Journal de Benoit Breton - Mot-clé - Cisco2024-01-05T08:47:26+01:00Benoit BRETONurn:md5:e921e16fa84d2fd6f1764060026a5a33DotclearCisco Air-CAP 1552E mesh to autonomous firmware update.urn:md5:5296fd7e9af2e335416d0a3e6d252e662013-12-05T08:36:00+01:002013-12-05T08:42:46+01:00BenoitIndustrial EthernetCiscoFirmwareIndustrial network <p>Download the Autonomous image from cisco , i used: c1520-k9w7-tar.152-2.JB.tar</p>
<p>Give your laptop a static IP (example below uses 10.0.0.2 /24)</p>
<p>Connect laptop directly to 1552 and have your TFTP server running</p>
<p>When the 1552 starts to boot, hit the escape key (not break). This will bring you to an " ap: " prompt.</p>
<p>Then do the following:</p>
<p><code>ap: format flash: (not an obligation)</code></p>
<p><code>ap: set IP_ADDR 10.0.0.1 (IP address of your AP)</code></p>
<p><code>ap: set NETMASK 255.255.255.0</code></p>
<p><code>ap: set DEFAULT_ROUTER 10.0.0.254 (If you have one)</code></p>
<p><code>ap: tftp_init</code></p>
<p><code>ap: ether_init</code></p>
<p><code>ap: tar -xtract tftp://10.1.1.2/c1520-k9w7-tar.152-2.JB.tar flash: (wait ....)</code></p>
<p><code>ap: set BOOT flash:/c1520-k9w7-tar.152-2.JB/c1520-k9w7-tar.152-2.JB</code></p>
<p><code>ap: boot</code></p>
<p>Your AP boot on autonomous firmware and you can now connect on http admin interface : <a href="http://10.0.0.1">http://10.0.0.1</a> with default login/password (Cisco/Cisco)</p>Firewall Transparant ASA5500urn:md5:04de16ecf66872203f8e3889a650121c2011-10-03T15:14:00+02:002011-10-03T15:14:00+02:00BenoitGeekeries !ACLASA5500CiscoFirewalliptable <p>Pour configurer un Cisco ASA5500 en mode firewall transparant :</p>
<ul>
<li>Se connecter en console (Ca je détaille pas)</li>
</ul>
<ul>
<li>Passer la bete en Firewall transparant :</li>
</ul>
<p><code>firewall transparant</code></p>
<p>si c'est ok l'ASA reboot</p>
<ul>
<li>Au reboot on donne une IP de management:</li>
</ul>
<p><code>ip address 192.168.1.250 255.255.255.0</code></p>
<ul>
<li>On affecte le nom sur les VLAN inside et outside pour pouvoir associer les ACL:</li>
</ul>
<p><code>interface Vlan1</code></p>
<p><code>nameif outside</code></p>
<p><code>security-level 0</code></p>
<p><code>!</code></p>
<p><code>interface Vlan2</code></p>
<p><code>nameif inside</code></p>
<p><code>security-level 100</code></p>
<ul>
<li>Ajouter les ports dans les VLAN:</li>
</ul>
<p><code>interface Ethernet0/x</code></p>
<p><code>switchport access vlan 2</code></p>
<ul>
<li>Créer les ACL de filtrage ici tout y passe :</li>
</ul>
<p><code>access-list ACLIN extended permit object-group DM_INLINE_PROTOCOL_2 any any </code></p>
<p><code>access-list ACLOUT extended permit object-group DM_INLINE_PROTOCOL_1 any any </code></p>
<ul>
<li>Affecter les ACL</li>
</ul>
<p><code>access-group ACLOUT in interface outside</code></p>
<p><code>access-group ACLIN in interface inside</code></p>
<ul>
<li>S’autoriser l’accès ASDM sur l'interface inside :</li>
</ul>
<p><code>http server enable</code>
<code>http 192.168.1.1 255.255.255.255 inside</code> (ici j'autorise seulement une machine)</p>