06-17-2019 11:07 AM - edited 11-17-2019 12:58 PM
Vtp mode client
vtp domain
switchport mode trunk
switchport trunk allowed vlan
ip dhcp excluded adress (gateway)
ip dhcp pool vlan 31
default-router 192.168.31.1
network 192.168.31.0 255.255.255.0
interface
no shut
int fa0/0.31
encapsulation dot1q 31
ip add 192.168.31.1 255.255.255.0
no shut
========================================================================
hostname CR01
!
!
!
enable secret 5 $1$mERr$qks.ziZQfY6v/mIalE3YO0
!
!
ip dhcp excluded-address 172.17.0.1 172.17.100.0
ip dhcp excluded-address 172.18.0.1 172.18.100.0
ip dhcp excluded-address 172.19.0.1 172.19.100.0
ip dhcp excluded-address 172.31.0.1 172.31.100.0
!
ip dhcp pool STUDENTEN
network 172.17.0.0 255.255.0.0
default-router 172.17.0.1
ip dhcp pool DOCENTEN
network 172.18.0.0 255.255.0.0
default-router 172.18.0.1
ip dhcp pool TOETSING
network 172.20.0.0 255.255.0.0
default-router 172.20.0.1
ip dhcp pool MANAGEMENT
network 172.31.0.0 255.255.0.0
default-router 172.31.0.1
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp key PRESTINA address 120.0.0.10
!
!
!
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
!
crypto map VPN-MAP 10 ipsec-isakmp
set peer 120.0.0.10
set transform-set VPN-SET
match address 110
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0.16
encapsulation dot1Q 16
ip address 172.16.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.17
encapsulation dot1Q 17
ip address 172.17.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.18
encapsulation dot1Q 18
ip address 172.18.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.19
encapsulation dot1Q 19
ip address 172.19.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 172.20.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.31
encapsulation dot1Q 31
ip address 172.31.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/1
ip address 100.0.0.10 255.0.0.0
ip nat outside
duplex auto
speed auto
crypto map VPN-MAP
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 101 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 100.0.0.1
!
ip flow-export version 9
!
!
access-list 101 permit ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 255.0.0.0 0.255.255.255
access-list 110 permit ip 172.16.0.0 0.15.255.255 10.0.0.0 0.255.255.255
!
!
!
!
!
!
line con 0
password console
login
!
line aux 0
!
line vty 0 4
password telnet
login
!
!
!
end
===============================================================================================================================================================================================================================================================================================================================================================================================
hostname CR02
!
!
!
enable secret 5 $1$mERr$qks.ziZQfY6v/mIalE3YO0
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp key PRESTINA address 100.0.0.10
!
!
!
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
!
crypto map VPN-MAP 10 ipsec-isakmp
set peer 100.0.0.10
set transform-set VPN-SET
match address 110
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.0.1 255.255.0.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0.16
encapsulation dot1Q 16
ip address 10.16.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.17
encapsulation dot1Q 17
ip address 10.17.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.18
encapsulation dot1Q 18
ip address 10.18.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.19
encapsulation dot1Q 19
ip address 10.19.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.31
encapsulation dot1Q 31
ip address 10.31.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/1
ip address 120.0.0.10 255.0.0.0
ip nat outside
duplex auto
speed auto
crypto map VPN-MAP
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 101 interface FastEthernet0/1 overload
ip classless
ip route 10.16.0.0 255.240.0.0 10.10.0.2
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
ip flow-export version 9
!
!
access-list 110 permit ip 10.10.0.0 0.0.255.255 172.13.0.0 0.0.255.255
access-list 110 permit ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255
access-list 110 permit ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 110 permit ip host 10.16.50.1 host 172.16.50.1
access-list 110 permit ip host 10.19.50.1 host 172.19.50.1
access-list 101 deny ip 10.10.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.16.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 101 deny ip host 10.16.50.1 host 172.16.50.1
access-list 101 deny ip 10.19.0.0 0.0.255.255 any
access-list 101 deny ip 10.10.0.0 0.0.255.255 any
access-list 101 deny ip 10.16.0.0 0.15.255.255 any
!
!
!
!
!
!
line con 0
password console
login
!
line aux 0
!
line vty 0 4
password telnet
login
!
!
!
