Configurations réseau
| VLAN | IP | Interface |
|---|---|---|
| VLAN89 | 10.0.89.254 | Fa0/1/2 |
| VLAN99 | 10.0.99.254 | Fa0/1/3 |
| VLAN100 | 10.0.100.1 | Fa0/1/1 |
| VLAN200 | 10.0.200.1 | Fa0/1/0 |
Config routeur
EdgeRouter#sh run
Building configuration...
Current configuration : 1654 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EdgeRouter
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
description Interface publique
ip address 193.190.65.84 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1/0
switchport access vlan 200
!
interface FastEthernet0/1/1
switchport access vlan 100
!
interface FastEthernet0/1/2
switchport access vlan 89
!
interface FastEthernet0/1/3
switchport access vlan 99
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
no ip address
!
interface Vlan89
ip address 10.0.89.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan99
ip address 10.0.99.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan100
ip address 10.0.100.1 255.255.255.252
ip nat inside
ip virtual-reassembly
!
interface Vlan200
ip address 10.0.200.1 255.255.255.252
ip nat inside
ip virtual-reassembly
!
ip default-gateway 193.190.65.81
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 193.190.65.81
!
!
ip http server
ip nat inside source list 10 interface FastEthernet0/0 overload
!
access-list 10 permit any
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
| VLAN | Nom | Mode |
|---|---|---|
| VLAN101 | Management | access |
| VLAN102 | IT | access |
| VLAN102-7 | / | trunk |
| VLAN103 | Admin | access |
| VLAN104 | Direction | access |
| VLAN105 | Invité | access |
| VLAN106 | Web | access |
| VLAN107 | Secrétariat | access |
Config du Switch
SW01#sh run
Building configuration...
Current configuration : 2686 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW01
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 4 provision ws-c3750e-24td
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet4/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/0/2
!
interface GigabitEthernet4/0/3
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet4/0/4
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet4/0/5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/0/6
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet4/0/7
switchport access vlan 102
switchport mode access
!
interface GigabitEthernet4/0/8
switchport access vlan 103
!
interface GigabitEthernet4/0/9
switchport access vlan 104
!
interface GigabitEthernet4/0/10
switchport access vlan 105
!
interface GigabitEthernet4/0/11
switchport access vlan 106
!
interface GigabitEthernet4/0/12
switchport access vlan 107
!
interface GigabitEthernet4/0/13
switchport access vlan 201
switchport mode access
!
interface GigabitEthernet4/0/14
switchport access vlan 202
switchport mode access
!
interface GigabitEthernet4/0/15
switchport access vlan 203
switchport mode access
!
interface GigabitEthernet4/0/16
switchport access vlan 204
switchport mode access
!
interface GigabitEthernet4/0/17
switchport access vlan 205
switchport mode access
!
interface GigabitEthernet4/0/18
switchport access vlan 206
switchport mode access
!
interface GigabitEthernet4/0/19
switchport access vlan 207
switchport mode access
!
interface GigabitEthernet4/0/20
!
interface GigabitEthernet4/0/21
switchport mode access
!
interface GigabitEthernet4/0/22
switchport mode access
!
interface GigabitEthernet4/0/23
switchport mode access
!
interface GigabitEthernet4/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/0/25
!
interface GigabitEthernet4/0/26
!
interface GigabitEthernet4/0/27
!
interface GigabitEthernet4/0/28
!
interface TenGigabitEthernet4/0/1
!
interface TenGigabitEthernet4/0/2
!
interface Vlan1
no ip address
!
interface Vlan22
no ip address
!
interface Vlan101
no ip address
!
ip classless
ip http server
ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
Une fois l'accès à l'access point fait, on peut configurer les différents points suivants pour plus de sécurité.
La première chose qu'on peut faire sur le temps qu'on configure le wifi est de désactiver le SSID pour pas qu'on puisse voir publiquement le réseau.
Même s'il n'est pas visible, on a changé le mdp du WIFI pour avoir un mdp plus complexe.
Bien sûr, pour la configuration, il va falloir un bon mot de passe différent du WIFI.
Histoire de sécuriser le système de configuration, on va passer le protocole en HTTPS.
Il ne faut pas oublier de mettre à jour l'horloge interne du routeur.
