Objectifs de certification
ICND1 100-105
1.8. Appliquer des méthodes de dépannage pour résoudre des problèmes Réaliser et documenter l’isolation de l’erreur, Résolution ou escalade, Vérifier et surveiller la résolution
2.3. Dépanner des problèmes d’interface et de câblage collisions, erreurs, duplex, vitesse
4.2 Dépanner des problèmes de connectivité client impliquant DNS
4.4 Dépanner des problèmes de connectivité DHCP client et routeur
5.6 Utilisation des outils Cisco IOS pour dépanner et résoudre des problèmes Ping et traceroute avec l’option extended,Terminal monitor, Log events, Local SPAN
1.9. Configurer, vérifier et dépanner l’adressage et le sous-réseautage IPv4
1.13. Configurer, vérifier et dépanner l’adressage IPv6
1.14. Configurer, vérifier le service IPv6 Stateless Address Auto Configuration
2.4. Configurer, vérifier et dépanner des VLANs normal/extended range recouvrants plusieurs commutateurs Access ports data and voice, Default VLAN
2.5. Configurer, vérifier et dépanner l’inter-connectivité entre les commutateurs Trunk ports, Ajouter et retirer des VLANs sur un trunk, DTP, VTP v1&v2 et 802.1Q, Native VLAN
2.7. Configurer, vérifier et dépanner port security Static, Dynamic, Sticky, Max MAC addresses, Violation actions, Err-disable recovery
3.4 Configurer, vérifier et dépanner le routage inter-VLAN Router on a stick, SVI
3.6 Configurer, vérifier et dépanner le routage statique IPv4 et IPv6 Default route, Network route, Host route, Floating static
3.7 Configurer, vérifier et dépanner RIPv2 pour IPv4 sauf authentification, filtrage, summarization manuelle, redistribution
4.3 Configurer et vérifier DHCP sur un routeur sauf les réservations statiques Server, Relay, Client, TFTP, DNS, and gateway options
4.5. Configurer et vérifier NTP fonctionnant dans un mode client/serveur
4.6. Configurer, vérifier et dépanner les ACL IPv4 standard numérotées et nommées sur les interfaces des routeurs
4.7. Configurer, vérifier et dépanner inside source NAT Static, Pool, PAT
5.1 Configurer et vérifier les protocoles de surveillance des périphériques Syslog
5.2 Configurer et vérifier la gestion du périphérique Backup et restore de la configuration du périphérique, Utilisation de Cisco Discovery Protocol ou LLDP pour la découverte des périphériques, Licensing, Logging, Timezone, Loopback
5.3 Configurer et vérifier la configuration initiale d’un périphérique
5.4 Configurer, vérifier et dépanner le renforcement sécuritaire hardening de base d’un périphérique Local authentication, Secure password, Access to device, Source address, Telnet/SSH, Login banner
CCNA 200-301
1.4 Identifier les problèmes d’interface et de câbles (collisions, errors, mismatch duplex, et/ou speed)
1.6 Configurer et vérifier l’adressage et le sous-réseautage (subnetting) IPv4
1.8 Configurer et vérifier l’adressage et les préfixes IPv6
2.1 Configurer et vérifier les VLANs (normal range) couvrant plusieurs switches
- 2.1.a Access ports (data et voice)
- 2.1.b Default VLAN
- 2.1.c Connectivity
2.2 Configurer et vérifier la connectivité interswitch
- 2.2.a Trunk ports
- 2.2.b 802.1Q
- 2.2.c Native VLAN
2.3 Configurer et vérifier les protocoles de découverte Layer 2 (Cisco Discovery Protocol et LLDP)
2.4 Configurer et vérifier (Layer 2/Layer 3) EtherChannel (LACP)
2.9 Configurer les composants d’un accès au LAN sans-fil pour la connectivité d’un client en utilisant un GUI seulement pour la création du WLAN, les paramètres de sécurité, les profiles QoS et des paramètres WLAN avancés
3.3 Configurer et vérifier le routage statique IPv4 et IPv6
- 3.3.a Default route
- 3.3.b Network route
- 3.3.c Host route
- 3.3.d Floating static
3.4 Configurer et vérifier single area OSPFv2
- 3.4.a Neighbor adjacencies
- 3.4.b Point-to-point
- 3.4.c Broadcast (DR/BDR selection)
- 3.4.d Router ID
4.1 Configurer et vérifier inside source NAT (static et pools)
4.2 Configurer et vérifier NTP dans le mode client et le mode server
4.6 Configurer et vérifier DHCP client et relay
4.8 Configurer les périphériques pour un accès distant avec SSH
5.3 Configurer l’accès aux périphériques avec des mots de passe
5.6 Configurer et vérifier les access control lists
5.7 Configurer les fonctionnalités de sécurité Layer 2 (DHCP snooping, dynamic ARP inspection, et port security)
5.10 Configurer un WLAN en utilisant WPA2 PSK avec un GUI
Diagnostic Cisco IOS ICND1
On trouvera dans ce document une synthèse des méthodes de dépannage en Cisco IOS associées à la matière ICND1.
