Tarea 8 Cisco

Descargar como doc, pdf o txt
Descargar como doc, pdf o txt
Está en la página 1de 23

Ingeniera en Sistemas

Computacionales
CISCO II

Nombre: Ricardo Maldonado Navarro


Facilitador: MANUEL PRISCILIANO RALERO DE LA
MORA

ESTUDIO DE CASO

INSTRUCCIONES:Realiza el estudio de caso que se presenta a continuacin.

Enrutamiento
Descripcin general y objetivos
En este estudio de caso los estudiantes realizarn un proyecto de diseo, de puesta en
marcha y de diagnstico de fallas de una red, y harn uso de las capacidades adquiridas en
el curso. Debern usar las capacidades que ya han desarrollado para utilizar, preparar y
conectar el cableado apropiado a los dispositivos correspondientes.
Es muy importante leer y comprender las distintas situaciones que se plantean, y asegurarse
de haber cumplido todos los requisitos. Cada situacin lo guiar a travs de los pasos
correctos, los cuales aseguran que el proyecto se lleve a cabo adecuadamente.
Este estudio de caso requiere que se realicen las siguientes actividades:
Establecer la configuracin fsica de la red, de acuerdo con el diagrama y la
descripcin correspondiente.
Efectuar correctamente una configuracin bsica de los routers.
Instalar y activar un servidor TFTP en una estacin de trabajo.
Crear y activar listas de control de acceso en los routers e interfaces apropiadas.

Diagnosticar fallas y comprobar todas las interconexiones y listas de control de


acceso.
Proveer de documentacin detallada, tal como se indica en la seccin de materiales a
entregar.

Situacin 1 Fase 1: Descripcin del Proyecto

Una empresa tiene un grupo de personas a cargo del mantenimiento de las diversas
secciones de la infraestructura de redes. Varios tcnicos han hecho un excelente trabajo
dentro de las pequeas secciones de la red de la cuales son responsables.
Uno de los responsables de una seccin ms amplia de la infraestructura renuncia
repentinamente a la empresa. Esto deja a mitad de camino el rediseo y la puesta en marcha
de dicha seccin de la red. Se le asigna a un tcnico la tarea de finalizar el diseo y la puesta
en marcha que quedaron inconclusas.
Despus de estudiar la documentacin en casa durante el fin de semana, el tcnico descubre
por qu el otro renunci repentinamente a su trabajo. Los escasos documentos que existan
estaban muy mal escritos. Por lo tanto, durante el fin de semana, el tcnico reconstruye el
diagrama mostrado arriba a partir de un croquis que encontr. Este diagrama representa el
nuevo diseo de la red y las subredes. Muestra los routers, concentradores y switches, los
circuitos y las estaciones de trabajo y los servidores planificados para cada lugar. El servidor
en el lugar llamado 'Center' es un servidor de archivos al cual tienen acceso slo las
estaciones de trabajo de la subred local.
Todos los routers de la red se administran desde una estacin de trabajo en Center.
Al volver al trabajo el lunes, el tcnico presenta el nuevo diagrama al jefe de infraestructura
de redes, a cargo del proyecto. Luego de conversarlo, se determina que es necesario
desarrollar nueva documentacin sobre el proyecto.

El jefe de redes, el instructor en nuestro caso, debe aprobar la documentacin en cada fase
del proceso. Utilice la siguiente informacin para poner en marcha la red.
mbito de direcciones de red 192.168.0.0
Cantidad requerida de subredes 5
Protocolo de enrutamiento RIOP
Fase 2: Asignacin de direcciones de IP
Ahora que existe un plan bsico, el jefe de redes asigna al tcnico la tarea de desarrollar un
prototipo de la nueva red. Utilice el mbito de direcciones de red asignado, junto con los
requisitos relativos a las subredes, para dividir la red. A partir del esquema de direcciones de
IP, asigne direcciones de IP a las interfaces correspondientes en todos los routers y
computadoras de la red. Use como gua el diagrama que aparece a continuacin. Obtenga la
aprobacin de esta fase por parte del instructor, antes de proceder con la Fase 3.
Aprobacin del instructor ___________________Fecha __________________

Diagrama de red Asignacin de direcciones de IP

192.168.1.2
5
255.255.255.224
192.168.1.3
192.168.1.1

192.168.1.2
192.168.1.1

fa 0/0
S 0/1/0
DTE
192.168.1.98
S 0/0/0
DCE
192.168.1.97

192.168.1.1
S 0/0/0
DCE
192.168.1.129
S 0/1/0
DTE
192.168.1.130

fa 0/0
192.168.1.33
192.168.1.34
192.168.1.35
192.168.1.33

mbito de direcciones de red 192.168.1.0/27


Cantidad requerida de subredes 5
Protocolo de enrutamiento RIP

fa 0/0
192.168.1.65
192.168.1.66
192.168.1.67
192.168.1.65

Fase 3: Configuracin bsica de los routers y las estaciones de trabajo


Una vez que el jefe de equipo ha inspeccionado el cableado del prototipo, se le asigna al
tcnico la tarea de crear configuraciones bsicas en el router y las estaciones de trabajo.
Utilice el diagrama y las planillas de planificacin para establecer una configuracin bsica de
los routers. La lista a continuacin ser til para hacer el seguimiento del proceso de
configuracin.
Nombre de host

