Scribd Logo
Carica

Benvenuto in Scribd!

  • Aseguramiento de La Red PDF

    Caricato da

    feider lopez
    5 visualizzazioni37 pagine

    Titolo originale

    Aseguramiento de la Red.pdf

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    5 visualizzazioni37 pagine

    Aseguramiento de La Red PDF

    Caricato da

    feider lopez

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 37

    Taller Configuración de Controles

    Version 4.0 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1
    Caso de Estudio

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2


    Configuración Funcional

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 3


    Direccionamiento

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 4


    Configuración Router Wireless

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 5


    Configuración Router Wireless

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 6


    Configuración Clientes DHCP

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 7


    Configuración Switch (Sede Remota)

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 8


    Configuración Switch (Configurar VLANS)

    Switch#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Switch(config)#hostname SW2-SEDE2
    SW2-SEDE2(config)#int vlan 2
    SW2-SEDE2(config-if)#desc WIRELESS
    SW2-SEDE2(config-if)#no shut
    SW2-SEDE2(config-if)#exit
    SW2-SEDE2(config)#int vlan 3
    SW2-SEDE2(config-if)#desc LAN-SEDE-REMOTA
    SW2-SEDE2(config-if)#no shut
    SW2-SEDE2(config-if)#exit

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 9


    Configuración Switch
    (Asociar Puertos a VLANs)

    SW2-SEDE2(config)#int range f0/1 - 2


    SW2-SEDE2(config-if-range)#switchport mode access
    SW2-SEDE2(config-if-range)#switchport access vlan 2
    SW2-SEDE2(config-if-range)#exit

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 10


    Configuración Switch (Trunk Port)

    SW2(config)#int range f0/1 - 5


    SW2(config-if-range)#switchport mode trunk
    SW2(config-if-range)#switchport trunk native vlan 99
    SW2(config-if-range)#no shut

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 11


    Configuración Router (802.1q)

    SW2(config)#int range f0/1 - 5


    SW2(config-if-range)#switchport mode trunk
    SW2(config-if-range)#switchport trunk native vlan 99
    SW2(config-if-range)#no shut

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 12


    Configuración Routers (Trunk)
    R1#conf t
    R1(conf)#int fa0/0.1
    R1(conf-if)#encapsulation dot1q 2
    R1(conf-if)#ip add 172.17.1.10 255.255.255.0

    R1(conf)#int fa0/0.2
    R1(conf-if)#encapsulation dot1q 3
    R1(conf-if)#ip add 192.168.3.10 255.255.255.0

    R1(conf)#exit
    R1(conf)#int fa0/0
    R1(conf-if)#no shut
    R1(conf)#exit

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 13


    Configuración Switch (Sede principal)

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 14


    Configuración Switch (Configurar VLANS)

    Switch#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Switch(config)#hostname SW1-LOCAL
    SW1-LOCAL(config)#int vlan 2
    SW1-LOCAL(config-if)#desc SERVIDORES
    SW1-LOCAL(config-if)#no shut
    SW1-LOCAL(config-if)#exit
    SW1-LOCAL(config)#int vlan 3
    SW1-LOCAL(config-if)#desc ESTACIONES
    SW1-LOCAL(config-if)#no shut
    SW1-LOCAL(config-if)#exit

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 15


    Configuración Switch
    (Asociar Puertos a VLANs)

    SW1-LOCAL(config)#int range f0/1 - 2


    SW1-LOCAL(config-if-range)#switchport mode access
    SW1-LOCAL(config-if-range)#switchport access vlan 2
    SW1-LOCAL(config-if-range)#exit

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 16


    Configuración Switch (Trunk Port)

    SW1-LOCAL(config)#int f0/10
    SW1-LOCAL(config-if-range)#switchport mode trunk
    SW1-LOCAL(config-if-range)#switchport trunk native vlan 99
    SW1-LOCAL(config-if-range)#no shut

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 17


    Configuración Router (802.1q)

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 18


    Configuración Routers (Trunk)
    R1#conf t
    R1(conf)#int fa0/0.1
    R1(conf-if)#encapsulation dot1q 2
    R1(conf-if)# description VLAN-SERVERS
    R1(conf-if)#ip add 192.168.1.10 255.255.255.0

    R1(conf)#int fa0/0.2
    R1(conf-if)#encapsulation dot1q 3
    R1(conf-if)# description WS-STATIONS
    R1(conf-if)#ip add 192.168.2.10 255.255.255.0

    R1(conf)#exit
    R1(conf)#int fa0/0
    R1(conf-if)#no shut
    R1(conf)#exit

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 19


    Configuración Routing Operador

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 20


    Configuración Routers interface (WAN)
    R-WAN#conf t
    R1(conf)#int s0/0/0
    R1(conf-if)#ip add 200.30.75.1 255.255.255.252
    R1(conf-if)#desc WAN
    R1(conf-if)#encapsulation ppp
    R1(conf-if)#clock rate 64000
    R1(conf-if)#no shutdown
    R1(conf-if)#end

    Configuracíon por interface WAN cambiando la dirección IP en cada


    Router.

