Configurar un router cisco 881w
Páginas: 5 (1227 palabras)
Publicado: 4 de mayo de 2011
Command Purpose
Basic configuration service password-encryption Enable password encryption
hostname router Configure your router's name
enable secret 1234 Set the enable secret
enable password 12345 Set the password
aaa new-model Enable aaa authentication model
aaa authentication login default local Set authentication mode
aaa authorization exec default local
aaa session-id commonip http server Enable Web server
ip http secure-server Enable secure Web server (this will generate self-signed SSL cert)
line con 0 Set console password
password 1234
line vty 0 4 Set TELNET and SSH password
password 1234
ip domain name iims.local Set the router's domain name
no ip domain lookup Turn off router domain lookup
username imssis privilege 15 password 1234 Setusername and password. Used for Web and CLI access
DHCP Server ip dhcp excluded-address 192.168.1.1 192.168.1.99 Set the DHCP exclusion range for subnet A
ip dhcp excluded-address 192.168.2.1 192.168.2.99 Set the DHCP exclusion range for subnet B
service dhcp Enables DHCP services
ip dhcp pool Internal-net Create Internal-net DHCP scope
network 192.168.1.0 255.255.255.0 Set IP andSubnet mask for Internal-Net
default-router 192.168.1.1 Set gateway for Internal-net
import all Import DHCP settings for DNS from your ISP (doesn't work for PPPoE)
domain-name iims.local Set domain name for DHCP clients
lease 4 Set lease time to 4 days
ip dhcp pool VLAN20 Create VLAN20 interface
network 192.168.2.0 255.255.255.0 Set IP and Subnet mask for VLAN20default-router 192.168.2.1 Set gateway for VLAN20
import all Import DHCP settings for DNS from your ISP (doesn't work for PPPoE)
domain-name iims.local Set domain name for DHCP clients
lease 4 Set lease time to 4 days
ISP config - DHCP access-list 1 permit 192.168.1.0 0.0.0.255 Allow VLAN1 inside of Access List 1 (Used for NAT)
access-list 1 permit 192.168.2.0 0.0.0.255 Allow VLAN20inside of Access List 1 (Used for NAT)
ip nat inside source list 1 interface FastEthernet4 overload Tell all internal NAT IP addresses to map to FastEthernet4 IP
ip access-list extended Guest-ACL Create the Guest-ACL access list. Used to restrict guests.
deny ip any 192.168.1.0 0.0.0.255 Prevent guests from accessing VLAN1
permit ip any any Let guests access everything else
interfaceFastEthernet4 Enter the WAN port configuration
ip address dhcp Ask ISP for DHCP assigned address and DNS settings
ip tcp adjust-mss 1460 Important! Sets packet fragmentation size for 1492 PPPoE
ip nat outside Set FastEthernet4 interface for the outside NAT interface
no cdp enable Turn off CDP (Cisco Discovery Protocol) on WAN interface
ip route 0.0.0.0 0.0.0.0 DHCP Set the defaultgateway to point to ISP via DHCP
Switch config interface FastEthernet0 Enter port 0
spanning-tree portfast Turn on fast spanning-tree mode
interface FastEthernet1 Enter port 1
spanning-tree portfast Turn on fast spanning-tree mode
interface FastEthernet2 Enter port 2
spanning-tree portfast Turn on fast spanning-tree mode
interface FastEthernet3 Enter port 3
spanning-tree portfastTurn on fast spanning-tree mode
bridge irb Enable wireless bridge mode (important!)
Basic radio config interface Dot11Radio0 Enter physical radio interface 0 (this model has only 1 radio)
encryption vlan 1 mode ciphers tkip Set vlan 1 to use TKIP encryption
encryption vlan 20 mode ciphers tkip Set vlan 20 to use TKIP encryption
ssid GuestWLAN Create a virtual WLAN called GuestWLANvlan 20 Assign WLAN to VLAN20
authentication open Use open authentication
authentication key-management wpa Use WPA key management
guest-mode Turn on SSID broadcast for this WLAN (only 1 allowed)
wpa-psk ascii wiimsifi Set WPA secret for this WLAN
ssid iims Create a virtual WLAN called iims
vlan 1 Assign WLAN to VLAN1
authentication open Use open...