Boaz

Center

Eva

Contrasea de la
consola
Contrasea secreta
Contrasea VTY
Direccin de IP I/F
Serial 0/0
Direccin de IP I/F
Serial 0/1
*Velocidad de
sincronizacin I/F
Serial 0/0
*Velocidad de
sincronizacin I/F
Serial 0/1
Direccin de IP I/F Fa
0/0
Direccin deIP I/F Fa
0/1
Activar interfaces
Agregar protocolo de
enrutamiento
Agregar
afirmacionesxx de red
Descripcin I/F Serial
0/0
Descripcin I/F Serial
0/1

x
x
x

x
X
X

X
X
x

X
X

X
X

X
X

Descripcin I/F Fa 0/0

Descripcin I/F Fa 0/1

Aprobacin del instructor ___________________Fecha __________________

Fase 4: Listas de control de acceso


Al efectuar pruebas en la red, el jefe de redes descubre que no se ha tomado en cuenta la
seguridad de la red. Si se implementa la configuracin de la red segn el diseo, cualquier
usuario en la red tendra acceso a todos los dispositivos y estaciones de trabajo de la red.
El jefe de redes le solicita al tcnico que configure listas de control de acceso (ACL) a los
routers. El jefe de redes tiene algunas sugerencias en cuanto a la seguridad. Antes de
agregar las listas de control de acceso (ACL), se debe hacer una copia de seguridad de la
configuracin en uso del router. Adems, se debe comprobar que haya conectividad total en
la red antes de activar cualquier lista de control de acceso (ACL).
Las siguientes condiciones deben ser tomadas en cuenta durante la creacin de las listas de
control de acceso: La estacin de trabajo 2 y el servidor de archivos 1 se encuentran en la
subred de administracin. Cualquier dispositivo en la subred de administracin debe tener
acceso a cualquier otro dispositivo en cualquier parte de la red.

Las estaciones de trabajo en las subredes Eva y Boaz no deben tener acceso a
ningn dispositivo fuera de su subred, salvo para interconectarse con el servidor de
archivos 1.
Cada router debe poder hacer SSH en los dems routers y tener acceso a cualquier
dispositivo en la red.
El jefe de redes solicita al tcnico que escriba un corto resumen del propsito de cada
ACL, las interfaces en las que se utilizarn y la direccin del trfico. Luego haga una
lista de los comandos exactos que se utilizarn para crear y activar las ACL en las
interfaces de los routers.
Antes de configurar las ACL en los routers, revise cada una de las siguientes
condiciones de prueba y asegrese de que las ACL funcionan segn lo esperado:

Hacer SSH de Boaz a Eva CON XITO


Hacer SSH de la estacin de trabajo 4 a Eva BLOQUEADO
Hacer SSH de la estacin de trabajo 5 a Boaz BLOQUEADO
Hacer SSH de la estacin de trabajo 2 a Boaz CON XITO
Hacer SSH t de la estacin de trabajo 2 a Boaz CON XITO
Hacer ping de la estacin de trabajo 5 al servidor de archivos 1 CON XITO
Hacer ping de la estacin de trabajo 3 al servidor de archivos 1 CON XITO
Hacer ping de la estacin de trabajo 3 a la estacin de trabajo 4 CON XITO
Hacer ping de la estacin de trabajo 5 a la estacin de trabajo 6 CON XITO
Hacer ping de la estacin de trabajo 3 a la estacin de trabajo 5 BLOQUEADO
Hacer ping de la estacin de trabajo 2 a la estacin de trabajo 5 CON XITO
Hacer ping de la estacin de trabajo 2 a la estacin de trabajo 3 CON XITO
Hacer ping del router Eva a la estacin de trabajo 3 CON XITO
Hacer ping del routerBoaz a la estacin de trabajo 5 CON XITO

Fase 5: Documentacin de la red


A efectos de dar un apoyo adecuado a la red, es necesario documentarla. Elabore una
documentacin organizada con lgica, para simplificar el diagnstico de fallas.
Documentacin de la configuracin
Boaz
sho
show ip route
w
Codes: C - connected, S iprou static, I - IGRP, R - RIP, M te
mobile, B - BGP
D - EIGRP, EX EIGRP external, O - OSPF,
IA - OSPF inter area
N1 - OSPF NSSA
external type 1, N2 - OSPF
NSSA external type 2
E1 - OSPF external
type 1, E2 - OSPF external
type 2, E - EGP
i - IS-IS, L1 - IS-IS
level-1, L2 - IS-IS level-2, ia
- IS-IS inter area
* - candidate default, U
- per-user static route, o ODR
P - periodic
downloaded static route

