Escenario 1

Instrucciones
Parte 1: Inicializar y Recargar y Configurar aspectos basicos de los dispositivos
Paso 1: Inicializar y volver a cargar el router y el switch
• Borre las configuraciones de inicio y las VLAN del router y del switch y vuelva a cargar
los dispositivos.
Se procede a realizar la la verificacion que configuracion tiene el router en su sistema con

el comando show runnig-config
Router>enable
Router#show running-config
Building configuration...
Current configuration : 651 bytes

!
version 16.6.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0/0
no ip address
duplex auto
speed auto
shutdown
!
no ip address
duplex auto
speed auto
shutdown
!
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Ilustración 1
Podemos observar que el router no tiene ninguna configuración pero para asegura el
proceso se realiza el proceso de reset a través del apagado del equipo, en el momento de su
inicio se preciona las teclas ctrl + c , dejandonos en room 1 y se realiza el proceso que se
especifica en la imagen.
no valid BOOT image found
Final autoboot attempt from default boot device...
Located isr4300-universalk9.16.06.04.SPA.bin
#################################################
monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0x2142
rommon 2 > reset
Initializing Hardware ...
Checking for PCIe device presence...done

System integrity status: 0x610
Rom image verified correctly
System Bootstrap, Version 16.7(3r), RELEASE SOFTWARE

Copyright (c) 1994-2018 by cisco Systems, Inc.
Current image running: Boot ROM0
Last reset cause: LocalSoft

Cisco ISR4331/K9 platform with 4194304 Kbytes of main memory
no valid BOOT image found

Final autoboot attempt from default boot device...
Located isr4300-universalk9.16.06.04.SPA.bin
#########################################################################
#################################################
Package header rev 1 structure detected
IsoSize = 550114467
Calculating SHA-1 hash...Validate package: SHA-1 hash:
calculated 444F4D02:44C58887:D9C8942B:C557D3CF:2A14247E
expected 444F4D02:44C58887:D9C8942B:C557D3CF:2A14247E
RSA Signed RELEASE Image Signature Verification Successful.

Image validated
Restricted Rights Legend
Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.

170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software[Everest], ISR Software(X86_64_LINUX_IOSD - UNIVERSALK9 -

M), Version 16.6.4, RELEASE SOFTWARE(fc3)
Technical Support : http://www.cisco.com/techsupport
Copyright(c) 1986 - 2018 by Cisco Systems, Inc.
Compiled Sun 08 - Jul - 18 04:33 by mcpre
Cisco IOS - XE software, Copyright(c) 2005 - 2018 by cisco Systems, Inc.

All rights reserved.Certain components of Cisco IOS - XE software are
licensed under the GNU General Public License("GPL") Version 2.0.The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.You can redistribute and / or modify such
GPL code under the terms of GPL Version 2.0.For more details, see the
documentation or "License Notice" file accompanying the IOS - XE software,
or the applicable URL provided on the flyer accompanying the IOS - XE
software.
This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to

export@cisco.com.
cisco ISR4331/K9 (1RU) processor with 1795999K/6147K bytes of memory.

Processor board ID FLM232010G0
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3207167K bytes of flash memory at bootflash:.
0K bytes of WebUI ODM Files at webui:.
Ilustración 2
Se realiza el proceso para borrar Swichet 1.

Primero se verifica que configuración tiene. Con el comando show vlan, donde se puede
observar que no tiene configuración:
Switch>enable
Switch#show vlan
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
Remote SPAN VLANs

------------------------------------------------------------------------------
Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------
Ilustración 3
Procedemos a borrar la configuración con los comandos, erase startup-config, delete

flash:vlan.dat, reload
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]s
Delete of flash:/vlan.dat aborted!
Switch#delete
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]c
Delete of flash:/vlan.dat aborted!
Switch#on
Translating "on"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
Switch#reload
System configuration has been modified. Save? [yes/no]:
% Please answer 'yes' or 'no'.
System configuration has been modified. Save? [yes/no]:yes
Building configuration...
[OK]
Proceed with reload? [confirm]
C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE SOFTWARE
(fc4)
Cisco WS-C2960-24TT (RC32300) processor (revision C0) with 21039K bytes of memory.
2960-24TT starting...
Base ethernet MAC Address: 0040.0BA1.B63B
Xmodem file system is available.
Initializing Flash...
flashfs[0]: 2 files, 0 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 64016384
flashfs[0]: Bytes used: 4671535
flashfs[0]: Bytes available: 59344849
flashfs[0]: flashfs fsck took 1 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3