end
================================================================================================================================================================================================================================================================================================
================================================================================================
=="..." betekent verzin zelf iets==
==*...* morgen==
//////////////////////
Belangrijke commandos
show vlan brief
traceroute
ping
ip helper-adress
\\\\\\\\\\\\\\\\\\\\\\\
=============================
==CR01==
--Access-lists--
access-list 110 permit ip 172.16.0.0 0.15.255.255 10.0.0.0 0.255.255.255
---------------------
--NAT Access-list--
access-list 101 deny ip 172.16.0.0 0.15.255.255 255.10.0.0 0.255.255.255
access-list 101 permit ip 172.16.0.0 0.15.255.255 any
ip nat inside source list 101 interface fastethernet0/1 overload
----------------------
--VPN--
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key PRESTINA address 120.0.0.10
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
crypto map VPN-MAP 10 ipsec-isakmp
set peer 120.0.0.10
set transform-set VPN-SET
match address 110
interface FastEthernet0/1
crypto map VPN-MAP
---------------------------
=============================
==CR02==
--Access lists--
access-list 110 permit ip 10.10.0.0 0.0.255.255 172.13.0.0 0.0.255.255
access-list 110 permit ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255
access-list 110 permit ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 110 permit ip host 10.16.50.1 host 172.16.50.1
access-list 110 permit ip host 10.19.50.1 host 172.19.50.1
--------------------------------------
-NAT accesslist-
access-list 101 deny ip 10.10.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.16.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 101 deny ip host 10.16.50.1 host 172.16.50.1
access-list 101 deny ip 10.19.0.0 0.0.255.255 any
access-list 101 deny ip 10.10.0.0 0.0.255.255 any
access-list 101 deny ip 10.16.0.0 0.15.255.255 any
ip nat inside source list 101 interface fastethernet0/1 overload
--------------------------------------
--Interfaces--
interface FastEthernet0/0
ip address 10.10.0.1 255.255.0.0
ip nat inside
interface FastEthernet0/1
ip address 120.0.0.10 255.0.0.0
ip nat inside
interface fa0/0.16
encapsulation dot1q 16
ip address 10.16.0.1 255.255.0.0
ip helper-address 10.16.50.1
interface fa0/0.17
encapsulation dot1q 17
ip address 10.17.0.1 255.255.0.0
ip helper-address 10.16.50.1
interface fa0/0.18
encapsulation dot1q 18
ip address 10.18.0.1 255.255.0.0
ip helper-address 10.16.50.1
interface fa0/0.19
encapsulation dot1q 19
ip address 10.19.0.1 255.255.0.0
ip helper-address 10.16.50.1
interface fa0/0.31
encapsulation dot1q 31
ip address 10.31.0.1 255.255.0.0
ip helper-address 10.16.50.1
--------------------------------------
-VPN-
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key PRESTINA address 100.0.0.10
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
crypto map VPN-MAP 10 ipsec-isakmp
set peer 100.0.0.10
set transform-set VPN-SET
match address 110
interface FastEthernet0/1
crypto map VPN-MAP
--------------------------------------
--Routing--
ip route 10.16.0.0 255.240.0.0 10.10.0.2
ip route 0.0.0.0 0.0.0.0 Fastethernet0/1
--------------------------------------
=======================================
==DS02==
--VTP--
vtp domain PRESTINA-2
vtp mode Server
--------------------------------------
--VLAN--
vlan 16
name Algemeen
vlan 17
name Studenten
vlan 18
name Docenten
vlan 19
name Toetsing
vlan 20
name Printers
vlan 31
name Beheer
vlan 88
name Black_Hole
vlan 99
name Native
---------------------------------
--Interfaces--
interface range fa0/1-6
switchport mode access
switchport access vlan 16
interface range fa0/7-8
switchport mode access
switchport access vlan 17
interface range fa0/9-10
switchport mode access
switchport access vlan 18
interface range fa0/11-12
switchport mode access
switchport access vlan 19
interface range fa0/13-14
switchport mode access
switchport access vlan 20
interface range fa0/15-16
switchport mode access
switchport access vlan 31
interface range fa0/17-23
switchport mode access
switchport access vlan 88
shutdown
interface fa0/24
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 17-18,20,31
interface g0/1
no switchport
ip address 10.10.0.2 255.255.0.0
interface g0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 19,31
interface vlan16
ip address 10.16.0.1 255.255.0.0
interface vlan17
ip address 10.17.0.1 255.255.0.0
ip helper-address 10.16.50.1
interface vlan18
ip address 10.18.0.1 255.255.0.0
ip helper-address 10.16.50.1
interface vlan19
ip address 10.19.0.1 255.255.0.0
interface vlan20
ip address 10.20.0.1 255.255.0.0
interface vlan31
ip address 10.31.0.1 255.255.0.0
ip helper-address 10.16.50.1
---------------------------------
--Routing--
ip route 0.0.0.0 0.0.0.0 10.10.0.1
----------------------------------
--Access-lists--
"access-list 117 remark 1: Permit dhcp request deny access to vlan 18 & 19 permit further traffic from vlan 17"
access-list 117 permit udp any any eq bootps
access-list 117 deny ip 10.17.0.0 0.0.255.255 10.18.0.0 0.0.255.255
"access-list 117 remark 2: Deny Student verkeer naar Docenten verkeer"
access-list 117 deny ip 10.17.0.0 0.0.255.255 10.1.0.0 0.0.255.255
"access-list 117 remark 3: Permit overig verkeer vanag vlan 17"
access-list 117 permit ip 10.17.0.0 0.0.255.255 any
interface vlan 17
ip access-group 117 in
* access-list 119 *
------------------------------------
====================================
==AS01==
--VTP--
vtp mode Client
------------------------------------
--Default gateway--
ip default-gateway 10.31.0.1
------------------------------------
--Interfaces--
int range fa0/1-16
switchport mode access
switchport access vlan 17
int range fa0/17-18
switchport mode access
switchport access vlan 18
int range fa0/19-20
switchport mode access
switchport access vlan 20
interface g0/1
switchport mode trunk
switchport trunk allowed vlan 16-18
int vlan31
ip address 10.31.10.1 255.255.0.0
-----------------------------------------
