cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9867
Views
5
Helpful
18
Replies

K.e.c.h (help needed)VTP TRUNK DHCP DOT1Q

Brand4470
Level 1
Level 1

Vtp mode client

vtp domain

switchport mode trunk

switchport trunk allowed vlan

ip dhcp excluded adress (gateway)

ip dhcp pool vlan 31

default-router 192.168.31.1

network 192.168.31.0 255.255.255.0

 

interface
no shut
int fa0/0.31
encapsulation dot1q 31
ip add 192.168.31.1 255.255.255.0
no shut

 

========================================================================
hostname CR01
!
!
!
enable secret 5 $1$mERr$qks.ziZQfY6v/mIalE3YO0
!
!
ip dhcp excluded-address 172.17.0.1 172.17.100.0
ip dhcp excluded-address 172.18.0.1 172.18.100.0
ip dhcp excluded-address 172.19.0.1 172.19.100.0
ip dhcp excluded-address 172.31.0.1 172.31.100.0
!
ip dhcp pool STUDENTEN
network 172.17.0.0 255.255.0.0
default-router 172.17.0.1
ip dhcp pool DOCENTEN
network 172.18.0.0 255.255.0.0
default-router 172.18.0.1
ip dhcp pool TOETSING
network 172.20.0.0 255.255.0.0
default-router 172.20.0.1
ip dhcp pool MANAGEMENT
network 172.31.0.0 255.255.0.0
default-router 172.31.0.1
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp key PRESTINA address 120.0.0.10
!
!
!
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
!
crypto map VPN-MAP 10 ipsec-isakmp
set peer 120.0.0.10
set transform-set VPN-SET
match address 110
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0.16
encapsulation dot1Q 16
ip address 172.16.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.17
encapsulation dot1Q 17
ip address 172.17.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.18
encapsulation dot1Q 18
ip address 172.18.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.19
encapsulation dot1Q 19
ip address 172.19.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 172.20.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.31
encapsulation dot1Q 31
ip address 172.31.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/1
ip address 100.0.0.10 255.0.0.0
ip nat outside
duplex auto
speed auto
crypto map VPN-MAP
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 101 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 100.0.0.1
!
ip flow-export version 9
!
!
access-list 101 permit ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 255.0.0.0 0.255.255.255
access-list 110 permit ip 172.16.0.0 0.15.255.255 10.0.0.0 0.255.255.255
!
!
!
!
!
!
line con 0
password console
login
!
line aux 0
!
line vty 0 4
password telnet
login
!
!
!
end

 

===============================================================================================================================================================================================================================================================================================================================================================================================

hostname CR02
!
!
!
enable secret 5 $1$mERr$qks.ziZQfY6v/mIalE3YO0
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp key PRESTINA address 100.0.0.10
!
!
!
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
!
crypto map VPN-MAP 10 ipsec-isakmp
set peer 100.0.0.10
set transform-set VPN-SET
match address 110
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.0.1 255.255.0.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0.16
encapsulation dot1Q 16
ip address 10.16.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.17
encapsulation dot1Q 17
ip address 10.17.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.18
encapsulation dot1Q 18
ip address 10.18.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.19
encapsulation dot1Q 19
ip address 10.19.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.31
encapsulation dot1Q 31
ip address 10.31.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/1
ip address 120.0.0.10 255.0.0.0
ip nat outside
duplex auto
speed auto
crypto map VPN-MAP
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 101 interface FastEthernet0/1 overload
ip classless
ip route 10.16.0.0 255.240.0.0 10.10.0.2
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
ip flow-export version 9
!
!
access-list 110 permit ip 10.10.0.0 0.0.255.255 172.13.0.0 0.0.255.255
access-list 110 permit ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255
access-list 110 permit ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 110 permit ip host 10.16.50.1 host 172.16.50.1
access-list 110 permit ip host 10.19.50.1 host 172.19.50.1
access-list 101 deny ip 10.10.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.16.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 101 deny ip host 10.16.50.1 host 172.16.50.1
access-list 101 deny ip 10.19.0.0 0.0.255.255 any
access-list 101 deny ip 10.10.0.0 0.0.255.255 any
access-list 101 deny ip 10.16.0.0 0.15.255.255 any
!
!
!
!
!
!
line con 0
password console
login
!
line aux 0
!
line vty 0 4
password telnet
login
!
!
!
end

 

================================================================================================================================================================================================================================================================================================

================================================================================================

=="..." betekent verzin zelf iets==
==*...* morgen==


//////////////////////
Belangrijke commandos
show vlan brief
traceroute
ping
ip helper-adress
\\\\\\\\\\\\\\\\\\\\\\\
=============================
==CR01==
--Access-lists--
access-list 110 permit ip 172.16.0.0 0.15.255.255 10.0.0.0 0.255.255.255
---------------------
--NAT Access-list--
access-list 101 deny ip 172.16.0.0 0.15.255.255 255.10.0.0 0.255.255.255
access-list 101 permit ip 172.16.0.0 0.15.255.255 any

ip nat inside source list 101 interface fastethernet0/1 overload
----------------------
--VPN--
crypto isakmp policy 10
encr aes
authentication pre-share
group 2

crypto isakmp key PRESTINA address 120.0.0.10

crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac

crypto map VPN-MAP 10 ipsec-isakmp
set peer 120.0.0.10
set transform-set VPN-SET
match address 110

interface FastEthernet0/1
crypto map VPN-MAP
---------------------------
=============================
==CR02==
--Access lists--

access-list 110 permit ip 10.10.0.0 0.0.255.255 172.13.0.0 0.0.255.255
access-list 110 permit ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255
access-list 110 permit ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 110 permit ip host 10.16.50.1 host 172.16.50.1
access-list 110 permit ip host 10.19.50.1 host 172.19.50.1
--------------------------------------
-NAT accesslist-
access-list 101 deny ip 10.10.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.16.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 101 deny ip host 10.16.50.1 host 172.16.50.1
access-list 101 deny ip 10.19.0.0 0.0.255.255 any
access-list 101 deny ip 10.10.0.0 0.0.255.255 any
access-list 101 deny ip 10.16.0.0 0.15.255.255 any

