Objectifs de certification

ICND1 100-105

  • 1.8. Appliquer des méthodes de dépannage pour résoudre des problèmes Réaliser et documenter l'isolation de l'erreur, Résolution ou escalade, Vérifier et surveiller la résolution
  • 2.3. Dépanner des problèmes d'interface et de câblage collisions, erreurs, duplex, vitesse
  • 4.2 Dépanner des problèmes de connectivité client impliquant DNS
  • 4.4 Dépanner des problèmes de connectivité DHCP client et routeur
  • 5.6 Utilisation des outils Cisco IOS pour dépanner et résoudre des problèmes Ping et traceroute avec l'option extended,Terminal monitor, Log events, Local SPAN
  • 1.9. Configurer, vérifier et dépanner l'adressage et le sous-réseautage IPv4
  • 1.13. Configurer, vérifier et dépanner l'adressage IPv6
  • 2.4. Configurer, vérifier et dépanner des VLANs normal/extended range recouvrants plusieurs commutateurs Access ports data and voice, Default VLAN
  • 2.5. Configurer, vérifier et dépanner l'inter-connectivité entre les commutateurs Trunk ports, Ajouter et retirer des VLANs sur un trunk, DTP, VTP v1&v2 et 802.1Q, Native VLAN
  • 2.7. Configurer, vérifier et dépanner port security Static, Dynamic, Sticky, Max MAC addresses, Violation actions, Err-disable recovery
  • 3.4 Configurer, vérifier et dépanner le routage inter-VLAN Router on a stick, SVI
  • 3.6 Configurer, vérifier et dépanner le routage statique IPv4 et IPv6 Default route, Network route, Host route, Floating static
  • 3.7 Configurer, vérifier et dépanner RIPv2 pour IPv4 sauf authentification, filtrage, summarization manuelle, redistribution
  • 4.6. Configurer, vérifier et dépanner les ACL IPv4 standard numérotées et nommées sur les interfaces des routeurs
  • 4.7. Configurer, vérifier et dépanner inside source NAT Static, Pool, PAT
  • 5.4 Configurer, vérifier et dépanner le renforcement sécuritaire hardening de base d'un périphérique Local authentication, Secure password, Access to device, Source address, Telnet/SSH, Login banner

Diagnostic Cisco IOS ICND1

On trouvera dans ce document une synthèse des méthodes de dépannage en Cisco IOS associées à la matière ICND1.

1. Diagnostic Cisco IOS de base

CommandeDescription
show ip interface briefVérifications synthétiques L1, L2, IPv4
show ipv6 interface briefVérifications synthétiques L1, L2, IPv4
show interfaces G0/0Paramètres L2 : adresse MAC, protocole/encapsulation L2, QoS, Statistiques d’erreurs L1
show cdp neighborsSi CDP donne, la couche 2 est opérationnelle
show ip interface G0/0Paramètres L3 IPv4 : ARP et ICMP
show ipv6 interface G0/0Paramètres L3 IPv6 : ND et ICMPv6
show ip routeTable de routage IPv4
show ipv6 routeTable de routage IPv6

+++

2. Diagnostic des interfaces

2.1 Vérifications L1, L2, L3

Les commandes show ip interface brief et show ipv6 interface brief présentent :

  • Le nom de l’interface
  • Ses adresses IP
  • La méthode de configuration
  • Status (L1)
  • Protocol (L2)
show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         192.168.1.254   YES NVRAM  up                    up
GigabitEthernet0/1         192.168.122.71  YES DHCP   up                    down
GigabitEthernet0/2         unassigned      YES NVRAM  down                  down
GigabitEthernet0/3         unassigned      YES NVRAM  administratively down down
#show ipv6 interface brief
GigabitEthernet0/0     [up/up]
    FE80::1
    FD00:192:168:1::1
GigabitEthernet0/1     [up/down]
    unassigned
GigabitEthernet0/2     [down/down]
    unassigned
GigabitEthernet0/3     [administratively down/down]
    unassigned
Status (L1)Protocol (L2)Description
upupL1 OK, L2 OK
updownL1 OK, L2 : Encapsulation L2 (protocole, authentification, clock rate)
downdownL1 : câble pendant ou shutdown à l’extrémité
administratively downdownadministrativement désactivé