=========================================
==AS-T==
--Default-gateway--
ip default-gateway 10.31.0.1
-----------------------------------------
--Interfaces--
int range fa0/1-24
switchport mode access
switchport access vlan 19
interface g0/2
switchport mode trunk
switchport trunk allowed vlan 19,31
interface vlan 31
ip address 10.31.10.11 255.255.0.0
no sh
==========================================================================================================================================================================================
=======================================================================================================================================================================================================================================================================================
TO TO TO TO
VPN-conf
encr = [aes]
crypto isakmp key [prestina] address [120.0.0 .10]
crypto ipsec transform-set [VPN-set] esp-3des esp-sha-hmac
crypto map [VPN-MAP] 10 ipsec-isakmp
set peer [120.0.0.10]
set transform-set [VPN-SET]
match address [110]
Interface [fast ethernet]
Crypto map [VPN MAP]
=====================
access-list 110 [permit ip 172.16.0.0 0.15.255.255 10.0.0.0.0.255.255.255]
access-list 101 [deny ip 172.16.0.0 0.15.255.255 10.0.0.0.255.255.255]
[access-list 101 permit ip 172.16.0.0.0 0.15.255.255 any]
ip nat inside source list 101 interface fastethernet 0/1 overload]
=======
[2] x switch l2
[3] x switch l3
[1] x router
[4] x server
=============
server dn = 10.18.50.1/16
t server = 10.19.50.1/16
=====
Vlan [18] 10.18.0.1 | 10.18.100.1 | [30]
Vlan [19] 10.19.0.1 | 10.19.100.1 | [30]
Vlan 31 10.31.0.1 [30]
====
brand, type Cisco [2811]
====
interfaces:
fast ethernet0/0 ip 120.0.0.1/16
ip nat [inside]
fastethernet0/1 IP 120.0.0.10/8
ip nat [inside]
===
VPN-conf
encr [aes]
crypto isakmp key [prestina] address [100.0.0.10]
crypto ipsec transform-set [VPN-SET] esp-3des esp-sha-hmac
crypto map [VPN-MAP] 10 ipsec-isakmp
set peer [100.0.0.10]
set transform-set [VPN-set]
match address [110]
interface [FastEthernet0/1]
crypto map [vpn-map]
=========
VPN-access-list:
access-list 110 [permit ip 10.10.0.0 0.0.255.255 172.13.0.0 0.0.255.255]
access-list 110 permit ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255]
access-list 110 permit ip 10.31.0.0.0.0.255.255 172.16.0.0 0.15.255.255]
access-list 110 permit ip host 10.16.50.1 host 172.16.50.1
access-list 110 permit ip host 10.19.50.1 host 172.19.50.1
=========
NAT-access list:
access-list 101 [deny ip 10.10.0.0 0.0.255.255 172.31.0.0 0.0.255.255]
access-list 101 [deny ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255]
access-list 101 [deny ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255]
access-list 101 deny ip host 10.16.50.1 host 172.16.50.1
access-list 101 deny ip 10.19.0.0 0.0.255.255 any
access-list 101 deny ip 10.10.0.0 0.0.255.255 any
access-list 101 deny ip 10.16.0.0 0.15.255.255 any
==========
nat-access-list [source list 101 interface fastethernet0/1 overload]
===
routing
Default route instellen: ip route 10.16.0.0 255.240.0.0 10.10.0.2
Routes(s) naar VLAN's inste!!en : 0.0.0.0 0.0.0.0 FastEthernet0/1
======
distributieswitch
vtp mode: server
==========
interface
mode & vlans
[F0/1-6] mode access vlan 16
[F0/7-8] mode access Vlan 17
[F0/9-10] mode access vlan 18
[F0/11-12] mode access Vlan 19
[F0/13-14] mode access vlan 20
[F0/15-16] mode access vlan 31
[F0/17-23: mode access vlan 88, shutdown
[F0/24: Mode access trunk, allowed vlan(s) 17-18,20,31
[G0/1: Mode access ip 10.10.0.2/16
[G0/2: Mode access trunk, allowed vlans 19,31
lnterface(s) Vlan16: Mode access IP:10.16.0.1/16
lnterface(s) Vlan17: Mode access IP:10.17.0.1/16
intertfaces vlan 18: mode access ip 10.18.0.1/16
interfaces vlan 19: mode access ip 10.19.0.1/16
interfaces vlan 20: mode access ip 10.20.0.1/16
interfaces vlan 31: mode access ip 10.31.0.1/16
interface(s) interface 17 ip helper-address: IP:10.16.50.1
interface(s) interface 18 ip helper-address: IP:10.16.50.1
interface(s) interface 13 ip helper-address: IP:10.16.50.1
=========
Ip-addressen
Interface G0/1: IP:10.10.0.2 /16
interface vlan 16: IP: 10.16.0.1/16
interface vlan 17: IP: 10.17.0.1/16
interface vlan 18: IP: 10.18.0.1/16
interface vlan 31: IP: 10.31.0.1/16
????
====
DHCP REQUESTS to DHCP SERVER
???
==========
routing
[ip routing]
ip route 0.0.0.0 0.0.0.0. 10.10.0.1
=========
access-lists 117
access-list 117 [permit udp any any eq bootps]
access-list 117 [deny ip 10.17.0.0 0.0.255.255 10.18.0.0 0.0.255.255]
access-list 117 [deny.ip 10.17.0.0 0.0.255.255 10.1.0.0 0.0.255.255]
access-list 117 remark 3: Permit overig verkeer vanaf vlan 17
access-list 117 [permit ip 10.17.0.0 0.0.255.255 any]
interface [VLAN 17]
IP-access-group 117 in
=====================
access-list 119
[Geef detoets-server-alleen toeg.fil]g tot:
~ De toets-server in Bbroek
Ó Het beheer-VLAN in Bennebroe~
o Het beheer-VLAN in A
• Maak van toepassing op de juiste interface
=============================
access switch leslokalen
Merk, type:Cisco 2960
Hostname:AS01
VTP mode:[client]
===============
default gateway: 10.31.0.1
========================
interfaces trunk, allowed vlans [19,31]
vlan 31 IP: [10.31.10.1/16]
==========
ap sn
ssid prestina studenten
authen wpa2
preshared key student-prestina
AP DN
ssid prestina docenten
authen wpa 2
preshared key docentprestina99873
==============
printers
01 ptr01 10.20.20.1] [10.20.0.1]
02 ptr02 10.20.20.2) 10.20.0.1)
toetsing ptr-t [10.19.20.1) [10.19.0.1]
============
interne poorten
80 http
443 https
500 dns
externe poorten
500 isakmp
50 esp
80 http
totaal: 10.556,78
05-19-2021 03:47 AM
05-19-2021 03:59 AM
access-list 10 permit 192.168.146.0 0.0.1.255
access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 102 deny ip any any
access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet
access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1
access-list 101 permit udp host 10.1.1.2 host 172.16.1.1
access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
Step 3 interface type number
Example:
Device(config)# interface Gigabitethernet 0/0
Configures an interface type and enters interface configuration mode.
Step 4 ip ospf cost cost
Example:
Device(config-if)# ip ospf cost 65
Explicitly specifies the cost of sending a packet on an OSPF interface.
Step 5 ip ospf retransmit-interval seconds
Example:
Device(config-if)# ip ospf retransmit-interval 1
Specifies the number of seconds between link-state advertisement (LSA) retransmissions for adjacencies belonging to an OSPF interface.
Step 6 ip ospf transmit-delay seconds
Example:
Device(config-if)# ip ospf transmit-delay
Sets the estimated number of seconds required to send a link-state update packet on an OSPF interface.
Step 7 ip ospf priority number-value
Example:
Device(config-if)# ip ospf priority 1
Sets priority to help determine the OSPF designated router for a network.
Step 8 ip ospf hello-interval seconds
Example:
Device(config-if)# ip ospf hello-interval 1
Specifies the length of time between the hello packets that the Cisco IOS software sends on an OSPF interface.
Step 9 ip ospf dead-interval seconds
Example:
Device(config-if)# ip ospf dead-interval 1
Sets the number of seconds that a device must wait before it declares a neighbor OSPF router down because it has not received a hello packet.
Step 10 ip ospf authentication-key key
Example:
Device(config-if)# ip ospf authentication-key 1
Assigns a password to be used by neighboring OSPF routers on a network segment that is using the OSPF simple password authentication.
Step 11 ip ospf message-digest-key key-id md5 key
Example:
Device(config-if)# ip ospf message-digest-key 1 md5 23456789
Enables OSPF MD5 authentication. The values for the key-id and key arguments must match values specified for other neighbors on a network segment.
Step 12 ip ospf authentication [message-digest | null]
Example:
Device(config-if)# ip ospf authentication message-digest
Specifies the authentication type for an interface.
Step 13 end
Example:
Device(config-if)# end
Login to the device using SSH / TELNET and go to enable mode.
Go into the config mode.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Exclude IP addresses from being assigned by DHCP by using the ip dhcp excluded-address FIRST_IP LAST_IP
Router(config)#ip dhcp excluded-address 192.168.0.1 192.168.0.50
Router(config)#
Create a new DHCP pool with the ip dhcp pool NAME command
Router(config)#ip dhcp pool Floor1DHCP
Router(dhcp-config)#
Define a subnet that will be used to assign IP addresses to hosts with the network SUBNET SUBNET_MASK command.
Router(dhcp-config)#network 192.168.0.0 255.255.255.0
Router(dhcp-config)#
Define the default gateway with the default-router IP command
Router(dhcp-config)#default-router 192.168.0.1
Router(dhcp-config)#
Define the DNS server with the dns-server IP address command.
Router(dhcp-config)#dns-server 192.168.0.1
Router(dhcp-config)#
Return to privilege config mode
Router(dhcp-config)#exit
Router(config)#
Enable DHCP server on the interface using service dhcp interface-type number command
Router(config)#service dhcp vlan1
Router(config)#
Exit config mode
Router(config)#exit
Router#
To view information about the currently leased addresses, you can use the show ip dhcp binding command
Router#show ip dhcp binding
IP address Client-ID/ Lease expiration Type
Hardware address
192.168.0.51 0060.5C2B.3DCC -- Automatic
In the output above you can see that there is a single DHCP client that was assigned the IP address of 192.168.0.51. Since we’ve excluded the IP addresses from the 192.168.0.1 – 192.168.0.50 range, the device got the first address available – 192.168.0.51.
To display information about the configured DHCP pools, you can use the show ip dhcp pool command
Router#show ip dhcp pool
Pool Floor1DHCP :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 1
Excluded addresses : 1
Pending event : none
1 subnet is currently in the pool
Current index IP address range Leased/Excluded/Total
192.168.0.1 192.168.0.1 - 192.168.0.254 1 / 1 / 254
This command displays some important information about the DHCP pool(s) configured on the device – the pool name, total number of IP addresses, the number of leased and excluded addresses, subnet’s IP range, etc.
Copy the running configuration into startup configuration using below command
Router#write memory
Building configuration... [OK]
Router#
05-27-2021 03:51 AM
Storing 1:
Permit tcp any host 210.210.210.2 eq www (weghalen)
Permit tcp any host 210.210.210.2 eq 443 (toevoegen)
05-27-2021 04:00 AM
Storing 3:
Server 30 aanzetten
Server op vlan 40 en aanmaken
Gateway aanpassen naar 0.1
Ip adres aanpassen van server 40
05-27-2021 11:36 AM
Native-VLAN
Het native-VLAN is standaard het default-VLAN (VLAN 1). Vanwege security-overwegingen kan het native-VLAN als een ander VLAN worden geconfigureerd, bijvoorbeeld VLAN 80. Het native-VLAN wordt op een 802.1Q trunk-poort geconfigureerd en moet aan beide kanten van de trunk voor hetzelfde VLAN worden geconfigureerd.
802.1Q-trunks transporteren dataverkeer van meerdere VLAN’s door elk frame met een VLAN identifier (VLAN-ID), die het packet voor het eigen VLAN identificeert, te taggen.
