Documente Academic
Documente Profesional
Documente Cultură
Tasks to Do.
Task 1: Subnet the 10.150.0.0/16 network for NY and assign the first
nonzero subnets to Services followed by Engineering. You may need to resubnet for Executive and Native&Management subnets to avoid wasting IP
addresses. Ensure that you re-subnet only the first unused subnet and
nothing else. Assign the nonzero subnets to Executive and
Native&Management. (5 points)
New York Office
IP
VLAN 15
VLAN 25
VLAN 35
VLAN 99
IP Address
Subnet Mask
Network Address
10.150.1.129/26
10.150.1.1/25
10.150.0.129/25
10.150.1.193/28
255.255.255.192
255.255.255.128
255.255.255.128
255.255.255.240
10.150.1.128
10.150.1.0
10.150.0.128
10.150.1.192
Task 2: Subnet the 10.150.100.0 /25 network for IL and assign the last IP
address on the first three nonzero subnets to the Loopback 1, Loopback 2,
and Loopback 3 interfaces of the router. We will use a loopback or virtual
interface to simulate the LAN subnets. This will speed up configuration and
allows us to create our topology without rewiring. (3 points)
Illinois Branch IP
Loopback 1
Loopback 2
Loopback 3
IP Address
10.150.100.62/2
6
10.150.100.126/
26
10.150.100.190/
26
Subnet Mask
255.255.255.192
Network Address
10.150.100.0
255.255.255.192
10.150.100.64
255.255.255.192
10.150.100.128
Task 3: Subnet the 10.150.200.0 /25 network for CA and assign the last IP
address on the first three nonzero subnets to the Loopback 1, Loopback 2,
and Loopback 3 interfaces of the router. We will use a loopback or virtual
interface to simulate the LAN subnets. This will speed up configuration and
allows us to create our topology without rewiring. (3 points)
California Branch
IP
Loopback 1
Loopback 2
Loopback 3
IP Address
Subnet Mask
Network Address
10.150.200.30/2
7
10.150.200.62/2
7
10.150.200.94/2
7
255.255.255.224
10.150.200.0
255.255.255.224
10.150.200.32
255.255.255.224
10.150.200.64
Task 4: Use the following network address (10.1.255.0/25) to find the WAN
subnets between NY and IL and NY and CA respectively. Note that there are
only two IP addresses per subnet for each WAN link. Assign the first WAN
subnet to NY to IL and the second WAN subnet to NY to CA. (2 points)
WAN Subnets
NY to IL
NY to CA
IP Address
10.1.255.1/30
10.1.255.2/30
Subnet Mask
255.255.255.252
255.255.255.252
Network Address
10.1.255.0
10.1.255.0
First Major Deliverable in the Project: IP scheme for all three locations
(fill in the IP tables above) and the Visio Diagram.
Required Information
SW1
Netw204
User= Admin1,
Password=cisco123
Message of the
Day (MOTD)
Banner
VTY
Unauthorized Access is
Highly Prohibited!
Create the
required VLANs.
>enable
#configure terminal
#hostname SW1
#enable password
Netw204
#no ip domain-lookup
Points
username Admin1
privilege 15 secret
cisco123
#banner motd
^Unauthorized Access is
Highly Prohibited!^
#line vty 0 15
(c- line)#transport input
ssh
(config-line)#exit
#service passwordencryption
(c-if)#interface vlan 15
(c-if)#name Executive
(c-if)#interface vlan 25
(c-if)#name Engineering
(c-if)#interface vlan 35
(c-if)#name Services
(c-if)#interface vlan 99
(c-if)#name
Native&Management
Assign the
management IP
address.
Enable the
802.1Q Trunk
ports.
Configure all
other ports as
access ports.
Shutdown all
unused ports.
#interface vlan 99
(c-if)#ip address
10.150.1.205
255.255.255.240
#interface fastethernet
0/2
(c-if)#switchport trunk
encapsulation dot1q
(c-if)#switchport mode
trunk
(c-if)#no shutdown
(c-if)#interface
fastethernet 0/1
(c-if)#switchport trunk
encapsulation dot1q
(c-if)#switchport mode
trunk
(c-if)#no shutdown
(c-if)#exit
#interface range fa0/2,
fa0/1, fa0/5, fa0/3
(c-if)#switchport mode
access
#interface fastethernet
0/5
(c-if)# witchport mode
access
(c-if)#switchport access
vlan 25
(c-if)#exit
port information,
#interface range {port
range}, and #shutdown
commands to shutdown
unused ports.
Task 2: Configure SW2. (3.5 points possible)
Configuration
Task
Switch name
Secret
Password
Disable DNS
lookup
Username and
Password
Required Information
Message of the
Day (MOTD)
Banner
VTY
Unauthorized Access is
Highly Prohibited!
Encrypt the
clear text
passwords
Create the
required
VLANs.
Assign the
management
IP address.
