LKS NASIONAL 2018 - ITNSA - MODULB - Actual

LOMBA KOMPETENSI SISWA
SEKOLAH MENENGAH KEJURUAN

TINGKAT NASIONAL XXVI 2018
MODUL B
WINDOWS & CISCO ENVIRONMENT
IT NETWORK SYSTEMS
ADMINISTRATION
LKSN2018_ITNSA_MODUL_B
Please save your configuration regularly! To avoid electrical problem.
CONTENTS
This Test Project proposal consists of the following document/file:
LKS NASIONAL 2018_ITNSA_MODULB.pdf
INTRODUCTION
The competition has a fixed start and finish time. You must decide how to best divide your
time.
Please carefully read the following instructions!
When the competition time ends, please leave your station in a running state.
PHYSICAL MACHINE (HOST)

FOLDER PATHS
Virtual Machines: D:\KOMPETISI\VM
ISO Images: D:\KOMPETISI\ISO
Password for OS Pre-Install: Skills39
2
PART I
WORK TASK INSTALLATION (JKT-DC1, JKT-DC2)
Note: Please use the default configuration if you are not given details.
WORK TASK SERVER JKT-DC1

Configure the server with the hostname, domain and IP specified in the appendix
o Install/Configure
▪ Modify the default firewall rules to allow ICMP (ping) traffic
o Active Directory
▪ Configure this server as the initial domain controller for jakarta.net
▪ Configure an ONE -WAY (Forest) trust between the domains jakarta.net and
mataram.net
- Users from jakarta.net must have access to resources from
mataram.net but not vice versa
o Users/Groups
▪ Create OUs named “Helpdesk”, “Technician”, “Manager” and “Visitor”
▪ Create the following AD groups:
- Users_Helpdesk
- Users_Technician
- Users_Manager
- Users_Visitor
- Project_Budget-R
- Project_Budget-W
- Project_Intranet-R
- Project_Intranet-W
- Project_Logistics-R
- Project_Logistics-W
NOTE: This is a required list of groups and OUs that have to be created in the domain.
If you believe that you should create additional groups to perform the task you can
create them.
▪ Create the users from the excel sheet JKT-Users.xlsx on USB Drive
- Fill up all fields in the Active Directory user object and add the users to
the corresponding Users_xx groups, Project_xx groups and OUs.
▪ Create for every user a home drive in JKT-DC2 D:\shares\users
▪ Connect the home drive automatically to drive U:
\\JKT-DC2.jakarta.net\users$\%username%
3
NOTE: if you are unable to do import all the users from the Excel file, create at least
the following users manually
Username/Login Password Groups

Test_ Helpdesk InaSkills2018 Users_Helpdesk; Users_Project; Users_Budget-R
Test_Technician InaSkills2018 Users_Technician; Users_Project; Users_Intranet-W
Test_Manager InaSkills2018 Users_Managers; Users_Project; Users_Logistics
Test_Visitor InaSkills2018 Users_Visitors
o GPO
▪ Disable “first sign in Animation” on all Windows 10 Clients
▪ Set the power settings to “never sleep” for all Windows 10 clients.
▪ Members of the “Users_Technician” group must be members of the local admin
group on all Windows 10 computers in the domain
▪ www.jakarta.net must be the default homepage in IE Explorer for all domain users
and domain administrators.
▪ Disable open network connections for all domain user, except Users_Technician
group.
▪ Redirect (Folder Redirection) only for users in the Helpdesk group “My Documents”
and the “Desktop” to JKT-DC2 -> D:\shares\redirected
- Share path \\JKT-DC2.jakarta.net\redirected\%username%
▪ Create a fine grained password policy required 7 characters non-complex password
for regular users, 8 character complex password for member of the Users_Helpdesk
group
- Disable “enforce minimum password age”
o DNS
▪ Configure DNS for jakarta.net
▪ Create a reverse zone for the 10.10.10.0/24 and 10.30.30.30/24 networks
▪ Add static records for all JKT-DC servers
▪ RDS.jakarta.net should point to the correct IP address to the RemoteApp website.
o DHCP
▪ Install and configure DHCP for the clients
▪ Mode: Load balance
▪ Partner Server: JKT-DC2
▪ State Switchover: 5 minutes
▪ Range vlan Voice : 10.30.30.100 – 10.30.30.150
▪ Range vlan Client : 10.20.20.100 – 10.20.20.150
▪ Set the appropriate scope options for both DNS Servers and default gateway
o CA
▪ Install AD CS Services
▪ Configure Enterprise Root CA – Use default key length, hash, etc. if not specified
▪ Name: JAKARTA Root CA
▪ Lifetime: 10 years
▪ Configure a template for all clients called “Skills39_JKTClients”
▪ Set the “subject name format” to Common name
▪ Auto enroll this template only to all Windows 10 clients.
▪ Create the necessary certificates for the two websites on MTR-IIS
4
o VPN Server (RRAS)