Op het native-VLAN worden door de switch zelf diverse protocol-packets verstuurd, zoals voor het Cisco Discovery Protocol ( CDP), Dynamic Trunking Protocol (DTP), VLAN Trunking Protocol (VTP) en Spanning Tree Protocol (STP).
Daarnaast transporteren deze trunks ook non-VLAN dataverkeer van oudere switches of van switches die het 802.1Q-protocol niet kennen (niet getagde data). De switch plaatst het ongetagde dataverkeer op het native-VLAN.
Het is een goede gewoonte om het native-VLAN voor een ander VLAN dan VLAN 1 te configureren en wel op beide zijde van de trunk.
Nadat het native-VLAN geconfigureerd is kunnen er (access-)poorten aan dit VLAN toegewezen worden.
Gebruikte commando’s:
Switch(config)# interface fa0/2
Switch(config-if)# switchport trunk native vlan 80
Switch(config-if)# switchport trunk allowed vlan add 80
Switch(config-if)# exit
Switch# show vlan brief
Switch# show interface trunk
06-23-2021 12:39 PM
ROUTER1(config)# ip sla 1
ROUTER1(config-ip-sla)# icmp-echo 1.1.1.100 source-interface Ethernet0/0
ROUTER1(config-ip-sla)# ip sla schedule 1 life forever start-time now
ROUTER1(config)# interface ethernet 0/0
ROUTER1(config-if)# description WAN Interface
ROUTER1(config-if)# ip address 1.1.1.1 255.255.255.0
ROUTER1(config-if)# standby 1 ip 1.1.1.3 <- Create HSRP Group 1 and assign Virtual IP 1.1.1.3
ROUTER1(config-if)# standby 1 priority 101 <-Assign priority above 100 to make router primary/active
ROUTER1(config-if)# standby 1 preempt <- Makes router active if it has higher priority
ROUTER1(config-if)# standby 1 track 10 decrement 5 <- Assign tracking object 10 to HSRP group which will decrement the priority value by 5 if the tracked object is not reachable.
Now let’s enable HSRP on the LAN interface as well and create a Virtual IP 192.168.1.3
ROUTER1(config)# interface ethernet 0/1
ROUTER1(config-if)# description LAN Interface
ROUTER1(config-if)# ip address 192.168.1.1 255.255.255.0
ROUTER1(config-if)# standby 1 ip 192.168.1.3 <- Create HSRP Group 1 and assign Virtual IP 192.168.1.3
ROUTER1(config-if)# standby 1 priority 101 <- Assign priority above 100 to make router primary/active
ROUTER1(config-if)# standby 1 preempt <- Makes router active if it has higher priority
ROUTER1(config-if)# standby 1 track 10 decrement 5 <- Assign tracking object 10 to HSRP group which will decrement the priority value by 5 if the tracked object is not reachable.
NOTE:
The tracking object 10 above will decrement the priority value of the router by 5 (only if the tracked destination IP 1.1.1.100 is not reachable). This means that priority will become 101-5=96 which will be lower than the default priority of 100 which is assigned on the standby router (ROUTER2). Therefore, the standby router will become active.
ROUTER1(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.100 <- Default Gateway route to ISP
ROUTER2
The configuration is similar but we don’t have to configure tracking on this router.
ROUTER2(config)# interface ethernet 0/0
ROUTER2(config-if)# description WAN Interface
ROUTER2(config-if)# ip address 1.1.1.2 255.255.255.0
ROUTER2(config-if)# no shut
ROUTER2(config-if)# standby 1 ip 1.1.1.3 <- The HSRP Group number (1) must be same as ROUTER1
ROUTER2(config-if)# standby 1 preempt
ROUTER2(config)# interface ethernet 0/1
ROUTER2(config-if)# description LAN Interface
ROUTER2(config-if)# ip address 192.168.1.2 255.255.255.0
ROUTER2(config-if)# no shut
ROUTER2(config-if)# standby 1 ip 192.168.1.3
ROUTER2(config-if)# standby 1 preempt
ROUTER2(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.100 <- Default Gateway route to ISP
Ethernet0/0 – Group 1
State is Active
2 state changes, last state change 00:07:00
Virtual IP address is 1.1.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.184 secs
Preemption enabled
Active router is local
Standby router is 1.1.1.2, priority 100 (expires in 10.048 sec)
Priority 101 (configured 101)
Group name is “hsrp-Et0/0-1” (default)
Ethernet0/1 – Group 1
State is Active
5 state changes, last state change 00:02:32
Virtual IP address is 192.168.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.496 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.2, priority 100 (expires in 9.728 sec)
Priority 101 (configured 101)
Track object 10 state Up decrement 5
Group name is “hsrp-Et0/1-1” (default)
ROUTER1#show track
Track 10
IP SLA 1 reachability
Reachability is Up
Latest operation return code: OK
Latest RTT (millisecs) 1
Tracked by:
HSRP Ethernet0/0 1
HSRP Ethernet0/1 1
Failover Case
ROUTER1#show standby
Ethernet0/0 – Group 1
State is Standby
4 state changes, last state change 00:01:39
Virtual IP address is 1.1.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.104 secs
Preemption enabled
Active router is 1.1.1.2, priority 100 (expires in 10.848 sec)
Standby router is local
Priority 96 (configured 101)
Track object 10 state Down decrement 5
Group name is “hsrp-Et0/0-1” (default)
Ethernet0/1 – Group 1
State is Standby
7 state changes, last state change 00:06:08
Virtual IP address is 192.168.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.208 secs
Preemption enabled
Active router is 192.168.1.2, priority 100 (expires in 8.176 sec)
Standby router is local
Priority 96 (configured 101)
Track object 10 state Down decrement 5
Group name is “hsrp-Et0/1-1” (default)
ROUTER1#show track
Track 10
IP SLA 1 reachability
Reachability is Down
Latest operation return code: Timeout
Tracked by:
HSRP Ethernet0/0 1
HSRP Ethernet0/1 1
06-23-2021 01:52 PM
SSH:
Neutraal(config)#line vty 0 4
Neutraal(config-line)#password vty123
Neutraal(config-line)#login
Neutraal(config-line)#do wr mem
Building configuration...
