# Informatie Packet Tracer Toets Online versie: https://hackmd.io/DPuZKntnSgKkjlegcYGwzg?both  | Door | Studentnummer | Klas | Datum | | -------- | -------- | -------- |-------- | | Natan van der Meulen | S1176219 | ICT1D | 16-01-2022 --- ### Informatie & Verslag ### Drie locaties 1. Amsterdam 1. Zwolle 1. Los Angeles ### Zwolle Router * R1_ZW_CORE * (R1) Op Router `R1` zijn een aantal beveiligingen toegevoegd. Om de router in te komen moet worden ingelogd met de volgende gegevens: Username: **pt** Password: **secret** Dit geeft privilege level 15 waardoor je volledige toegang hebt. Je hoeft dus ook niet meer het wachtwoord voor de privileged exec mode in te vullen. Het wachtwoord voor deze mode is overigens wel aangemaakt voor als er andere usernames worden aangemaakt met een lagere privilege level. Het wachtwoord voor deze mode is ook **secret**. Alle wachtwoorden op deze router zijn ook voorzien van encryptie. Wanneer iemand probeert in te loggen door middel van SSH heeft diegene 3 mogelijkheden en krijgt daarna een timeout van 2 minuten. Er is ook een message of the day ingesteld zodat er een bericht verschijnt wanneer je in de CLI van de router komt. Op deze router is ook NAT ingesteld. NAT zorgt ervoor dat private adressen worden vertaald naar een publiek IP adres. Poort 0/0 is voor communicatie buiten het interne netwerk en poort g0/1, s0/0/0 en s0/0/1 zijn voor communicatie binnen het interne netwerk. Er is op `R1` ook gebruik gemaakt van dynamic routing. In Zwolle is ook een extra Router toegevoegd; `R1_ZW_CORE`. Deze router is toegevoegd om inter-VLAN routing toe te passen. Op deze router zijn drie subinterfaces aangemaakt op de poort g0/0/0: - g0/0/0.10 - g0/0/0.20 - g0/0/0.30 Deze subinterfaces accepteren ook VLANs d.m.v. de encapsulation dot1Q commands. Ook op deze router is dynamic routing toegepast. DHCP is ingesteld op de router met uitzondering van de eerste 10 adressen van elk netwerk. Deze adressen kunnen namelijk nog gebruikt worden als statische adressen voor bijvoorbeeld switches of printers. Switches: * SW1_ZW_MANAGEMENT * SW1_ZW_ADMINISTRATIE * SW1_ZW_DEVELOPMENT * SW1_ZW_CORE `SW1_ZW_CORE` is de core switch in Zwolle. Op deze switch zijn de VLANs Management, Administratie en Development toegevoegd. Door middel van VTP (VLAN Trunk Protocol) nemen alle onderliggende switches automatisch de VLANs van de `SW1_ZW_CORE` over. De ongebruikte poorten zijn allemaal gesloten en trunking is toegepast tussen de core switch en de onderliggende switches zodat er eventueel meerdere VLANs over dezelfde poort kunnen. Op `SW1_ZW_CORE` is geen port-security toegepast omdat de core switch fysiek achter slot en grendel zit. Op `SW1_ZW_MANAGEMENT`, `SW1_ZW_ADMINISTRATIE` en `SW1_ZW_DEVELOPMENT` worden d.m.v. VTP de VLANs opgehaald vanaf de `SW1_ZW_CORE`. Ook hier zijn alle ongebruikte poorten gesloten en is port-security toegepast. VLANs * Management: 10.1.10.0/24 * Administratie: 10.1.20.0/24 * Development: 10.1.30.0/24 ### Amsterdam Router * R2 Op router `R1` is een ACL gemaakt om ervoor te zorgen dat ping packets richting Zwolle geblokkeerd worden. Verder zijn de instellingen gelijk aan `R1` met uitzondering van beveiliging en NAT. Switches: * SW1_AMS_MANAGEMENT * SW1_AMS_ADMINISTRATIE * SW1_AMS_DEVELOPMENT De instellingen van de switches in Amsterdam zijn identiek aan de instellingen die beschreven staan bij de switches in Zwolle. VLANs * Management: 10.2.10.0/24 * Administratie: 10.2.20.0/24 * Development: 10.2.30.0/24 ### Los Angeles Router * R3 De instellingen van `R3` zijn identiek aan `R1` met uitzondering van beveiliging en NAT. Switches: * SW1_LA_MANAGEMENT * SW1_LA_ADMINISTRATIE * SW1_LA_DEVELOPMENT De instellingen van de switches in Los Angeles zijn identiek aan de instellingen die beschreven staan bij de switches in Zwolle. VLANs: * Management: 10.3.10.0/24 * Administratie: 10.3.20.0/24 * Development: 10.3.30.0/24 ## IP Info ### R1 <> R2 * 172.16.10.0/30 * First IP: 172.16.10.1 * Last IP: 172.16.10.2 * Broadcast: 172.16.10.3 ### R2 <> R3 * 172.16.10.4/30 * First IP: 172.16.10.5 * Last IP: 172.16.10.6 * Broadcast: 172.16.10.7 ### R3 <> R1 * 172.16.10.8/30 * First IP: 172.16.10.9 * Last IP: 172.16.10.10 * Broadcast: 172.16.10.11 ### R1_ZW_CORE <> R1 * 172.16.10.12/30 * First IP: 172.16.10.13 * Last IP: 172.16.10.14 * Broadcast: 172.16.10.15 # Configuratie # ZWOLLE ### R1 enable config terminal service password-encryption enable secret secret username pt privilege 15 secret secret ip domain-name "bitsunited.local" crypto key generate rsa ip ssh version 2 ip ssh authentication-retries 3 ip ssh time-out 120 line vty 0 4 login local transport input ssh exec-timeout 3 exit line console 0 login local exec-timeout 3 exit banner motd "Don't access this router without authorization of bitsunited.local" int g0/0 ip nat outside int g0/1 ip address 172.16.10.13 255.255.255.252 ip nat inside no shutdown int s0/0/0 ip nat inside exit int s0/0/1 ip nat inside exit access-list 101 permit ip any any ip nat inside source list 101 int g0/0 overload router rip version 2 no auto-summary network 172.16.10.12 network 172.16.10.0 network 172.16.10.8 network 209.165.201.0 exit ip route 0.0.0.0 0.0.0.0 209.165.201.2 exit copy run start ## R1_ZW_CORE enable config terminal int g0/0/1 no shutdown ip address 172.16.10.14 255.255.255.252 exit !G0/0/0: int g0/0/0 no ip address no shutdown !G0/0/0.10: int g0/0/0.10 encapsulation dot1Q 10 ip address 10.1.10.1 255.255.255.0 no shutdown !G0/0/0.20: int g0/0/0.20 encapsulation dot1Q 20 ip address 10.1.20.1 255.255.255.0 no shutdown !G0/0/0.30: int g0/0/0.30 encapsulation dot1Q 30 ip address 10.1.30.1 255.255.255.0 no shutdown exit router rip version 2 no auto-summary network 172.16.10.12 network 10.1.10.0 network 10.1.20.0 network 10.1.30.0 exit ip dhcp excluded-address 10.1.10.1 10.1.10.10 ip dhcp excluded-address 10.1.20.1 10.1.20.10 ip dhcp excluded-address 10.1.30.1 10.1.30.10 ip dhcp pool Management network 10.1.10.0 255.255.255.0 default-router 10.1.10.1 dns-server 10.1.10.1 ip dhcp pool Administratie network 10.1.20.0 255.255.255.0 default-router 10.1.20.1 dns-server 10.1.20.1 ip dhcp pool Development network 10.1.30.0 255.255.255.0 default-router 10.1.30.1 dns-server 10.1.30.1 exit copy run start ## SW1_ZW_CORE enable config terminal service password-encryption vtp domain bitsunited.local vtp mode server vtp password password vlan 10 name Management vlan 20 name Administratie vlan 30 name Development exit int range f0/1-24,g0/2 shut int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 10,20,30 int range f0/1-24 switchport mode trunk switchport trunk native vlan 1 int range f0/1-8 switchport trunk allowed vlan 10 int range f0/9-16 switchport trunk allowed vlan 20 int range f0/17-24 switchport trunk allowed vlan 30 int range f0/1,f0/9,f0/17 no shut copy run start ## SW1_ZW_MANAGEMENT; enable conf term service password-encryption vtp domain bitsunited.local vtp mode client vtp password password int range f0/1-24,g0/1-2 shut switchport port-security switchport port-security maximum 1 switchport port-security mac-address sticky switchport port-security violation shutdown int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 10 int range f0/1-24 switchport mode access switchport access vlan 10 int f0/1 