Академический Документы
Профессиональный Документы
Культура Документы
MODE PASSWORD
Console teoenming
Privileged teoenming
Number of host Network Address Subnet Mask Max Number of Hosts In Use Network Name
Addresses Required Possible ( Yes / No )
FLOOR3SW
FLOOR2SW
FLOOR1SW
int f0/24
switchport mode access
switchport access vlan 99
FLOOR2SW
Assignment of Ports to VLAN 10
int g0/0
no ip add
no shut
int g0/0.10
encapsulation dot1Q 10
ip address 223.0.0.1 255.255.255.192
int g0/0.20
encapsulation dot1Q 20
ip address 223.0.0.65 255.255.255.224
int g0/0.30
encapsulation dot1Q 30
ip address 223.0.0.145 255.255.255.248
int g0/0.99
encapsulation dot1Q 99
ip address 223.0.0.153 255.255.255.248
OSPF
DYNAMIC ROUTING PROTOCOL
BRANCH-ROUTER
int lo 0
ip address 1.1.1.1 255.255.255.255
router ospf 50
network 223.0.0.129 0.0.0.0 area 0
network 223.0.0.161 0.0.0.0 area 0
MAIN-BLDG-ROUTER
int lo 0
ip address 2.2.2.2 255.255.255.255
router ospf 50
network 223.0.0.1 0.0.0.0 area 0
network 223.0.0.65 0.0.0.0 area 0
network 223.0.0.145 0.0.0.0 area 0
network 223.0.0.153 0.0.0.0 area 0
network 223.0.0.162 0.0.0.0 area 0
network 223.0.0.165 0.0.0.0 area 0
BORDER-ROUTER
int lo 0
ip address 3.3.3.3 255.255.255.255
router ospf 50
network 223.0.0.166 0.0.0.0 area 0
network 223.0.0.169 0.0.0.0 area 0
default-information originate
ADMIN-BLDG-ROUTER
int lo 0
ip address 4.4.4.4 255.255.255.255
router ospf 50
network 223.0.0.97 0.0.0.0 area 0
network 223.0.0.170 0.0.0.0 area 0
CONNECTION BETWEEN BORDER-ROUTER
AND
ISP ROUTER
DEFAULT STATIC ROUTE ON BORDER-ROUTER
int s0/0/0
ip address 200.200.100.1 255.255.255.252
int g0/0
ip address 150.13.2.2 255.255.255.252
ACCESS CONTROL LISTS
ACL REQUIREMENT 1
1. Interpretation of requirements:
a. Everyone can access the internet
b. Upper half of the subnet address space cannot access FTP
2. Using named, extended ACL, place it as close to the source as
possible.
3. Lower half of the subnet address space:
223.0.0.97 to 223.0.0.111
4. Upper half of the subnet address space:
223.0.0.112 to 223.0.0.126
5. Binary representation of lower half address space (last octet):
0110 0001
0110 1111
6. Binary representation of upper half address space (last octet):
0111 0000
0111 1110
7. Hence the wildcard that will allow us to distinguish between lower half and upper half of the address
space is:
or
0.0.0.15
This is very time consuming to implement if there are too many routers in the
network.