Parameter Block Filesystem (pb:) installed, fsid: 4
Loading "flash:/2960-lanbasek9-mz.150-2.SE4.bin"...
#########################################################################
# [OK]
Smart Init is enabled
smart init is sizing iomem
TYPE MEMORY_REQ
TOTAL: 0x00000000
Rounded IOMEM up to: 0Mb.
Using 6 percent iomem. [0Mb/512Mb]
Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE4,
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 26-Jun-13 02:49 by mnguyen
Initializing flashfs...
fsck: Disable shadow buffering due to heap fragmentation.
flashfs[2]: 2 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 32514048
flashfs[2]: Bytes used: 11952128
flashfs[2]: Bytes available: 20561920
flashfs[2]: flashfs fsck took 2 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Checking for Bootloader upgrade..
Boot Loader upgrade not required (Stage 2)
POST: CPU MIC register Tests : Begin
POST: CPU MIC register Tests : End, Status Passed
POST: PortASIC Memory Tests : Begin
POST: PortASIC Memory Tests : End, Status Passed
POST: CPU MIC interface Loopback Tests : Begin
POST: CPU MIC interface Loopback Tests : End, Status Passed
POST: PortASIC RingLoopback Tests : Begin
POST: PortASIC RingLoopback Tests : End, Status Passed
POST: PortASIC CAM Subsystem Tests : Begin
POST: PortASIC CAM Subsystem Tests : End, Status Passed
POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed
Waiting for Port download...Complete
This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco WS-C2960-24TT-L (PowerPC405) processor (revision B0) with 65536K bytes of
memory.
Processor board ID FOC1010X104
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:17:59:A7:51:80
Motherboard assembly number : 73-10390-03
Power supply part number : 341-0097-02
Motherboard serial number : FOC10093R12
Power supply serial number : AZS1007032H
Model revision number : B0
Motherboard revision number : B0
Model number : WS-C2960-24TT-L
System serial number : FOC1010X104
Top Assembly Part Number : 800-27221-02
Top Assembly Revision Number : A0
Version ID : V02
CLEI Code Number : COM3L00BRA
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------
* 1 26 WS-C2960-24TT-L 15.0(2)SE4 C2960-LANBASEK9-M
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE4,

RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 26-Jun-13 02:49 by mnguyen
Ilustración 4
 Después de recargar el switch, configure la plantilla SDM para que admita IPv6
según sea necesario y vuelva a cargar el switch.
 Switch#enable
 Switch#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 Switch(config)#sdm prefer ?
 default Default bias
 dual-ipv4-and-ipv6 Support both IPv4 and IPv6
 lanbase-routing Lanbase routing
 qos Qos bias
 Switch(config)#sdm prefer dual-ipv4-and-ipv6 ?
 default Default bias
 Switch(config)#sdm prefer dual-ipv4-and-ipv6 default
 Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
 Use 'show sdm prefer' to see what SDM preference is currently active.
 Switch(config)#
Paso 2: Configurar R1
Las tareas de configuración para R1 incluyen las siguientes:
 Desactivar la búsqueda DNS
Router>enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip domain-lookup
Router(config)#
Ilustración 5
 Nombre del Router R1
Router(config)#hostname R1
R1(config)#
Ilustración 6
 Nombre de dominio ccna-lab.com
R1(config)#ip domain-name ccna-lab.com

R1(config)#
Ilustración 7
 Contraseña cifrada para el modo EXEC privilegiado

R1(config)#enable secret ciscoenpass
R1(config)#
Ilustración 8
 Contraseña de acceso a la consola
R1(config)#line console 0
R1(config-line)#password ciscoconpass
R1(config-line)#login
R1(config-line)#exit
R1(config)#
Ilustración 9
Ilustración 10
 Establecer la longitud mínima para las contraseñas
R1(config)#security password min-length 10
Ilustración 11
 Crear un usuario administrativo en la base de datos local

