Beruflich Dokumente
Kultur Dokumente
1
2
3
Personal Notes on Threaded Case Study
1. All servers must be brought up in the following order to prevent corruption of the
Active Directory:
a. Global Catalog
b. Local Domain Controller
c. Exchange Server
d. Applications Server(s)
2. All servers should be taken back down in reverse order shown above in step 1.
4. Be extremely careful if you need to change your IP schema after you have your
machines up and running. Due to a problem replicating a new IP schema, our
Active Directory became poisoned that precipitated a complete re-build of all
systems under the new IP schema. The direct cause of this phenomena is still
being researched as both the Central Office and Lincoln routers appeared to
replicate correctly but when Shaw Butte deleted the old IP schema and then input
the new IP schema the Active Directory on the Global Catalog became unusable.
Better planning and understanding of the necessary IP schema would have
prevented this from occurring. A lesson learned.
6. The usage of ip helper on the router Fa0/0 sub-interfaces allows the various vlans
to find the proper broadcast address for finding the Global Catalog. It utilizes the
UDP protocol in order to do this.
7. The usage of Extended Access Control Lists provided the security for our network
and was placed on the source routers instead of the destination routers.
8. Each sub-interface needs to point to that particular vlans unique gateway address
NOT to the general gateway found on the “native” vlan.
9. Print servers were determined NOT to be necessary due to the trend of utilizing
“smart” printers that accept and utilize static IP addresses and the larger capacity
of memory that is inherent to these newer machines. It was determined that newer
printers were able to store and prioritize print jobs much like actual print servers
and this made print servers to be obsolete. We did configure HP Jet Direct devices
4
for legacy printers.
5
(this page left intentionally blank)
6
Setting up a server using VM Ware
1. Start VM Ware Client
2. Click on File Menu
3. Choose New Machine
7
4. In the New Machine Wizard follow these steps:
a. Typical setup, click next.
8
b. Select the radio button of Microsoft Windows with Windows Server 2003
Standard Edition selected in the available text box, click next
9
c. Name machine with a descriptive name for the purpose of the use of the
machine (this helps in recognizing which machine you need to bring up if you
have multiple virtual machines created), in the location field place the location
of your installation disk or ISO image. Click next.
10
d. The next screen deals with Network settings, for our purposes use the Bridged
Networking selection. Click next.
11
e. On the next screen you will have to define the size of the virtual disk space
needed. For most purposes 8.0 gigabytes is sufficient room. Choose to allocate
the space now. Click Finish to create the virtual machine.
Once the virtual disk has been created and you have been returned to the main
screen there are still some adjustments that need to be made.
12
f. The first of these is to adjust your available RAM. Looking at the right hand
pane with your new machine selected you will see the Memory setting under
the Devices section.
Double click on Memory and adjust your memory to around 1500 Megs or so.
The default setting of 384 MB of memory was insufficient to run the Exchange
Server and caused problems with the setup of said server. Click on ok.
13
g. To adjust where the system finds the CD-Rom or ISO file click on CD-Rom
option under the Devices section.
This will open up the options that are selectable to choose where to look for
the installation files needed for your new virtual machine. If you are using a
physical CD-Rom or DVD-Rom then you will choose the appropriate device
under the Use Physical Drive radio button. If you choose to use an ISO image
file the click on the Use ISO Image radio button and browse or input the path
to the available ISO file. Leave the Virtual Device Node alone. Click ok.
14
h. Click on Start This Virtual Machine to begin the Operating System Installation
Process.
15
(this page left intentionally blank)
16
Setting Up Windows Server 2003 Standard
Edition on a VMWare Session
Note: The steps for setting up any operating system on VMWare closely mirror those that
are taken when setting up an operating system on a live machine. One should read the
section on Setting up a Server Using VMWare first for pertinent information concerning
hard drive allotments, ISO location, memory allocation, and other information. Also be
aware that you cannot install VMWare Tools until AFTER the installation of an active
operating system. VMWare Tools is useful for navigating between your VMWare
sessions and your actual operating system and should be installed AFTER the installation
of your virtual operating system is complete. Until you install VMWare Tools you must
click onto the active screen in VMWare and to release your mouse cursor you will need to
press CTRL ALT.
