Packet Tracer

1. *Postavljanje ip adresa
2. 1) enable
3. 2) conf t
4. 3) interface "ime interfejsa" (Npr. interface fa0/0)
5. 4) ip address gateway subnet (Npr. ip address 80.66.22.1 255.255.255.128)
6. 5) no shutdown
7. 6) exit
8.  
9. *Staticko rutiranje
10. 1) enable
11. 2) conf t
12. 3) ip route adresa mreze za koju hocu da uradim staticko rutiranje, njen subnet, adresa prvog interfejsa slijedeceg rutera
13. (Npr. ip route 80.222.0.0 255.255.254.0 80.66.22.126)
14. 4) exit
15.  
16. *Postavljanje hostname-a
17. 1)hostname "neko_ime" (Npr. hostname GLAVNI)
18.  
19. *Postavljanje passworda
20. 1) enable
21. 2) conf t
22. 3) enable password "neki_password" (Npr. enable password class)
23. 4) line console 0
24. 5) password "neki_password" (Npr. password cisco
25. 6) login
26. 7) exit
27. 8) line vty 0 4
28. (za switcheve od 0 do 15 ili ne moram nikako)
29. 9) password "neki_password" (Npr. password cisco)
30. 10) login
31. 11)exit
32.  
33. *Postavljanje serijskog interfejsa
34. GORNJI:
35. 1) enable
36. 2) conf t
37. 3) int ser "ime_interfejsa" (Npr. int set s0/0/0)
38. 4) ip address 8.8.4.6 255.255.255.252
39. 5) no shutdown
40. 6) exit
41. _______________
42. 1) ip route 0.0.0.0 0.0.0.0 8.8.4.5
43. DOJNJI:
44. 1)ip route 0.0.0.0 0.0.0.0 80.66.22.126
45.  
46. *Postavljanje eksternog onog cuda na onaj gornji router
47. 1) interface s2/0
48. 2) ip address 8.8.4.6 255.255.255.252
49.  
50. *AC LISTA - zastiti mrezu od krivotvorenja adrese
51. 1) access-list 101 deny ip 80.222.0.0 0.0.1.255 any
52. 2) access-list 101 deny ip 80.66.22.0 0.0.0.127 any
53. 3) interface s2/0
54. 4) ip access-group 101 in
55.  
56. *AC LISTA - zabraniti pristup servisima
57. prema internetu(MS updates)
58.  
59. 1) access-list 102 permit tcp 80.222.0.0 0.0.1.255 55.65.23.208 0.0.0.7 eq www
60. 2) access-list 102 permit tcp 80.222.0.0 0.0.1.255 55.65.23.208 0.0.0.7 eq 443
61.  
62.  
63. - Zabraniti pristup svim servisima iz mreža sa web serverom prema Internetu, osim web pristupa
64. (www,https) na servere od „MS update sites“.
65. - Dozvoliti sa Interneta pristup portovima na web server (http,https) te omogućiti normalan rad.
66. - Dozovoliti PING sa Interneta na web server.
67.  
68. 1)exit
69. 2) access-list 102 permit icmp host 80.222.1.165 any echo-reply
70. 3) - || - - || - host-unreachable
71. 4) - || - - || - ttl-exceeded
72. 5) - || - - || - unreachable
73. 6) interface fa1/0
74. 7) ip access-group 102 in
75.  
76. -Uraditi NAT na routeru PRIVATNI.
77. 1) enable
78. 2) conf t
79. 3) access-list 1 permit 10.2.2.0 0.0.0.31
80. 4) ip nat inside source list 1 interface fa0/0 overload
81. 5)interface fa0/0
82. 6) ip nat outside
83. 7) exit
84. 8) interface fa1/0
85. 9) ip nat inside
86. 10) exit
87.  
88. *Ako je VLAN
89. 1) enable
90. 2) conf t
91. 3) vlan 5
92. 4) exit
93. 5) interface fa1/1
94. 6) switchport mode access
95. 7) switchport access vlan 5
96.  
97.  
98. ____Sa VIDE-a____
99. a)
100. 1) enable
101. 2) conf t
102. 3) ip access-list "ime"
103. 4) deny ip 80.222.0.0 0.0.1.255 any
104. 5) deny ip 80.66.22.0 0.0.0.127 any
105. 6) permit any any
106. 7) exit
107. 8) int serial s2/0
108. 9) ip access-group "ime" in
109.  
110. b)
111. 1) enable
112. 2) conf t
113. 3) ip access-list "ime"
114. 4) permit tcp any any established
115. 5) permit tcp 80.222.0.0 0.0.1.255 55.65.23.208 0.0.0.7 eq www
116. 6) - || - - || - 443
117. 7) permit icmp host 80.222.1.165 any echo-reply
118. 8) - || - - || - host-unreachable
119. 9) - || - - || - ttl-exceeded
120. 10) - || - - || - any unreachable
121. 11) exit
122. 12) int f0/1
123. 13) ip access-group "ime" in
124. 14) exit
125.  
126. c)
127. 1) enable
128. 2) conf t
129. 3) ip access-list standard "ime"
130. 4) permit 10.2.2.0 0.0.0.31
131. 5) exit
132. 6) ip nat inside source list n interface f0/1 overload
133. 7) int f1/0
134. 8) ip nat inside
135. 9) exit
136. 10) int f0/0
137. 11) ip nat outside
138. 12) exit