DHCP for IPv6


The Dynamic Host Configuration Protocol for IPv6(DHCPv6) has been standardized by the IETF through RFC3315. The Dynamic Host Configuration Protocol for IPv6 (DHCP) enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to "IPv6 Stateless Address Autoconfiguration" (RFC 2462), and can beused separately, or concurrently with the latter, to obtain configuration parameters.
The basic DHCPv6 client-server concept is similar to using DHCP for IPv4. If a client wishes to receive configuration parameters,it will send out a request on the attached local network to detect available DHCPv6 servers. This done through the “Solicit” and “Advertise” messages. Well known DHCPv6 Multicast addresses are used for this process. Next, the DHCPv6 client will ”Request” parameters from an available server which will respond with the requested information with a “Reply” message. The diagram below demonstrates the sequence of events: 

The DHCPv6 client will know when it wants to use DHCPv6, either based upon instruction of an attached router, or when no default gateway is present. The default gateway has two configurable bits in an Router Advertisement (RA) available for this purpose:

• ‘O’ bit—When this bit is set, the client can use DHCPv6 to retrieve Other configuration parameters (ie: DNS addresses)
• ‘M’ bit—When this bit is set, the client may use DHCPv6 to retrieve a Managed IPv6 address from a  DHCPv6 server

When a router sends an RA with ‘O’ bit set, but does not set the ‘M’ bit, the client can do Stateless Address Autoconfiguration (SLAAC) to obtain its IPv6 address, and use DHCPv6 for obtaining additional information. (An example of additional information is DNS). This mechanism is well known as Stateless DHCPv6, because the DHCPv6 server does not need to keep track of the client address bindings.

DHCPv6 uses an architecture concept of “options” to carry additional parameters and information within DHCPv6 messages. These options are aligned in Type- Length-Value (TLV) structure. Each Type and Length field has a length of 16 bits, with a variable length available for the Value field.



Table 1 DHCPv6 vs. DHCPv4 Message Type Comparison

New DHCPv6 Message Type Overview CONFIRM (4)
A client sends a Confirm message to any available server to determine whether the addresses it was assigned are still appropriate to the link to which the client is connected.

RELAY-FORW (12)
A relay agent sends a Relay-forward message to relay messages to servers, either directly or through another relay agent.

RELAY-REPL (13)
A server sends a Relay-reply message to a relay agent containing a message that the relay agent delivers to a client.


DHCPv6 performs on the assumption that the DHCPv6 server is directly attached to the LAN segment of the client. If this is not the situation (which is the case in most deployments), then the DHCPv6 server can be replaced by a DHCPv6 Relay agent. This Relay agent will encapsulate the received messages from the directly connected DHCPv6 client, and forward these encapsulated DHCPv6 packets towards the DHCPv6 server. In the opposite direction, the Relay Agent will decapsulate the packets received from the central DHCPv6 Server.

Well known multicast addresses commonly used with DHCPv6 are:
• “ff02:::1:2” (All DHCPv6 relay agents and servers)
• “ff05::1:3” (All DHCPv6 Servers)

Well known port numbers:
• Clients listen for DHCP messages on UDP port 546
• Servers and relay agents listen for DHCP messages
on UDP port 547

Note:
DHCP Unique Identifier (DUID)—Each DHCPv6 component has a DUID (DHCPv6 Unique Identifier) which is used to identify the device when exchanging DHCPv6 messages.
 IA_NA Option—Options related to an IPv6 Address hop-count—Number of relay agents that have relayed this message
link-address—A global or site-local address that will be used by the server to identify the link on which the client is located.
peer-address—The address of the client or relay agent from which the message to be relayed was received.


How to Install Active Directory ( Contrôleur de domaine ) + Video

     

              Active Directory ( Contrôleur de domaine ) is essential to any Microsoft network built on the client-server network model–it allows you to have a central sever called a Domain Controller (DC) that does authentication for your entire network. Instead of people logging on to the local machines they authenticate against your DC. Lets take a look at how to install Microsoft’s Active Directory.
 