1. Start a VMWare session with a new server session selected (be certain to specify
the location of the operating system ISO or installation disk specified before you
start the process!).
17
2. Click on “start this virtual machine” to boot the installation process.
3. At the prompt input B to start installing Windows Server 2003 Standard Edition.
4. This will bring up the standard Windows installation process as shown below.
Please select Enter to continue:
18
5. Agree to the End Users Licensing Agreement (EULA) by pressing F8:
19
7. Set NTFS for type of file system and hit Enter:
20
9. Copy setup files:
21
11. The next series of screens show the progress of collecting system information and
preparing to install the software:
22
12. Set Regional and Language Options (you should be able to go with the default
settings on this screen):
23
13. Input Name and Organization information, click Next:
24
14. Input a valid activation key and press Enter:
25
15. Select licensing method and press Enter:
26
16. Set Computer Name and Administrator Password (note: administrator password
should be a secure password involving at least some lower case, upper case AND
numeric characters), press Enter:
27
17. Set Date and Time information, press Enter:
28
18. Setup the Networking Section with Typical settings:
29
19. Setup workgroup (will setup the Domain information as we specify what type of
server this machine will evolve into) and click Enter:
30
20. Windows will now finish the installation process by copying files:
21. If successful you will see the following screen after the system reboots:
31
22. Now press CTRL-ALT-INSERT to log into the server (note: in VMWare you use
CTRL-ALT-INSERT to emulate CTRL-ALT-DELETE):
23. Input the username and password you provided during the installation process:
32
24. Once you have returned back to the desktop you may update your new Windows
Server 2003 to Service Pack 2 by following these next steps. Make sure that you
perform this upgrade on all of your server machines. First you will need to change
your virtual CD-Rom setting to access the physical drive of your actual machine
instead of looking for an ISO image of the file. You do this by going to the VM
tab of VMware and clicking on it, then click on settings:
33
25. Click on CD-ROM (IDE 1:0):
34
26. Then choose Use physical drive and click OK:
35
27. Once you have done that place the Service Pack 2 for Windows Server 2003 disk
into the physical drive of the actual machine. The following screen should open
up automatically (if not then access the CD-Rom through My Computer). Left
click on the highlighted file (don’t double click at this time):
36
28. Left click and hold the mouse button down on the file while you drag it over to
your desktop (this will copy the file over to the desktop):
29. Once the file is copied over, double click on the file on your desktop:
37
31. The installation wizard for Service Pack 2 will initiate:
38
32. Agree to the Eula and click Next:
39
33. Click Next:
40
34. Watch the progress of the install:
41
35. Click Finish to complete the upgrade and reboot:
36. Now you can install VMWare Tools by going to the VMWare Window, selecting
VM, then Install VMware Tools…
42
37. Click on Install at the following screen:
43
39. Choose Typical for setup type:
44
40. Click Install:
45
41. Installing VMware Tools:
42. You may receive the following notice, click Yes to bring up the Display
Properties dialogue:
and you may receive this text dialogue box with instructions to remedy the
hardware acceleration issue, it is safe to close this box and to follow the below
instructions:
46
43. To remedy the hardware acceleration issue go to the Settings Tab and choose
Advanced
47
44. Now slide the slider on Hardware Acceleration all the way to the right, hit Apply
then OK:
48
45. Now click OK:
49
46. You may also have this dialogue box displayed as the system detects a file in your
virtual CD-Rom (in this case the ISO installation file). It is safe to click Cancel on
this box:
50
47. VMware Tools has been installed:
49. You are now ready to install more virtual servers using Windows Server 2003
Standard Edition and configure each of them into specific server platforms.
51
(this page left intentionally blank)
52
Setting up a Global Catalog Server
1. Start with a new blank server setup according to the steps in “Setting up a
Windows 2003 Standard Edition on a VMware Session.”
53
5. Highlight Internet Protocol (TCP/IP) and click on Properties:
54
6. Select the Radio button beside Use the following IP address and input your
assigned IP, subnet mask, and gateway information. Make certain to select the
radio button beside Use the following DNS server address and input the same IP
address as you have assigned to this server into the Primary DNS server text field.