ip nat inside source list 101 interface fastethernet0/1 overload
--------------------------------------
--Interfaces--

interface FastEthernet0/0
ip address 10.10.0.1 255.255.0.0
ip nat inside

interface FastEthernet0/1
ip address 120.0.0.10 255.0.0.0
ip nat inside

interface fa0/0.16
encapsulation dot1q 16
ip address 10.16.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface fa0/0.17
encapsulation dot1q 17
ip address 10.17.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface fa0/0.18
encapsulation dot1q 18
ip address 10.18.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface fa0/0.19
encapsulation dot1q 19
ip address 10.19.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface fa0/0.31
encapsulation dot1q 31
ip address 10.31.0.1 255.255.0.0
ip helper-address 10.16.50.1
--------------------------------------
-VPN-
crypto isakmp policy 10
encr aes
authentication pre-share
group 2

crypto isakmp key PRESTINA address 100.0.0.10

crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac

crypto map VPN-MAP 10 ipsec-isakmp
set peer 100.0.0.10
set transform-set VPN-SET
match address 110

interface FastEthernet0/1
crypto map VPN-MAP
--------------------------------------
--Routing--
ip route 10.16.0.0 255.240.0.0 10.10.0.2
ip route 0.0.0.0 0.0.0.0 Fastethernet0/1
--------------------------------------
=======================================
==DS02==
--VTP--
vtp domain PRESTINA-2
vtp mode Server
--------------------------------------
--VLAN--
vlan 16
name Algemeen

vlan 17
name Studenten

vlan 18
name Docenten

vlan 19
name Toetsing

vlan 20
name Printers

vlan 31
name Beheer

vlan 88
name Black_Hole

vlan 99
name Native
---------------------------------
--Interfaces--
interface range fa0/1-6
switchport mode access
switchport access vlan 16

interface range fa0/7-8
switchport mode access
switchport access vlan 17

interface range fa0/9-10
switchport mode access
switchport access vlan 18

interface range fa0/11-12
switchport mode access
switchport access vlan 19

interface range fa0/13-14
switchport mode access
switchport access vlan 20

interface range fa0/15-16
switchport mode access
switchport access vlan 31

interface range fa0/17-23
switchport mode access
switchport access vlan 88
shutdown

interface fa0/24
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 17-18,20,31

interface g0/1
no switchport
ip address 10.10.0.2 255.255.0.0

interface g0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 19,31

interface vlan16
ip address 10.16.0.1 255.255.0.0

interface vlan17
ip address 10.17.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface vlan18
ip address 10.18.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface vlan19
ip address 10.19.0.1 255.255.0.0

interface vlan20
ip address 10.20.0.1 255.255.0.0

interface vlan31
ip address 10.31.0.1 255.255.0.0
ip helper-address 10.16.50.1
---------------------------------
--Routing--
ip route 0.0.0.0 0.0.0.0 10.10.0.1
----------------------------------
--Access-lists--
"access-list 117 remark 1: Permit dhcp request deny access to vlan 18 & 19 permit further traffic from vlan 17"
access-list 117 permit udp any any eq bootps
access-list 117 deny ip 10.17.0.0 0.0.255.255 10.18.0.0 0.0.255.255
"access-list 117 remark 2: Deny Student verkeer naar Docenten verkeer"
access-list 117 deny ip 10.17.0.0 0.0.255.255 10.1.0.0 0.0.255.255
"access-list 117 remark 3: Permit overig verkeer vanag vlan 17"
access-list 117 permit ip 10.17.0.0 0.0.255.255 any

interface vlan 17
ip access-group 117 in

* access-list 119 *

------------------------------------
====================================
==AS01==
--VTP--
vtp mode Client
------------------------------------
--Default gateway--
ip default-gateway 10.31.0.1
------------------------------------
--Interfaces--
int range fa0/1-16
switchport mode access
switchport access vlan 17

int range fa0/17-18
switchport mode access
switchport access vlan 18

int range fa0/19-20
switchport mode access
switchport access vlan 20

interface g0/1
switchport mode trunk
switchport trunk allowed vlan 16-18

int vlan31
ip address 10.31.10.1 255.255.0.0
-----------------------------------------
=========================================
==AS-T==
--Default-gateway--
ip default-gateway 10.31.0.1
-----------------------------------------
--Interfaces--
int range fa0/1-24
switchport mode access
switchport access vlan 19

interface g0/2
switchport mode trunk
switchport trunk allowed vlan 19,31

interface vlan 31
ip address 10.31.10.11 255.255.0.0
no sh

 

 

Gerelateerde afbeelding
==========================================================================================================================================================================================

=======================================================================================================================================================================================================================================================================================

 

TO TO TO TO

 

VPN-conf

encr = [aes]

crypto isakmp key [prestina] address [120.0.0 .10]

crypto ipsec transform-set [VPN-set] esp-3des esp-sha-hmac

crypto map [VPN-MAP] 10 ipsec-isakmp

set peer [120.0.0.10]

set transform-set [VPN-SET]

match address [110]

Interface [fast ethernet]

Crypto map [VPN MAP]

=====================

access-list 110 [permit ip 172.16.0.0 0.15.255.255 10.0.0.0.0.255.255.255]

access-list 101 [deny ip 172.16.0.0 0.15.255.255 10.0.0.0.255.255.255]

[access-list 101 permit ip 172.16.0.0.0 0.15.255.255 any]

ip nat inside source list 101 interface fastethernet 0/1 overload]

=======

[2] x switch l2
[3] x switch l3
[1] x router
[4] x server

=============

server dn = 10.18.50.1/16
t server = 10.19.50.1/16

=====

Vlan [18] 10.18.0.1 | 10.18.100.1 | [30]
Vlan [19] 10.19.0.1 | 10.19.100.1 | [30]
Vlan 31 10.31.0.1 [30]

