Documente Academic
Documente Profesional
Documente Cultură
Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Discovery Designing and Supporting Computer Networks course as part of an official Cisco Networking Academy.
CCNA Discovery
FilmCompany Background
This course uses the fictional FilmCompany expansion story to provide context and real-world examples within most of the lab activities. FilmCompany is a film and video development company that recently purchased another video company. FilmCompany recently purchased AnyCompany, a smaller video firm with production expertise in sports videos. FilmCompany needed the additional staff and facilities to support a new contract with the StadiumCompany. The two branches of the FilmCompany are located in the same office park. A LAN interconnects the networks. Most of the production personnel have been consolidated in the original FilmCompany branch office, located in Building F. The web team is also located in this building. The majority of the administration, sales, and management functions are supported in the original AnyCompany office located in Building A. When adjacent office space becomes available, these groups will be consolidated.
Note: The scope of this case study is the network design for the original FilmCompany branch office. This branch is referred to as the FilmCompany in this case study. The network for the entire FilmCompany is referred to as the FilmCompany enterprise network. The two groups are of the FilmCompany are initially in separate buildings. After office space is available, these groups will be consolidated.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 7
FilmCompany Background
FilmCompany has just been awarded a substantial video support contract by the StadiumCompany, resulting in a business growth of around 70 percent. FilmCompany will film events and provide video services to the stadium customers. The video services include live feeds and pre-recorded videos available from a web server. When the next sports season starts, five to eight FilmCompany people will be at the stadium for each event. FilmCompany will manage all of the video services and provide immediate support when there are problems. StadiumCompany management expects FilmCompany to manage the video stored on the StadiumCompany server. Video needs to be available as both live and recorded feeds from the StadiumCompany website. StadiumCompany also wants FilmCompany to manage all of the video services and to provide immediate support when there are problems. Timely support is essential because if the video services are not available during a sporting event or concert, the stadium can lose revenue and customer confidence.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 7
FilmCompany is concerned about the ability of the existing Internet link to the stadium to provide reliable communications of media content back to the production suites in Building A. The FilmCompany IT staff is also concerned about whether its internal network is able to support high-volume, real-time video delivery or the types of services that the stadium requires. FilmCompany believes it may need to upgrade its network. FilmCompany thinks that the preferred way to support the stadium may be to connect directly to the stadium network to transfer files, monitor video performance, and manage the video in real time. StadiumCompany indicates to FilmCompany that the stadium network is going through a redesign process to update it and to improve and increase customer service. FilmCompany meets with NetworkingCompany, the company who is developing the new network design for StadiumCompany, and decides to work with them for their network redesign. As a member of the network design team for NetworkingCompany, you will investigate the existing network of FilmCompany. You will plan, design, and prototype the upgrades necessary to enable the branch to support this growth in business.
You: Where do you see these staff being located? Kevin Lim: We currently have the majority of our staff in two buildings in this office park. We plan to consolidate our staff and facilities into Building F. I expect that initially we will have one or two production people located at the stadium, with an additional six to eight staff members at the stadium when there is an event we are supporting. A fast reliable network link to the stadium is very important. All pre- and post-production work will occur on our premises using the communications link from the stadium. Staff working at both locations will probably use a wireless connection here in the office. You: Thanks for that information. It is important to know those details. What targets do you see the network upgrade project meeting? Kevin Lim: We do have a very tight budget. We need to reuse at least 75 percent of the existing network components, and we would like to reuse all of it. Our time to production is very important too. We see a successful project being one where the network is in full production meeting the deadlines of the StadiumCompany. And of course, the network has to perform! You: We have examined your current network equipment and cabling. It seems to be capable of being scaled to support the new requirements. During the design phase, we will prototype the network load and adjust the design, if necessary. Kevin Lim: What about reliability? You: After you consolidate your personnel in one building, you can use redundant links and technology to ensure high availability to the appropriate resources. We will look at that in more detail during the network design. We can also look at mean time to failure under specified load conditions for all network components. There will be network monitoring so that your network personnel can identify and resolve issues. Are there any specific network security issues that you feel need attention? Kevin Lim: The media content is very valuable. We cannot have the network go down because of a virus or something. What do you recommend? You: We can include in the network design the means for all unauthorized network intrusions to be intercepted, prevented, logged, and reported. Your network technician will have a role here. Kevin Lim: Is there anything else I can tell you at this time? You: I would like to recap the business goals for the FilmCompany. Based on our conversation today, and my discussions with your staff, I understand that your prioritized business goals are: 1. upgrade the network to support 80% more traffic 2. provide a fast reliable link between FilmCompany facilities and the StadiumCompany network 3. implement a highly available network 4. continue to support wireless access at FilmCompany facilities 5. implement QoS to support the video applications 6. implement network monitoring and security Is this list correct? Kevin Lim: Yes, that list summarizes our goals. At this time, I would like you to concentrate on the top 4 goals.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 7
The current network equipment includes: Two 1841 routers (FC-CPE-1, AC-1) Three 2960 switches (FC-ASW-1, FC-ASW-2, ProductionSW) One network and business server One Linksys WRT300N wireless router (AC-AP) One ADSL modem (Internet access)
Page 5 of 7
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
The current network has two VLANs. The General VLAN serves the general office and managers, including reception, accounts, and administration. It consists of 12 PCs and two printers. The General VLAN uses this addressing: Network 10.0.0.0/24 Gateway 10.0.0.1 Hosts (dynamic) 10.0.0.200 10.0.0.254 Hosts (static) 10.0.0.10 10.0.0.20 The Production VLAN serves the production suites and provides networking for the media development and storage. It consists of nine high-performance workstations, five office PCs, and two printers. The Production VLAN uses this addressing: Network 10.10.0.0/24 Gateway 10.10.0.254 Hosts (dynamic) 10.10.0.100 10.10.0.200 Hosts (static) 10.10.0.1 10.10.0.99
Design Considerations
Here are some design considerations to consider for the FilmCompany expansion. Capacity/Scalability Addressing and naming to be easily scaled Future technologies Possibility of greater mobile and converged network services Network security DMZ NAT Filtering Separate management VLAN Network device passwords and access Redundancy Access switches and links Server farm design QoS
Required for video streaming Future implementation of voice over data network system
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 7
FINAL TOPOLOGY
After FilmCompany consolidates their personnel in one building, they choose to keep the devices on the existing switches. They rename the devices consistently. They use STP and redundant links to ensure high availability to all resources. Because the Production staff has the least external connectivity needs (because they mainly write to local servers), their switch is not connected to the BR4 router. To follow the StadiumCompany naming plan, FilmCompany renames AC-1 to BR4, which connects to StadiumCompany and the Internet. FC-CPE-1 continues to provide connectivity to the FilmCompany enterprise network. FC-CPE-1 and the enterprise network are not in the scope of this project. AC-AP is renamed to ISP4 and continues to provide a DSL connection to the Internet.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 7
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 1
CCNA Discovery
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 9
1. Before starting the server, be sure to connect the computer NIC to a switch or router port using an appropriate cable. 2. To start the Discovery Server Live CD, insert the CD into the CDROM drive and reboot the machine. 3. During startup, you will be presented with a list of boot options. At the first options menu, select a. All other options are provided in the event that a does not run properly on your machine. During the booting process you may notice that the eth0 address and the DHCP daemon (dhcpd) fail. This is normal on some machines and these functions will be started manually. Allow the server to boot fully into the KDE graphical environment.
Start Menu
Terminal
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 9
Quick Info
Root Password: User Accounts: Server Name: IP Address: Subnet Mask: Default Gateway: discoverit 20 ordinary user accounts set up as userX with a password of cheetahX where X is any number between 1 and 20 inclusive server.discovery.ccna 172.17.1.1 255.255.0.0 172.17.0.1
DHCP Pool Address Range: Lease: Default Gateway: Domain Name: 172.17.1.50 to 172.17.1.254 4 hours 172.17.1.1 discovery.ccna
DNS Resolves names for the discovery.ccna domain server.discovery.ccna server-1.discovery.ccna server-2.discovery.ccna resolves to 172.17.1.1 resolves to 172.17.1.1 (for the troubleshooting labs in CCNA Discovery 1) resolves to 172.17.1.2 (for the troubleshooting labs in CCNA Discovery 1)
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 9
Figure 2: The Network Configuration Window 3. On the Network Configuration window, click the Devices tab.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 9
4. Select eth0 or the interface that corresponds to your first Ethernet card and then click Edit. This should display the Ethernet Device configuration pane shown in Figure 3.
Figure 3: The Ethernet Device Configuration Pane 5. To set the IP addressing information, click the Statically set IP addresses radio button and enter the following information: Address: 172.17.1.1 Subnet mask: 255.255.0.0 Default gateway address: 172.17.0.1 6. Click OK. 7. Return to the Network Configuration window and click the DNS tab. 8. Enter the following information, as shown in Figure 4: Set hostname: server.discovery.ccna Set Primary DNS: 127.0.0.1
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 9
9. Next, click the Devices tab. 10. Choose eth0. 11. Click Activate. 12. Answer Yes / OK to any questions. 13. Close the Network Configuration window. When prompted, click Yes to save changes.
1. Click Terminal to open a terminal window. 2. Enter su - and click Enter (note that the - is very important). 3. When prompted, enter the root password discoverit. 4. Enter service named restart and press Enter. 5. Enter dhcpd and press Enter.
You should now have a fully operational server. It may take a few minutes for DNS to become fully operational.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 9
After you are logged in as root and have a terminal session open, complete the following steps: 1. Enter cd / to go to the root directory. 2. Enter cd /usr/StreamingServer to go to the directory with the streaming server files. 3. Enter DarwinStreamingServer to start the server. 4. Enter perl streamingadminserver.pl to start the administration server.
When the administration server is running, all further configuration is accomplished using a web browser. 1. Use a web browser to bring up the configuration server by connecting to the server on port 1220 (http://172.17.1.1:1220). All usernames and passwords are stream. 2. Delete any old playlists that may be present. 3. Create a new playlist by dragging the movie file to the right box. Select Sequential Looped for the play mode, name the stream, and click the Save Changes button at the bottom of the screen. 4. Click the button next to the stream name to start the streaming video. 5. To connect to the stream, use the Quicktime Player (free download from Apple Inc. at www.apple.com). 6. Launch Quicktime Player. 7. Under File, click Open URL. 8. Enter the URL rtsp://<server ip>/stream; for example, rtsp://172.17.1.1/MWO.sdp, assuming that the server has the default IP address of 172.17.1.1 and the stream was named MWO.sdp for "Mind Wide Open."
