Welcome to Bunker

Created by: Mohammed Altanib
Email: Mohalt00027@stud.noroff.no

Disclaimer:This page is not intended as a replacement for lectures or official learning resources. It is simply a collection of commands and configurations to help Noroff - Students follow along with lectures more efficiently. By providing practical examples, it aims to save you time so you can focus on understanding rather than stopping to write down every command manually. All content here is for educational support purposes only.

Basic Router Setup

enable
conf t
hostname R1
interface gig0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
exit

PC Configuration

IP Address: 192.168.1.2
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1

Password and Login Protection

line console 0
password CONS
login
exit

line vty 0 4
password PRIV
login
exit

enable secret PRIV
service password-encryption
banner motd #Welcome to the Router#

SSH and AAA Setup

username Admin secret CONS
ip domain-name mydemo.com
crypto key generate rsa general-keys modulus 2048
line vty 0 4
transport input ssh
exit
aaa new-model
aaa authentication login default local-case enable
login
do copy run start

Static Routing

ip route 192.168.30.0 255.255.255.0 10.0.0.6
ip route 192.168.10.0 255.255.255.0 10.0.0.5
ip route 192.168.20.0 255.255.255.0 10.0.0.5

ACL Setup

access-list 20 permit 200.0.0.0 0.0.0.255
access-list 20 permit 100.10.10.0 0.0.0.255
access-list 20 deny 50.0.0.0 0.0.0.255

ip access-list standard MYListStandard
10 deny 172.16.10.0 0.0.0.255
5 permit 172.16.10.1

Firewall (Zone-Based Firewall)

zone security PRIVATE
zone security PUBLIC
class-map type inspect match-any HTTP-TRAFFIC
match protocol http
match protocol https
policy-map type inspect PRIV-TO-PUB-POLICY
class type inspect HTTP-TRAFFIC
inspect
zone-pair security PRIV-PUB source PRIVATE destination PUBLIC
service-policy type inspect PRIV-TO-PUB-POLICY
interface g0/0/0
zone-member security PRIVATE
interface s0/2/0
zone-member security PUBLIC

IPS Setup (SPAN Port)

monitor session 1 source interface fa0/1 both
monitor session 1 source interface fa0/2 both
monitor session 1 destination interface fa0/4

Endpoint Security (802.1X Authentication)

aaa new-model
radius server NETSEC
address ipv4 192.168.10.2 auth-port 1645
key redpass
interface vlan 1
ip address 192.168.10.3 255.255.255.0
ip default-gateway 192.168.10.1
dot1x system-auth-control
interface range f0/2-24, g0/2
switchport mode access
authentication port-control auto
dot1x pae authenticator

Layer 2

S1
en
conf t
vlan 10
?
name HR
vlan 20
name Sales
int range fa0/1-12
switchport mode access
switchport access vlan 20
exit
do show vlan

S1
en
conf t
vlan 10
name HR
vlan 20
name SALES
int range fast0/1-12
switchport mode access
switchport access vlan 10
int range fast0/13-24
switchport mode access
switchport access vlan 20
do sho vlan

S2
en
conf t
gig0/1
switchport mode ?
switchport mode trunk

S1
int gig0/1
switchport mode trunk
switchport trunk allowed vlan 10,20

S2
switchport trunk allowed vlan 10,20

PC1
192.168.10.2
255.255.255.0
192.168.10.1

PC2
192.168.10.3
255.255.255.0
192.168.10.1

PC3
192.168.10.4
255.255.255.0
192.168.10.1

PC4
192.168.20.4
255.255.255.0
192.168.10.1

R1
int gig0/0.10
encapsulation dot1Q 10
ip add 192.168.10.1 255.255.255.0
int gig0/0.20
encapsulation dot1Q 20
ip add 192.168.20.1 255.255.255.0
int gig0/0
no shut
do sho ip route

S1
int gig0/2
switchport mode trunk
int range fast0/1-24
switchport port-security
switchport port-security maximum 1
switchport port-security mac ?
switchport port-security violstion ?
switchport port-security violation restrict
switchport port-security aging time 100