2.2. Vérifications L1/L2

show interfaces G0/0 et show cdp neighbors donne un diagnostic L1/L2

#show interfaces G0/0
GigabitEthernet0/0 is up, line protocol is up
  Hardware is iGbE, address is 0002.8bee.3300 (bia 0002.8bee.3300)
  Description: LAN interface
  Internet address is 192.168.1.254/24
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Unknown, Unknown, link type is auto, media type is RJ45
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:08, output 00:00:03, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     116 packets input, 13544 bytes, 0 no buffer
     Received 18 Broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     122 packets output, 17237 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     2 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
SW0              Gig 0/0           150              S I             Gig 0/0

Total cdp entries displayed : 1

2.3. Diagnostic ARP et ICMP

#show ip interface G0/0
GigabitEthernet0/0 is up, line protocol is up
  Internet address is 192.168.1.254/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed Broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
  Output features: NAT Inside, Common Flow Table, Stateful Inspection, NAT ALG proxy
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled

2.4. Diagnostic ND et ICMPv6

#show ipv6 interface G0/0
GigabitEthernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::1
  No Virtual link-local address(es):
  Description: LAN interface
  Global unicast address(es):
    FD00:192:168:1::1, subnet is FD00:192:168:1::/64
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:2
    FF02::1:FF00:1
    FF05::1:3
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Common Flow Table Stile classification
  Output features: Common Flow Table Stile Classification
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use DHCP to obtain routable addresses.
  Hosts use DHCP to obtain other configuration.

3. Ping / Traceroute étendu

Le ping étendu est utile pour vérifier le fonctionnement du NAT sans quitter la console du routeur. La commande permet de choisir parmi d’autres options l’adresse IP ou l’interface source des paquets générés par la commande.

3.1. Ping étendu

#ping
*Jan 21 20:33:12.652: %SYS-5-CONFIG_I: Configured from console by console
gateway#ping
Protocol [ip]:
Target IP address: 8.8.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Ingress ping [n]:
Source address or interface: 192.168.1.254
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0x0000ABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
udp 192.168.122.71:41349 192.168.1.1:41349 212.59.0.2:123    212.59.0.2:123
udp 192.168.122.71:49021 192.168.1.1:49021 51.15.175.224:123 51.15.175.224:123
udp 192.168.122.71:46625 192.168.1.2:46625 163.172.225.159:123 163.172.225.159:123
icmp 192.168.122.71:3  192.168.1.254:3    8.8.8.8:3          8.8.8.8:3

3.2. Traceroute étendu

#traceroute
Protocol [ip]:
Target IP address: 10.1.94.102
Ingress traceroute [n]:
Source address: 192.168.1.254
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]: 44444
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 10.1.94.102
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.122.1 1 msec 1 msec 1 msec
  2    *    *    *
  3 10.1.142.65 2 msec 2 msec 2 msec
  4 10.1.94.102 1 msec 2 msec 2 msec
#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
udp 192.168.122.71:49198 192.168.1.254:49198 10.1.94.102:44444 10.1.94.102:44444
udp 192.168.122.71:49199 192.168.1.254:49199 10.1.94.102:44445 10.1.94.102:44445
udp 192.168.122.71:49200 192.168.1.254:49200 10.1.94.102:44446 10.1.94.102:44446
udp 192.168.122.71:49201 192.168.1.254:49201 10.1.94.102:44447 10.1.94.102:44447
udp 192.168.122.71:49202 192.168.1.254:49202 10.1.94.102:44448 10.1.94.102:44448
udp 192.168.122.71:49203 192.168.1.254:49203 10.1.94.102:44449 10.1.94.102:44449
udp 192.168.122.71:49204 192.168.1.254:49204 10.1.94.102:44450 10.1.94.102:44450
udp 192.168.122.71:49205 192.168.1.254:49205 10.1.94.102:44451 10.1.94.102:44451
udp 192.168.122.71:49206 192.168.1.254:49206 10.1.94.102:44452 10.1.94.102:44452
udp 192.168.122.71:49207 192.168.1.254:49207 10.1.94.102:44453 10.1.94.102:44453
udp 192.168.122.71:49208 192.168.1.254:49208 10.1.94.102:44454 10.1.94.102:44454
udp 192.168.122.71:49209 192.168.1.254:49209 10.1.94.102:44455 10.1.94.102:44455

