PERTANDINGAN WORLDSKILLS MALAYSIA

KATEGORI BELIA (WSMB) TAHUN 2023

KATEGORI PENGAJAR (WSMP) TAHUN 2023

(IT NETWORK SYSTEM ADMINISTRATION)

PERINGKAT AKHIR

MASA : 18 JAM

NAMA:

No. KP:

JABATAN PEMBANGUNAN KEMAHIRAN

KEMENTERIAN SUMBER MANUSIA
Contents

Contents ....................................................................................................................................................................... 2
Introduction to Test Project ............................................................................................... Error! Bookmark not defined.
Introduction ................................................................................................................................................................. 4
Description of project and tasks .................................................................................................................................... 4
Basic Configuration ....................................................................................................................................................... 5
Part 1: General configurations ...................................................................................................................................... 5
General .............................................................................................................................................................. 5
00-ge-facts.yml .................................................................................................................................................. 5
01-ge-hostname.yml .......................................................................................................................................... 5
02-ge-ipaddress.yml........................................................................................................................................... 6
03-ge-bgp.yml .................................................................................................................................................... 6
04-ge-vpn.yml .................................................................................................................................................... 6
05-ge-ospf.yml ................................................................................................................................................... 6
06-ge-nat.yml..................................................................................................................................................... 6
07-ge-backup.yml .............................................................................................................................................. 6
Part 2: HQ configurations ............................................................................................................................................. 7
General .............................................................................................................................................................. 7
01-hq-etherchannel.yml .................................................................................................................................... 7
02-hq-vtp.yml .................................................................................................................................................... 7
03-hq-switching.yml .......................................................................................................................................... 7
04-hq-fhrp.yml ................................................................................................................................................... 8
05-hq-adds.yml .................................................................................................................................................. 8
06-hq-cert.yml .....................................................................................................Error! Bookmark not defined.
07-hq-dns.yml .................................................................................................................................................... 8
08-hq-files.yml ................................................................................................................................................... 8
09-hq-users.yml ................................................................................................................................................. 8
10-hq-dhcp.yml .................................................................................................................................................. 9
Part 3: BRANCH configurations ................................................................................................................................... 10
General ............................................................................................................................................................ 10
01-br-fw.yml .................................................................................................................................................... 10
02-br-dns.yml................................................................................................................................................... 10
03-br-ldap-server.yml ...................................................................................................................................... 11
04-br-ldap-client.yml ....................................................................................................................................... 11
05-br-web.yml ................................................................................................................................................. 11
06-br-mail.yml.................................................................................................................................................. 11
07-br-ftp.yml .................................................................................................................................................... 11

[2]
 08-br-ha.yml .................................................................................................................................................... 11
09-br-dhcp.yml ................................................................................................................................................ 11
Part 4: INET configurations ......................................................................................................................................... 12
DNS Service ...................................................................................................................................................... 12
Certificate Authority ........................................................................................................................................ 12
E-Mail service ................................................................................................................................................... 12
Web Server ...................................................................................................................................................... 12
Part 5: API................................................................................................................................................................... 13
Endpoint /network/stats (GET) ........................................................................................................................ 13
Endpoint /network/routes (GET) ..................................................................................................................... 14
Network Address Table .............................................................................................................................................. 15
Management Network Address Table ........................................................................................................................ 16
Network Topology ...................................................................................................................................................... 17

[3]
 Introduction
This Test Project consists of the following documentation/files:

• ITNSA-FINAL-WSMB-WSMP-2023.pdf
• debian-12.1.0-amd64-DLBD-1.iso
• Visual Studio Code 1.78.2
• VMWare Workstation 17.0.0 build-20800274
• hosts
• users.csv
• users.json

The competition has a fixed start and finish time. You must decide how to best divide
your time. Please carefully read the following instructions!

When the competition time ends, all machines except the Management PC will be refreshed and
reconfigured during the assessment. The assessment will be done based on two parts, one based on the
manual configurations done, and another one will be on all of the configuration from the Management PC
alone. Make sure all of the config could be pushed from Management PC.

