Nov 23, 2024
HEP 456 Module 5 Section 12 and 13 Planning for Analysis and Interpretation and Gantt chartĀ
HEP 456 Module 5 Section 12 and 13 Planning for Analysis and Interpretation and Gantt chartĀ Name HEP 456: ā¦
NETW204 Class Project
NETW204 Class Project
This project includes three phases. You need to complete Phase I before moving on to Phase II. Likewise, you need to complete Phase II before moving on to Phase III or the final phase in the project.
Hi-tech Net Corp. is operating in three locations in the United States. Their main office is located in New York, NY. They have two branch offices located in Chicago, IL and Sacramento, CA.
You have just been hired as Hi-tech Net Corp.ās consulting engineer to implement their network infrastructure. Both branch offices will be directly connected to the main office in NY via a leased line circuit (point-to-point serial connection).
New Yorkās Office IP Information
The main office has four LAN segments: Executive, Engineering, Services, and Native&Management. Each LAN segment is identified by a VLAN number as seen below. For example:
ā Executive: VLAN 15
ā Engineering: VLAN 25
ā Services: VLAN 35
ā Native&Management: VLAN 99
The organization is using the following network address in NY: 10.150.0.0/16.
ā Executive: 60 computers only including future growth in this number
ā Engineering: 80 computers only including future growth in this number
ā Services: 115 computers including future growth in this number
ā Native & Management: 12 computers including future growth in this number
*** Future growth means that we already take growth into consideration. Do not try to estimate or add more IP addresses than necessary to avoid getting an incorrect subnet.
Illinoisā Office IP Information
The IL branch has three LAN subnets with 45 IP addresses on each subnet. They use the following network address to obtain the required IL subnets: 10.150.100.0 /24.
Californiaās Office IP Information
The CA branch has three LAN subnets with 25 IP addresses on each subnet. They use the following network address to obtain the required CA subnets: 10.150.200.0 /25.
PHASE I (20 points total)āDue Week 3 Tasks to Do.
Task 1: Subnet the 10.150.0.0/16 network for NY and assign the first subnets to
Services followed by Engineering. You may need to re-subnet for Executive and Native&Management subnets to avoid wasting IP addresses. Ensure that you re-subnet only the first unused subnet and nothing else. Assign the subnets to Executive and Native&Management. (5 points)
New York Office IP IP Address Range New Subnet New Network
Mask Address
VLAN 15-Executive 10.150.1.1 - 10.150.1.62 255.255.255.192 10.150.1.0/26
VLAN 25-Engineering 10.150.0.129 - 10.150.0.254 255.255.255.128 10.150.0.128/25
VLAN 35-Services 10.150.0.1 - 10.150.0.126 255.255.255.128 10.150.0.0/25
VLAN 99 Native Mgmt 10.150.1.65 - 10.150.1.78 255.255.255.240 10.150.1.64/28
Task 2: Subnet the 10.150.100.0 /25 network for IL and assign the last IP address on the three subnets to the Loopback 1, Loopback 2, and Loopback 3 interfaces of the router. We will use a loopback or virtual interface to simulate the LAN subnets. This will speed up configuration and allows us to create our topology without rewiring. (3 points)
Illinois Branch IP IP Address Range New Subnet Mask New Network
Address
Loopback 1 10.150.100.1 - 10.150.100.62 255.255.255.192 10.150.100.0/26
Loopback 2 10.150.100.65 - 10.150.100.126 255.255.255.192 10.150.100.64/26
Loopback 3 10.150.100.129 - 10.150.100.190 255.255.255.192 10.150.100.128/26
Task 3: Subnet the 10.150.200.0 /25 network for CA and assign the last IP address on the three subnets to the Loopback 1, Loopback 2, and Loopback 3 interfaces of the router. We will use a loopback or virtual interface to simulate the LAN subnets. This will speed up configuration and allows us to create our topology without rewiring. (3 points)
Loopback 1 10.150.200.1 - 10.150.200.30 255.255.255.224 10.150.200.0/27
Loopback 2 10.150.200.33 - 10.150.200.62 255.255.255.224 10.150.200.32/27
Loopback 3 10.150.200.65 - 10.150.200.94 255.255.255.224 10.150.200.64/27
Task 4: Use the following network address (10.1.255.0/25) to find the WAN subnets between NY and IL and NY and CA respectively. Note that there should only be two IP addresses per subnet for each WAN link. Assign the first WAN subnet to NY to IL and the second WAN subnet to NY to CA. (2 points)
WAN Subnets IP Address Range New Subnet Mask New Network Address
NY to IL 10.1.255.1 - 10.1.255.2 255.255.255.252 10.1.255.0/30
NY to CA 10.1.255.5 - 10.1.255.6 255.255.255.252 10.1.255.4/30
Task 5: Use Microsoft Visio to design the current network topology. Remember to use Loopback interfaces for the subnets in NY, IL, and CA. Use point-to-point interfaces to connect the remote branch offices to NY. See the sample network diagram below. Replace the phrase āIP Addressā by the correct IP address for each interface on the routers. Include the WAN IP addresses on the diagram as well. (7 points)
First Major Deliverable in the Project: IP scheme for all three locations (fill in the IP tables above) and the Visio Diagram.
