Objectifs de certification
ICND1 100-105
- 4.1 Décrire les opérations de recherche DNS
- 4.2 Dépanner des problèmes de connectivité client impliquant DNS
- 5.3 Configurer et vérifier la configuration initiale d'un périphérique
- 4.3 Configurer et vérifier DHCP sur un routeur sauf les réservations statiques Server, Relay, Client, TFTP, DNS, and gateway options
- 4.4 Dépanner des problèmes de connectivité DHCP client et routeur
- 4.7. Configurer, vérifier et dépanner inside source NAT Static, Pool, PAT
- 3.2 Interpréter les composants d'une table de routage Prefix, Network mask, Next hop, Routing protocol code, Administrative distance, Metric, Gateway of last resort
- 3.5 Comparer et mettre en contraste le routage statique et le routage dynamique
- 3.6 Configurer, vérifier et dépanner le routage statique IPv4 et IPv6 Default route, Network route, Host route, Floating static
- 5.6 Utilisation des outils Cisco IOS pour dépanner et résoudre des problèmes Ping et traceroute avec l'option extended,Terminal monitor, Log events, Local SPAN
CCNA R&S 200-125
- 5.1 Décrire les opérations de recherche DNS
- 5.2 Dépanner des problèmes de connectivité client impliquant DNS
- 7.4 Configurer et vérifier la configuration initiale d'un périphérique
- 5.3 Configurer et vérifier DHCP sur un routeur sauf les réservations statiques (Server, Relay, Client, TFTP, DNS, and gateway options)
- 5.4 Dépanner des problèmes de connectivité DHCP client et routeur
- 6.2 Décrire les techniques d'atténuation des menaces sur la couche d'accès (802.1x, DHCP snooping, Nondefault native VLAN)
- 5.6 Configurer, vérifier et dépanner inside source NAT (Static, Pool, PAT)
- 3.2 Interpréter les composants d'une table de routage (Prefix, Network mask, Next hop, Routing protocol code, Administrative distance, Metric, Gateway of last resort)
- 3.5 Comparer et mettre en contraste le routage statique et le routage dynamique
- 3.8 Configurer, vérifier et dépanner le routage statique IPv4 et IPv6 (Default route, Network route, Host route, Floating static)
- 7.6 Utilisation des outils Cisco IOS pour dépanner et résoudre des problèmes (Ping et traceroute avec l'option extended, Terminal monitor, Log events, Local SPAN)
Lab passerelle Internet
Cet exercice pratique vise à configurer le routeur Cisco d’une toute petite infrastructure qui pourrait ressembler à un bureau distant, un situation domestique, une très petite entreprise. Il s’agit de déployer tous les services que l’on peut utiliser nativement avec une passerelle domestique bon marché : auto-configuration IPv6, DHCP, DNS, NAT44. Il ne manque que le pare-feu.
1. Topologie de lab
!!! ajouter l’adresse Link-local.
1.1. Composants
| Composant | Nom | Image | Rôle |
|---|---|---|---|
| Routeur | gateway | vios-adventerprisek9-m.vmdk.SPA.156-2.T | Passerelle IPv4 entre l’Internet et le LAN avec services DHCP, DHCPv6, SLAAC, DNS Forwarder. |
| Nuage | Internet | Intégré au logiciel | Simule un Internet IPv4 |
| Commutateur | SW1 | Intégré au logiciel | Commutateur du LAN |
| Ordinateur | PC1 | ubuntu1604.qcow2 | PC client TCP/IP dans le LAN |
| Ordinateur | PC2 | ubuntu1604.qcow2 | PC client TCP/IP dans le LAN |
1.2. Connexions
| Périphérique 1 | Interface | Interface | Périphérique 2 | Réseau partagé |
|---|---|---|---|---|
| Internet | nat0 | G0/1 | ||
| gateway | G0/1 | nat0 | Internet | WAN |
| gateway | G0/0 | e0 | SW1 | LAN |
| SW1 | e0 | G0/0 | Gateway | LAN |
| SW1 | e1 | ens3 | PC1 | LAN |
| SW1 | e1 | ens3 | PC2 | LAN |
1.3. Plan d’adressage
Une seule interface dispose de paramètres IPv4 et IPv6 statiques : l’interface G0/0 du routeur “gateway”
- Adresse IPv4 privée :
192.168.1.254 255.255.255.0 - Adresse IPv6 Link-Local :
fe80::1/64 - Adresse IPv6 privée :
fd00:192:168:1::/64
1.4. Services à déployer
En IPv4, le routeur “Gateway” connecte l’Internet et fait office de routeur NAT44. Un service DHCP distribue les adresses dans cette plage de 192.168.1.1 à 192.168.1.199. Celui-ci s’annonce en DHCP comme passerelle et comme résolveur de noms DNS dans le réseau local.
