LAB II

MY LAB
click the image to enlarge

 Basic Config : 

  • set hostname appropriate with display
  • line console password : cisco
  • all device can be telnet with 'cisco' password
  • password to privilege : cisco
  • password encryption : cisco 7 algorithm
  • set login banner : "Admin ONLY!!"
Routing : 
  • set routing protocol appropriate with display
  • for network below the Gateway router, use 172.16.xx.0 /24 (xx = vlanID)
  • inter VLAN routing
  • summary Gateway router's Network and then advertise the summarization result to ASBR router
  • DHCP Setting :
    • first 20 IP not allowed to be given to clients
    • DNS 8.8.8.8
  • Access List Setting :
    • only network 192.168.1.0 /24 and 192.168.2.0 /24 can telnet all router
    • only LAN network on Gateway router that allowed to access the internet
    • OSPF LAN network not allowed to ping EIGRP LAN network
  • NAT Setting :
    • ip address that used on internet is 202.14.93.0 /28 between router are .1 and .2
    • pool IP public : 202.14.93.3 - 202.14.93.14
    • only EIGRP LAN network that allowed to be translated to IP pool Public simultaneously.
  • PPP Setting :
    • RTC <->  ASBR use PAP
    • create database on RTC (username : CSPA, password : cisco)
    • create database on ASBR (username : CNAP, password : cisco)
    • ASBR <-> Gateway use CHAP
  • Setting OSPF Authentification to ASBR <-> RTC encrypted with MD5 and keystring 'cisco'

DON'T : 
  • setting default route on Internet Router
  • 202.14.93.0 /30 not allowed to advertised
Switching :
  • VTP Setting :
    • SWA : mode server
    • SWB : mode transparent
    • SWC : mode client
    • domain name : CISCO
    • password : cisco
    • version : 2
  • VLAN Setting : 
    • VLAN 10 : Finance
    • VLAN 20 : Marketing
    • VLAN 30 : IT
    • VLAN 40 : Accounting
    • VLAN 99 : Management
    • Multi Access Switch not configured
  • Port Assignment : 
    • fa0/1-0/4: VLAN 10
    • fa0/5-0/8: VLAN 20
    • fa0/9-0/12: VLAN 30
    • fa0/17-0/20: VLAN 40
    • fa0/21-0/24: VLAN 99
    • for trunk mode, only allow the active VLAN
    • disable DTP on all interface
  • STP & Port security
    • SWA become Root Bridge for VLAN 99
    • for other VLAN, use load balance between SWB and SWC
    • setting port-fast and BPDU-guard for port that require
    • setting port-security for port that require (maximum : 3, violation : shutdown, mac-address : sticky)
  • Troubleshoot
    • verify on NAT and access-list, ensure only permitted network that only can access the internet
    • ensure routing table has been convergence on each router















Tidak ada komentar:

Posting Komentar

Langganan: Postingan (Atom)