Objectifs de certification
CCNA 200-301
4.3 Expliquer le rôle de DHCP et de DNS au sein du réseau
3.2 Déterminer comment un routeur prend une décision de transfert par défaut
- 3.2.a Longest match
- 3.2.b Administrative distance
- 3.2.c Routing protocol metric
3.1 Interpréter les composants d’une table de routage
- 3.1.a Routing protocol code
- 3.1.b Prefix
- 3.1.c Network mask
- 3.1.d Next hop
- 3.1.e Administrative distance
- 3.1.f Metric
- 3.1.g Gateway of last resort
3.3 Configurer et vérifier le routage statique IPv4 et IPv6
- 3.3.a Default route
- 3.3.b Network route
- 3.3.c Host route
- 3.3.d Floating static
4.1 Configurer et vérifier inside source NAT (static et pools)
1.7 Décrire la nécessité d’un adressage IPv4 privé
1.6 Configurer et vérifier l’adressage et le sous-réseautage (subnetting) IPv4
1.8 Configurer et vérifier l’adressage et les préfixes IPv6
1.9 Comparer les types d’adresses IPv6
- 1.9.a Global unicast
- 1.9.b Unique local
- 1.9.c Link local
- 1.9.d Anycast
- 1.9.e Multicast
- 1.9.f Modified EUI 64
1.10 Vérifier les paramètres IP des OS clients (Windows, Mac OS, Linux)
Lab passerelle Internet
Cet exercice pratique vise à configurer le routeur Cisco d’une toute petite infrastructure qui pourrait ressembler à un bureau distant, une situation domestique, une très petite entreprise. Il s’agit de déployer tous les services que l’on peut utiliser nativement avec une passerelle domestique bon marché : auto-configuration IPv6, DHCP, DNS, NAT44. Il ne manque que le pare-feu.
1. Topologie de lab
1.1. Composants
| Composant | Nom | Image | Rôle |
|---|---|---|---|
| Routeur | gateway | vios-adventerprisek9-m.vmdk.SPA.156-2.T | Passerelle IPv4 entre l’Internet et le LAN avec services DHCP, DHCPv6, SLAAC, DNS Forwarder |
| Nuage | Internet | Intégré au logiciel | Simule un Internet IPv4 |
| Commutateur | SW1 | Intégré au logiciel | Commutateur du LAN |
| Ordinateur | PC1 | ubuntu1604.qcow2 | PC client TCP/IP dans le LAN |
| Ordinateur | PC2 | ubuntu1604.qcow2 | PC client TCP/IP dans le LAN |
1.2. Connexions
| Périphérique 1 | Interface | Interface | Périphérique 2 | Réseau partagé |
|---|---|---|---|---|
| Internet | nat0 | G0/1 | - | - |
| gateway | G0/1 | nat0 | Internet | WAN |
| gateway | G0/0 | e0 | SW1 | LAN |
| SW1 | e0 | G0/0 | Gateway | LAN |
| SW1 | e1 | ens3 | PC1 | LAN |
| SW1 | e1 | ens3 | PC2 | LAN |
1.3. Plan d’adressage
Une seule interface dispose de paramètres IPv4 et IPv6 statiques : l’interface G0/0 du routeur “gateway”
- Adresse IPv4 privée :
192.168.1.254 255.255.255.0 - Adresse IPv6 Link-Local :
fe80::1/64 - Adresse IPv6 privée :
fd00:192:168:1::/64
1.4. Services à déployer
En IPv4, le routeur “Gateway” connecte l’Internet et fait office de routeur NAT44. Un service DHCP distribue les adresses dans cette plage de 192.168.1.1 à 192.168.1.199. Celui-ci s’annonce en DHCP comme passerelle et comme résolveur de noms DNS dans le réseau local.
En IPv6, l’autoconfiguration automatique sans état et un service DHCPv6 Stateful sont activés pour le préfixe fd00:192:168:1::/64. Le routeur fait office de passerelle IPv6 et de résolveur DNS.
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur ! 
