Monthly Archives: April 2016

mreže svašta

Posted on by
erase startup-config
——–POSTAVLJANJE VLANOVA ————–
SW1>ena
Sw1#conf t
Sw1(config)# hostname sw1
                       vlan 10
                       name vlan10
——- ponavlja se procedura za imena za sve vlanove
————————————- Podesavanje VLANOVA i TRUNKA ———-
—– prema računalima ——
  interface range fastEthernet 0/2
sw1(configifrange)# switchport mode access   
                       switchport access vlan 10   exit
————Drugi interfejs
interface range fastEthernet 0/3
                       switchport mode access
                       switchport access vlan 40
                       exit
————- TRUNK —– prema routeru i između switcheva ——-
interface range fastEthernet 0/1
switchport mode trunk
exit
no shutdown
—-  ako se fula sa vlanovima
no switchport access vlan name-or-id
Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode. Ako ovo izleti morate promjeniti enkapsulaciju:

switchport encapsulation dot1q

switchport mode trunk
—————– PODEŠAVANJE VLANOVA – ————-
ena
conf t
hostname R1
R1(config)#interface FastEthernet 0/0
R1(configif)#no ip add
R1(configif)#shutdown 
SUBINTERFACE
R1(config)#interface FastEthernet 0/0.10
R1(configsubif)#description *Vlan 10*
R1(configsubif)#encapsulation dot1q 10
R1(configsubif)#ip address 10.160.0.1 255.255.255.224
tako sve ostale .20 i .30 
————-
R1(config)#interface fastEthernet 0/0.40
R1(configsubif)#description *Vlan 40*
R1(configsubif)#encapsulation dot1q 40
R1(configsubif)#ip address 10.160.1.1 255.255.255.0
——- PODESAVANJE WAN DIJELA RUTERA ——–
R1(config)#interface FastEthernet 1/0
R1(configif)#ip address 193.0.2.33 255.255.255.252
R1(configif)#no shut
——– POSTAVLJANJE KONZOLNE LOZINKE I SECRET ——–
sw1#conf t
sw1(config)#enable secret ispit-vsprs
w1(config)#line vty 0 15
sw1(configline)#password console-vspr
sw1(configline)#login
sw1(configline)#exit
sw1(config)#
—————–BANNER——–
sw1(config)# banner motd $***neovlastenim osobama pristup zabranjen***$
————-DOmena na ruteru —————
R1(config)#ip domain-name vspr.local
—————-KRIPTO PRIJENOS ——
R1(config)#crypto key generate rsa
The name for the keys will be: R1.vspr.local
Choose the size of the key modulus in the range of 360 to 2048 for your  General Purpose Keys. Choosing a key modulus greater than 512 may take  a few minutes.How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be nonexportable…[OK]
R1(config)#line vty 0 4
R1(configline)#transport input ssh
R1(configline)#
——————– Pregled interfejsa trunkova —————
Show interfaces trunk
 —– ako interface nije u stanju up ova naredba ga neće prikazati.——————-
—-SHOW SVAŠTA—-
show vtp password
show vtp status
show vlan brief
show spanning-tree
spanning-tree vlan 25,35,99 root primary