You may leave the Alternate DNS Server blank for this exercise. Click Ok:
55
7. Now click ok again and close out of all subsequent windows:
8. Click on Start-Run and place dcpromo into the text field, hit ok:
56
9. This brings up the Active Directory Wizard, click Next:
57
11. For Domain Controller Type select the radio button next to Domain controller for
a new domain and click Next:
58
12. On Create New Domain select the radio button for Domain in a new forest and
click on Next:
59
13. Give the new domain a unique DNS name. The usage of .local helps to maintain
separation between your intranet and the internet as it is not a recognized domain
for internet resolution. Click Next:
14. Using a NetBIOS name is not required for this exercise and should be left at
default value. Click Next:
60
15. Database and Log folders should be left at default values unless there is a need to
change the location of either or both of them. Click Next:
61
17. Check diagnostic reports and fixed any errors that occur. Select radio button
beside Install and configure the DNS server on this computer and set this
computer to use this DNS server as its preferred DNS server. Click Next:
62
18. Select Permissions compatible only with Windows 2000 or Windows 2003
operating systems and click on Next:
19. You should place complicated passwords for these fields (complicated passwords
contain at least one capitalized and numeric elements), click Next:
63
20. Review the summary page and click on Next if appropriate or Back if some items
need to be modified:
21. During the installation you can review its progress here:
64
22. Click Finish to complete the process:
24. Once you have restarted Windows you should see the new role displayed in the
server management window:
65
You have completed the steps needed to implement the Global Catalog Server for
your network. This will be the first server that needs to be put up when initializing
the network and should be the last server to be shut down.
66
(this page left intentionally blank)
67
Setting up a Local Domain Controller with DNS
and DHCP
25. Start with a new blank server setup according to the steps in “Setting up a
Windows 2003 Standard Edition on a VMware Session.”
68
29. Highlight Internet Protocol (TCP/IP) and click on Properties:
69
30. Select the Radio button beside Use the following IP address and input your
assigned IP, subnet mask, and gateway information. Make certain to select the
radio button beside Use the following DNS server addresses and input the IP
address as you have assigned to the Global Catalog Server into the Primary
DNS server text field. You may leave the Alternate DNS Server blank for this
exercise. Click Ok:
Note the different addresses between the IP address field and the Preferred
DNS server fields!
70
31. Now click ok again and close out of all subsequent windows:
Verify connection to the Global Catalog Server by using the ping command as
shown:
71
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 70ms, Average = 33ms
32. Follow instructions under Joining the Network tab in this Engineering Journal to
change from the Workgroup to being a member of your domain network.
33. Click on Start-Run and place dcpromo into the text field, hit ok:
72
35. Click Next:
36. For Domain Controller Type select the radio button next to Domain controller for
a new domain and click Next:
73
37. On Create New Domain select the radio button for Child domain in an existing
domain tree:
74
38. Place your network credentials in the required areas (username and password of
the Global Catalog administrator as well as the domain if not already provided):
75
39. Place the Child domain name into the proper text field, ensure the proper
information is in the Parent domain field (note: only place the first part of the
child domain, the remainder is automatically entered):
76
40. For this exercise Domain NetBIOS is not used, just leave the default here:
77
41. Leave Database and Log Folders at default:
78
42. Leave Shared System Volume at default:
79
43. Review DNS Registration Diagnostics and correct any errors:
80
44. Leave Permissions at default:
81
45. Enter complicated password containing at least one capitalization and numerals:
82
46. Review summary and hit Next if all is correct:
83
48. Complete the installation by hitting Finish:
84
50. Now click on Add or remove a role:
85
52. Click on DNS server:
86
54. Click on Next for the Configure a DNS Server Wizard:
87
55. Select Create forward and reverse lookup zones (recommended for large
networks), click Next:
88
56. Select Yes, create a forward lookup zone now (recommended) and click Next:
89
57. Select Primary zone and Next:
90
58. Now select To all domain controllers in the Active Directory domain
ldc.TCS.local (note: domain name will change to reflect your domain), click Next:
91
59. Input a zone name and click Next:
92
60. Select the radio button beside Allow only secure dynamic updates (recommended
for Active Directory), click Next:
93
61. Select Yes, create a reverse lookup zone now, click Next:
94
62. Now select Primary zone and click Next:
95
63. Leave this at the default setting, click Next:
96
64. Place the first three octets of your domain controller IP address and click Next:
97
65. Leave this setting at default, click Next:
98
67. Click Finish:
68. An error about not being able to find Root Hints is normal, click OK:
99
69. Click Finish again:
70. Now for setting up the DHCP server click on Add or remove a role:
100
71. Now click Next:
101
73. Review the settings and click on Next:
102
75. Name your scope and add a description, click Next:
76. Place your entire IP scope and subnet mask in the spaces provided, click Next:
103
77. Place the static addresses for the router (gateway) and switches, hit add:
Remember to place the IP addresses for the other end of the scope that are
statically held by the various servers (server and gateway addresses are best served
if they are static, therefore they do not change and it does not require
re-configuring after a reboot and consequent re-assignment of IP addresses by
DHCP), click Next after all addresses have been added.