1. Diagnostic Cisco IOS de base
Commande | Description |
---|---|
show ip interface brief | Vérifications synthétiques L1, L2, IPv4 |
show ipv6 interface brief | Vérifications synthétiques L1, L2, IPv4 |
show interfaces G0/0 | Paramètres L2 : adresse MAC, protocole/encapsulation L2, QoS, Statistiques d’erreurs L1 |
show cdp neighbors | Si CDP donne, la couche 2 est opérationnelle |
show ip interface G0/0 | Paramètres L3 IPv4 : ARP et ICMP |
show ipv6 interface G0/0 | Paramètres L3 IPv6 : ND et ICMPv6 |
show ip route | Table de routage IPv4 |
show ipv6 route | Table de routage IPv6 |
…
2. Diagnostic des interfaces
2.1 Vérifications L1, L2, L3
Les commandes show ip interface brief
et show ipv6 interface brief
présentent :
- Le nom de l’interface
- Ses adresses IP
- La méthode de configuration
- Status (L1)
- Protocol (L2)
show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.1.254 YES NVRAM up up
GigabitEthernet0/1 192.168.122.71 YES DHCP up down
GigabitEthernet0/2 unassigned YES NVRAM down down
GigabitEthernet0/3 unassigned YES NVRAM administratively down down
#show ipv6 interface brief
GigabitEthernet0/0 [up/up]
FE80::1
FD00:192:168:1::1
GigabitEthernet0/1 [up/down]
unassigned
GigabitEthernet0/2 [down/down]
unassigned
GigabitEthernet0/3 [administratively down/down]
unassigned
Status (L1) | Protocol (L2) | Description |
---|---|---|
up | up | L1 OK, L2 OK |
up | down | L1 OK, L2 : Encapsulation L2 (protocole, authentification, clock rate) |
down | down | L1 : câble pendant ou shutdown à l’extrémité |
administratively down | down | administrativement désactivé |
2.2. Vérifications L1/L2
show interfaces G0/0
et show cdp neighbors
donne un diagnostic L1/L2
#show interfaces G0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is iGbE, address is 0002.8bee.3300 (bia 0002.8bee.3300)
Description: LAN interface
Internet address is 192.168.1.254/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Unknown, Unknown, link type is auto, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:08, output 00:00:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
116 packets input, 13544 bytes, 0 no buffer
Received 18 Broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
122 packets output, 17237 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
2 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW0 Gig 0/0 150 S I Gig 0/0
Total cdp entries displayed : 1
2.3. Diagnostic ARP et ICMP
#show ip interface G0/0
GigabitEthernet0/0 is up, line protocol is up
Internet address is 192.168.1.254/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed Broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
Output features: NAT Inside, Common Flow Table, Stateful Inspection, NAT ALG proxy
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
2.4. Diagnostic ND et ICMPv6
#show ipv6 interface G0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1
No Virtual link-local address(es):
Description: LAN interface
Global unicast address(es):
FD00:192:168:1::1, subnet is FD00:192:168:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:2
FF02::1:FF00:1
FF05::1:3
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Input features: Common Flow Table Stile classification
Output features: Common Flow Table Stile Classification
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use DHCP to obtain routable addresses.
Hosts use DHCP to obtain other configuration.
3. Ping / Traceroute étendu
Le ping étendu est utile pour vérifier le fonctionnement du NAT sans quitter la console du routeur. La commande permet de choisir parmi d’autres options l’adresse IP ou l’interface source des paquets générés par la commande.