▪ Setup and configure the VPN service (RRAS)
▪ use the following IP Range for the VPN Clients: 10.10.10.120 – 10.10.10.130
▪ With a VPN connection the user should be able to access the shares on JKT-DC2 and
access web on MTR-IIS
▪ Only users in the “Users_Technician” group should be able to connect to the VPN
server
▪ Remote Clients should be able to access the VPN server via the IP address
200.151.15.11
WORK TASK SERVER JKT-DC2

o Install/Configure
▪ Modify the default firewall rules to allow ICMP (ping) traffic
o Active Directory
▪ Join to jakarta.net domain
▪ Promote this server as a DC for jakarta.net (but not a GC)
▪ Create the following two users in OU “Users”. They are necessary for the following
work tasks.
- RDS_user1
- RDS_user2
o DFS
▪ Create a Namespace with the name “dfs”
▪ Add JKT-DC1 as the second server for this Namespace
▪ Create DFS links for the department shares (Helpdesk, Technician, Managers)
▪ Create DFS Replication to implement a backup of the department shares on JKT-DC1.
The shares should be replicated like this:
- JKT-DC2: D:\shares\departments\Helpdesk -> JKT-DC1: C:\backup\Helpdesk
- JKT-DC2: D:\shares\departments\Technician -> JKT-DC1:
C:\backup\Technician
- JKT-DC2: D:\shares\departments\Manager -> JKT-DC1: C:\backup\Manager
▪ Map the department shares depending on the corresponding group
(Users_Helpdesk, Users_Technician, Users_Manager) to drive G: using the DFS
Namespace
o Quota/Screening
▪ Set the quota to every home drives to 15MB
▪ ALLOW ONLY files with the extensions .txt and .msi on the home drives. All other file
extensions are prohibited.
o DHCP
▪ Install and configure DHCP for the clients
▪ Mode: Load balance
▪ Partner Server: JKT-DC1
▪ State Switchover: 5 minutes
5
o Remote Desktop Services

▪ Install Remote Desktop Services
- Do not install RD Licensing component
▪ Configure web-access for terminal services
▪ The RDS login page should be accessible by entering the url https://rds.jakarta.net
▪ Make sure only users RDS_user1 and RDS_user2 are able to login via RDP
▪ Publish Wordpad on the web-portal of RemoteApp for the domain user “RDS_user1”
▪ Publish Calculator on the web-portal of RemoteApp for the domain users
“RDS_user2”
6
PART II
WORK TASK INSTALLATION (MTR-DC, MTR-IIS)
WORK TASK SERVER MTR-DC

o Install/Configure
▪ Modify the default Firewall rules to allow ICMP (ping) traffic
o Active Directory
▪ Already pre-configured
o DNS
▪ DNS records should point to the correct IP addresses for both www.mataram.net and
www.jakarta.net
WORK TASK SERVER MTR-IIS

o Install Windows Server 2016 (no GUI)

▪ Install Windows Server 2016 (no GUI) from ISO (D:\KOMPETISI\ISO)
o Install and configure IIS
▪ Create website www.mataram.net, should display the following contain:
▪ “Welcome to www. mataram.net”
▪ Create website www.jakarta.net, should display the following contain:
▪ “Welcome to www.jakarta.net”
▪ Both of these sites should use HTTPS using certificate approved in jakarta.net
7
PART III
WORK TASK INSTALLATION (GARUDA-RTR, GARUDA-
SW)
WORK TASK ROUTER (GARUDA-RTR) & SWITCH (GARUDA-SW)

o Use the InaSkills2018 as secret password
o Line console must login with the password InaSkills2018
o Create username admin and password InaSkills2018
o Encrypt all clear text password
o Configure banner MOTD “Authorized Access Only!”
o Configure VLAN and IP addresses
Device Interface VLAN ID Description IP Address