Installation: 

Open Server Manager and click on roles, this will bring up the Roles Summary on the right hand side where you can click on the Add Roles link.
Roles Wizard where you can click on next to see a list of available Roles. Select Active Directory Domain Services from the list, you will be told that you need to add some features, click on the Add Required Features button and click next to move on
Active directory




 
A brief introduction to Active Directory will be displayed as well as a few links to additional resources, you can just click next to skip past here and click install to start installing the binaries for Active Directory.










When the installation is finished you will be shown a success message, just click close






Configuration:

 
Open up Server Manager, expand Roles and click on Active Directory Domain Services. On the right hand side click on the Run the Active Directory Domain Services Installation Wizard (dcpromo.exe) link.

This will kick off another wizard, this time to configure the settings for you domain, click next to continue.

The message that is shown now relates to older clients that do not support the new cryptographic algorithms supported by Server 2008 R2, these are used by default in Server 2008 R2, click next to move on.

Choose to create a new domain in a new forest.

Now you can name your domain, we will be using a .local domain the reason why will be explained in an upcoming article.
Since this is the first DC in our domain we can change our forest functional level to Server 2008 R2.
We want to include DNS in our installation as this will allow us to have an AD Integrated DNS Zone, when you click next you will be prompted with a message just click yes to continue.
 

You will need to choose a place to store log files, it is a best practice to store the database and SYSVOL folder on one drive and the log files on a separate drive, but since this is in a lab environment I will just leave them all on the same drive.

Choose a STRONG Active Directory Restore Mode Password and click next twice to kick off the configuration.

 
You will be able to see what components are being installed by looking in the following box.

 When its done you will be notified and required to reboot your PC.

That’s all  there is to it guys, now you have a working installation of Active Directory.

How to Install Active Directory ( Contrôleur de domaine )






Apache

Apache 2.2 adopts a modular approach to its main configuration file, httpd.conf. Although you can still put everything in the one big file, it's more efficient to use external files, and include only those that you need to implement. Consequently, it's no longer recommended to define virtual hosts at the bottom of httpd.conf. Instead, you include an external file called httpd-vhosts.conf.
The other change is that Apache 2.2 imposes stricter permissions than previous series, so you need to add an extra command to the virtual hosts definition to prevent getting the following message when accessing a virtual host:
  • Forbidden
    You don't have permission to access /index.php on this server.
Because of the permissions issue, I recommend creating a top-level folder to hold all virtual hosts in your local development environment. The following instructions assume that all virtual hosts are located in a folder called C:\vhosts.
NOTE: Security restrictions on Windows Vista and Windows 7 prevent you from saving edits to the files referred to in these instructions, even if you are logged in as an administrator. To get around this restriction, open Notepad or your script editor from the Start menu by right-clicking the program name and selecting "Run as Administrator" from the context menu. Then open the relevant files by using File > Open inside the program you have just launched. By default, Notepad shows only files with a .txt file name extension, so you need to select the option to view All Files (*.*) in the Open dialog box. You can then save the files normally after editing them. (If you're using XAMPP, this restriction applies only to steps 2–4.)
  1. Create a subfolder inside C:\vhosts for each virtual host that you want to add to your Apache server.
  2. Open C:\WINDOWS\system32\drivers\etc\hosts in Notepad or a script editor. Look for the following line at the bottom:
    127.0.0.1   localhost
  3. On a separate line, enter 127.0.0.1, followed by some space and the name of the virtual host you want to register. For instance, to set up a virtual host called phpdw, enter the following:
    127.0.0.1   phpdw
  4. Add any further virtual hosts, each one on a separate line and pointing to the same IP address (127.0.0.1). Save the hosts file, and close it.
  5. Open C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf in a text editor. If you're using XAMPP, the file is located at C:\xampp\apache\conf\httpd.conf. Scroll down to the Supplemental configuration section at the end, and locate the following section (around line 460):
    #Virtual hosts #Include conf/extra/httpd-vhosts.conf
  6. Remove the # from the second line so the section now looks like this:
    #Virtual hosts Include conf/extra/httpd-vhosts.conf
  7. Save httpd.conf and close it.
  8. Open C:\Program Files\Apache Software Foundation\Apache2.2\conf\extra\httpd-vhosts.conf in Notepad or a text editor. If you're using XAMPP, the location is C:\xampp\apache\conf\extra\httpd-vhosts.conf. The main section looks like this:

    Note: In XAMPP, all lines are commented out. You must remove the hash mark from the beginning of the line that contains the following directive:
    NameVirtualHost *.80
  9. Position your cursor in the blank space shown on line 15 in the preceding screenshot, and insert the following four lines of code:
    <Directory C:/vhosts>   Order Deny,Allow   Allow from all </Directory>
    This sets the correct permissions for the folder that contains the sites you want to treat as virtual hosts. If you chose a location other than C:\vhosts as the top-level folder, replace the pathname in the first line. The pathname must use forward slashes in place of the Windows convention of backward slashes. Also surround the pathname in quotes if it contains any spaces.
    As long as all your virtual hosts are in subfolders of this top-level folder, this directive sets the correct permissions for all of them. However, if they are in different top-level folders, create a separate <Directory> directive for each one.
  10. The code shown on lines 27 through 42 in the preceding screenshot shows examples of how to define virtual hosts (in XAMPP, they're commented out). It shows all the commands that can be used, but only DocumentRoot and ServerName are required.
    When you enable virtual hosting, Apache disables the main server root, so the first definition needs to reproduce the original server root. You then add each new virtual host within a pair of <VirtualHost> tags, using the location of the site’s web files as the value for DocumentRoot, and the name of the virtual host for ServerName. Again, use forward slashes, and if the path contains any spaces, enclose the whole path in quotes. If your server root is located, like mine, at C:\htdocs, and you are adding phpdw as a virtual host in C:\vhosts, change the code shown on lines 27 through 42 so they look like this (in XAMPP, just add these new directives at the bottom of the file, and set the DocumentRoot for localhost to C:/xampp/htdocs):
    <VirtualHost *:80>   DocumentRoot c:/htdocs   ServerName localhost </VirtualHost> <VirtualHost *:80>   DocumentRoot c:/vhosts/phpdw   ServerName phpdw</VirtualHost>
  11. Save httpd-vhosts.conf, and restart your computer. All sites in the server root will continue to be accessible through http://localhost/sitename/. Anything in a virtual host will be accessible through a direct address, such as http://phpdw/.
  12. If you still have difficulty accessing your virtual hosts, make sure that you have added index.php to the DirectoryIndex directive in httpd.conf.

Installing a DNS server Linux + Video

 ________________________________________

Follow us on Facebook

Follow us on Google+

________________________________________

Présentation:


 DNS (Domain Name System) is used to make the correspondence between the IP address and machine name, it is called name resolution (to resolve into English). More concretely without DNS you would have to directly type the IP addresses of machines on which you want to access (web, ftp, telnet and others). If you are connected to an internet service provider (ISP) intermittently by PPP, ADSL or other, it's usually your ISP's DNS servers that provide name resolution, they usually go in pairs, one finds a primary DNS server and a secondary that is there in case of failure of the first.Now why configuring a DNS server on an isolated post, even on a small network of machines, because it can be used to solve a number of very annoying problems mostly found in off-line mode (not connected to the ISP ) including:- Launch of endless netscape or blocking at boot (for a period of 3min)- Sending mails in the folder waiting for sendmail that lasts more than a minute.But also if you have enabled ipmasquerade to share your Internet connection for your client, a DNS server allows them to surf and use the network tools (telnet, ftp, ...). Assume that your Linux machine, is called myhost and has IP address 192.168.13.10 (your private domain and not assigned by ISP) and your privacy mondomaine.fr. Trees presented (especially in the autostart) are those of a Mandrake (a priori as a RedHat).I will not go into details of the configuration files that you have the DNS-HOWTO (linux section and HOW-TO) which is a good introduction. This page is not intended to substitute for that document, it produces a summary to install a DNS server quickly, for detailed explanations see the HOWTO. It is primarily intended to an isolated post or even a small network connected in a non-permanent Internet.Note: If you do not know the IP addresses of DNS servers of your ISP, if automatic assignment of these addresses, for example, just log in and read the addresses at the nameserver lines.