LINUX

Posted on by
Linux obvezni dio (17 bodova):zahtjevam gui!!!!
yum groupinstall basic-desktop desktop-platform x11 fonts
google search How to add Gnome to a CentOS 6 minimal install
mozda zgodno instalirati i ovo
yum -y groupinstall “Graphical Administration Tools”
yum -y groupinstall “General Purpose Desktop”
yum -y groupinstall “Office Suite and Productivity”
yum -y groupinstall “Graphics Creation Tools”
Uglavnom, jbmurphy ima upute ima i ovdje jos svasta
http://www.namhuy.net/475/how-to-install-gui-to-centos-minimal.html
kad se završi naredba za pokretanje je startx, pokretanje će trajati 10ak sekundi plus upozorenje da nije okraditi kao root
1. (5 bodova) Promijenite IP adresu na prvu ispravnu i slobodnu IP adresu koju ste dobili u VLAN-u 40, te DNS i GW postavke. Izmjene moraju biti trajne.
promjeni datoteku /etc/sysconfig/network-scripts/ifcfg-eth0
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
IPADDR=10.160.0.2
NETMASK=255.255.255.0
NETWORK=10.160.0.0
GATEWAY=10.160.0.1
BROADCAST=192.168.1.255
DNS1=8.8.8.8
ONBOOT=yes
NAME=eth0
onda da se prihvate promjene napravi ovo:
service network restart
chkconfig network on
Prva ispravna i slobodna
Dakle vlan 40 ima range 10.160.0.1 – 10.160.0.254 s tim da je 0.1 ZAUZET!!!!!
Dakle vaš lunix stroj mora imati 10.160.0.2 adresu
http://lmgtfy.com/?q=change+ip+address+centos+6.5
prvi hit je detaljno sve sto vam treba, dns, gw
ako vam je lakše pozovite iz konzole gedit /etc/resolv.conf umjesto vi /etc/resolv.conf
2. (5 bodova) Na dodatnom disku /dev/sdb napravite jednu particiju, formatirajte sa ext4 i spojite pod/virtual mapu (ako je potrebno, stvorite mapu /virtual). Omogućite da se to događa i nakon ponovnogpokretanja računala.
setings u virtulanoj mašini > add hdd
fdisk -l
/dev/sdb   #moram imati taj disk
cfdisk
ili
fdisk /dev/sdb    #particioniranje hdd
n – nova particija > p – primarna particija > 1 > enter > enter >p – izlist particije > w –#zapisivanje informacija i izlazak
reboot   #restartanje mašine
#formatiranje:
mkfs.tab tipka   #izlist komandi
mkfs.ext4 /dev/sdb1
#kreiranje foldera
mkdir /virtual
#trajno mountanje
vi /etc/fstab
#na kraju dodajemo
/dev/sdb1    /virtual    ext4       defaults      1 2
esc dvotočka wq! izlaz
mount -a  #da nam posloži hard diskove
df  #da vidim jel mi vidi hard disk (dev/sdb1)

3.  (2 boda) Promijenite korisniku root lozinku na R@inb0w2!