R1(config)#username SSHadmin privilege 1 secret admin1pass
R1(config)#
Ilustración 12
 Configurar el inicio de sesión en las líneas VTY para que use la base de datos local
Configurar VTY solo aceptando SSH
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local
R1(config-line)#
Ilustración 13
 Cifrar las contraseñas de texto no cifrado
R1(config)#service password-encryption
R1(config)#
Ilustración 14
 Configure un MOTD Banner
R1(config)#banner motd $El acceso no autorizado esta prohibido!$

R1(config)#
Ilustración 15
 Habilitar el routing IPv6
R1(config)#ipv6 unicast-routing
R1(config)#
Ilustración 16
 Configurar interfaz G0/0/1.2 y subinterfaces
R1(config)#interface gigabitethernet 0/0/1.2

R1(config-subif)#encapsulation dotlq 2
^
% Invalid input detected at '^' marker.
R1(config-subif)#encapsulation ?
dot1Q IEEE 802.1Q Virtual LAN
R1(config-subif)#encapsulation dot1q
% Incomplete command.
R1(config-subif)#encapsulation dot1q ?
<1-4094> IEEE 802.1Q VLAN ID
R1(config-subif)#encapsulation dot1q 2
R1(config-subif)#ip address 10.21.5.1 255.255.255.192
R1(config-subif)#ipv6 address 2001:db5:acad:a::1/64
R1(config-subif)#description link to LAN 1
R1(config-subif)#no shutdown
R1(config-subif)#exit
R1(config)#
Ilustración 17
Configurar interfaz G0/0/1.3 y subinterfaces
R1#conf t
R1(config-subif)#ipv6 address 2001:db5:acad:b::1/64
R1(config)#
Ilustración 18
Configurar interfaz G0/0/1.4 y subinterfaces

R1(config-subif)#ipv6 address 2001:db5:acad:c::1/64
R1(config)#
Ilustración 19
 Configurar la interface Loopback 0
R1(config)#interface loopback 0
R1(config-if)#ip address 209.165.201.1 255.255.255.224
R1(config-if)#ipv6 address 2001:db8:acad:209::1/64
R1(config-if)#ipv6 address fe80::1 link-local
R1(config-if)#
Ilustración 20
 Generar una clave de cifrado RSA

R1#conf t
R1(config)#crypto key generate rsa
The name for the keys will be: R1.ccna-lab.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
R1(config)#
Ilustración 21
 Se activan todas las interfaces de G0/0/1
R1(config)#interface g0/0/1
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1,

changed state to up
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1.2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1.2,

changed state to up

changed state to up

changed state to up
R1(config-if)#exit
 Se adicionan mascara Ipv6 Fe80::1

R1(config-subif)#ipv6 address fe80::1 link-local
R1(config-subif)#interface gigabitethernet 0/0/1.3
R1(config-subif)#interface gigabitethernet 0/0/1.4
R1(config-subif)#
Ilustración 22. mascara ipv6 R1
Paso 3: Configure S1 y S2.
Configuracion de swichet S1
Las tareas de configuración incluyen lo siguiente:
 Desactivar la búsqueda DNS
Swicht(config)#no ip domain-lookup
Swicht(config)#
Ilustración 23 Desactivación DNS en S1
 Nombre del switch

Swicht(config)#hostname S1
S1(config)#
Ilustración 24 Nombre del Swichet
 Nombre de dominio
S1(config)#ip domain-name ccna-lab.com
S1(config)#
 Contraseña cifrada para el modo EXEC privilegiado

S1(config)#enable secret ciscoenpass
S1(config)#
Ilustración 25 Contraseña cifrada modo EXEC
 Contraseña de acceso a la consola

S1(config)#line console 0
S1(config-line)#password ciscoconpass
S1(config-line)#login
S1(config-line)#
Ilustración 26 Contraseña acceso consola S1
 Crear un usuario administrativo en la base de datos local
S1(config-line)#username SSHadmin privilege 1 secret admin1pass

