5/1 al 27/1 del 2010, Academia local Cisco, Rosario
Instructor: Ernesto Vilarrasa
Administración / Spanning tree /
VLAN / Wireless
LAN / Seguridad
Parte 1
Administración de VLAN:
PC1>telnet 192.168.3.250
Trying 192.168.3.250 ...Open
User Access Verification
Password:
SW_1>enable
Password:
SW_1#show vlan
por default todos los ports pertenecen a la
VLAN 1
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
---Resumido---
SW_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_1(config)#vlan
10 genera VLAN y les adjunta un nombre
simbólico
SW_1(config-vlan)#name vlan10
SW_1(config-vlan)#exit
SW_1(config)#vlan 20
SW_1(config-vlan)#name vlan20
SW_1(config-vlan)#end
SW_1#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
10 vlan10
active
20 vlan20
active
---resumido---
SW_1#
SW_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_1(config)#int fast0/1
SW_1(config-if)#description
PC de Juan Perez descripción de la funcion del puerto
SW_1(config-if)#switchport
mode access define el port para un dispositivo final
SW_1(config-if)#switchport
access vlan 10 asocia un port a una VLAN
SW_1(config-if)#exit
SW_1(config)#int
range fast 0/1-10 define un rango de puertos y los configura
con los sucesivos comandos
SW_1(config-if-range)#switchport
access vlan 10 asocia un port a una VLAN
SW_1(config-if-range)#switchport mode access
SW_1(config-if-range)#spanning-tree
portfast este comando, implica que cuando se le
conecta un dispositivo, este
queda con link instantaneamente, obviando los pasos de spanning tree
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION el mensaje de Warning se explicará en la clase de Spanning Tree
%Portfast will be configured in 10 interfaces due to the range command
but will only have effect when the interfaces are in a non-trunking mode.
SW_1(config-if-range)#spanning-tree
bpduguard enable protección por una conexión accidental ( o
no ) de
SW_1(config-if-range)#exit un switch a un port en modo portfast
SW_1(config)#int range fa0/11-20
SW_1(config-if-range)#switchport access vlan 20
SW_1(config-if-range)#switchport mode access
SW_1(config-if-range)#spanning-tree portfast
---resumido---
SW_1(config-if-range)#spanning-tree bpduguard ena
SW_1(config-if-range)#end
SW_1#
%SYS-5-CONFIG_I: Configured from console by console
SW_1#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
10 vlan10
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10
20 vlan20 active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20
---resumido---
SW_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_1(config)#vlan
30 creación de una VLAN de seguridad para asociar todos los ports que no se
utilizarán.
SW_1(config-vlan)#name
SEGURIDAD Por defecto se asocian a laVLAN 1 y es la
VLAN de administración del Switch,
SW_1(config-vlan)#exit con el potencial riesgo que ello implica.
SW_1(config)#^Z
SW_1#
%SYS-5-CONFIG_I: Configured from console by console
SW_1#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
10 vlan10 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10
20 vlan20 active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20
30 SEGURIDAD active
---resumido---
SW_1#conf t se asocian las interfaces que no se utilizarán
SW_1(config)#int range fa0/22-24
SW_1(config-if-range)#switchport
access vlan 30
SW_1(config-if-range)#exit
SW_1(config)#int range gi1/1-2
SW_1(config-if-range)#switchport access vlan 30
SW_1(config-if-range)#^Z
SW_1#
%SYS-5-CONFIG_I: Configured from console by console
SW_1#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/21
10 vlan10 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10
20 vlan20 active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20
30 SEGURIDAD active
Fa0/22, Fa0/23, Fa0/24, Gig1/1
Gig1/2
---resumido---
SW_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_1(config)#no
vlan 20 eliminación de una VLAN. Todos los ports
asociados a ella,
SW_1(config)#^Z quedan
sin poder utilizarse hasta que se asocien nuevamente a otra VLAN
como se verifica en el siguiente
comando
SW_1#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/21
10 vlan10 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10
30 SEGURIDAD active
Fa0/22, Fa0/23, Fa0/24, Gig1/1
Gig1/2
SW_1#sh
flash la configuración de las VLAN se guardan en flash:vlan.dat,
Directory of
flash:/ la eliminación de startup-config NO elimina
la configuración de VLAN del switch
1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin
2 -rw- 676 <no date> vlan.dat
64016384 bytes total (59600787 bytes free)
SW_1#
SW_1#erase
startup-config eliminación del archivo de configuración
del switch
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
SW_1#sh startup-config
startup-config is not present
SW_1#
SW_1#sh flash
Directory of flash:/
1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin
2 -rw- 676 <no date> vlan.dat
64016384 bytes total (59600787 bytes free)
SW_1#delete
vlan.dat eliminación del archivo vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]
SW_1#
SW_1#sh flash
Directory of flash:/
1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin
64016384 bytes total (59601463 bytes free)
SW_1#
www.vilarrasa.com.ar
(2010)
Rosario, Argentina