En IPv6, l’autoconfiguration automatique dans état et DHCPv6 Stateful est activé pour le préfixe fd00:192:168:1::/64. Il fait office de passerelle IPv6 et de résolveur DNS.
2. Démarrage du routeur
Booting `IOSv'
Booted IOSv. Boot args: [/vios-adventerprisek9-m]
Smart Init is enabled
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.6(2)T, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 22-Mar-16 16:19 by prod_rel_team
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco IOSv (revision 1.0) with with 460033K/62464K bytes of memory.Installed image archive
Processor board ID 9LZIT3F3H77XUDNPC6QD9
4 Gigabit Ethernet interfaces
DRAM configuration is 72 bits wide with parity disabled.
256K bytes of non-volatile configuration memory.
2097152K bytes of ATA System CompactFlash 0 (Read/Write)
0K bytes of ATA CompactFlash 1 (Read/Write)
1024K bytes of ATA CompactFlash 2 (Read/Write)
0K bytes of ATA CompactFlash 3 (Read/Write)
SETUP: new interface GigabitEthernet0/0 placed in "shutdown" state
SETUP: new interface GigabitEthernet0/1 placed in "shutdown" state
SETUP: new interface GigabitEthernet0/2 placed in "shutdown" state
SETUP: new interface GigabitEthernet0/3 placed in "shutdown" state
% Applying bootstrap config from flash2:...
Building configuration...
[OK]
Press RETURN to get started!
*Mar 1 00:00:00.647: %ATA-6-DEV_FOUND: device 0x1F0
*Mar 1 00:00:02.830: %ATA-6-DEV_FOUND: device 0x1F1
*Mar 1 00:00:06.412: %NVRAM-5-CONFIG_NVRAM_NOT_FOUND: NVRAM configuration 'flash:/nvram' could not be found on disk.
*Apr 21 17:37:52.928: %PA-3-PA_INIT_FAILED: Performance Agent failed to initialize (Missing Data License)
*Apr 21 17:37:54.797: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Apr 21 17:37:54.798: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Apr 21 17:37:54.798: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
*Apr 21 17:37:54.799: %LINK-3-UPDOWN: Interface GigabitEthernet0/3, changed state to up
*Apr 21 17:37:55.170: %CVAC-7-CONFIG_FOUND: Configuration file flash2:/ios_config.txt was found and will be applied to NVRAM.
*Apr 21 17:37:55.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Apr 21 17:37:55.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*Apr 21 17:37:55.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
*Apr 21 17:37:55.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/3, changed state to down
*Apr 21 17:37:55.947: %CVAC-7-CONFIG_FOUND: Configuration file flash2:/ios_config.txt was found and will be applied to NVRAM.
*Apr 21 17:37:57.366: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
*Apr 21 17:37:57.367: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
*Apr 21 17:37:57.367: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
*Apr 21 17:37:57.367: %LINK-5-CHANGED: Interface GigabitEthernet0/3, changed state to administratively down
*Apr 21 17:38:00.884: %GRUB-5-CONFIG_WRITING: GRUB configuration is being updated on disk. Please wait...