Center
center#show ip route
Codes: C - connected, S static, I - IGRP, R - RIP, M mobile, B - BGP
D - EIGRP, EX EIGRP external, O - OSPF,
IA - OSPF inter area
N1 - OSPF NSSA
external type 1, N2 - OSPF
NSSA external type 2
E1 - OSPF external
type 1, E2 - OSPF external
type 2, E - EGP
i - IS-IS, L1 - IS-IS
level-1, L2 - IS-IS level-2, ia
- IS-IS inter area
* - candidate default, U
- per-user static route, o ODR
P - periodic
downloaded static route

Eva
show ip route
Codes: C - connected, S static, I - IGRP, R - RIP, M mobile, B - BGP
D - EIGRP, EX EIGRP external, O - OSPF,
IA - OSPF inter area
N1 - OSPF NSSA
external type 1, N2 - OSPF
NSSA external type 2
E1 - OSPF external
type 1, E2 - OSPF external
type 2, E - EGP
i - IS-IS, L1 - IS-IS
level-1, L2 - IS-IS level-2, ia
- IS-IS inter area
* - candidate default, U
- per-user static route, o ODR
P - periodic
downloaded static route

Gateway of last resort is


not set

Gateway of last resort is


not set

Gateway of last resort is


not set

192.168.1.0/27 is
subnetted, 5 subnets
R
192.168.1.0 [120/1]
via 192.168.1.98, 00:00:24,
Serial0/0/0
C
192.168.1.32 is
directly connected,
FastEthernet0/0
R
192.168.1.64 [120/2]
via 192.168.1.98, 00:00:24,
Serial0/0/0
C
192.168.1.96 is

192.168.1.0/27 is
subnetted, 5 subnets
C
192.168.1.0 is
directly connected,
FastEthernet0/0
R
192.168.1.32 [120/1]
via 192.168.1.97, 00:00:27,
Serial0/1/0
R
192.168.1.64 [120/1]
via 192.168.1.130,
00:00:09, Serial0/0/0
C
192.168.1.96 is

192.168.1.0/27 is
subnetted, 5 subnets
R
192.168.1.0 [120/1]
via 192.168.1.129,
00:00:19, Serial0/1/0
R
192.168.1.32 [120/2]
via 192.168.1.129,
00:00:19, Serial0/1/0
C
192.168.1.64 is
directly connected,
FastEthernet0/0
R
192.168.1.96 [120/1]

directly connected,
Serial0/0/0
R
192.168.1.128
[120/1] via 192.168.1.98,
00:00:24, Serial0/0/0
sho
Boaz#show ip protocol
w
Routing Protocol is "rip"
ippro Sending updates every 30
tocol seconds, next due in 4
seconds
Invalid after 180 seconds,
hold down 180, flushed
after 240
Outgoing update filter list
for all interfaces is not set
Incoming update filter list
for all interfaces is not set
Redistributing: rip
Default version control:
send version 1, receive any
version
Interface
Send
Recv Triggered RIP Keychain
FastEthernet0/0
1 2
1
Serial0/0/0
1 21
Automatic network
summarization is in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
Passive Interface(s):
Routing Information
Sources:
Gateway
Distance
Last Update
192.168.1.98
120
00:00:20
Distance: (default is 120)

sho
w ip
interf
ace
brief

Boaz#show ip interface
brief
Interface
IPAddress
OK? Method
Status
Protocol

directly connected,
Serial0/1/0
C
192.168.1.128 is
directly connected,
Serial0/0/0
center#show ip protocol
Routing Protocol is "rip"
Sending updates every 30
seconds, next due in 5
seconds
Invalid after 180 seconds,
hold down 180, flushed
after 240
Outgoing update filter list
for all interfaces is not set
Incoming update filter list
for all interfaces is not set
Redistributing: rip
Default version control:
send version 1, receive any
version
Interface
Send
Recv Triggered RIP Keychain
FastEthernet0/0
1 2
1
Serial0/0/0
1 21
Serial0/1/0
1 21
Automatic network
summarization is in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
Passive Interface(s):
Routing Information
Sources:
Gateway
Distance
Last Update
192.168.1.97
120
00:00:21
192.168.1.130
120
00:00:03
Distance: (default is 120)
center#show ip interface
brief
Interface
IPAddress
OK? Method
Status
Protocol

via 192.168.1.129,
00:00:19, Serial0/1/0
C
192.168.1.128 is
directly connected,
Serial0/1/0
Eva#show ip protocol
Routing Protocol is "rip"
Sending updates every 30
seconds, next due in 15
seconds
Invalid after 180 seconds,
hold down 180, flushed
after 240
Outgoing update filter list
for all interfaces is not set
Incoming update filter list
for all interfaces is not set
Redistributing: rip
Default version control:
send version 1, receive any
version
Interface
Send
Recv Triggered RIP Keychain
FastEthernet0/0
1 2
1
Serial0/1/0
1 21
Automatic network
summarization is in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
Passive Interface(s):
Routing Information
Sources:
Gateway
Distance
Last Update
192.168.1.129
120
00:00:01
Distance: (default is 120)

Eva#show ip interface brief


Interface
IPAddress
OK? Method
Status
Protocol

FastEthernet0/0
192.168.1.33 YES
manual up

up

FastEthernet0/1
unassigned
YES unset
administratively down down
Serial0/0/0
192.168.1.97
manual up

