Plan de Configuration

Plan de configuration :
Entreprise Exia :
 Pc fixe adressage statique + sécurité + dns +web
 Pc portable adressage fixe + web + dns
 Borne wifi plus haute secu (WPA2 AES)+ accès web :
WPA2 AES : SSID : Exia/ nazyasmeh

 Routeur adressage fixe sécurisation des accès + web
Sécurisation des accès :
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname RT_eXia
RT_eXia (config)#line console 0
RT_eXia (config-line)#password exia
RT_eXia (config-line)#login
RT_eXia (config-line)#exit
RT_eXia (config)#enable secret exia
RT_eXia (config)#exit
RT_eXia #
%SYS-5-CONFIG_I: Configured from console by console
RT_eXia #conf t
RT_eXia (config)#service password-encryption
RT_eXia (config)#exit
RT_eXia#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
RT_eXia#
 Serveur dns et ftp local adressage fixe + adresse google.com avec IP 108.177.127.139
 Switch configuration : OK
Mot de passe : exia
Switch>en
Switch#conf t
Switch(config)#hostname swExia
swExia(config)#line console 0
swExia(config-line)#password exia
swExia(config-line)#login
swExia(config-line)#exit
swExia(config)#enable secret exia
swExia(config)#exit
swExia#
swExia#conf t
swExia(config)#service password-encryption
swExia(config)#end
swExia#copy running-config startup-config
[OK]
swExia#
swExia#conf t
swExia(config)#interface range fa0/1-24
swExia(config-if-range)#switchport mode access
swExia(config-if-range)#switchport port-security
swExia(config-if-range)#switchport port-security maximum 1
swExia(config-if-range)#switchport port-security mac-address sticky
swExia(config-if-range)#switchport port-security violation protect
swExia(config-if-range)#end
swExia#
swExia#copy running-config startup-config
[OK]
swExia#show port-security interface fa0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Protect
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses :0
Configured MAC Addresses : 0
Sticky MAC Addresses :0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
swExia#
 Configuration NAT/PAT :
Routeur EXIA_RT :
Interface inside : fa0/1
Interface outside : gi0/0
RT_eXia(config)#interface FastEthernet0/0
RT_eXia(config-if)#ip nat inside
RT_eXia(config-if)#exit
RT_eXia(config)#interface GigabitEthernet0/0/0
RT_eXia(config-if)#ip nat outside
RT_eXia(config)#exit
RT_eXia#
RT_eXia#conf t
RT_eXia(config)#access-list 1 permit 192.168.1.192 0.0.0.63
RT_eXia(config)#ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
RT_eXia(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
RT_eXia#
Config route par défaut sur le routeur DSLAM :
Router(config)#ip route 0.0.0.0 0.0.0.0 Fa1/0
Router(config)#exit
Tunnel IPv6 :
RT_eXia#conf t
RT_eXia(config)#ipv6 unicast-routing
RT_eXia(config)#interface fa0/0
RT_eXia(config-if)#ipv6 enable
RT_eXia(config-if)#ipv6 address 2001:DB8:2000::/64 eui-64
RT_eXia(config-if)#ipv6 address autoconfig
RT_eXia(config)#
RT_eXia#
Attribution automatique des adresses IPv6 :
Déploiement tunnel ipv6 :
Routeur Exia
RT_eXia#conf t
RT_eXia(config)#interface tunnel 0
RT_eXia(config-if)#
%LINK-5-CHANGED: Interface Tunnel0, changed state to up
RT_eXia(config-if)#ipv6 address 2001:DB8:3000::1/64

RT_eXia(config-if)#tunnel source gigabitEthernet 0/0/0
RT_eXia(config-if)#tunnel destination 131.50.62.254
RT_eXia(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
RT_eXia(config-if)#tunnel mode ipv6ip

RT_eXia#
DSLAM :
Router(config)#int tunnel 0
Router(config-if)#
%LINK-5-CHANGED: Interface Tunnel0, changed state to up
Router(config-if)#ipv6 address 2001:DB8:3000::2/64

Router(config-if)#tunnel source gig
Router(config-if)#tunnel source gigabitEthernet 0/1/0
Router(config-if)#tunnel destination 131.50.62.245
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
Router(config-if)#tunnel mode ipv6ip
Configuration des routes statiques ipv6 :
Routeur Exia :
RT_eXia(config)#ipv6 unicast-routing
RT_eXia(config)#ipv6 route ::/0 2001:DB8:3000::2
Routeur Exia_Meraki:
Test :
Bibliothèque :
 Routeur secu physique + ssh +adressage stat +dhcp + web
Sécurisation des accès physiques :