router ospf 50
default-information originate
MAIN-BLDG-ROUTER
ADMIN-BLDG-ROUTER
BRANCH-ROUTER
MAIN-BLDG-ROUTER
BORDER-ROUTER
S2: FLOOR1SW
S3: FLOOR2SW
S4: FLOOR3SW
R1: BRANCH-ROUTER
R2: MAIN-BLDG-ROUTER
R3: ADMIN-BLDG-ROUTER
R4: BORDER-ROUTER
R5: ISP ROUTER
PHYSICAL ASSIGNMENT
Hosts Pass/Fail
From VLAN/SW To VLAN/SW Protocol
Research -
VLAN10 /SW1 VLAN20/SW2 ICMP Sales Pass
Research -
VLAN10 /SW1 VLAN30/SW1 ICMP Server Pass
Research -
VLAN10 /SW1 VLAN99/SW3 ICMP Mgmt Pass
Sales -
VLAN20 /SW2 VLAN10/SW1 ICMP Research Pass
VLAN20 /SW2 VLAN30/SW1 ICMP Sales - Server Pass
VLAN20 /SW2 VLAN99/SW3 ICMP Sales - Mgmt Pass
Server -
VLAN30 /SW1 VLAN10/SW1 ICMP Research Pass
VLAN30 /SW1 VLAN20/SW2 ICMP Server - Sales Pass
VLAN30 /SW1 VLAN99/SW3 ICMP Server - Mgmt Pass
Mgmt -
VLAN30 /SW1 VLAN10/SW1 ICMP Research Pass
VLAN30 /SW1 VLAN20/SW2 ICMP Mgmt - Sales Pass
VLAN30 /SW1 VLAN30/SW1 ICMP Mgmt - Server Pass
TABLE 2 DEMON ACCESS OF ALL HOSTS
TO EACH OTHER AND INTERNAL SERVER
From Host To Host Pass/Fail
Research PC Sales PC Pass
Research PC Server Pass
Research PC Mgmt PC Pass
Research PC Admin PC Pass
Research PC Branch PC Pass
Research
Sales PC PC Pass
Sales PC Server Pass
Sales PC Mgmt PC Pass
Sales PC Admin PC Pass
Sales PC Branch PC Pass
Research
Mgmt PC PC Pass
Mgmt PC Sales PC Pass
Mgmt PC Server Pass
Mgmt PC Admin PC Pass
Mgmt PC Branch PC Pass
Research
Admin PC PC Pass
Admin PC Sales PC Pass
Admin PC Server Pass
Admin PC Mgmt PC Pass
Admin PC Branch PC Pass
Research
Branch PC PC Pass
Branch PC Sales PC Pass
Branch PC Server Pass
Branch PC Mgmt PC Pass
Branch PC Admin PC Pass
TABLE 3 DEMON BEHAVIOR OF INTER-
NETWORK WHEN SINGLE TRUNK FAILS
TRUNK 1 : BETWEEN SW 1 & SW 2 LINK
FAILED
Trunk Up /
Route Pass/Fail
From Host To Host Down
Research Sales down trunk (SW1 - SW 3) Pass
Research Server down trunk (SW1 - SW 3) Pass
Research Mgmt down trunk (SW1 - SW 3) Pass
Sales Research down trunk (SW1 - SW 3) Pass
Sales Server down trunk (SW1 - SW 3) Pass
Sales Mgmt down trunk (SW1 - SW 3) Pass
Server Research down trunk (SW1 - SW 3) Pass
Server Sales down trunk (SW1 - SW 3) Pass
Server Mgmt down trunk (SW1 - SW 3) Pass
Mgmt Research down trunk (SW1 - SW 3) Pass
Mgmt Sales down trunk (SW1 - SW 3) Pass
Mgmt Server down trunk (SW1 - SW 3) Pass
TRUNK 2 : BETWEEN SW 2 & SW 3 LINK
FAILED
Trunk Up /
Route Pass/Fail
From Host To Host Down
Research Sales down trunk (SW1 - SW 3) Pass
Research Server down trunk (SW1 - SW 3) Pass
Research Mgmt down trunk (SW1 - SW 3) Pass
Sales Research down trunk (SW1 - SW 3) Pass
Sales Server down trunk (SW1 - SW 3) Pass
Sales Mgmt down trunk (SW1 - SW 3) Pass
Server Research down trunk (SW1 - SW 3) Pass
Server Sales down trunk (SW1 - SW 3) Pass
Server Mgmt down trunk (SW1 - SW 3) Pass
Mgmt Research down trunk (SW1 - SW 3) Pass
Mgmt Sales down trunk (SW1 - SW 3) Pass
Mgmt Server down trunk (SW1 - SW 3) Pass
TRUNK 3 : BETWEEN SW 1 & SW 3 LINK
FAILED
Trunk Up /
Route Pass/Fail
From Host To Host Down
