Category Archives: Networking

Mreže

WiFi

Posted on by

SWITCH

vlan 10
name nesto
vlan 20
name IT
vlan 30
name Guest

interface FastEthernet1/0/1
description veza prema routeru – na svaki interface OBAVEZNO stavljati description !!!
switchport trunk encapsulation dot1q
switchport mode trunk allowed vlan 1,10,20,30 – potrebno je točno specificirati VALN-ove!!!
switchport mode trunk
!
interface FastEthernet1/0/2
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30
switchport mode trunk
!
interface FastEthernet1/0/3
description PC
switchport access vlan 1 – ovo se ne piše tj. ostaje u defaultnom vlan-u
switchport mode access
spanning-tree portfast
!
interface VLAN 1
ip address 192.168.1.2 255.255.255.0 – može se staviti bilo koji ip iz range-a za management
!
Line vty 0 15 – omogućujemo udaljeni pristup (telnet)
Password xxxx – stavite po želji
no ip domain-lookup

line con 0
logging synchronous
pass class
login
line vty 0 15
pass class
login
enab sec class

ROUTER

ip dhcp pool IT-GrupaX – naziv pool-a stavljate po želji
network 192.168.20.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.20.1
!
ip dhcp pool GUEST-GrupaX
network 192.168.30.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.30.1
!
ip dhcp pool AP
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8
!
ip dhcp pool PC
network 192.168.2.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.2.254
!
interface FastEthernet0/0
tu samo no shu
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 – enkapsulacija po vlanu kojem pripada
ip address 192.168.1.1 255.255.255.0
ip nat inside – naredba za NAT ide na svaki subinterface da bi vam radio pristup na Internet
!
interface FastEthernet0/0.10
description AP
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.20
description IT
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.30
description GUEST
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly
access-group GUEST in – primjenjujemo acc listu za goste
!
interface FastEthernet0/1
description WAN
ip address 10.10.2.15X 255.255.255.0
ip nat outside – na WAN sučelje obavezno se stavlja naredba nat outside!!!
ip virtual-reassembly
duplex auto

ip route 0.0.0.0 0.0.0.0 10.10.2.254 – ne zaboravite staviti defaultnu rutu s next hop adresom!!!
!
ip nat inside source list WIFI interface FastEthernet0/1 overload – sav promet se natira u wan int.
!
ip access-list extended WIFI – access lista potrebna za nat može standardna ili extended !!!
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any
!
ip access-list extended GUEST – dopuštamo gostima samo izlaz na Internet, cijeli LAN zabranjujemo
deny ip 192.168.30.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
permit ip any any – ne zaboravite na kraju dozvoliti svemu ostalom

KONFIGURACIJA –> AP
welcome – next
ip address -ostavi default DHCP
single point – Do not enable single point setup
time settings next
password stavi nesto, complexity ne, uzmi neki jedostavni
SSID – IT-grupaX  –> prvo ide configuration ITa onda gostiju
dalje no security ili ako pise u ispitu onda nesto stavim i upisem neki password
zatim kojem vlanu bude pripadao taj IT, to pise u ispitu. Sad je IT u 20, a na ispitu mozda bude nesto drugo
enable – yes
guest name – Guest-grupaX
dalje, no security, password nista
vlan ID sad je 30 jer su gosti u 30
dodatna mogucnost da redirecta, ne treba, next
finish
i onda me izbaci van pa se prijavim s onim passwordom koji sam stavila

captive portal
create
Gosti
Save

local users
gost1
postavi neki password
stavi da propada grupi Gosti

instance configuration
umjesto create wiz_cp_inst1
jedino bitno je verification:
izaberi local
user group name: Gosti
save

ACCESS POINT CISCO WAP 321
Na AP-u je potrebno konfigurirati 2 virtualna interface-a VAP0 i VAP1:
VAP0 – vlan id 20 – SSID IT-GrupaX
VAP1 – vlan id 30 – SSID GUEST-GrupaX
Pod tabom LAN interface – potrebno postaviti management vlan id 10 – Vlan u kojem je naš AP

mreže svašta

Posted on by
erase startup-config
——–POSTAVLJANJE VLANOVA ————–
SW1>ena
Sw1#conf t
Sw1(config)# hostname sw1
                       vlan 10
                       name vlan10
——- ponavlja se procedura za imena za sve vlanove
————————————- Podesavanje VLANOVA i TRUNKA ———-
—– prema računalima ——
  interface range fastEthernet 0/2
sw1(configifrange)# switchport mode access   
                       switchport access vlan 10   exit
————Drugi interfejs
interface range fastEthernet 0/3
                       switchport mode access
                       switchport access vlan 40
                       exit
————- TRUNK —– prema routeru i između switcheva ——-
interface range fastEthernet 0/1
switchport mode trunk
exit
no shutdown
—-  ako se fula sa vlanovima
no switchport access vlan name-or-id
Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode. Ako ovo izleti morate promjeniti enkapsulaciju:

switchport encapsulation dot1q

switchport mode trunk
—————– PODEŠAVANJE VLANOVA – ————-
ena
conf t
hostname R1
R1(config)#interface FastEthernet 0/0
R1(configif)#no ip add
R1(configif)#shutdown 
SUBINTERFACE
R1(config)#interface FastEthernet 0/0.10
R1(configsubif)#description *Vlan 10*
R1(configsubif)#encapsulation dot1q 10
R1(configsubif)#ip address 10.160.0.1 255.255.255.224
tako sve ostale .20 i .30 
————-
R1(config)#interface fastEthernet 0/0.40
R1(configsubif)#description *Vlan 40*
R1(configsubif)#encapsulation dot1q 40
R1(configsubif)#ip address 10.160.1.1 255.255.255.0
——- PODESAVANJE WAN DIJELA RUTERA ——–
R1(config)#interface FastEthernet 1/0
R1(configif)#ip address 193.0.2.33 255.255.255.252
R1(configif)#no shut
——– POSTAVLJANJE KONZOLNE LOZINKE I SECRET ——–
sw1#conf t
sw1(config)#enable secret ispit-vsprs
w1(config)#line vty 0 15
sw1(configline)#password console-vspr
sw1(configline)#login
sw1(configline)#exit
sw1(config)#
—————–BANNER——–
sw1(config)# banner motd $***neovlastenim osobama pristup zabranjen***$
————-DOmena na ruteru —————
R1(config)#ip domain-name vspr.local
—————-KRIPTO PRIJENOS ——
R1(config)#crypto key generate rsa
The name for the keys will be: R1.vspr.local
Choose the size of the key modulus in the range of 360 to 2048 for your  General Purpose Keys. Choosing a key modulus greater than 512 may take  a few minutes.How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be nonexportable…[OK]
R1(config)#line vty 0 4
R1(configline)#transport input ssh
R1(configline)#
——————– Pregled interfejsa trunkova —————
Show interfaces trunk
 —– ako interface nije u stanju up ova naredba ga neće prikazati.——————-
—-SHOW SVAŠTA—-
show vtp password
show vtp status
show vlan brief
show spanning-tree
spanning-tree vlan 25,35,99 root primary

Cisco komande za routere

Posted on by

Router

R1#show run
Building configuration…

Current configuration : 1786 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
ip ssh version 1
no ip domain-lookup
ip domain-name lab
!
!
spanning-tree mode pvst
!
!
interface Loopback0
ip address 172.16.0.62 255.255.255.192
!
interface Loopback1
ip address 172.16.0.94 255.255.255.224
!
interface Loopback2
ip address 172.16.0.126 255.255.255.224
!
interface Loopback3
ip address 172.16.0.142 255.255.255.240
!
interface Loopback4
ip address 172.16.0.150 255.255.255.248
!
interface Loopback5
ip address 172.16.0.154 255.255.255.252
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.25
encapsulation dot1Q 25
ip address 172.16.1.1 255.255.255.0
ip helper-address 10.1.12.2
!
interface FastEthernet0/0.35
encapsulation dot1Q 35
ip address 192.168.1.1 255.255.255.0
ip helper-address 10.1.12.2
!
interface FastEthernet0/0.99
encapsulation dot1Q 99
ip address 10.10.10.1 255.255.255.0
!
interface FastEthernet0/1
ip address 10.1.12.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
passive-interface FastEthernet0/0.25
passive-interface FastEthernet0/0.35
network 172.16.0.0
network 10.0.0.0
network 192.168.0.0 0.0.255.255
no auto-summary
!
ip classless
!
!
ip access-list standard TELNET
permit host 172.16.1.101
!
banner motd ^CPristup neovlastenim osobama nije dozvoljen!^C
!
!
!
!
line con 0
password cisco
logging synchronous
login
!
line aux 0
!
line vty 0 4
access-class TELNET in
password cisco
login
transport input ssh
line vty 5 15
access-class TELNET in
password cisco
login
transport input ssh
!
!
!
end

 

R2#show run
Building configuration…

Current configuration : 1996 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R2
!
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
ip dhcp excluded-address 172.16.1.1 172.16.1.100
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool VLAN25
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 8.8.8.8
ip dhcp pool VLAN35
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
!
no ip domain-lookup
ip domain-name lab
!
!
spanning-tree mode pvst
!
!
interface Loopback0
ip address 22.22.22.1 255.255.255.0
!
interface FastEthernet0/0
ip address 193.200.1.2 255.255.255.252
ip access-group ACL in
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.12.2 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
redistribute static metric 100000 10 255 1 1500
network 10.0.0.0
auto-summary
!
router bgp 61211
bgp log-neighbor-changes
no synchronization
neighbor 193.200.1.1 remote-as 34594
network 22.22.22.0 mask 255.255.255.0
!
ip nat inside source list NAT interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 193.200.1.1
!
!
ip access-list standard TELNET
permit host 172.16.1.101
ip access-list standard NAT
permit 172.16.0.0 0.0.0.255
permit 172.16.1.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
ip access-list extended ACL
permit tcp any host 22.22.22.1 eq www
permit tcp any host 22.22.22.1 eq 443
permit tcp any host 22.22.22.1 eq 8080
permit icmp any host 22.22.22.1 echo
permit ip any host 193.200.1.2
!
banner motd ^CPristup neovlastenim osobama nije dozvoljen!^C
!
!
line con 0
password cisco
logging synchronous
login
!
line aux 0
!
line vty 0 4
access-class TELNET in
password cisco
login
transport input ssh
line vty 5 15
access-class TELNET in
password cisco
login
transport input ssh
!
!
!
end

