10.0.0.100<\/code><\/li>\n\n\n\n- Autoriser l\u2019acc\u00e8s au VLAN 10le vlan 10 est pluto m<\/li>\n\n\n\n
- Publier un serveur web interne
10.0.0.2<\/code><\/li>\n\n\n\n- Bloquer le VLAN 30 vers Internet<\/li>\n\n\n\n
- Interdire tout le reste via ACL<\/li>\n<\/ul>\n\n\n\n
\n\n\n\n![\"\"](\"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/image-14-1024x683.png\")
<\/figure>\n\n\n\n1. Configuration de base du routeur<\/h1>\n\n\n\nNom du routeur et domaine<\/h2>\n\n\n\nhostname R1
ip domain name eryann.bzh<\/code><\/pre>\n\n\n\n
\n\n\n\nS\u00e9curisation des mots de passe<\/h2>\n\n\n\nservice password-encryption
enable secret motDePasseFort
username admin secret MotDePasseFort<\/code><\/pre>\n\n\n\n
\n\n\n\n2. Configuration des interfaces<\/h1>\n\n\n\nInterface WAN (Internet)<\/h2>\n\n\n\ninterface GigabitEthernet0\/0\/0
ip address 192.168.40.126 255.255.255.0
ip nat outside
no shutdown<\/code><\/pre>\n\n\n\n
\n\n\n\nInterface trunk vers le switch<\/h2>\n\n\n\ninterface GigabitEthernet0\/0\/1
no ip address
no shutdown<\/code><\/pre>\n\n\n\n
\n\n\n\n3. Configuration des VLANs<\/h1>\n\n\n\nVLAN 10<\/h2>\n\n\n\ninterface GigabitEthernet0\/0\/1.10
encapsulation dot1Q 10
ip address 10.0.0.1 255.255.255.224
ip helper-address 10.0.0.100
ip nat inside
ip access-group VLAN10-IN in<\/code><\/pre>\n\n\n\n
\n\n\n\nVLAN 20<\/h2>\n\n\n\ninterface GigabitEthernet0\/0\/1.20
encapsulation dot1Q 20
ip address 10.0.0.33 255.255.255.224
ip helper-address 10.0.0.100
ip nat inside
ip access-group VLAN20-IN in<\/code><\/pre>\n\n\n\n
\n\n\n\nVLAN 30<\/h2>\n\n\n\ninterface GigabitEthernet0\/0\/1.30
encapsulation dot1Q 30
ip address 10.0.0.65 255.255.255.224
ip helper-address 10.0.0.100
ip nat inside
ip access-group VLAN30-IN in<\/code><\/pre>\n\n\n\n
\n\n\n\nVLAN 40<\/h2>\n\n\n\ninterface GigabitEthernet0\/0\/1.40
encapsulation dot1Q 40
ip address 10.0.0.97 255.255.255.224
ip helper-address 10.0.0.100
ip nat inside
ip access-group VLAN40-IN in<\/code><\/pre>\n\n\n\n
\n\n\n\n4. Configuration du NAT Internet<\/h1>\n\n\n\nACL NAT<\/h2>\n\n\n\nip access-list standard NAT
permit 10.0.0.0 0.0.0.127<\/code><\/pre>\n\n\n\n
\n\n\n\nActivation du PAT (NAT overload)<\/h2>\n\n\n\nip nat inside source list NAT interface GigabitEthernet0\/0\/0 overload<\/code><\/pre>\n\n\n\n
\n\n\n\nRoute par d\u00e9faut<\/h2>\n\n\n\nip route 0.0.0.0 0.0.0.0 192.168.40.1<\/code><\/pre>\n\n\n\n
\n\n\n\n5. Publication du serveur web interne<\/h1>\n\n\n\nRedirection du port 80 externe vers 10.0.0.2<\/h2>\n\n\n\nip nat inside source static tcp 10.0.0.2 80 interface GigabitEthernet0\/0\/0 80<\/code><\/pre>\n\n\n\nCette r\u00e8gle permet d\u2019acc\u00e9der au serveur web depuis Internet via l\u2019adresse publique du routeur.<\/p>\n\n\n\n
\n\n\n\n6. S\u00e9curisation SSH<\/h1>\n\n\n\nG\u00e9n\u00e9ration des cl\u00e9s RSA<\/h2>\n\n\n\ncrypto key generate rsa<\/code><\/pre>\n\n\n\nTaille recommand\u00e9e :<\/p>\n\n\n\n
1024<\/code><\/pre>\n\n\n\n
\n\n\n\nActivation SSH v2<\/h2>\n\n\n\nip ssh version 2<\/code><\/pre>\n\n\n\n
\n\n\n\nConfiguration des lignes VTY<\/h2>\n\n\n\nline vty 0 15
login local
transport input ssh
exec-timeout 5 0<\/code><\/pre>\n\n\n\n