passwd root
4.  (1 bod) Trenutno i trajno ugasite servise postfix i cups.
service postfix stop
service cups stop
chkconfig postfix off
chkconfig cups off
5. (4 boda) Podesite prava pristupa u mapi /home/ivana tako da korisnica ivana bude vlasnica direktorija ida u njega može i čitati i pisati. Svim ostalim klasama korisnika zabranite pristup. Ako korisnica ivana nepostoji na virtualnoj mašini, stvorite ju (koristeći komandu adduser ivana).
 adduser –m ivana
ili
mkdir /home/ivana
#promijena vlasništa na folderu
chown ivana /home/ivana
#ivana mora imati samo ona prava
chmod 700 /home/ivana
Linux opcionalni dio (17 bodova):6. (2 boda) Napravite trajno brisanje konfiguracije iptables firewalla (ne trajno gašenje niti brisanje servisa,
nego trajno brisanje konfiguracije uz trajno aktivni servis).
cd /etc/sysconfig
ls -al iptables
vi iptables i maknem sve komande
brisanje iptablesa
rm iptables
y
7. (6 bodova) Omogućite pokretanje apache web servera, servisa httpd (instalacijski cd spojite pod/media/cdrom). Servis mora biti automatski startan nakon restarta virtualnog servera.
mount /dev/cdrom /media/cdrom –t iso9660
yum install httpd*
 chkconfig httpd on
8. (2 boda) Podesite rsyslog servis da sve kernel poruke zapisuje u datoteku /var/log/kernel. Koristitepostojeću konfiguraciju u konfiguracijskoj datoteci /etc/rsyslog.conf.
vi /etc/rsyslog.conf
odkomentiramo ispred kern.* i dodamo     /var/log/kernel…..ili kak je zahtjevano
service rsyslog restart
ll /var/log/kernel
9. (2 boda) Za korisnika root kreirajte RSA SSH ključeve sa praznim privatnim ključem.
ssh-keygen –t rsa
10. (5 bodova) Omogućite udaljeni pristup SSH protokolom (za instalaciju servisa sshd jepotrebno CD uređaj spojiti na /media/cdrom). 
yum install openssh
service sshd start
chkconfig sshd on – trajno paljenje
____________
– namjestite IP adresu na prvu ispravnu i slobodnu IP adresu koju ste dobili u VLAN 40 . DNS i GW postavke moraju biti trajne.
promjeni datoteku /etc/sysconfig/network-scripts/ifcfg-eth0
nano /etc/sysconfig/networkscripts/ifcfg-eth0 
DEVICE=eth0
IPADDR=192.168.1.5
NETMASK=255.255.255.0
NETWORK=192.168.1.0
GATEWAY=192.168.1.1
BROADCAST=192.168.1.255
DNS1=8.8.8.8
ONBOOT=yes
NAME=eth0
onda da se prihvate promjene napravi ovo:
service network restart
Kreirajte korisnika student s lozinkom Arti321
Kreirajte grupu korisnici
2.  Kreirajte korisnika student i lozinkom Arfis.321
adduser student
passwd student
3. dodaj grupu korisnici
groupadd korisnici
Dodijeljeni disk formatirajte na ext2 i spojite pod /mnt/podaci mapu i omogućite da se ne izgubi kod slijedećeg pokretanja računala
Postavite korisnika računala student i grupu korisnici kao vlasnika /mnt/podaci mape
#pod uvjetom da ti postoje korisnik i grupa korisnici napraviš ovo
chown student:korisnici /mnt/podaci
NAPREDNI LINUX
 Promjenite root korisniku lozinku na Sifra123
passwd Dodajte korisnika student u grupu korisnici
usermod -a –G korisnici student Omogućite udaljeni pristup SSH protokolom (instalacijski cd spojite pod ….) Korisnik rootne smije imati direktni pristup preko tog protola. #ovo neznam kako isprobati jel neznam cemu se ima pristup #ako je instaliran sshd ovako se pokrece
 service sshd start #ovo je samo ako zelis da se automatski pali poslje reboota
 chkconfig sshd on defaults #da se zabrani rootu pristup treba se modificirati /etc/ssh/sshd_config
 nano /etc/ssh/sshd_config #pronadi PermitRootLogin yes to ti ovako izgleda #PermitRootLogin yes #ovako treba izgledati (nesmije imati # ispred jel to znaci komentar)
PermitRootLogin no Omogućite automatsko pokretanje postfix deamona na svim računalima
chkconfig postfix on defaults Omogućite pristup aplikaciji putty i MS-CLI2 računala prema Linux poslužiteljima.
#ovo neznam sto znaci mozda se misli da maknes firewall ako je podignut ?#micanje firewallaiptrables -F

Cisco komande za routere

Posted on by

Router

R1#show run
Building configuration…

Current configuration : 1786 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
ip ssh version 1
no ip domain-lookup
ip domain-name lab
!
!
spanning-tree mode pvst
!
!
interface Loopback0
ip address 172.16.0.62 255.255.255.192
!
interface Loopback1
ip address 172.16.0.94 255.255.255.224
!
interface Loopback2
ip address 172.16.0.126 255.255.255.224
!
interface Loopback3
ip address 172.16.0.142 255.255.255.240
!
interface Loopback4
ip address 172.16.0.150 255.255.255.248
!
interface Loopback5
ip address 172.16.0.154 255.255.255.252
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.25
encapsulation dot1Q 25
ip address 172.16.1.1 255.255.255.0
ip helper-address 10.1.12.2
!
interface FastEthernet0/0.35
encapsulation dot1Q 35
ip address 192.168.1.1 255.255.255.0
ip helper-address 10.1.12.2
!
interface FastEthernet0/0.99
encapsulation dot1Q 99
ip address 10.10.10.1 255.255.255.0
!
interface FastEthernet0/1
ip address 10.1.12.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
passive-interface FastEthernet0/0.25
passive-interface FastEthernet0/0.35
network 172.16.0.0
network 10.0.0.0
network 192.168.0.0 0.0.255.255
no auto-summary
!
ip classless
!
!
ip access-list standard TELNET
permit host 172.16.1.101
!
banner motd ^CPristup neovlastenim osobama nije dozvoljen!^C
!
!
!
!
line con 0
password cisco
logging synchronous
login
!
line aux 0
!
line vty 0 4
access-class TELNET in
password cisco
login
transport input ssh
line vty 5 15
access-class TELNET in
password cisco
login
transport input ssh
!
!
!
end

 

