Beruflich Dokumente
Kultur Dokumente
SOAL
MODUL A LINUX ISLAND
(TERBUKA)
BIDANG LOMBA
IT NETWORK SYSTEM ADMIN
(IT NETWORK)
INTRODUCTION
The competition has a fixed start and finish time. You must decide how to best divide your
time.
Please carefully read the following instructions!
When the competition time ends, please leave your station in a running state.
Version: 1.0
LKS-JABAR_ITNSA
Date: 16.08.2017
2
PART I
WORK TASK INSTALLATION (SOLOSRV, SEMARANGSRV)
Note Please use the default configuration if you are not given details.
3. FTP (proftpd)
Enable FTPS
- Use a certificate signed by SEMARANGSRV
Each user (user21 to user30) will have a home directory.
Version: 1.0
LKS-JABAR_ITNSA
Date: 16.08.2017
3
Make sure the user is jailed in their respective website document root directories.
Make sure file transfer to the server is possible.
4. Mail
Make sure user11 to user20 have access via POP3, IMAP and SMTP
Before you finish your project make sure you send an email message from user14 to
user19 and another message from user19 to user14.
Do not delete these email messages.
6. SSH Server
Install SSH Server
Use RADIUS SEMARANGSRV to authentication users.
Change SSH port default to 1945
3. RADIUS (FreeRadius)
Create 5 users with password InaSkills2017 for SSH login SOLOSRV
o Username: user[31-35]. ex: user31, user32, , user35
Use InaSkills2017 as share key
Version: 1.0
LKS-JABAR_ITNSA
Date: 16.08.2017
4
4. DHCP
o Create DHCP Pool INTERNAL:
Range: 192.168.150.51 192.168.150.100
Netmask: /25
Gateway: 192.168.150.1
DNS: 172.23.199.3
o DNS-Suffix: skills4future.net
o SOLOCLT should always receive the following IP: 192.168.150.88
o The clients should automatically register their name with the DNS server after they
have been assigned with an IP address by the DHCP server.
Version: 1.0
LKS-JABAR_ITNSA
Date: 16.08.2017
5
PART II
WORK TASK NETWORK CONFIGURATION (JATENGRO)
Note Please use the default configuration if you are not given details.
2. DHCP Relay
Configure DHCP Relay to SEMARANGSRV for internal client
4. VPN Server
Configure VPN for access to SOLOSRV and SEMARANGSRV. External clients should
connect to 212.99.45.65
Use address range 10.20.0.1 to 10.20.0.10 and DNS SOLOSRV for VPN clients
For login create a user remote with password InaSkills2017
5. Firewall
External network allows the ICMP packet to interface external JATENGRO
External network can access to http://www.skills4future.net
External network cant access to SOLOSRV and SEMARANGSRV before the vpn
established.
Ensure the vpn client cant access to internal client (SOLOCLT) when the vpn established.
(Can only access to SOLOSRV and SEMARANGSRV)
Deny all other traffic from external to all internal network.
Version: 1.0
LKS-JABAR_ITNSA
Date: 16.08.2017
6
PART III
WORK TASK LINUX CLIENT (JEPARACLT, SOLOCLT)
Note Please use the default configuration if you are not given details.
Version: 1.0
LKS-JABAR_ITNSA
Date: 16.08.2017
7
APPENDIX
SPECIFICATIONS
SOLOSRV
Operating System Linux Debian 7.8
Computer name: SOLOSRV
Root password Nasional2017
User Name: batik
User Password: Semarang2017
eth0: 172.23.199.3/29
SEMARANGSRV
Operating System Linux Debian 7.8
Computer name: SEMARANGSRV
Root password Nasional2017
User Name: batik
User Password: Semarang2017
IP address: 172.23.199.4/29
JATENGRO
Operating System Linux Debian 7.8
Computer name: JATENGRO
Root password Nasional2017
User Name: batik
User Password: Semarang2017
eth0: 212.99.45.65/28
eth1: 172.23.199.1/29
eth2: 192.168.150.1/25
JEPARACLT
Operating System Linux Debian 7.8 (GUI)
Computer name: JEPARACLT
Root password Nasional2017
User Name: Batik
User Password: Semarang2017
IP address: 212.99.45.70/28
Version: 1.0
LKS-JABAR_ITNSA
Date: 16.08.2017
8
SOLOCLT
Operating System Linux Debian 7.8 (GUI)
Computer name: SOLOCLT
Root password Nasional2017
User Name: batik
User Password: Semarang2017
IP address: DHCP
Version: 1.0
LKS-JABAR_ITNSA
Date: 16.08.2017
NETWORK SPESIFICATION
Name : SEMARANGSRV
OS : Debian 7.8 Name : lnxrtr1 Pre-Install
OS : Debian 7.8
Name : SOLOCLT (Internal)
IP-Address : OS : Debian 7.8 (GUI)
172.23.199.4/29 IP-Address :
Service: External : 212.99.45.65/28
Server : 172.23.199.1/29 IP-Address :
- Cacti DHCP From SEMARANGSRV
- FreeRadius Internal : 192.168.150.1/25
Service: Service:
- CA - IceDove
- DHCP Server Host Only - Routing
- DHCP Relay - Filezilla
- Reverse Proxy (nginx)
VMnet2 - DDNS
- Firewall
SEMARANGSRV - OpenVPN Server
SOLOCLT
L0MBA KOMPETENSI SISWA
SEKOLAH MENENGAH KEJURUAN
TINGKAT PROVINSI JAWA BARAT
SOAL
MODUL B SYSTEM INTEGRATION
(TERBUKA)
BIDANG LOMBA
IT NETWORK SYSTEM ADMIN
(IT NETWORK)
INTRODUCTION
The competition has a fixed start and finish time. You must decide how to best divide your
time.