S1(config)#
Ilustración 27 usuario administrativo en base de datos local
 Configurar el inicio de sesión en las líneas VTY para que use la base de datos local
y Configurar las líneas VTY para que acepten únicamente las conexiones SSH
S1(config)#line vty 0 4
S1(config-line)#transport input ssh
S1(config-line)#login local
S1(config-line)#
Ilustración 28 sesion VTY conexion SSH base de datos local
 Cifrar las contraseñas de texto no cifrado
S1(config)#service password-encryption
S1(config)#
Ilustración 29 Cifrar contraseñas S1

 Configurar un MOTD Banner
S1(config)#banner motd $El acceso no autorizado esta prohibido!$

S1(config)#
Ilustración 30 Banner S1
S1(config)#crypto key generate rsa

The name for the keys will be: S1.ccna-lab.com
a few minutes.

S1(config)#
Ilustración 31 Clave cifrada RSA S1
 Configurar la interfaz de administración (SVI) y Configuración del gateway

predeterminado
S1#conf t
S1(config)#interface vlan 4
S1(config-if)#ip address 10.21.5.98 255.255.255.248
S1(config-if)#ip default-gateway 10.21.5.97
S1(config-if)#ipv6 address 2001:db5:acad:c::98/64
S1(config-if)#ipv6 address fe80::98 link-local
S1(config-if)#no shutdown
S1(config-if)#
Ilustración 32 configuracion vlan 4 S1
Configuración del Swichet S2.

Switch#conf t
Switch(config)#no ip domain-lookup
Switch(config)#hostname S2
S2(config)#ip domain-name ccna-lab.com
S2(config)#enable secret ciscoenpass
S2(config)#line console 0
S2(config-line)#password ciscoconpass
S2(config-line)#login
S2(config-line)#username SSHadmin privilege 1 secret admin1pass
S2(config)#line vty 0 4
S2(config-line)#transport input ssh
S2(config-line)#login local
S2(config-line)#exit
S2(config)#service password-encryption
S2(config)#banner motd $El acceso no autorizado no esta autorizado!$
a few minutes.

S2(config)#
Ilustración 33 config S2
 Configurar la interfaz de administración (SVI)

S2#conf t
S2(config-if)#ip address 10.21.5.99 255.255.255.248
S2(config-if)#ip default-gateway 10.21.5.97
S2(config-if)#ipv6 address 2001:db5:acad:c::99/64
S2(config-if)#ipv6 address fe80::99 link local
^
S2(config-if)#ipv6 address fe80::99 link-local

S2(config-if)#no shutdown
S2(config-if)#
Ilustración 34 Direccionamiento S2

% You already have RSA keys defined named S2.ccna-lab.com .
% Do you really want to replace them? [yes/no]: 1024
% Do you really want to replace them? [yes/no]:
% Do you really want to replace them? [yes/no]: y
a few minutes.

S2(config)#
Ilustración 35 generar RSA S2
Parte 2: Configuración de la infraestructura de red (VLAN, Trunking, EtherChannel)
Paso 4: Configurar S1
La configuración del S1 incluye las siguientes tareas:

 Crear VLAN
S1(config)#vlan 2
S1(config-vlan)#name Bikes
S1(config-vlan)#exit
S1(config)#vlan 3
S1(config-vlan)#name Trikes
S1(config)#vlan 4
S1(config-vlan)#
%LINK-5-CHANGED: Interface Vlan4, changed state to up
S1(config-vlan)#name Management
S1(config)#vlan 5
S1(config-vlan)#name Parking
S1(config)#vlan 6
S1(config-vlan)#name Native
Ilustración 36 Nombre de las vlan
 Crear troncos 802.1Q que utilicen la VLAN 6 nativa

S1(config-if)#exit
S1(config)#interface f0/1
S1(config-if)#switchport trunk native vlan 6
S1(config-if)#exit
S1(config-if)#exit
S1(config-if)#
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
FastEthernet0/1 (6), with S2 FastEthernet0/1 (1).

switchport trunk native vlan 6
S1(config-if)#
Ilustración 37Crear vlan Nativa S1
 Crear un grupo de puertos EtherChannel de Capa 2 que use interfaces F0/1 y F0/2
S1(config)#interface range fastethernet0/1 - 2