====

brand, type Cisco [2811]

====

interfaces:

fast ethernet0/0 ip 120.0.0.1/16
ip nat [inside]

fastethernet0/1 IP 120.0.0.10/8
ip nat [inside]

===

VPN-conf

encr [aes]

crypto isakmp key [prestina] address [100.0.0.10]

crypto ipsec transform-set [VPN-SET] esp-3des esp-sha-hmac

crypto map [VPN-MAP] 10 ipsec-isakmp

set peer [100.0.0.10]

set transform-set [VPN-set]

match address [110]

interface [FastEthernet0/1]

crypto map [vpn-map]

=========

VPN-access-list:

access-list 110 [permit ip 10.10.0.0 0.0.255.255 172.13.0.0 0.0.255.255]

access-list 110 permit ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255]

access-list 110 permit ip 10.31.0.0.0.0.255.255 172.16.0.0 0.15.255.255]

access-list 110 permit ip host 10.16.50.1 host 172.16.50.1

access-list 110 permit ip host 10.19.50.1 host 172.19.50.1

=========

NAT-access list:

access-list 101 [deny ip 10.10.0.0 0.0.255.255 172.31.0.0 0.0.255.255]

access-list 101 [deny ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255]

access-list 101 [deny ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255]

access-list 101 deny ip host 10.16.50.1 host 172.16.50.1

access-list 101 deny ip 10.19.0.0 0.0.255.255 any

access-list 101 deny ip 10.10.0.0 0.0.255.255 any

access-list 101 deny ip 10.16.0.0 0.15.255.255 any

==========

nat-access-list [source list 101 interface fastethernet0/1 overload]

===

routing

Default route instellen: ip route 10.16.0.0 255.240.0.0 10.10.0.2

Routes(s) naar VLAN's inste!!en : 0.0.0.0 0.0.0.0 FastEthernet0/1

======

distributieswitch

vtp mode: server

==========

interface

mode & vlans

[F0/1-6] mode access vlan 16
[F0/7-8] mode access Vlan 17
[F0/9-10] mode access vlan 18

[F0/11-12] mode access Vlan 19
[F0/13-14] mode access vlan 20
[F0/15-16] mode access vlan 31
[F0/17-23: mode access vlan 88, shutdown

[F0/24: Mode access trunk, allowed vlan(s) 17-18,20,31
[G0/1: Mode access ip 10.10.0.2/16
[G0/2: Mode access trunk, allowed vlans 19,31
lnterface(s) Vlan16: Mode access IP:10.16.0.1/16
lnterface(s) Vlan17: Mode access IP:10.17.0.1/16
intertfaces vlan 18: mode access ip 10.18.0.1/16
interfaces vlan 19: mode access ip 10.19.0.1/16
interfaces vlan 20: mode access ip 10.20.0.1/16
interfaces vlan 31: mode access ip 10.31.0.1/16

interface(s) interface 17 ip helper-address: IP:10.16.50.1
interface(s) interface 18 ip helper-address: IP:10.16.50.1
interface(s) interface 13 ip helper-address: IP:10.16.50.1

=========

Ip-addressen

Interface G0/1: IP:10.10.0.2 /16

interface vlan 16: IP: 10.16.0.1/16
interface vlan 17: IP: 10.17.0.1/16
interface vlan 18: IP: 10.18.0.1/16
interface vlan 31: IP: 10.31.0.1/16
????

====

DHCP REQUESTS to DHCP SERVER

???

==========

routing

[ip routing]

ip route 0.0.0.0 0.0.0.0. 10.10.0.1

=========

access-lists 117

access-list 117 [permit udp any any eq bootps]

access-list 117 [deny ip 10.17.0.0 0.0.255.255 10.18.0.0 0.0.255.255]

access-list 117 [deny.ip 10.17.0.0 0.0.255.255 10.1.0.0 0.0.255.255]

access-list 117 remark 3: Permit overig verkeer vanaf vlan 17

access-list 117 [permit ip 10.17.0.0 0.0.255.255 any]

interface [VLAN 17]

IP-access-group 117 in

=====================

access-list 119

[Geef detoets-server-alleen toeg.fil]g tot:
~ De toets-server in Bbroek
Ó Het beheer-VLAN in Bennebroe~
o Het beheer-VLAN in A
• Maak van toepassing op de juiste interface
=============================

access switch leslokalen

Merk, type:Cisco 2960
Hostname:AS01
VTP mode:[client]

===============

default gateway: 10.31.0.1
========================

interfaces trunk, allowed vlans [19,31]

vlan 31 IP: [10.31.10.1/16]

==========

ap sn

ssid prestina studenten
authen wpa2
preshared key student-prestina

AP DN

ssid prestina docenten
authen wpa 2
preshared key docentprestina99873

==============

printers

01 ptr01 10.20.20.1] [10.20.0.1]
02 ptr02 10.20.20.2) 10.20.0.1)
toetsing ptr-t [10.19.20.1) [10.19.0.1]

============

interne poorten

80 http
443 https
500 dns

externe poorten

500 isakmp
50 esp
80 http

totaal: 10.556,78

 

 

18 Replies 18

Mike Snoei
Level 1
Level 1

access-list 10 permit 192.168.146.0 0.0.1.255

 

access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255

 

access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255

access-list 102 deny ip any any

 

access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet

 

access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1

 

access-list 101 permit udp host 10.1.1.2 host 172.16.1.1

 

access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255

 

Step 3 interface type number

 

 

Example:

Device(config)# interface Gigabitethernet 0/0

 

Configures an interface type and enters interface configuration mode.

 

 

Step 4 ip ospf cost cost

 

 

Example:

Device(config-if)# ip ospf cost 65

 

Explicitly specifies the cost of sending a packet on an OSPF interface.