*Apr 21 17:38:02.132: %GRUB-5-CONFIG_WRITTEN: GRUB configuration was written to disk successfully.
*Apr 21 17:38:02.132: %CVAC-4-CONFIG_DONE: Configuration generated from file flash2:/ios_config.txt was applied and saved to NVRAM. See 'show running-config' or 'show startup-config' for more details.
*Apr 21 17:38:04.397: %SYS-5-RESTART: System restarted --
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.6(2)T, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 22-Mar-16 16:19 by prod_rel_team
*Apr 21 17:38:04.420: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Apr 21 17:38:04.420: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Apr 21 17:38:10.517: %PLATFORM-5-SIGNATURE_VERIFIED: Image 'flash0:/vios-adventerprisek9-m' passed code signing verification
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************
3. Configuration IPv4
3.1. Procédure de configuration IPv4
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#! Définition du nom d'hôte
Router(config)#hostname gateway
gateway(config)#! Configuration de l'interface G0/0 (LAN)
gateway(config)#interface GigabitEthernet0/0
gateway(config-if)# description LAN interface
gateway(config-if)# ip address 192.168.1.254 255.255.255.0
gateway(config-if)# ip nat inside
gateway(config-if)# no shutdown
gateway(config-if)# ! Configuration de l'interface G0/1 (WAN)
gateway(config-if)#interface GigabitEthernet0/1
gateway(config-if)# description WAN interface
gateway(config-if)# ip address dhcp
gateway(config-if)# ip nat outside
gateway(config-if)# no shutdown
gateway(config-if)#! Création d'un ACL IPv4 standard nommé "lan"
gateway(config-if)#ip access-list standard lan
gateway(config-std-nacl)# permit 192.168.1.0 0.0.0.255
gateway(config-std-nacl)#! création d'une règle NAT overload
gateway(config-std-nacl)#ip nat inside source list lan interface GigabitEthernet0/1 overload
gateway(config)#! Activation de la résolution de nom et du service DNS en IPv4
gateway(config)#ip domain lookup
gateway(config)#ip name-server 8.8.8.8
gateway(config)#ip dns server
gateway(config)#! Création du pool DHCP
gateway(config)#ip dhcp pool DHCP-LAN
gateway(dhcp-config)# network 192.168.1.0 255.255.255.0
gateway(dhcp-config)# default-router 192.168.1.254
gateway(dhcp-config)# dns-server 192.168.1.254
gateway(dhcp-config)#!
gateway(dhcp-config)#ip dhcp excluded-address 192.168.1.200 192.168.1.254
gateway(config)#!
gateway(config)#end
gateway#! Enregistrement de la configuration
gateway#wr
Building configuration...
[OK]
*Apr 22 13:58:36.243: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
*Apr 22 13:58:36.875: %SYS-5-CONFIG_I: Configured from console by console
gateway#
*Apr 22 13:58:37.448: %GRUB-5-CONFIG_WRITING: GRUB configuration is being updated on disk. Please wait...
*Apr 22 13:58:38.081: %GRUB-5-CONFIG_WRITTEN: GRUB configuration was written to disk successfully.
