SAE_24 :
Projet Intégratif

Side note : As for the documentation, i’m going to detail what i did in this project, though i just want to say i did not find this projet easy whatsoever... In addition, considering i worked on it alone, i didnt progress as fast as the others. i wanna mention i didn’t finish the projet as it was really long and not everything worked right so in the end i decided to focus on things im more sure of and things i feel like i can progress in ; in my case it was just doing the rooting and the networking part and the website you’re reading right now, as this is where i feel more competent.
So i'm first going to detail what i technically did in this project, and after that im going to explain theoritically what i could've done with more time (i want to add the software was not easy to handle and it bugged many times so i couldnt progress in fonction of the ammount of time given.
(im going to note "Done" for the things i've done in GNS3 and "Undone" to things ive done theoritically and not on GNS3)

Explaining The Scheme : Done

Im going to start by showcasing the infrastructure i made regarding the entreprise's network :

1. First of all, i placed one pereferic router;
2. Then i placed a general switch connected to it;
3. Connected to that i placed 3 switches;
4. Then i put 3 PCs on each;

As for the scheme thats it, now we're going to move on to more technical stuff and confogurations on each of the materials.

PC Configurations : Done

As for the PC's configurations, the goal was to set ip adresses to each on PC and later on assure connectivity

1. First of all i turned the interface UP as it was DOWN by default :
   
   ip link set ens3 up



2. Second : i added the IP address:
   
   ip addr add 192.168.10.10/24 dev ens3 (in this example that's the configuration of PC1 the same was done to other Pcs)



3. And Third : we add the route to the router (which we'll configure after)
   
   ip r add default via 192.168.10.1

Id like to lastly mention the IP Adressing on each PC so:

• PC 1 : 192.168.10.10 ; PC 4 : 192.168.10.11 ; PC 7 : 192.168.10.12 ;



• PC 2 : 192.168.20.10 ; PC 5 : 192.168.20.11 ; PC 8 : 192.168.20.12 ;



• PC 3 : 192.168.30.10 ; PC 6 : 192.168.30.11 ; PC 9 : 192.168.30.12 ;

The Switches Configurations : Done

Well, time to configure the switches!

I set 3 vlans on each switch and then attributed a vlan to each PC connected to that switch.
After that i did a trunk link between each switch and one between the switch and the router.
That's a breif explination of what i did, but now i'll run you through the details of each configuration.

1. First of all i created 3 vlans on each switch (Finnace, Ressourse Humaine, Technique)
   
   we just need to be on the config mode of the switch then use the command
   sw1(config)# vlan 10
   then sw1(config-vlan)# name finnace
   for example
   
   
2. Second : i affect the right ports to the each vlan, using the commands:
   
   sw1(config)# interface fa1/1
   sw1(config-if)# switchport mode access
   sw1(config-if)# switchport access vlan 10
   



3. Third : i configure the port leading to the other switch in the trunk mode (in my case fa1/0), so:
   
   sw1(config)# interface fa1/0
   sw1(config-if)# switchport mode trunk



4. Lastly id like to show the final configurationon the switch 1 ( i want to precise the same configuration was made on the 2 other switches)
   
   Here's the vlans created
   
   And the trunk link
   


As for the general Switch its mainly composed of 4 trunk links:

The Router's Configuration : Done

As for the routers configuration, i configured 3 Subinterfaces with diffrent networks ,then i proceeded to activating the NAT :

I'll site the IP commands first, then i'll show the NAT config commands then i'll proceed to the final configuration of the router.

router(config)# interface 0/0.10
router(config-subif)# encapsulation dot1q 10
router(config-subif)# ip address 192.168.10.1 255.255.255.0
router(config-subif)# exit

These are IPs affected on each subinterface :

1. Fa 0/0.10 : 192.168.10.1
2. Fa 0/0.20 : 192.168.20.1
3. Fa 0/0.30 : 192.168.30.1

As for the NAT's configuration, here are the required steps to do so :

1. Configure the router’s inside interface using the ip nat inside command.
2. Configure the router’s outside interface using the ip nat outside command.
3. Configure an ACL that has a list of the inside source addresses that will be translated.
4. Configure the pool of global IP addresses using the ip nat pool NAME FIRST_IP_ADDRESS LAST_IP_ADDRESS netmask SUBNET_MASK command.
5. Enable dynamic NAT with the ip nat inside source list ACL_NUMBER pool NAME global configuration command.