104
78. Lease duration can be left at default value, click Next:
105
79. Now to configure the DHCP options, select Yes and click Next:
106
81. Input your Global Catalog Server’s IP address, hit Add, then Next:
Note: it is not necessary to input server as long as you have the IP address of the
Global Catalog Server.
107
82. WINS resolution is not needed as it is not being used, click Next:
108
84. Click Finish:
109
86. Now to get the DHCP running first log off of this session of Windows, then log
back in under the Global Domain Servers administration account:
87. Now to ensure that the DCHP is up and running, go to Manage this DCHP server:
110
88. Expand the DHCP server’s entry and notice that there is a RED arrow pointing
down to the left of the entry. This indicates that the status of the server is down
and needs to be turned on:
111
Right click on the name and choose Authorize:
112
89. Then right click on the same server and choose All Tasks, then Restart:
90. This should end up with a green arrow indicating the status of the DHCP server to
be up and running. Be advised, this process between restarting the service and
getting the green arrow may take up to 5 or 10 minutes.
113
(this page left intentionally blank)
114
Setting up Exchange Server 2003
91. Start with a new blank server setup according to the steps in “Setting up a
Windows 2003 Standard Edition on a VMware Session.”
115
95. Highlight Internet Protocol (TCP/IP) and click on Properties:
116
96. Select the Radio button beside Use the following IP address and input your
assigned IP, subnet mask, and gateway information. Make certain to select the
radio button beside Use the following DNS server addresses and input the IP
address as you have assigned to the Global Catalog Server into the Primary
DNS server text field. You may leave the Alternate DNS Server blank for this
exercise. Click Ok:
Note the different addresses between the IP address field and the Preferred
DNS server fields!
117
97. Now click ok again and close out of all subsequent windows:
Verify connection to the Global Catalog Server by using the ping command as
shown:
118
98. Follow instructions under Joining the Network tab in this Engineering Journal to
change from the Workgroup to being a member of your domain network.
99. Go to Start Control Panel Add or remove programs and left click:
119
100. Click on Add/Remove Windows Components:
120
101. Make sure Application Server is checked and click on Details:
121
102. Make certain Internet Information Services (IIS) is checked and
highlighted and click Details (note: you may also wish to place a checkmark next
to ASP.NET as well as certain services may require this with the web server
component):
122
103. Place a checkmark next to NNTP Service and SMTP Service and click
OK:
123
104. This starts the installation process of the required Windows Components:
106. Once the reboot is finished go ahead and join this server to the domain
following the instructions in the Joining a Domain section. Reboot again and log
into this server under the Global Catalog domain (e.g. TCS.local)
124
107. Place the Exchange Server 2003 Installation disk into the physical drive (if
you do not have the physical drive set as the default CD-Rom drive for your
virtual machine then follow the directions in steps 24 through 26 in Setting up
Windows Server 2003 Standard Edition on a VMWare Session section of this
engineering journal). Autoplay should bring up the installation program for
Exchange Server, click on Exchange Deployment Tools:
125
108. Then click on Deploy the first Exchange 2003 server:
126
109. Now click on New Exchange 2003 Installation:
127
110. The first two steps should be completed already on this screen. For step 3
you will need to revert to the ISO image for the default CD-Rom or insert a
separate disk with the Support Tools on it into the physical drive. If you choose to
use either an actual install disk or the ISO image these files are located at
D:\ENGLISH\WIN2003_VLP\STANDARD\SUPPORT\TOOLS. Click on the
suptools.msi file to install them to your system. Note the destination folder of the
support tools (usually C:\PROGRAM FILES\SUPPORT TOOLS\. Once installed
copy the NETDIAG.EXE and DCDIAG.EXE files to your desktop for future use.