3.1. Ping étendu
#ping
*Jan 21 20:33:12.652: %SYS-5-CONFIG_I: Configured from console by console
gateway#ping
Protocol [ip]:
Target IP address: 8.8.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Ingress ping [n]:
Source address or interface: 192.168.1.254
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0x0000ABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 192.168.122.71:41349 192.168.1.1:41349 212.59.0.2:123 212.59.0.2:123
udp 192.168.122.71:49021 192.168.1.1:49021 51.15.175.224:123 51.15.175.224:123
udp 192.168.122.71:46625 192.168.1.2:46625 163.172.225.159:123 163.172.225.159:123
icmp 192.168.122.71:3 192.168.1.254:3 8.8.8.8:3 8.8.8.8:3
3.2. Traceroute étendu
#traceroute
Protocol [ip]:
Target IP address: 10.1.94.102
Ingress traceroute [n]:
Source address: 192.168.1.254
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]: 44444
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 10.1.94.102
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.122.1 1 msec 1 msec 1 msec
2 * * *
3 10.1.142.65 2 msec 2 msec 2 msec
4 10.1.94.102 1 msec 2 msec 2 msec
#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 192.168.122.71:49198 192.168.1.254:49198 10.1.94.102:44444 10.1.94.102:44444
udp 192.168.122.71:49199 192.168.1.254:49199 10.1.94.102:44445 10.1.94.102:44445
udp 192.168.122.71:49200 192.168.1.254:49200 10.1.94.102:44446 10.1.94.102:44446
udp 192.168.122.71:49201 192.168.1.254:49201 10.1.94.102:44447 10.1.94.102:44447
udp 192.168.122.71:49202 192.168.1.254:49202 10.1.94.102:44448 10.1.94.102:44448
udp 192.168.122.71:49203 192.168.1.254:49203 10.1.94.102:44449 10.1.94.102:44449
udp 192.168.122.71:49204 192.168.1.254:49204 10.1.94.102:44450 10.1.94.102:44450
udp 192.168.122.71:49205 192.168.1.254:49205 10.1.94.102:44451 10.1.94.102:44451
udp 192.168.122.71:49206 192.168.1.254:49206 10.1.94.102:44452 10.1.94.102:44452
udp 192.168.122.71:49207 192.168.1.254:49207 10.1.94.102:44453 10.1.94.102:44453
udp 192.168.122.71:49208 192.168.1.254:49208 10.1.94.102:44454 10.1.94.102:44454
udp 192.168.122.71:49209 192.168.1.254:49209 10.1.94.102:44455 10.1.94.102:44455
4. Protocoles de routage
Méthodes de routage :
- Statique
- RIPv2
Informations à vérifier :
4.1. Routage statique
#show ip route static | include 0.0.0.0
Gateway of last resort is 192.168.122.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 192.168.122.1
#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
(config)#ip route 0.0.0.0 0.0.0.0 G0/0 192.168.122.1 200
(config)#^Z
#show ip route static | include 0.0.0.0
#show ip route static | include 0.0.0.0
Gateway of last resort is 192.168.122.1 to network 0.0.0.0
S* 0.0.0.0/0 [200/0] via 192.168.122.1, GigabitEthernet0/0
y#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
(config)#no ip route 0.0.0.0 0.0.0.0 G0/0 192.168.122.1 200
(config)#^Z
#show ip route static | include 0.0.0.0
Gateway of last resort is 192.168.122.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 192.168.122.1
Table de routage IPv4
#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.122.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 192.168.122.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.254/32 is directly connected, GigabitEthernet0/0
192.168.122.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.122.0/24 is directly connected, GigabitEthernet0/1
L 192.168.122.71/32 is directly connected, GigabitEthernet0/1
Table de routage IPv6
Commande d’activation explicite du routage IPv6 :
(config)#ipv6 unicast-routing
#show ipv6 route
IPv6 Routing Table - default - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
lA - LISP away, a - Application
C FD00:192:168:1::/64 [0/0]
via GigabitEthernet0/0, directly connected
L FD00:192:168:1::1/128 [0/0]
via GigabitEthernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive
4.2. informations apprises (reçues)
Informations calculées (table topologique, table de routage)
show ip rip ?
show ip route rip
debug ip rip
...
4.3. informations envoyées
- Configuration du routage et des interfaces actives
- relations de voisinage (table de voisinage, états, interfaces, délais, zone ou AS)
5. Liste d’accès (ACLs)
5.1. Afficher des ACLs
show access-lists
Standard IP access list LAN
10 permit 192.168.1.0, wildcard bits 0.0.0.255 (262 matches)
#show ip access-list
Standard IP access list LAN
10 permit 192.168.1.0, wildcard bits 0.0.0.255 (262 matches)
5.2. Modifier une ACL
#show run | section ip access-list
ip access-list standard lan
permit 192.168.1.0 0.0.0.255
#
#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
(config)#ip access-list standard lan
(config-std-nacl)#no permit 192.168.1.0 0.0.0.255
(config-std-nacl)#permit 192.168.2.0 0.0.0.255
(config-std-nacl)#^Z
6. Diagnostic Commutateur
Commande | Description |
---|---|
show interface status | |
show vlan | |
show vlan brief | |
show interface trunk | |
show switchport interface <name> | |
show interface switchport ? | |
show dtp | |
show vtp status | |
show port-security | |
debug ? |
7. CDP / LLDP
Commande | Description |
---|---|
show cdp | |
show cdp neighbors | |
show cdp neighbors detail |
Commande | Description |
---|---|
show lldp | |
show lldp neighbors | |
show lldp neighbors detail |
8. DHCP
Commande | Description |
---|---|
show ip dhcp binding | |
show ip dhcp pool <name> | |
show ip dhcp server statistics | |
show ip dhcp conflict | |
debug ip dhcp server packet | |
debug ip dhcp server events |
9. NAT
Commande | Description |
---|---|
show running-config | include nat | |
show access-list | |
show ip nat translations | |
show ip nat statistics | |
debug ip nat |
10. NTP
Commande | Description |
---|---|
show clock | |
show calendar | |
show ntp config | |
show ntp information | |
show ntp status | |
show ntp associations | |
show ntp packets | |
debug ntp events |
11. SYSLOG
Commande | Description |
---|---|
show logging | |
show logging history |
12. Vérification des configurations
Commande | Description |
---|---|
show running-config | |
show startup-config | |
show flash: | |
show version |