Please carefully read the following instructions!
When the competition time ends, please leave your station in a running state.
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
2
PART I
WORK TASK INSTALLATION (WINSRV1, WINSRV2,
LNXSRV1, LNXSRV2)
Note Please use the default configuration if you are not given details.
o DNS
Create a forward zone called indonesiahebat.net
Create reverse zones for the Network 172.20.31.0; 172.20.32.0; 172.20.33.0
Create a host info.indonesiahebat.net for WINSRV2
Create 2 hosts for LNXSRV1:
- training.indonesiahebat.net
- competition.indonesiahebat.net
o PKI (Public Key Infrastructure)
Install and configure Certificate Service
Install only the Certificate Authority
Create a template for Clients AND Servers
- Name the template ITNSA-ClientServerCert
- Publish the template in Active Directory
- Set the subject name format to common name
o GPO Security Policies
At logon on WINCLNT2, users should see this message before logging in: Message Title:
Welcome to Indonesiahebat2017 with Message Text Only authorized personnel allowed
to access. and prohibit this message on all servers.
All users, except the IT group, are not allowed to access the display settings on the Control
Panel.
disable "First Sign-in Animation" for all Windows 8.1 clients
disable the use of cmd and run for the Visitor group
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
3
o DHCP Server
Create Pool ISCLNT
- Range: 172.20.32.51 172.20.32.100
- Netmask: /25
- Gateway: 172.20.32.1
- DNS: 172.20.31.3
- Option 150 (TFTP) 172.20.32.129
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
4
DFS Namespace Share Folders Folder Target Local Folder on both Servers Description
\\indonesiahebat.net\skills\rfolder \\WINSRV1\rfolder C:\share\rfolders On WINSRV1 Folder
s s C:\share\rfolders On WINSRV2 Redirection &
\\WINSRV2\rfolder home folder
s
\\indonesiahebat.net\skills\IT \\WINSRV1\IT C:\share\IT On WINSRV1 Departmental
\\WINSRV2\IT C:\share\IT On WINSRV2 Share for IT
\\indonesiahebat.net\skills\Sales \\WINSRV1\Sales C:\share\Sales On WINSRV1 Departmental
\\WINSRV2\Sales C:\share\Sales On WINSRV2 Share for Sales
\\indonesiahebat.net\skills\Market \\WINSRV1\Mkt C:\share\Mkt On WINSRV1 Departmental
ing \\WINSRV2\Mkt C:\share\Mkt On WINSRV2 Share for
Marketing
o NTP Server
Set NTP server service. Use local clock as time server source
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
5
o FreeRadius Server
Configure radius server for router and switch access authentication. Use LKSN2017 as
share key.
Create SW1 with password InaSkills2017. Will be used for switch access authentication.
Create RO1 with password InaSkills2017. Will be used for router access authentication.
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
6
PART II
WORK TASK NETWORK CONFIGURATION (RO1, SW1)
Note Please use the default configuration if you are not given details.
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
7
o Telephony Service
Configure max 5 ephone and max 10 ephone-dn
Number 999 is used for paging all phones of the company
Configure button 2 on hqvph1 to call directly to paging extension
Configure Intercom service with the extension 199
o Access Control List (ACL)
Configure Access List with rule below
- Ensure outside can access to all service lnxsrv2 and winsrv1 using IP outside of RO1
- Allow access from outside to web server linxsrv1 and winsrv2
- Deny other traffic from outside to inside
o SNMP
Enable SNMP v2c with LKSN as the read-only community string
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
8
PART III
WORK TASK WINDOWS CLIENT (WINCLNT1, WINCLNT2,
IP PHONE)
Note Please use the default configuration if you are not given details.
