ftp 21, telnet 23, http 80 dns 53, ftp-data 20, smtp25, tftp 69.

puertos smb= 13
7,138,139.

configuracion de NAT
ip privadas
10.0.0.0-10.255.255.255 A
172.16.0.0-172.31.255.255 B
192.168.0.0-192.168.255.255 C
inside local=ip privada asignanda al host en mi red
global interna=ip publica asignada a varios host en mi red
direccion externa= ip publica asignada a un host externo a mi red
nat estatico 1a1
ip nat inside source static 10.1.1.2 80.37.203.25
interface s0
ip nat outside
interface e0
ip nat inside
############
nat dinamico
ip nat pool nat-pool 179.9.8.80 179. 9.8.95 netmask 255.255.255.0
access-list 1 permit 192.168.8.0 0.0.0.255
ip nat inside source list 1 pool 1
interface e0
ip nat inside
interface s0
ip nat outside.
##configuracion de pat sobrecargado##
conf# access-list 1 permit 192.168.8.0 0.0.0.255
conf# ip nat inside source lis 1 interface serial0/0/0 overload
##y con pool queda asi###
ip nat pool 1 179.9.8.20 netmask 255.255.255.240 especifico la direccion global
##establecer la traduccion sobrecarga##
ip nat inside source list 1 pool 1 overload
interface e0
ip nat inside
interface s0/0/0
ip nat outside
##limpiar nat##
ip nat trans timeout 3600
##ver configuracion de nat##
show ip nat translations
show ip nat statistics
clear ip nat translation * limpia automaticamen entrada de nat
configurar nat estatico por puerto
ip nat inside source static tcp 192.168.10.5 8080 interface ethernet1/0 8080
##configurar dhcp##
ip dhcp pool pool-named1
network ip-address mask
##dhcp con exclusiones##
ip dhcp excludes-address 172.16.1.1 172.16.1.10
ip dhcp excluded-address 172.16.1.254
ip dhcp pool subnet12
network 172.16.12.0 255.255.255.0
default-router 172.16.12.254
dns-server 172.16.1.2
netbios-name-server 172.16.1.3
domain-name foo.com
acls
sintaxis de estandar
access-list numero deny/permit ip origen wilcard log
interface e0/0
ip access-group 11 in o uot
##acl extended##
access-list 110 deny o permit protocolo origen wilcard-origen ip destino wilcard
destino eq=igual, neq=distinto que, gt=mayor que, lt=menor que
ejemplo: denegar en la interfaz out cualquier paquete icmp que provenga de la re
d 10.1.1.0/24 y el acceso a cualquier puerto telnet por parte de una host de esa
red
access-list 101 deny icmp 10.1.1.0 0.0.0.255 any
access-list 101 deny tcp 10.1.1.0 0.0.0.255 any eq 23
access-list 101 deny permit any any
##acls nombradas##
ip access-list extended/standar name
##agregar acls a lineas vty##
access-list 2 permit 172.16.1.0 0.0.0.255
access-list 2 deny any
line vty 0 4
login password secret
access-class 2 in
##ejemplo de acl##
*access-list 101 deny ip host 172.17.0.3 host 10.0.0.5
* access-list 101 permit ip any any
* interface FastEthernet0/0
* ip address 172.17.0.1 255.255.0.0
* ip access-group 101 in
denegar pin pero si poder hacer pin en host especifico
access-list 101 deny icmp host 192.168.191.2 any echo-reply
access-list 101 permit ip any any
##acl nombrada con nat##
ip nat pool ACCES0-INTERNET RANGO IP NETMASK
ip access-list extended LISTA-REDB
permit 192.168.191.0 0.0.0.15 any
ip nat inside source list LISTA-REDB pool ACCESO-INTERNET
ip nat inside source list interface/pool overload.
access list para protocolo de capa 4
access-list 114 permit tcp 172.16.6.0 0.0.0.255 any eq telnet
access-list 114 permit tcp 172.16.6.0 0.0.0.255 any eq ftp
access-list 114 permit tcp 172.16.6.0 0.0.0.255 eq ftp-data.
##otro ejemplo de acl##
denegar http de los primeros 25 host de la red 12.0.0.0/8 hacia el server 13.0.0
.3
access-list 100 deny tcp 12.0.0.0 0.0.0.15 13.0.0.3 0.255.255.0.
access-list 100 deny tcp 12.0.0.15 0.0.0.7 13.0.0.3 0.255.255.0 eq 80
access-list 100 deny tcp 12.0.0.24 0.0.0.1 13.0.0.3 0.255.255.0 eq 80
access-list 100 permit ip any any.