Router>en
Router#conf t
Router(config)#hostname biblio_RT
biblio_RT(config)#line console 0
biblio_RT(config-line)#password biblio
biblio_RT(config-line)#login
biblio_RT(config-line)#exit
biblio_RT(config)#enable secret biblio
biblio_RT(config)#service password-encryption
biblio_RT(config)#exit
biblio_RT#
Accès à distance via SSH
biblio_RT#conf t
biblio_RT(config)#ip domain-name biblio.fr
biblio_RT(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: biblio_RT.biblio.fr
% The key modulus size is 1024 bits

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 1:8:16.281: %SSH-5-ENABLED: SSH 1.99 has been enabled
biblio_RT(config)#ip ssh version 2
biblio_RT(config)#ip ssh time-out 60
biblio_RT(config)#ip ssh authentication-retries 3
biblio_RT(config)#username biblio secret cesi
biblio_RT(config)#line vty 0 4
biblio_RT(config-line)#transport input ssh
biblio_RT(config-line)#login local
biblio_RT(config-line)#
Adressage statique :
biblio_RT(config)#interface FastEthernet0/0
biblio_RT(config-if)#
no ip address
biblio_RT(config-if)#ip address 192.168.0.126 255.255.255.128
Configuration DHCP :
biblio_RT(config)#ip dhcp pool Bibliotheque

biblio_RT(dhcp-config)#network 192.168.0.0 255.255.255.128
biblio_RT(dhcp-config)#default-router 192.168.0.126
biblio_RT(dhcp-config)#dns-server 8.8.8.8
biblio_RT(dhcp-config)#exit
biblio_RT(config)#ip dhcp excluded-address 192.168.0.126
biblio_RT#
 Pc fixes libre ip dynamique + dns +web :

IP dynamique + dns :
 Pc assistante ip dynamique + dns +web
 Switch secu port + ssh
Switch>en
Switch#conf t
Switch(config)#hostname swBiblio
swBiblio(config)#line console 0
swBiblio(config-line)#password biblio
swBiblio(config-line)#login
swBiblio(config-line)#exit
swBiblio(config)#enable secret biblio
swBiblio(config)#service password-encryption
swBiblio(config)#exit
swBiblio#
swBiblio#conf t
swBiblio(config)#interface range fa0/1-24
swBiblio(config-if-range)#switchport mode access
swBiblio(config-if-range)#switchport port-security
swBiblio(config-if-range)#switchport port-security maximum 1
swBiblio(config-if-range)#switchport port-security mac-address sticky
swBiblio(config-if-range)#switchport port-security violation protect
swBiblio(config-if-range)#end
swBiblio#show port
swBiblio#show port-security interface fa0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Protect
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses :0
Configured MAC Addresses : 0
Sticky MAC Addresses :0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
swBiblio#
SSH:
swBiblio#conf t
swBiblio(config)#ip domain-name bibswitch.fr
swBiblio(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: swBiblio.bibswitch.fr

swBiblio(config)#ip ssh version 2
swBiblio(config)#ip ssh time-out 60
swBiblio(config)#ip ssh authentication-retries 3
swBiblio(config)#username switch secret biblio
swBiblio(config)#line vty 0 4
swBiblio(config-line)#transport input ssh
swBiblio(config-line)#login local
swBiblio(config-line)#exit
swBiblio(config)# ip default-gateway 192.168.0.126
swBiblio(config)#interface VLAN 1
swBiblio(config-if)#ip address 192.168.0.10 255.255.255.128
swBiblio(config-if)#no shutdown
swBiblio(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
 Borne wifi ssid + open ap
 Pc portables ip dynamique + web
IP dynamique :
Configuration NAT overload PAT
biblio_RT>en
Password:
biblio_RT#conf t
biblio_RT(config)#interface gi0/0/0
biblio_RT(config-if)#ip nat outside
biblio_RT(config-if)#exit
biblio_RT(config)#interface fa0/0
biblio_RT(config-if)#ip nat inside
biblio_RT(config-if)#exit
biblio_RT(config)#end
biblio_RT(config)#access-list 1 permit 192.168.0.0 0.0.0.127
biblio_RT(config)#ip nat inside source list 1 interface Gi0/0/0 overload
biblio_RT(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
biblio_RT#
Engie :
 Conf vtp :
Routeur : mode server
2 switches : mode client
o vlan 10 service technique 100
o vlan 11 service commercial 60
o vlan 12 wifi invités 20
Routeur:
engieRT(vlan)#vtp ?
client Set the device to client mode.
domain Set the name of the VTP administrative domain.
password Set the password for the VTP administrative domain.
server Set the device to server mode.
transparent Set the device to transparent mode.
v2-mode Set the administrative domain to V2 mode.
engieRT(vlan)#vtp v2-mode
V2 mode enabled.
engieRT(vlan)#vtp server
Device mode already VTP SERVER.
engieRT(vlan)#vtp domain ENGIE
Domain name already set to ENGIE.
engieRT(vlan)#vtp password engie
Password already set to engie
engieRT(vlan)#
Création des vlan sur le server :
engieRT(vlan)#vlan 10 name Tech
VLAN 10 modified:
Name: Tech
engieRT(vlan)#vlan 11 name Commer
VLAN 11 added:
Name: Commer
engieRT(vlan)#vlan 12 name guest
VLAN 12 added:
Name: guest
engieRT(vlan)#
Interfaces Trunk :
engieRT(config)#interface FastEthernet1/0
engieRT(config-if)#
engieRT(config-if)#switchport mode trunk
engieRT(config-if)#no shutdown
engieRT(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to

up
engieRT(config-if)#exit
engieRT(config)#interface FastEthernet1/1
engieRT(config-if)#
engieRT(config-if)#switchport mode trunk
engieRT(config-if)#no shutdown
engieRT(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/1, changed state to up
Création des interfaces virtuelles : Routage inter-VLANs
engieRT(config)#int vlan 10
engieRT(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
engieRT(config-if)#ip address 192.168.8.126 255.255.255.128

engieRT(config-if)#
engieRT(config)#ip routing : activer le routage inter-VLANs
En exécutant la commande #show IP route on obtient :

Configuration vtp sur les switchs :
Switch(config)#vtp version 2
Switch(config)#vtp domain ENGIE
Domain name already set to ENGIE.
Switch(config)#vtp password engie
Setting device VLAN database password to engie
Switch(config)#vtp mode client
Setting device to VTP CLIENT mode.
Switch(config)#exit
Switch#
 DHCP + DNS IP stat (vlan 12) + pool dhcp :
Sur le routeur :
engieRT(config-if)#ip helper-address 192.168.8.225
engieRT(config)#exit
engieRT#
 Routeur secu port + ssh + inter-vlan + web
Sécurisation :
Router>en
Router#conf t
Router(config)#hostname engieRT
engieRT(config)#
engieRT(config)#line console 0
engieRT(config-line)#password engie
engieRT(config-line)#login
engieRT(config-line)#exit
engieRT(config)#enable secret engie
engieRT(config)#service password-encryption
SSH:
engieRT#conf t
engieRT(config)#ip domain-name engie.fr
engieRT(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: engieRT.engie.fr

engieRT(config)#ip ssh version 2
engieRT(config)#ip ssh time-out 60
engieRT(config)#ip ssh authentication-retries 3
engieRT(config)#username engie secret engie
engieRT(config)#line vty 0 4
engieRT(config-line)#transport input ssh
engieRT(config-line)#login local
engieRT(config-line)#exit
engieRT#
 borne WIFI SSID open vlan 12

 pc jaune vlan10 ip dynamique + web
 pc orange vlan 11 IP dynamique + web
 pc bleu wifi vlan 12 IP dynamique + web
 Téléphone portables wifi publique IP dynamique + web
Accès web :
engieRT(config)#interface gig0/0/0
engieRT(config-if)#ip nat outside
engieRT(config)#int fa0/0
engieRT(config-if)#ip nat inside
engieRT(config)#
engieRT(config)#access-list 1 permit 192.168.8.224 0.0.0.3
engieRT(config)#ip nat inside source list 1 interface gigabitEthernet 0/0/0 overload

engieRT(config)#ip route 0.0.0.0 0.0.0.0 gigabitEthernet 0/0/0
DIGIPLEX :
 Etherchannel entre les switch des étages :
Le switch multicouches :
Switch(config)#int range fa0/5-6
Switch(config-if-range)#channel
Switch(config-if-range)#channel-protocol lacp
Switch(config-if-range)#channel-group 3 mode active
Switch(config-if-range)#
Creating a port-channel interface Port-channel 3
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed

state to down

state to up

state to down

state to up
Switch 2 et 3 :
Switch(config)#interface FastEthernet0/4
Switch(config-if)#
Switch(config-if)#exit
Switch(config)#int range fa0/1-2
Switch(config-if-range)#channel-protocol lacp
Switch(config-if-range)#channel-group 3 mode passive
Switch(config-if-range)#
Creating a port-channel interface Port-channel 3

state to down

state to up

state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

 Config vtp :
DIGI_SWL3_01 : switch multicouches en mode server
Tous les autres switch : mode client
o Vlan 10 conception : Vert

o Vlan 20 commercial : Bleu
o Vlan 30 ressources_humaine : Jaune
o Vlan 40 hotline : Orange
o Vlan 50 wifi _entreprise : Mauve
o Vlan 60 wifi_invités : Moutarde
o Vlan 70 server :
Server DHCP, server AD, server DNS, server Intranet, server Exchange
o Vlan 80 management
Switch(config)#vtp domain DIGI

