Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *Postavljanje ip adresa
- 1) enable
- 2) conf t
- 3) interface "ime interfejsa" (Npr. interface fa0/0)
- 4) ip address gateway subnet (Npr. ip address 80.66.22.1 255.255.255.128)
- 5) no shutdown
- 6) exit
- *Staticko rutiranje
- 1) enable
- 2) conf t
- 3) ip route adresa mreze za koju hocu da uradim staticko rutiranje, njen subnet, adresa prvog interfejsa slijedeceg rutera
- (Npr. ip route 80.222.0.0 255.255.254.0 80.66.22.126)
- 4) exit
- *Postavljanje hostname-a
- 1)hostname "neko_ime" (Npr. hostname GLAVNI)
- *Postavljanje passworda
- 1) enable
- 2) conf t
- 3) enable password "neki_password" (Npr. enable password class)
- 4) line console 0
- 5) password "neki_password" (Npr. password cisco
- 6) login
- 7) exit
- 8) line vty 0 4
- (za switcheve od 0 do 15 ili ne moram nikako)
- 9) password "neki_password" (Npr. password cisco)
- 10) login
- 11)exit
- *Postavljanje serijskog interfejsa
- GORNJI:
- 1) enable
- 2) conf t
- 3) int ser "ime_interfejsa" (Npr. int set s0/0/0)
- 4) ip address 8.8.4.6 255.255.255.252
- 5) no shutdown
- 6) exit
- _______________
- 1) ip route 0.0.0.0 0.0.0.0 8.8.4.5
- DOJNJI:
- 1)ip route 0.0.0.0 0.0.0.0 80.66.22.126
- *Postavljanje eksternog onog cuda na onaj gornji router
- 1) interface s2/0
- 2) ip address 8.8.4.6 255.255.255.252
- *AC LISTA - zastiti mrezu od krivotvorenja adrese
- 1) access-list 101 deny ip 80.222.0.0 0.0.1.255 any
- 2) access-list 101 deny ip 80.66.22.0 0.0.0.127 any
- 3) interface s2/0
- 4) ip access-group 101 in
- *AC LISTA - zabraniti pristup servisima
- prema internetu(MS updates)
- 1) access-list 102 permit tcp 80.222.0.0 0.0.1.255 55.65.23.208 0.0.0.7 eq www
- 2) access-list 102 permit tcp 80.222.0.0 0.0.1.255 55.65.23.208 0.0.0.7 eq 443
- - Zabraniti pristup svim servisima iz mreža sa web serverom prema Internetu, osim web pristupa
- (www,https) na servere od „MS update sites“.
- - Dozvoliti sa Interneta pristup portovima na web server (http,https) te omogućiti normalan rad.
- - Dozovoliti PING sa Interneta na web server.
- 1)exit
- 2) access-list 102 permit icmp host 80.222.1.165 any echo-reply
- 3) - || - - || - host-unreachable
- 4) - || - - || - ttl-exceeded
- 5) - || - - || - unreachable
- 6) interface fa1/0
- 7) ip access-group 102 in
- -Uraditi NAT na routeru PRIVATNI.
- 1) enable
- 2) conf t
- 3) access-list 1 permit 10.2.2.0 0.0.0.31
- 4) ip nat inside source list 1 interface fa0/0 overload
- 5)interface fa0/0
- 6) ip nat outside
- 7) exit
- 8) interface fa1/0
- 9) ip nat inside
- 10) exit
- *Ako je VLAN
- 1) enable
- 2) conf t
- 3) vlan 5
- 4) exit
- 5) interface fa1/1
- 6) switchport mode access
- 7) switchport access vlan 5
- ____Sa VIDE-a____
- a)
- 1) enable
- 2) conf t
- 3) ip access-list "ime"
- 4) deny ip 80.222.0.0 0.0.1.255 any
- 5) deny ip 80.66.22.0 0.0.0.127 any
- 6) permit any any
- 7) exit
- 8) int serial s2/0
- 9) ip access-group "ime" in
- b)
- 1) enable
- 2) conf t
- 3) ip access-list "ime"
- 4) permit tcp any any established
- 5) permit tcp 80.222.0.0 0.0.1.255 55.65.23.208 0.0.0.7 eq www
- 6) - || - - || - 443
- 7) permit icmp host 80.222.1.165 any echo-reply
- 8) - || - - || - host-unreachable
- 9) - || - - || - ttl-exceeded
- 10) - || - - || - any unreachable
- 11) exit
- 12) int f0/1
- 13) ip access-group "ime" in
- 14) exit
- c)
- 1) enable
- 2) conf t
- 3) ip access-list standard "ime"
- 4) permit 10.2.2.0 0.0.0.31
- 5) exit
- 6) ip nat inside source list n interface f0/1 overload
- 7) int f1/0
- 8) ip nat inside
- 9) exit
- 10) int f0/0
- 11) ip nat outside
- 12) exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement