LKSN2017 ITNSA MODUL2
LOMBA KETERAMPILAN SISWA
SEKOLAH MENENGAH KEJURUAN
TINGKAT NASIONAL XXV 2017
MODUL B
SYSTEM INTEGRATION ISLAND
IT NETWORK SYSTEMS
ADMINISTRATION
LKS2017_ITNSA_MODULB
ISLAND 2 – SYSTEM INTEGRATION ISLAND
CONTENTS
This Test Project proposal consists of the following document/file:
LKSN2017_ITNSA_MODUL2.pdf
INTRODUCTION
The competition has a fixed start and finish time. You must decide how to best divide your
time.
Please carefully read the following instructions!
When the competition time ends, please leave your station in a running state.
Please do not touch the VMware configuration as well as the configuration of the VM
itself except the CD-ROM / HDD drives
PHYSICAL MACHINE (HOST)
FOLDER PATHS
Virtual Machines:
E:\Virtual Machine
ISO Images:
E:\Apps
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
PART I
WORK TASK INSTALLATION (WINSRV1, WINSRV2,
LNXSRV1, LNXSRV2)
Note Please use the default configuration if you are not given details.
WORK TASK SERVER WINSRV1
Configure the server with the hostname, domain and IP specified in the appendix.
o Modify the default Firewall rules to allow ICMP (ping) traffic
o Install Active Directory Domain Services for indonesiahebat.net.
Create a new Organization Unit named InaHebat2017. All new users and groups must be
created in this OU.
Create the user and security global group with members as indicated in the table in
Appendix. Use Jakarta2017 as the password for all user accounts.
o DNS
Create a forward zone alled indonesiahebat.net
Create a reverse zone for the IP range.
Create 3 subdomain:
- info.indoneisahebat.net
- training.indonesiahebat.net
- competition.indonesiahebat.net
Create a secondary zone for smkhebat.org and use this server as the backup DNS
for the smkhebat.org domain
Host and service records have to be created in DNS for all servers and clients.
o PKI (Public Key Infrastructure)
Install and configure Certificate Service
I stall o l the Certifi ate Authorit
Create a template for Clients AND Servers
- Na e the te plate ITNSA-Clie t“er erCert
- Publish the the template in Active Directory
- “et the su je t a e for at to o
o a e
o GPO – Password Policies
Ensure the company user password must meet the following criteria:
- Domain passwords will be at least 6 characters.
- Strong passwords need not be enforced.
- Passwords will not be stored with reversible encryption.
- Passwords will be changed exactly every 90 days.
- Accounts will be locked out for 30 minutes after three invalid logon attempts.
The password of the users in IT group must meet the following criteria:
- Domain passwords will be at least 10 characters.
- Strong passwords will be enforced.
- Passwords will not be stored with reversible encryption.
- Passwords will be changed exactly every 30 days.
- Accounts will be locked out for 15 minutes after two invalid logon attempts.
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
o
o
GPO – Security Policies
At logon on WINCLT2, users should see this message before logging in: Message Title:
Wel o e to Indonesiahebat2017 ith Message Te t O l authorized perso el allo ed
to a ess. a d prohi it this essage o all ser ers.
All users, except the IT group, are not allowed to access the display settings on the Control
Panel.
disable "First Sign-in Animation" for all Windows 8.1 clients
disa le the use of
d a d ru for the Visitor group
VPN SERVER (RRAS)
setup and configure the VPN service (RRAS)
use the following IP Range for the VPN Clients: 192.168.50.100 – 192.168.50.150 (provided
by RRAS service)
With a VPN connection the user should be able to access to the shares on WINSRV2
Only users in the sales group should be able to connect to the VPN server
Remote Clients should be able to access the vpn server via the ip address 143.25.100.1
WORK TASK SERVER WINSRV2
Configure the server with the hostname, domain and IP specified in the appendix.
o Modify the default Firewall rules to allow ICMP (ping) traffic
o Install Active Directory Domain Services for smkhebat.org.
Administrator password should be Jakarta2017
Enable two-way trust between indonesiahebat.net forest and smkhebat.org forest.
Users from each of the forests are able to access resources in both forests.
o DNS
Create a for ard zo e alled smkhebat.org
Create a reverse zone for the IP range defined in VLAN 31.
Create a secondary zone for indonesiahebat.net and use this server as the backup DNS for
the indonesiahebat.net domain
Host and service records have to be created in DNS for all servers and clients.
o Web Server (IIS)
Setup the company web server www.smkhebat.org
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
WORK TASK SERVER WINSRV1 & WINSRV2
o Install Distributed File System
Create skills as the root DF“ Na espa e i a Do ai -based namespace in 2008 mode.
Create DFS share folders and configure the folder targets as indicated in the following table.
Enable DFS Replication between WINSRV1 and WINSRV2.
DFS Namespace Share Folders
\\indonesiahebat.net\skills\rfol
ders
Folder Target
\\WINSRV1\rfolders
\\WINSRV2\rfolders
Local Folder on both Servers
C:\share\rfolders On WINSRV1
E:\share\rfolders On WINSRV2
\\indonesiahebat.net\skills\IT
\\WINSRV1\IT
\\WINSRV2\IT
\\WINSRV1\Sales
\\WINSRV2\Sales
\\WINSRV1\Mkt
\\WINSRV2\Mkt
C:\share\IT On WINSRV1
E:\share\IT On WINSRV2
C:\share\Sales On WINSRV1
E:\share\Sales On WINSRV2
C:\share\Mkt On WINSRV1
E:\share\Mkt On WINSRV2
\\indonesiahebat.net\skills\Sal
es
\\indonesiahebat.net\skills\Ma
rketing
o
Description
Folder
Redirection &
home folder
Departmental
Share for IT
Departmental
Share for Sales
Departmental
Share for
Marketing
Configure users profiles and share folders:
Create users’ ho e folder \\indonesiahebat.net\skills\rfolders \username and ensure it is
mapped to Z: at each logon automatically.
- limit the storage space to every home folder to 50MB
- Prevent any .exe and .bat files to be stored on the home folder.
Redirect the Documents folder to
\\indonesiahebat.net\skills\rfolders\username\Documents.
Create departmental share folders on \\indonesiahebat.net\skills\IT,
\\indonesiahebat.net\skills\Sales and \\indonesiahebat.net\skills\Marketing and map the
respective share folder to Y: at logon, depending on the department the user is in. Users
should ot e allo ed to a ess other depart e ts’ or users ho e shares.
WOTK TASK SERVER LNXSRV1
Configure the server with the hostname, domain and IP specified in the appendix.
o Create 50 local UNIX users (userxx) ith pass ord Jakarta2017
o FreeRadius Server
Co figure radius ser er for router a d s it h a ess authe ti atio . Use “e ret
as
share key.
Create SW1 ith pass ord LK“N2017 . Will e used for s it h a ess authe ti atio .
Create RO
ith pass ord LK“N2017 . Will be used for router access authentication.
o NTP Server
Set NTP server service. Use local clock as time server source
o DHCP Server
Pool AOCC
Range: 10.99.111.51– 10.99.111.100
Netmask: /25
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
Gateway: 10.99.111.1
DNS: 10.99.112.2
Pool OUTSIDE
Range: 220.17.8.36– 220.17.8.40
Netmask: /28
Gateway: 220.17.8.45
DNS: 220.17.8.42
WORK TASK SERVER LNXSRV2
Configure the server with the hostname, domain and IP specified in the appendix.
o Web Server (nginx)
Create 3 virtual webhost for info.indonesiahebat.net; training.indonesiahebat.net;
competition.indonesiahebat.net
Make sure http:// training.indonesiahebat.net is prote ted authe ti atio
o Create users fro
lie t
to lie t
o Mail Server & Web Mail
Create users budi and ani
Make sure they have access via POP3, IMAP and SMTP
Before you finish your project make sure you send an email message from budi to ani and
another message from ani to budi
Do not delete these email messages.
o Cacti
Install Cacti
Create an admin-user aster ith pass ord Jakarta2017
Create a graph showing the statistics of the CPU, Memory and interfaces traffic of the
LNXSRV1, RO1 and SW1
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
PART II
WORK TASK NETWORK CONFIGURATION (RO1, SW1)
Note Please use the default configuration if you are not given details.
WORK TASK ROUTER (RO1) & SWITCH (SW1)
o Use the Indonesia2017 as secret password
o Line console must login with the password LKSN2017
o Configure AAA login with the lnxsrv1 as Radius Server
o Create username admin and password LKSN2017 for failover user if RADIUS server is not
available
o Enable SSH Access with authentication using radius server (lnxsrv1)
o Encrypt all clear text password
o Co figure a er MOTD AUTHORIZED ACCESS ONLY
o Configure VLAN and IP Address
Description /
Device
Interface
VLAN ID
IP Address
VLAN Name
GI0/0
220.17.8.45/28
Gi0/1.30
30
DESC
10.99.110.62/26
GI0/1.31
31
AOCC
10.99.111.1/25
RO1
GI0/1.32
32
VOICE
10.99.111.129/25
Gi0/1.33
33
CDCC
10.99.112.1/27
Gi0/1.99
99
NATIVE
10.0.0.1/28
Fa0/20 –
99
NATIVE
10.0.0.2/28
Fa0/24
Fa0/1 –
33
CDCC
Fa0/4
SW1
Fa0/5 –
31 Data &
31 = AOCC
Fa0/12
32 Voice
32 = VOICE
Fa0/13 –
30
DESC
Fa0/20
WORK TASK ROUTER (RO1)
o Configure the server with the hostname RO1
o Co figure DHCP Rela for VLAN AOCC to l sr
o Configure NAT / PAT
Configure NAT Overload using interface gi0/0 with inside local VLAN AOCC
Configure Static NAT
Static NAT to lnxsrv2 with IP address 220.17.8.41
Static NAT to winsrv1 with IP address 220.17.8.42
o Telephony Service
o Number 999 is used for paging all phones of the company
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
o
o
o Configure button 2 on hqvph1 to call directly to paging extension
o Configure Intercom service with the extension 199
Access Control List (ACL)
Configure Access List with rule below
- Ensure outside can access to lnxsrv2 and winsrv1 using IP outside of RO1
- Allow access from outside to web server linxsrv1 and winsrv2
- Deny other traffic from outside to inside
SNMPP
WORK TASK SWITCH (SW1)
o Configure the server with the hostname SW1
o Configure port interface
Port 24 trunk mode to ro1
Port 1 for lnxsrv1 and lnxsrv2
Port 13 for winsrv1
Port 14 for winsrv2
Port 5 for hqvph1
Port 6 for winclnt1
o Configure port security maximum 3 mac address with violation shutdown for port to lnxsrv1,
lnxsrv2, winsrv1 and winsrv2
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
PART III
WORK TASK WINDOWS CLIENT (WINCLT1, WINCLT2, IP
PHONE)
Note Please use the default configuration if you are not given details.
WORK TASK WINDOWS EXTERNAL (WINCLT1)
Configure the server with the hostname, domain and IP specified in the appendix.
o Connect the WINCLT1 to the outside RO1
o Configure VPN client for connect to winsrv1
WORK TASK WINDOWS INTERNAL (WINCLT2)
Configure the server with the hostname, domain and IP specified in the appendix.
o Connect the WINCLT to the switch VLAN AOCC
o Join the notebook to the domain
o Install and configure Cisco IP Communicator with number 101
WORK TASK IP PHONE (HQVPH1)
Note: Please use the default configuration if you are not given the details.
Connect LAN cables and configure IP addresses according to the network diagram in the
appendix
Configure with number 100
Make sure the VoIP-phone is using VLAN19 for its VoIP-traffic
The traffic of the connected computer shall use VLAN11
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
APPENDIX
SPECIFICATIONS
WINSRV1
Computer name:
WINSRV1
Operating System
MS Windows 2012 R2
Domain Name:
indonesiahebat.net
Administrator User name:
Administrator
Administrator password:
Jakarta2017
IP address:
10.99.122.2/28
Domain NetBIOS Name:
HEBAT
WINSRV2
Computer name:
WINSRV2
Operating System
MS Windows 2012 R2
Domain Name:
smkhebat.org
Administrator User name:
Administrator
Administrator password:
Jakarta2017
IP address:
10.99.122.3/28
Domain NetBIOS Name:
HEBAT
LNXSRV1
Computer name:
LNXSRV1
Operating System
Linux Debian 7.8
User name:
root
Password:
Jakarta2017
IP address:
10.99.110.1/26
LNXSRV2
Computer name:
LNXSRV2
Operating System
Linux Debian 7.8
User name:
root
Password:
Jakarta2017
IP address:
10.99.110.2/26
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
WINCLT1
Computer name:
WINCLT 1
Operating System
MS Windows 8.1
User name:
Administrator
Password:
Jakarta2017
Domain name:
Indonesiahebat.net
IP address:
DHCP
WINCLT2
Computer name:
WINCLT 2
Operating System
MS Windows 8.1
User name:
Administrator
Password:
Jakarta2017
Domain name:
indonesiahebat.net
IP address:
DHCP
NETWORK SPESIFICATION
VLAN DESC (ID: 30)
10.99.110.0/26
VLAN AOCC (ID: 31)
10.99.111.0/25
VLAN VOICE (ID: 32)
10.99.111.128/25
VLAN CDCC (ID: 33)
10.99.112.0/27
VLAN NATIVE (ID: 99)
OUTSIDE
10.0.0.0/28
220.17.8.0/28
DOMAIN USER LIST
Group
Members
IT
itXX (01 – 50)
Marketing
mktXX (01 – 50)
Visitors
vtrXX (01 - 30)
Employees
IT, Marketing
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
NETWORK SPESIFICATION
NETWORK DIAGRAM
MODUL B –SYSTEM INTEGRATION & CISCO ISLAND
Windows 8.1 Hostmachine (PC1)
Name : winsrv1
OS : Windows Server 2012 R2
User: Administrator
Password: Skills39
Domain: skillsbetter.com
IP-Address :
172.20.31.5/28
Service:
- AD
- DNS
- PKI (Public Key Infrastructure)
- GPO
- DFS
- SNMP
- VPN Server (RRAS)
VMnet1
Name : lnxsrv2
OS : Debian 7.8
User: root
Password: Skills39
Domain: skillsbetter.com
IP-Address :
172.20.30.4/29
Service:
- Web Server (nginx)
- Mail Server
- Web Mail
- Cacti
- SNMP
VMnet1
SW1
Name : SW1
Password:Skills39
VLAN:
VLAN 10: External :200.132.45.33/25
VLAN 20: Windows: 172.20.31.0/28
VLAN 30: Linux:172.20.30./29
VLAN 40: Branch: 172.29.1.0/28
Service:
- Port Security
- VLAN
- SSH
- SNMP
winsrv1
Name : lnxsrv1
OS : Debian 7.8
User: root
Password: Skills39
Domain: skillsbetter.com
IP-Address :
172.20.30.3/29
Service:
- FreeRadius
- NTP Server
- DHCP Server
- SNMP
Windows 8.1 Hostmachine (PC2)
winsrv2
RO1
Name : lnxsrv1
Password: Skills39
IP-Address :
External :200.132.45.33/25
Gi0/1.10: 172.20.31.1/28
Gi0/1.20::172.20.30.1/29
Gi0/1.30: 172.29.1.1/28
Gi0/1.40: 192.168.0.1/25:
Service
- Routing
- NAT
- ACL
- Telephony Service
- DHCP Relay
- SNMP
VMnet2
lnxsrv1
VMnet2
lnxclnt1
VMnet3
IP Phone
Ext 1002
lnxsrv2
lnxclnt2
Name : winsrv2
OS : Windows Server 2012 R2
User: Administrator
Password: Skills39
Domain: skillsbetter.com
IP-Address :
172.29.1.5/28
Service:
- AD
- DNS
- Web Server
- DFS
- SNMP
Name :winclnt1 (External)
OS : Windows 8.1
User: Administrator
Password: Skills39
Domain: skillsbetter.com
IP-Address :
DHCP from lnxsrv2
Service:
- VPN Client
- Softphone
Name : winclnt2 (Internal)
OS : Windows 8.1
User: Administrator
Password: Skills39
Domain: skillsbetter.com
IP-Address :
DHCP Client
Service:
- Join Domain
- Softphone
SEKOLAH MENENGAH KEJURUAN
TINGKAT NASIONAL XXV 2017
MODUL B
SYSTEM INTEGRATION ISLAND
IT NETWORK SYSTEMS
ADMINISTRATION
LKS2017_ITNSA_MODULB
ISLAND 2 – SYSTEM INTEGRATION ISLAND
CONTENTS
This Test Project proposal consists of the following document/file:
LKSN2017_ITNSA_MODUL2.pdf
INTRODUCTION
The competition has a fixed start and finish time. You must decide how to best divide your
time.
Please carefully read the following instructions!
When the competition time ends, please leave your station in a running state.
Please do not touch the VMware configuration as well as the configuration of the VM
itself except the CD-ROM / HDD drives
PHYSICAL MACHINE (HOST)
FOLDER PATHS
Virtual Machines:
E:\Virtual Machine
ISO Images:
E:\Apps
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
PART I
WORK TASK INSTALLATION (WINSRV1, WINSRV2,
LNXSRV1, LNXSRV2)
Note Please use the default configuration if you are not given details.
WORK TASK SERVER WINSRV1
Configure the server with the hostname, domain and IP specified in the appendix.
o Modify the default Firewall rules to allow ICMP (ping) traffic
o Install Active Directory Domain Services for indonesiahebat.net.
Create a new Organization Unit named InaHebat2017. All new users and groups must be
created in this OU.
Create the user and security global group with members as indicated in the table in
Appendix. Use Jakarta2017 as the password for all user accounts.
o DNS
Create a forward zone alled indonesiahebat.net
Create a reverse zone for the IP range.
Create 3 subdomain:
- info.indoneisahebat.net
- training.indonesiahebat.net
- competition.indonesiahebat.net
Create a secondary zone for smkhebat.org and use this server as the backup DNS
for the smkhebat.org domain
Host and service records have to be created in DNS for all servers and clients.
o PKI (Public Key Infrastructure)
Install and configure Certificate Service
I stall o l the Certifi ate Authorit
Create a template for Clients AND Servers
- Na e the te plate ITNSA-Clie t“er erCert
- Publish the the template in Active Directory
- “et the su je t a e for at to o
o a e
o GPO – Password Policies
Ensure the company user password must meet the following criteria:
- Domain passwords will be at least 6 characters.
- Strong passwords need not be enforced.
- Passwords will not be stored with reversible encryption.
- Passwords will be changed exactly every 90 days.
- Accounts will be locked out for 30 minutes after three invalid logon attempts.
The password of the users in IT group must meet the following criteria:
- Domain passwords will be at least 10 characters.
- Strong passwords will be enforced.
- Passwords will not be stored with reversible encryption.
- Passwords will be changed exactly every 30 days.
- Accounts will be locked out for 15 minutes after two invalid logon attempts.
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
o
o
GPO – Security Policies
At logon on WINCLT2, users should see this message before logging in: Message Title:
Wel o e to Indonesiahebat2017 ith Message Te t O l authorized perso el allo ed
to a ess. a d prohi it this essage o all ser ers.
All users, except the IT group, are not allowed to access the display settings on the Control
Panel.
disable "First Sign-in Animation" for all Windows 8.1 clients
disa le the use of
d a d ru for the Visitor group
VPN SERVER (RRAS)
setup and configure the VPN service (RRAS)
use the following IP Range for the VPN Clients: 192.168.50.100 – 192.168.50.150 (provided
by RRAS service)
With a VPN connection the user should be able to access to the shares on WINSRV2
Only users in the sales group should be able to connect to the VPN server
Remote Clients should be able to access the vpn server via the ip address 143.25.100.1
WORK TASK SERVER WINSRV2
Configure the server with the hostname, domain and IP specified in the appendix.
o Modify the default Firewall rules to allow ICMP (ping) traffic
o Install Active Directory Domain Services for smkhebat.org.
Administrator password should be Jakarta2017
Enable two-way trust between indonesiahebat.net forest and smkhebat.org forest.
Users from each of the forests are able to access resources in both forests.
o DNS
Create a for ard zo e alled smkhebat.org
Create a reverse zone for the IP range defined in VLAN 31.
Create a secondary zone for indonesiahebat.net and use this server as the backup DNS for
the indonesiahebat.net domain
Host and service records have to be created in DNS for all servers and clients.
o Web Server (IIS)
Setup the company web server www.smkhebat.org
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
WORK TASK SERVER WINSRV1 & WINSRV2
o Install Distributed File System
Create skills as the root DF“ Na espa e i a Do ai -based namespace in 2008 mode.
Create DFS share folders and configure the folder targets as indicated in the following table.
Enable DFS Replication between WINSRV1 and WINSRV2.
DFS Namespace Share Folders
\\indonesiahebat.net\skills\rfol
ders
Folder Target
\\WINSRV1\rfolders
\\WINSRV2\rfolders
Local Folder on both Servers
C:\share\rfolders On WINSRV1
E:\share\rfolders On WINSRV2
\\indonesiahebat.net\skills\IT
\\WINSRV1\IT
\\WINSRV2\IT
\\WINSRV1\Sales
\\WINSRV2\Sales
\\WINSRV1\Mkt
\\WINSRV2\Mkt
C:\share\IT On WINSRV1
E:\share\IT On WINSRV2
C:\share\Sales On WINSRV1
E:\share\Sales On WINSRV2
C:\share\Mkt On WINSRV1
E:\share\Mkt On WINSRV2
\\indonesiahebat.net\skills\Sal
es
\\indonesiahebat.net\skills\Ma
rketing
o
Description
Folder
Redirection &
home folder
Departmental
Share for IT
Departmental
Share for Sales
Departmental
Share for
Marketing
Configure users profiles and share folders:
Create users’ ho e folder \\indonesiahebat.net\skills\rfolders \username and ensure it is
mapped to Z: at each logon automatically.
- limit the storage space to every home folder to 50MB
- Prevent any .exe and .bat files to be stored on the home folder.
Redirect the Documents folder to
\\indonesiahebat.net\skills\rfolders\username\Documents.
Create departmental share folders on \\indonesiahebat.net\skills\IT,
\\indonesiahebat.net\skills\Sales and \\indonesiahebat.net\skills\Marketing and map the
respective share folder to Y: at logon, depending on the department the user is in. Users
should ot e allo ed to a ess other depart e ts’ or users ho e shares.
WOTK TASK SERVER LNXSRV1
Configure the server with the hostname, domain and IP specified in the appendix.
o Create 50 local UNIX users (userxx) ith pass ord Jakarta2017
o FreeRadius Server
Co figure radius ser er for router a d s it h a ess authe ti atio . Use “e ret
as
share key.
Create SW1 ith pass ord LK“N2017 . Will e used for s it h a ess authe ti atio .
Create RO
ith pass ord LK“N2017 . Will be used for router access authentication.
o NTP Server
Set NTP server service. Use local clock as time server source
o DHCP Server
Pool AOCC
Range: 10.99.111.51– 10.99.111.100
Netmask: /25
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
Gateway: 10.99.111.1
DNS: 10.99.112.2
Pool OUTSIDE
Range: 220.17.8.36– 220.17.8.40
Netmask: /28
Gateway: 220.17.8.45
DNS: 220.17.8.42
WORK TASK SERVER LNXSRV2
Configure the server with the hostname, domain and IP specified in the appendix.
o Web Server (nginx)
Create 3 virtual webhost for info.indonesiahebat.net; training.indonesiahebat.net;
competition.indonesiahebat.net
Make sure http:// training.indonesiahebat.net is prote ted authe ti atio
o Create users fro
lie t
to lie t
o Mail Server & Web Mail
Create users budi and ani
Make sure they have access via POP3, IMAP and SMTP
Before you finish your project make sure you send an email message from budi to ani and
another message from ani to budi
Do not delete these email messages.
o Cacti
Install Cacti
Create an admin-user aster ith pass ord Jakarta2017
Create a graph showing the statistics of the CPU, Memory and interfaces traffic of the
LNXSRV1, RO1 and SW1
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
PART II
WORK TASK NETWORK CONFIGURATION (RO1, SW1)
Note Please use the default configuration if you are not given details.
WORK TASK ROUTER (RO1) & SWITCH (SW1)
o Use the Indonesia2017 as secret password
o Line console must login with the password LKSN2017
o Configure AAA login with the lnxsrv1 as Radius Server
o Create username admin and password LKSN2017 for failover user if RADIUS server is not
available
o Enable SSH Access with authentication using radius server (lnxsrv1)
o Encrypt all clear text password
o Co figure a er MOTD AUTHORIZED ACCESS ONLY
o Configure VLAN and IP Address
Description /
Device
Interface
VLAN ID
IP Address
VLAN Name
GI0/0
220.17.8.45/28
Gi0/1.30
30
DESC
10.99.110.62/26
GI0/1.31
31
AOCC
10.99.111.1/25
RO1
GI0/1.32
32
VOICE
10.99.111.129/25
Gi0/1.33
33
CDCC
10.99.112.1/27
Gi0/1.99
99
NATIVE
10.0.0.1/28
Fa0/20 –
99
NATIVE
10.0.0.2/28
Fa0/24
Fa0/1 –
33
CDCC
Fa0/4
SW1
Fa0/5 –
31 Data &
31 = AOCC
Fa0/12
32 Voice
32 = VOICE
Fa0/13 –
30
DESC
Fa0/20
WORK TASK ROUTER (RO1)
o Configure the server with the hostname RO1
o Co figure DHCP Rela for VLAN AOCC to l sr
o Configure NAT / PAT
Configure NAT Overload using interface gi0/0 with inside local VLAN AOCC
Configure Static NAT
Static NAT to lnxsrv2 with IP address 220.17.8.41
Static NAT to winsrv1 with IP address 220.17.8.42
o Telephony Service
o Number 999 is used for paging all phones of the company
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
o
o
o Configure button 2 on hqvph1 to call directly to paging extension
o Configure Intercom service with the extension 199
Access Control List (ACL)
Configure Access List with rule below
- Ensure outside can access to lnxsrv2 and winsrv1 using IP outside of RO1
- Allow access from outside to web server linxsrv1 and winsrv2
- Deny other traffic from outside to inside
SNMPP
WORK TASK SWITCH (SW1)
o Configure the server with the hostname SW1
o Configure port interface
Port 24 trunk mode to ro1
Port 1 for lnxsrv1 and lnxsrv2
Port 13 for winsrv1
Port 14 for winsrv2
Port 5 for hqvph1
Port 6 for winclnt1
o Configure port security maximum 3 mac address with violation shutdown for port to lnxsrv1,
lnxsrv2, winsrv1 and winsrv2
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
PART III
WORK TASK WINDOWS CLIENT (WINCLT1, WINCLT2, IP
PHONE)
Note Please use the default configuration if you are not given details.
WORK TASK WINDOWS EXTERNAL (WINCLT1)
Configure the server with the hostname, domain and IP specified in the appendix.
o Connect the WINCLT1 to the outside RO1
o Configure VPN client for connect to winsrv1
WORK TASK WINDOWS INTERNAL (WINCLT2)
Configure the server with the hostname, domain and IP specified in the appendix.
o Connect the WINCLT to the switch VLAN AOCC
o Join the notebook to the domain
o Install and configure Cisco IP Communicator with number 101
WORK TASK IP PHONE (HQVPH1)
Note: Please use the default configuration if you are not given the details.
Connect LAN cables and configure IP addresses according to the network diagram in the
appendix
Configure with number 100
Make sure the VoIP-phone is using VLAN19 for its VoIP-traffic
The traffic of the connected computer shall use VLAN11
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
APPENDIX
SPECIFICATIONS
WINSRV1
Computer name:
WINSRV1
Operating System
MS Windows 2012 R2
Domain Name:
indonesiahebat.net
Administrator User name:
Administrator
Administrator password:
Jakarta2017
IP address:
10.99.122.2/28
Domain NetBIOS Name:
HEBAT
WINSRV2
Computer name:
WINSRV2
Operating System
MS Windows 2012 R2
Domain Name:
smkhebat.org
Administrator User name:
Administrator
Administrator password:
Jakarta2017
IP address:
10.99.122.3/28
Domain NetBIOS Name:
HEBAT
LNXSRV1
Computer name:
LNXSRV1
Operating System
Linux Debian 7.8
User name:
root
Password:
Jakarta2017
IP address:
10.99.110.1/26
LNXSRV2
Computer name:
LNXSRV2
Operating System
Linux Debian 7.8
User name:
root
Password:
Jakarta2017
IP address:
10.99.110.2/26
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
WINCLT1
Computer name:
WINCLT 1
Operating System
MS Windows 8.1
User name:
Administrator
Password:
Jakarta2017
Domain name:
Indonesiahebat.net
IP address:
DHCP
WINCLT2
Computer name:
WINCLT 2
Operating System
MS Windows 8.1
User name:
Administrator
Password:
Jakarta2017
Domain name:
indonesiahebat.net
IP address:
DHCP
NETWORK SPESIFICATION
VLAN DESC (ID: 30)
10.99.110.0/26
VLAN AOCC (ID: 31)
10.99.111.0/25
VLAN VOICE (ID: 32)
10.99.111.128/25
VLAN CDCC (ID: 33)
10.99.112.0/27
VLAN NATIVE (ID: 99)
OUTSIDE
10.0.0.0/28
220.17.8.0/28
DOMAIN USER LIST
Group
Members
IT
itXX (01 – 50)
Marketing
mktXX (01 – 50)
Visitors
vtrXX (01 - 30)
Employees
IT, Marketing
LKSN2017_ITNSA
Version: 1.0
Date: 29.11.2017
NETWORK SPESIFICATION
NETWORK DIAGRAM
MODUL B –SYSTEM INTEGRATION & CISCO ISLAND
Windows 8.1 Hostmachine (PC1)
Name : winsrv1
OS : Windows Server 2012 R2
User: Administrator
Password: Skills39
Domain: skillsbetter.com
IP-Address :
172.20.31.5/28
Service:
- AD
- DNS
- PKI (Public Key Infrastructure)
- GPO
- DFS
- SNMP
- VPN Server (RRAS)
VMnet1
Name : lnxsrv2
OS : Debian 7.8
User: root
Password: Skills39
Domain: skillsbetter.com
IP-Address :
172.20.30.4/29
Service:
- Web Server (nginx)
- Mail Server
- Web Mail
- Cacti
- SNMP
VMnet1
SW1
Name : SW1
Password:Skills39
VLAN:
VLAN 10: External :200.132.45.33/25
VLAN 20: Windows: 172.20.31.0/28
VLAN 30: Linux:172.20.30./29
VLAN 40: Branch: 172.29.1.0/28
Service:
- Port Security
- VLAN
- SSH
- SNMP
winsrv1
Name : lnxsrv1
OS : Debian 7.8
User: root
Password: Skills39
Domain: skillsbetter.com
IP-Address :
172.20.30.3/29
Service:
- FreeRadius
- NTP Server
- DHCP Server
- SNMP
Windows 8.1 Hostmachine (PC2)
winsrv2
RO1
Name : lnxsrv1
Password: Skills39
IP-Address :
External :200.132.45.33/25
Gi0/1.10: 172.20.31.1/28
Gi0/1.20::172.20.30.1/29
Gi0/1.30: 172.29.1.1/28
Gi0/1.40: 192.168.0.1/25:
Service
- Routing
- NAT
- ACL
- Telephony Service
- DHCP Relay
- SNMP
VMnet2
lnxsrv1
VMnet2
lnxclnt1
VMnet3
IP Phone
Ext 1002
lnxsrv2
lnxclnt2
Name : winsrv2
OS : Windows Server 2012 R2
User: Administrator
Password: Skills39
Domain: skillsbetter.com
IP-Address :
172.29.1.5/28
Service:
- AD
- DNS
- Web Server
- DFS
- SNMP
Name :winclnt1 (External)
OS : Windows 8.1
User: Administrator
Password: Skills39
Domain: skillsbetter.com
IP-Address :
DHCP from lnxsrv2
Service:
- VPN Client
- Softphone
Name : winclnt2 (Internal)
OS : Windows 8.1
User: Administrator
Password: Skills39
Domain: skillsbetter.com
IP-Address :
DHCP Client
Service:
- Join Domain
- Softphone