no shut exit exit copy run start ## SW1_ZW_DEVELOPMENT; enable conf term service password-encryption vtp domain bitsunited.local vtp mode client vtp password password int range f0/1-24,g0/2 shut switchport port-security switchport port-security maximum 1 switchport port-security mac-address sticky switchport port-security violation shutdown int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 30 int range f0/1-24 switchport mode access switchport access vlan 30 int f0/1 no shut exit exit copy run start ## SW1_ZW_ADMINISTRATIE enable conf term service password-encryption vtp domain bitsunited.local vtp mode client vtp password password int range f0/1-24,g0/2 shut switchport port-security switchport port-security maximum 1 switchport port-security mac-address sticky switchport port-security violation shutdown int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 20 int range f0/1-24 switchport mode access switchport access vlan 20 int f0/1 no shut exit exit copy run start # AMSTERDAM ## R2 enable config terminal ip access-list extended BLOCK_ZWOLLE_PING deny icmp any 10.1.10.0 0.0.0.255 echo deny icmp any 10.1.20.0 0.0.0.255 echo deny icmp any 10.1.30.0 0.0.0.255 echo permit ip any any exit !G0/0/0: int g0/0 no ip address no shutdown int range g0/0.10,g0/0.20,g0/0.30 ip access-group BLOCK_ZWOLLE_PING in !G0/0/0.10: int g0/0.10 encapsulation dot1Q 10 ip address 10.2.10.1 255.255.255.0 no shutdown !G0/0/0.20: int g0/0.20 encapsulation dot1Q 20 ip address 10.2.20.1 255.255.255.0 no shutdown !G0/0/0.30: int g0/0.30 encapsulation dot1Q 30 ip address 10.2.30.1 255.255.255.0 no shutdown exit router rip version 2 no auto-summary network 10.2.10.0 network 10.2.20.0 network 10.2.30.0 network 172.16.10.0 network 172.16.10.4 exit ip dhcp excluded-address 10.2.10.1 10.2.10.10 ip dhcp excluded-address 10.2.20.1 10.2.20.10 ip dhcp excluded-address 10.2.30.1 10.2.30.10 ip dhcp pool Management network 10.2.10.0 255.255.255.0 default-router 10.2.10.1 dns-server 10.2.10.1 ip dhcp pool Administratie network 10.2.20.0 255.255.255.0 default-router 10.2.20.1 dns-server 10.2.20.1 ip dhcp pool Development network 10.2.30.0 255.255.255.0 default-router 10.2.30.1 dns-server 10.2.30.1 exit exit copy run start ## SW1_AMS_CORE enable config terminal service password-encryption vtp domain bitsunited.local vtp mode server vtp password password vlan 10 name Management vlan 20 name Administratie vlan 30 name Development exit int range f0/1-24,g0/2 shut int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 10,20,30 int range f0/1-24 switchport mode trunk switchport trunk native vlan 1 int range f0/1-8 switchport trunk allowed vlan 10 int range f0/9-16 switchport trunk allowed vlan 20 int range f0/17-24 switchport trunk allowed vlan 30 int range f0/1,f0/9,f0/17 no shut exit exit copy run start ## SW1_AMS_MANAGEMENT enable conf term service password-encryption vtp domain bitsunited.local vtp mode client vtp password password int range f0/1-24,g0/1-2 shut switchport port-security switchport port-security maximum 1 switchport port-security mac-address sticky switchport port-security violation shutdown int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 10 int range f0/1-24 switchport mode access switchport access vlan 10 int f0/1 no shut exit exit copy run start ## SW1_AMS_DEVELOPMENT enable conf term service password-encryption vtp domain bitsunited.local vtp mode client vtp password password int range f0/1-24,g0/2 shut switchport port-security switchport port-security maximum 1 switchport port-security mac-address sticky switchport port-security violation shutdown int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 30 int range f0/1-24 switchport mode access switchport access vlan 30 int f0/1 no shut exit exit copy run start ## SW1_AMS_ADMINISTRATIE enable conf term service password-encryption vtp domain bitsunited.local vtp mode client vtp password password int range f0/1-24,g0/2 shut switchport port-security switchport port-security maximum 1 switchport port-security mac-address sticky switchport port-security violation shutdown int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 20 int range f0/1-24 switchport mode access switchport access vlan 20 int f0/1 no shut exit exit copy run start # LOS ANGELES ## R3 enable config terminal !G0/0/0: int g0/0 no ip address no shutdown !G0/0/0.10: int g0/0.10 encapsulation dot1Q 10 ip address 10.3.10.1 255.255.255.0 no shutdown !G0/0/0.20: int g0/0.20 encapsulation dot1Q 20 ip address 10.3.20.1 255.255.255.0 no shutdown !G0/0/0.30: int g0/0.30 encapsulation dot1Q 30 ip address 10.3.30.1 255.255.255.0 no shutdown exit router rip version 2 no auto-summary network 10.3.10.0 network 10.3.20.0 network 10.3.30.0 network 172.16.10.4 network 172.16.10.8 exit ip dhcp excluded-address 10.3.10.1 10.3.10.10 ip dhcp excluded-address 10.3.20.1 10.3.20.10 ip dhcp excluded-address 10.3.30.1 10.3.30.10 ip dhcp pool Management network 10.3.10.0 255.255.255.0 default-router 10.3.10.1 dns-server 10.3.10.1 ip dhcp pool Administratie network 10.3.20.0 255.255.255.0 default-router 10.3.20.1 dns-server 10.3.20.1 ip dhcp pool Development network 10.3.30.0 255.255.255.0 default-router 10.3.30.1 dns-server 10.3.30.1 exit exit copy run start ## SW1_LA_CORE enable config terminal service password-encryption vtp domain bitsunited.local vtp mode server vtp password password vlan 10 name Management vlan 20 name Administratie vlan 30 name Development exit int range f0/1-24,g0/2 shut int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 10,20,30 int range f0/1-24 switchport mode trunk switchport trunk native vlan 1 int range f0/1-8 switchport trunk allowed vlan 10 int range f0/9-16 switchport trunk allowed vlan 20 int range f0/17-24 switchport trunk allowed vlan 30 int range f0/1,f0/9,f0/17 no shut exit exit copy run start ## SW1_LA_MANAGEMENT enable conf term service password-encryption vtp domain bitsunited.local vtp mode client vtp password password int range f0/1-24,g0/1-2 shut switchport port-security switchport port-security maximum 1 switchport port-security mac-address sticky switchport port-security violation shutdown int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 10 int range f0/1-24 switchport mode access switchport access vlan 10 int f0/1 no shut exit exit copy run start ## SW1_LA_DEVELOPMENT enable conf term service password-encryption vtp domain bitsunited.local vtp mode client vtp password password int range f0/1-24,g0/2 shut switchport port-security switchport port-security maximum 1 switchport port-security mac-address sticky switchport port-security violation shutdown int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 30 int range f0/1-24 switchport mode access switchport access vlan 30 int f0/1 no shut exit exit copy run start ## SW1_LA_ADMINISTRATIE enable conf term service password-encryption vtp domain bitsunited.local vtp mode client vtp password password int range f0/1-24,g0/2 shut switchport port-security switchport port-security maximum 1 switchport port-security mac-address sticky switchport port-security violation shutdown int g0/1 no shutdown switchport mode trunk switchport trunk allowed vlan 20 int range f0/1-24 switchport mode access switchport access vlan 20 int f0/1 no shut exit exit copy run start