2. Démarrage du routeur
Booting `IOSv'
Booted IOSv. Boot args: [/vios-adventerprisek9-m]
Smart Init is enabled
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.6(2)T, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 22-Mar-16 16:19 by prod_rel_team
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco IOSv (revision 1.0) with with 460033K/62464K bytes of memory.Installed image archive
Processor board ID 9LZIT3F3H77XUDNPC6QD9
4 Gigabit Ethernet interfaces
DRAM configuration is 72 bits wide with parity disabled.
256K bytes of non-volatile configuration memory.
2097152K bytes of ATA System CompactFlash 0 (Read/Write)
0K bytes of ATA CompactFlash 1 (Read/Write)
1024K bytes of ATA CompactFlash 2 (Read/Write)
0K bytes of ATA CompactFlash 3 (Read/Write)
SETUP: new interface GigabitEthernet0/0 placed in "shutdown" state
SETUP: new interface GigabitEthernet0/1 placed in "shutdown" state
SETUP: new interface GigabitEthernet0/2 placed in "shutdown" state
SETUP: new interface GigabitEthernet0/3 placed in "shutdown" state
% Applying bootstrap config from flash2:...
Building configuration...
[OK]
Press RETURN to get started!
*Mar 1 00:00:00.647: %ATA-6-DEV_FOUND: device 0x1F0
*Mar 1 00:00:02.830: %ATA-6-DEV_FOUND: device 0x1F1
*Mar 1 00:00:06.412: %NVRAM-5-CONFIG_NVRAM_NOT_FOUND: NVRAM configuration 'flash:/nvram' could not be found on disk.
*Apr 21 17:37:52.928: %PA-3-PA_INIT_FAILED: Performance Agent failed to initialize (Missing Data License)
*Apr 21 17:37:54.797: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Apr 21 17:37:54.798: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Apr 21 17:37:54.798: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
*Apr 21 17:37:54.799: %LINK-3-UPDOWN: Interface GigabitEthernet0/3, changed state to up
*Apr 21 17:37:55.170: %CVAC-7-CONFIG_FOUND: Configuration file flash2:/ios_config.txt was found and will be applied to NVRAM.
*Apr 21 17:37:55.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Apr 21 17:37:55.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*Apr 21 17:37:55.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
*Apr 21 17:37:55.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/3, changed state to down
*Apr 21 17:37:55.947: %CVAC-7-CONFIG_FOUND: Configuration file flash2:/ios_config.txt was found and will be applied to NVRAM.
*Apr 21 17:37:57.366: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
*Apr 21 17:37:57.367: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
*Apr 21 17:37:57.367: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
*Apr 21 17:37:57.367: %LINK-5-CHANGED: Interface GigabitEthernet0/3, changed state to administratively down
*Apr 21 17:38:00.884: %GRUB-5-CONFIG_WRITING: GRUB configuration is being updated on disk. Please wait...
*Apr 21 17:38:02.132: %GRUB-5-CONFIG_WRITTEN: GRUB configuration was written to disk successfully.
*Apr 21 17:38:02.132: %CVAC-4-CONFIG_DONE: Configuration generated from file flash2:/ios_config.txt was applied and saved to NVRAM. See 'show running-config' or 'show startup-config' for more details.
*Apr 21 17:38:04.397: %SYS-5-RESTART: System restarted --
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.6(2)T, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 22-Mar-16 16:19 by prod_rel_team
*Apr 21 17:38:04.420: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Apr 21 17:38:04.420: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Apr 21 17:38:10.517: %PLATFORM-5-SIGNATURE_VERIFIED: Image 'flash0:/vios-adventerprisek9-m' passed code signing verification
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
3. Configuration IPv4
La procédure de configuration comporte quelques étapes logiques :
- Définition du nom d’hôte
- Configuration de l’interface G0/0 (LAN)
- Configuration de l’interface G0/1 (WAN)
- Création d’une ACL IPv4 standard nommé “lan”
- Création d’une règle NAT overload
- Activation de la résolution de nom et du service DNS en IPv4
- Création du pool DHCP
- Enregistrement de la configuration
On sera attentif aux “logs”, aux événements qui apparaîteront dans la console.
