# Apontamentos Packet Tracer TIIGR0917A ## Aviso Todos os comandos que se seguem são puros exemplos e devem ser adaptados de acordo com os exercicios que estão a fazer Se quiserem podem meter mais apontamentos desde que ajudem no desenvolvimento de exercicios ## Telnet & SSH ### Telnet: SW username (“username”) secret (“password”) enable secret (“password”) line con 0 login local line vty 0 15 login local int vlan 1 ip address (“ip na mesma rede de quem vai aceder”) ("subnet) no shutdown do wr ### SSH: SW hostname (“nome do equipamento”) ip domain-name (“nome do dominio”) username (“username”) secret (“password”) enable secret (“password”) line con 0 login local line vty 0 15 login local int vlan 1 ip address (“ip na mesma rede de quem vai aceder”) ("subnet) no shutdown crypto key generate rsa 1024 ip ssh authentications-retry (“numero de tentativas para logar”) ip ssh time-out (“segundos para meter a password”) ip ssh version 2 do wr ## Tunneling: RT interface tunnel (“numero da interface”) ip address (“ip”) tunnel source (“porta do router”) tunnel destination (“ip next-hop”) tunnel mode gre ip do wr ## Voip Neste tutorial usei: 1 Router 2811 1 Switch 2 Ip Phones (Networking) RT enable configure terminal int (a que estiver ligada a rede com os telefones) ip address (gateway da rede) (subnet) no shutdown (Configure DHCP) ip dhcp pool (nome da pool) network (ip de rede) (subnet) default-router (gateway da rede) option 150 ip (gateway da rede) exit (Telephony Service) telephony-service max-dn 25 max-ephones (numero de telefones) ip source-address (gateway da rede) port 2000 exit (Configure Vlan) SW enable configure terminal interface range fastEthernet (primeira interface) - (ultima interface) switchport mode access switchport voice vlan 1 exit (Configure Phone Numbers) telephony-service auto assign 1 to 5 exit ephone-dn 1 number (numero para se dar ao telefone 1) exit ephone-dn 2 number (numero para se dar ao telefone 2) ## Port Security isto é um exemplo todos os comandos abaixo devem ser adaptados para as redes que estiverem a ser trabalhadas [switch]int fa 0/1 [switch]switchport mode access [switch]switchport port-security [switch]switchport port-security mac-address sticky [switch]switchport port-security mac-address [mac-address] (o que estiver conectado a interface que está em causa) [switch]switchport port-security violation shutdown (pode ser shutdown, restrict, protect) ## BGP Network Protocol RT router bgp (“numero da lista”) - todas as listas têm que ter numeros diferentes network (“ip network”) mask (“mask”) neighbor (“ip vizinho”) remote-as (“numero da lista do router vizinho”) ## IPV6 ### IPV6 Auto Config Router [config]ipv6 unicast-routing [config]interface gig 0/1 [config-if]ipv6 enable [config-if]ipv6 address autoconfig [config-if]ipv6 add 2000::/64 eui-64 [config-if]no shutdown #show ipv6 brief gig 0/1 __ PC desktop > ip configuration: ipv6 auto config ### IPV6 Static Config Router [config]interfa gig 0/1 [config-if]ipv6 enable [config-if]ipv6 address 2000::1/64 [config-if]no shutdown __ PC desktop > ip configuration: ipv6 static ### IPV6 Static Routing RT1.1[config]ipv6 unicast-routing RT1.1[config]ipv6 route 2000:2::/64 2001::20 RT1.2[config]ipv6 unicast-routing RT1.2[config]ipv6 route 2000:1::/64 2001::10 ### IPV6 Rip Routing RT2.1[config]ipv6 unicast-routing RT2.1[config]interface gig 0/1 RT2.1[config-if]ipv6 rip net1 enable RT2.1[config-if]exit RT2.1[config]interface se 0/3/0 RT2.1[config-if]ipv6 rip net1 enable RT2.2[config]ipv6 unicast-routing RT2.2[config]interface gig 0/1 RT2.2[config-if]ipv6 rip net1 enable RT2.2[config-if]exit RT2.2[config]interface se 0/3/0 RT2.2[config-if]ipv6 rip net1 enable ## Standard Access List Server Router access-list 1 deny host 192.168.20.1 int se 0/0/0 and 0/0/1 (se0/0/0 ou se0/0/1) ip access-group 1 in access-list 1 permit any ## Extended Access List ip access-list extended (nome) ? ## ASA5505 ### Vlans interface vlan 1 no ip address exit no dhcpd address 192.168.1.5-192.168.1.35 inside interface vlan 1 ip address (“ip gateway da rede interior”) (“subnet”) no shutdown nameif inside security-level 100 interface vlan 2 ip address (“ip da rede entre a firewall e o router”) (“subnet”) no shutdown nameif outside security-level 0 ### Ethernet interface ethernet (“porta da rede interior”) switchport access vlan 1 (optional) - porque a porta ja está na vlan 1 por default interface ethernet (“porta da rede entre a firewall e o router”) switchport access vlan 2 ### DHCP and DNS dhcpd address 172.16.1.5-172.16.1.6 inside dhcpd dns 8.8.8.8 interface inside ### Default Route route outside 0.0.0.0 0.0.0.0 (“ip da porta do router”) Object Network and NAT object network LAN subnet 172.16.1.0 255.255.255.0 nat (inside, outside) dynamic interface ### Access-List access-list inside_outside extended permit tcp any any access-list inside_outside extended permit icmp any any access-list inside_outside extended permit udp any any access-group inside_outside in interface outside ## NTP Server Ativar o serviço Router [config]ntp server (ip server ntp) [config]ntp update-calendar [config]do show clock ## SYSLOG Server Ativar o serviço Router [config]service timestamps log datetime msec [config]loggin host (ip do server syslog) [config]logging on ## EIGRP Router [config]router eigrp 1 [config]network (ip network wildcard) ## Radius Server Ativar hostname client - client ip (1 ip do client) secret (key do radius server) escolher opção tacacs username password (que vao ser usadas) Router [config]aaa new-model [config]aaa authentication login default group radius local [config]line con 0 [config]login authentication default [config]line vty 0 15 [config]login authentication default [config]radius-server host (ip do radius server) key (key escolhida) ## Encapsulations exe: Router int gi 0/0.20 - recomendavel meter o nº da vlan encapsulation (nº da vlan) ## Static Route ip route (rede) (subnet) (neighbor add) exe: ip route 10.0.0.16 255.255.255.252 10.0.0.2