128
111. Run the DCDiag.exe file and NetDiag.exe file as stated in steps 4 and 5 of
the Deployment Tools document. (note: the command box that will open up on
NetDiag will shut automatically, you may review the logs of both of these to find
any errors that need to be fixed. These logs should be available in your
C:\Documents and Settings\Administrator.TCS\Desktop folder. Check for any
failed entries but ignore fails on WINS and Security). The command for running
dcdiag is ran from a command prompt as c:\dcdiag /s:<Global Catalog IP
address> and may need to be ran from C:\windows\servicepackfiles\i386
directory. Note any errors and fix them before continuing. Also if you have
changed your CD-Rom to a location for an ISO image file you will need to change
back to the physical drive before continuing.
129
an example of the DCdiag log:
130
113. You may receive a compatibility error, this is normal, select Don’t display
this message again and click Continue:
131
115. Click on Next:
132
116. Agree to the EULA:
133
117. Check the action and click Next:
134
118. Note the Administrator Account and click Next:
135
119. Installing of files:
136
137
121. Now in Step 7 run Setup and you will get the Installation screen below,
click Next:
138
139
123. Check that the installation is ready and click Next:”
140
124. Indicate a New Exchange Organization and click Next:
141
125. Input the name of your organization and click Next:
142
126. Agree to the licensing agreement and click Next:
127. You will get a security warning that you will ignore as we are not setting
up any special security considerations. Click OK:
143
128. Monitor installation progress:
144
129. Click Finish:
130. Now to upgrade to Service Pack 2 for Exchange server 2003, insert the
upgrade disk to your CD-Rom, navigate to the CD and find the file for the
upgrade. Double click on it to start the installation:
145
131. Find the extracted folder on your desktop and navigate to the
E3SP2ENG setup i386 folder. Find the upgrade.exe file and double click on it:
146
147
133. Sign the EULA and click Next:
148
134. Check the action and click Next:
149
135. Check the summary and click Next:
150
136. Monitor the progress:
151
137. Click Finish:
152
139. Click on Users and right click on a blank portion of the right panel:
153
140. Fill out the various fields, hit Next:
154
141. Input a secure password, select Password Never Expires (in a live server
you would probably select another option) and click Next:
155
142. Leave this at defaults, click Next:
156
143. Click on Finish:
157
144. Review the new account:
158
145. Now to check the mail, start an Internet Explorer session:
159
146. Place the IP address to your Exchange Server with the addition of a
/exchange to the end of it (e.g. http://10.2.63.253/exchange ). This will bring up a
username and password dialogue box. Input your username and password (be
certain to place @domain.name onto the username) and click OK:
to disable any more of these warnings you can go to Start Control Panel
Add or remove programs Add/Remove Windows Components : uncheck
Internet Explorer Enhanced Security Configurations and click Next. Then click
160
Finish.
148. You should be able to access the Web Mail feature of Exchange now. Just
make accounts for all users on the domain and send a test message between
machines and between each child domain:
161
(this page left intentionally blank)
162
Setting up an FTP and World Wide Web Server
149. Start with a new blank server setup according to the steps in “Setting up a
Windows 2003 Standard Edition on a VMware Session.”
163
153. Highlight Internet Protocol (TCP/IP) and click on Properties:
164
154. Select the Radio button beside Use the following IP address and input your
assigned IP, subnet mask, and gateway information. Make certain to select the
radio button beside Use the following DNS server addresses and input the IP
address as you have assigned to the Global Catalog Server into the Primary
DNS server text field. You may leave the Alternate DNS Server blank for this
exercise. Click Ok:
Note the different addresses between the IP address field and the Preferred
DNS server fields!
165
155. Now click ok again and close out of all subsequent windows:
Verify connection to the Global Catalog Server by using the ping command as
shown:
166
Minimum = 0ms, Maximum = 70ms, Average = 33ms
156. Follow instructions under Joining the Network tab in this Engineering
Journal to change from the Workgroup to being a member of your domain
network.