 

 

Step 5 ip ospf retransmit-interval seconds

 

 

Example:

Device(config-if)# ip ospf retransmit-interval 1

 

Specifies the number of seconds between link-state advertisement (LSA) retransmissions for adjacencies belonging to an OSPF interface.

 

 

Step 6 ip ospf transmit-delay seconds

 

 

Example:

Device(config-if)# ip ospf transmit-delay

 

Sets the estimated number of seconds required to send a link-state update packet on an OSPF interface.

 

 

Step 7 ip ospf priority number-value

 

 

Example:

Device(config-if)# ip ospf priority 1

 

Sets priority to help determine the OSPF designated router for a network.

 

 

Step 8 ip ospf hello-interval seconds

 

 

Example:

Device(config-if)# ip ospf hello-interval 1

 

Specifies the length of time between the hello packets that the Cisco IOS software sends on an OSPF interface.

 

 

Step 9 ip ospf dead-interval seconds

 

 

Example:

Device(config-if)# ip ospf dead-interval 1

 

Sets the number of seconds that a device must wait before it declares a neighbor OSPF router down because it has not received a hello packet.

 

 

Step 10 ip ospf authentication-key key

 

 

Example:

Device(config-if)# ip ospf authentication-key 1

 

Assigns a password to be used by neighboring OSPF routers on a network segment that is using the OSPF simple password authentication.

 

 

Step 11 ip ospf message-digest-key key-id md5 key

 

 

Example:

Device(config-if)# ip ospf message-digest-key 1 md5 23456789

 

Enables OSPF MD5 authentication. The values for the key-id and key arguments must match values specified for other neighbors on a network segment.

 

 

Step 12 ip ospf authentication [message-digest | null]

 

 

Example:

Device(config-if)# ip ospf authentication message-digest

 

Specifies the authentication type for an interface.

 

 

Step 13 end

 

 

Example:

Device(config-if)# end

 

 

 

 

 

Login to the device using SSH / TELNET and go to enable mode.

 

Go into the config mode.

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z. 

Router(config)#

 

Exclude IP addresses from being assigned by DHCP by using the ip dhcp excluded-address FIRST_IP LAST_IP

Router(config)#ip dhcp excluded-address 192.168.0.1 192.168.0.50

Router(config)#

 

Create a new DHCP pool with the ip dhcp pool NAME command

Router(config)#ip dhcp pool Floor1DHCP

Router(dhcp-config)#

 

Define a subnet that will be used to assign IP addresses to hosts with the network SUBNET SUBNET_MASK command.

Router(dhcp-config)#network 192.168.0.0 255.255.255.0

Router(dhcp-config)#

 

Define the default gateway with the default-router IP command

Router(dhcp-config)#default-router 192.168.0.1

Router(dhcp-config)#

 

Define the DNS server with the dns-server IP address command.

Router(dhcp-config)#dns-server 192.168.0.1

Router(dhcp-config)#

 

Return to privilege config mode

Router(dhcp-config)#exit

Router(config)#

 

Enable DHCP server on the interface using service dhcp interface-type number command

Router(config)#service dhcp vlan1

Router(config)#

 

Exit config mode

Router(config)#exit

Router#

 

To view information about the currently leased addresses, you can use the show ip dhcp binding command

Router#show ip dhcp binding

IP address Client-ID/ Lease expiration Type

Hardware address

192.168.0.51 0060.5C2B.3DCC -- Automatic

In the output above you can see that there is a single DHCP client that was assigned the IP address of 192.168.0.51. Since we’ve excluded the IP addresses from the 192.168.0.1 – 192.168.0.50 range, the device got the first address available – 192.168.0.51.

 

 

To display information about the configured DHCP pools, you can use the show ip dhcp pool command

Router#show ip dhcp pool

Pool Floor1DHCP :

Utilization mark (high/low) : 100 / 0

Subnet size (first/next) : 0 / 0

Total addresses : 254

Leased addresses : 1

Excluded addresses : 1

Pending event : none

 

1 subnet is currently in the pool

Current index IP address range Leased/Excluded/Total

192.168.0.1 192.168.0.1 - 192.168.0.254 1 / 1 / 254

This command displays some important information about the DHCP pool(s) configured on the device – the pool name, total number of IP addresses, the number of leased and excluded addresses, subnet’s IP range, etc.

 

 

Copy the running configuration into startup configuration using below command

Router#write memory

Building configuration... [OK]

Router#

Mike Snoei
Level 1
Level 1

Storing 1:
Permit tcp any host 210.210.210.2 eq www (weghalen)
Permit tcp any host 210.210.210.2 eq 443 (toevoegen)

Storing 3:
Server 30 aanzetten
Server op vlan 40 en aanmaken
Gateway aanpassen naar 0.1
Ip adres aanpassen van server 40

Native-VLAN

Het native-VLAN is standaard het default-VLAN (VLAN 1). Vanwege security-overwegingen kan het native-VLAN als een ander VLAN worden geconfigureerd, bijvoorbeeld VLAN 80. Het native-VLAN wordt op een 802.1Q trunk-poort geconfigureerd en moet aan beide kanten van de trunk voor hetzelfde VLAN worden geconfigureerd.

802.1Q-trunks transporteren dataverkeer van meerdere VLAN’s door elk frame met een VLAN identifier (VLAN-ID), die het packet voor het eigen VLAN identificeert, te taggen.

Op het native-VLAN worden door de switch zelf diverse protocol-packets verstuurd, zoals voor het Cisco Discovery Protocol ( CDP), Dynamic Trunking Protocol (DTP), VLAN Trunking Protocol (VTP) en Spanning Tree Protocol (STP).

Daarnaast transporteren deze trunks ook non-VLAN dataverkeer van oudere switches of van switches die het 802.1Q-protocol niet kennen (niet getagde data). De switch plaatst het ongetagde dataverkeer op het native-VLAN.

Het is een goede gewoonte om het native-VLAN voor een ander VLAN dan VLAN 1 te configureren en wel op beide zijde van de trunk.