FastEthernet 0/0 - - 200.151.15.1/25
FastEthernet 0/1.10 10 HQ-SRV 10.10.10.1/24
FastEthernet 0/1.11 11 BR-SRV 10.11.11.1/24
o GARUDA-RTR
FastEthernet 0/1.20 20 Client 10.20.20.1/24
FastEthernet 0/1.30 30 Voice 10.30.30.1/24
FastEthernet 0/1.99 99 Management 10.99.99.1/24
FastEthernet*0/1 – 0/5 10 HQ-SRV
FastEthernet*0/6 – 0/10 11 BR-SRV
GARUDA-SW FastEthernet*0/11 – 0/15 Data: 20 Client
Voice: 30
FastEthernet*0/16 – 0/20 99 Management 10.99.99.100/24
Note: asterisk (*) means any prefix. Example: FastEthernet1/0/1
WORK TASK GARUDA-RTR

o Configure the router with the hostname GARUDA-RTR
o Enable SSHv2 for remote management
▪ Permit only 3 concurrent virtual terminal sessions
▪ Prevent non-SSH connections for remote management
▪ Set domain to jakarta.net
▪ Only allow SSH from VLAN 20 (Client)
▪ After successful login should be landed to maximum privilege level.
o Configure DHCP Relay for VLAN “Client” and VLAN “Voice” to JKT-DC1
o Configure NAT / PAT
▪ Configure Static NAT
▪ Static NAT to JKT-DC1 with IP address 200.151.15.11
▪ Configure NAT overload for VLAN client network to external interface of GARUDA-
RTR.
o Telephony Service
▪ Configure max 5 ephone and max 10 ephone-dn
▪ Number 888 is used for paging all phones of the company
▪ Configure button 2 on IP Phone to call directly to paging extension
8
o Access Control List (ACL)

▪ Deny ICMP request from outside to GARUDA-RTR external IP address
WORK TASK GARUDA-SW

o Configure the switch with the hostname GARUDA-SW
o Configure port interface vlan 99 with the IP address 10.99.99.100/24
o Configure port interface
▪ Port Fa0/24 trunk mode to GARUDA-RTR
▪ Port Fa0/1 to JKT-DC1 and DC2
▪ Port Fa0/11 to JKT-CLIENT
▪ Port Fa0/6 to MTR-DC and MTR-IIS
▪ Port Fa0/14 to IP Phone
o Configure port security maximum 3 mac address with violation shutdown for ports to JKT-
CLIENT
o In case of violation of the port security the port of the switch must recovery automatic in 30
seconds
PART IV
WORK TASK INSTALLATION (JKT-CLIENT, MTR-REMOTE,
IP PHONE)
WORK TASK CLIENT JKT-CLIENT

Configure the client with the hostname, domain and IP specified in the appendix
o Modify the default Firewall rules to allow ICMP (ping) traffic

o Join the client to the jakarta.net domain
o Use this client for all tests in the jakarta.net domain
o Use this client for testing the GPO settings
o Install and configure Cisco IP Communicator
WORK TASK CLIENT MTR-REMOTE

Configure the client with the hostname, domain and IP specified in the appendix
o Modify the default Firewall rules to allow ICMP (ping) traffic