YES
up

Serial0/1/0
unassigned
YES unset
administratively down down

sho
w
versi
on

FastEthernet0/0
192.168.1.1 YES manual
up
up
FastEthernet0/1
unassigned
YES unset
administratively down down
Serial0/0/0
192.168.1.129 YES
manual up
Serial0/1/0
192.168.1.98
manual up

FastEthernet0/0
192.168.1.65 YES
manual up

up

FastEthernet0/1
unassigned
YES unset
administratively down down
Serial0/0/0
unassigned
YES unset
administratively down down

up
Serial0/1/0
192.168.1.130 YES
manual up

YES

up

up
Vlan1
unassigned
YES unset
administratively down down

Vlan1
unassigned
YES unset
administratively down down
Boaz#show version
Cisco IOS Software, 1841
Software (C1841ADVIPSERVICESK9-M),
Version 12.4(15)T1,
RELEASE SOFTWARE
(fc2)
Technical Support:
http://www.cisco.com/techs
upport
Copyright (c) 1986-2007 by
Cisco Systems, Inc.
Compiled Wed 18-Jul-07
04:52 by pt_team

Vlan1
unassigned
YES unset
administratively down down
center#show version
Cisco IOS Software, 1841
Software (C1841ADVIPSERVICESK9-M),
Version 12.4(15)T1,
RELEASE SOFTWARE
(fc2)
Technical Support:
http://www.cisco.com/techs
upport
Copyright (c) 1986-2007 by
Cisco Systems, Inc.
Compiled Wed 18-Jul-07
04:52 by pt_team

ROM: System Bootstrap,


Version 12.3(8r)T8,
RELEASE SOFTWARE
(fc1)

ROM: System Bootstrap,


Version 12.3(8r)T8,
RELEASE SOFTWARE
(fc1)

ROM: System Bootstrap,


Version 12.3(8r)T8,
RELEASE SOFTWARE
(fc1)

System returned to ROM


by power-on
System image file is
"flash:c1841advipservicesk9-mz.12415.T1.bin"

System returned to ROM


by power-on
System image file is
"flash:c1841advipservicesk9-mz.12415.T1.bin"

System returned to ROM


by power-on
System image file is
"flash:c1841advipservicesk9-mz.12415.T1.bin"

Eva#show version
Cisco IOS Software, 1841
Software (C1841ADVIPSERVICESK9-M),
Version 12.4(15)T1,
RELEASE SOFTWARE
(fc2)
Technical Support:
http://www.cisco.com/techs
upport
Copyright (c) 1986-2007 by
Cisco Systems, Inc.
Compiled Wed 18-Jul-07
04:52 by pt_team

This product contains


cryptographic features and
is subject to United
States and local country
laws governing import,
export, transfer and
use. Delivery of Cisco
cryptographic products
does not imply
third-party authority to
import, export, distribute or
use encryption.
Importers, exporters,
distributors and users are
responsible for
compliance with U.S. and
local country laws. By using
this product you
agree to comply with
applicable laws and
regulations. If you are
unable
to comply with U.S. and
local laws, return this
product immediately.

This product contains


cryptographic features and
is subject to United
States and local country
laws governing import,
export, transfer and
use. Delivery of Cisco
cryptographic products
does not imply
third-party authority to
import, export, distribute or
use encryption.
Importers, exporters,
distributors and users are
responsible for
compliance with U.S. and
local country laws. By using
this product you
agree to comply with
applicable laws and
regulations. If you are
unable
to comply with U.S. and
local laws, return this
product immediately.

This product contains


cryptographic features and
is subject to United
States and local country
laws governing import,
export, transfer and
use. Delivery of Cisco
cryptographic products
does not imply
third-party authority to
import, export, distribute or
use encryption.
Importers, exporters,
distributors and users are
responsible for
compliance with U.S. and
local country laws. By using
this product you
agree to comply with
applicable laws and
regulations. If you are
unable
to comply with U.S. and
local laws, return this
product immediately.

A summary of U.S. laws


governing Cisco
cryptographic products may
be found at:
http://www.cisco.com/wwl/e
xport/crypto/tool/stqrg.html

A summary of U.S. laws


governing Cisco
cryptographic products may
be found at:
http://www.cisco.com/wwl/e
xport/crypto/tool/stqrg.html

A summary of U.S. laws


governing Cisco
cryptographic products may
be found at:
http://www.cisco.com/wwl/e
xport/crypto/tool/stqrg.html

If you require further


assistance please contact
us by sending email to
[email protected].

If you require further


assistance please contact
us by sending email to
[email protected].

If you require further


assistance please contact
us by sending email to
[email protected].