Changing VTP domain name from NULL to DIGI
Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#vtp password digi
Setting device VLAN database password to digi
Switch(config)#vtp version 2
Switch(config)#exit
Switch#
Création des interfaces Vlan et activation du routage inter-vlans :
Switch>en
Switch#conf t
Switch(config)#int vlan 10
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state

to up
Switch(config-if)#ip address 192.168.10.62 255.255.255.192

Switch(config-if)#

to up
Switch(config-if)#

to up

Switch(config-if)#

to up

Switch(config-if)#

to up

Switch(config-if)#

to up

Switch(config-if)#

to up

Switch(config-if)#

to up

Switch(config)#ip routing
Switch(config)#exit
Switch#
La liste des serveurs :
 Routage inter-vlan chaque interface avec la dernière adresse du vlan

 Serveur IP stat
 Pool DHCP
 DNS 192.168.70.3
Configuration du PAT :
Router(config)#int fa0/0
Router(config-if)#ip nat inside
Router(config-if)#
Router(config)#int gigabitEthernet 0/0/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#ip nat inside source list 1 interface gigabitEthernet 0/0/0 overload
Router(config)#
Router(config)#ip route 0.0.0.0 0.0.0.0 gigabitEthernet 0/0/0

Router(config)#exit

Switch#en
Switch#conf t
Switch(config-if)#ip helper-address 192.168.70.1
Switch(config)#exit
Switch#
 IP dynamique postes clients

 Contrôleur wifi mode trunk vlan natif 70
 Borne wifi mode trunk vlan 70
Configuration SSH:
SWL3(config)#ip ssh version 2

SWL3(config)#ip ssh t
SWL3(config)#ip ssh time-out 60
SWL3(config)#ip ssh aut
SWL3(config)#ip ssh authentication-retries 3
SWL3(config)#username digiplex password digi
SWL3(config)#line vty 0 4
SWL3(config-line)#tra
SWL3(config-line)#transport input ssh
SWL3(config-line)#login local
SWL3(config-line)#exit
Etage 1:
Etage 2:
Etage 3:
Confg:

Plan de Configuration

Uploaded by

Copyright:

Available Formats

Plan de Configuration

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Plan de Configuration

Uploaded by

Copyright:

Available Formats

Plan de configuration :

WPA2 AES : SSID : Exia/ nazyasmeh

Attribution automatique des adresses IPv6 :

Déploiement tunnel ipv6 :

RT_eXia(config-if)#ipv6 address 2001:DB8:3000::1/64

RT_eXia(config-if)#tunnel mode ipv6ip

Router(config-if)#ipv6 address 2001:DB8:3000::2/64

Router(config-if)#tunnel mode ipv6ip

Configuration des routes statiques ipv6 :

 Routeur secu physique + ssh +adressage stat +dhcp + web

Sécurisation des accès physiques :

% The key modulus size is 1024 bits

biblio_RT(config)#ip dhcp pool Bibliotheque

 Pc fixes libre ip dynamique + dns +web :

 Pc assistante ip dynamique + dns +web

 Switch secu port + ssh

% The key modulus size is 1024 bits

Configuration NAT overload PAT

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up

engieRT(config-if)#ip address 192.168.8.126 255.255.255.128

En exécutant la commande #show IP route on obtient :

% The key modulus size is 1024 bits

 borne WIFI SSID open vlan 12

engieRT(config)#ip nat inside source list 1 interface gigabitEthernet 0/0/0 overload

 Etherchannel entre les switch des étages :

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, changed

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, changed

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

o Vlan 10 conception : Vert

Switch(config)#vtp domain DIGI

Création des interfaces Vlan et activation du routage inter-vlans :

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state

Switch(config-if)#ip address 192.168.10.62 255.255.255.192

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state

Switch(config-if)#ip address 192.168.30.62 255.255.255.192

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan40, changed state

Switch(config-if)#ip address 192.168.40.62 255.255.255.192

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan50, changed state

Switch(config-if)#ip address 192.168.50.62 255.255.255.192

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan60, changed state

Switch(config-if)#ip address 192.168.60.62 255.255.255.192

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan70, changed state

Switch(config-if)#ip address 192.168.70.14 255.255.255.240

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan80, changed state

Switch(config-if)#ip address 192.168.80.6 255.255.255.248

 Routage inter-vlan chaque interface avec la dernière adresse du vlan

Router(config)#ip route 0.0.0.0 0.0.0.0 gigabitEthernet 0/0/0

 IP dynamique postes clients

SWL3(config)#ip ssh version 2

You might also like