Installing and configuring the server :


has set up a DNS server requires the installation of two tools bind and named. It concerns a Mandrake packages bind, caching-nameserver and bind-utils.
Linux for a client it will only benefit from the latest package for the host or dig commands. The installation created a file
/ etc / named.conf which is as follows: // generated by named-bootconf.pl

// secret must be the same as in /etc/rndc.conf
key "key" {
        algorithm       hmac-md5;
        secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
controls {
    inet 127.0.0.1 allow { any; } keys { "key"; };
};

options {
        pid-file "/var/run/named/named.pid";
        directory "/var/named";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
};
//
// a caching only nameserver config
//
zone "." {
        type hint;
        file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
};
On va le modifier pour lire:
// secret must be the same as in /etc/rndc.conf
key "key" {
        algorithm       hmac-md5;
        secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
controls {
    inet 127.0.0.1 allow { any; } keys { "key"; };
};
options {
        pid-file "/var/run/named/named.pid";
        directory "/var/named";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
        // on va mettre ici l'adresses IP des serveurs DNS de vos FAI, votre serveur relaiera les requêtes à ceux-ci
        // s'il n'est pas capable de les résoudre
        forward first;
        forwarders {
                194.149.160.9;
                194.149.160.1;
        };
};
//
// a caching only nameserver config
//
zone "." {
        type hint;
        file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
};
zone "mondomaine.fr" {
        type master;
        file "mondomaine.fr";
};
 The installation created a directory / var / named containing named.local
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
              IN      NS      localhost.
1       IN      PTR     localhost.
On le modifiera pour lire:
@       IN      SOA     mamachine.mondomaine.fr. root.mamachine.mondomaine.fr.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
              IN      NS      mamachine.mondomaine.fr.
1       IN      PTR     localhost.
On créera sous /var/named un fichier mondomaine.fr contenant:
@       IN      SOA     mamachine.mondomaine.fr. root.mondomaine.fr.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
                                TXT             "mondomaine.fr mon ch'tit domaine"
                NS      mamachine
                                NS              mamachine.mondomaine.fr.
                                MX              10 mamachine
                                MX              20 mamachine.mondomaine.fr.

localhost               A               127.0.0.1
mamachine            A               192.168.13.10
Give this file named group named
chown named:named mondomaine.fr
FYI MX thus corresponds to the SMTP server to your machine if you are running sendmail.
Now in the / etc / nsswitch.conf must have it to the hosts line:

hosts: files dns
The DNS-HOWTO request the creation of a file / etc / host.conf containing
order hosts,bind
multi on

I do not know if it is absolutely necessary, it seems redundant with nsswitch.conf, but just in case.
To complete the / etc / resolv.conf:

search mondomaine.fr
nameserver 127.0.0.1
nameserver 194.149.160.9
nameserver 194.149.160.1
The last two IP addresses are obviously those of your favorite ISP. Note that in the case of an intermittent connection with ppp with automatic assignment of IP addresses of DNS servers, you can not change the last two lines, they are automatically populated when the connection.

Autostart of named

For a server installation on Mandrake, the configuration of the DNS server start automatic installation, you can skip this chapter. The default install of bind and named automatically generates startup files, just in case here are the details. You will find in / etc / rc.d / init.d named file has the following contents:
#!/bin/sh
#
# named           This shell script takes care of starting and stopping
#                 named (BIND DNS server).
#
# chkconfig: 345 55 45
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/sbin/named ] || exit 0
[ -f /etc/named.conf ] || exit 0
# See how we were called.
case "$1" in
  start)
        # Start daemons.
        echo -n "Starting named: "
        daemon named
        echo
        touch /var/lock/subsys/named
        ;;
  stop)
        # Stop daemons.
        echo -n "Shutting down named: "
        killproc named
        rm -f /var/lock/subsys/named
        echo
        ;;
  status)
        /usr/sbin/ndc status
        exit $?
        ;;
  restart)
        /usr/sbin/ndc restart
        exit $?
        ;;
 reload)
        /usr/sbin/ndc reload
        exit $?
        ;;
  probe)
        # named knows how to reload intelligently; we don't want linuxconf
        # to offer to restart every time
        /usr/sbin/ndc reload >/dev/null 2>&1 || echo start
        exit 0
        ;;
  *)
        echo "Usage: named {start|stop|status|restart}"
        exit 1
esac
exit 0
The DNS server is automatically started at power-on state 3, 4 and 5. It will still run after the installation by typing

/etc/rc.d/init.d/named start

To restart named (after a file change), you would type:
/ etc / rc.d / init.d / named restart
The other arguments are start, stop, restart and status.

Client Configuration:


Linux for a client, just create an / etc / resolv.conf containing

domain mondomaine.fr
nameserver 192.168.13.10


You replace it by the address of your server.

Do the same for windows clients, at the Panel and then Network icon.



Function tests:

From a Linux client or server host type the command in a shell, controls typing appear in italics: host -a mamachine
Trying "mamachine.mondomaine.fr"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33741
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mamachine.mondomaine.fr.             IN      ANY
;; ANSWER SECTION:
mamachine.mondomaine.fr.      86400   IN      A       192.168.25.75
;; AUTHORITY SECTION:
mondomaine.fr.              86400   IN      NS      mamachine.mondomaine.fr.
Received 65 bytes from 127.0.0.1#53 in 15 ms
Then type:
host -a mondomaine.fr
Trying "mondomaine.fr"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47095
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mondomaine.fr.                     IN      ANY
;; ANSWER SECTION:
mondomaine.fr.              86400   IN      SOA     mamachine.mondomaine.fr. root.mondomaine.fr. 1997022700 28800 14400 3600000 86400
mondomaine.fr.              86400   IN      TXT     "mondomaine.fr mon ch'tit domaine"
mondomaine.fr.              86400   IN      NS      mamachine.mondomaine.fr.
mondomaine.fr.              86400   IN      MX      10 mamachine.mondomaine.fr.
mondomaine.fr.              86400   IN      MX      20 mamachine.mondomaine.fr.
;; ADDITIONAL SECTION:
mamachine.mondomaine.fr.      86400   IN      A       192.168.25.75
Received 179 bytes from 127.0.0.1#53 in 21 ms
Once connected, a client or server type
host -a www.shom.fr
Trying "www.shom.fr."
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12287
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;www.shom.fr.                   IN      ANY
;; ANSWER SECTION:
www.shom.fr.            217813  IN      CNAME   cyclone.shom.fr.
;; AUTHORITY SECTION:
shom.fr.                330241  IN      NS      neree.shom.fr.
shom.fr.                330241  IN      NS      resone.univ-rennes1.fr.
shom.fr.                330241  IN      NS      dns.univ-lyon1.fr.
;; ADDITIONAL SECTION:
dns.univ-lyon1.fr.      317766  IN      A       134.214.100.6
neree.shom.fr.          330241  IN      A       194.57.228.65
resone.univ-rennes1.fr. 300271  IN      A       129.20.254.1
Received 182 bytes from 192.168.25.75#53 in 157 ms

Le ping should work also.

From a position of windows to test your server in a Windows command prompt type
nslookup
At the prompt, type the name of machine under test

>www.shom.fr
Serveur: Unknown
Address: 192.168.26.75
Réponse de source secondaire :
Nom: cyclone.shom.fr
Address: 194.57.228.1
Aliases: www.shom.fr
Type CTRL + C to exit promptly at t

Create virtual hosts

You can create virtual hosts with your DNS server, in other words, your server may be identiifé by several names, it is particularly interesting for apache. With a different name that points to the same machine, however, we can point to different locations.
Suppose we want to create virtual hosts
www.idefix.mondomaine.fr et www.asterix.mondomaine.fr, on rajoutera à la fin du fichier /var/named/mondomaine.fr, the following lines:www.asterix    A    192.168.13.11
www.idefix      A    192.168.13.11
Restart the server by typing:
/etc/rc.d/init.d/named restart
To test a customer type in a shell:
ping www.asterix.mondomaine.fr
It should work.





Basic Configuration of a CISCO Router

 

Introduction

This article aims to explain more or less detail how to configure a Cisco router to LANs and small business networks. You can find some examples to better understand how communication protocols TCP / IP, IPX and NetBEUI. You will also find a little explanation about the Access-Lists with some examples.

Configure the router using Hyper Terminal

Configuration d'Hyper-Terminal

First, you need a console cable (RJ-45 cable to Series) connecting the serial port of your computer to the RJ-45 labeled "Console" to your router.
Ensuite, ouvrez Hyper-Terminal (Menu démarrer -> Tous les programmes -> accessoires -> communications -> Hyper-Terminal), then enter a name for your new connection, select the serial port to which the cable is connected console and click "Default Settings" then ok.
Here, you are connected to the router and from now on you can configure. If it is, made ​​a newline, you should see a line asking if you want to enter tool in the initial configuration, in this case answer "No", otherwise it will display the name of the router monitoring ">" (eg: Router>), in which case type "to" to enable and enter the password if there is one. This time "Router>" change in "Router #" and you can start typing commands configuration.

Commandes de bases

Here are some basic commands that you can test;:
  • Changer le nom du routeur:
Router#conf t
Router(config)#hostname RouterA
  • Mettre un mot de passe pour la console:
RouterA#conf t
RouterA(config)#line console 0
RouterA(config-line)#password *****
RouterA(config-line)#login
RouterA(config-line)#exit
RouterA(config)#
  • Mettre un mot de passe pour les lignes virtuelles(pour la configuration à travers telnet) :
RouterA(config)#line vty 0 4
RouterA(config-line)#password *****
RouterA(config-line)#login
RouterA(config-line)#exit
RouterA(config)#enable password *****
  • pour crypter les mot de passe:
RouterA(config)#service password-encryption
  • Enregistrer la configuration :
Router#copy running-config startup-config
  • Effacer la configuration :
Router#wr er
Router#reload

Exemple de Configuration :

Configuration for a network using TCP/IP

Voilà un exemple de configuration pour un réseau comportant 2 sous-réseaux (Subnets). Pour cet exemple, imaginez qu'il y a 63 postes de travail sur le 1er sous-réseaux et 4 sur le 2e.
La classe d'adresse utilisé est 192.168.1.x :
  • Subnet 1
adresse : 192.168.1.0
adresse broadcast : 192.168.1.127
masque sous-réseaux: 255.255.255.128
  • Subnet 2
adresse : 192.168.1.128
adresse broadcast : 192.168.1.135
masque sous-réseaux : 255.255.255.248
Voilà la configuration du routeur reliant les 2 sous réseaux :
Router>en
/* saisie du mot de passe si existant */
Router#conf t
--- Configuration des interfaces ---
Router(config)#int fastEthernet 0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.128
Router(config-if)#no shutdown // allumer cette interface.
Router(config)#int fastEthernet 0/1
Router(config-if)#ip address 192.168.1.130 255.255.255.248
Router(config-if)#no shutdown
--- Rip v.2 et routage ---
Router(config)#ip routing // active le routage sur les sous-réseaux
Router(config)#router rip // active le routage avec le protocole de passerelle interne Rip
Router(config-router)#version 2 // définit la version de rip utilisé
Router(config-router)#network 192.168.1.0 // Subnet 1
Router(config-router)#network 192.168.1.128 // Subnet 2
Here, with this configuration of the router, not to mention configure workstations with IP addresses (example: one station on a subnet -> @ ip: 192.168.1.2, Gateway: 192.168.1.1, mask: 255255255128) your network is functioning.

Configuration for a network utilisant IPX

Consider the same example as before except that the protocol used is IPX. To use IPX, you must define an external network number the stations (eg station 1 on subnet 1 -> no res. ext.: 00000010, frame type: Ethernet 802.3)
Router>en
/* saisie du mot de passe si existant */
Router#conf t
Router(config)#ipx routing
--- Configuration des interfaces ---
Router(config)#int fastEthernet 0/0
Router(config-if)#ipx network 00000010 // spécifie le numéro de réseau externe du sous-réseau
Router(config-if)#ipx type-20-propagation// laisse passer les broadcasts NetBios
Router(config-if)#no shutdown
Router(config)#int fastEthernet 0/1
Router(config-if)#ipx network 00000020
Router(config-if)#ipx type-20-propagation
Router(config-if)#no shutdown

Configuration pour un réseau utilisant NetBeui (Bridge)

Pour cet exemple, l'infrastructure réseau est la même que pour les 2 exemples précédents mais cette fois nous utiliserons le protocole non-routable NETBEUI.
Pour installer NETBEUI, il vous faut le cd-rom de Windows XP. Marche à suivre :
Insérez le cd de windows xp. Copiez les fichiers Netnbf.inf et Nbf.sys, se trouvant dans le ::répertoire « Valueadd\MSFT\Net\NetBEUI », dans les répertoires suivants :
  • Nbf.sys -> « %SYSTEMROOT%\System32\Drivers »
  • Netbnf.inf -> « %SYSTEMROOT%\Inf »
Une fois NETBEUI installé, activez-le, puis configurez le routeur pour utiliser un bridge car, vu que NETBEUI est un protocole non routable, il faudra faire un bridge (pont) pour relier les 2 sous-réseaux.
Router>en
/* saisie du mot de passe si existant */
Router#conf t
--- Configuration des interfaces ---
Router(config)#int fastEthernet 0/0
Router(config-if)#bridge-group 1 // assigne l'interface au groupe de bridge 1
Router(config-if)#no shutdown
Router(config)#int fastEthernet 0/1
Router(config-if)#bridge-group 1
Router(config-if)#no shutdown
--- Bridging ---
Router(config)#bridge irb // active irb(integrated routing and bridging) et permet de bridger et router
Router(config)#bridge 1 protocol ieee // spécifige le type de protocole (spanning tree protocol)

Mise en place de filtrage IP (Access-lists)

Maintenant, voyons comment mettre en place des Access-lists (filtres) sur notre réseau.
Tout d'abord, il y a 3 principes fondamentaux à ne pas oublier avec les ACL :
  • Lorsqu’on crée une ACL, elle définit par défaut que TOUT est deny (bloqué)
  • Le routeur applique les ACL séquentiellement, c’est-à-dire dans l’ordre où on les a créées
  • Lorsque l’on met un « permit » sur un protocole de couche de niveau 3 par exemple (comme ip) le routeur laissera aussi passer sur les couches inférieures.
Ensuite, les ACL sont définies par des numéros qui peuvent être :
  • <1-99> IP standard access list
ces access list ne permettent que de filtrer au niveau de l'adresse ip source
  • <100-199> IP extended access list
Permet d'identifier un paquet par les adresses IP, protocoles et ports source et destination
  • <1100-1199> Extended 48-bit MAC address access list
  • <200-299> Protocol type-code access list
Permet le filtrage par protocole
  • <700-799> 48-bit MAC address access list
Permet le filtrage par adresse MAC
Voici la syntaxe de la commande servant à créer une ACL : access-list <number> <action> <protocol> <source> <destination> <eq,gt,it,neq ou range> <port number>
Exemple :
  • Permettre une ip spécifique (ce qui interdira toutes les autres, cf: 3 principes fondamentaux) :
Router(config)#access-list 10 permit 192.92.130.2
  • Permettre le trafic sur le port 80 (www) depuis une source spécifique vers une destination :
Router(config)#access-list 101 permit tcp host 10.1.1.2 host 10.1.2.2 eq www
  • Permettre l'utilisation du ping (echo)
Router(config)#access-list 101 permit icmp any any echo