Vtp mode client

vtp domain

switchport mode trunk

switchport trunk allowed vlan

ip dhcp excluded adress (gateway)

ip dhcp pool vlan 31

default-router 192.168.31.1

network 192.168.31.0 255.255.255.0

interface
no shut
int fa0/0.31
encapsulation dot1q 31
ip add 192.168.31.1 255.255.255.0
no shut

========================================================================
hostname CR01
!
!
!
enable secret 5 $1$mERr$qks.ziZQfY6v/mIalE3YO0
!
!
ip dhcp excluded-address 172.17.0.1 172.17.100.0
ip dhcp excluded-address 172.18.0.1 172.18.100.0
ip dhcp excluded-address 172.19.0.1 172.19.100.0
ip dhcp excluded-address 172.31.0.1 172.31.100.0
!
ip dhcp pool STUDENTEN
network 172.17.0.0 255.255.0.0
default-router 172.17.0.1
ip dhcp pool DOCENTEN
network 172.18.0.0 255.255.0.0
default-router 172.18.0.1
ip dhcp pool TOETSING
network 172.20.0.0 255.255.0.0
default-router 172.20.0.1
ip dhcp pool MANAGEMENT
network 172.31.0.0 255.255.0.0
default-router 172.31.0.1
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp key PRESTINA address 120.0.0.10
!
!
!
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
!
crypto map VPN-MAP 10 ipsec-isakmp
set peer 120.0.0.10
set transform-set VPN-SET
match address 110
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0.16
encapsulation dot1Q 16
ip address 172.16.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.17
encapsulation dot1Q 17
ip address 172.17.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.18
encapsulation dot1Q 18
ip address 172.18.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.19
encapsulation dot1Q 19
ip address 172.19.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 172.20.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/0.31
encapsulation dot1Q 31
ip address 172.31.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/1
ip address 100.0.0.10 255.0.0.0
ip nat outside
duplex auto
speed auto
crypto map VPN-MAP
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 101 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 100.0.0.1
!
ip flow-export version 9
!
!
access-list 101 permit ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 255.0.0.0 0.255.255.255
access-list 110 permit ip 172.16.0.0 0.15.255.255 10.0.0.0 0.255.255.255
!
!
!
!
!
!
line con 0
password console
login
!
line aux 0
!
line vty 0 4
password telnet
login
!
!
!
end

===============================================================================================================================================================================================================================================================================================================================================================================================

hostname CR02
!
!
!
enable secret 5 $1$mERr$qks.ziZQfY6v/mIalE3YO0
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp key PRESTINA address 100.0.0.10
!
!
!
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
!
crypto map VPN-MAP 10 ipsec-isakmp
set peer 100.0.0.10
set transform-set VPN-SET
match address 110
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.0.1 255.255.0.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0.16
encapsulation dot1Q 16
ip address 10.16.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.17
encapsulation dot1Q 17
ip address 10.17.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.18
encapsulation dot1Q 18
ip address 10.18.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.19
encapsulation dot1Q 19
ip address 10.19.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/0.31
encapsulation dot1Q 31
ip address 10.31.0.1 255.255.0.0
ip helper-address 10.16.50.1
!
interface FastEthernet0/1
ip address 120.0.0.10 255.0.0.0
ip nat outside
duplex auto
speed auto
crypto map VPN-MAP
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 101 interface FastEthernet0/1 overload
ip classless
ip route 10.16.0.0 255.240.0.0 10.10.0.2
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
ip flow-export version 9
!
!
access-list 110 permit ip 10.10.0.0 0.0.255.255 172.13.0.0 0.0.255.255
access-list 110 permit ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255
access-list 110 permit ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 110 permit ip host 10.16.50.1 host 172.16.50.1
access-list 110 permit ip host 10.19.50.1 host 172.19.50.1
access-list 101 deny ip 10.10.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.16.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 101 deny ip host 10.16.50.1 host 172.16.50.1
access-list 101 deny ip 10.19.0.0 0.0.255.255 any
access-list 101 deny ip 10.10.0.0 0.0.255.255 any
access-list 101 deny ip 10.16.0.0 0.15.255.255 any
!
!
!
!
!
!
line con 0
password console
login
!
line aux 0
!
line vty 0 4
password telnet
login
!
!
!
end

================================================================================================================================================================================================================================================================================================