S1(config-if-range)#channel-group 1 mode active
S1(config-if-range)#
Creating a port-channel interface Port-channel 1
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed

state to down

state to up

state to down

state to up

S1(config-if-range)#interface port-channel 1
S1(config-if)#switchport mode trunk
Ilustración 38 grupos de puertos capa 2
 Configurar el puerto de acceso de host para VLAN 2
S1(config-if)#switchport access vlan 2
Ilustración 39 Puerto de acceso vlan 2
 Configurar la seguridad del puerto en los puertos de acceso
S1(config-if)#interface f0/6
S1(config-if)#switchport port-security
Command rejected: FastEthernet0/6 is a dynamic port.
S1(config-if)#switchport port-security maxima 3
^
S1(config-if)#switchport port-security maximum 3

S1(config-if)#
Ilustración 40seguridad de puertos de acceso
 Proteja todas las interfaces no utilizadas
S1(config-if)#description line Interface no usada
S1(config-if)#shutdown
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively

down

down

down

down

down
%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to

administratively down












S1(config-if)#interface g0/1
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to

%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to
S1(config-if)#
Ilustración 41 Proteccion de interfaces no utilizadas S1.
Paso 5: Configure el S2.
Entre las tareas de configuración de S2 se incluyen las siguientes:

 Crear VLAN
S2(config)#vlan 2
S2(config-vlan)#name Bikes
S2(config)#vlan 3
S2(config-vlan)#name Trikes
S2(config)#vlan 4
S2(config-vlan)#
%LINK-5-CHANGED: Interface Vlan4, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan4, changed state to

up
S2(config)#vlan 4
S2(config-vlan)#name Management
S2(config)#vlan 5
S2(config-vlan)#name Parking
S2(config)#vlan 6
S2(config-vlan)#name Native
Ilustración 42. Nombre de las Vlan S2
 Crear troncos 802.1Q que utilicen la VLAN 6 nativa

S2(config-if)#%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking
FastEthernet0/1 on VLAN0006. Port consistency restored.
%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on

VLAN0001. Port consistency restored.
S2(config-if)#e
xit
S2(config-if)#exit
Ilustración 43. configuracion vlan nativa S2
 Crear un grupo de puertos EtherChannel de Capa 2 que use interfaces F0/1 y F0/2
S2(config)#interface range fastethernet0/1-2
S2(config-if-range)#channel-group 1 mode active
S2(config-if-range)#
Creating a port-channel interface Port-channel 1
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to
down
up
down
up
%LINK-5-CHANGED: Interface Port-channel1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to
up
S2(config-if-range)#interface port-channel 1
S2(config-if)#switchport mode trunk
S2(config-if)#
Ilustración 44 Configuración de grupo puertos Ethernet S2
 Configurar el puerto de acceso del host para la VLAN 3
S2(config-if)#swichport access vlan 3
^

S2(config-if)#
Ilustración 45 Configuración de puerto de acceso vlan 3 S2
 Configure port-security en los access ports

S2(config-if)#switchport port-security
Command rejected: FastEthernet0/18 is a dynamic port.
S2(config-if)#switchport port-security maximum 3
S2(config-if)#
Ilustración 46 Configuración de puerto de acceso con seguridad
 Asegure todas las interfaces no utilizadas.

S2(config-if)#exit
S2(config-if)#description ?
LINE Up to 240 characters describing this interface
S2(config-if)#description line ?
<cr>
S2(config-if)#description line $Interface no usada$
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down

S2(config-if)#do show vlan brief







S2(config-if)#








S2(config-if)#



S2(config-if)#

%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively

down
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively

down
S2(config-if)#
Ilustración 47 Asegurar todas las interfas no utilizadas

Parte 2: Configurar soporte de host
Paso 1: Configure R1
Las tareas de configuración para R1 incluyen las siguientes:

 Configure Default Routing
Crear rutas predeterminadas para IPv4 e IPv6 que dirijan el tráfico a la interfaz
Loopback 0
Ipv4:
R1(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.0

R1(config)#
Figure 1 configuración por defecto router Ipv4
Ipv6:
R1(config)#ipv6 route ::/0 2001:db8:acad:209::0
R1(config)#
Figure 2 configuración por defecto router Ipv6
 Configurar IPv4 DHCP para VLAN 2