R2#show run
Building configuration…

Current configuration : 1996 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R2
!
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
ip dhcp excluded-address 172.16.1.1 172.16.1.100
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool VLAN25
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 8.8.8.8
ip dhcp pool VLAN35
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
!
no ip domain-lookup
ip domain-name lab
!
!
spanning-tree mode pvst
!
!
interface Loopback0
ip address 22.22.22.1 255.255.255.0
!
interface FastEthernet0/0
ip address 193.200.1.2 255.255.255.252
ip access-group ACL in
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.12.2 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
redistribute static metric 100000 10 255 1 1500
network 10.0.0.0
auto-summary
!
router bgp 61211
bgp log-neighbor-changes
no synchronization
neighbor 193.200.1.1 remote-as 34594
network 22.22.22.0 mask 255.255.255.0
!
ip nat inside source list NAT interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 193.200.1.1
!
!
ip access-list standard TELNET
permit host 172.16.1.101
ip access-list standard NAT
permit 172.16.0.0 0.0.0.255
permit 172.16.1.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
ip access-list extended ACL
permit tcp any host 22.22.22.1 eq www
permit tcp any host 22.22.22.1 eq 443
permit tcp any host 22.22.22.1 eq 8080
permit icmp any host 22.22.22.1 echo
permit ip any host 193.200.1.2
!
banner motd ^CPristup neovlastenim osobama nije dozvoljen!^C
!
!
line con 0
password cisco
logging synchronous
login
!
line aux 0
!
line vty 0 4
access-class TELNET in
password cisco
login
transport input ssh
line vty 5 15
access-class TELNET in
password cisco
login
transport input ssh
!
!
!
end

HQ#show run
Building configuration…

Current configuration : 759 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname HQ
!
!
!
spanning-tree mode pvst
!
!
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Loopback1
ip address 77.77.77.1 255.255.255.0
!
interface FastEthernet0/0
ip address 193.200.1.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router bgp 34594
bgp log-neighbor-changes
no synchronization
neighbor 193.200.1.2 remote-as 61211
network 77.77.77.0 mask 255.255.255.0
!
ip classless
!

!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
end

Cisco komande za switcheve

Posted on by

switchevi

SW1#show run
Building configuration…

Current configuration : 1568 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
no ip domain-lookup
!
spanning-tree mode pvst
spanning-tree vlan 25,35,99 priority 24576
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
switchport mode trunk
!
interface FastEthernet0/13
switchport mode trunk
!
interface FastEthernet0/14
switchport mode trunk
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.10.10.101 255.255.255.0
!
ip default-gateway 10.10.10.1
!
banner motd ^CPristup neovlastenim osobama nije dozvoljen!^C
!
ip access-list standard TELNET
permit host 172.16.1.101
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
access-class TELNET in
password cisco
login
line vty 5 15
access-class TELNET in
password cisco
login
!
!
end

SW2#show run
Building configuration…

Current configuration : 1662 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW2
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport access vlan 25
switchport mode access
switchport port-security
switchport port-security maximum 3
switchport port-security violation restrict
spanning-tree portfast
!
interface FastEthernet0/11
!
interface FastEthernet0/12
switchport mode trunk
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
switchport mode trunk
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.10.10.102 255.255.255.0
!
ip default-gateway 10.10.10.1
!
banner motd ^CPristup neovlastenim osobama nije dozvoljen!^C
!
ip access-list standard TELNET
permit host 172.16.1.101
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
access-class TELNET in
password cisco
login
line vty 5 15
access-class TELNET in
password cisco
login
!
!
end

SW3#show run
Building configuration…

Current configuration : 1810 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW3
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
no ip domain-lookup
!
spanning-tree mode pvst
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport access vlan 35
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 00D0.D30D.B435
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 35
switchport mode access
switchport port-security
spanning-tree portfast
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport mode trunk
!
interface FastEthernet0/14
switchport mode trunk
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
switchport mode trunk
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.10.10.103 255.255.255.0
!
ip default-gateway 10.10.10.1
!
banner motd ^CPristup neovlastenim osobama nije dozvoljen!^C
!
ip access-list standard TELNET
permit host 172.16.1.101
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
access-class TELNET in
password cisco
login
line vty 5 15
access-class TELNET in
password cisco
login
!
!
end