================================================================================================

=="..." betekent verzin zelf iets==
==*...* morgen==

//////////////////////
Belangrijke commandos
show vlan brief
traceroute
ping
ip helper-adress
\\\\\\\\\\\\\\\\\\\\\\\
=============================
==CR01==
--Access-lists--
access-list 110 permit ip 172.16.0.0 0.15.255.255 10.0.0.0 0.255.255.255
---------------------
--NAT Access-list--
access-list 101 deny ip 172.16.0.0 0.15.255.255 255.10.0.0 0.255.255.255
access-list 101 permit ip 172.16.0.0 0.15.255.255 any

ip nat inside source list 101 interface fastethernet0/1 overload
----------------------
--VPN--
crypto isakmp policy 10
encr aes
authentication pre-share
group 2

crypto isakmp key PRESTINA address 120.0.0.10

crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac

crypto map VPN-MAP 10 ipsec-isakmp
set peer 120.0.0.10
set transform-set VPN-SET
match address 110

interface FastEthernet0/1
crypto map VPN-MAP
---------------------------
=============================
==CR02==
--Access lists--

access-list 110 permit ip 10.10.0.0 0.0.255.255 172.13.0.0 0.0.255.255
access-list 110 permit ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255
access-list 110 permit ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 110 permit ip host 10.16.50.1 host 172.16.50.1
access-list 110 permit ip host 10.19.50.1 host 172.19.50.1
--------------------------------------
-NAT accesslist-
access-list 101 deny ip 10.10.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.16.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 101 deny ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 101 deny ip host 10.16.50.1 host 172.16.50.1
access-list 101 deny ip 10.19.0.0 0.0.255.255 any
access-list 101 deny ip 10.10.0.0 0.0.255.255 any
access-list 101 deny ip 10.16.0.0 0.15.255.255 any

ip nat inside source list 101 interface fastethernet0/1 overload
--------------------------------------
--Interfaces--

interface FastEthernet0/0
ip address 10.10.0.1 255.255.0.0
ip nat inside

interface FastEthernet0/1
ip address 120.0.0.10 255.0.0.0
ip nat inside

interface fa0/0.16
encapsulation dot1q 16
ip address 10.16.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface fa0/0.17
encapsulation dot1q 17
ip address 10.17.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface fa0/0.18
encapsulation dot1q 18
ip address 10.18.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface fa0/0.19
encapsulation dot1q 19
ip address 10.19.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface fa0/0.31
encapsulation dot1q 31
ip address 10.31.0.1 255.255.0.0
ip helper-address 10.16.50.1
--------------------------------------
-VPN-
crypto isakmp policy 10
encr aes
authentication pre-share
group 2

crypto isakmp key PRESTINA address 100.0.0.10

crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac

crypto map VPN-MAP 10 ipsec-isakmp
set peer 100.0.0.10
set transform-set VPN-SET
match address 110

interface FastEthernet0/1
crypto map VPN-MAP
--------------------------------------
--Routing--
ip route 10.16.0.0 255.240.0.0 10.10.0.2
ip route 0.0.0.0 0.0.0.0 Fastethernet0/1
--------------------------------------
=======================================
==DS02==
--VTP--
vtp domain PRESTINA-2
vtp mode Server
--------------------------------------
--VLAN--
vlan 16
name Algemeen

vlan 17
name Studenten

vlan 18
name Docenten

vlan 19
name Toetsing

vlan 20
name Printers

vlan 31
name Beheer

vlan 88
name Black_Hole

vlan 99
name Native
---------------------------------
--Interfaces--
interface range fa0/1-6
switchport mode access
switchport access vlan 16

interface range fa0/7-8
switchport mode access
switchport access vlan 17

interface range fa0/9-10
switchport mode access
switchport access vlan 18

interface range fa0/11-12
switchport mode access
switchport access vlan 19

interface range fa0/13-14
switchport mode access
switchport access vlan 20

interface range fa0/15-16
switchport mode access
switchport access vlan 31

interface range fa0/17-23
switchport mode access
switchport access vlan 88
shutdown

interface fa0/24
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 17-18,20,31

interface g0/1
no switchport
ip address 10.10.0.2 255.255.0.0

interface g0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 19,31

interface vlan16
ip address 10.16.0.1 255.255.0.0

interface vlan17
ip address 10.17.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface vlan18
ip address 10.18.0.1 255.255.0.0
ip helper-address 10.16.50.1