NOTE: The Discovery Server Live CD is provided without warranty of any kind. It is intended to be used only to support the CCNA Discovery labs. For information on the Cisco Networking Academy Program, visit http://cisco.netacad.net.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 9
Problem: Solution:
Problem: Solution:
Problem: Solution:
Problem: Solution:
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 9
TopicNum 1.3.4
PageN um TopicName 4 Traffic Filtering at the Distribution Layer How VLANs Segregate and Control Network 1.4.3 2 Traffic 1.4.5 2 Security at the Network Edge 1.4.6 2 Security Measures 1.4.6 3 Security Measures 2.1.3 2 The Network Lifecycle Plan Phase 2 2 2 3 3 3 2 3 2 2 5 2 3 4 4 2 3 5 3 3 4 The Network Lifecycle Operate Phase Defining the Customer Identifying Business Goals and Priorities Defining Technical Requirements Identifying Constraints Monitoring Network Operations Tools for Network Monitoring Diagramming the Logical Architecture Investigating the Installed Cisco IOS Software Choosing an Appropriate Cisco IOS Image Download and Install Cisco IOS Software The Router Startup Process Investigating Appropriate Hardware Options Visiting the Customer Site Wireless Site Survey and Planning Overall Project Goal Project Scope Business Goals and Technical Requirements Existing Network Characterization Characteristics of Different Application Categories File Transfer and Email
Lab Groupings
Equip-Based (EQ) or Paper-Based (PB) Notes EQ Use Discovery Server EQ PB EQ EQ PB EQ PB PB PB PB EQ PB EQ EQ EQ EQ EQ EQ PB EQ PB PB PB PB EQ EQ Discovery Server Discovery Server Use Discovery Server - Wireshark Access SANS site
2.1.6 2.3.2 2.3.3 2.4.1 2.4.2 2.5.2 2.5.3 3.1.2 3.2.2 3.2.3 3.2.4 3.2.5 3.3.2 3.4.1 3.4.3 3.5.2 3.5.3 3.5.4 3.5.5 4.1.2 4.2.3
Use Cisco Network Assistant, Discovery Server Internet access - access Denika (SNMP) site Use Cisco Network Assistant Access cisco.com Access cisco.com - CCO Acct. Access Solarwinds (TFTP) site Access AC - confreg program Access cisco.com
4.3.3 4.3.4 4.4.4 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 5.1.1 5.1.2 5.1.3 5.1.5 5.2.3 5.2.4 5.4.2 5.5.3 6.1.4 6.2.1 6.2.2 6.2.5 6.2.6 7.1.6 7.2.2 7.2.5 7.2.6 7.3.2 7.3.3 7.3.5 7.3.6
3 2 3 4 2 2 2 2 4 4 5 2 3 2 2 3 3 4 2 4 2 2 4 3 2 4 5 1 2
Priorities and Traffic Management Where Can QoS Be Implemented? Supporting Remote Workers with Voice and Video What Is a Traffic Flow? Diagramming Internal (Intranet) Traffic Flows Diagramming Traffic Flows To and From Remote Sites Diagramming External Traffic Flows Diagramming Extranet Traffic Flows Analyzing Business Goals & Technical Requirements Requirements for Scalability Requirements for Availability Requirements for Security Designing Core Layer Topology Creating the Logical Network Design for the LAN Locating Wireless APs Updating the Logical Network Design Documentation Using CIDR Routing and Summarization Designing the Logical LAN IP Address Scheme Determining the Addressing Blocks Designing the Addressing Scheme Designing a Naming Scheme Identify Risks or Weaknesses in the Design Creating the Test Plan Validating the IP Addressing Scheme Identify Risks and Weaknesses Creating the Test Plan Validating Device and Topology Selection Verify Design Meets Business Goals Identify Risks and Weaknesses
PB EQ EQ EQ EQ EQ EQ EQ PB PB PB PB PB PB PB EQ EQ PB PB PB PB EQ PB EQ EQ EQ EQ EQ PB
Discovery Server Discovery Server Discovery Server Discovery Server Discovery Server Discovery Server Discovery Server
8.1.3 8.2.2 8.2.5 8.2.6 8.3.2 8.3.4 8.3.4 9.1.2 9.2.1 9.2.2 9.2.3 9.2.4 9.3.4 9.4.1 9.4.2 10.0.2
4 3 5 2 3 3 4 3 4 3 3 2 2 2 2 2
Simulating WAN Connectivity in a Lab Environment Creating the Test Plan Troubleshooting Frame Relay Operation Identifying Risks and Weaknesses Creating the Test Plan Prototype VPN Connectivity for Remote Workers Prototype VPN Connectivity for Remote Workers Integrating the Existing Information The Implementation Plan Determining the Best Installation Method Estimating Timelines and Resources Maintenance Windows and Downtime Planning Software IOS Services and Support Finalizing the Proposal Presenting the Proposal Finding the Right Networking Job
EQ PB EQ PB PB EQ EQ PB PB PB PB PB PB PB PB PB
Objective
Create Access Control Lists (ACLs) to filter traffic for security and traffic management.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 11
CCNA Discovery Designing and Supporting Computer Networks Expected Results and Success Criteria
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of ACLs useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the ACL is working properly? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Background / Preparation
Instructor Notes: This lab reviews ACLs. Whereas ACLs were covered in detail in CCNA Discovery: Introducing Routing and Switching in the Enterprise, this lab focuses on security and ACL design. Its purpose is to emphasize data traffic control and filtering, initially at the design stage and then move to representative implementation of these policies. This is a demonstration lab that uses wildcard masks. Students should review the use of wildcard masks in the Challenge Task. This lab also uses Discovery Server to provide representative application data traffic. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternately a local lab server can be set up to provide representative data traffic. If possible this should include FTP and HTTP/Web traffic. In this lab you will consider the need for data traffic control and filtering in a network, and design the policies to achieve this. The traffic security design will then be applied to an example network using ACLs. ACLs are typically applied at the Distribution Layer. This lab will use a router connected to a server that will provide sample network applications to demonstrate ACL placement and operation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 11
b. Consider the two approaches to writing ACLs: Permit specific traffic first and then deny general traffic. Deny specific traffic first and then permit general traffic.
When would it be best to permit specific traffic first and then deny general traffic?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 11
Allow PC2 to access web server access-list 101 permit tcp host 10.0.0.201 host 172.17.1.1 eq www log
Allow PC1 ftp access to router Fa0/0 access-list 101 permit tcp host 10.0.0.10 host 10.0.0.1 eq telnet log
Deny all other traffic access-list 101 ip deny any any log After an ACL is written and applied to an interface, it is useful to know if the ACL statements are having the desired effect. The number of packets that meet the conditions of each ACL statement can be logged by adding the option log at the end of each statement. Why is it important to know to how many times packets that match an ACL statement are denied? _______________________________________________________________________________ _______________________________________________________________________________ This potentially shows the number of attempts at unauthorized access to denied services that may lead to further investigation of network usage.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 11
d. From the global configuration mode issue the following commands: Router(config)#hostname FC-CPE-1 FC-CPE-1(config)#interface FastEthernet0/0 FC-CPE-1(config-if)#ip address 10.0.0.1 255.255.255.0 FC-CPE-1(config-if)#no shutdown FC-CPE-1(config-if)#exit FC-CPE-1(config)#interface FastEthernet0/1 FC-CPE-1(config-if)#ip address 172.17.0.1 255.255.0.0 FC-CPE-1(config-if)#no shutdown FC-CPE-1(config-if)#exit FC-CPE-1(config)#line vty 0 4 FC-CPE-1(config-line)#password telnet FC-CPE-1(config-line)#login FC-CPE-1(config-line)#end e. Ping between PC1 and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.
Perform the following tests on PC2: a. Open a web browser on PC2 and enter the URL http://172.17.1.1 at the address bar. What web page was displayed? ______________________________________________ Discovery Server Home Page b. Open a web browser on PC2 and enter the URL ftp://172.17.1.1 at the address bar. What web page was displayed? ______________________________________________ Discovery FTP Home Directory c. On the Discovery FTP Home Directory, open the Discovery 1 folder. Click and drag a Chapter file to the local Desktop. Did the file copy successfully? __________ Yes d. From the PC2 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. What response did the router display? ______________________________________________ Prompt for Telnet password and login to router. e. Exit the Telnet session. quit Why was each of the above connections successful? ___________________________________________________________________ There were no data access or filtering controls in place. ___________________________________________________________________ Successful connection was expected. If any of the above connections was not successful, troubleshoot the network and configurations and establish each type of connection from each host.
Perform the following tests on PC2: a. Open a web browser on PC2 and enter the URL http://172.17.1.1 at the address bar. What web page was displayed? ______________________________________________ Discovery Server Home Page Why is this the outcome? ______________________________________________ This host is allowed web access. b. Open a web browser on PC2 and enter the URL ftp://172.17.1.1 at the address bar.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 11
Step 9: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
Rewrite the Server-Access ACL used in this lab so that: 1) Administrator workstations are considered to be in the address range of 10.0.0.10 /24 to 10.0.0.15 /24 instead of a single host; and, 2) The general workstations have the address range of 10.0.0.16 /24 to 10.0.0.254 /24 instead of being a single host. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ip access-list extended Server-Access remark Allow PC1 to access any IP traffic permit ip host 10.0.0.0 0.0.0.15 172.17.1.1 log remark Allow PC2 to access web server
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 8 of 11
Current configuration : 1309 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! !
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 11
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 11
FC-CPE-1#
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 11
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 10
Objectives
Observe broadcast traffic on a switch. Create and apply VLANs to separate local traffic. Observe broadcast traffic containment with VLANs.