Cisco 1841 (revision 5.0)


with 114688K/16384K
bytes of memory.
Processor board ID
FTX0947Z18E
M860 processor: part
number 0, mask 49
2 FastEthernet/IEEE 802.3
interface(s)
2 Low-speed

Cisco 1841 (revision 5.0)


with 114688K/16384K
bytes of memory.
Processor board ID
FTX0947Z18E
M860 processor: part
number 0, mask 49
2 FastEthernet/IEEE 802.3
interface(s)
2 Low-speed

Cisco 1841 (revision 5.0)


with 114688K/16384K bytes
of memory.
Processor board ID
FTX0947Z18E
M860 processor: part
number 0, mask 49
2 FastEthernet/IEEE 802.3
interface(s)
2 Low-speed

sho
w
host
s

sho
w
start
upconfi
g

serial(sync/async) network
interface(s)
191K bytes of NVRAM.
63488K bytes of ATA
CompactFlash
(Read/Write)

serial(sync/async) network
interface(s)
191K bytes of NVRAM.
63488K bytes of ATA
CompactFlash
(Read/Write)

serial(sync/async) network
interface(s)
191K bytes of NVRAM.
63488K bytes of ATA
CompactFlash (Read/Write)

Configuration register is
0x2102
Boaz#show hosts
Default Domain is not set
Name/address lookup uses
domain service
Name servers are
255.255.255.255

Configuration register is
0x2102
center#show hosts
Default Domain is not set
Name/address lookup uses
domain service
Name servers are
255.255.255.255

Codes: UN - unknown, EX expired, OK - OK, ?? revalidate


temp - temporary, perm
- permanent
NA - Not Applicable
None - Not defined

Codes: UN - unknown, EX expired, OK - OK, ?? revalidate


temp - temporary, perm
- permanent
NA - Not Applicable
None - Not defined

Codes: UN - unknown, EX expired, OK - OK, ?? revalidate


temp - temporary, perm
- permanent
NA - Not Applicable
None - Not defined

Host
Port
Flags
Age Type
Address(es)
Boaz#show startup-config
Using 1032 bytes
!
version 12.4
no service timestamps log
datetime msec
no service timestamps
debug datetime msec
no service passwordencryption
!
hostname Boaz
!
!
!
enable secret 5
$1$mERr$hx5rVt7rPNoS4
wqbXKX7m0
enable password cisco
!
!

Host
Port
Flags
Age Type
Address(es)
center#show startup-config
Using 928 bytes
!
version 12.4
no service timestamps log
datetime msec
no service timestamps
debug datetime msec
no service passwordencryption
!
hostname center
!
!
!
enable secret 5
$1$mERr$hx5rVt7rPNoS4
wqbXKX7m0
enable password cisco
!
!

Host
Port
Flags
Age Type
Address(es)
Eva#show startup-config
Using 1012 bytes
!
version 12.4
no service timestamps log
datetime msec
no service timestamps
debug datetime msec
no service passwordencryption
!
hostname Eva
!
!
!
enable secret 5
$1$mERr$hx5rVt7rPNoS4
wqbXKX7m0
enable password cisco
!
!

Configuration register is
0x2102
Eva# show hosts
Default Domain is not set
Name/address lookup uses
domain service
Name servers are
255.255.255.255

!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
description "bienvenido a
la interfaz 0/0"
ip address 192.168.1.33
255.255.255.224
ip access-group 1 out
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
description "bienvenido a
la interfaz s0/0/0"
ip address 192.168.1.97
255.255.255.224
clock rate 64000
!
interface Serial0/1/0
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.1.0
!

!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
description "bienvenido a
la interface fa0/0
ip address 192.168.1.1
255.255.255.224
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
description bienvenido a la
interfaz s0/0/0
ip address 192.168.1.129
255.255.255.224
clock rate 64000
!
interface Serial0/1/0
description bienvenido a la
interfaz s0/1/0
ip address 192.168.1.98
255.255.255.224
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.1.0

!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
description bienvenido a la
interfaz fa0/0
ip address 192.168.1.65
255.255.255.224
ip access-group 1 out
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/1/0
description bienvenido a la
interfaz s0/1/0
ip address 192.168.1.130
255.255.255.224
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.1.0
!
ip classless

ip classless
!
!
access-list 1 permit host
192.168.1.2
access-list 1 deny
192.168.1.0 0.0.0.31
access-list 1 deny
192.168.1.64 0.0.0.31
access-list 1 permit any
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0
password cisco
login
line vty 1 4
login
!
!
!
end

!
ip classless
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0
password cisco
login
line vty 1 4
login
!
!
!
end

!
!
access-list 1 permit host
192.168.1.2
access-list 1 deny
192.168.1.0 0.0.0.31
access-list 1 deny
192.168.1.32 0.0.0.31
access-list 1 permit any
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0
password cisco
login
line vty 1 4
login
!
!
!
end

Documentacin de la seguridad
show ip interface

Boaz
Boaz#show ip
interface
FastEthernet0/0
is up, line protocol
is up (connected)
Internet address
is
192.168.1.33/27
Broadcast
address is
255.255.255.255
Address
determined by

Center

Eva
Eva#show ip
center#show ip
interface
interface
FastEthernet0/0 is
FastEthernet0/0
up, line protocol is
is up, line protocol up (connected)
is up (connected)
Internet address
Internet address is
is 192.168.1.1/27 192.168.1.65/27
Broadcast
Broadcast
address is
address is
255.255.255.255
255.255.255.255
Address
Address
determined by
determined by

setup command
MTU is 1500
bytes
Helper address
is not set
Directed
broadcast
forwarding is
disabled
Outgoing access
list is 1
Inbound access
list is not set
Proxy ARP is
enabled
Security level is
default
Split horizon is
enabled
ICMP redirects
are always sent
ICMP
unreachables are
always sent
ICMP mask
replies are never
sent
IP fast switching
is disabled
IP fast switching
on the same
interface is
disabled
IP Flow
switching is
disabled
IP Fast switching
turbo vector
IP multicast fast
switching is
disabled
IP multicast
distributed fast
switching is
disabled
Router
Discovery is
disabled

setup command
MTU is 1500
bytes
Helper address
is not set
Directed
broadcast
forwarding is
disabled
Outgoing access
list is not set
Inbound access
list is not set
Proxy ARP is
enabled
Security level is
default
Split horizon is
enabled
ICMP redirects
are always sent
ICMP
unreachables are
always sent
ICMP mask
replies are never
sent
IP fast switching
is disabled
IP fast switching
on the same
interface is
disabled
IP Flow
switching is
disabled
IP Fast switching
turbo vector
IP multicast fast
switching is
disabled
IP multicast
distributed fast
switching is
disabled
Router
Discovery is
disabled

setup command
MTU is 1500
bytes
Helper address
is not set
Directed
broadcast
forwarding is
disabled
Outgoing access
list is 1
Inbound access
list is not set
Proxy ARP is
enabled
Security level is
default
Split horizon is
enabled
ICMP redirects
are always sent
ICMP
unreachables are
always sent
ICMP mask
replies are never
sent
IP fast switching
is disabled
IP fast switching
on the same
interface is
disabled
IP Flow
switching is
disabled
IP Fast switching
turbo vector
IP multicast fast
switching is
disabled
IP multicast
distributed fast
switching is
disabled
Router
Discovery is
disabled

IP output packet
accounting is
disabled
IP access
violation
accounting is
disabled
TCP/IP header
compression is
disabled
RTP/IP header
compression is
disabled
Probe proxy
name replies are
disabled
Policy routing is
disabled
Network address
translation is
disabled
BGP Policy
Mapping is
disabled
Input features:
MCI Check
WCCP Redirect
outbound is
disabled
WCCP Redirect
inbound is
disabled
WCCP Redirect
exclude is
disabled
FastEthernet0/1
is administratively
down, line
protocol is down
(disabled)
Internet protocol
processing
disabled
Serial0/0/0 is up,
line protocol is up
(connected)
Internet address
is

IP output packet
accounting is
disabled
IP access
violation
accounting is
disabled
TCP/IP header
compression is
disabled
RTP/IP header
compression is
disabled
Probe proxy
name replies are
disabled
Policy routing is
disabled
Network address
translation is
disabled
BGP Policy
Mapping is
disabled
Input features:
MCI Check
WCCP Redirect
outbound is
disabled
WCCP Redirect
inbound is
disabled
WCCP Redirect
exclude is
disabled
FastEthernet0/1
is administratively
down, line
protocol is down
(disabled)
Internet protocol
processing
disabled
Serial0/0/0 is up,
line protocol is up
(connected)
Internet address
is

IP output packet
accounting is
disabled
IP access
violation
accounting is
disabled
TCP/IP header
compression is
disabled
RTP/IP header
compression is
disabled
Probe proxy
name replies are
disabled
Policy routing is
disabled
Network address
translation is
disabled
BGP Policy
Mapping is
disabled
Input features:
MCI Check
WCCP Redirect
outbound is
disabled
WCCP Redirect
inbound is
disabled
WCCP Redirect
exclude is
disabled
FastEthernet0/1 is
administratively
down, line
protocol is down
(disabled)
Internet protocol
processing
disabled
Serial0/0/0 is
administratively
down, line
protocol is down
(disabled)

192.168.1.97/27
Broadcast
address is
255.255.255.255
Address
determined by
setup command
MTU is 1500
Helper address
is not set
Directed
broadcast
forwarding is
disabled
Outgoing access
list is not set
Inbound access
list is not set
Proxy ARP is
enabled
Security level is
default
Split horizon is
enabled
ICMP redirects
are always sent
ICMP
unreachables are
always sent
ICMP mask
replies are never
sent
IP fast switching
is disabled
IP fast switching
on the same
interface is
disabled
IP Flow
switching is
disabled
IP Fast switching
turbo vector
IP multicast fast
switching is
disabled
IP multicast
distributed fast

192.168.1.129/27
Broadcast
address is
255.255.255.255
Address
determined by
setup command
MTU is 1500
Helper address
is not set
Directed
broadcast
forwarding is
disabled
Outgoing access
list is not set
Inbound access
list is not set
Proxy ARP is
enabled
Security level is
default
Split horizon is
enabled
ICMP redirects
are always sent
ICMP
unreachables are
always sent
ICMP mask
replies are never
sent
IP fast switching
is disabled
IP fast switching
on the same
interface is
disabled
IP Flow
switching is
disabled
IP Fast switching
turbo vector
IP multicast fast
switching is
disabled
IP multicast
distributed fast