Downloading the Graphical User Interface (GUI) : Undone

The default Debian PCs we're working with lack a graphical user interface, the GUI provides the graphical interface to interact with your system. Typically, administrators use CLI-based tools and configurations to manage it. This part of the document explains how to set up a desktop on a Debian-based Linux server.

1. Execute the below commands to update the Debian system :
   
   # sudo apt update
   # sudo apt -y upgrade


2. Install the GNOME desktop environment using the below command. The installation process will require some time to get completed.
   
   # sudo apt -y install task-gnome-desktop


3. Once the GNOME desktop installation has been completed, the next step is to assign the graphical runlevel.
   
   Change the default boot to graphical runlevel by executing the below command to ensure that the next system boot goes to GUI.
   
   # sudo systemctl set-default graphical.target


4. By default, root user login is disabled via GNOME Display Manager (GDM). For enabling root access, follow the below steps:
   
   Log in to the server through SSH and edit the GDM configuration file /etc/pam.d/gdm-password using any editor of choice.
   
   # nano /etc/pam.d/gdm-password
   
   Locate the line that reads as below :
   
   required pam_succeed_if.so user != root quiet_success
   
   Remove/comment out this line by prefixing # and then save and close the editor.


5. Reboot the Debian server with the reboot command.

DHCP server : Undone

The Dynamic Host Configuration Protocol (DHCP) is a network service that enables host computers to be automatically assigned settings from a server as opposed to manually configuring each network host. Computers configured to be DHCP clients have no control over the settings they receive from the DHCP server, and the configuration is transparent to the computer's user.

We're gonna start off by installing it then configuring it.

1. At a terminal prompt, enter the following command to install dhcpd:
   
   sudo apt-get install isc-dhcp-server


2. The following steps will help you configure the service :
   
   nano -w /etc/dhcp/dhcpd.conf
   
   # Sample /etc/dhcpd.conf
   default-lease-time 600;
   max-lease-time 7200;
   option subnet-mask 255.255.255.0;
   option broadcast-address 192.168.1.255;
   option routers 192.168.1.254;
   option domain-name-servers 192.168.1.1, 192.168.1.2;
   option domain-name "mydomain.example";
   
   subnet 192.168.1.0 netmask 255.255.255.0 {
   range 192.168.1.10 192.168.1.100;
   range 192.168.1.150 192.168.1.200;
   }
   
   This will result in the DHCP server giving a client an IP address from the range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will lease an IP address for 600 seconds if the client doesn't ask for a specific time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The server will also "advise" the client that it should use 255.255.255.0 as its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers.
   
   Start and stop service :
   
   sudo service isc-dhcp-server restart
   sudo service isc-dhcp-server start
   sudo service isc-dhcp-server stop
   


Thats usually how it goes, i didn't have the time to apply it to my infrastructure so for the following i just what i wouldve done theoritically based on TP classes.

Web server : Undone

Now we're gonna move on to intalling and configuring Apache which will allow us to own a Web server:

First we'll define some terms:

Apache is an open source web server that’s available for Linux servers free of charge.

1. To install Apache, install the latest meta-package apache2 by running:
   
   sudo apt update
   sudo apt install apache2


2. By default, Apache comes with a basic site enabled. We can modify its content in /var/www/html or settings by editing its Virtual Host file found in /etc/apache2/sites-enabled/000-default.conf.
   
   So let’s start by creating a folder for our new website in /var/www/ by running :
   
   sudo mkdir /var/www/wordpress


3. Then we go to the configuration file by executing :
   
   cd /etc/apache2/site-enable


4. Then we copy the default configuration :
   
   cp 000-default.conf default.conf


5. Then we delete the default configuration :
   
   rm 000-default.conf


6. Now we modify the configuration file newly created :
   
   nano default.conf
   
   then modify the line that says :
   
   DocumentRoot /var/www/html
   to
   DocumentRoot /var/www/wordpress


7. Lastly restart Apache with :
   
   systemctl restart apache2

FTP server : Undone

FTP (File Transfer Protocol) is a standard network protocol used to transfer files to and from a remote network. There are several open-source FTP servers available for Linux. The most known and widely used are PureFTPd , ProFTPD , and vsftpd . I ’ll be installing vsftpd (Very Secure Ftp Daemon), a stable, secure, and fast FTP server.

