Scribd
Upload
108 views7 pages

Examen Borja

This document contains configuration information for routers, switches and access points in a network. It defines VLANs for different services and assigns IP addresses to interfaces on routers and switches. DHCP pools are configured to provide IP addresses to hosts in each VLAN. RADIUS authentication is configured for wireless clients using different SSIDs mapped to VLANs for secure access. Routing protocols and NAT configurations are also included to connect the internal VLANs to the internet.

Uploaded by

Ana Leiva Sanchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
108 views7 pages

Examen Borja

This document contains configuration information for routers, switches and access points in a network. It defines VLANs for different services and assigns IP addresses to interfaces on routers and switches. DHCP pools are configured to provide IP addresses to hosts in each VLAN. RADIUS authentication is configured for wireless clients using different SSIDs mapped to VLANs for secure access. Routing protocols and NAT configurations are also included to connect the internal VLANs to the internet.

Uploaded by

Ana Leiva Sanchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 7

VLAN 1 10.3.0.0/19 .1 ROUTER1 255.255.240.

0
.2 SWITCH
.3 AP

VLAN 100 10.3.32.0/19 .1 ROUTER1

VLAN 200 10.3.64.0/19 .1 ROUTER1

VLAN 300 10.3.128.0/19 .1 ROUTER1

RADIUS 10.3.160.0/19 .1 ROUTER2


.10 RADIUS

SERIAL 10.3.192.0/30 .192.1 R1


.192.2 R2
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;
ROUTER-LIMA

CONFIGURACIONES BASICAS
!
hostname R-LIMA
service password-encryption
banner motd "ACCESO RESTRINGIDO"
enable secret class
service password-encryption
!
banner motd #ACCESO RESTRINGIDO#
!
ip domain-name grupo3.com
ip ssh authentication-retries 4
ip ssh time-out 10
crypto key generate rsa
//1024
!
username bcamacho secret bcamacho
username ggrabiel secret ggrabiel
uSername vhuaytan secret vhuaytan

!
line vty 0 4
exec-timeout 3
login local
transport input ssh
!
!CONTRASE�A CABLE CONSOLA
line console 0
password cisco
login

-----------------------------------------------------------
CONFIGURACION DE INTERFACES
#interface con salida a internet

interface f0/1
ip address 172.17.2.60 255.255.252.0
no shutdown
exit
#interface internas

interface f0/0
no shutdown
exit

interface f0/0.1
encapsulation dot1Q 1 native
ip address 10.3.0.1 255.255.224.0
exit

interface f0/0.100
encapsulation dot1q 100
ip address 10.3.32.1 255.255.224.0
exit

interface f0/0.200
encapsulation dot1q 200
ip address 10.3.64.1 255.255.224.0
exit

interface f0/0.300
encapsulation dot1q 300
ip address 10.3.128.1 255.255.224.0
exit

interface s0/2/0
ip address 10.3.192.1 255.255.255.252
no shutdown
-----------------------------------------------------------

#CREACION DE DHCP CON EXCLUSIONBES DE IPS

ip dhcp excluded-address 10.3.32.1 10.3.32.10


ip dhcp pool DATOS
network 10.3.32.0 255.255.224.0
default-router 10.3.32.1
dns-server 8.8.8.8

ip dhcp excluded-address 10.3.64.1 10.3.64.10


ip dhcp pool VOZ
network 10.3.64.0 255.255.224.0
default-router 10.3.64.1
dns-server 8.8.8.8
exit

ip dhcp excluded-address 10.3.128.1 10.3.128.10


ip dhcp pool ADMIN
network 10.3.128.0 255.255.224.0
default-router 10.3.128.1
dns-server 8.8.8.8
exit
---------------------------------------------------
router rip
version 2
network 10.0.0.0
default-information originate

------------------------------------------------------
#ENRUTAMIEENTO DE LA RED
Ip route 0.0.0.0 0.0.0.0 172.17.3.254
-------------------------------------------------------
#NATEO

ip nat inside source list 30 interface f0/1 overload


access-list 30 permit 10.3.0.0 0.0.31.255
access-list 30 permit 10.3.32.0 0.0.31.255
access-list 30 permit 10.3.64.0 0.0.31.255
access-list 30 permit 10.3.128.0 0.0.31.255
access-list 30 permit 10.3.160.0 0.0.31.255
------------------------------------------------------------
DEFINIMOS LAS INTERFACES PARA EL NATEO

interface f0/0.1
ip nat inside

interface f0/0.100
ip nat inside
interface f0/0.200
ip nat inside

interface f0/0.300
ip nat inside

interface s0/2/0
ip nat inside

interface f0/1
ip nat outside

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ROUTER ICA
!CONFIGURANDO LAS INTERFACES
!
interface f0/1
ip address 10.3.160.1 255.255.224.0
no shutdown
!
interface s0/2/0
ip address 10.3.192.2 255.255.255.252
no shutdown
!
----------------------------------
!ROUTER RIP
!
router rip
version 2
network 10.0.0.0
!
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
!SW-GRUPO3
!
hostname SW-GRUPO6
service password-encryption
enable secret class
!
ip domain-name grupo3.com
ip ssh authentication-retries 4
ip ssh time-out 10
crypto key generate rsa
//1024
!
username bcamacho secret bcamacho
username ggrabiel secret ggrabiel
uSername vhuaytan secret vhuaytan
!
line vty 0 4
login local
transport input ssh
!
line console 0
password cisco
login
!
-------------------------------------
vlan�s
-------------------------------------
vlan 100
name DATOS
vlan 200
name VOZ
vlan 300
name ADMIN
!
interface range f0/1 - 8
switchport mode access
switchport access vlan 100
!
interface range f0/9 - 16
switchport mode access
switchport access vlan 200
!
interface range f0/17 - 24
switchport mode access
switchport access vlan 300
!
interface range g0/1 - 2
switchport mode trunk
switchport trunk native vlan 1