Internet protocol
processing
disabled
Serial0/1/0 is up,
line protocol is up
(connected)
Internet address
is
192.168.1.130/27
Broadcast
address is
255.255.255.255
Address
determined by
setup command
MTU is 1500
Helper address
is not set
Directed
broadcast
forwarding is
disabled
Outgoing access
list is not set
Inbound access
list is not set
Proxy ARP is
enabled
Security level is
default
Split horizon is
enabled
ICMP redirects
are always sent
ICMP
unreachables are
always sent
ICMP mask
replies are never
sent
IP fast switching
is disabled
IP fast switching
on the same
interface is
disabled
IP Flow
switching is

switching is
disabled
Router
Discovery is
disabled
IP output packet
accounting is
disabled
IP access
violation
accounting is
disabled
TCP/IP header
compression is
disabled
RTP/IP header
compression is
disabled
Probe proxy
name replies are
disabled
Policy routing is
disabled
Network address
translation is
disabled
WCCP Redirect
outbound is
disabled
WCCP Redirect
exclude is
disabled
BGP Policy
Mapping is
disabled
Serial0/1/0 is
administratively
down, line
protocol is down
(disabled)
Internet protocol
processing
disabled
Vlan1 is
administratively
down, line
protocol is down
Internet protocol

switching is
disabled
Router
Discovery is
disabled
IP output packet
accounting is
disabled
IP access
violation
accounting is
disabled
TCP/IP header
compression is
disabled
RTP/IP header
compression is
disabled
Probe proxy
name replies are
disabled
Policy routing is
disabled
Network address
translation is
disabled
WCCP Redirect
outbound is
disabled
WCCP Redirect
exclude is
disabled
BGP Policy
Mapping is
disabled
Serial0/1/0 is up,
line protocol is up
(connected)
Internet address
is
192.168.1.98/27
Broadcast
address is
255.255.255.255
Address
determined by
setup command
MTU is 1500

disabled
IP Fast switching
turbo vector
IP multicast fast
switching is
disabled
IP multicast
distributed fast
switching is
disabled
Router
Discovery is
disabled
IP output packet
accounting is
disabled
IP access
violation
accounting is
disabled
TCP/IP header
compression is
disabled
RTP/IP header
compression is
disabled
Probe proxy
name replies are
disabled
Policy routing is
disabled
Network address
translation is
disabled
WCCP Redirect
outbound is
disabled
WCCP Redirect
exclude is
disabled
BGP Policy
Mapping is
disabled
Vlan1 is
administratively
down, line
protocol is down
Internet protocol

processing
disabled

Helper address
processing
is not set
disabled
Directed
broadcast
forwarding is
disabled
Outgoing access
list is not set
Inbound access
list is not set
Proxy ARP is
enabled
Security level is
default
Split horizon is
enabled
ICMP redirects
are always sent
ICMP
unreachables are
always sent
ICMP mask
replies are never
sent
IP fast switching
is disabled
IP fast switching
on the same
interface is
disabled
IP Flow
switching is
disabled
IP Fast switching
turbo vector
IP multicast fast
switching is
disabled
IP multicast
distributed fast
switching is
disabled
Router
Discovery is
disabled
IP output packet
accounting is
disabled

IP access
violation
accounting is
disabled
TCP/IP header
compression is
disabled
RTP/IP header
compression is
disabled
Probe proxy
name replies are
disabled
Policy routing is
disabled
Network address
translation is
disabled
WCCP Redirect
outbound is
disabled
WCCP Redirect
exclude is
disabled
BGP Policy
Mapping is
disabled
Vlan1 is
administratively
down, line
protocol is down
Internet protocol
processing
disabled
show
ipaccesslists

Boaz# show ip
access-lists
Standard IP
access list 1
permit host
192.168.1.2 (1
match(es))
deny
192.168.1.0
0.0.0.31 (1
match(es))
deny
192.168.1.64
0.0.0.31 (3

Eva#show ip
access-lists
Standard IP
access list 1
permit host
192.168.1.2 (1
match(es))
deny
192.168.1.0
0.0.0.31 (1
match(es))
deny
192.168.1.32
0.0.0.31

match(es))
permit any

permit any (1
match(es))