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
9
APPENDIX
SPECIFICATIONS
WINSRV1
Computer name: WINSRV1
Operating System MS Windows 2012 R2
Domain Name: indonesiahebat.net
Administrator User name: Administrator
Administrator password: InaSkills2017
IP address: 172.20.31.3/26
Domain NetBIOS Name: HEBAT
WINSRV2
Computer name: WINSRV2
Operating System MS Windows 2012 R2
Domain Name: indonesiahebat.net
Administrator User name: Administrator
Administrator password: InaSkills2017
IP address: 172.20.33.67/26
Domain NetBIOS Name: HEBAT
LNXSRV1
Computer name: LNXSRV1
Operating System Linux Debian 7.8
User name: root
Password: InaSkills2017
IP address: 172.20.33.3/26
LNXSRV2
Computer name: LNXSRV2
Operating System Linux Debian 7.8
User name: root
Password: InaSkills2017
IP address: 172.20.33.4/26
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
10
WINCLNT1 (EXTERNAL)
Computer name: WINCLNT 1
Operating System MS Windows 8.1
User name: Administrator
Password: InaSkills2017
Domain name: Indonesiahebat.net
IP address: 202.132.45.28/27
WINCLNT2
Computer name: WINCLNT 2
Operating System MS Windows 8.1
User name: Administrator
Password: InaSkills2017
Domain name: indonesiahebat.net
IP address: DHCP
NETWORK SPESIFICATION
VLAN ISSRV-1 (ID: 30) 172.20.31.0/26
VLAN ISCLNT (ID: 31) 172.20.32.0/25
VLAN VOICE (ID: 32) 172.20.32.128/25
VLAN BRSRV (ID: 33) 172.20.33.0/26
VLAN ISSRV-2 (ID:34) 172.20.33.64/26
VLAN NATIVE (ID: 99) 10.0.0.0/28
OUTSIDE 202.132.45.0/27
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
NETWORK SPESIFICATION
SOAL
MODUL C PT CHALLENGE
(TERBUKA)
BIDANG LOMBA
IT NETWORK SYSTEM ADMIN
(IT NETWORK)
Instructions
The competition has a fixed start and finish time. You must decide how to best divide your time.
Please carefully read the following instructions!
When the competition time ends, please save your file and add your ID in the end of the filename
(change the XX), leave the Cisco Packet Tracer program and your workstation in a running state.
ISP ROUTER
1. For ease of administration, enable SSH with local authentication, isp.net for domain name.
2. Do not configure any kind of static or dynamic routing.
3. Configure PPP CHAP authentication on the Serial Link between ISP and HQ router with Skills39 as
the password.
HQ / BRANCH ROUTERES
1. See the appendix to understand IP addressing, services and network diagram.
2. Configure an IPv6 over IPv4 Point-to-Point ipv6ip between the two routers, going through the ISP
router.
3. Configure default static route to ISP using next-hop address, EIGRPv6 and OSPFv3 routing via
tunnel. OSPFv3 routing serves as a backup routing protocol. When EIGRPv6 is running then we
should only see EIGRPv6 routes in the routing table.
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
2
HQ OSPFv6 area 0 Routing with process ID 100 BRANCH OSPFv6 area 0 Routing with process
ID 100
Fdab:cdef:1::/64 Fdab:cdef:3::/64
Fdab:cdef:4::/64 Fdab:cdef:4::/64
Fdab:cdef:7::/64
4. Configure High Availability routing for the MGMT IPV4 with group 1. Use a protocol that will use
only one of the two routers, preferably the HQ router.
6. Configure AAA to authenticate SSH logins, idnux.local for domain-name, the radius server is
LUXSRV for HQ and WINSRV for BRANCH, Skills39 for radius-key and use cisco local user as a fall
back if RADIUS becomes unavailable.
7. Restrict SSH access to the MGMT IPv6 and IPv4 network, MGMT-IPv6-net and MGMT-net for ACL-
name with the standard type.
8. Configure time synchronization with the NETLUXSRV NTP server that has authentication to use it.
Use key 1 and Password Skills39.
