!

Aplical os scripts no modo de configura��o global

! Configura��o inicial
hostname switch_name
enable secret cisco@root
line con 0
password cisco
login
line vty 0 4
password cisco@vty
login
service password-encryption
banner motd $
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
UNAUTHORIZED ACCESS IS PROHIBITED
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$
interface vlan 1
ip address 172.16.1.11 255.255.255.0 ! or DHCP
no shutdown
ip default-gateway 172.16.1.1
do wr

! Configurar layer2 VLans e designar portas

! By default, all physical ports of the switch belong to the native VLAN1. One of
the most important functions of an Ethernet switch is to segment the network into
multiple Layer2 VLANs (with each VLAN belonging to a different Layer3 subnet).
! In order to do the above Layer2 segmentation you need to create additional VLANs
from the default VLAN1 and then assign physical ports to these new vlans. Let�s
create two new vlans (VLAN2 and VLAN3) and assign two ports to each one.
! First create the Layer2 VLANs on the switch
vlan 2
name TEACHERS
exit
vlan 3
name STUDENTS
exit

! Now assign the physical ports to each VLAN. Ports 1-2 are assigned to VLAN2 and
ports 3-4 to VLAN3
interface range fe 0/1-2
switchport mode access
switchport access vlan 2
exit
interface range fe 0/3-4
switchport mode access
switchport access vlan 3
exit
do wr

! Configurar SSH
ip domain-name example.com
username admin secret cisco@ssh
SW1(config)# crypto key generate rsa
1024
ip ssh version 2
line vty 0 4
login local
transport input telnet ssh
do wr

! Configurar DHCP
interface ethernet0/0
ip address 1.1.1.1 255.0.0.0
no shutdown
ip dhcp pool mypool
network 1.1.1.0 /8
domain-name mydomain.com
dns-server 1.1.1.10
default-router 1.1.1.1
lease 7
exit
ip dhcp excluded-address 1.1.1.0 1.1.1.100
do wr

! Configurar NAT

! Designating Inside and Outside Interfaces

interface fa0/0
ip nat outside
interface fa0/1
ip nat inside
interface fa0/2
ip nat inside
do wr

! Static NAT
ip nat inside source static <Inside Local IP> <Inside Global IP>
do wr

! Static PAT
ip nat inside source static <protocol> <Inside Local IP:Port> <Inside Global
IP:Port> extendable
do wr

! Dynamic PAT (NAT Pool)

ip access-list standard <ACL Name>
permit <Network ID> <Wildcard Mask>
ip nat pool <Pool Name> <Start IP> <End IP> prefix-length <CIDR>
ip nat inside source list <ACL Name> pool <NAT Pool> overload
do wr

! Dynamic PAT (Interface IP)

ip access-list standard <ACL Name>
permit <Network ID> <Wildcard Mask>
ip nat inside source list <ACL Name> interface <Intf> overload
do wr

! Dynamic NAT
ip access-list standard <ACL Name>
permit <Network ID> <Wildcard Mask>
ip nat pool <Pool Name> <Start IP> <End IP> netmask <Subnet Mask>
ip nat inside source list <ACL Name> pool <NAT Pool>
do wr
! Configurar Port Security
interface range fastEthernet 0/1-2
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address sticky
switchport port-security violation restrict/shutdown
do wr