157. Go to Start Control Panel Add or remove programs and left click:
167
158. Click on Add/Remove Windows Components:
168
159. Make sure Application Server is checked and click on Details:
169
160. Make certain Internet Information Services (IIS) is checked and
highlighted and click Details (note: you may also wish to place a checkmark next
to ASP.NET as well as certain services may require this with the web server
component):
170
161. Place a checkmark next to FTP, NNTP Service, SMTP, and World Wide
Web Service and click OK:
171
162. This starts the installation process of the required Windows Components:
164. Once the reboot is finished go ahead and join this server to the domain
following the instructions in the Joining a Domain section. Reboot again and log
into this server under the Global Catalog domain (e.g. TCS.local)
172
165. Go to Manage this application server on the Manage your Server console.
Double click on it:
173
167. Expand the FTP Sites folder:
174
169. Click on the Home Directory tab:
175
170. Check the path statement (usually you will leave this at default values),
click OK:
176
171. To setup the World Wide Web settings open the Web Sites folder, right
click on Default Web Sites and select properties:
177
172. Select the Home Directory tab:
178
173. Verify the local path statement:
179
174. Click on Documents tab, click on Add:
180
175. Add index.html in the dialogue box:
181
176. Verify the file name you entered, click on Apply and then click on OK:
182
177. To verify the operation of the web server first modify a webpage to suit
your needs. Save this file to the local directory outlined in step 25 of this
document.:
183
178. Open Internet Explorer on another machine that is connected to your
network. Navigate to the IP address of the Web Server and view the results:
Checking your FTP site is the same procedure with the exception of using ftp://
instead of http:// (file transfer protocol instead of hyper-text transport protocol).
Be certain to place some file into the default directory so there will be something
to show up there.
184
(this page left intentionally blank)
185
Command Summary
2. Router>
3. Router>enable
4. Router#
2. Router#
3. Router#config t
4. Router(config)#
2. Router#
3. Router#config t
4. Router(config)#
5. Router(config)#hostname (name)
186
2. Router#
3. Router#config t
4. Router(config)#
5. Router(config)#enable password (password)
2. Router#
3. Router#config t
4. Router(config)#
5. Router(config)#enable secret (password)
2. Router#
3. Router#config t
4. Router(config)#
5. Router(config)#int fa0/0
6. Router(config-if)#ip add (ip address) (subnet mask)
7. Router(config-if)#no shut
2. Router#
3. Router#config t
4. Router(config)#
5. Router(config)#int S0/0/0
187
6. Router(config-if)#ip add (ip address) (subnet mask)
7. Router(config-if)#no shut
8. Router(config-if)#clock rate 64000
2. Router#
3. Router#config t
4. Router(config)#
5. Router(config)#int s0/0/1
6. Router(config-if)#ip add (ip address) (subnet mask)
7. Router(config-if)#no shut
2. Router#
3. Router#config t
4. Router(config)#
5. Router(config)#line con 0
6. Router(config-line)#password (password)
7. Router(config-line)#login
2. Router#
3. Router#config t
4. Router(config)#line vty 0 4
5. Router(config-line)#password (password)
6. Router(config-line)#login
188
a. Allows for someone to access the Router not only
by physical access, but also the ability to connect
through virtual access. This command will
configure the last 10 virtual terminals that our
optional.