Set all user password and credential with Skills39 unless being specifically stated with password.

Description of project and tasks

You will be migrating VMs to Infrastructure as Code (IaC) and simplify the process of creating new services.

Login for all VMs and Devices:

Username Linux: root / itnsa
Username Windows: Administrator / itnsa
Username Cisco: itnsa

Password: Skills39

All VMs and devices are connected to the management network (10.22.0.0/24) and have a statically
configured IP address. The management network will be used for configuring the different hosts. You can login
using username and password over SSH or WinRM.
You may install any additionally required packages and features on the VMs. The ISO for Debian is included.

[4]
Basic Configuration
1. Install and setup Ansible to configure every single hosts in the topology. There is a preconfigured hosts file given
that contains the information of every host. DO NOT CHANGE THIS FILE.
2. Create a folder at /data/ansible for the tasks configuration. All playbooks should be on the respective root of the
directory specified in each task. Feel free to add or create any file/folder for running the playbook.
3. For marking, all playbooks will be run in order from each part’s respective directory using the command “ansible-
playbook playbookname.yml”
4. All tasks should have state of “ok” or “skipped” even after running for more than one time

Part 1: General configurations

Use Ansible to configure the all from HOST VM. There is a preconfigured hosts file located under
/etc/ansible/hosts. Do not change this file. For marking, the manual configuration will be tested, then all
VMs will be reset to original state and the VMs will be randomly removed and added to different groups in
the hosts file. then all playbooks will be run in order using the command “ansible-playbook
playbookname.yml” in the /data/ansible/general directory. Variables like “hostname” and “webcolor” in
/etc/ansible/hosts are subject to change for marking.
You can connect the Debian 12.1 DLBD ISO to the VMs.

General
● Create a directory /data/ansible/general
o All playbooks should be located at the root of this directory
o You are free to create folders/files in this directory for running the playbooks
o All tasks should have state “ok” or “skipped” after running the playbooks a second time

00-ge-facts.yml
 Create a playbook called 00-ge-facts.yml to test the connectivity of devices on all sites.
o Configure to test connection to all hosts in the topology (ping, ios_facts, win_ping)

01.1-ge-lin-hostname.yml
 Create a playbook called 01.1-ge-lin-hostname.yml for configuring Linux hostname and domain name.
o All hosts should receive the hostname based on the “hostname” variable included in the hosts file.
o All Linux devices on the BRANCH should have the domain name of wsmb.my

01.2-ge-win-hostname.yml
 Create a playbook called 01.2-ge-win-hostname.yml for configuring Windows hostname.
o All hosts should receive the hostname based on the “hostname” variable include in the hosts file.

01.3-ge-net-hostname.yml
 Create a playbook called 01.3-ge-net-hostname.yml for configuring Cisco hostname and domain name.
o All hosts should receive the hostname based on the ‘hostname’ variable include in the hosts file.
o Devices on the BRANCH should have the domain name of wsmb.my, based on ‘domain’ variable
o Devices on the HQ should have the domain name of itnsa.my, based on ‘domain’ variable
o Devices on the PUBLIC should have the domain name of internet.com, based on ‘domain’ variable

[5]
02.1-ge-lin-ipaddress.yml
 Create a playbook called 02.1-ge-lin-ipaddress.yml for configuring IP address
o Configure IP address for Linux hosts based on the IP address table.
o Configure primary DNS server address.
o DO NOT modify the Management network interface.

02.2-ge-win-ipaddress.yml
 Create a playbook called 02.2-ge-win-ipaddress.yml for configuring IP address
o Configure IP address for Windows hosts based on the IP address table.
o Configure primary and secondary DNS server address.
o DO NOT modify the Management network interface.

02.3-ge-net-ipaddress.yml
 Create a playbook called 02.3-ge-net-ipaddress.yml for configuring IP address
o Configure IP address for Cisco hosts based on the IP address table.
o DO NOT modify the Management network interface.

03-ge-bgp.yml
 Create a playbook called 03-ge-bgp.yml for configuring routing using BGP
o Configure BGP between routers based on the routing table given.
 Do not advertise management network.
 Protect BGP link with MD5 authentication using password “Skills39”

04-ge-vpn.yml
 Create a playbook called 04-ge-vpn.yml for configuring DMVPN between BRANCH and HQ.
o Configure DMVPN with HQ-RTR2 as the hub to allow internal BRANCH communicate with HQ network.
o Use the subnet 10.1.1.0/24 for the Tunnel interface, based on “tun_addr” variable from the hosts file.
o Use IKEv2 to secure traffic between links.
 Use pre-shared key of “Skills39”. Use any parameter to configure

05-ge-ospf.yml
 Create a playbook called 05-ge-ospf.yml for configuring routing using OSPF.
o Configure OSPF for internal network including the FW Linux device (frroutting)
 Configure OSPF area based on the routing figure below, with BGP distributed in OSPF
 Make sure to enable packet forwarding for Linux
 Make sure OSPF is only advertised on the relevant interfaces.
 Do not advertise management network.

06-ge-nat.yml
 Create a playbook called 06-ge-nat.yml to configure NAT
o Allow internal network communicate with external network using the interface IP address.
o Map the IP address of the FW statically to 202.188.1.10.
o Services for HQ should be NATted through the IP of 202.188.2.100 and 202.188.2.200.
o Serices for BRANCH should be NATted through the IP of 202.188.1.100
o Make sure only the required services are accessed through NAT

07-ge-backup.yml
 Create a playbook called 07-ge-backup.yml to save and backup all of the configurations of network devices.
o Create a folder at /backup and configure writable TFTP server to the directory on MGMT manually.
o Configure automatic config backup with the filename of the hostname + time and the ".save" extension.
o Make sure every network device configuration is saved when the command “write memory” is executed.
[6]
Part 2: HQ configurations
Use Ansible to configure the all from HOST VM. There is a preconfigured hosts file located under
/etc/ansible/hosts. Do not change this file. For marking, the manual configuration will be tested, then all
VMs will be reset to original state and the VMs will be randomly removed and added to different groups in
the hosts file. then all playbooks will be run in order using the command “ansible-playbook
playbookname.yml” in the /data/ansible/hq directory. Variables like “hostname” and “webcolor” in
/etc/ansible/hosts are subject to change for marking.
You can connect the Debian 12.0 DLBD ISO to the VMs.

General
● Create a directory /data/ansible/hq
o All playbooks should be located at the root of this directory
o You are free to create folders/files in this directory for running the playbooks
o All tasks should have state “ok” or “skipped” after running the playbooks a second time
o Ansible username and password are encrypted using the /etc/ansible/.vault_pass file and are automatically
decrypted when running the playbooks

01-hq-etherchannel.yml
 Create a playbook called 01-hq-etherchannel.yml for configuring EtherChannel.
o Use following port-channel numbers:
 1 – between switches DSW1 and DSW2
 2 – between switches DSW1 and ASW1
 3 – between switches DSW2 and ASW2
o The aggregated channel between DSW1 and DSW2 use a standard protocol for dynamic negotiation.
o The aggregated channel between DSW and ASW use Cisco proprietary protocol for dynamic negotiation.
o Ensure the link between DSW1 and DSW2 are operated with Layer 3 functionality.
o DSW should initiate negotiation and all the ASW should respond but don’t initiate
o DSW1 should initiate negotiation and DSW2 should respond but don’t initiate.
o Configure the load balancing and forwarding method with source and destination MAC address.

