ISP

int g0/0
ip add 3.0.180.254 255.255.255.0
no sh
int g1/0
ip add 3.0.190.254 255.255.255.0
no sh
int g2/0
ip add 13.228.27.254 255.255.255.0
no sh
int g3/0
ip add 13.229.28.254 255.255.255.0
no sh
int lo0
ip add 1.1.1.1 255.255.255.255

WST-1
int g0/0
ip add 3.0.180.201 255.255.255.0
no sh
int g1/0
ip add 10.0.0.254 255.255.255.0
no sh

WST-2
int g1/0
ip add 3.0.190.202 255.255.255.0
no sh

EST-1
int g0/0
ip add 11.11.11.2 255.255.252
no sh
int g1/0
ip add 12.12.12.2 255.255.255.252
no sh
int g2/0
ip add 13.228.27.200 255.255.255.0
no sh

EST-2
int g0/0
ip add 11.11.11.6 255.255.255.252
no sh
int g1/0
ip add 12.12.12.6 255.255.255.252
no sh
int g3/0
ip add 13.229.28.200 255.255.255.0
no sh

L3SW-1
int f0/1
no sw
ip add 11.11.11.1 255.255.255.252
no sh
int f0/7
no sw
ip add 12.12.12.5 255.255.255.252
no sh
int vlan 10
ip add 192.168.10.253 255.255.255.0
int vlan 20
ip add 192.168.20.253 255.255.255.0

L3SW-2
int f0/1
no sw
ip add 11.11.11.5 255.255.255.252
no sh
int f0/7
no sw
ip add 12.12.12.1 255.255.255.252
no sh
int vlan 10
ip add 192.168.10.252 255.255.255.0
int vlan 20
ip add 192.168.20.252 255.255.255.0

L2SW-1
int vlan 10
ip add 192.168.10.200 255.255.255.0

L2SW-2
int vlan 10
ip add 192.168.10.201 255.255.255.0

en
conf t
no ip domain-lookup
line console 0
exec-timeout 0 0

ip domain name lks2024.id

enable password Skill39
clock timezone GMT+7 7
hostname

ON L3SW-1
ip routing
int r f0/2- f0/3
channel-group 1 mode on
int r f0/4- f0/5
channel-group 2 mode desirable
port-channel load-balance src-dst-mac

ON L3SW-2
ip routing
int r f0/2- f0/3
channel-group 1 mode on
int r f0/4- f0/5
channel-group 3 mode active
port-channel load-balance src-dst-mac

ON L2SW-1
int r f0/4- f0/5
channel-group 2 mode auto
port-channel load-balance src-dst-mac
ON L2SW-2
int r f0/4- f0/5
channel-group 3 mode passive
port-channel load-balance src-dst-mac

ON L3SW-1
int po1
switchport trunk encapsulation dot1q
switchport mode trunk
int po2
switchport trunk encapsulation dot1q
switchport mode trunk
int f0/6
switchport trunk encapsulation dot1q
switchport mode trunk

ON L3SW-2
int po1
switchport trunk encapsulation dot1q
switchport mode trunk
int po3
switchport trunk encapsulation dot1q
switchport mode trunk
int f0/6
switchport trunk encapsulation dot1q
switchport mode trunk

ON L2SW-1
int po1
switchport mode trunk
int f0/6
switchport mode trunk

ON L2SW-2
int po3
switchport mode trunk
int f0/2
switchport mode trunk

ON L3SW-1
vtp version 2
vtp domain lks2024.id
vtp password Skill39
vtp mode server
vlan 10
name SRV
vlan 20
name CLI

Another SW
vtp version 2
vtp mode client
vtp domain lks2024.id
vtp password Skill39

ON L3SW-1
spanning-tree vlan 10 root primary
spanning-tree vlan 20 root secondary
spanning-tree portfast

ON L3SW-2
spanning-tree vlan 20 root primary
spanning-tree vlan 10 root secondary
spanning-tree portfast

DHCP
ip dhcp pool VLAN-20
network 192.168.20.0 255.255.255.0
dns-server 10.0.0.101
default-router 192.168.20.254

FHRP
ON L3SW-1
int vlan 10
standby 104 ip 192.168.10.254
standby 104 preempt
standby 104 priority 100

int vlan 20
standby 204 ip 192.168.20.254
standby 204 preempt

ON L3SW-2
int vlan 10
standby 104 ip 192.168.10.254
standby 104 preempt

int vlan 20
standby 204 ip 192.168.20.254
standby 204 preempt
standby 204 priority 100

EIGRP
EST-1
router eigrp 39
network 12.12.12.0 0.0.0.3
network 11.11.11.0 0.0.0.3
network 13.228.27.0 0.0.0.255

EST-2
router eigrp 39
network 11.11.11.4 0.0.0.3
network 12.12.12.4 0.0.0.3
network 13.229.28.0 0.0.0.255

DEFAULT ROUTE
EST-1
ip route 0.0.0.0 0.0.0.0 13.228.27.254
EST-2
ip route 0.0.0.0 0.0.0.0 13.229.28.254

L3SW-1
router eigrp 39
network 11.11.11.0 0.0.0.3
 network 12.12.12.4 0.0.0.3
network 192.168.10.0
network 192.168.20.0

L3SW-2
router eigrp 39
network 11.11.11.4 0.0.0.3
network 12.12.12.0 0.0.0.3
network 192.168.10.0
network 192.168.20.0

EST-1
router ospf 11
network 13.228.27.0 0.0.0.255 area 0
passive-interface default
no passive-interface g2/0

EST-2
router ospf 11
network 13.229.28.0 0.0.0.255 area 0
passive-interface default
no passive-interface g3/0

WST-1
router ospf 11
network 3.0.180.0 0.0.0.255 area 0

WST-2
router ospf 11
network 3.0.190.0 0.0.0.255 area 0

NAT
ON EST-1
int g2/0
ip nat outside
int g0/0
ip nat inside
int g1/0
ip nat inside
ip access-list standard INTERNET_ACCESS
permit 192.168.10.0 0.0.0.255
permit 192.168.20.0 0.0.0.255
ip nat inside source list INTERNET_ACCESS interface gigabitEthernet 2/0

ON EST-2
int g3/0
ip nat outside
int g0/0
ip nat inside
int g1/0
ip nat inside
ip access-list standard INTERNET_ACCESS
permit 192.168.10.0 0.0.0.255
permit 192.168.20.0 0.0.0.255
ip nat inside source list INTERNET_ACCESS interface gigabitEthernet 3/0

SNMP
ON EST-1 AND EST-2
snmp-server community public ro

SSH
crypto key generate rsa 1024
ip ssh version 2

Radius
aaa new-model
radius-server host 192.168.10.1 key Skill39
aaa authentication login default group radius local

user
username admin privilege 15 password Skill39
username JNT privilege 5 password Skill39

no privilege configure level 5 interface

no privilege exec level 5 configure
no privilege exec level 5 configure terminal
no privilege interface level 5 ip
no privilege interface level 5 ip address
no privilege interface level 5 no
no privilege interface level 5 no shutdown
no privilege interface level 5 shutdown

line vty 0 4
login local
access-class SSH_ACCESS IN
transport input ssh

line vty 0 4
access-class SSH_ACCESS in
login authentication default
transport input ssh

port

Int tun0
Ip add 10.255.255.2 255.255.255.252
tun source f0/0
tun des 3.0.180.201

Int tun0
Ip add 10.255.255.1 255.255.255.252
tun source f0/0
tun des 13.228.27.200