3.1. Procédure de configuration IPv4
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
3.2. Définition du nom d’hôte
Router(config)#hostname gateway
gateway(config)#
3.3. Configuration de l’interface G0/0 (LAN)
gateway(config)#interface GigabitEthernet0/0
gateway(config-if)# description LAN interface
gateway(config-if)# ip address 192.168.1.254 255.255.255.0
gateway(config-if)# ip nat inside
gateway(config-if)# no shutdown
gateway(config-if)# exit
3.4. Configuration de l’interface G0/1 (WAN)
gateway(config)#interface GigabitEthernet0/1
gateway(config-if)# description WAN interface
gateway(config-if)# ip address dhcp
gateway(config-if)# ip nat outside
gateway(config-if)# no shutdown
gateway(config-if)# exit
3.5. Création d’une ACL IPv4 standard nommé “lan”
gateway(config)#ip access-list standard lan
gateway(config-std-nacl)# permit 192.168.1.0 0.0.0.255
gateway(config-std-nacl)# exit
3.6. Création d’une règle NAT overload
gateway(config)#ip nat inside source list lan interface GigabitEthernet0/1 overload
3.7. Activation de la résolution de nom et du service DNS en IPv4
gateway(config)#ip domain lookup
gateway(config)#ip name-server 8.8.8.8
gateway(config)#ip dns server
3.8. Création du pool DHCP
gateway(config)#ip dhcp pool DHCP-LAN
gateway(dhcp-config)# network 192.168.1.0 255.255.255.0
gateway(dhcp-config)# default-router 192.168.1.254
gateway(dhcp-config)# dns-server 192.168.1.254
gateway(dhcp-config)# exit
gateway(config)#ip dhcp excluded-address 192.168.1.200 192.168.1.254
3.9. Enregistrement de la configuration
gateway(config)#end
gateway#wr
Building configuration...
[OK]
3.10. Evénements
*Apr 22 13:58:38.104: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Apr 22 13:58:38.344: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Apr 22 13:58:39.104: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
gateway#
*Apr 22 13:58:39.344: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
gateway#
*Apr 22 13:58:52.701: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0/1 assigned DHCP address 192.168.122.124, mask 255.255.255.0, hostname gateway
3.11. Configuration résumée IPv4
configure terminal
hostname gateway
interface GigabitEthernet0/0
description LAN interface
ip address 192.168.1.254 255.255.255.0
ip nat inside
no shutdown
interface GigabitEthernet0/1
description WAN interface
ip address dhcp
ip nat outside
no shutdown
ip access-list standard lan
permit 192.168.1.0 0.0.0.255
ip nat inside source list lan interface GigabitEthernet0/1 overload
ip domain lookup
ip name-server 8.8.8.8
ip dns server
ip dhcp pool DHCP-LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.254
ip dhcp excluded-address 192.168.1.200 192.168.1.254
end
wr
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
4. Configuration IPv6
La configuration d’IPv6 nécessite des activations explicites :
- Activation du routage IPv6
- Création du pool DHCPv6
- Configuration de l’interface G0/0 (LAN)
- Enregistrement de la configuration
4.1. Procédure de configuration IPv6
gateway#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
gateway(config)#hostname gateway
gateway(config)#
4.2. Activation du routage IPv6
gateway(config)#ipv6 unicast-routing
4.3. Création du pool DHCPv6
gateway(config)#ipv6 dhcp pool DHCPv6-LAN
gateway(config-dhcpv6)# address prefix FD00:192:168:1::/64
gateway(config-dhcpv6)# dns-server FD00:192:168:1::1
gateway(config-dhcpv6)# exit
4.4. Configuration de l’interface G0/0 (LAN)
gateway(config)#interface GigabitEthernet0/0
gateway(config-if)# description LAN interface
gateway(config-if)# ipv6 address FE80::1 link-local
gateway(config-if)# ipv6 address FD00:192:168:1::1/64
gateway(config-if)# ipv6 nd managed-config-flag
gateway(config-if)# ipv6 nd other-config-flag
gateway(config-if)# ipv6 dhcp server DHCPv6-LAN
gateway(config-if)# no shutdown
gateway(config-if)# exit
4.5. Configuration de l’interface G0/1 (WAN)
gateway(config)#interface GigabitEthernet0/1
gateway(config-if)# description WAN interface
gateway(config-if)# ipv6 address dhcp
gateway(config-if)# no shutdown
gateway(config-if)# exit
gateway(config)#
4.6. Enregistrement de la configuration
gateway(config)#end
gateway#
gateway#wr
Building configuration...