Background / Preparation
Instructor Notes: Using the given topology, students will use VLANs to contain broadcasts. This will be demonstrated by using Wireshark to capture data flows, both with and without VLANs configured on a switch. This lab uses two PCs. PC1 is on one VLAN and PC2 is on another. If resources and time are available, configuring VLANs with two or three PCs each will provide a more comprehensive demonstration.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 10
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 10
d. Confirm that the ARP cache is clear by issuing the arp -a command.
d. Stop the Wireshark capture on each PC. e. Examine the entries in the Wireshark Packet List (upper) Pane. How many ARP captures occurred for each device? ______________________________________________ ARP request and ARP reply for each device pinged List the source IP addresses of the ARP request and replies: ______________________________________________ Source IP addresses are the devices issuing the ping command and replies come from devices being pinged. ______________________________________________ ______________________________________________ Did each device receive an ARP request from every PC connected to the switch? __________ Yes f. Exit Wireshark. (You have the option to save the capture file for later examination.) Not required
FC_ASW-1(config-if)#switchport access vlan 20 % Access VLAN does not exist. Creating vlan 20 FC_ASW-1(config-if)#interface FastEthernet0/4 FC_ASW-1(config-if)#switchport access vlan 20 FC_ASW-1(config-if)#end d. Confirm that the interfaces are assigned to the current VLANs by issuing the show vlan command from the Privileged EXEC mode. If the VLANs are not assigned correctly, troubleshoot the command entries shown in Steps 1b and 1c and reconfigure the switch.
d. Stop the Wireshark capture on each PC. e. Examine the entries in the Wireshark Packet List (upper) Pane. How many ARP captures occurred for each PC? ______________________________________________ One ARP request and one ARP reply to the device in the PCs VLAN List the source IP addresses: ______________________________________________ Depends on PC. Each PC will only see other devices in its own VLAN. ______________________________________________ ______________________________________________ What is the difference between the captured ARP packets for each PC this time and those captured in Task 1? ______________________________________________ Only ARP requests were received from devices in the same VLAN. How many Ethernet broadcast domains are present now? __________ 2 broadcast domains including VLAN 10 and VLAN 20. Three VLANs counting the default VLAN 1. f. Exit Wireshark. (You have the option to save the capture file for later examination.)
Step 4: Clean up
Erase the configuration and reload the switch. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 10
APPENDIX
Sample Configurations
Catalyst 2960 Switch FC-ASW-1 with VLANs configured ! FC-ASW-1(config)#int fa0/1 FC-ASW-1(config-if)#switchport access vlan 10 % Access VLAN does not exist. Creating vlan 10 FC-ASW-1(config-if)#int fa0/2 FC-ASW-1(config-if)#switch acc vlan 10 FC-ASW-1(config-if)#int fa0/3 FC-ASW-1(config-if)#switch acc vlan 20 % Access VLAN does not exist. Creating vlan 20 FC-ASW-1(config-if)#int fa0/4 FC-ASW-1(config-if)#switch acc vlan 20 FC-ASW-1(config-if)#end FC-ASW-1# FC-ASW-1#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 10
10 20 1002 1003 1004 1005 VLAN ---1 10 20 1002 1003 VLAN ---1004 1005
VLAN0010 VLAN0020 fddi-default token-ring-default fddinet-default trnet-default Type ----enet enet enet fddi tr Type ----fdnet trnet SAID ---------100001 100010 100020 101002 101003 SAID ---------101004 101005 MTU ----1500 1500 1500 1500 1500 MTU ----1500 1500 Parent -----Parent ------
Primary Secondary Type Ports ------- --------- ----------------- -----------------------------------------FC-ASW-1#show run Building configuration... Current configuration : 1294 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname FC-ASW-1 ! ! no aaa new-model ip subnet-zero ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending !
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 10
Cisco IOS command variations for switch platforms other than 2960 1900 FC-ASW-1# configure terminal FC-ASW-1(config)# vlan 10 name VLAN10 FC-ASW-1(config)# vlan 20 name VLAN20 FC-ASW-1(config)# interface ethernet 0/1 FC-ASW-1(config-if)# vlan static 10 FC-ASW-1(config-if)# exit FC-ASW-1(config)# interface ethernet 0/2 FC-ASW-1(config-if)# vlan static 10 FC-ASW-1(config-if)# end FC-ASW-1# show vlan-membership 2900 FC-ASW-1# vlan database FC-ASW-1(vlan)# vlan 10 name VLAN10 FC-ASW-1(vlan)# vlan 20 name VLAN20 FC-ASW-1(vlan)# exit 2950 Note: The above vlan database commands are deprecated for the 2950, use the following FC-ASW-1(config)# vlan FC-ASW-1(config-vlan)# FC-ASW-1(config-vlan)# FC-ASW-1(config)# vlan FC-ASW-1(config-vlan)# FC-ASW-1(config-vlan)# 2900 and 2950 FC-ASW-1# configure terminal FC-ASW-1(config)# interface fastethernet 0/1 FC-ASW-1(config-if)# switchport mode access FC-ASW-1(config-if)# switchport access vlan 10
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 10
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 10
Background / Preparation
Instructor Notes:
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 5
In this lab, you will be introduced to computer security issues and vulnerabilities. The SANS website will be used as a tool for threat vulnerability identification, understanding, and defense. Estimated completion time is one hour.
The SANS Top-20 Internet Security Attack Targets list is organized by category. An identifying letter indicates the category type, and numbers separate category topics. Router and switch topics fall under the Network Devices category, N. There are two major hyperlink topics: N1. VoIP Servers and Phones N2. Network and Other Devices Common Configuration Weaknesses
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
Step 9: Reflection
The number of vulnerabilities to computers, networks, and data, continues to increase. Many national governments have dedicated significant resources to coordinating and disseminating information about security vulnerability and possible solutions. It remains the responsibility of the end user to implement the solution. Think of ways that users can help strengthen security. Write down some user habits that create security risks. Answers vary, but may include: Using weak passwords Writing down passwords Not changing passwords frequently Not securing workstations when leaving them unattended Not following procedures or protocols when divulging network information (checking a persons identity and clearance to have that information) Creating a work-around solution to a current security requirement (if it impedes a work process) instead of formally requesting that the issue be reviewed and amended. (Network administrators also need to be aware that network functionality is essential and that implementing security measures that render a business network feature inoperable is not viable.) ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
Challenge
Try to identify an organization that will meet with the class to explain how vulnerabilities are tracked and solutions applied. Finding an organization willing to do this may be difficult, for security reasons, but will benefit students, who will learn how vulnerability mitigation is accomplished in the world. It will also give representatives of the organization an opportunity to meet the class and conduct informal intern interviews.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Device Designation R1 PC
Objectives
Gain access to a router with unknown login and privileged mode passwords. Demonstrate the necessity and importance of physical security for network devices.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 12
Background / Preparation
Instructor notes: Set up a network as displayed in Topology 1. Preconfigure the router with console, Telnet, and privileged mode with passwords that have not been previously used and are not known by the students. Configure the hostname, one Ethernet interface, and a message-of-the-day banner. Example of preconfiguration:
hostname FC-CPE-1 enable password different interface fa0/0 ip address 10.0.0.1 255.255.255.0 no shutdown banner motd #ONLY AUTHORIZED ACCESS TO THIS DEVICE PERMITTED Unauthorized access will be penalized in accordance with the relevant laws#
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 12
line con 0 password unusual login line vty 0 4 password uncommon login Save the configuration by issuing the copy running-config startup-config command. Issue the show version command from the EXEC prompt and record the configuration register value from the last line of the command output. For example: Configuration register is 0x2101 Disconnect console connections and restart router. Configure the PC with IP address 10.0.0.254/24 This lab demonstrates that physical access is required to access and change the password of Cisco routers and switches. At first, an attempt to telnet to the router is made by trying to log in by guessing the password. When this proves unsuccessful, physical access to the console port on the router is made so that the passwords can be changed and control of the router is established. This demonstrates why it is of critical importance that routers and switches have physical security to prevent unauthorized access, in addition to strong password protection. When a console connection is made, the following principles apply to the process of accessing and changing the passwords of a router: Router passwords are in the startup-configuration file stored in NVRAM. The router boot sequence is changed so that it starts without loading the configuration. When running without the startupconfiguration loaded, the router can be reconfigured with new, known passwords. A memory location in NVRAM, called the configuration register, holds a binary value that determines the router startup sequence. The configuration register value needs to be changed so that the router boots but does not load the startup-configuration. When the passwords are changed, the configuration register is reset to a value that loads the changed startup-configuration when the router next powers on.
The list of standard break key sequences is available at http://www.cisco.com/warp/public/701/61.pdf a. To enter ROM Monitor mode, turn the router off, wait a few seconds, and turn it back on. b. When the router starts displaying System Bootstrap, Version on the terminal screen, press the Ctrl key and the Break key together if using HyperTerminal, or the Alt key and the b key together if using TeraTerm. The router will boot in ROM monitor mode. Depending on the router hardware, one of several prompts such as "rommon 1 >" or simply > may show. Example output may be similar to: Router>System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Self decompressing the image : #################################### monitor: command "boot" aborted due to user interrupt rommon 1 >
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 12
Step 4: Change the configuration register setting to boot without loading configuration file
From the ROM Monitor mode, enter confreg 0x2142 to change the config-register. rommon 2 > confreg 0x2142 NOTE: The ROMMON prompt increments when a command is issued this is normal behavior. The increment does not mean a change of mode. The same ROMMON commands are still available. "0x" (zero- x) denotes that 2142 is a hexadecimal value. What is this value in binary? ___________________________________________________ 0010 0001 0100 0010 Instructor note: The confreg program is available to decode configuration register values. It can be downloaded from Academy Connection Tools. From Tools, select the CCNA Curriculum (not CCNA Discovery or CCNA Exploration), and then select any v3.1 course. Click Cisco Configuration Register Decoder to download the program. After it is installed and executed, the program will display the binary and hexadecimal values of the register that set the different router startup sequences and console communications.
