Solved: Re: Cisco Packet Tracer - configuration check, I gave SS configuration

kapustamarianna · ‎05-18-2023

   Here Router - Each house has such a router, the IP differs

LAN HOUSE 1 - 192.168.3.1 HOUSE 2 - 192.168.4.1
 Internet DOM 1 - 192.168.10.10 192.168.10.11 DNS like Server, DOM 2 - 192.168.11.10 192.168.11.11 DNS like Server.

Konfiguracja routera - Internet.png Konfiguracja routera - WireLess .png Konfiguracja routera - LAN.png

The first are photos of the server configuration:

Konfiguracja Servera - DHCP.png

Konfiguracja Servera - Settings.png

FireWall - 1/3 is the connection to the DOM router 1, 1/2 is the connection to the Server Room Switch, 1/1 is the connection to the Modem

FireWall konfiguracja - polaczenie z routerem, podobnie wyglada z innymi routerami, roznica to inny zakres.png

FireWall konfiguracja z switchem ktory jest polaczony z serverem.png

FireWall konfiguracja z modemem.png

Door and reader - IP is in the same range

Konfiguracja drzwi polaczonych z czytnikiem, podobnie wyglada czytnik, ale IP z koncowka 51.png

IoT devices connected directly to the switch, this is how each configuration looks like

Urządzenia IoT podlaczone bezposrednio z switchem.png

IoT devices connected via Wifi - this is how everyone's configuration looks like

Urządzenia IoT podłączone Wifi.png

I would like to know if I am doing this correctly, or I would like to ask for advice if I am doing something wrong.

Flavio Miranda · ‎05-19-2023

evices such as detectors, alarms, etc. is better to connect via cable because it's safer than via wifi because someone can break in easier, right?

Not necessarily. Wireless can be as secure as cabling, it depends on how to implement. For small device like IoT, most of time wireless is the only option to connect.

Is LoT better to assign the IP yourself or maybe leave it to DHCP?

It depends also. You better have IP assigned if you need to access the device. You need to know the IP to access, right? So, it is easier to keep an static IP address and document it somewhere. If you dont need to access the device, DHCP is better because you dont need to setup device by device.

Question about the router from the library, where is the best place to put it, In the room with computers, the librarian's room?

As this is a wireless router the place to be installed needs to consider the devices who will used it. The closer to the devices better.

View solution in original post

Flavio Miranda · ‎05-18-2023

Hi

The answer for your question is another question. Does you network works? If works, then you are doing right, if not, you are doing wrong. Is very difficult to say anything looking piece by piece

You can also share the project here by saving the file, zipping it and attaching down below.

kapustamarianna · ‎05-18-2023

I am attaching the project file

Flavio Miranda · ‎05-18-2023

Any thing not working particularly or you want an opinion about the overall topology?

kapustamarianna · ‎05-18-2023

First of all, look at the configurations of the server, firewall, router, one IOT equipment connected via Wi-Fi and cable,
I would like to know if I have it configured correctly and if the project itself looks neat at first glance.
 The teacher said that my Firewall router is not connected properly.

Flavio Miranda · ‎05-18-2023

They are connected properly but they will not communicate. On the firewall, you need to configure every interface like this:

!

interface GigabitEthernet1/x

nameif <put a name here>

security-level 0

ip address 192.168.x.x 255.255.255.0

!

You need to put a nameif and a security level. Actually, when you put a name the firewall will assign Security level 0 for you. You can keep this value. Basically you are turning the firewall in a Router. If you want to block traffic, you can change the Security level to some value above zero ( 50 and 100 are common value) But after change de security level you need to access Access List to permit the traffic you want.

kapustamarianna · ‎05-18-2023

So, as I understand it, IoT is well configured, for security Ipv6 should be set to static and Ipv4 should download from DHCP and not set by yourself? Which option is safer? Regarding the router, is the Internet configuration well configured?

The IP on GigabitEtherenet that is connected to the router should be on the same subnet as I understand so they can communicate? why don't they communicate with each other?

What is the cause of this problem?What IP should be given for them to communicate with each other?

I was taught mostly by hand typing/selecting rather than typing commands

I'm new to this and it's not a career path I'm going to follow. I would like to learn the basics well in my free time, but for now I want to do this task and have peace of mind to be able to rely on it later.

Flavio Miranda · ‎05-18-2023

Let me share a version with you where the PC in the Orange rectangle can ping the Server in the blue rectangle. Test and see the configuration I made on Firewall and router

I will answer your questions later.

kapustamarianna · ‎05-18-2023

I understood your advice, the router IP gateway and FireWall Gigabit must have the same so that they can communicate/ping with each other. How a key and a door must fit together, if I'm interpreting this correctly. Devices can only ping in their subnet range, I understand this issue to not make a mess of the second home. I tried to turn on the simulation to see if it works and I get an error in the form of a red cross on an envelope. He interprets this as the router failed to establish a connection with the devices, but I can now ping from the computer to the router and it comes.

Flavio Miranda · ‎05-18-2023

Thats correct. The Firewall interface facing the router interface must be on the same network range.

And the firewall must have route to the host behind the router. For example. I add the following router on the firewall

route INSIDE5 192.168.5.0 255.255.255.0 192.168.12.10

Which means, to reply to the PC 192.168.5.58 (behind the router), send the pacekt to 192.168.12.10, which is the router´s interface.

The same thing you need to do to all network that is behind the routers. Just use the interface accordingly, for example

For Green rectangle, connected to the interface GigabitEthernet1/6 use the following

route INSIDE6 192.168.6.0 255.255.255.0 192.168.13.10

kapustamarianna · ‎05-18-2023

If I understand correctly, enter FireWall, select the interface to which you want to refer, e.g. 1/6, enter the command route INSIDE6 192.168.6.0 255.255.255.0 192.168.13.10 and do it for each router.

Zrzut ekranu 2023-05-19 003045.png

What should the console look like? I did it 1/5 first and still the envelopes have a red cross.

Next question, Shouldn't the IP address of interface 1/3 be in the range of the LAN subnet, i.e. 192.168.3.X, where "X" is any number from 1-254? ?

Flavio Miranda · ‎05-18-2023

Sorry I was not clear on this. You dont do it on the interface. Do it on the global configuration

Just enter " conf t" and the route

Tô delete from interface Just use " no" + the config you entered

kapustamarianna · ‎05-18-2023

One is sent from the switch in the server room to one of the surrounding devices and the other is sent from the to Motion Detector router. Could you tell why this is happening?

2023-05-19 020130.png

2023-05-19 020035.png

Flavio Miranda · ‎05-18-2023

This is a protocol called STP (spanning tree protocol) The switxh send BPDU in order to map the topology

kapustamarianna · ‎05-18-2023

I have one question why is talking about analogous error regarding these photos