gateway#
*Apr 22 13:58:38.104: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Apr 22 13:58:38.344: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Apr 22 13:58:39.104: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
gateway#
*Apr 22 13:58:39.344: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
gateway#
*Apr 22 13:58:52.701: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0/1 assigned DHCP address 192.168.122.124, mask 255.255.255.0, hostname gateway
3.2. Configuration résumée IPv4
configure terminal
hostname gateway
interface GigabitEthernet0/0
description LAN interface
ip address 192.168.1.254 255.255.255.0
ip nat inside
no shutdown
interface GigabitEthernet0/1
description WAN interface
ip address dhcp
ip nat outside
no shutdown
ip access-list standard lan
permit 192.168.1.0 0.0.0.255
ip nat inside source list lan interface GigabitEthernet0/1 overload
ip domain lookup
ip name-server 8.8.8.8
ip dns server
ip dhcp pool DHCP-LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.254
ip dhcp excluded-address 192.168.1.200 192.168.1.254
end
wr
4. Configuration IPv6
4.1. Procédure de configuration IPv6
gateway#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
gateway(config)#hostname gateway
gateway(config)#! Activation du routage IPv6
gateway(config)#ipv6 unicast-routing
gateway(config)#! Création du pool DHCPv6
gateway(config)#ipv6 dhcp pool DHCPv6-LAN
gateway(config-dhcpv6)# address prefix FD00:192:168:1::/64
gateway(config-dhcpv6)# dns-server FD00:192:168:1::1
gateway(config-dhcpv6)#! Configuration de l'interface G0/0 (LAN)
gateway(config-dhcpv6)#interface GigabitEthernet0/0
gateway(config-if)# description LAN interface
gateway(config-if)# ipv6 address FE80::1 link-local
gateway(config-if)# ipv6 address FD00:192:168:1::1/64
gateway(config-if)# ipv6 nd managed-config-flag
gateway(config-if)# ipv6 nd other-config-flag
gateway(config-if)# ipv6 dhcp server DHCPv6-LAN
gateway(config-if)# no shutdown
gateway(config-if)#! Configuration de l'interface G0/1 (WAN)
gateway(config-if)#interface GigabitEthernet0/1
gateway(config-if)# description WAN interface
gateway(config-if)# ipv6 address dhcp
gateway(config-if)# no shutdown
gateway(config-if)#!
gateway(config-if)#end
gateway#!
gateway#wr
Building configuration...
*Apr 22 14:04:30.918: %SYS-5-CONFIG_I: Configured from console by console[OK]
gateway#
*Apr 22 14:04:33.009: %GRUB-5-CONFIG_WRITING: GRUB configuration is being updated on disk. Please wait...
*Apr 22 14:04:33.641: %GRUB-5-CONFIG_WRITTEN: GRUB configuration was written to disk successfully.
4.2. Configuration résumée IPv6
configure terminal
hostname gateway
ipv6 unicast-routing
ipv6 dhcp pool DHCPv6-LAN
address prefix FD00:192:168:1::/64
dns-server FD00:192:168:1::1
interface GigabitEthernet0/0
description LAN interface
ipv6 address FE80::1 link-local
ipv6 address FD00:192:168:1::1/64
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 dhcp server DHCPv6-LAN
no shutdown
interface GigabitEthernet0/1
description WAN interface
ipv6 address dhcp
no shutdown
end
wr
5. Vérifications IPv4 sur le routeur
5.1. Vérifications IPv4
# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.1.254 YES NVRAM up up
GigabitEthernet0/1 192.168.122.204 YES DHCP up up
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/3 unassigned YES NVRAM administratively down down
NVI0 192.168.1.254 YES unset up up
5.2. Interface L2
# show interface g0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is iGbE, address is 0059.fedc.e100 (bia 0059.fedc.e100)
Description: LAN interface
Internet address is 192.168.1.254/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Unknown, Unknown, link type is auto, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:04, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 675
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 7000 bits/sec, 8 packets/sec