4. Protocoles de routage

Méthodes de routage :

  • Statique
  • RIPv2

Informations à vérifier :

4.1. Routage statique

#show ip route static | include 0.0.0.0
Gateway of last resort is 192.168.122.1 to network 0.0.0.0
S*    0.0.0.0/0 [254/0] via 192.168.122.1
#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
(config)#ip route 0.0.0.0 0.0.0.0 G0/0 192.168.122.1 200
(config)#^Z
#show ip route static | include 0.0.0.0
#show ip route static | include 0.0.0.0
Gateway of last resort is 192.168.122.1 to network 0.0.0.0
S*    0.0.0.0/0 [200/0] via 192.168.122.1, GigabitEthernet0/0
y#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
(config)#no ip route 0.0.0.0 0.0.0.0 G0/0 192.168.122.1 200
(config)#^Z
#show ip route static | include 0.0.0.0
Gateway of last resort is 192.168.122.1 to network 0.0.0.0
S*    0.0.0.0/0 [254/0] via 192.168.122.1

Table de routage IPv4

#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.122.1 to network 0.0.0.0

S*    0.0.0.0/0 [254/0] via 192.168.122.1
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0/0
L        192.168.1.254/32 is directly connected, GigabitEthernet0/0
      192.168.122.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.122.0/24 is directly connected, GigabitEthernet0/1
L        192.168.122.71/32 is directly connected, GigabitEthernet0/1

Table de routage IPv6

Commande d’activation explicite du routage IPv6 :

(config)#ipv6 unicast-routing
#show ipv6 route
IPv6 Routing Table - default - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
C   FD00:192:168:1::/64 [0/0]
     via GigabitEthernet0/0, directly connected
L   FD00:192:168:1::1/128 [0/0]
     via GigabitEthernet0/0, receive
L   FF00::/8 [0/0]
     via Null0, receive

4.2. informations apprises (reçues)

Informations calculées (table topologique, table de routage)

show ip rip ?
show ip route rip
debug ip rip

...

4.3. informations envoyées

  • Configuration du routage et des interfaces actives
  • relations de voisinage (table de voisinage, états, interfaces, délais, zone ou AS)

5. Liste d’accès (ACLs)

5.1. Afficher des ACLs

show access-lists
Standard IP access list LAN
    10 permit 192.168.1.0, wildcard bits 0.0.0.255 (262 matches)
#show ip access-list
Standard IP access list LAN
    10 permit 192.168.1.0, wildcard bits 0.0.0.255 (262 matches)

5.2. Modifier une ACL

#show run | section ip access-list
ip access-list standard lan
 permit 192.168.1.0 0.0.0.255
#
#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
(config)#ip access-list standard lan
(config-std-nacl)#no permit 192.168.1.0 0.0.0.255
(config-std-nacl)#permit 192.168.2.0 0.0.0.255
(config-std-nacl)#^Z

6. Diagnostic Commutateur

CommandeDescription
show interface status 
show vlan 
show vlan brief 
show interface trunk 
show switchport interface <name> 
show interface switchport ? 
show dtp 
show vtp status 
show port-security 
debug ? 

7. CDP / LLDP

CommandeDescription
show cdp 
show cdp neighbors 
show cdp neighbors detail 
CommandeDescription
show lldp 
show lldp neighbors 
show lldp neighbors detail 

8. DHCP

CommandeDescription
show ip dhcp binding 
show ip dhcp pool <name> 
show ip dhcp server statistics 
show ip dhcp conflict 
debug ip dhcp server packet 
debug ip dhcp server events 

9. NAT

CommandeDescription
show running-config | include nat 
show access-list 
show ip nat translations 
show ip nat statistics 
debug ip nat 

10. NTP

CommandeDescription
show clock 
show calendar 
show ntp config 
show ntp information 
show ntp status 
show ntp associations 
show ntp packets 
debug ntp events 

11. SYSLOG

CommandeDescription
show logging 
show logging history 

12. Vérification des configurations

CommandeDescription
show running-config 
show startup-config 
show flash: 
show version 

Laisser un commentaire