interface vlan19
ip address 10.19.0.1 255.255.0.0

interface vlan20
ip address 10.20.0.1 255.255.0.0

interface vlan31
ip address 10.31.0.1 255.255.0.0
ip helper-address 10.16.50.1
---------------------------------
--Routing--
ip route 0.0.0.0 0.0.0.0 10.10.0.1
----------------------------------
--Access-lists--
"access-list 117 remark 1: Permit dhcp request deny access to vlan 18 & 19 permit further traffic from vlan 17"
access-list 117 permit udp any any eq bootps
access-list 117 deny ip 10.17.0.0 0.0.255.255 10.18.0.0 0.0.255.255
"access-list 117 remark 2: Deny Student verkeer naar Docenten verkeer"
access-list 117 deny ip 10.17.0.0 0.0.255.255 10.1.0.0 0.0.255.255
"access-list 117 remark 3: Permit overig verkeer vanag vlan 17"
access-list 117 permit ip 10.17.0.0 0.0.255.255 any

interface vlan 17
ip access-group 117 in

* access-list 119 *

------------------------------------
====================================
==AS01==
--VTP--
vtp mode Client
------------------------------------
--Default gateway--
ip default-gateway 10.31.0.1
------------------------------------
--Interfaces--
int range fa0/1-16
switchport mode access
switchport access vlan 17

int range fa0/17-18
switchport mode access
switchport access vlan 18

int range fa0/19-20
switchport mode access
switchport access vlan 20

interface g0/1
switchport mode trunk
switchport trunk allowed vlan 16-18

int vlan31
ip address 10.31.10.1 255.255.0.0
-----------------------------------------
=========================================
==AS-T==
--Default-gateway--
ip default-gateway 10.31.0.1
-----------------------------------------
--Interfaces--
int range fa0/1-24
switchport mode access
switchport access vlan 19

interface g0/2
switchport mode trunk
switchport trunk allowed vlan 19,31

interface vlan 31
ip address 10.31.10.11 255.255.0.0
no sh

==========================================================================================================================================================================================

=======================================================================================================================================================================================================================================================================================

TO TO TO TO

VPN-conf

encr = [aes]

crypto isakmp key [prestina] address [120.0.0 .10]

crypto ipsec transform-set [VPN-set] esp-3des esp-sha-hmac

crypto map [VPN-MAP] 10 ipsec-isakmp

set peer [120.0.0.10]

set transform-set [VPN-SET]

match address [110]

Interface [fast ethernet]

Crypto map [VPN MAP]

=====================

access-list 110 [permit ip 172.16.0.0 0.15.255.255 10.0.0.0.0.255.255.255]

access-list 101 [deny ip 172.16.0.0 0.15.255.255 10.0.0.0.255.255.255]

[access-list 101 permit ip 172.16.0.0.0 0.15.255.255 any]

ip nat inside source list 101 interface fastethernet 0/1 overload]

=======

[2] x switch l2
[3] x switch l3
[1] x router
[4] x server

=============

server dn = 10.18.50.1/16
t server = 10.19.50.1/16

=====

Vlan [18] 10.18.0.1 | 10.18.100.1 | [30]
Vlan [19] 10.19.0.1 | 10.19.100.1 | [30]
Vlan 31 10.31.0.1 [30]

====

brand, type Cisco [2811]

====

interfaces:

fast ethernet0/0 ip 120.0.0.1/16
ip nat [inside]

fastethernet0/1 IP 120.0.0.10/8
ip nat [inside]

===

VPN-conf

encr [aes]

crypto isakmp key [prestina] address [100.0.0.10]

crypto ipsec transform-set [VPN-SET] esp-3des esp-sha-hmac

crypto map [VPN-MAP] 10 ipsec-isakmp

set peer [100.0.0.10]

set transform-set [VPN-set]

match address [110]

interface [FastEthernet0/1]

crypto map [vpn-map]