Step 6: Enter Privileged EXEC mode and view and change passwords
The router is now running without a loaded configuration file.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 12
Step 7: Change the configuration register setting to boot and load the configuration file
a. The instructor will provide you with the original configuration register value, most likely 0x2101. While still in the global configuration mode, enter config-register 0x2101 (or the value provided by your instructor). Press Enter. FC-CPE-1(config)#config-register 0x2101 b. Use the Ctrl+z combination to return to the privileged EXEC mode. c. Use the copy running-config startup-config command to save the new configuration.
d. Before restarting the router, verify the new configuration setting. From the privileged EXEC prompt, enter the show version command and press Enter. e. Verify that the last line of the output reads: Configuration register is 0x2142 (will be 0x2101 at next reload). f. Use the reload command to restart the router.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 12
Step 9: Clean up
Erase the configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 12
Device Designation S1 PC
Background / Preparation
Instructor notes: Set up a network as displayed in Topology 2. Preconfigure the router with console, Telnet, and privileged mode passwords that have not been previously used and are not known by the students. Configure the hostname, a message-of-the-day banner, and the VLAN 1 interface. Example of preconfiguration: hostname FC-ASW-1 enable password different interface Vlan1 ip address 10.0.0.2 255.255.255.0 no shutdown banner motd #ONLY AUTHORIZED ACCESS TO THIS DEVICE PERMITTED Unauthorized access will be penalized in accordance with the relevant laws# line con 0 password unusual login line vty 0 15 password uncommon
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 8 of 12
This task demonstrates that physical access is required to access and change the password of Cisco switches, and again why it is of critical importance that routers and switches also have physical security to prevent unauthorized access. After unsuccessful attempts to remotely log in, a console connection is made and the following principles are applied to the process of accessing and changing the passwords of a switch: Switch passwords are in the configuration file called config.txt, which is stored in flash memory. The switch boot sequence is changed so that it starts without loading the configuration. When running without the configuration loaded, the switch can be reconfigured with new, known passwords.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 12
g. Enter dir flash: at the switch: prompt to view the name change. switch: dir flash:
Step 4: Enter Privileged EXEC mode and view and change passwords
The switch is now running without a loaded configuration file. a. At the user mode prompt Router>, type enable and press Enter to go to the privileged mode without a password. b. Enter rename flash:config.old flash:config.text to rename the configuration file with its original name. Switch#rename flash:config.old flash:config.text Destination filename [config.text]? Press Enter to confirm file name change. c. Copy the configuration file into RAM. Switch#copy flash:config.text system:running-config Destination filename [running-config]? Press Enter to confirm file name. d. Press Enter to accept the default file names. Source filename [config.text]? Destination filename [running-config] The configuration file is now loaded. e. Enter show running-config to display the configuration details. Note that all the passwords are shown. enable password different line con 0 password unusual line vty 0 4 password uncommon What two measures could be taken to prevent the passwords from being readable? ____________________________________________ service password encryption ____________________________________________ enable secret somepassword f. If the passwords were not readable they can be changed. Enter configure terminal to enter the global configuration mode.
g. Change the unknown passwords. FC-ASW-1#configure terminal FC-ASW-1(config)#enable password cisco FC-ASW-1(config)#line console 0 FC-ASW-1(config-line)#password console FC-ASW-1(config-line)#line vty 0 15 FC-ASW-1(config-line)#password telnet FC-ASW-1(config-line)#exit FC-ASW-1(config)#exit
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 12
Step 7: Clean up
Erase the configurations and reload the switch. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
Consider the different methods of securing physical access to networking devices such as routers and switches. List how only those people who require access can be identified and how this security can be implemented. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ NOTE: It is important to remember that the passwords (console, cisco, class, telnet) used in these labs are for convenience only. These are not secure passwords that would be used in production networks. Answers can vary. Examples include: Physical security includes locking rooms and closets containing switches and routers. Networking devices sharing common space with other services, such as electrical power panels, should be enclosed in a separated lockable cabinet. Keys and access codes should only be given to identified authorized personnel. People authorized to access the networking devices should include only those network personnel required to configure and troubleshoot switches and routers as part of their regular or daily duties. Other IT personnel such as help desk staff, data center administrators, or desktop support workers would normally not be required to access switches and routers.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 12
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 11
Objectives
Configure port security on individual FastEthernet ports on a switch. Test and confirm the configured switch port security.
Background / Preparation
Instructor Notes: This lab may be performed using Packet Tracer, but some outputs may vary. If more than two PCs per lab pod are available, these could also be used as extra "intruder" devices. Using the given topology, students will set and test switch port security. The aim is to highlight the purpose of securing Access Layer switch ports against the connection of unauthorized devices to the network. The instructions and CLI command and output format given in this lab are based on the Cisco Catalyst C2960 switch running IOS version 12.2. Note that different switch platforms and IOS versions may result in different
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 11
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 11
NOTE: The MAC addresses above are examples only. b. Note the MAC addresses shown and the associated switch ports. Confirm that these addresses and ports match the connected PCs. How were these MAC addresses and port associations learned? ____________________________________________________________________________ ____________________________________________________________________________ The source MAC addresses of the ping echo requests and ping replies (echoes) were recorded against the incoming ports.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 11
CCNA Discovery Designing and Supporting Computer Networks Task 2 Configure and Test the Switch for Dynamic Port Security
Step 1: Set port security options
a. Disconnect all PCs Ethernet cables from the switch ports. b. Ensure that the MAC address table is clear of entries. To confirm this, issue the clear macaddress-table dynamic and show mac-address-table commands. a. Clear the MAC address table entries. FC-ASW-1#clear mac-address-table dynamic b. Issue the show mac-address-table command. Record the table entries. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Mac Address Table ------------------------------------------Vlan ---c. Mac Address ----------Type -------Ports -----
Determine the options for setting port security on interface FastEthernet 0/4. From the global configuration mode, enter interface fastethernet 0/4. FC-ASW-1(config)#interface fa 0/4 Enabling switch port security provides options, such as specifying what happens when a security setting is violated.
d. To configure the switch port FastEthernet 0/4 to accept only the first device connected to the port, issue the following commands from the configuration mode: FC-ASW-1(config-if)#switchport mode access FC-ASW-1(config-if)#switchport port-security e. In the event of a security violation, the interface should be shut down. Set the port security action to shutdown: FC-ASW-1(config-if)#switchport port-security violation shutdown FC-ASW-1(config-if)#switchport port-security mac-address sticky What other action options are available with port security? ____________________________________________________ protect, restrict f. Exit the configuration mode.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 11
Note the difference in entries recorded in Step 2 b. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ The Port Status is now Secure-up (a PC is connected). There is 1 sticky MAC address. The Last Source Address and VLAN are shown. f. Confirm the status of the switch port. ALSwitch#show interface fastethernet 0/4 What is the state of this interface? FastEthernet0/4 is __________ up and line protocol is __________ up.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
NOTE: The MAC address above is an examples only. i. Show the port security settings. FC-ASW-1#show port-security interface fastethernet 0/4 Record the details displayed in the table. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Port Security Port Status : Enabled : Secure-shutdown
Page 8 of 11
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Note the difference in entries recorded in Step 3 e. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ The Port Status is now Secure-shutdown. There is 1 Security Violation. The Last Source Address has changed to that of the Linksys device. j. Confirm the status of the switch port. FC-ASW-1#show interface fastethernet 0/4 What is the state of this interface? FastEthernet0/4 is __________ down and line protocol is __________ down.
Step 6: Discuss switch port security using dynamic MAC address assignment
Advantages: ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 11
Step 7: Clean up
Erase the configurations and reload the switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
When considering designing a typical enterprise network, it is necessary to think about points of security vulnerability at the Access Layer. Discuss which Access Layer switches should have port security and those for which it may not be appropriate. Include possible future issues in regard to wireless and guest access to the network.
Answers can vary, considerations may include: What types of hosts are connected to the switch; e.g., general PCs, IP phones, printers, servers. The type of users - employees or guests Where access is made - in secure office or in public area Type of access - wired or wireless Investigating the security features available on different switch platforms How port security policies can be implemented and managed. Static versus dynamic port security
APPENDIX: Instructor IOS and Configuration Notes 1. Switch IOS Release variations Since Cisco IOS Release 12.1(11)EA1 the command mac-address-table has the form mac addresstable. (no "-" between mac and address). However, it was found that a C2960 running 12.2(25)SEE3 supported both forms of the command. S1(config)#mac-address-table ? aging-time Set MAC address table entry maximum age move Move keyword
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 11
S1(config)#mac address-table ? aging-time Set MAC address table entry maximum age move Move keyword notification Enable/Disable MAC Notification on the switch static static keyword S1(config)#mac ? access-list Named access-list address-table Configure the MAC address table 2. Switch Platform Variation C1900: S1(config)#interface ethernet 0/4 S1(config-if)#port secure ? max-mac-count Maximum number of addresses allowed on the port <cr>
C1900: S1#show mac-address-table security C1900: S1(config)#interface Ethernet 0/4 S1(config-if)#port secure max-mac-count 1
C2950: S1(config-if)#switchport port-security violation shutdown C2900XL: S1(config-if)#port security action shutdown C1900: The default action upon address violation is suspend
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 11
Background / Preparation
Instructor notes: This is a written lab. Acting as the network designers, students are to begin to develop a network project plan. This lab is based upon, and requires access to, the information in the document "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues for which the case study does not provide sufficient information. Wherever possible, apply local examples to the application of the principles of network design process in this case study to provide students with a realistic workplace context. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Regardless of the lab strategy adopted, each student should complete an individually compiled Project Plan Checklist document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
For the Plan Phase, you will perform a site and operations assessment. The details of the project and its implementation will be developed in forthcoming labs.
