutdown (Configure DHCP) ip dhcp pool (nome da pool) network (ip de rede) (subnet) default-router (gateway da rede) option 150 ip (gateway da rede) exit (Telephony Service) telephony-service max-dn 25 max-ephones (numero de telefones) ip source-address (gateway da rede) port 2000 exit (Configure Vlan) SW enable configure terminal interface range fastEthernet (primeira interface) - (ultima interface) switchport mode access switchport voice vlan 1 exit (Configure Phone Numbers) telephony-service auto assign 1 to 5 exit ephone-dn 1 number (numero para se dar ao telefone 1) exit ephone-dn 2 number (numero para se dar ao telefone 2) ## Port Security isto é um exemplo todos os comandos abaixo devem ser adaptados para as redes que estiverem a ser trabalhadas [*switch*]int fa 0/1 [*switch*]switchport mode access [*switch*]switchport port-security [*switch*]switchport port-security mac-address sticky [*switch*]switchport port-security mac-address [*mac-address*] (o que estiver conectado a interface que está em causa) [*switch*]switchport port-security violation shutdown (pode ser shutdown, restrict, protect) ## BGP Network Protocol RT router bgp (“numero da lista”) - todas as listas têm que ter numeros diferentes network (“ip network”) mask (“mask”) neighbor (“ip vizinho”) remote-as (“numero da lista do router vizinho”) ## IPV6 IPV6 Auto Config Router [*config*]ipv6 unicast-routing [*config*]interface gig 0/1 [*config-if*]ipv6 enable [*config-if*]ipv6 address autoconfig [*config-if*]ipv6 add 2000::/64 eui-64 [*config-if*]no shutdown #show ipv6 brief gig 0/1 __ PC desktop > ip configuration: ipv6 auto config IPV6 Static Config Router [*config*]interfa gig 0/1 [*config-if*]ipv6 enable [*config-if*]ipv6 address 2000::1/64 [*config-if*]no shutdown __ PC desktop > ip configuration: ipv6 static IPV6 Static Routing RT1.1[*config*]ipv6 unicast-routing RT1.1[*config*]ipv6 route 2000:2::/64 2001::20 RT1.2[*config*]ipv6 unicast-routing RT1.2[*config*]ipv6 route 2000:1::/64 2001::10 IPV6 Rip Routing RT2.1[*config*]ipv6 unicast-routing RT2.1[*config*]interface gig 0/1 RT2.1[*config-if*]ipv6 rip net1 enable RT2.1[*config-if*]exit RT2.1[*config*]interface se 0/3/0 RT2.1[*config-if*]ipv6 rip net1 enable RT2.2[*config*]ipv6 unicast-routing RT2.2[*config*]interface gig 0/1 RT2.2[*config-if*]ipv6 rip net1 enable RT2.2[*config-if*]exit RT2.2[*config*]interface se 0/3/0 RT2.2[*config-if*]ipv6 rip net1 enable ## Standard Access List Server Router access-list 1 deny host 192.168.20.1 int se 0/0/0 and 0/0/1 (se0/0/0 ou se0/0/1) ip access-group 1 in access-list 1 permit any ## Extended Access List ip access-list extended (nome) ? ## ASA5505 Vlans interface vlan 1 no ip address exit no dhcpd address 192.168.1.5-192.168.1.35 inside interface vlan 1 ip address (“ip gateway da rede interior”) (“subnet”) no shutdown nameif inside security-level 100 interface vlan 2 ip address (“ip da rede entre a firewall e o router”) (“subnet”) no shutdown nameif outside security-level 0 Ethernet interface ethernet (“porta da rede interior”) switchport access vlan 1 (optional) - porque a porta ja está na vlan 1 por default interface ethernet (“porta da rede entre a firewall e o router”) switchport access vlan 2 DHCP and DNS dhcpd address 172.16.1.5-172.16.1.6 inside dhcpd dns 8.8.8.8 interface inside Default Route route outside 0.0.0.0 0.0.0.0 (“ip da porta do router”) Object Network and NAT object network LAN subnet 172.16.1.0 255.255.255.0 nat (inside, outside) dynamic interface Access-List access-list inside_outside extended permit tcp any any access-list inside_outside extended permit icmp any any access-list inside_outside extended permit udp any any access-group inside_outside in interface outside ## NTP Server NTP Server Ativar o serviço Router [*config*]ntp server (ip server ntp) [*config*]ntp update-calendar [*config*]do show clock ## SYSLOG Server SYSLOG Server Ativar o serviço Router [*config*]service timestamps log datetime msec [*config*]loggin host (ip do server syslog) [*config*]logging on EIGRP Router [*config*]router eigrp 1 [*config*]network (ip network wildcard) ## Radius Server Radius Server Ativar hostname client - client ip (1 ip do client) secret (secret do client) escolher opção tacacs username password (que vao ser usadas) Router [*config*]aaa new-model [*config*]aaa authentication login default group radius local [*config*]line con 0 [*config*]login authentication default [*config*]aaa authentication login TELNET-LOGIN local [*config*]line vty 0 15 [*config*]login authentication default ## Encapsulations exe: Router int gi 0/0.20 - recomendavel meter o nº da vlan encapsulation (nº da vlan)