=========

VPN-access-list:

access-list 110 [permit ip 10.10.0.0 0.0.255.255 172.13.0.0 0.0.255.255]

access-list 110 permit ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255]

access-list 110 permit ip 10.31.0.0.0.0.255.255 172.16.0.0 0.15.255.255]

access-list 110 permit ip host 10.16.50.1 host 172.16.50.1

access-list 110 permit ip host 10.19.50.1 host 172.19.50.1

=========

NAT-access list:

access-list 101 [deny ip 10.10.0.0 0.0.255.255 172.31.0.0 0.0.255.255]

access-list 101 [deny ip 10.16.0.0 0.15.255.255 172.31.0.0 0.0.255.255]

access-list 101 [deny ip 10.31.0.0 0.0.255.255 172.16.0.0 0.15.255.255]

access-list 101 deny ip host 10.16.50.1 host 172.16.50.1

access-list 101 deny ip 10.19.0.0 0.0.255.255 any

access-list 101 deny ip 10.10.0.0 0.0.255.255 any

access-list 101 deny ip 10.16.0.0 0.15.255.255 any

==========

nat-access-list [source list 101 interface fastethernet0/1 overload]

===

routing

Default route instellen: ip route 10.16.0.0 255.240.0.0 10.10.0.2

Routes(s) naar VLAN's inste!!en : 0.0.0.0 0.0.0.0 FastEthernet0/1

======

distributieswitch

vtp mode: server

==========

interface

mode & vlans

[F0/1-6] mode access vlan 16
[F0/7-8] mode access Vlan 17
[F0/9-10] mode access vlan 18

[F0/11-12] mode access Vlan 19
[F0/13-14] mode access vlan 20
[F0/15-16] mode access vlan 31
[F0/17-23: mode access vlan 88, shutdown

[F0/24: Mode access trunk, allowed vlan(s) 17-18,20,31
[G0/1: Mode access ip 10.10.0.2/16
[G0/2: Mode access trunk, allowed vlans 19,31
lnterface(s) Vlan16: Mode access IP:10.16.0.1/16
lnterface(s) Vlan17: Mode access IP:10.17.0.1/16
intertfaces vlan 18: mode access ip 10.18.0.1/16
interfaces vlan 19: mode access ip 10.19.0.1/16
interfaces vlan 20: mode access ip 10.20.0.1/16
interfaces vlan 31: mode access ip 10.31.0.1/16

interface(s) interface 17 ip helper-address: IP:10.16.50.1
interface(s) interface 18 ip helper-address: IP:10.16.50.1
interface(s) interface 13 ip helper-address: IP:10.16.50.1

=========

Ip-addressen

Interface G0/1: IP:10.10.0.2 /16

interface vlan 16: IP: 10.16.0.1/16
interface vlan 17: IP: 10.17.0.1/16
interface vlan 18: IP: 10.18.0.1/16
interface vlan 31: IP: 10.31.0.1/16
????

====

DHCP REQUESTS to DHCP SERVER

???

==========

routing

[ip routing]

ip route 0.0.0.0 0.0.0.0. 10.10.0.1

=========

access-lists 117

access-list 117 [permit udp any any eq bootps]

access-list 117 [deny ip 10.17.0.0 0.0.255.255 10.18.0.0 0.0.255.255]

access-list 117 [deny.ip 10.17.0.0 0.0.255.255 10.1.0.0 0.0.255.255]

access-list 117 remark 3: Permit overig verkeer vanaf vlan 17

access-list 117 [permit ip 10.17.0.0 0.0.255.255 any]

interface [VLAN 17]

IP-access-group 117 in

=====================

access-list 119

[Geef detoets-server-alleen toeg.fil]g tot:
~ De toets-server in Bbroek
Ó Het beheer-VLAN in Bennebroe~
o Het beheer-VLAN in A
• Maak van toepassing op de juiste interface
=============================

access switch leslokalen

Merk, type:Cisco 2960
Hostname:AS01
VTP mode:[client]

===============

default gateway: 10.31.0.1
========================

interfaces trunk, allowed vlans [19,31]

vlan 31 IP: [10.31.10.1/16]

==========

ap sn

ssid prestina studenten
authen wpa2
preshared key student-prestina

AP DN

ssid prestina docenten
authen wpa 2
preshared key docentprestina99873

==============

printers

01 ptr01 10.20.20.1] [10.20.0.1]
02 ptr02 10.20.20.2) 10.20.0.1)
toetsing ptr-t [10.19.20.1) [10.19.0.1]

============

interne poorten

80 http
443 https
500 dns

externe poorten

500 isakmp
50 esp
80 http

totaal: 10.556,78