trunk (SW1 -SW2-SW
Research Sales down 3) Pass
trunk (SW1 -SW2-SW
Research Server down 3) Pass
trunk (SW1 -SW2-SW
Research Mgmt down 3) Pass
trunk (SW1 -SW2-SW
Sales Research down 3) Pass
trunk (SW1 -SW2-SW
Sales Server down 3) Pass
trunk (SW1 -SW2-SW
Sales Mgmt down 3) Pass
trunk (SW1 -SW2-SW
Server Research down 3) Pass
trunk (SW1 -SW2-SW
Server Sales down 3) Pass
trunk (SW1 -SW2-SW
Server Mgmt down 3) Pass
trunk (SW1 -SW2-SW
Mgmt Research down 3) Pass
trunk (SW1 -SW2-SW
Mgmt Sales down 3) Pass
trunk (SW1 -SW2-SW
Mgmt Server down 3) Pass
TRUNK 4 : BETWEEN SW 3 AND MAIN-
BLDG-ROUTER LINK FAILED
Trunk Up /
Route Pass/Fail
From Host To Host Down
trunk (SW1 -SW2-SW
Research Sales down 3) Fail
trunk (SW1 -SW2-SW
Research Server down 3) Fail
trunk (SW1 -SW2-SW
Research Mgmt down 3) Fail
trunk (SW1 -SW2-SW
Sales Research down 3) Fail
trunk (SW1 -SW2-SW
Sales Server down 3) Fail
trunk (SW1 -SW2-SW
Sales Mgmt down 3) Fail
trunk (SW1 -SW2-SW
Server Research down 3) Fail
trunk (SW1 -SW2-SW
Server Sales down 3) Fail
trunk (SW1 -SW2-SW
Server Mgmt down 3) Fail
trunk (SW1 -SW2-SW
Mgmt Research down 3) Fail
trunk (SW1 -SW2-SW
Mgmt Sales down 3) Fail
trunk (SW1 -SW2-SW
Mgmt Server down 3) Fail
RECOMMENDATIONS FOR FUTURE
NETWORK IMPROVEMENTS
RECOMMENDATION 1
Buying a block of static public IPv4 addresses for enterprise use
can be very expensive. We recommend using private IP
addresses for internal network implementation in the future. XYZ
Research company can use a single public IP address in the
future. For all the workstations in the internal network to access
the internet, we can implement Port Address Translation (PAT) or
NAT Overload. To allow outside hosts to access internal servers,
we can configure static NAT or port forwarding.
RECOMMENDATION 2
First Hop Routing Protocol (FHRP) > Hot Standby Router Protocol
(HSRP)
RECOMMENDATIONS FOR FUTURE
NETWORK IMPROVEMENTS (CONTD)
We recommend implementing HSRP so that there is router
redundancy at the border. The first router will be the main
forwarding router and the second router will be the standby
router. When the main router fails, the standby router will take
over. This type of redundancy will ensure that there is an always
on connection to the internet.
RECOMMENDATION 3
We recommend using Cat 7 LAN cables.
CHALLENGES ENCOUNTERED
We realized that vlan 30 is not created on FLOOR2SW and
FLOOR3SW. This is because we did not backup and restore
vlan.dat in every switch. VLANs are created in every switch
because there are port assignments for every VLAN. When there
is no port assignment to VLAN, that VLAN is not created on the
switch. Either we manually create vlan 30 on FLOOR2SW and
FLOOR3SW using the vlan 30 global configuration command
or we backup and restore vlan.dat in the flash storage area of
every switch.
END OF PRESENTATION
Presentation slides created by Turritopsis Dohrnii Teo En Ming
from 12:30 PM to 4:30 PM for 4 hours on 21 JULY 2017 FRIDAY.