02-hq-vtp.yml
 Create a playbook called 02-hq-vtp.yml for configuring the VTP
o Select the first host in the switches list as VTP Server. The others switch will be the VTP Client

VTP Domain Follow the hostname domain VLAN10 NAME: SRV

VTP Password Skills39 VLAN20 NAME: LAN

VTP Version 3 VLAN99 NAME: MGMT

03-hq-switching.yml
 Create a playbook called 03-hq-switching.yml for switching services.
o Configure all links between switches as trunk port.
 Do not use dynamic negotiation protocol.
 Configure manual pruning so that only created VLANs are allowed forwarding.
o Spanning tree configuration using Multiple Spanning Tree (MST).
 Configure the MST two instances: Instance 1 (VLAN10, VLAN99), Instance 2 (VLAN20).
 First host in the switches list based on the hosts file should be root bridge for MST 1. If the switch
goes down, the second switch should take over as the root bridge.
 Second host in the switches list based on the hosts file should be root bridge for MST 2. If the switch
goes down, the first switch should take over as the root bridge.
 Configure port of end devices so that it immediately begins forwarding when connected, and
prevent any switches to affect the topology of the spanning tree.

[7]
04-hq-fhrp.yml
 Create a playbook called 04-hq-fhrp.yml for the default gateway for HQ devices.
o Use Hot Standby Router Protocol v2 for VLAN 10.
 DSW1 should be used as default gateway.
 Use 10 as group number with 192.168.10.254 as virtual IPv4 address.
o Use a Hot Standby Router Protocol v2 for VLAN 20.
 DSW2 should be used as default gateway.
 Use 20 as group number of with 192.168.20.254 as virtual IPv4 address.
o Make sure all of the VIP is held by the available highest priority interface

05-hq-adds.yml
 Create a playbook called 05-hq-adds.yml for installation of Active Directory Domain Services.
o Configure WIN1 as primary domain controller for the domain itnsa.my
o Configure WIN2 as the secondary domain controller (No Global Catalogue).
o Use itnsa.my as domain name and “Skills39” as safe password.

06-hq-domain.yml
 Create a playbook called 06-hq-domain.yml for joining domain
o Make sure all other Windows device also join the domain.

07.1-hq-dns.yml
 Create a playbook called 07.1-hq-dns.yml for configuring DNS server.
o Configure the DNS as authoritative server for the domain itnsa.my on WIN1 and WIN2.
 DNS server should contain A record of all of the devices in HQ network, and appropriate CNAME.
 Create conditional forwarder for wsmb.my to Linux server.
 Create root hints to INET DNS server.

07.2-hq-dns.yml
 Create a playbook called 07.2-hq-dns.yml for configuring DNS server.
o Configure the DNS split brain for the domain itnsa.my on WIN1 and WIN2
 DNS server should contain external A and CNAME record for necessary services.

08-hq-files.yml
 Create a playbook called 08-hq-files.yml for configuring file sharing
o Configure the RAID 5 for the disk in WIN4. The three 1G disk is should be installed on the VM.
 Format the disks as NTFS and mount the drive as V:\
o Configure the file share of homes folder on WIN4
 Create a directory with the local path of V:\homes and share the folder.

09-hq-users.yml
 Create a playbook called 09-hq-users.yml for configuring Active Directory Users.
o For each user in users.json file.
 Create an AD user based on “name”, “username”, “password” and “description” attribute
 Set the OU of the user tos be the same as the “username” variable
 All users have to use “\\HQ-FILE\homes\%username%” as their home drive. Use H:\ as drive letter.

[8]
10-hq-dhcp.yml
 Create a playbook called 10-hq-dhcp.yml for configuring DHCP.
o Install and configure DHCP service on DSW2
o Use IP assignment range of 192.168.20.100 - 200 and set appropriate value for other scope options

11-hq-web.yml
 Create a playbook called 11-hq-web.yml for configuring the web server.
o Use any appropriate service for this task in WIN3 and WIN4
o Make sure the webpages are secured with TLS/SSL certificated generated from Root-CA
 The website on WIN3 with URL of https://www1.itnsa.my showing the hostname of server.
 The website on WIN4 with URL of https://www2.itnsa.my showing the hostname of server.
o Both of the website should be reachable also from the public internet.

[9]
Part 3: BRANCH configurations
Use Ansible to configure the all from HOST VM. There is a preconfigured hosts file located under
/etc/ansible/hosts. Do not change this file. For marking, the manual configuration will be tested, then all
VMs will be reset to original state and the VMs will be randomly removed and added to different groups in
the hosts file. then all playbooks will be run in order using the command “ansible-playbook
playbookname.yml” in the /data/ansible/hq directory. Variables like “hostname” and “webcolor” in
/etc/ansible/hosts are subject to change for marking.
You can connect the Debian 12.1 DLBD ISO to the VMs.

