Ip domain-name cisco.

com
router1 debe tener un largo de 10
router2 debe tener un largo de 8
router3 debe tener un largo de 12
CONFIGURACION DE PRIVILEGIOS
Username cisco privileg 15 sec
security password min-length 10
service password encripton
exec-time out 2 0
user cisco nivel 15
user hp nivel 15
ip ssh version?
COMO PROTEGER EQUIPO DE INTENTOS FALLIDOS HACIA EL ROUTER
ip access-list standard admin-access
permit IP wilcard
show access-list
login block-for 120 attempts 3 within 60
login delay 10
login on-success log
login on-failure log
login quiet-mode access-list
------------------------------------------------------------------------------------------------------------------------CREAR USUARIOS CON NIVEL
-Usuario nivel 7
>>>puede levantar protocolos de enrutamiento
-Usuario nivel 5 (menor a 7)
>>>puede grabar configuracion
-Usuario nivel 9 (crear passw para nivel 9)
>>>access-list
>>>>line vty 0 4
CONFIGURACION DE TIME
exec time out 0
CREAR USUARIOS
#user level 5 privileg 5 secret 1234567890
#user level 7 privileg 7 secret 1234567890
#user level 9 privileg 9 secret 1234567890
(do show run | in username) (para ver usuarios creados)
(do show run | in privileg) (para ver privilegios de usuarios)
USUARIO NIVEL 5
#privileg exec level 5 write memory

USUARIO NIVEL 7 (levantar OSPF)

#privileg
#privileg
#username
#privileg

exec level 7 configure terminal

configure all level 7 route
nivel 7 privileg 7 secret
exec level 7 configure terminal

QUITAR PRIVILEGIOS
privileg route level
privileg route level
privileg route level
privileg route level
privileg route level
privileg route level
privileg route level
privileg route level
privileg route level

7
7
7
7
7
7
7
7
7

network
no autosumary-interface
no passive-interface
no version
ip router-id
no default-information
no neighbord
no redistribute
no ospf

USUARIO NIVEL 9 (bajar ospf y luego levantar)

#privileg configure all level 9 access-list
#privileg configure all level 9 line vty 0 4
CREAR ACCESS-LIST ESTANDAR
#access-list 1 permit IP WILCARD
#access-list 1 permit IP WILCARD
-------------------------------------------------------------------------------------------------------------------------CREAR VISTAS SIMPLES (VIEW)
enable view root (para habilitar aaa)
AAA new-model
CREAR VISTA 1
parser view VISTA1
secret 12345
comands exec include-exclusive show version
comands exec include-exclusive configure terminal
comands exec include-exclusive ping
show run | secret line
enable view root
comands exec include configure terminal
comands configure include all ip access-list
comands configure include all access-list
comands exec include show ip route
comands exec include show ip interface
CREAR VISTA 2
parser view VISTA2
secret 12345
comands exec include-exclusive show version
comands exec include debug

comands exec include configure terminal

comands configure include all interface
comands configure include all route-map
CREAR VISTA 3
parser view VISTA3
secret vista3
comands exec include configure terminal
comands configure include all route
comands exec include write memory
USUARIO DE VISTA1 PODRA HACER LO MISMO QUE VISTA3
#user VISTA1 view VISTA3

secret 123456

CREAR SUPER VISTA (agrupa las tres vistas y sus privilegios)

#parser view allview superview
#secret allview
#view VISTA1
#view VISTA2
#view VISTA3
enable view VISTA1
show parser view (para ver vista)