Last Phase NETW204 Class Project

March 26, 2018 | Author: Shivani | Category: Ip Address, Router (Computing), Computer Network, Internet Architecture, Internet Protocols
Share
Report this link


Comments



Description

PHASE I (20 points total)—Due Week 3Tasks to Do. Task 1: Subnet the 10.150.0.0/16 network for NY and assign the first nonzero subnets to Services followed by Engineering. You may need to resubnet for Executive and Native&Management subnets to avoid wasting IP addresses. Ensure that you re-subnet only the first unused subnet and nothing else. Assign the nonzero subnets to Executive and Native&Management. (5 points) New York Office IP VLAN 15 VLAN 25 VLAN 35 VLAN 99 IP Address Subnet Mask Network Address 10.150.1.129/26 10.150.1.1/25 10.150.0.129/25 10.150.1.193/28 255.255.255.192 255.255.255.128 255.255.255.128 255.255.255.240 10.150.1.128 10.150.1.0 10.150.0.128 10.150.1.192 Task 2: Subnet the 10.150.100.0 /25 network for IL and assign the last IP address on the first three nonzero subnets to the Loopback 1, Loopback 2, and Loopback 3 interfaces of the router. We will use a loopback or virtual interface to simulate the LAN subnets. This will speed up configuration and allows us to create our topology without rewiring. (3 points) Illinois Branch IP Loopback 1 Loopback 2 Loopback 3 IP Address 10.150.100.62/2 6 10.150.100.126/ 26 10.150.100.190/ 26 Subnet Mask 255.255.255.192 Network Address 10.150.100.0 255.255.255.192 10.150.100.64 255.255.255.192 10.150.100.128 Task 3: Subnet the 10.150.200.0 /25 network for CA and assign the last IP address on the first three nonzero subnets to the Loopback 1, Loopback 2, and Loopback 3 interfaces of the router. We will use a loopback or virtual interface to simulate the LAN subnets. This will speed up configuration and allows us to create our topology without rewiring. (3 points) California Branch IP Loopback 1 Loopback 2 Loopback 3 IP Address Subnet Mask Network Address 10.150.200.30/2 7 10.150.200.62/2 7 10.150.200.94/2 7 255.255.255.224 10.150.200.0 255.255.255.224 10.150.200.32 255.255.255.224 10.150.200.64 Task 4: Use the following network address (10.1.255.0/25) to find the WAN subnets between NY and IL and NY and CA respectively. Note that there are only two IP addresses per subnet for each WAN link. Assign the first WAN subnet to NY to IL and the second WAN subnet to NY to CA. (2 points) WAN Subnets NY to IL NY to CA IP Address 10.1.255.1/30 10.1.255.2/30 Subnet Mask 255.255.255.252 255.255.255.252 Network Address 10.1.255.0 10.1.255.0 Task 5: Use Microsoft Visio to design the current network topology. Remember to use Loopback interfaces for the subnets in NY, IL, and CA. Use point-to-point interfaces to connect the remote branch offices to NY. See the sample network diagram below. Replace the phrase “IP Address” by the correct IP address for each interface on the routers. Include the WAN IP addresses on the diagram as well. (7 points) (3. Password=cisco123 Message of the Day (MOTD) Banner VTY Unauthorized Access is Highly Prohibited! Encrypt the clear text passwords Use the correct command to encrypt clear text passwords. Enable SSH and Disable Telnet.line)#transport input ssh (config-line)#exit #service passwordencryption ¼ (c-if)#interface vlan 15 (c-if)#name Executive (c-if)#interface vlan 25 (c-if)#name Engineering (c-if)#interface vlan 35 (c-if)#name Services (c-if)#interface vlan 99 ¼ ¼ ¼ ¼ ¼ ½ ¼ . You will configure the switches first.First Major Deliverable in the Project: IP scheme for all three locations (fill in the IP tables above) and the Visio Diagram. You need to plan to implement the network. >enable #configure terminal #hostname SW1 #enable password Netw204 #no ip domain-lookup Points username Admin1 privilege 15 secret cisco123 #banner motd ^Unauthorized Access is Highly Prohibited!^ #line vty 0 15 (c. Use the information provided to create the VLANs. Task 1: Configure SW1. (I also added Names) Create the required VLANs. let us move on to the next phase in the project. PHASE II (30 points total)—Due Week 5 Now that you have completed your first major deliverable in the project.5 points possible) Configuration Task Switch name Secret Password Disable DNS lookup Username and Password Required Information SW1 Netw204 User= Admin1. VLAN 99 is the Native VLAN. Use the correct switchport command to set the Trunk port. fa0/3 (c-if)#switchport mode access #interface fastethernet 0/5 (c-if)# witchport mode access (c-if)#switchport access vlan 25 (c-if)#exit ¼ ¼ ¼ I don’t know all the ports ¼ because I am not using the software but in the even this was a live production network I would use #show vlan for .1Q Trunk ports.(c-if)#name Native&Management Assign the management IP address. Assign F0/5 to the correct VLAN as per the diagram. Configure all other ports as access ports. fa0/5. See the network diagram you drew for part 1.1.150.255. Assign the IP Address just before the last valid IP Address on the Native&Management VLAN.255. Disable all unused ports in software.205 255. switchport mode access is redundant if this is continuing from the previous command Shutdown all unused ports. Enable the 802.240 ¼ #interface fastethernet 0/2 (c-if)#switchport trunk encapsulation dot1q (c-if)#switchport mode trunk (c-if)#no shutdown (c-if)#interface fastethernet 0/1 (c-if)#switchport trunk encapsulation dot1q (c-if)#switchport mode trunk (c-if)#no shutdown (c-if)#exit #interface range fa0/2. #interface vlan 99 (c-if)#ip address 10. Use the interface range command. fa0/1. Password=cisco123 Enable SSH and Disable Telnet. (3.1. Assign the IP Address just before the last valid IP Address on the Native&Management VLAN.255. and #shutdown commands to shutdown unused ports. >enable #configure terminal #hostname SW2 #enable password Netw204 #no ip domain-lookup Points username Admin1 privilege 15 secret cisco123 #banner motd ^Unauthorized Access is Highly Prohibited!^ #line vty 0 15 (c.port information.5 points possible) Configuration Task Switch name Secret Password Disable DNS lookup Username and Password Required Information Message of the Day (MOTD) Banner VTY Unauthorized Access is Highly Prohibited! Encrypt the clear text passwords Create the required VLANs. Task 2: Configure SW2.line)#transport input ssh (c-line)#exit #service passwordencryption ¼ (c-if)#interface vlan 15 (c-if)#name Executive (c-if)#interface vlan 25 (c-if)#name Engineering (c-if)#interface vlan 35 (c-if)#name Services (c-if)#interface vlan 99 (c-if)#name Native&Management ¼ #interface vlan 99 (c-if)#ip address 10.255. Use the information provided to create the VLANs.205 255. Use the correct command to encrypt clear text passwords.150.240 ¼ ¼ ¼ ¼ ¼ ½ ¼ . VLAN 999 is the SW2 Netw204 User= Admin1. Assign the management IP address. #interface range {port range}. fa0/5. #interface fastethernet 0/2 (c-if)#switchport trunk encapsulation dot1q (c-if)#switchport mode trunk (c-if)#no shutdown (c-if)#interface fastethernet 0/1 (c-if)#switchport trunk encapsulation dot1q (c-if)#switchport mode trunk (c-if)#no shutdown (c-if)#exit #interface range fa0/2. See the network diagram you drew for part 1. fa0/1. and #shutdown commands to shutdown unused ports. fa0/3 (c-if)#switchport mode access #interface fastethernet 0/3 (c-if)# witchport mode access (c-if)#switchport access vlan 15 (c-if)#exit Again I don’t know all the ports because I am not using the software but in the even this was a live production network I would use #show vlan for port information. Shutdown all unused ports. Disable all unused ports in software. Assign F0/3 to the correct VLAN as per the diagram. ¼ ¼ ¼ ¼ . #interface range {port range}. Configure all other ports as access ports.1Q Trunk ports.Enable the 802. Use the correct switchport command to set the Trunk port. Native VLAN. Use the interface range command. 1Q subinterface .1.128 #description Services LAN #interface gigabitethernet 0/1.99 #encapsulation dot1q 15 #ip address 10. 15 on G0/1 Description Executive LAN Assign VLAN 15.192 #description Executive LAN #interface gigabitethernet 0/1.255.255.255.1.255. Assign the last valid IP address to this interface.1Q subinterface .190 255.1Q subinterface .128 #description Engineering LAN #interface gigabitethernet 0/1. 35 on G0/1 Description Services LAN Assign VLAN 35.15 #encapsulation dot1q 15 #ip address 10.255.1Q subinterface .25 #encapsulation dot1q 15 #ip address 10. Assign the last valid IP address to this interface. 99 on G0/1 Description Native&Management LAN Assign VLAN 99.255. Assign the last valid IP address to this interface.1.255.255.35 #encapsulation dot1q 15 #ip address 10. Assign the first available address to this interface. Configure 802.0.106 255.150.150.206 255. Configure 802. 25 on G0/1 Description Engineering LAN Assign VLAN 25. Activate Interface G0/1 #configure terminal Points leaving out (c-if) for space #interface gigabitethernet 0/1.1.150.1.150.129 255.240 #description Native&Management LAN ½ ½ ½ ½ #interface gigabitethernet 0/1 (c-if)#no shutdown ½ #router ospf 204 #router-id 1.>enable Configuration Item or Task Required Information Configure 802.1 ½ Bring up interfaces OSPF Process ID 204 . Configure 802. 0 0. Adjust the metric cost of S0/0/0.255 area 0 #network 10.1 Advertise directly connected networks. Use classless network addresses Assign all directly connected networks to Area 0 Set all LAN interfaces as passive.0.150.1.0 0.0.0 0.200.127 area 0 #network 10. 1000 Set the serial interface bandwidth. #network 10.150. 3/0 (c-if)#bandwidth 768 ½ ½ ½ ½ ½ 768 Kb/s #ip ofsf cost 7500 ½ Cost: 7500 .0.0. Change the default cost reference bandwidth to support Gigabit interface calculations.1.127 area 0 #passive-interface fastethernet 0/0 #end #router ospf 204 #auto-cost reference bandwidth 1000 #end #interface range serial 2/0.0.150. Type necessary commands to do so.0.255.Router ID 1.100. #interface serial 2/0 #no shutdown ½ OSPF Process ID #router ospf 204 ½ #router-id 2.255.1 255.255 area 0 #network 10.126 255.255. Use classless network addresses.Configuration Task Required Information Points #interface loopback 1 #ip address 10.255.0.252 Assign IP addresses to appropriate interfaces including Loopback and serial interfaces.150.127 area 0 ½ 204 Router ID 2.100.192 #interface serial 2/0 #ip address 10.62 255.150.190 255.0.150.2.255.255.150.2. #passive-interface fastethernet 0/0 #end ½ .2.100.255.192 #interface loopback 2 #ip address 10.192 #interface loopback 3 #ip address 10.100.0.100.2.255. Assign interfaces to Area 0.255. Use a single summary address for the LAN (loopback) interfaces.0 0.2 Advertise directly connected networks. ½ Activate the nonLoopback interfaces.150.0 0.0.1.255. Set all LAN (Loopback) interfaces as passive.2 ½ #network 10.255. #router ospf 204 #auto.Change the default cost reference bandwidth to support Gigabit interface calculations. (4 points) .cost reference bandwidth 1000 ½ 1000 256 Kb/s #interface serial 2/0 #bandwidth 256 ½ Note: You will probably notice that all the Loopback IP addresses show up as /32. Interface Loopback 1 ip ospf network point-to-point Task 5: Configure the CA Router. To change that /32 to the real subnet mask of the Loopback interfaces you need to type the following command on each Loopback interface in the routers. Set the serial interface bandwidth. 