SW2
Netw204
User= Admin1,
Password=cisco123
>enable
#configure terminal
#hostname SW2
#enable password
Netw204
#no ip domain-lookup
Points
username Admin1
privilege 15 secret
cisco123
#banner motd
^Unauthorized Access is
Highly Prohibited!^
#line vty 0 15
(c- line)#transport input
ssh
(c-line)#exit
#service passwordencryption
(c-if)#interface vlan 15
(c-if)#name Executive
(c-if)#interface vlan 25
(c-if)#name Engineering
(c-if)#interface vlan 35
(c-if)#name Services
(c-if)#interface vlan 99
(c-if)#name
Native&Management
#interface vlan 99
(c-if)#ip address
10.150.1.205
255.255.255.240
Enable the
802.1Q Trunk
ports.
Native VLAN.
Use the correct switchport
command to set the Trunk
port.
Configure all
other ports as
access ports.
Assign F0/3 to
the correct
VLAN as per
the diagram.
Shutdown all
unused ports.
#interface fastethernet
0/2
(c-if)#switchport trunk
encapsulation dot1q
(c-if)#switchport mode
trunk
(c-if)#no shutdown
(c-if)#interface
fastethernet 0/1
(c-if)#switchport trunk
encapsulation dot1q
(c-if)#switchport mode
trunk
(c-if)#no shutdown
(c-if)#exit
#interface range fa0/2,
fa0/1, fa0/5, fa0/3
(c-if)#switchport mode
access
#interface fastethernet
0/3
(c-if)# witchport mode
access
(c-if)#switchport access
vlan 15
(c-if)#exit
Again I dont know all
the ports because I am
not using the software
but in the even this was
a live production network
I would use #show vlan
for port information,
#interface range {port
range}, and #shutdown
commands to shutdown
unused ports.
>enable
Configuration
Item or Task
Required
Information
Configure
802.1Q
subinterface .
15 on G0/1
Description Executive
LAN
Assign VLAN 15.
Assign the last valid IP
address to this
interface.
Configure
802.1Q
subinterface .
25 on G0/1
Description Engineering
LAN
Assign VLAN 25.
Assign the last valid IP
address to this
interface.
Configure
802.1Q
subinterface .
35 on G0/1
Description Services
LAN
Assign VLAN 35.
Assign the first
available address to
this interface.
Configure
802.1Q
subinterface .
99 on G0/1
Description
Native&Management
LAN
Assign VLAN 99.
Assign the last valid IP
address to this
interface.
Activate
Interface G0/1
#configure
terminal
Points
#interface gigabitethernet
0/1
(c-if)#no shutdown
Bring up interfaces
OSPF Process
ID
204
Router ID
1.1.1.1
Advertise
directly
connected
networks.
Type necessary
commands to do so.
Change the
default cost
reference
bandwidth to
support Gigabit
interface
calculations.
1000
Set the serial
interface
bandwidth.
Adjust the
metric cost of
S0/0/0.
#network 10.150.0.0
0.0.255.255 area 0
#network 10.150.100.0
0.0.0.127 area 0
#network 10.150.200.0
0.0.0.127 area 0
#passive-interface
fastethernet 0/0
#end
#router ospf 204
#auto-cost reference
bandwidth 1000
#end
768 Kb/s
#ip ofsf cost 7500
Cost: 7500
Configuration
Task
Required
Information
Points
#interface loopback 1
#ip address
10.150.100.62
255.255.255.192
#interface loopback 2
#ip address
10.150.100.126
255.255.255.192
#interface loopback 3
#ip address
10.150.100.190
255.255.255.192
#interface serial 2/0
#ip address 10.1.255.1
255.255.255.252
Assign IP
addresses to
appropriate
interfaces
including
Loopback and
serial
interfaces.
Activate the
nonLoopback
interfaces.
OSPF Process
ID
#router-id 2.2.2.2
#network 10.150.0.0
0.0.255.255 area 0
#network 10.150.100.0
0.0.0.127 area 0
204
Router ID
2.2.2.2
Advertise
directly
connected
networks.
Use classless
network addresses.
Assign interfaces to
Area 0.
Use a single
summary address for
the LAN (loopback)
interfaces.
#passive-interface
fastethernet 0/0
#end
Change the
default cost
reference
bandwidth to
support Gigabit
interface
calculations.
Set the serial
interface
bandwidth.
1000
256 Kb/s
Note: You will probably notice that all the Loopback IP addresses show up
as /32. To change that /32 to the real subnet mask of the Loopback interfaces
you need to type the following command on each Loopback interface in the
routers.
Interface Loopback 1
ip ospf network point-to-point
Task 5: Configure the CA Router. (4 points)
Configura
tion Task
Required
Information
Points
#interface loopback 1
#ip address 10.150.200.30
255.255.255.224
#interface loopback 2
#ip address 10.150.200.62
255.255.255.224
#interface loopback 3
#ip address 10.150.200.94
255.255.255.224
#interface serial 3/0
#ip address 10.1.255.2
255.255.255.252
Assign IP
addresses
to
appropriat
e
interfaces
including
Loopback
and serial
interfaces.
Activate
the
nonLoopba
ck
interfaces.