o Connect to VPN using external IP of GARUDA-RTR
WORK TASK IP PHONE

o Connect LAN cables and configure IP addresses
o Configure with number 1004
o Make sure the VoIP is using VLAN 30 for its VoIP traffic
o The traffic of the connected computer (if any) shall use VLAN 20
9
APPENDIX
SPECIFICATION
JKT-DC1
Operating System: Windows Server 2016 (GUI)
Computer name: JKT-DC1
Domain jakarta.net
Administrator password InaSkills2018
User Name: Batik
User Password: InaSkills2018
IP Address: 10.10.10.100/24
MTR-DC
Computer name: MTR-DC
Domain mataram.net
User Name: Batik
IP Address: 10.11.11.100/24
JKT-DC2
Computer name: JKT-DC2
Domain jakarta.net
User Name: Batik
IP Address: 10.10.10.200/24
10
MTR-IIS
Operating System: Windows Server 2016 (no GUI)
Computer name: MTR-IIS
Domain mataram.net
User Name: Batik
IP Address: 10.11.11.200/24
JKT-CLIENT
Operating System Windows 10
Computer name: JKT-CLIENT
Domain jakarta.net
User Name: Batik
IP Address: DHCP
MTR-REMOTE
Operating System Windows 10
Computer name: MTR-REMOTE
User Name: Batik
IP Address: 200.151.15.10/25
NETWORK SPECIFICATION
VLANs Networks
HQ-SRV (ID: 10) 10.10.10.0/24
BR-SRV (ID: 11) 10.11.11.0/24
Client (ID: 20) 10.20.20.0/24
Voice (ID: 30) 10.30.30.0/24
11
NETWORK SPECIFICATION (PHYSICAL VIEW)
Physical View
Windows Hostmachine (PC1) Windows Hostmachine (PC2)
SYS ACT POE RPS PS
Cisco 2900 Series
Windows 10 Windows 10
VMWare Workstation 12 installed AC OK
100-240V~
6-2A
50-60 Hz
POE
I
Bridged VMWare Workstation 12 installed

Bridged Gi0/1 Gi0/0 (vmnet0)
IP Address: (vmnet1) IP Address:
DHCP 200.151.15.10/25
Name : GARUDA-RTR
IP-Address:
External :200.151.15.1/25
System Function: Fa0/1.10: 10.10.10.1/24 System Function:
- Join domain Fa0/1.11: 10.11.11.1/24 - Testing external access
- Softphone Fa0/1.20: 10.20.20.1/24 - VPN Client
Hostname : Fa0/1.30: 10.30.30.1/24 Hostname :
Ext. 1001 Fa0/1.99: 10.99.99.1/24
JKT-CLIENT MTR-REMOTE
System Function:
- Routing
- NAT
IP Address: - ACL
IP Address:
- Telephony Service
10.10.10.100/24 - DHCP Relay 10.11.11.100/24
System Function: Bridged

- Domain Controller C I S CO
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Catalyst 2960 Series PoE-24
(vmnet1) System Function:

1X 11X 13X 23X
SYST
Bridged
RPS
STAT
- DNS
1 2
DUPLX
SPEED
PoE
2X 12X 14X 24X
- Domain Controller
POWER OVER ETHERNET
MODE
Hostname : - DHCP Failover (vmnet0)

Hostname : - DNS
JKT-DC1 - CA
MTR-DC
- DFS
Name : GARUDA-SW
- RRAS VPN VLANs:
VLAN 10: HQ-SRV (10.10.10.0/24)
VLAN 11: BR-SRV (10.11.11.0/24)
IP Address: VLAN 20: Client (10.20.20.0/24) IP Address:
10.10.10.200/24 VLAN 30: Voice (10.30.30.0/24) 10.11.11.200/24
VLAN 99: Management
System Function: (10.99.99.0/24)
- Remote Desktop
Services System Function:
Hostname : System Function:
- DHCP Failover - VLAN - Web Server (IIS)
JKT-DC2 Hostname :
- DFS - SSH
- Port Security MTR-IIS
- File Services 1
/.@
2
ABC
3
DEF
4
GHI
5
JKL
6
MNO
- + 7
PQRS
8
TUV
9
WXYZ
*+
0_
#
IP Phone
Ext 1004
Version: 1.0
LKSN2018_ITNSA
Date: 22-03-2018
NETWORK SPECIFICATION (LOGICAL VIEW)

Logical View
Hostname: GARUDA-RTR
Virtual Windows Client Virtual Windows Client
IP Addresses: SYS ACT POE RPS PS
Cisco 2900 Series
Hostname : External :200.151.15.1/25

IP Address: Fa0/1.10: 10.10.10.1/24
AC OK
JKT-CLIENT
I
100-240V~
6-2A
50-60 Hz
POE
DHCP Fa0/1.11: 10.11.11.1/24 IP Address:

