For this assignment, assume you have been hired by Kris Corporation as an Inform

Question

For this assignment, assume you have been hired by Kris Corporation as an Information Technology consultant. Kris Corporation manufacturers parts for the automotive industry. Your job is to submit a proposal that meets their criteria (listed below) based on information provided. You may fill in any gaps in the specifications provided by making assumptions. All assumptions should be clearly identified.

Current Implementation and Concerns:

Parent domain (kris.local) and child domain (corp.kris.local) for the organization’s AD infrastructure are running on Server 2008. The following are concerns related to AD: (1) Kris Corporation is concerned about running multiple domain, and (2) automobile manufacturers are asking Kris Corporation to use single identity to procure orders in real time.

The company has five locations in Atlanta (GA), Baltimore (MD), Chicago (IL), Seattle (WA) and San Diego (CA). The manufacturing plants are in Atlanta and Seattle.

Disaster recovery is a big concern.

Physical space for servers is an issue at the Atlanta location.

Most of the IT staff is in Atlanta, which is the company’s headquarters, but other locations have significant IT personnel as well. Business personnel are similarly distributed across the company’s locations.

Since all locations are independently connected to the Internet, file sharing is difficult among sites.

Your document should integrate the content presented in the course. The outline below provides required points to cover. You are free to add other related information.

Describe the technical and business reasons for each choice, citing other resources as appropriate. The Windows Server 2012 operating system should be used for all aspects of the solution. Each choice should be explained with technical and business reasoning. Solutions should be reasonably detailed.

Your solution should cover the following five numbered areas and associated bulleted items listed under each.

Active Directory

Why and how should the company migrate to 2012 AD?

Should the company remain at multi-domain model or migrate to single domain?

What technology can provide single sign on? How will it be configured?

DNS

Where should DNS servers reside?

What kind of DNS security can the DNS servers leverage?

DHCP

Will a form of DHCP fault tolerance be implemented?

How can DHCP addresses be tracked?

Hyper-V

Evaluate the pros and cons of implanting Hyper-V. Would it need clustering?

What features of Hyper-V can Kris Corporation leverage?

Routing/Security

How can Kris Corporation improve its networking capabilities in terms of file sharing and security?

Explanation / Answer

The statement of "...default router through a VLAN." is ture in my case. "IP address for that VLAN interface."

it helps here is network layout, switch, and router configs.

VLAN 10 management

VLAN 70 is a /28 that is framed to me by my ISP. Port-channel1.70 has to 70.57.155.254

VLAN 192 is a /24 that is all things DHCP and WiFi

VLAN 193 is a /24 that is all things static IP's like servers, WiFi access points, basicly anything that supports VLAN 192

Switch config -

!

version 12.2

service nagle

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

no service dhcp

!

hostname Stack

!

enable secret 5 <PASSWORD>

enable password 7 <PASSWORD>

!

no aaa new-model

switch 1 provision ws-c3750g-24t

switch 2 provision ws-c3750g-24t

system mtu routing 1500

ip subnet-zero

ip routing

no ip gratuitous-arps

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

!

interface Loopback0

ip address 10.0.1.1 255.255.255.0

!

interface Port-channel1

description To 2901

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel2

switchport access vlan 70

switchport mode access

!

interface Port-channel3

switchport access vlan 70

switchport mode access

!

interface Port-channel4

switchport access vlan 70

switchport mode access

!

interface Port-channel5

switchport access vlan 70

switchport mode access

!

interface Port-channel6

switchport access vlan 192

switchport mode access

!

interface Port-channel7

switchport access vlan 193

switchport mode access

!

interface GigabitEthernet1/0/1

switchport access vlan 70

switchport mode access

channel-protocol lacp

channel-group 2 mode active

!

interface GigabitEthernet1/0/2

switchport access vlan 70

switchport mode access

!

interface GigabitEthernet1/0/3

switchport access vlan 70

switchport mode access

channel-protocol lacp

channel-group 4 mode active

!

interface GigabitEthernet1/0/4

switchport access vlan 70

switchport mode access

channel-protocol lacp

channel-group 5 mode active

!

interface GigabitEthernet1/0/5

no switchport

no ip address

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

description To 2901

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

switchport access vlan 192

switchport mode access

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

switchport access vlan 193

switchport mode access

!

interface GigabitEthernet1/0/22

switchport access vlan 193

switchport mode access

!

interface GigabitEthernet1/0/23

switchport access vlan 193

switchport mode access

channel-protocol lacp

channel-group 7 mode active

!