OSPF
Process ID
#router-id 3.3.3.3
204
Router ID
3.3.3.3
Advertise
directly
connected
networks.
Use classless
network
addresses.
Assign
interfaces to
Area 0.
Use a single
summary
address for the
LAN (loopback)
interfaces.
#network 10.150.0.0
0.0.255.255 area 0
#network 10.150.200.0
0.0.0.127 area 0
#passive-interface fastethernet
0/0
#end
Change
the default
cost
reference
bandwidth
to support
Gigabit
interface
calculation
s.
Set the
serial
interface
bandwidth.
1000
256 Kb/s
Question
Points
#show
ip ospf
neighb
or
#show
ip ospf
#show
ip route
ospf
#show
ip ospf
inerfac
e
#show
ip ospf
databa
se [link
state
id]
#show
ip ospf
databa
se
Task 7: Summarize the output of the commands used in Task 6. How can
you tell that the network is working correctly? (3 points)
You would be able to see link state and the ospf routers would for
adjacencies with their neighbors and this would be visible in the ospf
database. The ip route command would show the routes of the packet sent
from one network over to the neighboring network. To see if the overall
network is up and the interfaces are properly turned on, you would ping
addresses on the network to see if the packets go through. Tracert would
be the command a network admin would use to see the route these packets
take to get to their destination addess.
Configuration
Task
Required
Information
>enable
#config t
Name:
EXECUTIVE
DNS-Server:
192.168.1.45
DomainName:
hitech.net
Set the
default
gateway.
Name:
ENGINEERING
DNS-Server:
192.168.1.45
DomainName:
engineering.c
om
Set the
default
gateway.
Points
(1
point)
(1
point)
(1
point)
(1
point)
Required
Information
>enable
Configure a
named access
list to only
allow
Native&Manag
ement VLAN to
SSH to the
routers.
ACL Name:
NETMGMT
Telnet is port
22, so If we
are only
allowing ssh
connections
then we
would
eliminate
that line in
the list.
#conf t
Point
s
Verify ACL is
working as
expected.
#end
#show access-list
then go to an unauthorized device
and try to SSH to the router, it
should give out a connection
refused by remote host error
message.
Configuration
Task
Create a local
database with
one user
account. Use
the command
username
webadmin
privilege 15
secret
cisco123.
Enable HTTP
server service.
Required
Information
Points
Username:
webadmin
Password:
cisco123
Privilege level: 15
#ip http server
ip http ?
ip http
authentication ?
Create a static
NAT to the web
server.
Inside Global
Address:
209.107.23.66 -->
Assign the
inside and
outside
interface for
the static NAT.
#conf t
#username webadmin privilege 15
secret cisco 123
Configure the
HTTP server to
use the local
database for
authentication.
Configure NYs
Loopback 0
interface with
the following IP
address. This is
a simulated
internal web
server.
>enable
192.168.1.200/32
192.168.1.200
209.107.23.66 /
26
#interface fa 0/0
#ip nat inside
#interface serial 2/0
#ip nat outside
Configure the
dynamic NAT
inside private
ACL.
Access List: 10
#ip access-list extended 10
Allow the
#access-list 10 permit
executive
10.150.1.129
and 0.0.0.63
engineering
#access-list 10 permit 10.150.1.1
networks on NY to
be translated.
#access-list 10 permit
Allow
a
summary
10.150.100.0 0.0.0.63
of the LANs
#access-list 10 permit
(loopback)
10.150.200.0 0.0.0.31
networks on IL and
#access-list 10 deny 10.150.1.193
CA to be
translated.
Do not allow the
Services and
Native&Manageme
nt VLANs to be
translated.
Pool Name:
THE_NET
Pool of addresses
include:
209.107.23.68
209.107.23.75
Define the
dynamic NAT
translation.
Configuration Task
Configure an
extended ACL to
allow Internet
hosts WWW
access to the
simulated web
server on NY by
accessing the
static NAT
address
(209.107.23.66 /
26) that you
configured in
Task 3;
allow Internet
hosts DNS
access to the
simulated web
server on NY by
accessing the
static NAT
address
(209.107.23.66 /
26) that you
configured in
Task 3; and
prevent traffic
from the
Internet from
pinging internal
networks, while
continuing to
allow LAN
interfaces to
ping the
Internet hosts.
Apply ACL to the
appropriate
interface(s).
Required
Informatio
n
>enable
ACL No.:
105
10
#conf t
Point
s
Task 5: Verify that your project meets the above requirements. Write a
summary of what you did and explain what you have learned in the process.
(10 points)
I created access control lists to permit only those assigned to the VLAN to
gain remote access to the VLAN. Then we moved forward to set up a NAT
service on the router to translate local addresses to public IP addresses. We
had to first define the inside interface and the outer interface. We created a
pool of usable ip addresses for dynamic translating. Last we secured the
network services with an extended ACL that allowed certain hosts to access
the web server. In the process I have learned to use my resources because
not everything will always stick in my brain, but this was ultimately great
practice.