Nadat het native-VLAN geconfigureerd is kunnen er (access-)poorten aan dit VLAN toegewezen worden.

Gebruikte commando’s:

Switch(config)# interface fa0/2
Switch(config-if)# switchport trunk native vlan 80
Switch(config-if)# switchport trunk allowed vlan add 80
Switch(config-if)# exit

Switch# show vlan brief
Switch# show interface trunk

deepakjadoenath
Level 1
Level 1

ROUTER1(config)# ip sla 1
ROUTER1(config-ip-sla)# icmp-echo 1.1.1.100 source-interface Ethernet0/0
ROUTER1(config-ip-sla)# ip sla schedule 1 life forever start-time now

 

 

ROUTER1(config)# interface ethernet 0/0
ROUTER1(config-if)# description WAN Interface
ROUTER1(config-if)# ip address 1.1.1.1 255.255.255.0
ROUTER1(config-if)# standby 1 ip 1.1.1.3 <- Create HSRP Group 1 and assign Virtual IP 1.1.1.3
ROUTER1(config-if)# standby 1 priority 101 <-Assign priority above 100 to make router primary/active
ROUTER1(config-if)# standby 1 preempt <- Makes router active if it has higher priority
ROUTER1(config-if)# standby 1 track 10 decrement 5 <- Assign tracking object 10 to HSRP group which will decrement the priority value by 5 if the tracked object is not reachable.

Now let’s enable HSRP on the LAN interface as well and create a Virtual IP 192.168.1.3

ROUTER1(config)# interface ethernet 0/1
ROUTER1(config-if)# description LAN Interface
ROUTER1(config-if)# ip address 192.168.1.1 255.255.255.0
ROUTER1(config-if)# standby 1 ip 192.168.1.3 <- Create HSRP Group 1 and assign Virtual IP 192.168.1.3
ROUTER1(config-if)# standby 1 priority 101 <- Assign priority above 100 to make router primary/active
ROUTER1(config-if)# standby 1 preempt <- Makes router active if it has higher priority
ROUTER1(config-if)# standby 1 track 10 decrement 5 <- Assign tracking object 10 to HSRP group which will decrement the priority value by 5 if the tracked object is not reachable.

NOTE:

The tracking object 10 above will decrement the priority value of the router by 5 (only if the tracked destination IP 1.1.1.100 is not reachable). This means that priority will become 101-5=96 which will be lower than the default priority of 100 which is assigned on the standby router (ROUTER2). Therefore, the standby router will become active. 

MORE READING:  Configuring NAT on Cisco Routers Step-by-Step (PAT, Static NAT, Port Redirection)
 

ROUTER1(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.100 <- Default Gateway route to ISP

ROUTER2

The configuration is similar but we don’t have to configure tracking on this router.

ROUTER2(config)# interface ethernet 0/0
ROUTER2(config-if)# description WAN Interface
ROUTER2(config-if)# ip address 1.1.1.2 255.255.255.0
ROUTER2(config-if)# no shut
ROUTER2(config-if)# standby 1 ip 1.1.1.3 <- The HSRP Group number (1) must be same as ROUTER1
ROUTER2(config-if)# standby 1 preempt

ROUTER2(config)# interface ethernet 0/1
ROUTER2(config-if)# description LAN Interface
ROUTER2(config-if)# ip address 192.168.1.2 255.255.255.0
ROUTER2(config-if)# no shut
ROUTER2(config-if)# standby 1 ip 192.168.1.3
ROUTER2(config-if)# standby 1 preempt

ROUTER2(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.100 <- Default Gateway route to ISP

 

 

Ethernet0/0 – Group 1
  State is Active
    2 state changes, last state change 00:07:00
  Virtual IP address is 1.1.1.3
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.184 secs
  Preemption enabled
  Active router is local
  Standby router is 1.1.1.2, priority 100 (expires in 10.048 sec)
  Priority 101 (configured 101)
  Group name is “hsrp-Et0/0-1” (default)

Ethernet0/1 – Group 1
  State is Active
    5 state changes, last state change 00:02:32
  Virtual IP address is 192.168.1.3
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.496 secs
  Preemption enabled
  Active router is local
  Standby router is 192.168.1.2, priority 100 (expires in 9.728 sec)
  Priority 101 (configured 101)
    Track object 10 state Up decrement 5
  Group name is “hsrp-Et0/1-1” (default)

ROUTER1#show track

Track 10
  IP SLA 1 reachability
  Reachability is Up
    Latest operation return code: OK
  Latest RTT (millisecs) 1
  Tracked by:
    HSRP Ethernet0/0 1
    HSRP Ethernet0/1 1

Failover Case

ROUTER1#show standby
Ethernet0/0 – Group 1
  State is Standby
    4 state changes, last state change 00:01:39
  Virtual IP address is 1.1.1.3
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.104 secs
  Preemption enabled
  Active router is 1.1.1.2, priority 100 (expires in 10.848 sec)
  Standby router is local
  Priority 96 (configured 101)
    Track object 10 state Down decrement 5
  Group name is “hsrp-Et0/0-1” (default)

Ethernet0/1 – Group 1
  State is Standby
    7 state changes, last state change 00:06:08
  Virtual IP address is 192.168.1.3
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.208 secs
  Preemption enabled
  Active router is 192.168.1.2, priority 100 (expires in 8.176 sec)
  Standby router is local
  Priority 96 (configured 101)
    Track object 10 state Down decrement 5
  Group name is “hsrp-Et0/1-1” (default)

ROUTER1#show track

Track 10
  IP SLA 1 reachability
  Reachability is Down
    Latest operation return code: Timeout
  Tracked by:
    HSRP Ethernet0/0 1
    HSRP Ethernet0/1 1

SSH:

Neutraal(config)#line vty 0 4

Neutraal(config-line)#password vty123

Neutraal(config-line)#login

Neutraal(config-line)#do wr mem

Building configuration...