2. Router#
3. Router#config t
4. Router(config)#line vty 0 15
5. Router(config-line)#password (password)
6. Router(config-line)#login
2. Router#
3. Router#config t
4. Router(config)#Router eigrp 100 (this number needs to be
the same on all routers within the network)
5. Router(config-Router)#network (network ip address)
2. Router#
3. Router#config t
4. Router(config)#int fa0/0
5. Router(config-if)#no ip add (remove address)
6. Router(config-if)#shutdown
7. Router(config-if)#exit
8. Router(config)#
9. Router(config)#interface f0/0.(vlan-id number, note the
period after the f0/0 is mandatory and signifies the
sub-interface that is being configured. It usually is the same
number as the vlan itself)
10. Router(config-subif)#encapsulation dot1q (vlan-id number)
189
11. Router(config-subif)#ip address (ip Address) (subnet mask)
13. Router(config-subif)#exit
14. Router(config)#interface f0/0
15. Router(config-if)#no shut
2. Router#show run
2. Router#erase start
3. Router#reload
2. Router#
190
3. Router#config
4. Router(config)#banner login “(banner message)”
2. Router#
3. Router#config
4. Router(config)#access-list (group number, such as 103)
deny tcp (starting ip address of the vlan that you are
restricting, such as 10.2.64.0, it has to start with .0 or it will
not work) (Then you need to put in the range of ips that you
will be blocking, such as 0.0.7.255) any eq ftp
5. Router(config)#access-list (group number, such as 103)
deny tcp (starting ip address of the vlan that you are
restricting, such as 10.2.64.0, it has to start with .0 or it will
not work) (Then you need to put in the range of ips that you
will be blocking, such as 0.0.7.255) any eq ftp-data
6. Router(config)#access-list (group number, such as 103)
deny tcp (starting ip address of the vlan that you are
restricting, such as 10.2.64.0, it has to start with .0 or it will
not work) (Then you need to put in the range of ips that you
will be blocking, such as 0.0.7.255) any eq telnet
7. Router(config)#access-list (group number, such as 103)
permit any any
8. Router(config)#int fa0/0.(vlan-id number that you want to
block)
9. Router(config-subif)#ip access-group (group number that
you chose, such as 103) in
191
c. Switch Commands Used-
a. Commands used to configure the Switch.
2. Switch>
3. Switch>enable
4. Switch#
2. Switch#
3. Switch#config t
4. Switch(config)#
5. Switch(config)#hostname (name)
192
this Password is not visible in the Switch
configuration.
2. Switch#
3. Switch#config t
4. Switch(config)#
5. Switch(config)#enable secret (password)
2. Switch#
3. Switch#config t
4. Switch(config)#int vlan (vlan-number)
5. Switch(config-line)#ip add (Ip Address) (Subnet Mask)
6. Switch(config-line)#no shut
2. Switch#
3. Switch#config t
4. Switch(config)#ip default-gateway (ip address)
193
2. Switch#
3. Switch#config t
4. Switch(config)#line vty 0 4
5. Switch(config-line)#password (password)
6. Switch(config-line)#login
2. Switch#
3. Switch#config t
4. Switch(config)#line vty 0 15
5. Switch(config-line)#password (password)
6. Switch(config-line)#login
2. Switch#
3. Switch#config t
4. Switch(config)#int fa0/(number)
5. Switch(config-if)#switch port mode access
6. Switch(config-if)#switch port access vlan (vlan-id)
2. Switch#
3. Switch#config t
194
4. Switch(config)#interface (interface id)
5. Switch(config-if)#switch port mode access
6. Switch(config-if)#switch port access vlan (vlan-id)
2. Switch#
3. Switch#config t
4. Switch(config)#interface (interface id)
5. Switch(config-if)#no switch port access vlan
2. Switch#
3. Switch#config t
4. Switch(config)#vlan (vlan-id)
5. Switch(config-vlan)#exit
6. Switch(config)#int (int-id)
195
7. Switch(config-if)#switchport mode trunk
8. Switch(config-if)#switchport trunk allowed vlan add
(vlans,vlans)
2. Switch#show run
2. Switch#erase start
3. Switch#reload
2. Switch#
3. Switch#config
4. Switch(config)#banner login “(banner message)”
196
(this page left intentionally blank)
197
Configuration Files
198
ip helper-address 10.2.7.253
!
interface FastEthernet0/0.666
encapsulation dot1Q 666
ip address 10.2.16.1 255.255.248.0
ip helper-address 10.2.7.253
!
interface FastEthernet0/0.911
encapsulation dot1Q 911
ip address 10.2.0.1 255.255.248.0
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1/0
ip address 176.43.243.229 255.255.255.252
clock rate 64000
!
interface Serial0/1/1
ip address 176.43.243.10 255.255.255.252
!
!
interface Serial0/2/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/2/1
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3/1
no ip address
shutdown
clock rate 2000000
!
router eigrp 100
network 10.0.0.0
network 176.43.0.0
no auto-summary
!
ip classless
!
!
ip http server
no ip http secure-server
!
!
!
!
control-plane
!
199
!
!
!
!
!
!