Conclusion: We had to complete five tasks as part of Phase I. For task 1, we had to subnet the 10.150.0.0/16 network for NY, and then assign the first subnets to services followed by engineering. Additionally, we had to assign subnets to Executive and Native and Management. For task 2, we had to subnet the 10.150.100.0/25 network for IL, and then for Loopback 1, Loopback 2, and the Loopback 3 interfaces of the router were assignment the last IP address of the subnets. We then simulated the LAN subnet, which allowed us to speed up configuration. Task 3, included subnetting the
10.150.200.0./25 network for CA, and then assigning the last IP address on the three subnets for Loopback 1, Loopback 2, and Loopback 3 interfaces of the router. For task 4, We then had to use the 10.1.255.0/25 network address to find WAN subnets between NY and IL, and NY to CA. We then assigned he first WAN subnet to NY to IL, and the second WAN subnet to CA. The final task included designing the network topology using Microsoft Visio, which included using loopback interfaces for the subnets, using point to point interfaces for the remote branch offices, and putting in the correct IP addresses for the interface on the router and for the WAN IP addresses.
PHASE II (30 points total)āDue Week 5
Now that you have completed your first major deliverable in the project, let us move on to the next phase in the project. You need to plan to implement the network. You will configure the switches first.
You should write all required configuration commands with their Command prompt mode in the table, middle column, under the āRequired Informationā instructions.
Task 1: Configure SW1. (3.5 points possible)
Message of the Unauthorized Access is Highly Prohibited! Ā¼
Day (MOTD) SW1(config)#banner motd “Unauthorized Access is Highly
Banner Prohibited!”
VTY Enable SSH and Disable Telnet. Ā½
SW1(config)#ip domain-name cisco.com
SW1(config)#crypto key generate rsa
SW1(config-line)#login local
SW1(config-line)#transport input ssh
SW1(config-line)#username Admin1 privilege 15 secret cisco123
Encrypt the Use the correct command to encrypt clear text passwords. Ā¼ clear text SW1(config)#service password-encryption passwords
Create the Use the information provided to create the VLANs. Ā¼ required VLANs. SW1(config)#vlan 15
SW1(config-vlan)#name Executive
SW1(config-vlan)#end
SW1(config)#interface vlan 15
SW1(config-if)# ip address 10.150.1.0 255.255.255.192
SW1(config-if)#end
SW1(config)#vlan 25
SW1(config-vlan)#name Engineering
SW1(config-vlan)#end
SW1(config)#interface vlan 25
SW1(config-if)# ip addess 10.150.0.128 255.255.255.128
SW1(config-if)#end
SW1(config)#vlan 35
SW1(config-vlan)#name Services
SW1(config-vlan)#end
SW1(config)#interface vlan 35
SW1(config-if)# ip addess 10.150.0.0 255.255.255.128
SW1(config-if)#end
SW1(config)#vlan 99
SW1(config-vlan)#name Native&Management
SW1(config-vlan)#end
SW1(config)#interface vlan 99
SW1(config-if)# ip addess 10.150.1.64 255.255.255.240 SW1(config-if)#end
Assign the Assign the IP Address just before the last valid IP Address Ā¼
management IP on the Native&Management VLAN. VLAN 99 is the Native address. VLAN.