5 minute output rate 130000 bits/sec, 10 packets/sec
3649 packets input, 428002 bytes, 0 no buffer
Received 111 Broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
4533 packets output, 5922027 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
37 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
5.3. Interface L3
# show ip interface g0/0
GigabitEthernet0/0 is up, line protocol is up
Internet address is 192.168.1.254/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed Broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
Output features: NAT Inside, Common Flow Table, Stateful Inspection, NAT ALG proxy
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
5.4. Table de routage
# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.122.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 192.168.122.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.254/32 is directly connected, GigabitEthernet0/0
192.168.122.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.122.0/24 is directly connected, GigabitEthernet0/1
L 192.168.122.204/32 is directly connected, GigabitEthernet0/1
5.5. Ping vers le WAN
#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
5.6. Ping vers le LAN
#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/5 ms
5.7. Ping étendu
#ping
Protocol [ip]:
Target IP address: 8.8.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Ingress ping [n]:
Source address or interface: 192.168.1.254
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0x0000ABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/17 ms
5.8. Vérification du NAT
#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 192.168.122.204:33018 192.168.1.1:33018 5.79.108.34:123 5.79.108.34:123
udp 192.168.122.204:34397 192.168.1.1:34397 83.162.251.163:123 83.162.251.163:123
udp 192.168.122.204:35239 192.168.1.1:35239 5.79.108.34:123 5.79.108.34:123
udp 192.168.122.204:37189 192.168.1.1:37189 178.239.61.38:123 178.239.61.38:123
udp 192.168.122.204:37553 192.168.1.1:37553 5.79.108.34:123 5.79.108.34:123
udp 192.168.122.204:40752 192.168.1.1:40752 82.161.207.47:123 82.161.207.47:123
udp 192.168.122.204:46784 192.168.1.1:46784 83.162.251.163:123 83.162.251.163:123
udp 192.168.122.204:49350 192.168.1.1:49350 178.239.61.38:123 178.239.61.38:123
udp 192.168.122.204:50651 192.168.1.1:50651 178.239.61.38:123 178.239.61.38:123
udp 192.168.122.204:50795 192.168.1.1:50795 5.79.108.34:123 5.79.108.34:123
udp 192.168.122.204:53305 192.168.1.1:53305 82.161.207.47:123 82.161.207.47:123
udp 192.168.122.204:53606 192.168.1.1:53606 5.79.108.34:123 5.79.108.34:123
udp 192.168.122.204:53804 192.168.1.1:53804 83.162.251.163:123 83.162.251.163:123
udp 192.168.122.204:53848 192.168.1.1:53848 82.161.207.47:123 82.161.207.47:123
udp 192.168.122.204:53900 192.168.1.1:53900 83.162.251.163:123 83.162.251.163:123
udp 192.168.122.204:54011 192.168.1.1:54011 82.161.207.47:123 82.161.207.47:123
udp 192.168.122.204:57110 192.168.1.1:57110 178.239.61.38:123 178.239.61.38:123
Pro Inside global Inside local Outside local Outside global
udp 192.168.122.204:57993 192.168.1.1:57993 178.239.61.38:123 178.239.61.38:123
udp 192.168.122.204:58081 192.168.1.1:58081 82.161.207.47:123 82.161.207.47:123
udp 192.168.122.204:59517 192.168.1.1:59517 83.162.251.163:123 83.162.251.163:123
udp 192.168.122.204:33414 192.168.1.2:33414 91.148.192.49:123 91.148.192.49:123
udp 192.168.122.204:40216 192.168.1.2:40216 84.245.27.209:123 84.245.27.209:123
udp 192.168.122.204:40258 192.168.1.2:40258 46.243.26.34:123 46.243.26.34:123
udp 192.168.122.204:42136 192.168.1.2:42136 51.15.41.135:123 51.15.41.135:123
udp 192.168.122.204:46245 192.168.1.2:46245 178.239.61.38:123 178.239.61.38:123
udp 192.168.122.204:49456 192.168.1.2:49456 51.15.49.133:123 51.15.49.133:123
udp 192.168.122.204:52624 192.168.1.2:52624 85.255.214.66:123 85.255.214.66:123
udp 192.168.122.204:54325 192.168.1.2:54325 163.172.218.86:123 163.172.218.86:123
udp 192.168.122.204:54694 192.168.1.2:54694 128.199.50.51:123 128.199.50.51:123
udp 192.168.122.204:55131 192.168.1.2:55131 141.138.142.81:123 141.138.142.81:123
udp 192.168.122.204:56678 192.168.1.2:56678 213.154.229.24:123 213.154.229.24:123
udp 192.168.122.204:58935 192.168.1.2:58935 129.250.35.251:123 129.250.35.251:123
udp 192.168.122.204:59107 192.168.1.2:59107 163.172.216.210:123 163.172.216.210:123
Pro Inside global Inside local Outside local Outside global
udp 192.168.122.204:60171 192.168.1.2:60171 213.136.0.252:123 213.136.0.252:123
udp 192.168.122.204:60196 192.168.1.2:60196 217.77.132.1:123 217.77.132.1:123
udp 192.168.122.204:60486 192.168.1.2:60486 87.233.197.123:123 87.233.197.123:123
tcp 192.168.122.204:49673 192.168.1.3:49673 40.77.229.47:443 40.77.229.47:443
tcp 192.168.122.204:49685 192.168.1.3:49685 40.77.229.43:443 40.77.229.43:443
tcp 192.168.122.204:49690 192.168.1.3:49690 40.77.229.36:443 40.77.229.36:443
tcp 192.168.122.204:49703 192.168.1.3:49703 40.77.229.54:443 40.77.229.54:443
udp 192.168.122.204:62735 192.168.1.3:62735 157.56.144.215:3544 157.56.144.215:3544
icmp 192.168.122.204:5 192.168.1.254:5 8.8.8.8:5 8.8.8.8:5
5.9. Access-lists
#show access-lists
Standard IP access list lan
10 permit 192.168.1.0, wildcard bits 0.0.0.255 (105 matches)
5.10. Baux DHCP
#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
192.168.1.1 0059.fe99.af00 Apr 23 2017 03:02 PM Automatic
192.168.1.2 0059.fe6d.3b00 Apr 23 2017 03:02 PM Automatic
192.168.1.3 0100.59fe.c24c.00 Apr 23 2017 03:03 PM Automatic
6. Vérifications à partir des clients TCP/IPv4
6.1. Paramètres IPv4
user@ubuntu1604:~$ ip -4 add show dev ens3
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.1.2/24 brd 192.168.1.255 scope global ens3
valid_lft forever preferred_lft forever
user@ubuntu1604:~$ ip route
default via 192.168.1.254 dev ens3
192.168.1.0/24 dev ens3 proto kernel scope link src 192.168.1.2
user@ubuntu1604:~$ cat /etc/resolv.conf
#Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.254
6.2. Vérification de la connectivité
user@ubuntu1604:~$ ping -c 1 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=255 time=3.83 ms
--- 192.168.1.254 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.836/3.836/3.836/0.000 ms
user@ubuntu1604:~$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=41 time=18.5 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 18.576/18.576/18.576/0.000 ms
user@ubuntu1604:~$ ping -c 1 www.google.com
PING www.google.com (172.217.20.68) 56(84) bytes of data.
64 bytes from www.google.com (172.217.20.68): icmp_seq=1 ttl=48 time=12.5 ms
--- www.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 12.517/12.517/12.517/0.000 ms
6.3. Vérification L7 résolution de noms DNS
user@ubuntu1604:~$ dig www.google.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63245
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 290 IN A 172.217.20.68
;; Query time: 7 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Sat Apr 22 16:24:08 CEST 2017
;; MSG SIZE rcvd: 48
user@ubuntu1604:~$ dig @8.8.8.8 www.google.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43348
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 203 IN A 172.217.17.68
;; Query time: 20 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Apr 22 16:24:18 CEST 2017
;; MSG SIZE rcvd: 59
6.4. Vérification de la connectivité L7 HTTP
curl ipinfo.io/ip
6.5. Vérifications ARP
user@ubuntu1604:~$ arp -a
? (192.168.1.254) at 00:59:fe:dc:e1:00 [ether] on ens3
user@ubuntu1604:~$ ping -c 1 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=6.63 ms
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 6.636/6.636/6.636/0.000 ms
user@ubuntu1604:~$ arp -a
? (192.168.1.1) at 00:59:fe:99:af:00 [ether] on ens3
? (192.168.1.254) at 00:59:fe:dc:e1:00 [ether] on ens3
Laisser un commentaire