!
banner login ^CCUnauthorized Access Prohibited^C
banner motd ^CCAuthorized Personnel Only^C
!
line con 0
password cisco
login
line aux 0
password cisco
login
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
!
end
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname coswitch
!
enable secret 5 $1$D0wz$Ls3MiAMk.FLPSD0KB0Loi/
enable password cisco
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 411
switchport mode access
!
200
interface FastEthernet0/3
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/18
201
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 666
switchport mode access
!
interface GigabitEthernet0/1
switchport trunk native vlan 411
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan411
no ip address
no ip route-cache
shutdown
!
interface Vlan911
ip address 10.2.0.2 255.255.248.0
no ip route-cache
!
ip default-gateway 10.2.0.1
ip http server
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
202
end
203
no snmp trap link-status
!
interface FastEthernet0/0.666
encapsulation dot1Q 666
ip address 10.2.40.1 255.255.248.0
ip helper-address 10.2.31.254
no snmp trap link-status
!
interface FastEthernet0/0.911
encapsulation dot1Q 911
ip address 10.2.24.1 255.255.248.0
no snmp trap link-status
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 176.43.242.137 255.255.255.252
no fair-queue
clock rate 64000
!
interface Serial0/0/1
ip address 176.43.243.230 255.255.255.252
!
router eigrp 100
network 10.0.0.0
network 176.43.0.0
no auto-summary
!
ip classless
!
!
ip http server
ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
!
end
204
Shaw Butte Switch Configuration
(note: switch 1 and switch 2 are configured identically with the exception of
the trunk ports and the IP address for the switch itself)
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ShawBsw1
!
enable secret 5 $1$YKg1$JS/ku9DQftufs5XqSsN2e1
enable password cisco
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/8
205
switchport access vlan 911
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/18
switchport mode trunk
!
interface FastEthernet0/19
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 666
switchport mode access
206
!
interface FastEthernet0/24
switchport access vlan 666
switchport mode access
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan411
no ip address
no ip route-cache
shutdown
!
interface Vlan666
no ip address
no ip route-cache
shutdown
!
interface Vlan911
ip address 10.2.24.2 255.255.248.0
no ip route-cache
!
ip default-gateway 10.2.24.1
ip http server
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
end
207
!
enable secret 5 $1$9tQO$08YZuJZzXaf4eCnuL5Xyf0
enable password cisco
!
no aaa new-model
!
resource policy
!
memory-size iomem 30
ip subnet-zero
!
!
ip cef
!
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.411
encapsulation dot1Q 411
ip address 10.2.56.1 255.255.248.0
ip access-group 103 in
ip helper-address 10.2.55.254
no snmp trap link-status
!
interface FastEthernet0/0.666
encapsulation dot1Q 666
ip address 10.2.64.1 255.255.248.0
ip helper-address 10.2.55.254
no snmp trap link-status
!
interface FastEthernet0/0.911
encapsulation dot1Q 911
ip address 10.2.48.1 255.255.248.0
no snmp trap link-status
!
interface FastEthernet0/1
no ip address
208
shutdown
duplex auto
speed auto
!
interface Serial0/1/0
ip address 176.43.243.9 255.255.255.252
no fair-queue
clock rate 64000
!
interface Serial0/1/1
ip address 176.43.242.138 255.255.255.252
!
router eigrp 100
network 10.0.0.0
network 176.43.0.0
no auto-summary
!
ip classless
!
!
ip http server
no ip http secure-server
!
access-list 103 deny tcp 10.2.64.0 0.0.7.255 any eq ftp
access-list 103 deny tcp 10.2.64.0 0.0.7.255 any eq ftp-data
access-list 103 deny tcp 10.2.64.0 0.0.7.255 any eq telnet
access-list 103 permit ip any any
!
!
!
control-plane
!
!
!
!
!
!
!
!
banner login ^CStay Out!!!!! Mike and Jack, Authirzed Personel
Only!!!!!!^C
!
line con 0
password cisco
login
line aux 0
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
scheduler allocate 20000 1000
!
end
210
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 411
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 666
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 666
switchport mode access
211
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan911
ip address 10.2.48.2 255.255.248.0
no ip route-cache
!
ip default-gateway 10.2.48.1
ip http server
banner login ^CStay out!!!! Jack and others, Authorized Personel
Only!!!!^C
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
end
212