SW1(config)#interface vlan 99
SW1(config-if)#
SW1(config-if)#ip address 10.150.1.77 255.255.255.240
Enable the Use the correct switchport command to set the Trunk port. Ā¼
802.1Q Trunk SW1(config)#interface f0/7
ports. SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed 15,25,35,99
Configure all Use the interface range command. Ā¼
other ports as SW1(config)# interface range F0/1-6, F0/8-24 access ports. SW1(config-if-range)#switchport mode access SW1(config-if-range)#no shutdown
Assign F0/3 to See the network diagram you drew for part 1. Ā¼
the correct SW1(config)#interface 1/0/1
VLAN as per the SW1(config-if)#switchport access vlan 25 diagram. SW1(config-if)#no shutdown
Shutdown all Disable all unused ports in software. Ā¼
unused ports. SW1(config)#interface range F0/1-6, F0/8-24 SW1(config-if-range)#shutdown
Task 2: Configure SW2. (3.5 points possible)
Disable DNS lookup SW2(config)#no ip domain-lookup Ā¼
Username and User= Admin1, Password=cisco123 Ā¼
Password SW2(config)#username Admin1 password
cisco123
Message of the Day Unauthorized Access is Highly Prohibited! Ā¼
(MOTD) Banner SW2(config)#banner motd “Unauthorized
Access is Highly Prohibited!”
VTY Enable SSH and Disable Telnet. Ā½
SW2(config)#ip domain-name netcorp.com
SW2(config)#crypto key generate rsa
SW2(config)#line vty 0 4
SW2(config-line)#login local
SW2(config-line)#transport input ssh
SW2(config-line)#username Admin2 privilege
15 secret cisco123
Encrypt the clear text Use the correct command to encrypt clear Ā¼ passwords text passwords.
SW2(config)#service password-encryption
Create the required Use the information provided to create the Ā¼
VLANs. VLANs.
SW2(config)#vlan 15
SW2(config-vlan)#name Executive
SW2(config-vlan)#end
SW2(config)#interface vlan 15
SW2(config-if)# ip address 10.150.1.0
255.255.255.192
SW2(config-if)#end
SW2(config)#vlan 25
SW2(config-vlan)#name Engineering
SW2(config-vlan)#end
SW2(config)#interface vlan 25
SW2(config-if)# ip addess 10.150.0.128
255.255.255.128
SW2(config-if)#end
SW2(config)#vlan 35
SW2(config-vlan)#name Services
SW2(config-vlan)#end
SW2(config)#interface vlan 35
SW2(config-if)# ip addess 10.150.0.0
255.255.255.128
SW2(config-if)#end
SW2(config)#vlan 99
SW2(config-vlan)#name
Native&Management
SW2(config-vlan)#end
SW2(config)#interface vlan 99
SW2(config-if)# ip addess 10.150.1.64
255.255.255.240
SW2(config-if)#end
Assign the Assign the IP Address just before the last Ā¼ management IP valid IP Address on the Native&Management address. VLAN. VLAN 99 is the Native VLAN.
SW2(config)#interface vlan 99
SW2(config-if)#
SW2(config-if)#ip address 10.150.1.77
255.255.255.240
Enable the 802.1Q Use the correct switchport command to set Ā¼ Trunk ports. the Trunk port.
SW2(config)#interface f0/7
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport trunk allowed
15,25,35,99
Configure all other Use the interface range command. Ā¼
ports as access ports. SW2(config)# interface range F0/1-6, F0/8-24 SW2(config-if-range)#switchport mode access
SW2(config-if-range)#no shutdown
Assign F0/3 to the See the network diagram you drew for part 1. Ā¼
correct VLAN as per SW2(config)#interface 1/0/1 the diagram. SW2(config-if)#switchport access vlan 25
SW2(config-if)#no shutdown
Shutdown all unused Disable all unused ports in software. Ā¼
ports. SW2(config)#interface range F0/1-6, F0/8-24
SW2(config-if-range)#shutdown
Task 3: Configure the NY Router. (6 points)
Configuration Item Required Information P or Task oi
nt s
Configure 802.1Q Description Executive LAN Ā½ subinterface .15 on Assign VLAN 15.
G0/1 Assign the last valid IP address to this interface.