HQ#show run
Building configuration…

Current configuration : 759 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname HQ
!
!
!
spanning-tree mode pvst
!
!
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Loopback1
ip address 77.77.77.1 255.255.255.0
!
interface FastEthernet0/0
ip address 193.200.1.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router bgp 34594
bgp log-neighbor-changes
no synchronization
neighbor 193.200.1.2 remote-as 61211
network 77.77.77.0 mask 255.255.255.0
!
ip classless
!

!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
end

Cisco komande za switcheve

Posted on by

switchevi

SW1#show run
Building configuration…

Current configuration : 1568 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
no ip domain-lookup
!
spanning-tree mode pvst
spanning-tree vlan 25,35,99 priority 24576
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
switchport mode trunk
!
interface FastEthernet0/13
switchport mode trunk
!
interface FastEthernet0/14
switchport mode trunk
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.10.10.101 255.255.255.0
!
ip default-gateway 10.10.10.1
!
banner motd ^CPristup neovlastenim osobama nije dozvoljen!^C
!
ip access-list standard TELNET
permit host 172.16.1.101
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
access-class TELNET in
password cisco
login
line vty 5 15
access-class TELNET in
password cisco
login
!
!
end

SW2#show run
Building configuration…

Current configuration : 1662 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW2
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport access vlan 25
switchport mode access
switchport port-security
switchport port-security maximum 3
switchport port-security violation restrict
spanning-tree portfast
!
interface FastEthernet0/11
!
interface FastEthernet0/12
switchport mode trunk
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
switchport mode trunk
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.10.10.102 255.255.255.0
!
ip default-gateway 10.10.10.1
!
banner motd ^CPristup neovlastenim osobama nije dozvoljen!^C
!
ip access-list standard TELNET
permit host 172.16.1.101
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
access-class TELNET in
password cisco
login
line vty 5 15
access-class TELNET in
password cisco
login
!
!
end

SW3#show run
Building configuration…

Current configuration : 1810 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW3
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport access vlan 35
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 00D0.D30D.B435
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 35
switchport mode access
switchport port-security
spanning-tree portfast
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport mode trunk
!
interface FastEthernet0/14
switchport mode trunk
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
switchport mode trunk
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.10.10.103 255.255.255.0
!
ip default-gateway 10.10.10.1
!
banner motd ^CPristup neovlastenim osobama nije dozvoljen!^C
!
ip access-list standard TELNET
permit host 172.16.1.101
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
access-class TELNET in
password cisco
login
line vty 5 15
access-class TELNET in
password cisco
login
!
!
end

 

Krimpanje

Posted on by
Reply

Evo kratko kako zakrimpati mrežni kabel.

 

Alat:

 

Odrezat potrebnu dužinu mrežnog kabla:

 

 

Skinuti izolaciju:

 

 

 

 

 

Nemojte zaboraviti odmah staviti pregibnicu:

 

Sada odpetljajte žice i složite ih po nekom standardu:

Malo žice poravnajte, ako su ovakve ko meni, odrežite vrhove da su vam sve žice jednake dužine i ugurajte u konektor:

 

 

 

Provjerite sa svih strana da su sve žice do kraja gurnute:

 

Stavite u kliješta za krimpanje i stisnite do kraja:

Vratite pregibnicu do konektora i kabel je gotov:

 

Za kraj možete testirati kabel sa cabel testerom (ili ga jednostavno uštekat u router/switch i komp i vidjet da li radi 🙂 ):

 

U grubo postoje nekoliko vrsta spajanja mrežnih kablova:

Straight-through – koristi isti standard na oba kraja kabela (ili T568-A ili T568-B). Ovakvim kablom spajamo slijedeće mrežne uređaje:

* switch – router
* hub – router
* switch – PC
* hub – PC

Cross-over –  koristi različite standarde na krajevima kabela (na jednom kraju je T568-A, a na drugom T568-B). Ovakvim kablom spajamo slijedeće mrežne uređaje:

* switch – switch
* switch – hub
* router – router
* hub -hub
* PC – PC
* Router – PC

Rollover mrežni kabel – koristi se na CISCO uređajima za spajanje na konzolni port.