[OK]
Neutraal(config-line)#exit
Neutraal(config)#
Neutraal#
%SYS-5-CONFIG_I: Configured from console by console
Neutraal#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal(config)#ip domain
Neutraal(config)#ip domain-
Neutraal(config)#ip domain-name Neutraal.nl
Neutraal(config)#cry
Neutraal(config)#crypto k
Neutraal(config)#crypto key g
Neutraal(config)#crypto key generate r
Neutraal(config)#crypto key generate rsa
The name for the keys will be: Neutraal.Neutraal.nl
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
Neutraal(config)#
Neutraal(config)#line vty 0 4
*Mar 1 0:41:6.991: %SSH-5-ENABLED: SSH 1.99 has been enabled
Neutraal(config-line)#transpor
Neutraal(config-line)#transport in
Neutraal(config-line)#transport input ssh
Neutraal(config-line)#password ssh123
Neutraal(config-line)#login
Neutraal(config-line)#do wr mem
Building configuration...
[OK]
Neutraal(config-line)#
NTP master
Neutraal>en
Neutraal#clock set 14:38:00 January 8 2021
Neutraal#sh clock
14:38:2.472 UTC Fri Jan 8 2021
Neutraal#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal(config)#ntp master
Neutraal(config)#do wr mem
Building configuration...
[OK]
Neutraal(config)#
Andere 2 routers
Neutraal2>en
Neutraal2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal2(config)#ntp server 1.1.1.1
Neutraal2(config)#
Neutraal2#
INTER VLAN Routing
Neutraal(config-subif)#en
Neutraal(config-subif)#int gig0/0.10
Neutraal(config-subif)#encapsulation d
Neutraal(config-subif)#encapsulation dot1Q 10
Neutraal(config-subif)# 192.168.1.254 255.255.255.0
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.1.10 255.255.255.0
!
interface GigabitEthernet0/1
Neutraal(config)#int gig0/0.20
Neutraal(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up
Neutraal(config-subif)#en
Neutraal(config-subif)#encapsulation d
Neutraal(config-subif)#encapsulation dot1Q 20
Neutraal(config-subif)#ip add 192.168.2.254 255.255.255.0
Neutraal(config-subif)#int gig0/0.30
Neutraal(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.30, changed state to up
Neutraal(config-subif)#encapsulation dot1Q 30
Neutraal(config-subif)#ip add 192.168.3.254 255.255.255.0
Neutraal(config-subif)#int gig0/0.40
Neutraal(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.40, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.40, changed state to up
encapsulation dot1Q 40
Neutraal(config-subif)#encapsulation dot1Q 40
Neutraal(config-subif)#ip add 192.168.4.254 255.255.255.0
Neutraal(config-subif)#do wr mem
Building configuration...
[OK]
Neutraal(config-subif)#
Volgende router
Neutraal2>en
Neutraal2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal2(config)#int gig0/0.10
Neutraal2(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed state to up
Neutraal2(config-subif)#en
Neutraal2(config-subif)#encapsulation d
Neutraal2(config-subif)#encapsulation dot1Q 10
Neutraal2(config-subif)#ip add 172.16.255.254 255.255.0.0
Neutraal2(config-subif)#int gig0/0.20
Neutraal2(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up
Neutraal2(config-subif)#encapsulation dot1Q 20
Neutraal2(config-subif)#ip add 172.17.255.254 255.255.0.0
Neutraal2(config-subif)#int gig0/0.30
Neutraal2(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.30, changed state to up
Neutraal2(config-subif)#encapsulation dot1Q 30
Neutraal2(config-subif)#ip add 172.18.255.254 255.255.0.0
Neutraal2(config-subif)#int gig0/0.40
Neutraal2(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.40, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.40, changed state to up
Neutraal2(config-subif)#encapsulation dot1Q 40
Neutraal2(config-subif)#ip add 172.19.255.254 255.255.0.0
Neutraal2(config-subif)#do wr mem
Building configuration...
[OK]
Neutraal2(config-subif)#
Volgende router INTERVLAN
Neutraal3>en
Neutraal3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal3(config)#int gig0/0.10
Neutraal3(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed state to up
Neutraal3(config-subif)#en
Neutraal3(config-subif)#encapsulation d
Neutraal3(config-subif)#encapsulation dot1Q 10
Neutraal3(config-subif)#ip add 10.10.255.254 255.255.0.0
Neutraal3(config-subif)#int gig0/0.20
Neutraal3(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up
Neutraal3(config-subif)#encapsulation dot1Q 20
Neutraal3(config-subif)#ip add 10.11.255.254 255.255.0.0
Neutraal3(config-subif)#int gig0/0.30
Neutraal3(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.30, changed state to up
Neutraal3(config-subif)#encapsulation dot1Q 30
Neutraal3(config-subif)#ip add 10.12.255.254 255.255.0.0
Neutraal3(config-subif)#int gig0/0.40
Neutraal3(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.40, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.40, changed state to up
Neutraal3(config-subif)#encapsulation dot1Q 40
Neutraal3(config-subif)#ip add 10.13.255.254 255.255.0.0
Neutraal3(config-subif)#do wr mem
Building configuration...
