wanderer/ak8bk_sem-proj
1
0
Fork 0
Code Issues Pull Requests Releases Activity

add corerouter,staff,intra configs (wip)

Browse Source
This commit is contained in:
surtur 2022-05-16 00:37:24 +02:00
parent d10be599cd
commit 564354cdde
Signed by: wanderer
GPG Key ID: 19CE1EC1D9E0486D
3 changed files with 230 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
corerouter.tex
View File

@ -1,9 +1,91 @@
\subsection{\texttt{Core Router}} \subsection{\texttt{Core Router}}
hostname, loginy
\begin{verbatim} \begin{verbatim}
% not much en
conf t
hostname CoreRouter
#
# enable strong and complicated password
#
enable password 123
#
# gen keys, needs a domain name
# enter 4096 when asked about bitsize
#
ip domain-name CoreRouter
crypto key generate rsa modulus 4096
#
# set strong and complicated password
#
username admin password admin
line vty 0 15
login local
transport input ssh
exit
ip ssh version 2
ip ssh authentication-retries 3
ip ssh time-out 120
exit
\end{verbatim} \end{verbatim}
\subsubsection{\texttt{DMZ}} \subsubsection{\texttt{DMZ dhcp}:}
\begin{verbatim} \begin{verbatim}
% not much # (config)
ip dhcp pool DMZ
network 192.168.100.0 255.255.255.128
default-router 192.168.100.1
exit
#
# exclude x.x.x.1-30
#
ip dhcp excluded-address 192.168.100.1 192.168.100.30
\end{verbatim}
\subsubsection{\texttt{Intranet dhcp}:}
\begin{verbatim}
# (config)
ip dhcp pool Intranet
network 192.168.255.0 255.255.255.128
default-router 192.168.255.1
exit
#
# exclude x.x.x.1-60
#
ip dhcp excluded-address 192.168.255.1 192.168.255.60
\end{verbatim}
\subsubsection{\texttt{VLAN-HOST}:}
\begin{verbatim}
# (config)
ip dhcp pool VLAN-HOST
network 10.0.10.0 255.255.254.0
default-router 10.0.10.1
exit
#
# exclude x.x.10.1-x.x.11.0
#
ip dhcp excluded-address 10.0.10.1 10.0.11.0
\end{verbatim}
\subsubsection{\texttt{DMZ DNSpublic}}
\texttt{DNSpublic} cofigure static IP:
\begin{verbatim}
# since this is an older Ubuntu box, we use ifconfig+route
ifconfig eth0 192.168.100.25 255.255.255.128
route add default gw 192.168.100.1
ifconfig eth0 up
\end{verbatim}
\subsubsection{\texttt{DMZ WEBserver}}
\texttt{WEBserver} enable dhcp on eth0:
\begin{verbatim}
# edit /etc/network/interfaces to contain the following
auto eth0
iface eth0 inet dhcp
#
# then reload the interface
#
ip link set eth0 down
ip link set eth0 up
\end{verbatim} \end{verbatim}

79
intra.tex
View File

@ -1,9 +1,84 @@
\subsection{\texttt{INTRA}} \subsection{\texttt{INTRA}}
set hostname \&\& port-sec recovery timeout
\begin{verbatim} \begin{verbatim}
% not much en
conf t
#
# set hostname to INTRA
#
hostname INTRA
#
# port-sec recovery timeout - 120s
#
errdisable recovery interval 120s
errdisable recovery cause psecure-violation
\end{verbatim}
\noindent
enable port-sec for g0/{1|2|3}
\begin{verbatim}
# continuation of the previous block, no need to "enable" and "conf t" again
interface g0/1
switchport mode access
switchport port-security maximum 2
switchport port-security violation shutdown
switchport port-security mac-address sticky
switchport port-security
#
# g0/2
#
interface g0/2
switchport mode access
switchport port-security maximum 2
switchport port-security violation shutdown
switchport port-security mac-address sticky
switchport port-security
#
# g0/3
#
interface g0/3
switchport mode access
switchport port-security maximum 2
switchport port-security violation shutdown
switchport port-security mac-address sticky
switchport port-security
\end{verbatim}
\noindent
trust arp packets from g0/0 (\texttt{STAFF})
\begin{verbatim}
en
conf t
in g0/0
no shut
ip arp inspection trust
end
#
# verify
#
show ip arp inspection interfaces g0/0
\end{verbatim} \end{verbatim}
\subsubsection{Intranet} \subsubsection{Intranet}
\texttt{INTRA} cofigure vlan
\begin{verbatim} \begin{verbatim}
% not much en
conf t
vlan 7
#
# set name
#
name Intranet
exit
#
# add ports
#
in g0/1
switchport access vlan 7
in g0/2
switchport access vlan 7
in g0/3
switchport access vlan 7
exit
\end{verbatim} \end{verbatim}

69
staff.tex
View File

@ -1,4 +1,71 @@
\subsection{\texttt{STAFF}} \subsection{\texttt{STAFF}}
set hostname \&\& port-sec recovery timeout
% port-sec recovery timeout - 120s
\begin{verbatim} \begin{verbatim}
% not much en
conf t
#
# set hostname to STAFF
#
hostname STAFF
#
# port-sec recovery timeout - 120s
#
errdisable recovery interval 120s
errdisable recovery cause psecure-violation
\end{verbatim}
\noindent
enable port-sec for g0/{1|2}
\begin{verbatim}
# no need to elevate privileges since we did that in the previous block
#
# g0/2
#
interface g0/1
switchport mode access
switchport port-security maximum 2
switchport port-security violation shutdown
switchport port-security mac-address sticky
switchport port-security
#
# g0/2
#
interface g0/2
switchport mode access
switchport port-security maximum 2
switchport port-security violation shutdown
switchport port-security mac-address sticky
switchport port-security
\end{verbatim}
\noindent
trust arp packets from g0/0 (\texttt{CoreRouter})
\begin{verbatim}
en
conf t
in g0/0
no shut
ip arp inspection trust
end
#
# verify
#
show ip arp inspection interfaces g0/0
\end{verbatim}
\noindent
trust arp packets from g0/3 (\texttt{INTRA})
\begin{verbatim}
en
conf t
in g0/3
no shut
ip arp inspection trust
end
#
# verify
#
show ip arp inspection interfaces g0/3
\end{verbatim} \end{verbatim}