*Apr 22 14:04:30.918: %SYS-5-CONFIG_I: Configured from console by console[OK]
gateway#
*Apr 22 14:04:33.009: %GRUB-5-CONFIG_WRITING: GRUB configuration is being updated on disk. Please wait...
*Apr 22 14:04:33.641: %GRUB-5-CONFIG_WRITTEN: GRUB configuration was written to disk successfully.
4.7. Configuration résumée IPv6
configure terminal
hostname gateway
ipv6 unicast-routing
ipv6 dhcp pool DHCPv6-LAN
address prefix FD00:192:168:1::/64
dns-server FD00:192:168:1::1
interface GigabitEthernet0/0
description LAN interface
ipv6 address FE80::1 link-local
ipv6 address FD00:192:168:1::1/64
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 dhcp server DHCPv6-LAN
no shutdown
interface GigabitEthernet0/1
description WAN interface
ipv6 address dhcp
no shutdown
end
wr
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
5. Vérifications IPv4 sur le routeur
On peut réaliser une série de vérifications sur IPv4 sur le routeur :
- Vérifications des interfaces IPv4
- Vérifications des L2 interfaces
- Vérifications des L3 interfaces
- Table de routage IPv4
- Ping IPv4 vers le WAN
- Ping IPv4 vers le LAN
- Ping IPv4 étendu
- Vérification du NAT
- Vérification des access-lists
- Vérification des baux DHCP
5.1. Vérifications des interfaces IPv4
# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.1.254 YES NVRAM up up
GigabitEthernet0/1 192.168.122.204 YES DHCP up up
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/3 unassigned YES NVRAM administratively down down
NVI0 192.168.1.254 YES unset up up
5.2. Vérifications des L2 interfaces
# show interface g0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is iGbE, address is 0059.fedc.e100 (bia 0059.fedc.e100)
Description: LAN interface
Internet address is 192.168.1.254/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Unknown, Unknown, link type is auto, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:04, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 675
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 7000 bits/sec, 8 packets/sec
5 minute output rate 130000 bits/sec, 10 packets/sec
3649 packets input, 428002 bytes, 0 no buffer
Received 111 Broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
4533 packets output, 5922027 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
37 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
5.3. Vérifications des L3 interfaces
# show ip interface g0/0
GigabitEthernet0/0 is up, line protocol is up
Internet address is 192.168.1.254/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed Broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
Output features: NAT Inside, Common Flow Table, Stateful Inspection, NAT ALG proxy
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
5.4. Table de routage IPv4
# show ip route
Pour chaque réseau directement connecté (192.168.1.0/24 et 192.168.122.0/24), on trouve une route “C” et une route “L” locale qui désigne l’interface elle-même comme destination.
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.122.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 192.168.122.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.254/32 is directly connected, GigabitEthernet0/0
192.168.122.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.122.0/24 is directly connected, GigabitEthernet0/1
L 192.168.122.204/32 is directly connected, GigabitEthernet0/1
5.5. Ping IPv4 vers le WAN
La commande ping vérifie la connectivité IP entre deux hôtes. Ici une adresse IPv4 publique bien connue :
#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
5.6. Ping IPv4 vers le LAN
#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/5 ms
5.7. Ping IPv4 étendu
Un ping dit “étendu” permet de préciser les paquets ICMP envoyés et, notamment, l’adresse IP source que le routeur va utilisé. Cette pratique permet de vérifier la fonctionnalité du routage.
#ping
Protocol [ip]:
Target IP address: 8.8.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Ingress ping [n]:
Source address or interface: 192.168.1.254
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0x0000ABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/17 ms
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
5.8. Vérification du NAT
La commande show ip nat translations permet de visualiser la table de traduction NAT.