\n\n\n\nD\u00e9sactivation Telnet<\/h2>\n\n\n\n
Le Telnet est d\u00e9sactiv\u00e9 gr\u00e2ce \u00e0 :<\/p>\n\n\n\n
transport input ssh<\/code><\/pre>\n\n\n\n
\n\n\n\n7. Configuration des ACL de s\u00e9curit\u00e9<\/h1>\n\n\n\nObjectifs<\/h2>\n\n\n\nR\u00e8gle<\/th> Autorisation<\/th><\/tr><\/thead> Tous les VLAN<\/td> Acc\u00e8s au serveur 10.0.0.100<\/code><\/td><\/tr>Tous les VLAN<\/td> Acc\u00e8s au VLAN 10<\/td><\/tr> VLAN 10<\/td> Internet<\/td><\/tr> VLAN 20<\/td> Internet<\/td><\/tr> VLAN 40<\/td> Internet<\/td><\/tr> VLAN 30<\/td> Internet interdit<\/td><\/tr> Tout le reste<\/td> Refus\u00e9<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\nACL VLAN 10<\/h1>\n\n\n\nip access-list extended VLAN10-IN
remark Acces serveur
permit ip any host 10.0.0.100
remark Acces VLAN 10
permit ip any 10.0.0.0 0.0.0.31
remark Internet
permit ip any any
deny ip any any<\/code><\/pre>\n\n\n\n
\n\n\n\nACL VLAN 20<\/h1>\n\n\n\nip access-list extended VLAN20-IN
remark Acces serveur
permit ip any host 10.0.0.100
remark Acces VLAN 10
permit ip any 10.0.0.0 0.0.0.31
remark Internet
permit ip any any
deny ip any any<\/code><\/pre>\n\n\n\n
\n\n\n\nACL VLAN 30<\/h1>\n\n\n\nip access-list extended VLAN30-IN
remark Acces serveur
permit ip any host 10.0.0.100
remark Acces VLAN 10
permit ip any 10.0.0.0 0.0.0.31
remark Blocage Internet
deny ip any any<\/code><\/pre>\n\n\n\n
\n\n\n\nACL VLAN 40<\/h1>\n\n\n\nip access-list extended VLAN40-IN
remark Acces serveur
permit ip any host 10.0.0.100
remark Acces VLAN 10
permit ip any 10.0.0.0 0.0.0.31
remark Internet
permit ip any any
deny ip any any<\/code><\/pre>\n\n\n\n
\n\n\n\n8. Sauvegarde de la configuration<\/h1>\n\n\n\nSauvegarde imm\u00e9diate<\/h2>\n\n\n\ncopy running-config startup-config<\/code><\/pre>\n\n\n\n
\n\n\n\n9. V\u00e9rifications utiles<\/h1>\n\n\n\nV\u00e9rifier les interfaces<\/h2>\n\n\n\nshow ip interface brief<\/code><\/pre>\n\n\n\n
\n\n\n\nV\u00e9rifier le NAT<\/h2>\n\n\n\nshow ip nat translations<\/code><\/pre>\n\n\n\n
\n\n\n\nV\u00e9rifier les ACL<\/h2>\n\n\n\nshow access-lists<\/code><\/pre>\n\n\n\n
\n\n\n\nV\u00e9rifier SSH<\/h2>\n\n\n\nshow ip ssh<\/code><\/pre>\n\n\n\n<\/p>\n\n\n\n
11. Configuration du switch Cisco<\/h1>\n\n\n\nObjectif<\/h2>\n\n\n\n
Cette configuration permet :<\/p>\n\n\n\n
\n- La cr\u00e9ation des VLAN<\/li>\n\n\n\n
- Le param\u00e9trage des ports access et trunk<\/li>\n\n\n\n
- La s\u00e9curisation des ports<\/li>\n\n\n\n
- La limitation des attaques r\u00e9seau<\/li>\n\n\n\n
- Le raccordement de plusieurs \u00e9quipements sur diff\u00e9rents ports VLAN<\/li>\n<\/ul>\n\n\n\n
\n\n\n\n12. Cr\u00e9ation des VLAN<\/h1>\n\n\n\nconfigure terminal
vlan 10
name ADMIN
vlan 20
name USERS
vlan 30
name IOT
vlan 40
name WIFI<\/code><\/pre>\n\n\n\n
\n\n\n\n13. Configuration du trunk vers le routeur<\/h1>\n\n\n\nPort connect\u00e9 au routeur<\/h2>\n\n\n\n
Exemple : interface GigabitEthernet0\/1<\/code><\/p>\n\n\n\ninterface GigabitEthernet0\/1
description TRUNK_VERS_ROUTEUR
switchport mode trunk
switchport trunk allowed vlan 10,20,30,40
no shutdown<\/code><\/pre>\n\n\n\n
\n\n\n\n14. Configuration des ports utilisateurs<\/h1>\n\n\n\nVLAN 10 \u2014 Administration<\/h1>\n\n\n\nPorts avec plusieurs \u00e9quipements<\/h2>\n\n\n\n
Exemple :<\/p>\n\n\n\n
\n- PC administratifs<\/li>\n\n\n\n
- Imprimantes<\/li>\n\n\n\n
- T\u00e9l\u00e9phones IP<\/li>\n<\/ul>\n\n\n\n
Ports Fa0\/1 \u00e0 Fa0\/6<\/code><\/p>\n\n\n\ninterface range FastEthernet0\/1 - 6
description VLAN10_ADMIN
switchport mode access
switchport access vlan 10
spanning-tree portfast
spanning-tree bpduguard enable
switchport port-security
switchport port-security maximum 3
switchport port-security violation restrict
switchport port-security mac-address sticky
no shutdown<\/code><\/pre>\n\n\n\n
\n\n\n\nVLAN 20 \u2014 Utilisateurs<\/h1>\n\n\n\nPorts utilisateurs classiques<\/h2>\n\n\n\n
Ports Fa0\/7 \u00e0 Fa0\/16<\/code><\/p>\n\n\n\ninterface range FastEthernet0\/7 - 16
description VLAN20_USERS
switchport mode access
switchport access vlan 20
spanning-tree portfast
spanning-tree bpduguard enable
switchport port-security
switchport port-security maximum 2
switchport port-security violation restrict
switchport port-security mac-address sticky
no shutdown<\/code><\/pre>\n\n\n\n
\n\n\n\nVLAN 30 \u2014 IoT \/ Cam\u00e9ras \/ Objets connect\u00e9s<\/h1>\n\n\n\n
Ports Fa0\/17 \u00e0 Fa0\/20<\/code><\/p>\n\n\n\ninterface range FastEthernet0\/17 - 20
description VLAN30_IOT
switchport mode access
switchport access vlan 30
spanning-tree portfast
spanning-tree bpduguard enable
switchport port-security
switchport port-security maximum 5
switchport port-security violation shutdown
switchport port-security mac-address sticky
no shutdown<\/code><\/pre>\n\n\n\n
\n\n\n\nVLAN 40 \u2014 WiFi \/ Bornes<\/h1>\n\n\n\n
Ports Fa0\/21 \u00e0 Fa0\/24<\/code><\/p>\n\n\n\ninterface range FastEthernet0\/21 - 24
description VLAN40_WIFI
switchport mode access
switchport access vlan 40
spanning-tree portfast
spanning-tree bpduguard enable
switchport port-security
switchport port-security maximum 10
switchport port-security violation restrict
switchport port-security mac-address sticky
no shutdown<\/code><\/pre>\n\n\n\n
\n\n\n\n15. S\u00e9curisation des ports inutilis\u00e9s<\/h1>\n\n\n\nD\u00e9sactivation des ports non utilis\u00e9s<\/h2>\n\n\n\ninterface range GigabitEthernet0\/2 - 2
shutdown
description PORT_DESACTIVE<\/code><\/pre>\n\n\n\n
\n\n\n\n16. Protection contre les attaques r\u00e9seau<\/h1>\n\n\n\nActivation de Port Security<\/h1>\n\n\n\nFonctionnement<\/h2>\n\n\n\n
Le switch :<\/p>\n\n\n\n
\n- Apprend automatiquement les adresses MAC<\/li>\n\n\n\n
- Limite le nombre d\u2019\u00e9quipements<\/li>\n\n\n\n
- Bloque les \u00e9quipements inconnus<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nTypes de violations<\/h1>\n\n\n\nMode<\/th> Effet<\/th><\/tr><\/thead> protect<\/td> Ignore les paquets<\/td><\/tr> restrict<\/td> Ignore + log<\/td><\/tr> shutdown<\/td> Coupe le port<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\nProtection BPDU Guard<\/h1>\n\n\n\nObjectif<\/h2>\n\n\n\n
Emp\u00eacher un utilisateur de connecter un switch non autoris\u00e9.<\/p>\n\n\n\n
spanning-tree bpduguard enable<\/code><\/pre>\n\n\n\nSi un BPDU est re\u00e7u :<\/p>\n\n\n\n
\n- le port passe automatiquement en erreur (
err-disabled<\/code>)<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nActivation globale de PortFast<\/h1>\n\n\n\nspanning-tree portfast default<\/code><\/pre>\n\n\n\n
\n\n\n\nActivation globale BPDU Guard<\/h1>\n\n\n\nspanning-tree portfast bpduguard default<\/code><\/pre>\n\n\n\n
\n\n\n\n17. S\u00e9curisation DHCP (DHCP Snooping)<\/h1>\n\n\n\nActivation globale<\/h2>\n\n\n\nip dhcp snooping
ip dhcp snooping vlan 10,20,30,40<\/code><\/pre>\n\n\n\n
\n\n\n\nAutoriser le trunk vers le routeur DHCP<\/h2>\n\n\n\ninterface GigabitEthernet0\/1
ip dhcp snooping trust<\/code><\/pre>\n\n\n\n
\n\n\n\n18. Protection ARP (Dynamic ARP Inspection)<\/h1>\n\n\n\nip arp inspection vlan 10,20,30,40<\/code><\/pre>\n\n\n\n
\n\n\n\nAutoriser le trunk<\/h2>\n\n\n\ninterface GigabitEthernet0\/1
ip arp inspection trust<\/code><\/pre>\n\n\n\n
\n\n\n\n19. Protection contre les temp\u00eates r\u00e9seau<\/h1>\n\n\n\nStorm Control<\/h2>\n\n\n\ninterface range FastEthernet0\/1 - 24
storm-control broadcast level 5.00
storm-control multicast level 5.00
storm-control action shutdown<\/code><\/pre>\n\n\n\n
\n\n\n\n20. S\u00e9curisation de l\u2019acc\u00e8s au switch<\/h1>\n\n\n\nConfiguration SSH<\/h1>\n\n\n\nNom et domaine<\/h2>\n\n\n\nhostname SW1
ip domain-name eryann.bzh<\/code><\/pre>\n\n\n\n
\n\n\n\nUtilisateur local<\/h2>\n\n\n\nusername admin secret MotDePasseFort
enable secret MotDePasseFort<\/code><\/pre>\n\n\n\n
\n\n\n\nG\u00e9n\u00e9ration des cl\u00e9s RSA<\/h2>\n\n\n\ncrypto key generate rsa<\/code><\/pre>\n\n\n\nTaille :<\/p>\n\n\n\n
1024<\/code><\/pre>\n\n\n\n
\n\n\n\nActivation SSH<\/h2>\n\n\n\nip ssh version 2<\/code><\/pre>\n\n\n\n
\n\n\n\nLignes VTY<\/h2>\n\n\n\nline vty 0 15
login local
transport input ssh
exec-timeout 5 0<\/code><\/pre>\n\n\n\n
\n\n\n\n21. Adresse IP de management du switch<\/h1>\n\n\n\nInterface VLAN de gestion<\/h2>\n\n\n\ninterface vlan 10
ip address 10.0.0.2 255.255.255.224
no shutdown<\/code><\/pre>\n\n\n\n
\n\n\n\nPasserelle par d\u00e9faut<\/h2>\n\n\n\nip default-gateway 10.0.0.1<\/code><\/pre>\n\n\n\n
\n\n\n\n22. V\u00e9rifications importantes<\/h1>\n\n\n\nV\u00e9rifier les VLAN<\/h1>\n\n\n\nshow vlan brief<\/code><\/pre>\n\n\n\n
\n\n\n\nV\u00e9rifier le trunk<\/h1>\n\n\n\nshow interfaces trunk<\/code><\/pre>\n\n\n\n
\n\n\n\nV\u00e9rifier Port Security<\/h1>\n\n\n\nshow port-security
show port-security interface FastEthernet0\/1<\/code><\/pre>\n\n\n\n
\n\n\n\nV\u00e9rifier les adresses MAC apprises<\/h1>\n\n\n\nshow mac address-table<\/code><\/pre>\n\n\n\n
\n\n\n\nV\u00e9rifier DHCP Snooping<\/h1>\n\n\n\nshow ip dhcp snooping<\/code><\/pre>\n\n\n\n
\n\n\n\nV\u00e9rifier SSH<\/h1>\n\n\n\nshow ip ssh<\/code><\/pre>\n\n\n\n
\n\n\n\n23. Sauvegarde de la configuration<\/h1>\n\n\n\ncopy running-config startup-config<\/code><\/pre>\n\n\n\n
\n\n\n\n24. R\u00e9sultat final de l\u2019architecture<\/h1>\n\n\n\nVLAN<\/th> R\u00e9seau<\/th> Usage<\/th> Internet<\/th><\/tr><\/thead> VLAN 10<\/td> 10.0.0.0\/27<\/td> Administration<\/td> Oui<\/td><\/tr> VLAN 20<\/td> 10.0.0.32\/27<\/td> Utilisateurs<\/td> Oui<\/td><\/tr> VLAN 30<\/td> 10.0.0.64\/27<\/td> IoT<\/td> Non<\/td><\/tr> VLAN 40<\/td> 10.0.0.96\/27<\/td> WiFi<\/td> Oui<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n25. Fichiers de configuration importants<\/h1>\n\n\n\nConfiguration active<\/h2>\n\n\n\nrunning-config<\/code><\/pre>\n\n\n\n
\n\n\n\nConfiguration sauvegard\u00e9e<\/h2>\n\n\n\nstartup-config<\/code><\/pre>\n\n\n\n
\n\n\n\nCommandes utiles<\/h2>\n\n\n\nshow running-config
show vlan brief
show interfaces trunk
show port-security
show mac address-table
show spanning-tree
show ip ssh<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"Objectif Cette configuration permet de : 1. Configuration de base du routeur Nom du routeur et domaine S\u00e9curisation des mots de passe 2. Configuration des interfaces Interface WAN (Internet) Interface trunk vers le switch 3. Configuration des VLANs VLAN 10 VLAN 20 VLAN 30 VLAN 40 4. Configuration du NAT Internet ACL NAT Activation du […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[23,4,10],"tags":[],"class_list":["post-453","post","type-post","status-publish","format-standard","hentry","category-8021q","category-cisco","category-reseau"],"yoast_head":"\n
Fiche \u2013 Configuration d\u2019un routeur Cisco avec VLAN, NAT, ACL et s\u00e9curisation SSH - Eryann Breizh SecOps<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fiche \u2013 Configuration d\u2019un routeur Cisco avec VLAN, NAT, ACL et s\u00e9curisation SSH - Eryann Breizh SecOps\" \/>\n<meta property=\"og:description\" content=\"Objectif Cette configuration permet de : 1. Configuration de base du routeur Nom du routeur et domaine S\u00e9curisation des mots de passe 2. Configuration des interfaces Interface WAN (Internet) Interface trunk vers le switch 3. Configuration des VLANs VLAN 10 VLAN 20 VLAN 30 VLAN 40 4. Configuration du NAT Internet ACL NAT Activation du […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/\" \/>\n<meta property=\"og:site_name\" content=\"Eryann Breizh SecOps\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-26T18:45:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-26T18:48:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/image-14.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"wpadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"wpadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/\"},\"author\":{\"name\":\"wpadmin\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/person\\\/d2ee98d2385cd045ed4fe1c07ca320b5\"},\"headline\":\"Fiche \u2013 Configuration d\u2019un routeur Cisco avec VLAN, NAT, ACL et s\u00e9curisation SSH\",\"datePublished\":\"2026-05-26T18:45:48+00:00\",\"dateModified\":\"2026-05-26T18:48:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/\"},\"wordCount\":574,\"publisher\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/image-14-1024x683.png\",\"articleSection\":[\"8021q\",\"Cisco\",\"R\u00e9seau\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/\",\"url\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/\",\"name\":\"Fiche \u2013 Configuration d\u2019un routeur Cisco avec VLAN, NAT, ACL et s\u00e9curisation SSH - Eryann Breizh SecOps\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/image-14-1024x683.png\",\"datePublished\":\"2026-05-26T18:45:48+00:00\",\"dateModified\":\"2026-05-26T18:48:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/image-14.png\",\"contentUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/image-14.png\",\"width\":1536,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/8021q\\\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/eryann.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fiche \u2013 Configuration d\u2019un routeur Cisco avec VLAN, NAT, ACL et s\u00e9curisation SSH\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#website\",\"url\":\"https:\\\/\\\/eryann.fr\\\/\",\"name\":\"Eryann Breizh SecOps\",\"description\":\"Fiches techniques & labs en syst\u00e8mes et r\u00e9seaux poor les \u00e9tudiants en BTS CEIL ET SIO\",\"publisher\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/eryann.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#organization\",\"name\":\"Breizh Sec Ops\",\"url\":\"https:\\\/\\\/eryann.fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png\",\"contentUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png\",\"width\":1246,\"height\":229,\"caption\":\"Breizh Sec Ops\"},\"image\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/person\\\/d2ee98d2385cd045ed4fe1c07ca320b5\",\"name\":\"wpadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g\",\"caption\":\"wpadmin\"},\"sameAs\":[\"https:\\\/\\\/eryann.fr\"],\"url\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/author\\\/wpadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fiche \u2013 Configuration d\u2019un routeur Cisco avec VLAN, NAT, ACL et s\u00e9curisation SSH - Eryann Breizh SecOps","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/","og_locale":"fr_FR","og_type":"article","og_title":"Fiche \u2013 Configuration d\u2019un routeur Cisco avec VLAN, NAT, ACL et s\u00e9curisation SSH - Eryann Breizh SecOps","og_description":"Objectif Cette configuration permet de : 1. Configuration de base du routeur Nom du routeur et domaine S\u00e9curisation des mots de passe 2. Configuration des interfaces Interface WAN (Internet) Interface trunk vers le switch 3. Configuration des VLANs VLAN 10 VLAN 20 VLAN 30 VLAN 40 4. Configuration du NAT Internet ACL NAT Activation du […]","og_url":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/","og_site_name":"Eryann Breizh SecOps","article_published_time":"2026-05-26T18:45:48+00:00","article_modified_time":"2026-05-26T18:48:57+00:00","og_image":[{"width":1536,"height":1024,"url":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/image-14.png","type":"image\/png"}],"author":"wpadmin","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"wpadmin","Dur\u00e9e de lecture estim\u00e9e":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/#article","isPartOf":{"@id":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/"},"author":{"name":"wpadmin","@id":"https:\/\/eryann.fr\/#\/schema\/person\/d2ee98d2385cd045ed4fe1c07ca320b5"},"headline":"Fiche \u2013 Configuration d\u2019un routeur Cisco avec VLAN, NAT, ACL et s\u00e9curisation SSH","datePublished":"2026-05-26T18:45:48+00:00","dateModified":"2026-05-26T18:48:57+00:00","mainEntityOfPage":{"@id":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/"},"wordCount":574,"publisher":{"@id":"https:\/\/eryann.fr\/#organization"},"image":{"@id":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/#primaryimage"},"thumbnailUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/image-14-1024x683.png","articleSection":["8021q","Cisco","R\u00e9seau"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/","url":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/","name":"Fiche \u2013 Configuration d\u2019un routeur Cisco avec VLAN, NAT, ACL et s\u00e9curisation SSH - Eryann Breizh SecOps","isPartOf":{"@id":"https:\/\/eryann.fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/#primaryimage"},"image":{"@id":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/#primaryimage"},"thumbnailUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/image-14-1024x683.png","datePublished":"2026-05-26T18:45:48+00:00","dateModified":"2026-05-26T18:48:57+00:00","breadcrumb":{"@id":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/#primaryimage","url":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/image-14.png","contentUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/image-14.png","width":1536,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/eryann.fr\/index.php\/8021q\/fiche-configuration-dun-routeur-cisco-avec-vlan-nat-acl-et-securisation-ssh\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/eryann.fr\/"},{"@type":"ListItem","position":2,"name":"Fiche \u2013 Configuration d\u2019un routeur Cisco avec VLAN, NAT, ACL et s\u00e9curisation SSH"}]},{"@type":"WebSite","@id":"https:\/\/eryann.fr\/#website","url":"https:\/\/eryann.fr\/","name":"Eryann Breizh SecOps","description":"Fiches techniques & labs en syst\u00e8mes et r\u00e9seaux poor les \u00e9tudiants en BTS CEIL ET SIO","publisher":{"@id":"https:\/\/eryann.fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/eryann.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/eryann.fr\/#organization","name":"Breizh Sec Ops","url":"https:\/\/eryann.fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/eryann.fr\/#\/schema\/logo\/image\/","url":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png","contentUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png","width":1246,"height":229,"caption":"Breizh Sec Ops"},"image":{"@id":"https:\/\/eryann.fr\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/eryann.fr\/#\/schema\/person\/d2ee98d2385cd045ed4fe1c07ca320b5","name":"wpadmin","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g","caption":"wpadmin"},"sameAs":["https:\/\/eryann.fr"],"url":"https:\/\/eryann.fr\/index.php\/author\/wpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts\/453","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/comments?post=453"}],"version-history":[{"count":2,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts\/453\/revisions"}],"predecessor-version":[{"id":457,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts\/453\/revisions\/457"}],"wp:attachment":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/media?parent=453"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/categories?post=453"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/tags?post=453"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}