1. The vsftpd package is available in the Ubuntu repositories. To install it, execute the following commands:
   
   sudo apt update
   sudo apt install vsftpd
   
   to print it's status we execute the command :
   
   sudo systemctl status vsftpd


2. Start by opening the vsftpd configuration file:
   
   sudo nano /etc/vsftpd.conf
   


3. I’ll allow access to the FTP server only to the local users. So search for the anonymous_enable and local_enable directives and verify your configuration match to lines below:
   
   anonymous_enable=NO
   local_enable=YES
   write_enable=YES
   
   
4. To prevent local FTP users to access files outside of their home directories, uncomment the lne starting with chroot_local_user:
   
   chroot_local_user=YES
   
   By default, for security reasons, when chroot is enabled, vsftpd will refuse to upload files if the directory that the users are locked in is writable.
   Enable the allow_writeable_chroot directive :
   
   allow_writeable_chroot=YES


5. By default, vsftpd uses active mode. To use passive mode, set the minimum and maximum range of ports:
   
   pasv_min_port=30000
   pasv_max_port=31000
   
   You can use any port for passive FTP connections. When the passive mode is enabled, the FTP client opens a connection to the server on a random port in the range you have chosen.


6. Limiting User Login: You can configure vsftpd to permit only certain users to log in. To do so, add the following lines at the end of the file:
   
   userlist_enable=YES
   userlist_file=/etc/vsftpd.user_list
   userlist_deny=NO
   
   When this option is enabled, you need to explicitly specify which users can log in by adding the user names to the /etc/vsftpd.user_list file (one user per line).

Telephony server : Undone

Next up is a Telephony server and for that we're gonna be using Asterisk,

Asterisk makes it possible to transform a computer into a high-performance telephony switch; It comes in the form of free software published by the American company Digium.

Here i'm mostly gonna site what we did in our practical time in class to configure it, as i didn't have the time to mannipulate it on my infrastructure.

1. First of all we're gonna download it using the commands :
   
   sudo apt update
   sudo apt upgrade
   
   Then we proceed with the installation of the dependencies :
   
   sudo apt install build-essential libxml2-dev libncurses5-dev linux-headers-`uname -r` libsqlite3-dev libssl-dev libedit-dev uuid-dev libjansson-dev
   
   Then we install it by the following commands:
   
   mkdir /usr/src/asterisk
   cd /usr/src/
   asterisk
   wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18-current.tar.gz
   tar -xvzf asterisk-18-current.tar.gz cd asterisk-18.6.0
   ./configure --with-jansson-bundled
   make menuselect
   
   In the menu , go to Core Sound Package and check using the Space key CORE-SOUNDS-FR-ULAW. Exit by pressing the Esc key. Then go to Music On Hold File Packages, uncheck MOH-OPSOUND-WAV and check MOH-OPSOUND-ULAW. Finally, go to Extras Sound Packages and check EXTRA-SOUNDS-FR-ULAW.
   
   Return to the main screen and press Esc to finish and press S to save.
   
   Finally type the following commands to complete the installation:
   
   make
   make install
   make samples
   make config
   
   Then finally run asterisk using the command :
   
   /etc/init.d/asterisk start
   
   And to run the console:
   
   sudo asterisk -rvvvv


2. The Asterisk configuration is based on the following configuration files:
   
   /etc/asterisk/sip.conf : Global configuration of Asterisk
   /etc/asterisk/users.conf : Users configuration
   /etc/asterisk/extensions.conf : Dialplan configuration
   /etc/asterisk/voicemail.conf : Messages configuration
   

Brief summary :


Heres a brief summary of what i've done so far:

1. I placed 3 switches and one in addition that was more general and was mainly for trunking.
2. I added 3 VLANs on each and added trunk links where needed.
3. I've placed a periferic router on which i've configured 3 Subinterfaces (Each network was affected to a VLAN).
4. I've configured the PCs and affected all the IPs and Routes needed.
   in this step pinging between the machines works in addition they can ping the router.
5. Here i've added a external network a NAT and i linked it to the router.
6. Then i configured the router to it can dynamically NAT.