150.Configura tion Task Required Information Points #interface loopback 1 #ip address 10.200.255.150.255.0 0.255.3.94 255.255.200.150.1.255.0.200.255.0. #interface serial 3/0 #no shutdown ½ OSPF Process ID #router ospf 204 ½ #router-id 3. #network 10.255 area 0 #network 10.3.30 255.3 Advertise directly connected networks.252 Assign IP addresses to appropriat e interfaces including Loopback and serial interfaces.255. Set all LAN (Loopback) interfaces as passive.0.255.62 255.0.255.2 255.0 0.224 #interface loopback 2 #ip address 10.127 area 0 ½ #passive-interface fastethernet 0/0 #end ½ .3.224 #interface loopback 3 #ip address 10.3 ½ 204 Router ID 3. ½ Activate the nonLoopba ck interfaces.200.224 #interface serial 3/0 #ip address 10.150. Assign interfaces to Area 0.3. Use a single summary address for the LAN (loopback) interfaces. Use classless network addresses.150.255. #router ospf 204 #auto.cost reference bandwidth 1000 ½ 1000 256 Kb/s #interface serial 3/0 #bandwidth 256 #end Task 6: Verify OSPF Configuration (6 points) ½ . Set the serial interface bandwidth.Change the default cost reference bandwidth to support Gigabit interface calculation s. Capture the output for your project and explain what you see. Capture the output for your project and explains what you see. “Tracert” would be the command a network admin would use to see the route these packets take to get to their destination addess. routing networks. and passive interfaces configured on a router. How can you tell that the network is working correctly? (3 points) You would be able to see link state and the ospf routers would for adjacencies with their neighbors and this would be visible in the ospf database.Question Points Type the command that displays all connected OSPFv2 routers. address summarization. #show ip ospf neighb or 1 Type the command that displays the OSPF process ID. router ID. #show ip ospf 1 What command displays only OSPF routes? #show ip route ospf 1 What command displays detail information about the OSPF interfaces. The ip route command would show the routes of the packet sent from one network over to the neighboring network. you would ping addresses on the network to see if the packets go through. To see if the overall network is up and the interfaces are properly turned on. including the authentication method? #show ip ospf inerfac e 1 What command displays the OSPF link states types? #show ip ospf databa se [link state id] 1 What command displays the OSPF database? #show ip ospf databa se 1 Task 7: Summarize the output of the commands used in Task 6. . . 1.150.1.1. #ip dhcp pool ENGINEERING #network 10.12 Create a DHCP pool for VLAN 15.150.PHASE III (70 Points Total)—Due Week 7 Task 1: Configure the NY router as a DHCPv4 server for the executive and engineering VLAN.45 DomainName: hitech. Name: ENGINEERING DNS-Server: 192.1. (4 points) Configuration Task Required Information >enable #config t Reserve the first 10 IP addresses in VLAN 15 for static configurations.1.45 #domain-name engineering.0.45 #domain-name hitech.45 DomainName: engineering.0 #lease 7 Points (1 point) (1 point) (1 point) (1 point) . #ip dhcp excluded-address 10. Name: EXECUTIVE DNS-Server: 192.c om Set the default gateway.168.150.168.150.150.1. #ip dhcp excluded-address 10.140 Reserve the first 10 IP addresses in VLAN 25 for static configurations.1/25 #dns-server 192.168.1.130 10.1.1.129/26 #dns-server 192.150.net Set the default gateway.1.0.168.net #default-router 10.150.2 10.net #default-router 10.150.0 #lease 7 Create a DHCP pool for VLAN 25. #ip dhcp pool EXECUTIVE #network 10. 0.0.15 5 any eq 22 #20 permit tcp 10. Task 3: Configure static and dynamic NAT on NY.Task 2: Restrict Access to the VTY Lines to only come from Native&Management VLAN.150.1.0.193 0. #ip access-list extended NETMGMT #10 permit tcp 10. (15 points) Configuration Task Required Information >enable Configure a named access list to only allow Native&Manag ement VLAN to SSH to the routers.15 5 any eq 23 #500 deny ip any any log (this logs all the attempts to ssh) #conf t Point s 5 #line vty 0-15 Apply the named ACL to the VTY lines.150. (25 points) 5 .0. it should give out a “connection refused by remote host” error message.1. #ip access-class NETMGMT in 5 #end #show access-list then go to an unauthorized device and try to SSH to the router. Verify ACL is working as expected. ACL Name: NETMGMT Telnet is port 22. so If we are only allowing ssh connections then we would eliminate that line in the list.193 0. 