[OK]

Neutraal(config-line)#exit

Neutraal(config)#

Neutraal#

%SYS-5-CONFIG_I: Configured from console by console

Neutraal#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal(config)#ip domain

Neutraal(config)#ip domain-

Neutraal(config)#ip domain-name Neutraal.nl

Neutraal(config)#cry

Neutraal(config)#crypto k

Neutraal(config)#crypto key g

Neutraal(config)#crypto key generate r

Neutraal(config)#crypto key generate rsa

The name for the keys will be: Neutraal.Neutraal.nl

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

 

How many bits in the modulus [512]: 2048

% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]

 

Neutraal(config)#

Neutraal(config)#line vty 0 4

*Mar 1 0:41:6.991: %SSH-5-ENABLED: SSH 1.99 has been enabled

Neutraal(config-line)#transpor

Neutraal(config-line)#transport in

Neutraal(config-line)#transport input ssh

Neutraal(config-line)#password ssh123

Neutraal(config-line)#login

Neutraal(config-line)#do wr mem

Building configuration...

[OK]

Neutraal(config-line)#

 

 

 

 

 

 

 

 

 

NTP master

 

Neutraal>en

Neutraal#clock set 14:38:00 January 8 2021

Neutraal#sh clock

14:38:2.472 UTC Fri Jan 8 2021

Neutraal#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal(config)#ntp master

Neutraal(config)#do wr mem

Building configuration...

[OK]

Neutraal(config)#

 

Andere 2 routers

 

Neutraal2>en

Neutraal2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal2(config)#ntp server 1.1.1.1

Neutraal2(config)#

Neutraal2#

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

INTER VLAN Routing

Neutraal(config-subif)#en

Neutraal(config-subif)#int gig0/0.10

Neutraal(config-subif)#encapsulation d

Neutraal(config-subif)#encapsulation dot1Q 10
Neutraal(config-subif)# 192.168.1.254 255.255.255.0

interface GigabitEthernet0/0.10

encapsulation dot1Q 10

ip address 192.168.1.10 255.255.255.0

!

interface GigabitEthernet0/1

 

Neutraal(config)#int gig0/0.20

Neutraal(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up

 

Neutraal(config-subif)#en

Neutraal(config-subif)#encapsulation d

Neutraal(config-subif)#encapsulation dot1Q 20

Neutraal(config-subif)#ip add 192.168.2.254 255.255.255.0

Neutraal(config-subif)#int gig0/0.30

Neutraal(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.30, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.30, changed state to up

 

Neutraal(config-subif)#encapsulation dot1Q 30

Neutraal(config-subif)#ip add 192.168.3.254 255.255.255.0

Neutraal(config-subif)#int gig0/0.40

Neutraal(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.40, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.40, changed state to up

encapsulation dot1Q 40

Neutraal(config-subif)#encapsulation dot1Q 40

Neutraal(config-subif)#ip add 192.168.4.254 255.255.255.0

Neutraal(config-subif)#do wr mem

Building configuration...

[OK]

Neutraal(config-subif)#

 

 

Volgende router

Neutraal2>en

Neutraal2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal2(config)#int gig0/0.10

Neutraal2(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed state to up

 

Neutraal2(config-subif)#en

Neutraal2(config-subif)#encapsulation d

Neutraal2(config-subif)#encapsulation dot1Q 10

Neutraal2(config-subif)#ip add 172.16.255.254 255.255.0.0

Neutraal2(config-subif)#int gig0/0.20

Neutraal2(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up

 

Neutraal2(config-subif)#encapsulation dot1Q 20

Neutraal2(config-subif)#ip add 172.17.255.254 255.255.0.0

Neutraal2(config-subif)#int gig0/0.30

Neutraal2(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.30, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.30, changed state to up

 

Neutraal2(config-subif)#encapsulation dot1Q 30

Neutraal2(config-subif)#ip add 172.18.255.254 255.255.0.0

Neutraal2(config-subif)#int gig0/0.40

Neutraal2(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.40, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.40, changed state to up

 

Neutraal2(config-subif)#encapsulation dot1Q 40

Neutraal2(config-subif)#ip add 172.19.255.254 255.255.0.0

Neutraal2(config-subif)#do wr mem

Building configuration...

[OK]

Neutraal2(config-subif)#

 

 

Volgende router INTERVLAN

Neutraal3>en

Neutraal3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal3(config)#int gig0/0.10

Neutraal3(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed state to up

 

Neutraal3(config-subif)#en

Neutraal3(config-subif)#encapsulation d

Neutraal3(config-subif)#encapsulation dot1Q 10

Neutraal3(config-subif)#ip add 10.10.255.254 255.255.0.0

Neutraal3(config-subif)#int gig0/0.20

Neutraal3(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up

 

Neutraal3(config-subif)#encapsulation dot1Q 20

Neutraal3(config-subif)#ip add 10.11.255.254 255.255.0.0

Neutraal3(config-subif)#int gig0/0.30

Neutraal3(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.30, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.30, changed state to up

 

Neutraal3(config-subif)#encapsulation dot1Q 30

Neutraal3(config-subif)#ip add 10.12.255.254 255.255.0.0

Neutraal3(config-subif)#int gig0/0.40

Neutraal3(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.40, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.40, changed state to up

 

Neutraal3(config-subif)#encapsulation dot1Q 40

Neutraal3(config-subif)#ip add 10.13.255.254 255.255.0.0

Neutraal3(config-subif)#do wr mem

Building configuration...

[OK]

Neutraal3(config-subif)#

 

 

Ip helper-address

Neutraal2>en

Neutraal2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal2(config)#int gig0/0.10

Neutraal2(config-subif)#ip h

Neutraal2(config-subif)#ip help

Neutraal2(config-subif)#ip helper-address 1.1.1.1

Neutraal2(config-subif)#int gig0/0.20

Neutraal2(config-subif)#ip helper-address 1.1.1.1

Neutraal2(config-subif)#int gig0/0.30

Neutraal2(config-subif)#ip helper-address 1.1.1.1

Neutraal2(config-subif)#int gig0/0.40

Neutraal2(config-subif)#ip helper-address 1.1.1.1

Neutraal2(config-subif)#do wr mem

Building configuration...

[OK]

Neutraal2(config-subif)#

 

Neutraal3#en

Neutraal3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal3(config)#int gig0/0.10

Neutraal3(config-subif)#ip hel

Neutraal3(config-subif)#ip helpe

Neutraal3(config-subif)#ip helper-address 2.2.2.1

Neutraal3(config-subif)#int gig0/0.20

Neutraal3(config-subif)#ip helper-address 2.2.2.1

Neutraal3(config-subif)#int gig0/0.30

Neutraal3(config-subif)#ip helper-address 2.2.2.1

Neutraal3(config-subif)#int gig0/0.40

Neutraal3(config-subif)#ip helper-address 2.2.2.1

Neutraal3(config-subif)#do wr mem

Building configuration...

[OK]

Neutraal3(config-subif)#

 

 

 

 

 

 

 

DHCP pool

 

Neutraal>en

Neutraal#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal(config)#ip dhcp pool NTA

Neutraal(dhcp-config)#network 192.168.1.0 255.255.255.0

Neutraal(dhcp-config)#def

Neutraal(dhcp-config)#default-router 192.168.1.254

Neutraal(dhcp-config)#ip dhcp pool NTB

Neutraal(dhcp-config)#network 192.168.2.0 255.255.255.0

Neutraal(dhcp-config)#default-router 192.168.2.254

Neutraal(dhcp-config)#ip dhcp pool NTC

Neutraal(dhcp-config)#network 192.168.3.0 255.255.255.0

Neutraal(dhcp-config)#default-router 192.168.3.254

Neutraal(dhcp-config)#ip dhcp pool NTWIFI

Neutraal(dhcp-config)#network 192.168.4.0 255.255.255.0

Neutraal(dhcp-config)#default-router 192.168.4.254

Neutraal(dhcp-config)#ip dhcp pool NT1

Neutraal(dhcp-config)#network 172.16.0.0 255.255.0.0

Neutraal(dhcp-config)#default-router 172.16.255.254

Neutraal(dhcp-config)#ip dhcp pool NT2

Neutraal(dhcp-config)#network 172.17.0.0 255.255.0.0

Neutraal(dhcp-config)#default-router 172.17.255.254

Neutraal(dhcp-config)#ip dhcp pool NT3

Neutraal(dhcp-config)#network 172.18.0.0 255.255.0.0

Neutraal(dhcp-config)#default-router 172.18.255.254

Neutraal(dhcp-config)#ip dhcp pool NTWireless

Neutraal(dhcp-config)#network 172.19.0.0 255.255.0.0

Neutraal(dhcp-config)#default-router 172.19.255.254

Neutraal(dhcp-config)#ip dhcp pool NTl

Neutraal(dhcp-config)#network 10.10.0.0 255.255.0.0

Neutraal(dhcp-config)#default-router 10.10.255.254

Neutraal(dhcp-config)#ip dhcp pool NTll

Neutraal(dhcp-config)#network 10.11.0.0 255.255.0.0

Neutraal(dhcp-config)#default-router 10.11.255.254

Neutraal(dhcp-config)#ip dhcp pool NTlll

Neutraal(dhcp-config)#network 10.12.0.0 255.255.0.0

Neutraal(dhcp-config)#default-router 10.12.255.254

Neutraal(dhcp-config)#ip dhcp pool NTDraadloos

Neutraal(dhcp-config)#network 10.13.0.0 255.255.0.0

Neutraal(dhcp-config)#default-router 10.13.255.254

Neutraal(dhcp-config)#do wr mem

Building configuration...

[OK]

Neutraal(dhcp-config)#

 

 

VTP

Op elke Multilayerswitch

 

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#vtp domain Neutraal.nl

Changing VTP domain name from NULL to Neutraal.nl

Switch(config)#vtp password vtp123

Setting device VLAN database password to vtp123

Switch(config)#do wr mem

Building configuration...

Compressed configuration from 7383 bytes to 3601 bytes[OK]

[OK]

Switch(config)#exit

Switch#

%SYS-5-CONFIG_I: Configured from console by console

 

 

VTP op kleine switch

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#vtp mode c

Switch(config)#vtp mode client

Setting device to VTP CLIENT mode.

Switch(config)#vtp password vtp123

Setting device VLAN database password to vtp123

Switch(config)#

 

 

 

 

 

 

 

 

 

 

OSPF

Hoofdrouter

Neutraal>en

Neutraal#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal(config)#router os

Neutraal(config)#router ospf 10

Neutraal(config-router)#network 1.1.1.0 255.255.255.252 area 0

Neutraal(config-router)#network 2.2.2.0 255.255.255.252 area 0

Neutraal(config-router)#network 192.168.1.0 255.255.255.0 area 0

Neutraal(config-router)#network 192.168.2.0 255.255.255.0 area 0

Neutraal(config-router)#network 192.168.3.0 255.255.255.0 area 0

Neutraal(config-router)#network 192.168.4.0 255.255.255.0 area 0

Neutraal(config-router)#do wr mem

Building configuration...

[OK]

Neutraal(config-router)#

 

Volgende router

Neutraal2>en

Neutraal2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal2(config)#router o

Neutraal2(config)#router ospf 20

Neutraal2(config-router)#network 1.1.1.0 255.255.255.252 area 0

Neutraal2(config-router)#

17:57:24: %OSPF-5-ADJCHG: Process 20, Nbr 192.168.4.254 on Serial0/0/0 from LOADING to FULL, Loading Done

 

Neutraal2(config-router)#network 2.2.2.0 255.255.255.252 area 0

Neutraal2(config-router)#network 172.16.0.0 255.255.0.0 area 0

Neutraal2(config-router)#network 172.17.0.0 255.255.0.0 area 0

Neutraal2(config-router)#network 172.18.0.0 255.255.0.0 area 0

Neutraal2(config-router)#network 172.19.0.0 255.255.0.0 area 0

Neutraal2(config-router)#do wr mem

Building configuration...

[OK]

Neutraal2(config-router)#

Volgende router

Neutraal3>en

Neutraal3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal3(config)#router os

Neutraal3(config)#router ospf 30

Neutraal3(config-router)#network 1.1.1.0 255.255.255.252 area 0

Neutraal3(config-router)#network 2.2.2.0 255.255.255.252 area 0

Neutraal3(config-router)#10.10.

18:11:52: %OSPF-5-ADJCHG: Process 30, Nbr 192.168.4.254 on Serial0/0/1 from LOADING to FULL, Loading Done

 

Neutraal3(config-router)#network 10.10.0.0 255.255.0.0 area 0

Neutraal3(config-router)#network 10.11.0.0 255.255.0.0 area 0

Neutraal3(config-router)#network 10.12.0.0 255.255.0.0 area 0

Neutraal3(config-router)#network 10.13.0.0 255.255.0.0 area 0

Neutraal3(config-router)#do wr mem

Building configuration...

[OK]

Neutraal3(config-router)#

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GRE Tunnel

 

Linker router

Neutraal2>en

Neutraal2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal2(config)#int tunnel 1

 

Neutraal2(config-if)#

%LINK-5-CHANGED: Interface Tunnel1, changed state to up

 

Neutraal2(config-if)#ip add 3.3.3.1 255.255.255.252

Neutraal2(config-if)#tunnel sou

Neutraal2(config-if)#tunnel source se0/0/0

Neutraal2(config-if)#tunnel destination 2.2.2.2

Neutraal2(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up

 

Neutraal2(config-if)#do wr mem

Building configuration...

[OK]

Neutraal2(config-if)#

 

Rechter router

 

Neutraal3>en

Neutraal3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal3(config)#int tunnel 1

 

Neutraal3(config-if)#

%LINK-5-CHANGED: Interface Tunnel1, changed state to up

 

Neutraal3(config-if)#tunnel sou

Neutraal3(config-if)#tunnel source se0/0/1

Neutraal3(config-if)#tunnel de

Neutraal3(config-if)#tunnel destination 1.1.1.2

Neutraal3(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up

 

Neutraal3(config-if)#do wr mem

Building configuration...

[OK]

Neutraal3(config-if)#

 

Neutraal2>en

Neutraal2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Neutraal2(config)#ip route 2.2.2.0 255.255.255.252 3.3.3.2

Neutraal2(config)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up

 

Neutraal2(config)#do wr mem

Building configuration...

[OK]

Neutraal2(config)#

 

Neutraal3(config-if)#

Neutraal3(config-if)#ip route 1.1.1.0 255.255.255.252 3.3.3.1

Neutraal3(config)#do wr mem

Building configuration...

[OK]

Neutraal3(config)#

VTP 

vlan

trunk / access

int vlan

ip add 

ip helper

 

david malcolm
Level 1
Level 1

ipsec:

.license

.acces-list (beide kanten)

 

- crypto isakmp policy (..)

encryption aes 256

hash md5

authentication pre-share

group 5

 

.crypto isakmp key (...) address (ip tegenover)

.crypto ipsec transform-set (...) esp-aes esp-sha-hmac

 

.crypto map (...) (nummer, policy) ipsec-isakmp

set peer (tegenover)

set transform-set (...)

match address (acces-list no, erbij hoort)

 

.int se0/0/0

crypto map (..)

 

show command:

sh crypto ipsec sa

Port-sec:

 

.interface gi/fa

.switchpoort mode access

.switchpoort port-sec

.switch[poort port-sec violation prot/restr/shutdown

.switchpoort port-sec max 1

.switchpoort port-sec mac-address (...)/sticky

-Hostname (moet veranderen)

-enable password (…)

- line vty 0 4
Password (…)
Login

- exit
- ip domain-name (name)
- crypto key generate rsa
2048

- line vty 0 4
Transport input ssh
Password ( … )
Login

- Int vlan (…)
Ip add (een ip uit die vlan) (subnet)

Do wr m

Testen:

Verbind pc, in dezelfde vlan.

Ssh -l admin (ip die je had gegeven van int vlan)

SSH switch:
 
.Hostname (moet veranderen)

.enable password (…)

.line vty 0 4
Password (…)
Login

.exit
. ip domain-name (name)
.crypto key generate rsa
2048

.line vty 0 4
Transport input ssh
Password ( … )
Login

.Int vlan (…)
Ip add (een ip uit die vlan) (subnet)

Do wr m

Testen:

Verbind pc, in dezelfde vlan.
Ssh -l admin (ip die je had gegeven van int vlan)

int range fa0/1-2
Switchport port-security
(Allen 1 per switch)
Switchport port-security maximum 1
Switchport port-security mac-address sticky
Switchport port-security violation restrict
De rest uitzetten
Do sh ip inter b
Int range fa0/3-24, gig1/1-2
shutdown


show running-config

mac-address Ipconfig cmd

show port-security interface fa0/2

david malcolm
Level 1
Level 1
  1. Www weghalen 443

 

  1. Pc6 naar webserver kanniet. Acceslist. Rechter route
  2. Permit ip 11.0.0.0 0.255.255.255

/8

 

Ospf linker router

Elk netwerk moet erin voor verbinding

Subnet mask is fout

Wildcard fout

 

Ospf voegen bij elk router

 

Server 30 aanzetten

Server 40 verander ip adres 200.40.0.2 (subnet)

 

Switch daarmee verbonden met server 40, vlan 40 aanmaken

Fa0/17/18

 

Router ermee verbonden

Sub interface gig0/0.40

No shutdown zetten

Ip veranderen miss 200.40.0.1

 

 

Linker switch:

Linker router Deny any weghalen

 

Vlan 40 moet gemaakt worden bij linker switch