9. Send logs to the syslog server at LUXSRV for HQ and WINSRV for BRANCH.
10.Configure NAT overload in HQ for MGMT IPv4 Network for internet access, Use MGMT-net for
ACL so WINLAPTOP can access NETLUXSRV.
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
3
DHCP Services
1. Configure DHCP service on ISP, HQ, BRANCH, HQSW and REMOTE with the setting in the table 4.
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
4
APPENDIX
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
5
VTP Version 2
VTP DOMAIN: skills.org
VTP PASSWORD: Skills39
VTP SERVER: HQSW
VTP CLIENT: BRANCHSW
HQSW BRANCHSW
VLAN VLAN VLAN
VLAN ID PORTS NETWORK PORTS NETWORK
NAME ID NAME
F0/1 - F0/4 F0/1 - F0/4
10 LUXVOIP (Voice VLAN; Data 10.0.0.0/24 20 WINVOIP (Voice VLAN; Data 172.16.0.0/24
VLAN is 12) VLAN is 12)
fdab:cdef:1::/64 fdab:cdef:3::/64
11 LUXSRV F0/5 - F0/8 21 WINSRV F0/5 - F0/8
10.0.10.0/24 10.0.30.0/
F0/1-F0/4, F0/9 - F0/1-F0/4, F0/9 -
12 LUXWINTOP fdab:cdef:2::/64 12 LUXWINTOP fdab:cdef:2::/64
F0/12 F0/12
10.0.1.0/24 and 10.0.1.0/24 and
99 MGMT F0/13 - F0/16 99 MGMT F0/13 - F0/16
fdab:cdef:7::/64 fdab:cdef:7::/64
99 NATIVE VLAN 99 NATIVE VLAN
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
6
DHCP SERVERS
DEFAULT ADDRESS
SERVER POOL NAME NETWORK IP EXCLUDE
ROUTER RANGE
ISP NETLUX 1.1.1.64/26 1.1.1.65-1.1.1.75 Use any IP
HQ LUXVOIP 10.0.0.0/24 10.0.0.1 10.0.0.1-10.0.0.20 address range
172.16.0.0/2 172.16.0.1- from the
BRANCH WINVOIP 172.16.0.1 correct
4 172.16.0.20
subnet
HQSW MGMT-V4 10.0.1.0/24 10.0.1.254 10.0.1.1-10.0.1.4
192.168.0.0/ 192.168.0. 192.168.0.10-
REMOTE dhcpd -
25 1 192.168.0.40
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
7
NETWORK DIAGRAM
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
L0MBA KOMPETENSI SISWA
SEKOLAH MENENGAH KEJURUAN
TINGKAT PROVINSI JAWA BARAT
SOAL
MODUL D PT TROUBLESHOOTING
(TERBUKA)
BIDANG LOMBA
IT NETWORK SYSTEM ADMIN
(IT NETWORK)
CIscoNeX company use network for connecting 3 branch in Indonesia, Malaysia and Thailand.
After recent network upgrades there was a major power outage in the area so there are many
devices that no longer work on the network. The IT-team did not have time to test the upgrades
before the power outage. The IT manager is sick at home and you have been handed minimum
documentation of the network. Please look at the Engineers notes.
INDONESIA HQ Cluster
1. All clients in the Indonesia HQ cant connect to the Internet.
2. Network of Demak cant be reached from all network in Indonesia HQ.
3. IPPhones cant have extension number.
4. Semarang VoIP & Jepara VoIP cant call each other.
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
2
ENGINEER NOTES:
INDONESIA HQ
VLAN 1 for voice traffic
EIGRP ID 100
a. RO-SEMARANG
IP Source: 2.2.2.6
Max IP phones: 20
Max directory number: 20
Directory number: 1xx
b. RO-JEPARA
IP Source: 2.2.2.14
Max IP phones: 20
Max directory number: 20
Directory number: 2xx
1. Engineer Notes:
-TH_SW1 VTP Server with domain named THBRANCH, TH_SW2 and TH_SW3 as VTP Client
-All Etherchannel mode is On
2. VLANs:
VLAN ID 100 named Manager
VLAN ID 200 named Sales
VLAN ID 300 named IT
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
3
1. Configure REMOTE-RO
2. Configure REMOTE-ASA
a. Hostname: REMOTE-ASA
b. Interfaces:
f. Configure SSH with local authentication. It should accessible from the inside and
the outside network.
g. Configure ACL named FROM-INTERNET to allow HTTP packet from the internet
to host dmz-server. Apply ACL to the outside interface.
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
4
NETWORK DIAGRAM
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
5
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017
6
Version: 1.1
LKS-JABAR_ITNSA
Date: 16.08.2017