Step 1: Evaluate the current network, operations, and network management infrastructure
a. Use word processing software to create a Project Plan Checklist document based on this lab. b. From the case study, document, identify, and assess the current state of the following factors: Physical facilities: ______________________________________ At capacity/Scope for growth Environmental facilities: _________________________________ At capacity/Scope for growth Electrical facilities: _____________________________________ At capacity/Scope for growth
For each factor, indicate whether it is at capacity or has scope for growth. Include these factors on the checklist with your assessment. c. Assess the ability of the current operations and network management infrastructure to support a new technology solution. On the checklist, list the following categories and include what changes must be completed before the implementation of any new technology solution. Infrastructure Personnel Processes Tools
d. Identify and add to the checklist any custom applications that may be required for the new network.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Lab 2.1.6 Observing Traffic Using Cisco Network Assistant Instructor Version
IP Address VLAN1 10.0.0.4 VLAN1 10.0.0.5 10.0.0.2 10.0.0.3 Fa0/0 10.0.0.1 Fa0/1 172.17.0.1 172.17.1.1
Subnet mask
Objectives
Explain what occurs during the Operate Phase of the network lifecycle. Use Cisco Network Assistant to monitor the outcomes of the Operate Phase of the network lifecycle. Establish the network baseline performance.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 9
CCNA Discovery Designing and Supporting Computer Networks 640-802 CCNA Exam Objectives
This lab contains skills that relate to the following CCNA exam objectives: Describe the purpose and functions of various network devices. Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH or other utilities. Determine the path between two hosts across a network.
Background / Preparation
Instructor Note: This lab introduces Cisco Network Assistant as a tool to monitor the operation of a working network. A more detailed consideration of using Cisco Network Assistant to monitor the performance of a network is given in Lab 2.5.2. Cisco Network Assistant is available for download from the Classroom Setup Tab on the Academy Connection Tools page. It can also be downloaded from http://www.cisco.com. A valid Cisco.com Registration (CCO) is required to access the download site. There are many levels of Cisco.com access available. The registration process is explained in Task1 of Chapter 3 Lab 3.2.3 where students create their own account. Students do not need a Cisco.com registration for this lab. Once downloaded, install the Cisco Network Assistant program on the Admin PC used in the lab. This lab also uses Discovery Server as a representative source of application data traffic. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternately, a local lab server can be set up to provide representative data traffic. If possible this should include FTP and HTTP/Web traffic. The lab topology can be preconfigured if student time is limited. The Admin and Host1 PCs use DHCP on their respective VLANs. Sample configurations for the router and two switches are in the Appendix of this Instructor Version lab. The configurations are based on Cisco 1841 router and Cisco Catalyst 2960 switches.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 9
c.
d. In the Name field, enter FilmCompany. e. List the four options available in the Discover field:
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 9
g. At the Start IP address, enter 10.0.0.1 h. At the End IP address, enter 10.0.0.5 i. j. k. Click Start. The devices found will be listed. Click OK on the Create Community and Communities dialog boxes. Note the range of icons now available on the top toolbar. Click the Topology icon on the top toolbar and view the topology that Cisco Network Assistant has created.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 9
Step 6: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab focused on monitoring individual devices in a network. Consider, research, and discuss the network factors that should be included in network baseline measurements. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________
Responses vary but examples include: Testing and reporting of the physical connectivity Normal network utilization Peak network utilization Average throughput of the network usage Protocol usage
In-depth network analysis can identify problems with speed and accessibility and can find vulnerabilities and other problems within the network. Once a network baseline has been established, this information can be
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 9
Sample Configurations (Based on Cisco 1841 Router and Catalyst 2960 Switch) - Instructor Version Only Router FC-CPE-1 hostname FC-CPE-1 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 no shutdown ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 no shutdown ! ====================================================================== Switch FC-ASW-1 ! hostname FC-ASW-1 ! enable password cisco ! ! interface GigabitEthernet1/1 switchport mode trunk ! interface GigabitEthernet1/2 !
======================================================================
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 9
Background / Preparation
Instructor notes: This is a written lab. Acting as the network designers, students are to create a network organization structure document for the FilmCompany case study. This lab is based upon, and requires access to, the information in the document "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues for which the case study does not provide sufficient information. Wherever possible, apply local examples to the application of the principles of network design process in this case study to provide students with a realistic workplace context. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Regardless of the lab strategy adopted, each student should complete an individually compiled network organization structure document. The completed checklists and documents should become part of the FilmCompany portfolio that the student will continue to build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Instructors should recommend that students keep their documents in a portfolio. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
Save your network user structure document and network organization diagram and retain it for the next stages of this network design case study.
Step 3: Reflection
The total number of users has a direct impact on the scale of the network at the Access Layer. The type of users and the services they require also have implications for the network structure. Discuss and consider the impact that the range of network services required by even a relatively small number of users can have on the network structure. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Background / Preparation
Instructor notes: This is a written lab. Acting as the network designers, students are to create a business goals and priority checklist document for the FilmCompany case study. This lab is based upon, and requires access to, the information in the document "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues for which the case study does not provide sufficient information. Wherever possible, apply local examples to the application of the principles of network design process in this case study to provide students with a realistic workplace context. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is clearly expressed or known by a customer; good communications skills are often necessary to gather all the relevant details.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Or the goals may be Strategic: c. Customer satisfaction Can the project improve the customer experience and increase customer loyalty? Reputation and industry standing Will the project develop specific core technology competencies in the organization?
Identify and list at least four business goals from the case study interview. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ Profitability, business growth, customer satisfaction, industry standing, etc.
d. Discuss these goals with another student, or in a group, to clarify understanding of the goals.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
Priority
Total
100%
c.
Discuss your priority values with other students. If there are differences in priorities, discuss why this has occurred and attempt to resolve them. Instructor Note: While some differences in priority values may occur, it would be expected that the final ranking order should be the same in all cases. Have students discuss these priorities from both the perspective of their role as the network designer and from the perspective of the FilmCompany as the customer.
d. Save your Project Prioritized Business Goals Checklist document and retain it for the next stages of this network design case study.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Background / Preparation
Instructor notes: This is a written lab. Acting as the network designers, students are to create a technical requirements checklist document for the FilmCompany case study. This lab is based upon, and requires access to, the information in the document "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues for which the case study does not provide sufficient information. Wherever possible, apply local examples to the application of the principles of network design process in this case study to provide students with a realistic workplace context.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Discuss these technical requirements with another student, or in a group. Consider the range of possible technical solutions to meet the business goals of the FilmCompany. ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Instructor Note: Encourage students to discuss and explore a wide range of technical solutions to achieve the business goals the FilmCompany expects the network upgrade to provide. Constraints to these ideas will be considered in the next lab.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
b. List the ranked technical requirements in a table and assign a priority value as a percentage. The total of the percentage values must equal 100. Category Prioritized Technical Requirements Priority
Security
Scalability
Manageability
TOTAL c.
100
Discuss your priority values with other students. If there are differences in priorities discuss why this has occurred and attempt to resolve them. ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Step 3: Reflection
When discussing technical requirements with the customer, the network designer must consider the technical level of the audience. Technical terms and jargon may not be clearly understood by the customer. Such terms should either be avoided or tailored to the level of detail and complexity that the customer can understand. Compile a list of networking technical terms and jargon that may need to be expressed or explained to a nontechnical business customer. Develop an explanation or definition for each term that a non-technical business customer can understand for the purpose of discussing a network upgrade with them. _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ Outcomes will vary. Suggest using the curriculum glossary to compile an appropriate terminology list.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Background / Preparation
Instructor notes: This is a written lab. Acting as the network designers, students are to create a checklist of project constraints for the FilmCompany case study. This lab is based upon, and requires access to, the information in the document "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues for which the case study does not provide sufficient information. Wherever possible, apply local examples to the application of the principles of network design process in this case study to provide students with a realistic workplace context. Use a classroom brainstorming session to identify the constraints and relate them to the prioritized case study business goals. Students may then compile the checklist individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is clearly expressed or known by a customer; good communications skills are often necessary to gather all the relevant details. Regardless of the lab strategy adopted, each student should complete an individually compiled project constraints checklist document. The completed checklists and documents should become part of the FilmCompany portfolio that the student will continue to build throughout the rest of the course. Instructors will need to monitor the progress of this
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
FILMCOMPANY CONSTRAINTS CONSTRAINT GATHERED DATA Answers include: Use as much of the current equipment to minimize cost Restricted access to external WAN and Internet infrastructure COMMENTS
Budget
Policy
Schedule
Time to complete
Personnel
d. Save your Project Constraints Checklist document and retain it for the next stages of this network design case study.