!
-----------------------------------
!CONFIGURANDO LA INTERFACE VLAN
!
interface vlan 1
ip address 10.3.0.2 255.255.224.0
no shutdown
!
______________________________________________________
______________________________________________________
!CONFIGURANDO EL SERVIDOR RADIUS
!
AUTENTICACION RADIUS --> WPA2/ENTERPRISE--> IP SERVIDOR
PUERTOS: 1812 AUTENTHICATION
1813 ACCOUNTING
192.168.10.0/24 CLAVE COMPARTIDA: marina2018

-------------------------------------------------------------
�QUE DEBEMOS CONFIGURAR?

EDIT | -CLAVE COMPARTIDA


RADIUS | -IP DEL CLIENTE: AUTENTICADOR
CLIENT | (RUTEADOR INALAMBRICO)

C://FREERADIUS/ETC/RADDB/EN EL CLIENTS.CONF

# You can now specify one secret for a network of clients.


# When a client request comes in, the BEST match is chosen.
# i.e. The entry from the smallest possible network.
#
#client 192.168.0.0/24 {
# secret = testing123-1
# shortname = private-network-1
#}
#
client 10.3.160.10/32 {
secret = sistemas
shortname = ruteador-inalambrico
------------------------------

EDIT | -REGISTRAR USUARIOS/PASSWORD


USERS |

C://FREERADIUS/ETC/RADDB/EN EL USERS.CONF

############## RFC3580 ################


## Also the "eap.conf" MUST be modified to include the follow line:
## "use_tunneled_reply = yes"
## the default is "use_tunneled_reply = no"
## this allow the "Tunnel*" AV's to be passed outside the eap tunnel
## otherwise the switch will NOT see the VLAN to place the port into
#### Comments added by Jeff Reilly ####

testuser User-Password == "testpw"


usuario01 User-Password == "password01"
usuario02 User-Password == "password02"
usuario03 User-Password == "password03"

despues hacemos clip en el stop freeRADIUS.net service


despues hacemos clip en el start FreeRadius.net in debug mode
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

CONFIGURACION AP
CONFIGURACION AP
AUTENTICACION ENTERPRISE CON VLANs

!CREACION DE VLANs
dot11 vlan-name DATOS vlan 100
dot11 vlan-name VOZ vlan 200
dot11 vlan-name ADMIN vlan 300
!
!MAPEO ENTRE LAS VLAN Y LOS SSID
!
dot11 ssid DATOS 3
vlan 100
authentication open
mbssid guest-mode
!
dot11 ssid VOZ 3
vlan 200
authentication open
mbssid guest-mode
!
dot11 ssid ADMIN 3
vlan 300
authentication open
mbssid guest-mode
!
!DEFINIENDO LAS SUBINTERFACES ASOCIADAS A LAS VLAN
!
interface Dot11Radio0
no shutdown
!
ssid DATOS 3
!
ssid VOZ 3
!
ssid ADMIN 3
!
mbssid
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
!
interface Dot11Radio0.100
encapsulation dot1Q 100
bridge-group 100
!
interface Dot11Radio0.200
encapsulation dot1Q 200
bridge-group 200
!
interface Dot11Radio0.300
encapsulation dot1Q 300
bridge-group 254
!
!EXTENDIENDO LAS VLANs A LA RED CABLEADA
!
interface FastEthernet0
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
!
interface FastEthernet0.100
encapsulation dot1Q 100
bridge-group 100
!
interface FastEthernet0.200
encapsulation dot1Q 200
bridge-group 200
!
interface FastEthernet0.300
encapsulation dot1Q 300
bridge-group 254
!
!CONFIGURANDO AUTENTICACION Y ENCRIPTACION EN MODO !ENTERPRISE
!
!VLAN10:SSID:personal:WPA2-AES/ENTERPRISE
!VLAN20:SSID:contabilidad:WPA-TKIP/ENTERPRISE
!VLAN30:SSID:ingenieria:WPA2-AES/ENTERPRISE
!
interface BVI1
ip address 10.3.0.3 255.255.224.0
no shutdown
!
ip default-gateway 10.3.0.1
!
aaa new-model
!
aaa authentication login eap_methods group radius
radius-server host 10.3.160.10 auth-port 1812 acct-port 1813 key sistemas
!
interface dot11Radio 0
encryption vlan 100 mode ciphers aes-ccm
encryption vlan 200 mode ciphers tkip
encryption vlan 300 mode ciphers aes-ccm
!
dot11 ssid DATOS 3
authentication key-management wpa
authentication open eap eap_methods
authentication network-eap eap_methods
!
dot11 ssid VOZ 3
authentication key-management wpa
authentication open eap eap_methods
authentication network-eap eap_methods
!
dot11 ssid ADMIN 3
authentication key-management wpa
authentication open eap eap_methods
authentication network-eap eap_methods

You might also like