! Configura��o inicial
hostname switch_name
enable secret cisco@root
line con 0
password cisco
login
line vty 0 4
password cisco@vty
login
service password-encryption
banner motd $
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
UNAUTHORIZED ACCESS IS PROHIBITED
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$
interface vlan 1
ip address 172.16.1.11 255.255.255.0 ! or DHCP
no shutdown
ip default-gateway 172.16.1.1
do wr
! Now assign the physical ports to each VLAN. Ports 1-2 are assigned to VLAN2 and
ports 3-4 to VLAN3
interface range fe 0/1-2
switchport mode access
switchport access vlan 2
exit
interface range fe 0/3-4
switchport mode access
switchport access vlan 3
exit
do wr
! Configurar SSH
ip domain-name example.com
username admin secret cisco@ssh
SW1(config)# crypto key generate rsa
1024
ip ssh version 2
line vty 0 4
login local
transport input telnet ssh
do wr
! Configurar DHCP
interface ethernet0/0
ip address 1.1.1.1 255.0.0.0
no shutdown
ip dhcp pool mypool
network 1.1.1.0 /8
domain-name mydomain.com
dns-server 1.1.1.10
default-router 1.1.1.1
lease 7
exit
ip dhcp excluded-address 1.1.1.0 1.1.1.100
do wr
! Configurar NAT
! Static NAT
ip nat inside source static <Inside Local IP> <Inside Global IP>
do wr
! Static PAT
ip nat inside source static <protocol> <Inside Local IP:Port> <Inside Global
IP:Port> extendable
do wr
! Dynamic NAT
ip access-list standard <ACL Name>
permit <Network ID> <Wildcard Mask>
ip nat pool <Pool Name> <Start IP> <End IP> netmask <Subnet Mask>
ip nat inside source list <ACL Name> pool <NAT Pool>
do wr
! Configurar Port Security
interface range fastEthernet 0/1-2
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address sticky
switchport port-security violation restrict/shutdown
do wr