{"id":1626,"date":"2019-09-17T09:13:18","date_gmt":"2019-09-17T15:13:18","guid":{"rendered":"https:\/\/ugit.siua.ac.cr\/?p=1626"},"modified":"2019-09-25T15:46:14","modified_gmt":"2019-09-25T21:46:14","slug":"cisco-configuracion-basica-switch","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=1626","title":{"rendered":"CISCO: Configuraci\u00f3n b\u00e1sica Switch"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Nos conectamos por medio del cable de consola, ingresamos al modo de configuraci\u00f3n global<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>switch>enable\nswitch#configure terminal\nswitch(config)#<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Cambiamos el nombre del switch y el dominio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>switch(config)#hostname &lt;NOMBRE DEL EQUIPO>\nUGIT_2(config)#ip domain-name siua.ac.cr<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Poner contrase\u00f1a al modo Exec Privilegiado<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#enable secret &lt;AA3><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Crear usuario y contrase\u00f1a<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#username ugit privilege 15 secret &lt;AdA0><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Poner contrase\u00f1a al console line 0<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#console line 0\nUGIT_2(config-line)#login local<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Encryptar contrase\u00f1as<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#service password-encryption<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Deshabilitar el acceso http y https<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#no ip http server\nUGIT_2(config)#no ip http secure-server<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>&nbsp;Desactivar la traducci\u00f3n de nombres de dominio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#no ip domain-lookup<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Poner IP a la Vlan Nativa y ****cambiar el numero de Vlan administrativa****<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#interface vlan 250\nUGIT_2(config-if)#description INTERFAZ DE CONTROL &lt;## ACTIVO ##>\nUGIT_2(config-if)#IP ADDress &lt;10.20.250.XX> 255.255.255.0\nUGIT_2(config-if)#NO SHUTdown<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Configurar el gateway<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#ip default-gateway 10.20.250.1<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Se configura el VTP<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#Vtp domain UGIT\nUGIT_2(config)#Vtp Password &lt;AA3>\nUGIT_2(config)#Vtp mode &lt;Server,client,transparent><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Guardar la configuraci\u00f3n<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2#copy running-config startup-config<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Configuraci\u00f3n de acceso SSH<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>&nbsp;Se generan las claves de encryptacion, ha este punto ya deben estar configurados el nombre del host y el dominio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#crypto key generate rsa<\/code><\/pre>\n\n\n\n<p>Se define la longitud en 2048<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Se define el time-out, numero de intentos de login y version ssh la 2 es m\u00e1s segura<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#ip ssh version 2\nUGIT_2(config)#ip ssh authentication-retries 2\nUGIT_2(config)#ip ssh time-out 120\nUGIT_2(config)#ip ssh port 6573 rotary 1 --> algunos catalyst 2960 no permiten cambiar el puerto ssh\nUGIT_2(config)#ip ssh source-interface Vlan250<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Lista de acceso para bloquear el ssh en el puerto 22 (Solo para equipos que permiten cambiar el puerto ssh)<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#ip access-list extended DENY_SSH_PORT_22\nUGIT_2(config-ext-nacl)#deny tcp any any eq 22\nUGIT_2(config-ext-nacl)#deny udp any any eq 22\nUGIT_2(config-ext-nacl)#permit tcp any any\nUGIT_2(config-ext-nacl)#permit udp any any<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Configuraci\u00f3n de las lineas VTY<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#line vty 0 15\nUGIT_2(config-line)#transport input ssh \nUGIT_2(config-line)#login local \nUGIT_2(config-line)#access-class DENY_SSH_PORT_22 in --> Solo equipos que permiten cambiar el puerto ssh\nUGIT_2(config-line)#rotary 1                         --> Solo equipos que permiten cambiar el puerto ssh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Se aplica la lista de acceso en la interfaz de control &#8212;&gt; Solo equipos que permiten cambiar el puerto ssh<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#interface vlan250\nUGIT_2(config-if)#ip access-group DENY_SSH_PORT_22 in<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Guardar la configuraci\u00f3n<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2#copy running-config startup-config<\/code><\/pre>\n\n\n\n<p><strong>Ayudas: <\/strong><br><strong>who<\/strong> muestra las lineas con conexiones activas<br><strong>show ip ssh<\/strong> muestra la configuraci\u00f3n de ssh<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Configuraci\u00f3n de SNMPv3<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Se habilitar\u00e1 SNMP V3, authPriv (Autenticacion SHA y Encryptacion AES 128-bit)<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2(config)#snmp-server engineID local &lt;F24012018F> (F-DD\/MM\/AAAA-F) ---> debe ser almenos 10 n\u00fameros HEXADECIMALES \nUGIT_2(config)#snmp-server group SIUA v3 priv\nUGIT_2(config)#snmp-server user ugit SIUA v3 auth sha &lt;CA2> priv aes 128 &lt;AdA0><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Guardar la configuraci\u00f3n<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>UGIT_2#copy running-config startup-config<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>CISCO: Configuraci\u00f3n b\u00e1sica Switch<\/p>\n","protected":false},"author":2,"featured_media":2051,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[38],"class_list":["post-1626","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cisco","tag-cisco"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1626"}],"version-history":[{"count":2,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1626\/revisions"}],"predecessor-version":[{"id":2174,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1626\/revisions\/2174"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/media\/2051"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}