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 21


    Configuración Routers Enrutamiento (WAN)
    R-WAN#conf t
    R1(conf)#router rip
    R1(conf-router)#version 2
    R1(conf-router)#net 190.1.190.0
    R1(conf-router)#net 200.30.75.0
    R1(conf-router)#exit
    R1(conf)#end

    Repetir en los 2 routers cambiando el valor de “network”

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 22


    Endurecimiento de Switches

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 23


    Endurecimiento de Switches

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 24


    Configuración Switch (deshabilitar puertos)

     Switch(config)#interface range f0/1 - 24


     Switch(config-if-range)#shutdown

    Nota:
    Ideal Deshabilitarlos todos y habilitar solo los necesarios

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 25


    Configuración Switch (deshabilitar puertos)

    Switch(config)#interface range f0/1 - 24


    Switch(config-if-range)#shutdown

    Switch(config)#int range f0/1 - 4


    Switch(config-if-range)#no shutdown

    Nota:
    Ideal Deshabilitarlos todos y habilitar solo los necesarios

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 26


    Configuración Switch (Registro de mac)

    Switch(config)#mac-address-table static 0011.2233.4455 vlan 1 int f0/12


    Switch(config)#

    Consultar Tabla de direciones MAC

    Switch# show mac-address-table

    Mac Address Table


    -------------------------------------------
    Vlan Mac Address Type Ports
    ---- ----------- -------- -----
    1 0011.2233.4455 DYNAMIC Fa0/1

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 27


    Configuración Switch (Banner motd)

    SW-local# conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    SW-local(config)# banner motd &
    Enter TEXT message. End with the character '&'.
    ##########################################################3
    # SOLO SE PERMITE EL ACCESO A PERSONAL AUTORIZADO
    # SUS ACTIVIDADES ESTAN SIENDO MONITOREADAS
    ###########################################################
    &

    SW-local(config)#

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 28


    Configuración Switch (port security)

    Switch(config)#int f0/1
    Switch(config-if)#switchport mode access
    Switch(config-if)#switchport port-security
    Switch(config-if)#switchport port-security maximum 1
    Switch(config-if)#switchport port-security mac-address sticky
    Switch(config-if)#switchport port-security violation shutdown
    Switch(config-if)#exit
    Switch(config)#

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 29


    Configuración Switch (SSH)

    R1(conf)#Hostname R1
    R1(conf)#ip domain-name utb.edu.co
    R1(conf)#username soporte password 0 valentina
    R1(conf)#ip ssh version 2
    R1(conf)#crypto key generate rsa  1024 bits
    R1(conf)#line vty 0 4
    R1(conf)#password cisco
    R1(conf)#login local
    R1(conf)#transport prefered ssh

    Probar remotamente con:


    R2#ssh -l soporte -v 2 192.168.1.1

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 30


    Configuración Switch (timeout consola)

    Switch(config-line)#exec-timeout ?
    <0-35791> Timeout in minutes
    Switch(config-line)#exec-timeout 10 10
    Switch(config-line)#exit
    Switch(config)#

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 31


    Configuración Switch (contraseñas)
    Switch# conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Switch(config)#enable secret clave
    Switch(config)#line console 0
    Switch(config-line)#password claveConsola
    Switch(config-line)#login
    Switch(config-line)#line vty 0 4
    Switch(config-line)#password claveTelnet
    Switch(config-line)#login
    Switch(config-line)#end
    Switch#
    SW-local(config)#service password-encryption

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 32


    Configuración Switch (Span Port)

    Switch# conf t
    Enter configuration commands, one per line. End with CNTL/
    Z.
    Switch(config)#int f0/1
    Switch(config.if)# port monitor fa0/2
    Switch(config-line)#end
    Switch#

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 33


    Configuración Switch (snmp)

    Switch# conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Switch(config)#service password-encryption
    Switch(config)# username soporte privilege 15 password 0 valentina
    Switch(config)# snmp-server community p0bl1c ro
    Switch(config)# snmp-server host 192.168.1.1 p0bl1c
    Switch(config)# snmp-server enable traps
    Switch(config)# snmp-server enable traps snmp
    Switch(config)# service timestamps log datetime msec localtime show-
    timezone

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 34


    Configuración Switch (Logging)

    Switch# conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Switch(config)#service password-encription
    Switch(config)# no logging console
    Switch(config)# logging on
    Switch(config)# logging buffered 32000
    Switch(config)# logging buffered informational
    Switch(config)# logging facility local6
    Switch(config)# logging trap informational
    Switch(config)# logging 192.168.1.1

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 35


    Endurecimiento de Routers

    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 36


    © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 37

    Potrebbero piacerti anche