General
● Create a directory /data/ansible/branch
o All playbooks should be located at the root of this directory
o You are free to create folders/files in this directory for running the playbooks
o All tasks should have state “ok” or “skipped” after running the playbooks a second time

01-br-fw.yml
 Create a playbook called 01-br-fw.yml for configuring the firewall with iptables.
o Enable forwarding on this server to make this server act as a router.
o Configure stateful firewall to control the flow of traffic using IPTables
 All traffic should be blocked by default.
 Allow explicitly the traffic from Management network (10.22.0.0/24).
 ICMP traffic should be allowed by default
 Traffic originating from 192.168.0.0/16 and 172.16.10.0/24 should be allowed.
 Traffic originating from other subnet should only be allowed based on the services configured.
 Rules should be countered and the dropped traffic should be logged with the prefix “[IPTables]”
 Make sure the rules in iptables persist across reboot.

02.1-br-int-dns.yml
 Create a playbook called 02.1-br-int-dns.yml for configuring DNS server
o Install and configure the LIN2 as authoritative server for the internal wsmb.my
 DNS server should contain A record of all of the devices in BRANCH network.
 Create appropriate PTR records
 Create conditional forwarder with itnsa.my.
 Create CNAME for record for www, ftp, intranet, ldap.
 Create MX record.
 Create root hints to INET DNS server.

[10]
02.2-br-ext-dns.yml
 Create a playbook called 02.2-br-ext-dns.yml for configuring DNS server
o Install and configure the LIN3 as authoritative server for the external wsmb.my
 DNS server should contain A and CNAME record for external access.
 Create MX records

03-br-ldap-server.yml
 Create a playbook called 03-br-ldap-server.yml for configuring LDAP server.
o Install and configure LDAP server on LIN4
o Import users from users.csv

04-br-ldap-client.yml
 Create a playbook called 04-br-ldap-client.yml for configuring LDAP clients.
o Install and configure LDAP clients on all Linux servers
 Make sure that all Linux servers can login using the username and password via LDAP

05-br-web.yml
 Create a playbook called 05-br-web.yml for configuring the web server.
o Use any appropriate service for this task in LIN2 and LIN3
o The local website http://www.wsmb.my and show the text with the message based on “webmessage”
included in the hosts file.
o Create another internal-only site http://intranet.wsmb2023.net with the following content. Make sure
the text is coloured based on the “webcolor” variable included.
 “<h1 style=”color: webcolor;”><center>Welcome to intranet of this website</center></h1>”
 When clients access this page, there should be authentication based on LDAP users.

06-br-mail.yml
 Create a playbook called 06-br-mail.yml for configuring the mail service
o Configure SMTPS and IMAPS service support SSL/TLS in LIN4
o Use certificate generated by Root-CA.
o All users should be able to freely exchange emails using Mail service.

07-br-ftp.yml
 Create a playbook called 06-br-ftp.yml for configuring the ftp service.
o Install and configure vsftpd in LIN4
o Make sure the users are jailed in their respective home directory
o Use certificate generated by Root-CA.

08-br-ha.yml
 Create a playbook called 06-br-ftp.yml for configuring the High Availability service
o Install and configure HAProxy to use as load balance and TLS Termination proxy on LIN1
o Use certificate generated by Root-CA.
o Load balance “https://www.wsmb.my” between all available web servers using round robin
o Load balance “https://intranet.wsmb.my” between all available web servers using round robin
o Add Header “x-haproxy-host” with the hostname of current HAProxy host

09-br-dhcp.yml
 Create a playbook called 10-br-dhcp.yml for configuring DHCP.
o Install and configure DHCP service on LIN1
o Use IP assignment range of 172.16.10.100 - 200 and set appropriate value for other scope options

[11]
Part 4: INET configurations
Use manual configuration for the HOST VMs on the INTERNET network. When the competition time ends,
please leave your station in a running state. The assessment will be done in the state as it is. No reboot will
be initiated as well as powered off machines will not be powered on
You can connect the Debian 12.0 DLBD ISO to the VM.

