NAT #
Internet #
interface Vlan <x>
ip nat inside
interface Dialer1
ip nat outside
ip access-list extended NAT
permit ip <RESEAU_IP_LAN> <MASQUE_LAN> any
/!\\Attention, le masque LAN dans l’ACL est inversé /!\\
ip nat inside source list NAT interface Dialer1 overloadPAT #
ip nat inside source static TCP <IP_LAN> <Port_LAN> interface <Interface_WAN> <Port_WAN>
ip nat inside source static UDP <IP_LAN> <Port_LAN> interface <Interface_WAN> <Port_WAN>Port ouvert #
sh ip nat portblock dynamic globalshow ip nat portblock pat globalACL #
Exemples #
ip access-list extended INTERNET_ONLY
10 remark *** ALLOW DHCP ***
10 permit ip host 0.0.0.0 host 255.255.255.255
20 remark *** ALLOW VRRP ***
20 permit ip any host 224.0.0.18
30 remark *** ALLOW ROUTEUR ***
30 permit ip 10.44.94.0 0.0.0.255 10.44.94.0 0.0.0.255
40 permit ip 10.34.94.0 0.0.0.255 10.34.94.0 0.0.0.255
50 permit ip 10.24.94.0 0.0.0.255 10.24.94.0 0.0.0.255
60 remark *** DENY RFC1918 ***
60 deny ip any 10.0.0.0 0.255.255.255
70 deny ip any 172.16.0.0 0.15.255.255
80 deny ip any 192.168.0.0 0.0.255.255
90 remark *** ALLOW INTERNET ***
90 permit ip any anyDHCP #
Exemple #
ip dhcp pool Internet
network 192.168.0.0 255.255.255.0
dns-server 185.176.176.2 185.176.176.22
default-router 192.168.0.254
Réservation MAC #
ip dhcp excluded-address 192.168.1.10
ip dhcp pool CLIENT_1
hardware-address 0034.121b.0c19
host 192.168.1.10 255.255.255.0
end
clear ip dhcp remembered binding *
clear ip dhcp binding *
Ou
ip dhcp excluded-address 192.168.1.10
ip dhcp pool CLIENT_1
host 192.168.1.10 255.255.255.0
client-identifier 0100.3412.1b0c.19
end
clear ip dhcp remembered binding *
clear ip dhcp binding *
how to reserve a specific MAC address in the existing Cisco DHCP server switch
Multi VRF #
SSH #
line vty 0 4
access-class VTY in vrf-also
exec-timeout 5 0
transport input ssh
escape-character 3
Peer BGP #
show bgp vrf [VRF] all summary
Négociation #
Full Duplex #
conf t
event manager session cli username phenix
event manager applet change_speed_duplex_100M
event none
action 1.0 syslog msg "Gi0/0/0 : Change speed/duplex to 100M/FD..."
action 1.1 cli command "enable"
action 1.2 cli command "conf t"
action 1.3 cli command "interface Gi 0/0/0"
action 1.4 cli command "no negotiation auto"
action 1.5 cli command "speed 100"
action 1.6 cli command "duplex full"
action 1.7 syslog msg "Gi0/0/0 : Configuration changed."
!
end
event manager run change_speed_duplex_100M
Une fois le port forcé et le routeur de nouveau accessible, on enlève le script :
conf t
no event manager applet change_speed_duplex_100M4G ISR 1117 #
Forcer LTE #
conf t
controller cellular 0/2/0
lte modem band-select all-lte-only slot 0
end
Forcer la bande 800 MHz | Band 20 #
conf t
controller cellular 0/2/0
lte modem band-select indices 20 slot 0
end
Forcer la bande 1800 MHz | Band 3 #
conf t
controller cellular 0/2/0
lte modem band-select indices 3 slot 0
end
Forcer la bande 2100 MHz #
conf t
controller cellular 0/2/0
lte modem band-select indices 1 slot 0
end
Forcer la bande 2600 MHz #
conf t
controller cellular 0/2/0
lte modem band-select indices 7 slot 0
end
Suppression cellular 0/2/1 #
conf t
interface cellular 0/2/1
no ip address negotiated
no ip nat outside
no dialer in-band
no dialer idle-timeout 0
no dialer-group 1
no pulse-time 1
shutdown
end
Création du profile #
cell 0/2/0 lte prof create 1 fnetnrj none ipv4v6
cell 0/2/0 lte prof create 2 fnetnrj none ipv4v6
Débloqué la carte sim #
conf t
controller Cellular 0/2/0
lte sim authenticate 0 0000 slot 0
end
wr
conf t
controller Cellular 0/2/0
lte sim data-profile 1 attach-profile 1 slot 0
sh cellular 0/2/0 hardware | i ICCID
sh controllers cellular 0/2/0 | i present