[OK]
Neutraal3(config-subif)#
Ip helper-address
Neutraal2>en
Neutraal2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal2(config)#int gig0/0.10
Neutraal2(config-subif)#ip h
Neutraal2(config-subif)#ip help
Neutraal2(config-subif)#ip helper-address 1.1.1.1
Neutraal2(config-subif)#int gig0/0.20
Neutraal2(config-subif)#ip helper-address 1.1.1.1
Neutraal2(config-subif)#int gig0/0.30
Neutraal2(config-subif)#ip helper-address 1.1.1.1
Neutraal2(config-subif)#int gig0/0.40
Neutraal2(config-subif)#ip helper-address 1.1.1.1
Neutraal2(config-subif)#do wr mem
Building configuration...
[OK]
Neutraal2(config-subif)#
Neutraal3#en
Neutraal3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal3(config)#int gig0/0.10
Neutraal3(config-subif)#ip hel
Neutraal3(config-subif)#ip helpe
Neutraal3(config-subif)#ip helper-address 2.2.2.1
Neutraal3(config-subif)#int gig0/0.20
Neutraal3(config-subif)#ip helper-address 2.2.2.1
Neutraal3(config-subif)#int gig0/0.30
Neutraal3(config-subif)#ip helper-address 2.2.2.1
Neutraal3(config-subif)#int gig0/0.40
Neutraal3(config-subif)#ip helper-address 2.2.2.1
Neutraal3(config-subif)#do wr mem
Building configuration...
[OK]
Neutraal3(config-subif)#
DHCP pool
Neutraal>en
Neutraal#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal(config)#ip dhcp pool NTA
Neutraal(dhcp-config)#network 192.168.1.0 255.255.255.0
Neutraal(dhcp-config)#def
Neutraal(dhcp-config)#default-router 192.168.1.254
Neutraal(dhcp-config)#ip dhcp pool NTB
Neutraal(dhcp-config)#network 192.168.2.0 255.255.255.0
Neutraal(dhcp-config)#default-router 192.168.2.254
Neutraal(dhcp-config)#ip dhcp pool NTC
Neutraal(dhcp-config)#network 192.168.3.0 255.255.255.0
Neutraal(dhcp-config)#default-router 192.168.3.254
Neutraal(dhcp-config)#ip dhcp pool NTWIFI
Neutraal(dhcp-config)#network 192.168.4.0 255.255.255.0
Neutraal(dhcp-config)#default-router 192.168.4.254
Neutraal(dhcp-config)#ip dhcp pool NT1
Neutraal(dhcp-config)#network 172.16.0.0 255.255.0.0
Neutraal(dhcp-config)#default-router 172.16.255.254
Neutraal(dhcp-config)#ip dhcp pool NT2
Neutraal(dhcp-config)#network 172.17.0.0 255.255.0.0
Neutraal(dhcp-config)#default-router 172.17.255.254
Neutraal(dhcp-config)#ip dhcp pool NT3
Neutraal(dhcp-config)#network 172.18.0.0 255.255.0.0
Neutraal(dhcp-config)#default-router 172.18.255.254
Neutraal(dhcp-config)#ip dhcp pool NTWireless
Neutraal(dhcp-config)#network 172.19.0.0 255.255.0.0
Neutraal(dhcp-config)#default-router 172.19.255.254
Neutraal(dhcp-config)#ip dhcp pool NTl
Neutraal(dhcp-config)#network 10.10.0.0 255.255.0.0
Neutraal(dhcp-config)#default-router 10.10.255.254
Neutraal(dhcp-config)#ip dhcp pool NTll
Neutraal(dhcp-config)#network 10.11.0.0 255.255.0.0
Neutraal(dhcp-config)#default-router 10.11.255.254
Neutraal(dhcp-config)#ip dhcp pool NTlll
Neutraal(dhcp-config)#network 10.12.0.0 255.255.0.0
Neutraal(dhcp-config)#default-router 10.12.255.254
Neutraal(dhcp-config)#ip dhcp pool NTDraadloos
Neutraal(dhcp-config)#network 10.13.0.0 255.255.0.0
Neutraal(dhcp-config)#default-router 10.13.255.254
Neutraal(dhcp-config)#do wr mem
Building configuration...
[OK]
Neutraal(dhcp-config)#
VTP
Op elke Multilayerswitch
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vtp domain Neutraal.nl
Changing VTP domain name from NULL to Neutraal.nl
Switch(config)#vtp password vtp123
Setting device VLAN database password to vtp123
Switch(config)#do wr mem
Building configuration...
Compressed configuration from 7383 bytes to 3601 bytes[OK]
[OK]
Switch(config)#exit
Switch#
%SYS-5-CONFIG_I: Configured from console by console
VTP op kleine switch
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vtp mode c
Switch(config)#vtp mode client
Setting device to VTP CLIENT mode.
Switch(config)#vtp password vtp123
Setting device VLAN database password to vtp123
Switch(config)#
OSPF
Hoofdrouter
Neutraal>en
Neutraal#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal(config)#router os
Neutraal(config)#router ospf 10
Neutraal(config-router)#network 1.1.1.0 255.255.255.252 area 0
Neutraal(config-router)#network 2.2.2.0 255.255.255.252 area 0
Neutraal(config-router)#network 192.168.1.0 255.255.255.0 area 0
Neutraal(config-router)#network 192.168.2.0 255.255.255.0 area 0
Neutraal(config-router)#network 192.168.3.0 255.255.255.0 area 0
Neutraal(config-router)#network 192.168.4.0 255.255.255.0 area 0
Neutraal(config-router)#do wr mem
Building configuration...