Materiales a entregar en el estudio de caso


La leccin ms importante de este estudio de caso es que la documentacin debe ser clara y
precisa. Se debe crear dos tipos de documentacin.
Documentacin general:
Se debe escribir una descripcin completa del proyecto, mediante un procesador de
palabras. Dado que la descripcin de las funciones de la red se divide en varias
partes, sea cuidadoso a la hora de describir todas y cada una de las funciones, con el
fin de que hasta los que no son especialistas puedan entenderlas.
Se puede utilizar Microsoft Excel o cualquier otro programa de planilla de clculos
para facilitar la elaboracin de la lista de equipos y sus nmeros de serie.
Se puede utilizar Cisco Network Designer (CND), Microsoft Visio o cualquier otro
programa de dibujo para hacer un croquis de la red.
Entregue documentacin que especifique el procedimiento usado para probar la
seguridad. Tambin se deber incluir un plan de monitoreo de la red.
Documentacin tcnica:
La documentacin tcnica deber incluir detalles de la topologa de la red. Utilice CND, Visio
o cualquier otro programa de dibujo para hacer el diagrama de la red.
Utilice las tablas en la copia de trabajo del estudio de caso como referencia e introduzca toda
la informacin de las tablas en un programa de planilla de clculos como Microsoft Excel. La
planilla de clculos deber incluir los siguientes detalles:
Direcciones de IP de todas las interfaces.
Parmetros DCE/DTE de las interfaces seriales.
Contraseas de los routers.
Descripcin de las interfaces.
Asignacin de direcciones de IP y de gateways para todas las computadoras.
Se deber incluir en esta documentacin la lista de control de acceso en uso, o la secuencia
de comandos del router. Use un programa de procesamiento de palabras. Asegrese de
incluir la interfaz del router en la cual cada una de las listas est activa, as como su
direccin.
Documente el uso de un protocolo de enrutamiento.
Se deber capturar y colocar el resultado de los siguientes comandos en la documentacin:
_ showcdp neighbors
_ showip route
_ showip protocol

_ showip interface
_ show version
_ show hosts
_ show startup-config
_ show ipaccess-list

Dispositivo
Servidor 1
PC2
PC3
PC4
PC5
PC6

Ip
192.168.1.2
192.168.1.3
192.168.1.34
192.168.1.35
192.168.1.66
192.168.1.67

Mascara
255.255.255.224
255.255.255.224
255.255.255.224
255.255.255.224
255.255.255.224
255.255.255.224

Gateway
192.168.1.1
192.168.1.1
192.168.1.33
192.168.1.33
192.168.1.65
192.168.1.65

Dispositivo
Boaz
Center
Eva

Fa0/0
192.168.1.33
192.168.1.1
192.168.1.65

S0/0/0
192.168.1.97
192.168.1.129
N/A

S0/1/0
N/A
192.168.1.98
192.168.1.130

Dispositivo/descripcion Fa0/0
Bienvenido
a la interfaz
Boaz
fa0/0
Bienvenido
a la interfaz
Center
fa0/0
Bienvenido
a la interfaz
Eva
fa0/0

Boaz
Center
Eva

S0/0/0
Bienvenido
a la interfaz
S0/0/0
Bienvenido
a la interfaz
S0/0/0
Bienvenido
a la interfaz
S0/0/0

DCE
S0/0/0
S0/0/0
N/A

S0/1/0
Bienvenido
a la interfaz
S0/1/0
Bienvenido
a la interfaz
S0/1/0
Bienvenido
a la interfaz
S0/1/0

Lista de acceso
Boaz(config) # Access-list 1 permit host
192.168.1.2
Boaz(config) # Access-list 1 deny 192.168.1.0
0.0.0.31
Boaz(config) # Access-list 1 deny
192.168.1.64 0.0.0.31
Boaz(config) # Access-list 1 permit any
Boaz(config) # int fa0/0
Boaz(config-if) # ip access-group 1 out
eva(config) # Access-list 1 permit host
192.168.1.2
eva(config) # Access-list 1 deny 192.168.1.0
0.0.0.31
eva(config) # Access-list 1 deny 192.168.1.32
0.0.0.31

DTE
N/A
S0/1/0
S0/1/0

Contrasea
cisco
cisco
cisco

Contasea
Secreta
cisco
cisco
cisco

Co
Vty
cis
cis
cis

eva(config) # Access-list 1 permit any


eva(config) # int fa0/0
eva(config-if) # ip access-group 1 out

RED
192.168.1.0/27
192.168.1.32/27
192.168.1.64/27
192.168.1.96/27
192.168.1.128/27
192.168.1.160/27
192.168.1.192/27
192.168.1.224/27

RANGO
HOSTS
192.168.1.1 -192.168.1.30
192.168.1.33
-192.168.1.62
192.168.1.65
-192.168.1.94
192.168.1.97
-192.168.1.126
192.168.1.129
-192.168.1.158
192.168.1.161
-192.168.1.190
192.168.1.193
-192.168.1.222
192.168.1.225
-192.168.1.254

BROADCAST
192.168.1.31
192.168.1.63
192.168.1.95
192.168.1.127
192.168.1.159
192.168.1.191
192.168.1.223
192.168.1.255

El proyecto consta de 5 subredes, por lo cual tuvimos que utilizar la direccin ip


192.168.1.0/27 de tal modo que lo pudimos dividir en 8 subredes de 30 dispositivos, luego de
ello procedimos a repartir las direcciones ip a nuestros dispostivos tal y como se muestra en
el diagrama y las tablas de arriba.
El protocolo de enrutamiento utilizado fue Rip v1, el cual nos ayuda a que se comuniquen
diferentes redes, en este caso hicimos que se comunicaran la red 192.168.1.0 con la
192.168.1.32 y la 192.168.1.64, del mismo modo hicimos que las otras redes se comunicaran
entre s.

(2008, 06). lista de control. 1992-2014 Cisco Systems Inc. Todos los Derechos Reservados..
Recuperado 01, 2015, de
http://www.cisco.com/cisco/web/support/LA/7/75/75923_confaccesslists.pdf

También podría gustarte