Step 3: Reflection
The constraints imposed on this network design project are determined by the internal requirements of the FilmCompany. Consider and discuss external constraints. Include constrains that may be beyond the control of the business but which, in some circumstances, affect a network design project. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Outcomes will vary. Points may include: Shortage of skilled personnel Unavailability of equipment or cabling of the required technical specifications Reliable public electricity supply Lack of accommodation to house the expanded business and its network infrastructure Restricted access to external WAN and Internet infrastructure
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
IP Address VLAN 10.0.0.4 VLAN 10.0.0.5 10.0.0.2 10.0.0.3 Fa0/0 10.0.0.1 Fa0/1 172.17.0.1 172.17.1.1
Objective
Describe methods of monitoring network performance to ensure that the network design is working appropriately.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Background / Preparation
Instructor Note: This lab uses Cisco Network Assistant to monitor the operation of a working network. Cisco Network Assistant is available for download from the Classroom Setup Tab on the Academy Connection Tools page. It can also be downloaded from http://www.cisco.com. A valid Cisco.com Registration (CCO) is required to access the download site. There are many levels of Cisco.com access available. The registration process is explained in Task1 of Chapter 3 Lab 3.2.3 where students create their own account. Students do not need a Cisco.com registration for this lab. Once downloaded, install the Cisco Network Assistant program on each PC used in the lab. This lab also uses Discovery Server to provide representative application data traffic. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternately, a local lab server can be set up to provide representative data traffic. If possible, this should include FTP and HTTP/Web traffic. The lab topology can be preconfigured if student time is limited. Sample configurations for the router and two switches are in the Appendix of this Instructor Version lab. The configurations are based on Cisco 1841 router and Cisco Catalyst 2960 switches. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 9
Step 5: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Step 6: Reflection
The usefulness of monitoring network traffic and performance is maximized when the full range of network usage and service situations has been recorded. Consider and discuss when recorded network performance data should be considered for network design purposes and occasions when it should not be included. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Responses vary. Possible answers include: Ensuring single extraordinary events that effect network traffic and performance are not included - for example a civil emergency.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 8 of 9
Sample Configurations (Based on Cisco 1841 Router and Catalyst 2960 Switch) - Instructor Version Only Router FC-CPE-1 hostname FC-CPE-1 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 no shutdown ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 no shutdown ! ====================================================================== Switch FC-ASW-1 ! hostname FC-ASW-1 ! enable password cisco ! ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 ip address 10.0.0.4 255.255.255.0
hostname ProductionSW ! enable password cisco ! ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 ip address 10.0.0.5 255.255.255.0
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 9
Background / Preparation
Instructor Note: This lab is performed using a computer with Internet access. Students are to research and examine the features of SNMP-based network monitoring software. If Academy lab resources are sufficient, a sample program can be downloaded and demonstrated to students to enhance their learning; however, this program is not a formal part of this lab. This lab refers to Plixer Denika v7 (http://www.plixer.com/products/denika.php) as an example program that provides monitoring and notification functions but this does not exclude other such programs being researched, referred to, or used. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Descriptions of SNMP are available at: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm http://www.protocols.com/pbook/tcpip9.htm#SNMP As part of a network management system, SNMP tools can respond to network errors or failures in several ways. Generally, when a network fault occurs, or when predefined thresholds are met; the SNMP tools can react by: Sending an alert on the network Sending a message to a pager Sending an email to an administrator
The FilmCompany is required to maintain a specified level of network service to meet its StadiumCompany contract obligations. They need to purchase network management software that enables them to monitor and manage the new upgraded network.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
d. Select a program that would be suitable for the FilmCompany network and give reasons for your selection. Discuss your choice of program with other students. Program: _________________________________ Website: ____________________________ Reasons: ___________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Step 4: Reflection
Consider and discuss the organizational or business support necessary to make best use of network monitoring programs with event-triggered notification features. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Responses vary and may include: The event thresholds and conditions that trigger notifications must be set so that unnecessary notifications are not sent, but critical conditions are reported and notification is sent. Company employees who are notified must be both technically capable of resolving the issue and available to do so when notified. This will require the company to ensure that staff is trained in the response processes, in the technical skills, and in troubleshooting and problem solving. Employee rosters and task allocation need to consider these issues.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 17
Task 1: Use Cisco IOS Commands to Obtain Information about the Network
Step 1: Discover and document the first device
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Your instructor will advise you as to which PC is configured for Administrator access to the network. Access this Admin PC and issue the ipconfig command from the command prompt to discover the default gateway. b. Telnet from the command prompt (or use a terminal program such as HyperTerminal or TeraTerm) to the IP address of the gateway device and enter privileged EXEC mode using the passwords given above. c. Issue Cisco IOS commands, such as those shown here as well as others you choose to use, to learn about the device.
Page 2 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Record this information in the first Device Table at the end of this lab. d. Issue Cisco IOS commands such as those shown here to discover information about connected devices. show cdp neighbors show cdp neighbors detail It may take a few minutes for the network to converge. If you do not see any neighboring devices initially, repeat the command until you do. Document the information you gather in the appropriate Device Tables. e. Close the Telnet session by issuing the exit command.
Task 2: Use Cisco Network Assistant to Obtain Information about the Network
Step 1: Launch Cisco Network Assistant
a. Launch the Cisco Network Assistant program on the PC connected to the network. b. Network devices can be accessed for monitoring and information gathering. From the Applications menu, click Connect. c. In the Connect dialog box, select the Connect To: option and enter the default gateway of the Admin PC in the field, as shown.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 17
b. Continue to connect to each known device. Record the topology displayed and compare it with the diagram that you created from the results of Task 1.
Step 4: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
a. These techniques were used to discover and document an enterprise LAN. Would the same techniques work for an enterprise network that included WAN links? ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ b. Could these techniques be used in a network that included routers and switches from a manufacturer other than Cisco? Why or why not? ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Cisco Network Assistant only supports devices listed in the FAQ of the program. Other types of software can be used for multi-brand networks.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 17
Router Hostname _________________________ Model ____________________________ IOS version ______________________________ Interface IP Address Subnet Mask Connects to Device Connects to Interface
Router Hostname _________________________ Model ____________________________ IOS version ______________________________ Interface IP Address Subnet Mask Connects to Device Connects to Interface
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 17
Router Hostname _________________________ Model ____________________________ IOS version ______________________________ Interface IP Address Subnet Mask Connects to Device Connects to Interface
Switch Hostname _________________________ Model ____________________________ IOS version ___________________________ IP Address __________________________________ Subnet Mask __________________________________ Default Gateway ______________________________ Trunk Ports Connects to Device Connects to Interface
VLAN Number
VLAN Name
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 17
VLAN Number
VLAN Name
Switch Hostname _________________________ Model ____________________________ IOS version ____________________________ IP Address __________________________________ Subnet Mask __________________________________ Default Gateway ______________________________ Trunk Ports Connects to Device Connects to Interface
VLAN Number
VLAN Name
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 17
VLAN Number
VLAN Name
Switch Hostname _________________________ Model ____________________________ IOS version ____________________________ IP Address __________________________________ Subnet Mask __________________________________ Default Gateway ______________________________ Trunk Ports Connects to Device Connects to Interface
VLAN Number
VLAN Name
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 17
Sample Configurations (Based on Cisco 1841 Router and Catalyst 2960 Switch) - Instructor Version Only Administrator PC: IP Address 10.10.0.10 255.255.255.0 Default Gateway 10.10.0.254 Router FC-CPE-1 no service password-encryption ! hostname FC-CPE-1 ! enable password class
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 17
Lab 3.2.2 Using show version to Create an Inventory List Instructor Version
Topology 1
Objectives
Use IOS show commands to determine the version and capabilities of an installed IOS. Use Cisco.com website tools to determine the features and capabilities of an IOS.
How is an understanding of the networking device IOS useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why would a network administrator change the networking device IOS to a different version or feature set? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Background / Preparation
Instructor Notes: This lab requires access to both the Internet and the classroom lab equipment. If both are not available at the one location, Task 1 and Task 2 can be partially performed at two different locations. After recording details of the router and switch, students are to use the software and feature search tools on Cisco.com. Note that Cisco.com is an extensive and information-rich website. Product information on the website can be accessed via a number of pathways. The steps and links given in this lab show just one of those pathways. Students should become familiar and comfortable with the process of searching and locating information using a range of approaches. This lab is specifically based on the 1841ISR and 2960 switch. The CLI output and Cisco.com documentation details vary accordingly if platforms other than these are used in this lab. If other platforms are available, students are encouraged to perform similar searches for these devices to reinforce practice at using the Cisco.com website. Attached as an appendix to this Instructor Version for in-class reference is a list of the typical IOS features found for an 1841 ISR. The features and capabilities of the Cisco IOS installed on a router and switch determine which network features it can provide. When considering a network upgrade, it is important to determine precisely what the current devices can do. If shortcomings are found in device IOS capabilities, the planned upgraded services cannot be provided and the device IOS will have to be upgraded. In this lab, you will examine the installed IOS on a router and switch, and then use the Cisco.com website to more precisely list the features of the IOS. This lab is based on the 1841 ISR and 2960 switch. The results of this lab will vary accordingly if other devices are used.
d. On the Support page, under Frequently Used Resources, click Tools & Resources. e. At the bottom of the Tools & Resources page, click the Show All Tools button to display tools by category. f. Scroll to the Software section.
Step 4: Clean up
Erase any configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 13
Topology 2
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 13
d. At the bottom of the Tools & Resources page, click the Show All Tools button to display tools by category. e. Scroll to the Software section. f. Click Cisco IOS Software Selector - Cisco Feature Navigator.
g. Click Search by Platform. 1) At Platform select: CAT2960. Click Continue. 2) At Major Release select: 12.2SEE (The screen will refresh after each selection) 3) At Release select: 12.2(25)SEE3 4) At Feature Set select: LAN BASE Print or select and save the search results. NOTE: The list of features may be more than 10 printed pages. h. Examine the listed features. From your understanding of IOS features group 1 or 2 features under headings such as: Answers vary; examples include: Routing: ____________________________________________________ None (Layer 2 switch) Security: ____________________________________________________ RADIUS, ACL IP Services: _________________________________________________ DHCP Converged Services: __________________________________________ AutoQoS Network Management: _________________________________________ SNMP, SSH, CDP Other: ______________________________________________________ IEEE 802.1Q, STP
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 13
Step 4: Clean up
Erase any configurations and reload the switch. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 13
Background / Preparation
Instructor Notes: This is an Internet-based lab. The first task leads the student through the creation of a Cisco.com Guest registration. NOTE: Duplicate registrations are discouraged; therefore, if a student has a current Cisco.com registration, please have that student omit Task 1. All registrations must be personal registrations using first and last names. Generic group or company accounts, or use thereof, are not permitted. Improper, inaccurate, or duplicate registrations may be removed without notice. Students can register at Cisco.com with the same username as their Academy Connection username; however, the two accounts are not linked in any way. Advise students to have an alternate username, if needed, and a password prepared. There is no "Student" Cisco.com registration category. Each student needs to have the following details available: Working email address
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 8
It is recommended that the students be briefed on these requirements before starting the lab. No age details are entered. Please ensure that local requirements relating to disclosure of personal details of non-adults are complied with if you have students that are legal minors. For students enrolled in CCNA Discovery classes who are not currently employed, the "Education/Training" job role is suggested as the best option. General information about the Cisco.com registration process is available at http://www.cisco.com/web/help/reg/index.html where the FAQ and General Registration Help links are most useful. In Task 2, the lab covers the Feature Navigator. Because the layout of the www.cisco.com website is regularly revised, it is recommended that this tool be accessed directly at http:www.cisco.com/go/cfn Instruct the students to explore the IOS feature results returned by the Feature Navigator so that they become familiar with the terminology and applications. This lab introduces the features of the Cisco Systems, Inc. website, www.cisco.com, as a resource for supporting Cisco networking devices. You will use the website tools to examine the features available in versions of the Cisco IOS software for the 1841 ISR and Catalyst 2960 switch. The ability to navigate and access the services and information on www.cisco.com is critical to maintaining up-to-date knowledge of router and switch features that applies to network configuration and troubleshooting.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 8
d. At Step 4 of 4, the Complete Registration screen appears. You will be directed to your email account to activate your registration with Cisco.com. e. Check the email account you registered with for an email with the subject "Cisco.com Registration: Action required." In the body of the email, click the Cisco.com account activation link, or copy and paste it into a browser address window. 1) You will see the Successful Registration screen. 2) You will receive a Cisco.com Registration Confirmation email with your User ID.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 8
d. Under Product Research Tools, click the Cisco Feature Navigator link. NOTE: You do not need to use your Cisco.com registration to access the Cisco Feature Navigator. It can be accessed directly from http://www.cisco.com/go/cfn.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 8
CCNA Discovery Designing and Supporting Computer Networks Task 3: Examine 1841 Router IOS Features
NOTE: It is important to distinguish between an IOS feature and a Feature Set. An IOS feature is a specific facility that an IOS supports. Examples include support for a particular routing protocol (EIGRP or BGP), a WAN service (Frame Relay), or a VPN facility (IPSec). A Feature Set is a group of features that differentiates one IOS image from another. Feature Sets have generalized names such as IP BASE, ADVANCED IP SERVICES, and ADVANCED ENTERPISE SERVICES.