DNS Service
 Install and configure name server for internet.com domain.
o DNS server should contain A record of devices on the INTERNET network.
o Create CNAME for required records.
o Create MX record.
 Configure name server for Microsoft NCSI
 Configure forwarders for itnsa.my and wsmb.my domains.

Certificate Authority
 Configure Root Certificate Authority.
o Subject Name is “C=MY, O=Worldskills Malaysia, CN=Root-CA”
o Use “/etc/ssl/CA” as CA directory.
o Configure CDP. URL is “http://cert.internet.com/Root-CA.crl”.
o Configure AIA. URL is “http://cert.internet.com/Root-CA.crt”.

E-Mail service
 Configure SMTPS and IMAPS service support SSL/TLS
 Use certificate generated by ROOT-CA.
 Add user “internet” to be able to freely exchange emails using Mail service.

Web Server
 Configure web server for Microsoft NCSI
 Configure http://www.internet.com site with the following content
o “<h1><center>Welcome to the internet</center></h1>”

Certificates
 Configure Certificates for SSL/TLS certificates services
o Create folder /cert
o Create 3 certificate keypair, internet.*, wsmb.* and itnsa.*
o Make sure the x509 subjectAltName and CN is based on wildcard domain.
o All services using SSL should use the certificates created by Root-CA

DHCP
 Install and configure DHCP for dynamic IP address assignment (isc-dhcp-server).
o Use IP assignment range of 203.121.2.50 - 100 and set appropriate value for other scope options.
o Make sure the DNS is updated when client obtains IP address from the DHCP server/

[12]
Part 5: API
Create a Python API for querying data about the infrastructure. The API should be hosted on the INET HOST
and all API files should be located under /data/api. You are free to use any modules or framework which
are available on the Debian ISOs.
 The API should be listening to HTTPS on port 443.
o Make sure, that your API is reachable under https://api.internet.com
o Use certificate generated by ROOT-CA.
 Create a systemd service called “wsmb-api”
o The service should start on boot
o The API should be controllable using the “start, restart, stop” systemd commands.
 Endpoints general
o Make sure, that the API returns information about the content format

Endpoint /network/stats (GET)

 This endpoint should return statistics of all active (up) interfaces from the cisco network devices in
JSON format
 Query the data from the routers using RESTCONF (use unicast packets for pkts-in/pkts-out)
{
"devices": [{
"hostname": "X",
"management_ip": "XXX.XXX.XXX",
"ios_version": "XX.XX",
"interfaces": [
{
"name": "GigabitEthernet1",
"mac": "XX:XX:XX:XX:XX:XX",
"ip": "XXX.XXX.XXX.XXX",
"pkts-in": "XX",
"pkts-out": "XX"
},
{
"name": "Loopback0",
"mac": "XX:XX:XX:XX:XX:XX",
"ip": "XXX.XXX.XXX.XXX",
"pkts-in": "XX",
"pkts-out": "XX"
}, ....
]
}
}
 If no device has been found, the API should return HTTP not found error

[13]
Endpoint /network/routes (GET)
 This endpoint should return the routing table of all cisco network devices in JSON format.
 Query the data from the routers using RESTCONF
{
"devices": [{
"management_ip": "XXX.XXX.XXX.XXX",
"routes": [
{
"subnet": "XXX.XXX.XXX.XXX/XX",
"type": "<bgp / eigrp / ospf / local / connected>",
"ad": "X",
"next-hop": "XXX.XXX.XXX.XXX",
"interface": "X"
},
{
"subnet": "XXX.XXX.XXX.XXX/XX",
"type": "<bgp / eigrp / ospf / local / connected>",
"ad": "X",
"next-hop": "XXX.XXX.XXX.XXX",
"interface": "X"
}, ....
]
}
 If no device has been found, the API should return HTTP not found error