interface GigabitEthernet1/0/24

switchport access vlan 192

switchport mode access

channel-protocol lacp

channel-group 6 mode active

!

interface GigabitEthernet2/0/1

switchport access vlan 70

switchport mode access

channel-protocol lacp

channel-group 2 mode active

!

interface GigabitEthernet2/0/2

switchport access vlan 70

switchport mode access

!

interface GigabitEthernet2/0/3

switchport access vlan 70

switchport mode access

channel-protocol lacp

channel-group 4 mode active

!

interface GigabitEthernet2/0/4

switchport access vlan 70

switchport mode access

channel-protocol lacp

channel-group 5 mode active

!

interface GigabitEthernet2/0/5

!

interface GigabitEthernet2/0/6

!

interface GigabitEthernet2/0/7

!

interface GigabitEthernet2/0/8

!

interface GigabitEthernet2/0/9

!

interface GigabitEthernet2/0/10

!

interface GigabitEthernet2/0/11

!

interface GigabitEthernet2/0/12

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface GigabitEthernet2/0/13

!

interface GigabitEthernet2/0/14

switchport access vlan 192

switchport mode access

!

interface GigabitEthernet2/0/15

!

interface GigabitEthernet2/0/16

!

interface GigabitEthernet2/0/17

!

interface GigabitEthernet2/0/18

!

interface GigabitEthernet2/0/19

!

interface GigabitEthernet2/0/20

!

interface GigabitEthernet2/0/21

switchport access vlan 193

switchport mode access

!

interface GigabitEthernet2/0/22

switchport access vlan 193

switchport mode access

!

interface GigabitEthernet2/0/23

switchport access vlan 193

switchport mode access

channel-protocol lacp

channel-group 7 mode active

!

interface GigabitEthernet2/0/24

switchport access vlan 192

switchport mode access

channel-protocol lacp

channel-group 6 mode active

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

ip address 10.0.0.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface Vlan70

ip address 70.57.155.241 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface Vlan192

ip address 192.168.3.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface Vlan193

ip address 192.168.5.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

!

ip default-gateway 10.0.0.254

ip classless

no ip http server

no ip http secure-server

!

!

no cdp run

!

control-plane

!

!  

line con 0

line vty 0 4

password 7 <PASSWORD>

login

line vty 5 15

password 7 <PASSWORD>

login

!

scheduler process-watchdog reload

end

-- Router Config --

version 15.3

service nagle

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

no service dhcp

!

hostname 2901

!

boot-start-marker

boot system flash1 c2900-universalk9-mz.SPA.153-1.T.bin

boot-end-marker

!

!

enable secret 4 <PASSWORD>

enable password 7 <PASSWORD>

!

no aaa new-model

clock timezone CST -6 0

clock summer-time CST recurring

!

no ip gratuitous-arps

ip cef

!

!

!

!

!

!

ipv6 spd queue min-threshold 62

ipv6 spd queue max-threshold 63

ipv6 multicast rpf use-bgp

no ipv6 cef

multilink bundle-name authenticated

!

vpdn enable

!

vpdn-group 1

!

!

!

!

license udi pid CISCO2901/K9 sn FTX1539817B

!

!

!

!

controller VDSL 0/0/0

!

csdb tcp synwait-time 30

csdb tcp idle-time 3600

csdb tcp finwait-time 5

csdb tcp reassembly max-memory 1024

csdb tcp reassembly max-queue-length 16

csdb udp idle-time 30

csdb icmp idle-time 10

csdb session max-session 65535

!

!

!

!

interface Loopback0

ip address 10.0.1.254 255.255.255.0

!

interface Null0

no ip unreachables

!

interface Port-channel1

ip address 172.31.1.254 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip tcp adjust-mss 1452

hold-queue 150 in

!

interface Port-channel1.10

encapsulation dot1Q 10 native

ip address 10.0.0.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface Port-channel1.70

encapsulation dot1Q 70

ip address 70.57.155.254 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip tcp adjust-mss 1452

!

interface Port-channel1.192

encapsulation dot1Q 192

ip address 192.168.3.254 255.255.255.0

ip helper-address 192.168.5.5

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Port-channel1.193

encapsulation dot1Q 193

ip address 192.168.5.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip tcp adjust-mss 1452

duplex auto

speed auto

channel-group 1

no cdp enable

no mop enabled

!

interface GigabitEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip tcp adjust-mss 1452

duplex auto

speed auto

channel-group 1

no cdp enable

no mop enabled

!

interface ATM0/0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

load-interval 30

shutdown

no atm ilmi-keepalive

ntp disable

no snmp trap link-status

hold-queue 224 in

!