These features are a sample of services that the FilmCompany may consider adding to their network; you may add others for this exercise. TIP: Filtering by using the first letter links across the top of the page or using the search field makes finding each feature easier. c. Click the Add button for each feature selected. When done, click Continue.
d. On the next screen, from the Platform drop-down menu, select 1841. From the Feature Set dropdown menu, select ADVANCED IP SERVICES. Output similar to this will be displayed: Release 12.3(14)YT1 12.3(14)YT 12.3(8)YG4 12.3(8)YG3 12.3(8)YG2 12.3(8)YG Image Name c1841-advipservicesk9-mz.123-14.YT1.bin c1841-advipservicesk9-mz.123-14.YT.bin c1841-advipservicesk9-mz.123-8.YG4.bin c1841-advipservicesk9-mz.123-8.YG3.bin c1841-advipservicesk9-mz.123-8.YG2.bin c1841-advipservicesk9-mz.123-8.YG.bin DRAM 192 192 192 192 192 192 Flash 48 48 64 64 64 64
e. Note the DRAM and flash requirements for each image. Does your router have the DRAM and flash resources to support these advanced services? _______________________________________ Answer varies. See previous lab for answer. How can the DRAM and flash available on your router be determined? _____________________________________________________________________________ Issue show version and show flash: commands at the privileged EXEC mode prompt. The required and suitable IOS image can be selected and the appropriate arrangements made to download it.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 8
This presentation provides feature details but makes direct comparison between the Feature Sets difficult.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 8
Does your router have the DRAM and flash resources to support these advanced services? _______________________________________ Answer varies. See previous lab for answer. How can the DRAM and flash available on your router be determined? _____________________________________________________________________________ Issue show version and show flash: commands at the privileged EXEC mode prompt. What extra Layer 3 protocol support is with the ADVANCED IP SERVICES feature set? __________________________ IPv6 e. Examine some of the unique features listed above by clicking the links. Describe the enhanced network services and features users could expect if an IOS upgrade to the ADVANCED IP SERVICES feature set was performed. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ These features enable the IP data network to manage and transport voice and videophone calls across the enterprise LAN and WAN networks, and to and from the public switched network. Mobile IP devices can also be connected to the network from different points and VLANs.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 8
CCNA Discovery Designing and Supporting Computer Networks Task 4: Examine 2960 Switch IOS Features
Step 1: Search by platform
a. Return to the Cisco Feature Navigator page and click the Search by Platform link. b. From the Platform drop-down menu, select CAT2960 and click Continue.
d. Select various Major Release and Release values from those respective menus. Note the IOS image filenames and memory requirements. e. Return to the Cisco Feature Navigator. From the Platform drop-down menu, select CAT3560 and click Continue. f. Examine the list of features. Which significant Layer 3 protocol family is included in the feature set? ______________________________________________ IP and IPv6 What is the significance of this difference between 2960 and 3560 switches? _____________________________________________________________________________ _____________________________________________________________________________ A 2960 is an Access Layer switch that operates at OSI Layer 2, whereas a 3560 has OSI Layer 3 switching capability for use in the Core Layer of the network.
Task 5: Reflection
The recording and documentation of network features and services, and the devices that provide them, are important features of network management. Consider and explore the Cisco.com resources and information that can facilitate this task. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Responses and discussion will vary, but the students should be able to demonstrate that they can effectively search and retrieve technical information from the Cisco.com website.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 8
Device Designation R1 PC
Objectives
Download the correct IOS and transfer the file to the Cisco router. Use TFTP to save and restore a Cisco IOS image.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 9
CCNA Discovery Designing and Supporting Computer Networks Expected Results and Success Criteria
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of the networking device IOS transfer to and from a TFTP server useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the IOS was transferred and saved correctly? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Background / Preparation
Instructor notes: Ideally this lab should have students: (1) Download a specified Cisco IOS software file from www.cisco.com. (2) Set up a local TFTP server. (3) Upload the appropriate IOS file to the flash memory of a Cisco router and switch. Downloading IOS software from www.cisco.com usually requires a Cisco.com maintenance contract account. It is not appropriate that this be performed by students in the lab. Accordingly, Task (1) above is substituted with backing up the current IOS image from the router or switch flash memory to the TFTP server. This lab requires that TFTP server software be installed on the PC1 device. The Microsoft Windows-based TFTP server previously provided by Cisco Systems has been discontinued and is no longer supported by Cisco Systems. This software suffers from a security bug described in (http://online.securityfocus.com/bid/2886). Individuals still using the server should consider replacing it with any of the high-quality freeware and shareware TFTP servers. As a historical note, the Cisco TFTP server was released to customers in 1995 and at a time when no other freely available TFTP servers existed. Today, there are many TFTP servers available. These can be easily found by searching for "tftp server" on the Internet. Cisco does not specifically recommend any particular TFTP implementation. It is also useful to note that modern versions of IOS also support the use of FTP instead of TFTP for loading images or configuration files. Use of FTP overcomes a number of inherent limitations of TFTP, including a lack of security and a 16 MB file size limitation. Information about TFTP Server Selection and Use is located at:
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 9
d. Configure the router hostname and interface as given in the table. e. Ping PC1 from the CLI prompt to verify connectivity between the router and the PC. Troubleshoot the configuration of the router and PC if connectivity is not verified.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 9
Value TFTP-Root Transmit and Receive Files <all IP addresses> Never Enable Log Requests to the Following File. Leave the default file.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 9
c.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
8679424 bytes available (23252992 bytes used) b. Issue the show version command and record the following information: Answers will vary; examples shown. Configuration-register value: ______________ 0x 2102 Size of flash memory: ___________ 32 MB Is there at least 16 MB of flash? _______________ Yes (This lab requires at least 16 MB flash) Version number of boot ROM: ________________ 12.4(13r) Is the boot ROM version 5.2 or later? ___________ Yes (This lab requires 5.2 or later) Sample Output: ACC-CPE-1#show version Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(1c), RELEASE SO FTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Tue 25-Oct-05 17:10 by evmiller ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) R1 uptime is 2 days, 12 hours, 29 minutes System returned to ROM by reload at 21:21:02 UTC Fri Aug 24 2007 System image file is "flash:c1841-ipbase-mz.124-1c.bin" Cisco 1841 (revision 7.0) with 114688K/16384K bytes of memory. Processor board ID FTX1118X0AB 2 FastEthernet interfaces 2 Serial(sync/async) interfaces 2 Low-speed serial(sync/async) interfaces DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 31360K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102
d. At the destination filename, press Enter to accept the name displayed. NOTE: If prompted to overwrite an existing file with the same name, press Enter to confirm. Do not interrupt the process. Sample Output: ACC-CPE-1#copy tftp flash Address or name of remote host []? 10.0.0.254 Source filename []? c1841-ipbase-mz.124-1c.bin Destination filename [c1841-ipbase-mz.124-1c.bin]? %Warning:There is a file already existing with this name Do you want to over write? [confirm] Accessing tftp://10.0.0.254/ c1841-ipbase-mz.124-1c.bin... Loading c1700-y-mz.122-11.T.bin from 10.0.0.254 (via FastEthernet0/0):
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 9
Step 4: Clean up
Erase the configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), delete the IOS image file from the TFTP directory, reconnect the appropriate cabling and restore the TCP/IP settings.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 9
Objective
Identify and explain the stages of the router startup process.
Background / Preparation
Instructor notes: The student is to observe and record information about a specific device learned through observing the boot process to determine what happens at each step of the startup process. During this lab, you will observe the startup process of a Cisco router while logged into a console terminal session. Information about the state of the router startup process, platform, and IOS details is displayed on the terminal screen as the router starts up. This information can be recorded for future use to help troubleshoot startup problems. The sample output used in this lab matches that of a particular 1841 series router and IOS platform. Other Cisco routers and IOS versions may produce slightly different output.
program load complete, entry point: 0x8000f000, size: 0xd4a9a0 Self decompressing the image : ################################################# ####################################################################### ################# [OK] Smart Init is enabled smart init is sizing iomem ID MEMORY_REQ 0X003AA110 0X00211000 0X0013 0X00035000 0X000021B8
TYPE public buffer pools public particle pools Card in slot 0 Onboard USB
If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Allocating additional 7692243 bytes to IO Memory. PMem allocated: 117440512 bytes; IOMem allocated: 16777216 bytes Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706
Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(1c), RELEASE SO FTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Tue 25-Oct-05 17:10 by evmiller Image text-base: 0x6007ECA0, data-base: 0x61480000 Port Statistics for unclassified packets is not turned on. Cisco 1841 (revision 7.0) with 114688K/16384K bytes of memory. Processor board ID FTX1118X0BN 2 FastEthernet interfaces 2 Low-speed serial(sync/async) interfaces DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 31360K bytes of ATA CompactFlash (Read/Write)
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
Step 4: Clean up
Erase the configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), delete the IOS image file from the TFTP directory, reconnect the appropriate cabling, and restore the TCP/IP settings.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Objectives
Determine the correct hardware options available on a specific Cisco device. Determine which hardware options on a specific Cisco device are scalable.
