<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Design, configure and operate the IT infrastructure for a SMB (or a startup group) - Part 2

0 Points
67 Views
Last Modified:
In this article, we will configure the network devices (Firewall Sophos and Cisco switches). The simulation will be done on Vmware Workstation and Packet tracer/GNS3

First of all is the diagram that I built on Packet Tracer. It is quite similar like the one we discussed in the first part of an article. Today we will focus on Cisco switches and a Sophos XG Firewall.




1. Cisco Switches

These are the commands which are needed and their purposes on CORE, SERVER and LAN switches:


Descriptions of command CORE switch SERVER switch LAN/User Switch
Rename the default value to desired name
conf terminal
hostname CORE-SW

conf terminal
hostname SERVER-SW
conf terminal
hostname LAN-SW
Configure trunking interfaces
interface range GigabitEthernet0/1 - 2
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk

interface GigabitEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
interface GigabitEthernet0/2
switchport trunk native vlan 99
switchport mode trunk
Configure VTP
conf terminal
vtp domain smb.net
vtp version 2
vtp password cisco
vtp mode server

conf terminal
vtp domain smb.net
vtp version 2
vtp password cisco
vtp mode client
conf terminal
vtp domain smb.net
vtp version 2
vtp password cisco
vtp mode client
Configure VLAN
conf terminal
vlan 10
name FARM1
name FARM2
vlan 100
name FARM1
vlan 100
name LAN1
vlan 200
name LAN2
vlan 99
name Management


Configure VLAN interface and interface to Firewall on (Core); VLAN and   accecss interface on Server, LAN switches
Conf terminal
Interface vlan 99
Ip address 192.168.99.1 255.255.255.0

Interface vlan 10
Ip address 10.0.0.254 255.255.255.0

Interface vlan 172
Ip address 172.16.0.254 255.255.255.0

Interface vlan 100
Ip address 192.168.100.254 255.255.255.0

Interface vlan 200
Ip address 192.168.200.254 255.255.255.0

interface FastEthernet0/1
no switchport
IP address 172.16.18.2 255.255.255.252 

Conf terminal
Interface vlan 99
Ip address 192.168.99.2 255.255.255.0

int range f0/1 - 3
switchport mode access
switchport access vlan 10

int range f0/11 - 12
switchport mode access
switchport access vlan 172

Conf terminal
Interface vlan 99
Ip address 192.168.99.3 255.255.255.0

int f0/1
switchport mode access
switchport access vlan 100

int range f0/2 - 3
switchport mode access
switchport access vlan 200

Configure DHCP pools for LAN network
ip dhcp pool VLAN100
network 192.168.100.0 255.255.255.0
default-router 192.168.100.254
dns-server 8.8.8.8

ip dhcp pool VLAN200
network 192.168.200.0 255.255.255.0
default-router 192.168.200.254
dns-server 8.8.8.8



Configure static routing
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1




Above commands are all we need to get all devices connected. After that, we should test the connection and DHCP process, to make sure that the PCs in LAN area can get correct IP addresses and they can ping to Servers.

- Test DHCP on LAN’s PC: OK


- Test ping and traceroute from LAN’s PC to Server farms and exit interface of Core switch: OK


* Configure security features on Cisco switches:

To secure the configuration mode

conf t

enable secret <your_secret_password>


To  enable, configure the SSH access

conf t

ip domain-name smb.net

aaa-new model

username cisco secret <another_secret>

crypto key generate rsa

ip ssh time-out 60

ip ssh authentication-retries 3

ip ssh version 2


line vty 0 4

no transport input

transport input ssh



2. Sophos Firewall

System requirements

- CPU 64 bit 2 core

- RAM 2-6GB (Home version can only utilized maximum 6GB RAM)

- at least 2 NIC


The process of installation is very simple, just need to follow the instructions to finish



Then you can configure the network interfaces (1) here:


Setup the port 3 (g0/1 interface in picture):


Doing the same with WAN inferface (g0/0 in the picture).


After that we can access the Firewall via: https://172.16.18.1:4444, the default username/password is admin/admin, then we can start configuring routing:


We can check all the networks in routing table of Core switch:


Adding route in Configure -> Routing and Save


After all, the routing table should be like this:


By default, it has the Allow all rule at the bottom of Firewall, so you just need to add more rules on top of it:


That was all fundamental steps to get the Firewall works. You can add more rules in Firewall settings as I did in above pictures.


That is the end of part 2, in the next post we will configure the Mail Server (iRedMail).  

I hope you found this article helpful. Part 3 of this series of articles will soon be available. 

I invite you to ask any questions and leave any comments you may have below. 

Cheers ^^


 


0
Comment
Author:DP230
0 Comments

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Join & Write a Comment

There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month