Está en la página 1de 3

R1(config)#enable secret class R1(config)#line console 0 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#logging synchronous R1(config-line)#exit R1(config)#line vty R1(config)#line vty

0 14 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#end R1#copy running-config startup-config PC>telnet 172.30.1.6 Trying 172.30.1.6 ...Open User Access Verification Password: R2>exit

Router# configure terminal R1(config)#ip http server R1(config)#ip http secure-server R1(config)#ip http authentication local R1(config)#ip http timeout-policy idle 600 life 86400 requests 10000

R1(config)#interface serial 0/0/1 R1(config-if)#encapsulation frame-relay R1(config-if)#interface serial 0/0/1.101 point-to-point R1(config-subif)#frame-relay interface-dlci 101 R1(config-subif)#ip address 10.10.10.1 255.255.255.252 R2(config)#interface serial 0/0/1 R2(config-if)#encapsulation frame-relay R2(config-if)#interface serial 0/0/1.101 point-to-point R2(config-subif)#frame-relay interface-dlci 201 R2(config-subif)#ip address 10.10.10.2 255.255.255.252

R2(config)# ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask255.255 .255.224 !--Defines a pool of public IP addresses under the pool name NAT-POOL1 R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255 !--Defines which addresses are eligible to be translated R2(config)# ip nat inside source list 1 pool NAT-POOL1 !--Binds the NAT pool with ACL 1 R2(config)# interface serial 0/0/0

R2(config-if)# ip nat inside !--Identifies interface Serial 0/0/0 as an inside NAT interface R2(config-if)# interface serial s0/1/0 R2(config-if)# ip nat outside !--Identifies interface Serial 0/1/0 as the outside NAT interface. R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255 !--Defines which addresses are eligible to be translated R2(config)# ip nat inside source list 1 interface serial 0/1/0 overload !--Identifies the outside interface Serial 0/1/0 as the inside global address to !--be overloaded R2(config)# interface serial 0/0/0 R2(config-if)# ip nat inside !--Identifies interface Serial 0/0/0 as an inside NAT interface R2(config-if)# interface serial s0/1/0 R2(config-if)# ip nat outside

R2(config)#access-list 1 permit 172.16.1.128 0.0.0.127 !--Defines which addresses are eligible to be translated R2(config)#ip nat inside source list 1 interface serial 0/1/0 overload !--Identifies the outside interface Serial 0/1/0 as the inside global address to !--be overloaded R2(config)#interface serial 0/0/0 R2(config-if)# ip nat inside !--Identifies interface Serial 0/0/0 as an inside NAT interface R2(config-if)# interface serial s0/1/0 R2(config-if)# ip nat outside R1(config)#access-list 50 deny 172.16.1.128 0.0.0.63 R1(config)#access-list 50 permit any R1(config)#access-list 50 deny any R1(config)#access-list 50 remark Prevent all hosts from the R3 LAN from accessin g hosts on the R1 LAN R1(config)#interface FastEthernet 0/0 R1(config-if)#ip access-group 50 in

VRF allows you to have seperate route tables. So an ISP can keep its customers s eperate on a common infrastructure. VRF-Lite allows router to have different routes for a group of interfaces so dep artment X can not route to department Y on the same router but both departments can share the connection to the cloud. VRF: is a VPN routing and forwarding instance that have set of routes and polic ies required by each organization. Each VRF has the following tables: 1- a set of routes and policies for that vrf. 2- a cef table asscociated with it In short: VRF is used to seperate/isolate between Networks and to make each vrf instance seperate entity.

R2(config)#ip access-list extended FIREWALL R2(config-ext-nacl)#remark Deny all ping requests,telnet and HTTP traffic from I nternet (HTTPS 443 is still allowed) R2(config-ext-nacl)#deny icmp any any R2(config-ext-nacl)#deny tcp any any eq 23 R2(config-ext-nacl)#deny tcp any any eq 80 R2(config-ext-nacl)#permit ip any any R2(config-ext-nacl)#deny ip any any R2(config)#interface Serial 0/1/0 R2(config-if)#ip access-group FIREWALL in

También podría gustarte