#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 192.168.122.204:60171 192.168.1.2:60171 213.136.0.252:123 213.136.0.252:123
udp 192.168.122.204:60196 192.168.1.2:60196 217.77.132.1:123 217.77.132.1:123
udp 192.168.122.204:60486 192.168.1.2:60486 87.233.197.123:123 87.233.197.123:123
tcp 192.168.122.204:49673 192.168.1.3:49673 40.77.229.47:443 40.77.229.47:443
tcp 192.168.122.204:49685 192.168.1.3:49685 40.77.229.43:443 40.77.229.43:443
tcp 192.168.122.204:49690 192.168.1.3:49690 40.77.229.36:443 40.77.229.36:443
tcp 192.168.122.204:49703 192.168.1.3:49703 40.77.229.54:443 40.77.229.54:443
udp 192.168.122.204:62735 192.168.1.3:62735 157.56.144.215:3544 157.56.144.215:3544
icmp 192.168.122.204:5 192.168.1.254:5 8.8.8.8:5 8.8.8.8:5
5.9. Vérification des access-lists
#show access-lists
Standard IP access list lan
10 permit 192.168.1.0, wildcard bits 0.0.0.255 (105 matches)
5.10. Vérification des baux DHCP
#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
192.168.1.1 0059.fe99.af00 Apr 23 2017 03:02 PM Automatic
192.168.1.2 0059.fe6d.3b00 Apr 23 2017 03:02 PM Automatic
192.168.1.3 0100.59fe.c24c.00 Apr 23 2017 03:03 PM Automatic
6. Vérifications à partir des clients TCP/IPv4
6.1. Paramètres IPv4
Il sera utile de vérifier :
- Les paramètres d’interface
- La table de routage
- Les paramètres DNS
6.2. Paramètres d’interface
user@ubuntu1604:~$ ip -4 add show dev ens3
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.1.2/24 brd 192.168.1.255 scope global ens3
valid_lft forever preferred_lft forever
6.3. Table de routage
user@ubuntu1604:~$ ip route
default via 192.168.1.254 dev ens3
192.168.1.0/24 dev ens3 proto kernel scope link src 192.168.1.2
6.4. Paramètres DNS
user@ubuntu1604:~$ cat /etc/resolv.conf
#Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.254
6.5. Vérification de la connectivité
On peut vérifier avec la commande ping :
- La connectivité vers la passerelle
- La connectivité vers une adresse IP publique
- La connectivité vers un nom résolu en adresse IP (UDP/DNS, L4)
6.6. Connectivité vers la passerelle
user@ubuntu1604:~$ ping -c 1 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=255 time=3.83 ms
--- 192.168.1.254 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.836/3.836/3.836/0.000 ms
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
6.7. Connectivité vers une adresse IP publique
user@ubuntu1604:~$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=41 time=18.5 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 18.576/18.576/18.576/0.000 ms
6.8. Connectivité vers un nom résolu
user@ubuntu1604:~$ ping -c 1 www.google.com
PING www.google.com (172.217.20.68) 56(84) bytes of data.
64 bytes from www.google.com (172.217.20.68): icmp_seq=1 ttl=48 time=12.5 ms
--- www.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 12.517/12.517/12.517/0.000 ms
6.9. Vérification L7 résolution de noms DNS
On peut confirmer la fonction DNS avec les commandes dig ou nslookup.
user@ubuntu1604:~$ dig www.google.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63245
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 290 IN A 172.217.20.68
;; Query time: 7 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Sat Apr 22 16:24:08 CEST 2017
;; MSG SIZE rcvd: 48
user@ubuntu1604:~$ dig @8.8.8.8 www.google.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43348
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 203 IN A 172.217.17.68
;; Query time: 20 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Apr 22 16:24:18 CEST 2017
;; MSG SIZE rcvd: 59
En téléchargeant les livres du Guide CCNA 200-301 vous encouragez son auteur !
6.4. Vérification de la connectivité L7 HTTP
curl http://ipinfo.io/ip
6.5. Vérifications ARP
user@ubuntu1604:~$ arp -a
? (192.168.1.254) at 00:59:fe:dc:e1:00 [ether] on ens3
user@ubuntu1604:~$ ping -c 1 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=6.63 ms
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 6.636/6.636/6.636/0.000 ms
user@ubuntu1604:~$ arp -a
? (192.168.1.1) at 00:59:fe:99:af:00 [ether] on ens3
? (192.168.1.254) at 00:59:fe:dc:e1:00 [ether] on ens3