23.255.23.255.66 / 26 #interface fa 0/0 #ip nat inside #interface serial 2/0 #ip nat outside 1 . #conf t #username webadmin privilege 15 secret cisco 123 Configure the HTTP server to use the local database for authentication.200/32 192.107.168.1. Required Information Points 5 Username: webadmin Password: cisco123 Privilege level: 15 #ip http server ip http ? ip http authentication ? Create a static NAT to the web server.1.66 #interface loopback 0 #192. Enable HTTP server service.168.Configuration Task Create a local database with one user account.200 255. >enable 2 #ip http authentication local 2 #ip inside source static 2 209.200  209. Use the command username webadmin privilege 15 secret cisco123.107. Configure NY’s Loopback 0 interface with the following IP address.1.107.255 1 192.168. Inside Global Address: 209.66 --> Assign the inside and outside interface for the static NAT. This is a simulated internal web server.23. 0.0.150.200.0 0.129 and 0.Configure the dynamic NAT inside private ACL. Do not allow the Services and Native&Manageme nt VLANs to be translated.150. Access List: 10 #ip access-list extended 10 Allow the #access-list 10 permit executive 10.107.193 CA to be translated.0 0.0.150. #access-list 10 permit Allow a summary 10.1.1 networks on NY to be translated.1.107.75 5 Define the dynamic NAT translation. Pool Name: THE_NET Pool of addresses include: 209.107.63 engineering #access-list 10 permit 10.23.68 – 209.63 of the LANs #access-list 10 permit (loopback) 10. 5 Define the pool of usable public IP addresses.0.23.150.23.0.0.1.150.73 #ip nat inside source list 10 pool 2 .100. #ip nat pool THE_NET 209.31 networks on IL and #access-list 10 deny 10. (16 points) .Task 4: Secure the network services. 23.107.107.66 / 26) that you configured in Task 3.66 / 26) that you configured in Task 3.63 any eq 80 #105 permit tcp 207.0.63 any eq 953 #105 deny icmp any any redirect log #105 deny icmp any any echo #105 deny icmp any any mask-request log in 10 #ip access-class 105 in 6 #conf t Point s .: 105 #ip access-list extended 105 #105 permit tcp 209.66 0. and  prevent traffic from the Internet from pinging internal networks. while continuing to allow LAN interfaces to ping the Internet hosts.107. Apply ACL to the appropriate interface(s).66 0.0.0. Required Informatio n >enable ACL No.23.23.23.  allow Internet hosts DNS access to the simulated web server on NY by accessing the static NAT address (209.107.Configuration Task Configure an extended ACL to  allow Internet hosts WWW access to the simulated web server on NY by accessing the static NAT address (209.0. . but this was ultimately great practice. Then we moved forward to set up a NAT service on the router to translate local addresses to public IP addresses. Last we secured the network services with an extended ACL that allowed certain hosts to access the web server. We had to first define the inside interface and the outer interface. Write a summary of what you did and explain what you have learned in the process. We created a pool of usable ip addresses for dynamic translating. (10 points) I created access control lists to permit only those assigned to the VLAN to gain remote access to the VLAN.Task 5: Verify that your project meets the above requirements. In the process I have learned to use my resources because not everything will always stick in my brain.
Copyright © 2024 DOKUMEN.SITE Inc.