Basic configuration service password-encryption Enable password encryption
hostname router Configure your router's name
enable secret 1234 Set the enable secret
enable password 12345 Set the password
aaa new-model Enable aaa authentication model
aaa authentication login default local Set authentication mode
aaa authorization exec default local
aaa session-id commonip http server Enable Web server
ip http secure-server Enable secure Web server (this will generate self-signed SSL cert)
line con 0 Set console password
password 1234
line vty 0 4 Set TELNET and SSH password
password 1234
ip domain name iims.local Set the router's domain name
no ip domain lookup Turn off router domain lookup
username imssis privilege 15 password 1234 Setusername and password. Used for Web and CLI access
DHCP Server ip dhcp excluded-address 192.168.1.1 192.168.1.99 Set the DHCP exclusion range for subnet A
ip dhcp excluded-address 192.168.2.1 192.168.2.99 Set the DHCP exclusion range for subnet B
service dhcp Enables DHCP services
ip dhcp pool Internal-net Create Internal-net DHCP scope
network 192.168.1.0 255.255.255.0 Set IP andSubnet mask for Internal-Net
default-router 192.168.1.1 Set gateway for Internal-net
import all Import DHCP settings for DNS from your ISP (doesn't work for PPPoE)
domain-name iims.local Set domain name for DHCP clients
lease 4 Set lease time to 4 days
ip dhcp pool VLAN20 Create VLAN20 interface
network 192.168.2.0 255.255.255.0 Set IP and Subnet mask for VLAN20default-router 192.168.2.1 Set gateway for VLAN20
import all Import DHCP settings for DNS from your ISP (doesn't work for PPPoE)
domain-name iims.local Set domain name for DHCP clients
lease 4 Set lease time to 4 days
ISP config - DHCP access-list 1 permit 192.168.1.0 0.0.0.255 Allow VLAN1 inside of Access List 1 (Used for NAT)
access-list 1 permit 192.168.2.0 0.0.0.255 Allow VLAN20inside of Access List 1 (Used for NAT)
ip nat inside source list 1 interface FastEthernet4 overload Tell all internal NAT IP addresses to map to FastEthernet4 IP
ip access-list extended Guest-ACL Create the Guest-ACL access list. Used to restrict guests.
deny ip any 192.168.1.0 0.0.0.255 Prevent guests from accessing VLAN1
permit ip any any Let guests access everything else
interfaceFastEthernet4 Enter the WAN port configuration
ip address dhcp Ask ISP for DHCP assigned address and DNS settings
ip tcp adjust-mss 1460 Important! Sets packet fragmentation size for 1492 PPPoE
ip nat outside Set FastEthernet4 interface for the outside NAT interface
no cdp enable Turn off CDP (Cisco Discovery Protocol) on WAN interface
ip route 0.0.0.0 0.0.0.0 DHCP Set the defaultgateway to point to ISP via DHCP
Switch config interface FastEthernet0 Enter port 0
spanning-tree portfast Turn on fast spanning-tree mode
interface FastEthernet1 Enter port 1
spanning-tree portfast Turn on fast spanning-tree mode
interface FastEthernet2 Enter port 2
spanning-tree portfast Turn on fast spanning-tree mode
interface FastEthernet3 Enter port 3
spanning-tree portfastTurn on fast spanning-tree mode
bridge irb Enable wireless bridge mode (important!)
Basic radio config interface Dot11Radio0 Enter physical radio interface 0 (this model has only 1 radio)
encryption vlan 1 mode ciphers tkip Set vlan 1 to use TKIP encryption
encryption vlan 20 mode ciphers tkip Set vlan 20 to use TKIP encryption
ssid GuestWLAN Create a virtual WLAN called GuestWLANvlan 20 Assign WLAN to VLAN20
authentication open Use open authentication
authentication key-management wpa Use WPA key management
guest-mode Turn on SSID broadcast for this WLAN (only 1 allowed)
wpa-psk ascii wiimsifi Set WPA secret for this WLAN
ssid iims Create a virtual WLAN called iims
vlan 1 Assign WLAN to VLAN1
authentication open Use open...
Leer documento completo
Regístrate para leer el documento completo.