[14]
Network Address Table
Device Operating System IP Address
DMZSRV1 Debian Linux 12.0 (CUI) BRANCH – DMZ 172.16.20.10/24
DMZSRV2 Debian Linux 12.0 (CUI) BRANCH – DMZ 172.16.20.20/24
INTSRV Debian Linux 12.0 (CUI) BRANCH – INTERNAL 172.16.10.10/24
BRANCH – INTERNAL 172.16.10.254/24
FW Debian Linux 12.0 (CUI) BRANCH – DMZ 172.16.20.254/24
BRANCH – EDGE 172.16.99.1/30
BRANCH – EDGE 172.16.99.2/30
BRANCH-RTR Cisco iOS Router PUBLIC NETWORK 202.188.1.254/24
Loopback 100 4.4.4.4/32
INET Debian Linux 12.0 (CUI) INET NETWORK 203.121.2.10/24
PUBLIC NETWORK 202.188.1.1/24
PUBLIC NETWORK 202.188.2.1/25
ISP Cisco iOS CSR Router PUBLIC NETWORK 202.188.2.129/25
INET NETWORK 203.121.2.254/24
Loopback 100 1.1.1.1/32
PUBLIC NETWORK 202.188.2.126/25
HQ-RTR1 Cisco iOS Router HQ – EDGE 192.168.99.1/30
Loopback 100 2.2.2.2/32
PUBLIC NETWORK 202.188.2.254/25
HQ-RTR2 Cisco iOS Router HQ – EDGE 192.168.99.5/30
Loopback 100 3.3.3.3/32
HQ – EDGE 192.168.99.2/30
HQ – VLAN 10 192.168.10.251/24
HQ-DSW1 Cisco Layer 3 Switch HQ – DSW1-DSW2 192.168.99.9/30
HQ – VLAN 20 192.168.20.251/24
HQ – VLAN 99 192.168.99.129/25
HQ – EDGE 192.168.99.6/30
HQ – DSW1-DSW2 192.168.99.10/30
HQ-DSW2 Cisco Layer 3 Switch HQ – VLAN 10 192.168.10.252/24
HQ – VLAN 20 192.168.20.252/24
HQ – VLAN 99 192.168.99.130/25
HQ-ASW1 Cisco Layer 2 Switch HQ – VLAN 99 192.168.99.131/25
HQ-ASW2 Cisco Layer 2 Switch HQ – VLAN 99 192.168.99.132/25
HQ-DC1 Windows Server 2019 (GUI) HQ – VLAN 10 192.168.10.10/24
HQ-DC2 Windows Server 2019 (CORE) HQ – VLAN 10 192.168.10.20/24
HQ-CORE Windows Server 2019 (CORE) HQ – VLAN 20 192.168.10.30/24
HQ-FILE Windows Server 2019 (CORE) HQ – VLAN 20 192.168.10.40/24
[15]
Management Network Address Table
Device Hosts Name Address

HOST Host PC 10.22.0.1

EVE-NG EVE-NG 10.22.0.10
INET INET 10.22.0.105
MGMT Management PC 10.22.0.50
FW LIN1 10.22.0.101
DMZSRV1 LIN2 10.22.0.102
DMZSRV2 LIN3 10.22.0.103
INTSRV LIN4 10.22.0.104
HQ-DC1 WIN1 10.22.0.151
HQ-DC2 WIN2 10.22.0.152
HQ-CORE WIN3 10.22.0.153
HQ-FILE WIN4 10.22.0.154
BRANCH-RTR RTR1 10.22.0.201
ISP RTR2 10.22.0.202
HQ-RTR1 RTR3 10.22.0.203

HQ-RTR2 RTR4 10.22.0.204

HQ-DSW1 DSW1 10.22.0.205

HQ-DSW2 DSW2 10.22.0.206

HQ-ASW1 ASW1 10.22.0.207

HQ-ASW2 ASW2 10.22.0.208

[16]
Physical Topology

[17]
Management Topology

[18]
Network Topology

[19]
Routing Topology

[20]