R1#conf t
R1(config)#ip dhcp pool vlan 2
^
R1(config)#ip dhcp pool vlan2

R1(dhcp-config)#network 10.21.5.o 255.255.255.0
^
R1(dhcp-config)#network 10.21.5.0 255.255.255.0

R1(dhcp-config)#dns-server 10.21.5.0
R1(dhcp-config)#domain-name ccna-a.net
R1(dhcp-config)#ip dhcp excluded-address 10.21.5.1 10.21.5.245
R1(config)#
Figure 3 Configuracion DHCP R1 vlan 2
 Configurar DHCP IPv4 para VLAN 3

R1(config)#interface vlan3
R1(config-if)#ip dhcp pool vlan3
R1(dhcp-config)#network 10.21.5.0 255.255.255.0
R1(dhcp-config)#dns-server 10.21.5.0
R1(dhcp-config)#domain-name ccna-b.net
R1(dhcp-config)#ip dhcp excluded-address 10.21.5.1 10.21.5.245
R1(config)#
Figure 4 configuracion DHCP vlan 3 R1

Escenario 1

Cargado por

Información del documento

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Escenario 1

Cargado por

Copyright:

Formatos disponibles

Instrucciones

Parte 1: Inicializar y Recargar y Configurar aspectos basicos de los dispositivos

Paso 1: Inicializar y volver a cargar el router y el switch

Se procede a realizar la la verificacion que configuracion tiene el router en su sistema con

Current configuration : 651 bytes

Checking for PCIe device presence...done

System Bootstrap, Version 16.7(3r), RELEASE SOFTWARE

Current image running: Boot ROM0

Last reset cause: LocalSoft

no valid BOOT image found

RSA Signed RELEASE Image Signature Verification Successful.

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

cisco Systems, Inc.

Cisco IOS Software[Everest], ISR Software(X86_64_LINUX_IOSD - UNIVERSALK9 -

Cisco IOS - XE software, Copyright(c) 2005 - 2018 by cisco Systems, Inc.

This product contains cryptographic features and is subject to United

If you require further assistance please contact us by sending email to

cisco ISR4331/K9 (1RU) processor with 1795999K/6147K bytes of memory.

Se realiza el proceso para borrar Swichet 1.

VLAN Name Status Ports

Remote SPAN VLANs

Primary Secondary Type Ports

Procedemos a borrar la configuración con los comandos, erase startup-config, delete

Boot Sector Filesystem (bs:) installed, fsid: 3

Restricted Rights Legend

This product contains cryptographic features and is subject to United

Switch Ports Model SW Version SW Image

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE4,

según sea necesario y vuelva a cargar el switch.

 Nombre del Router R1

 Nombre de dominio ccna-lab.com

R1(config)#ip domain-name ccna-lab.com

 Contraseña cifrada para el modo EXEC privilegiado

 Contraseña de acceso a la consola

 Establecer la longitud mínima para las contraseñas

R1(config)#security password min-length 10

 Crear un usuario administrativo en la base de datos local

 Cifrar las contraseñas de texto no cifrado

 Configure un MOTD Banner

R1(config)#banner motd $El acceso no autorizado esta prohibido!$

 Habilitar el routing IPv6

R1(config)#interface gigabitethernet 0/0/1.2

Configurar interfaz G0/0/1.4 y subinterfaces

 Configurar la interface Loopback 0

 Generar una clave de cifrado RSA

How many bits in the modulus [512]: 1024

 Se activan todas las interfaces de G0/0/1

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1,

%LINK-5-CHANGED: Interface GigabitEthernet0/0/1.2, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1.2,

%LINK-5-CHANGED: Interface GigabitEthernet0/0/1.3, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1.3,

%LINK-5-CHANGED: Interface GigabitEthernet0/0/1.4, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1.4,

 Se adicionan mascara Ipv6 Fe80::1

Ilustración 22. mascara ipv6 R1

Paso 3: Configure S1 y S2.

Ilustración 23 Desactivación DNS en S1

 Nombre del switch

Ilustración 24 Nombre del Swichet

 Contraseña cifrada para el modo EXEC privilegiado

Ilustración 25 Contraseña cifrada modo EXEC

 Contraseña de acceso a la consola