interface Ethernet0/0/0

no ip address

!

interface Ethernet0/0/0.201

encapsulation dot1Q 201

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface Dialer0

mtu 1492

ip unnumbered Port-channel1.70

ip access-group from_internet in

ip access-group to_internet out

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ntp disable

no snmp trap link-status

ppp authentication chap pap callin

ppp chap hostname <USERNAME>

ppp chap password 7 <PASSWORD>

ppp pap sent-username <USERNAME> password 7 <PASSWORD>

ppp ipcp route default

no cdp enable

!

no ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list NAT interface Port-channel1.70 overload

!

ip access-list extended NAT

permit ip 192.168.3.0 0.0.0.255 any

permit ip 192.168.5.0 0.0.0.255 any

deny ip any any

ip access-list extended from_internet

evaluate reflexive-temporary-list

deny tcp any any fragments

deny udp any any fragments

deny icmp any any fragments

deny ip any any fragments

deny udp any any eq netbios-ns

deny udp any any eq netbios-dgm

deny udp any any eq netbios-ss

deny ip 0.0.0.0 0.255.255.255 any

deny ip 10.0.0.0 0.255.255.255 any

deny ip 127.0.0.0 0.255.255.255 any

deny ip 169.254.0.0 0.0.255.255 any

deny ip 172.16.0.0 0.15.255.255 any

deny ip 192.168.0.0 0.0.255.255 any

deny ip 224.0.0.0 15.255.255.255 any

deny ip any 0.0.0.0 0.255.255.255

deny ip any 10.0.0.0 0.255.255.255

deny ip any 127.0.0.0 0.255.255.255

deny ip any 169.254.0.0 0.0.255.255

deny ip any 172.16.0.0 0.15.255.255

deny ip any 192.168.0.0 0.0.255.255

deny ip any 224.0.0.0 15.255.255.255

deny ip host 0.0.0.0 any

permit tcp any host 70.57.155.242 eq 22

permit udp any host 70.57.155.242 eq domain

permit udp any host 70.57.155.242 eq ntp

permit tcp any host 70.57.155.242 eq smtp

permit tcp any host 70.57.155.242 eq 3128

permit tcp any host 70.57.155.234 gt 1024

permit udp any host 70.57.155.234 gt 1024

permit tcp any host 70.57.155.245 eq www

permit tcp any host 70.57.155.245 eq 443

permit udp any host 70.57.155.243 eq domain

permit udp any host 70.57.155.243 eq ntp

permit tcp any host 70.57.155.243 eq www

permit tcp any host 70.57.155.243 eq smtp

permit tcp any host 70.57.155.243 eq 995

permit tcp any host 70.57.155.243 eq 443

permit tcp any host 70.57.155.243 eq 7071

permit tcp any host 70.57.155.243 eq pop3

permit tcp any host 70.57.155.243 eq 143

permit tcp any host 70.57.155.243 eq 465

permit tcp any host 70.57.155.243 eq 993

permit icmp any any administratively-prohibited

permit icmp any any echo-reply

permit icmp any any echo

permit icmp any any packet-too-big

permit icmp any any time-exceeded

permit icmp any any traceroute

permit icmp any any unreachable

deny ip any any

ip access-list extended to_internet

deny udp any any eq netbios-ns

deny udp any any eq netbios-dgm

deny udp any any eq netbios-ss

deny ip 0.0.0.0 0.255.255.255 any

deny ip 10.0.0.0 0.255.255.255 any

deny ip 127.0.0.0 0.255.255.255 any

deny ip 169.254.0.0 0.0.255.255 any

deny ip 172.16.0.0 0.15.255.255 any

deny ip 192.168.0.0 0.0.255.255 any

deny ip 224.0.0.0 15.255.255.255 any

deny ip any 0.0.0.0 0.255.255.255

deny ip any 10.0.0.0 0.255.255.255

deny ip any 127.0.0.0 0.255.255.255

deny ip any 169.254.0.0 0.0.255.255

deny ip any 172.16.0.0 0.15.255.255

deny ip any 192.168.0.0 0.0.255.255

deny ip any 224.0.0.0 15.255.255.255

permit ip 70.57.155.240 0.0.0.15 any reflect reflexive-temporary-list timeout 300

deny ip any any

!

dialer-list 1 protocol ip permit

no cdp run

!

!

access-list 1 permit any

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password 7 <PASSWORD>

login

transport input all

!

scheduler allocate 20000 1000

ntp server 70.57.xxx.yyy

ntp server 70.57.xxx,yyy

!

end

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.