NYrouter(config)#interface fa 0/0.15
NYrouter(config-subif)#encap
NYrouter(config-subif)#encapsulation dot
NYrouter(config-subif)#encapsulation dot1Q 15
NYrouter(config-subif)#ip adr
NYrouter(config-subif)#ip add
NYrouter(config-subif)#ip address 10.150.1.1
255.255.255.192
NYrouter(config-subif)#exit
Configure 802.1Q Description Engineering LAN Ā½ subinterface .25 on Assign VLAN 25.
G0/1 Assign the last valid IP address to this interface.
NYrouter(config)#interface fa 0/0.25
NYrouter(config-subif)#
NYrouter(config)#encapsulation dot1Q 25
NYrouter(config-subif)#ip address 10.150.0.129
255.255.255.128
NYrouter(config-subif)#exit
Configure 802.1Q Description Services LAN Ā½ subinterface .35 on Assign VLAN 35.
G0/1 Assign the first available address to this interface.
NYrouter(config)#interface fa 0/0.35
NYrouter(config-subif)#
NYrouter(config-subif)#encapsulation dot1q 35
NYrouter(config-subif)#ip address 10.150.0.1
255.255.255.128
Configure 802.1Q Description Native&Management LAN Ā½ subinterface .99 on Assign VLAN 99.
G0/1 Assign the last valid IP address to this interface.
NYrouter(config)#interface fa 0/0.99
NYrouter(config-subif)#
NYrouter(config-subif)#enca
NYrouter(config-subif)#encapsulation dot1q 99
NYrouter(config-subif)#ip address 10.150.1.65
255.255.255.240
Activate Interface Bring up interfaces Ā½
G0/1 NYrouter(config)#interface fa 0/0
NYrouter(config-if)#no shut
NYrouter(config-if)#no shutdown
OSPF Process ID 204 Ā½
NYrouter(config)#route ospf 204
Router ID 1.1.1.1 Ā½
NYrouter(config-router)#router-id 1.1.1.1
Advertise directly Use classless network addresses Ā½ connected networks. Assign all directly connected networks to Area 0
NYrouter(config-router)#network 10.150.1.0 0.0.0.63 area 0
NYrouter(config-router)#network 10.150.0.128 0.0.0.127 area 0
NYrouter(config-router)#network 10.150.0.0 0.0.0.127 area 0
NYrouter(config-router)#network 10.150.1.64 0.0.0.15 area 0
Set all LAN Type necessary commands to do so. Ā½
interfaces as NYrouter(config)#router ospf 204
passive. NYrouter(config-router)#passive
NYrouter(config-router)#passive-interface fa 0/0
Change the default 1000 Ā½
cost reference NYrouter(config)#router ospf 204 bandwidth to NYrouter(config-router)#auto-cost reference
support Gigabit NYrouter(config-router)#auto-cost reference-bandwidth 1000 interface
Note: You will probably notice that all the Loopback IP addresses show up as /32. To change that /32 to the real subnet mask of the Loopback interfaces you need to type the following command on each Loopback interface in the routers. Interface Loopback 1 ip ospf network point-to-point
Task 6: Verify OSPF Configuration (6 points)
Task 7: Summarize the output of the commands used in Task 6. How can you tell that the network is working correctly? (3 points)
PHASE III (70 Points Total)āDue Week 7
Task 1: Configure the NY router as a DHCPv4 server for the executive and engineering VLAN. (4 points)
Task 2: Restrict Access to the VTY Lines to only come from Native&Management VLAN.
(15 points)
Configuration Task Required Information Points Configure a named access list to ACL Name: NETMGMT 5 only allow Native&Management VLAN to SSH to the routers.
Apply the named ACL to the VTY 5 lines.
Verify ACL is working as expected. 5
Task 3: Configure static and dynamic NAT on NY. (25 points)
Task 4: Secure the network services. (16 points)
Configure an extended ACL to ACL No.: 105 10
Ā· allow Internet hosts WWW access to the simulated web server on NY by accessing the static NAT address (209.107.23.66 /26) that you configured in Task 3;
Ā· allow Internet hosts DNS access to the simulated web server on NY by accessing the static NAT address (209.107.23.66 /26) that you configured in
Task 3; and
Ā· prevent traffic from the Internet from pinging internal networks, while continuing to allow LAN interfaces to ping the Internet hosts.
Apply ACL to the appropriate interface(s). 6
Task 5: Verify that your project meets the above requirements. Write a summary of what you did and explain what you have learned in the process. (10 points)