[OK]
Neutraal(config-router)#
Volgende router
Neutraal2>en
Neutraal2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal2(config)#router o
Neutraal2(config)#router ospf 20
Neutraal2(config-router)#network 1.1.1.0 255.255.255.252 area 0
Neutraal2(config-router)#
17:57:24: %OSPF-5-ADJCHG: Process 20, Nbr 192.168.4.254 on Serial0/0/0 from LOADING to FULL, Loading Done
Neutraal2(config-router)#network 2.2.2.0 255.255.255.252 area 0
Neutraal2(config-router)#network 172.16.0.0 255.255.0.0 area 0
Neutraal2(config-router)#network 172.17.0.0 255.255.0.0 area 0
Neutraal2(config-router)#network 172.18.0.0 255.255.0.0 area 0
Neutraal2(config-router)#network 172.19.0.0 255.255.0.0 area 0
Neutraal2(config-router)#do wr mem
Building configuration...
[OK]
Neutraal2(config-router)#
Volgende router
Neutraal3>en
Neutraal3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal3(config)#router os
Neutraal3(config)#router ospf 30
Neutraal3(config-router)#network 1.1.1.0 255.255.255.252 area 0
Neutraal3(config-router)#network 2.2.2.0 255.255.255.252 area 0
Neutraal3(config-router)#10.10.
18:11:52: %OSPF-5-ADJCHG: Process 30, Nbr 192.168.4.254 on Serial0/0/1 from LOADING to FULL, Loading Done
Neutraal3(config-router)#network 10.10.0.0 255.255.0.0 area 0
Neutraal3(config-router)#network 10.11.0.0 255.255.0.0 area 0
Neutraal3(config-router)#network 10.12.0.0 255.255.0.0 area 0
Neutraal3(config-router)#network 10.13.0.0 255.255.0.0 area 0
Neutraal3(config-router)#do wr mem
Building configuration...
[OK]
Neutraal3(config-router)#
GRE Tunnel
Linker router
Neutraal2>en
Neutraal2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal2(config)#int tunnel 1
Neutraal2(config-if)#
%LINK-5-CHANGED: Interface Tunnel1, changed state to up
Neutraal2(config-if)#ip add 3.3.3.1 255.255.255.252
Neutraal2(config-if)#tunnel sou
Neutraal2(config-if)#tunnel source se0/0/0
Neutraal2(config-if)#tunnel destination 2.2.2.2
Neutraal2(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
Neutraal2(config-if)#do wr mem
Building configuration...
[OK]
Neutraal2(config-if)#
Rechter router
Neutraal3>en
Neutraal3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal3(config)#int tunnel 1
Neutraal3(config-if)#
%LINK-5-CHANGED: Interface Tunnel1, changed state to up
Neutraal3(config-if)#tunnel sou
Neutraal3(config-if)#tunnel source se0/0/1
Neutraal3(config-if)#tunnel de
Neutraal3(config-if)#tunnel destination 1.1.1.2
Neutraal3(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
Neutraal3(config-if)#do wr mem
Building configuration...
[OK]
Neutraal3(config-if)#
Neutraal2>en
Neutraal2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Neutraal2(config)#ip route 2.2.2.0 255.255.255.252 3.3.3.2
Neutraal2(config)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
Neutraal2(config)#do wr mem
Building configuration...
[OK]
Neutraal2(config)#
Neutraal3(config-if)#
Neutraal3(config-if)#ip route 1.1.1.0 255.255.255.252 3.3.3.1
Neutraal3(config)#do wr mem
Building configuration...
[OK]
Neutraal3(config)#
06-23-2021 04:13 PM
VTP
vlan
trunk / access
int vlan
ip add
ip helper
06-30-2021 03:14 PM
ipsec:
.license
.acces-list (beide kanten)
- crypto isakmp policy (..)
encryption aes 256
hash md5
authentication pre-share
group 5
.crypto isakmp key (...) address (ip tegenover)
.crypto ipsec transform-set (...) esp-aes esp-sha-hmac
.crypto map (...) (nummer, policy) ipsec-isakmp
set peer (tegenover)
set transform-set (...)
match address (acces-list no, erbij hoort)
.int se0/0/0
crypto map (..)
show command:
sh crypto ipsec sa
06-30-2021 03:16 PM
Port-sec:
.interface gi/fa
.switchpoort mode access
.switchpoort port-sec
.switch[poort port-sec violation prot/restr/shutdown
.switchpoort port-sec max 1
.switchpoort port-sec mac-address (...)/sticky
06-30-2021 03:19 PM
06-30-2021 03:20 PM - edited 06-30-2021 03:21 PM
06-30-2021 10:56 PM
int range fa0/1-2
Switchport port-security
(Allen 1 per switch)
Switchport port-security maximum 1
Switchport port-security mac-address sticky
Switchport port-security violation restrict
De rest uitzetten
Do sh ip inter b
Int range fa0/3-24, gig1/1-2
shutdown
show running-config
mac-address Ipconfig cmd
show port-security interface fa0/2
07-01-2021 03:51 AM
/8
Ospf linker router
Elk netwerk moet erin voor verbinding
Subnet mask is fout
Wildcard fout
Ospf voegen bij elk router
Server 30 aanzetten
Server 40 verander ip adres 200.40.0.2 (subnet)
Switch daarmee verbonden met server 40, vlan 40 aanmaken
Fa0/17/18
Router ermee verbonden
Sub interface gig0/0.40
No shutdown zetten
Ip veranderen miss 200.40.0.1
Linker switch:
Linker router Deny any weghalen
Vlan 40 moet gemaakt worden bij linker switch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide