So This is about me Yeah .
and this are The task that we're going to configure :
Asgardian Wisp Inc. just open new branch office in Jogjakarta. As an engineer you are asked to configure branch office network. Some of configuration are preconfigured, so you just need to complete configuration according the scheme.
1. There are 2 wireless access point which is used for GUEST network and HD & STAFF network. You need to configure wireless so client can connect to the network with following configuration:
SSID Security Pass
GUEST No Security -
STAFF WPA2-PSK Skills39
2. Configure router IP Addresses:
Interface Connect to IP Address
Serial0/1/0 Internet 123.231.225.82/30
FastEthernet0/0 Server 10.10.10.1/28
FastEthernet0/1.11 Internal 10.11.12.1/24
FastEthernet0/1.12 Staff 192.168.99.1/25
FastEthernet0/1.13 Guest 172.16.16.1/24
3. Configure VLAN according the scheme. Some of configurations are already configured.
VLAN ID VLAN Name
11 INTERNAL
12 STAFF
13 GUEST
4. Configure DHCP Server on BNRTR named STAFF for staff network and GUEST for guest network according the IP address. Set 8.8.8.8 for DNS Server on both dhcp pool. Make sure clients on GUEST and HD & STAFF network can get IP address from DHCP server.
5. Configure NAT on BNRTR. Create Standard Access List named INTERNET_ACCESS to allow only GUEST network and HD & STAFF network to connect internet. You can test simulated internet connection by accessing http://google.com from GUEST network or HD & STAFF network.
6. You also need to securing Server and Printer. You need to create an Extended Access List named INTERNAL_ACCESS with following description:
- Allow HD & STAFF network to accessing Internal Printer
- Allow Server network to accessing Internal Network
Attach this ACL to out traffic of internal subinterface.
You also need to attach preconfigured ACL named SERVER_ACCESS to out traffic of server interface
Now for the Switch configuration :
Current configuration : 1881 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname BNSW1
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 13
switchport mode access
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
switchport mode trunk
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
Access-point up & down :
up :
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname BNRTR
!
!
!
!
!
ip dhcp pool STAFF
network 192.168.99.0 255.255.255.128
default-router 192.168.99.1
dns-server 8.8.8.8
ip dhcp pool GUEST
network 172.16.16.0 255.255.255.0
default-router 172.16.16.1
dns-server 8.8.8.8
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.240
ip access-group SERVER_ACCESS out
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.11
description INTERNAL
encapsulation dot1Q 11
ip address 10.11.12.1 255.255.255.0
ip access-group INTERNAL_ACCESS out
!
interface FastEthernet0/1.12
description STAFF
encapsulation dot1Q 12
ip address 192.168.99.1 255.255.255.128
ip access-group STAFFPE in
ip nat inside
!
interface FastEthernet0/1.13
encapsulation dot1Q 13
ip address 172.16.16.1 255.255.255.0
!
interface Serial0/1/0
ip address 123.231.225.82 255.255.255.252
ip access-group INTERNET_ACCESS out
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list INTERNET_ACCESS interface Serial0/1/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 123.231.225.81
!
ip flow-export version 9
!
!
ip access-list extended SERVER_ACCESS
permit ip 10.11.12.0 0.0.0.255 host 10.10.10.10
ip access-list standard INTERNET_ACCESS
permit 172.16.16.0 0.0.0.255
permit 192.168.99.0 0.0.0.127
ip access-list extended INTERNAL_ACCESS
permit tcp 192.168.99.0 0.0.0.127 host 10.11.12.13
permit tcp 10.10.10.0 0.0.0.127 10.11.12.0 0.0.0.255
ip access-list extended INTERNET_ACCESSt
ip access-list extended STAFFPE
deny tcp 172.16.16.0 0.0.0.255 192.168.99.0 0.0.0.255
deny tcp 172.16.16.0 0.0.0.255 10.11.12.0 0.0.0.255
deny tcp 172.16.16.0 0.0.0.255 host 10.10.10.10
permit ip any any
!
no cdp run
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Down :
Don't forget to onfigure the wireless laptop,tablet,and smartphone at the GUEST & STAFF Vlan
and the Last is the router :
Current configuration : 2085 bytes!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname BNRTR
!
!
!
!
!
ip dhcp pool STAFF
network 192.168.99.0 255.255.255.128
default-router 192.168.99.1
dns-server 8.8.8.8
ip dhcp pool GUEST
network 172.16.16.0 255.255.255.0
default-router 172.16.16.1
dns-server 8.8.8.8
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.240
ip access-group SERVER_ACCESS out
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.11
description INTERNAL
encapsulation dot1Q 11
ip address 10.11.12.1 255.255.255.0
ip access-group INTERNAL_ACCESS out
!
interface FastEthernet0/1.12
description STAFF
encapsulation dot1Q 12
ip address 192.168.99.1 255.255.255.128
ip access-group STAFFPE in
ip nat inside
!
interface FastEthernet0/1.13
encapsulation dot1Q 13
ip address 172.16.16.1 255.255.255.0
!
interface Serial0/1/0
ip address 123.231.225.82 255.255.255.252
ip access-group INTERNET_ACCESS out
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list INTERNET_ACCESS interface Serial0/1/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 123.231.225.81
!
ip flow-export version 9
!
!
ip access-list extended SERVER_ACCESS
permit ip 10.11.12.0 0.0.0.255 host 10.10.10.10
ip access-list standard INTERNET_ACCESS
permit 172.16.16.0 0.0.0.255
permit 192.168.99.0 0.0.0.127
ip access-list extended INTERNAL_ACCESS
permit tcp 192.168.99.0 0.0.0.127 host 10.11.12.13
permit tcp 10.10.10.0 0.0.0.127 10.11.12.0 0.0.0.255
ip access-list extended INTERNET_ACCESSt
ip access-list extended STAFFPE
deny tcp 172.16.16.0 0.0.0.255 192.168.99.0 0.0.0.255
deny tcp 172.16.16.0 0.0.0.255 10.11.12.0 0.0.0.255
deny tcp 172.16.16.0 0.0.0.255 host 10.10.10.10
permit ip any any
!
no cdp run
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
EmoticonEmoticon