Fa0/1.20: 10.20.20.1/24 Gi0/0 Bridged
Gi0/1 200.151.15.10/25
Fa0/1.30: 10.30.30.1/24 (vmnet0)
Fa0/1.99: 10.99.99.1/24
System Function:
System Function : System Function: Hostname : - Testing external access
- Softphone - Routing - ACL MTR-REMOTE - VPN Client
- NAT - DHCP Relay
Ext. 1001
- Telephony Service
Bridged
(vmnet1) Name : GARUDA-SW
Virtual Windows Server (GUI) Virtual Windows Server (GUI)
VLANs:
Hostname : VLAN 10: HQ-SRV (10.10.10.0/24)
JKT-DC1 IP Address: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Catalyst 2960 Series PoE-24
VLAN 11: BR-SRV (10.11.11.0/24)

IP Address:
Bridged
C I S CO 11X 23X
1X 13X
SYST
10.11.11.100/24
RPS
STAT
1 2
DUPLX
10.10.10.100/24 VLAN 20: Client (10.20.20.0/24)

SPEED
PoE
2X 12X 14X 24X
POWER ETHERNET
(vmnet1)
OVER
MODE
VLAN 30: Voice (10.30.30.0/24)

VLAN 99: Management (10.99.99.0/24)
Bridged
System Function: (vmnet0) System Function: Hostname :
- VLAN
- Domain Controller MTR-DC
- SSH System Function:
- DNS - Port Security - Domain Controller
- DHCP Failover
- DNS
- CA
- DFS vSwitch vSwitch
- RRAS VPN
Virtual Windows Server (GUI) Virtual Windows Server (no GUI)

Hostname :
JKT-DC2 IP Address: Bridged IP Address:
10.10.10.200/24 (vmnet1) 10.11.11.200/24
Bridged
System Function: (vmnet0) System Function:
- Remote Desktop Hostname : - Web Server (IIS)
Services MTR-IIS
- DHCP Failover
- DFS
- File Services
1
/.@
2
ABC
3
DEF
4
GHI
5
JKL
6
MNO
- + 7
PQRS
8
TUV
9
WXYZ
*+
0_
#
IP Phone
PC1 PC2 Ext 1004
13

LKS NASIONAL 2018 - ITNSA - MODULB - Actual

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LKS NASIONAL 2018 - ITNSA - MODULB - Actual

Uploaded by

Copyright:

Available Formats

LOMBA KOMPETENSI SISWA

SEKOLAH MENENGAH KEJURUAN

PHYSICAL MACHINE (HOST)

Password for OS Pre-Install: Skills39

WORK TASK SERVER JKT-DC1

Username/Login Password Groups

o VPN Server (RRAS)

WORK TASK SERVER JKT-DC2

o Remote Desktop Services

WORK TASK SERVER MTR-DC

WORK TASK SERVER MTR-IIS

o Install Windows Server 2016 (no GUI)

WORK TASK ROUTER (GARUDA-RTR) & SWITCH (GARUDA-SW)

Device Interface VLAN ID Description IP Address

Note: asterisk (*) means any prefix. Example: FastEthernet1/0/1

WORK TASK GARUDA-RTR

o Access Control List (ACL)

WORK TASK GARUDA-SW

WORK TASK CLIENT JKT-CLIENT

o Modify the default Firewall rules to allow ICMP (ping) traffic

WORK TASK CLIENT MTR-REMOTE

o Modify the default Firewall rules to allow ICMP (ping) traffic

WORK TASK IP PHONE

Bridged VMWare Workstation 12 installed

System Function: Bridged

(vmnet1) System Function:

Hostname : - DHCP Failover (vmnet0)

NETWORK SPECIFICATION (LOGICAL VIEW)

Hostname : External :200.151.15.1/25

DHCP Fa0/1.11: 10.11.11.1/24 IP Address:

VLAN 11: BR-SRV (10.11.11.0/24)

10.10.10.100/24 VLAN 20: Client (10.20.20.0/24)

VLAN 30: Voice (10.30.30.0/24)

Virtual Windows Server (GUI) Virtual Windows Server (no GUI)

You might also like