Background / Preparation
Instructor Notes: This Lab requires both access to the Internet and the classroom lab equipment. If both are not available at the one location, Task 1 and Task 2 can be performed separately. Task 1 requires the student to perform a physical inspection of an 1841 ISR in the lab and use a console terminal session to determine the interfaces available. In Task 2, www.cisco.com is accessed and the online, 1841 hardware technical documentation is located and examined. Note that cisco.com is an extensive and information-rich website. Product information on the website can be accessed via a number of pathways. The steps and links given in this lab show just one of those pathways. Students should become familiar and comfortable with the process of searching and locating documentation using a range of approaches. The student is to record and assess those features of the router that are expandable and scalable. This information will be referred to later in the Planning and Design phases of the case study. This lab is specifically based on the 1841 ISR, but equivalent exercises using other modular platforms such as the 2800 or 2600 series routers are possible. The documentation details and hardware requirements will have to be amended accordingly if an 1841 is not the subject of this lab. When considering expanding or upgrading a network, it is not always necessary to completely replace existing network devices. Some devices may be capable of being individually upgraded or expanded. In this lab, you examine the hardware features of a Cisco 1841 Integrated Services Router and determine if it is suitable for upgrading to meet the potential requirements of a planned network expansion. In the FilmCompany case study, there is a need to consider how the existing 1841 routers can be upgraded to reduce the cost of the network upgrade. A physical examination of the router will be performed as well as an examination of its technical documentation. The examination details will be recorded for use in the planning and design of the network upgrade. This lab is based on the 1841 ISR. Any router platform that supports adding hardware modules can be substituted for the 1841. The search criteria and results will vary accordingly.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 7
Item Description 9 6 3 10 11 2 7 CompactFlash (CF) LED KensingtonTM security slot Slot 0 (WIC, VWICdata only, or HWIC) AIM LED Fast Ethernet interfaces and LEDs 2 On/Off switch Slot 1 (WIC, VWICdata only, or HWIC)
Item 13 1 4 5 12 8
Description Chassis ground connection Input power connection Console port 1 USB port 1 Aux port 1 CompactFlash memory card slot
Is a module installed in Slot 0? __________ Answer varies If yes, record the module and interface(s) type. How many Fast Ethernet interfaces does the router have? _______ 2 ______________________________________________ WIC-2T two serial interfaces Is a module installed in Slot 1? __________ Answer varies If yes, record the module and interface(s) type. ______________________________________________ Answer varies Which of the modules and ports have the potential to be upgraded to improve the router's capabilities? ______________________________________________ Slot 0 and Slot 1, flash card slot ______________________________________________
d. Review the documentation links displayed. e. Under Product Literature, click the Data Sheets link. Note the range of data sheet documentation available. f. Click Cisco 1800 Series Integrated Services Routers: Cisco 1841 Router (Modular).
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 7
DRAM Type DRAM capacity Flash memory Flash memory capacity Modular slots-total Modular slots for WAN access Modular slots for HWICs Modular slots for voice support Analog and digital voice support VoIP support Onboard Ethernet ports Onboard USB ports Console port Auxiliary port Onboard Advanced Integration Module (AIM) slots
Synchronous dual in-line memory module (DIMM) DRAM Default: 128 MB, Maximum: 384 MB External compact Flash Default: 32 MB, Maximum: 128 MB Two Two Two None-The Cisco 1841 does not support voice No Voice-over-IP (VoIP) pass-through only Two 10/100 One (1.1) One-up to 115.2 kbps One-up to 115.2 kbps One (internal)
d. From the Table 6, Modules and Interface Cards the Cisco 1841 Router Supports, list the 10 different categories of interface card (WIC) supported by the 1841 platform. Ethernet Switching HWICs
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 7
The following components plug into connectors inside the chassis and are installed and removed only by opening the chassis: Advanced Integration Module (AIM) Synchronous dynamic RAM (SDRAM) small-outline dual in-line memory module (SODIMM) Router Memory Specifications: Description SDRAM Flash memory Boot/NVRAM Specification 128 MB, expandable to 384 MB; default is 128 MB 32, 64, or 128 MB; default is 32 MB 2/4 MB flash memory
Summarize the changes that are possible for this router. This information is important to have and consider when planning and designing the network upgrade. If the router is not at its limit of these features, candidates for upgrading could include: ______________________________________________ Flash memory (if larger IOS required)
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 7
Step 4: Clean up
Erase any configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
Network device capabilities are continuously developing. Consider the advantages of a modular platform over that of a device with a fixed hardware platform. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Responses and discussion may vary. Key points may include: Modularity facilitates customization of a device to meet local network needs. Upgrading and replacement of modules reduces costs and time out of service. Modular devices provide flexible and scalable network design.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 7
Background / Preparation
Instructor Notes: This is a written lab with an in-class discussion or role-play element. As the network designers, students are to create and write each section of a site visit checklist or planning document. The emphasis is on preplanning a site visit and developing the need for a professional approach. Such visits may be as much about the customer noting the behavior of the network design team as it is about the design team collecting network information. The focus of this lab is on the FilmCompany, but wherever possible and appropriate, the instructor should introduce local information and issues so that the students are exposed to actual working cases within their own environment. Students may perform some steps of this lab individually, but small group role-play or discussion is required for other steps. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network site visit
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 9
b. List the FilmCompany personnel who are most likely to be able to answer your questions and whom you would need to talk to on site. _____________________________________________ _____________________________________________ _____________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 9
Examine the existing network topology diagram at the end of this lab. List points that you want to confirm and those that need clarification. _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ Answers vary; general points could include: Confirm actual switch port usage Interconnection of devices VLAN topology and address allocations Wireless LAN usage and coverage
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 9
b. List the documentation, instrumentation, and software you need to take to the site. _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ List could include: c. Copy of visit approval or appointment acknowledgement Copy of topology and site floor plan Network traffic/performance monitoring software and test equipment (not to be installed and used unless approved by customer) Wireless LAN radio signal monitoring and analysis instruments
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
b. Customer role: Develop a list of requirements relating to a proposed site visit by the network designer that the on-site technician can follow to ensure seamless interaction. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Answers vary; general points should include: c. Best time to have visit: which is best, non-peak time when there will less inconvenience or when the site is busy so the designer can witness the network under stress? Who will be available to meet with network designer? Who should meet the network designer? Visitor protocol: parking, which entrance to use, where to register, visitor badge? Who will host/guide the visit? What areas may have restricted access for both physical and operational reasons? Will other staff be made aware of the visit and its purpose? What safety issues have to be complied with?
Using the information recorded above, the student performing the network designer role simulates a telephone conversation with the student performing the customer role, to arrange a site visit that meets the requirements of both roles.
d. Record the agreed-upon terms and details of the visit. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Answers will vary but should include and be based upon the general points developed for each role. e. Add the agreed-upon details to the site visit plan.
On Site: Arrive on time Check with the proper staff upon entry into the stadium. Instill a sense of confidence in the customer by working quickly and professionally Ask questions clearly and precisely, allow for explanations and follow-up; use appropriate questioning techniques to obtain the relevant information Answer customer's questions politely and as completely as possible. Write down any questions that must be answered by other staff members. Advise the customer of the survey procedures. Report back to the customer staff before leaving the premises to inform them of the successful completion of the survey.
Safety guidelines: Follow the recommended safety guidelines to ensure proper operation and safe use of the wireless devices. Obtain customer approval before touching or attaching devices to any existing networking equipment.
Step 5: Reflection
Arranging a visit to a customer site to inspect their network and associated facilities can have many aspects. The data network of an organization is a vital part of their operations. Gaining access to inspect and record details of that network may require more detailed arrangements than this lab presents. Consider and discuss the arrangements required to visit to a high-security area such as government, aviation, or military location.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 9
Objective
Use available tools to perform a wireless site survey.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
c.
Expand that SSID number to find the Wireless Router MAC address. Click that address to open the Signal/Noise monitoring window to the right.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
The Green vertical bars in the moving graph indicate signal strength. Red bars indicate signal noise. The higher the green bars, the more signal strength. Additional information may be found in the Help menu of the Network Stumbler program (Help > User Interface > Configuration Dialog > Graph View). d. Record the signal strength of the Wireless Router at its current location and include its distance from PC1.
c.
Record the signal strength of the Wireless Router at the current location and include its distance from PC1. Will the current placement of the Wireless Router be a good location to provide wireless access to other rooms within the area? __________________________________________ Answers vary depending on signal strength and device location security. Judge how far away end devices can be placed from the wireless Access Point and determine the number of end devices that the AP could provide service to. _________________________________________________________________ Answers vary depending on signal strength, obstructions and device bandwidth capacity. What obstructions tend to cause the largest drop in signal strength? _________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
Challenge
Determine possible secure locations in your building topology that can contain wireless Access Points.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Background / Preparation
Instructor Notes: This is a written lab. Acting as the network designers, students are to create and write each section of a design requirements document. In this lab, given the FilmCompany case study details, students are to develop an overall Project Goal statement. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Regardless of the lab strategy adopted, each student should submit an individually compiled Project Goal document. The instructor may review this as at the completion of the lab or, alternatively, at the completion of the full project requirements document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Step 1: Gather information about the company goals that this network upgrade will facilitate
Consider what FilmCompany sees as benefits that the upgraded network will provide to their business in terms of their new stadium contract. These business benefits will not be the direct technical improvements that networking technicians and engineers may see. A business manager does not necessarily see the network in terms of bandwidth, latency, efficient protocols, or device operation. They are more likely to consider issues of profitability, flexibility, customer service, and reliability. As a network designer, you take into account all the information obtained through interviewing the company managers and key members of the staff. a. Draft informal notes of what you consider to be the business benefits in this case. b. Use word processing software to create a Project Goal document based on these notes. c. Organize or group your informal notes and save these in your Project Goal document. General headings could include: Financial goals Job management goals Customer communication goals
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
Step 4: Obtain agreement from the company on the project goal statement
FilmCompany has to agree with your assessment of the Project Goal before you proceed further with the design. If this is agreement is not obtained, the network you design may not meet the FilmCompany overall business requirements. An agreement provides clarification and acknowledgement of why the upgrade is to occur and what it is to achieve. a. Discuss your Project Goal document with another student and arrive at an agreed-upon Project Goal. It may be necessary to amend the statement and important goals before agreement is reached. b. Save your Project Goal document and retain it for the next stages of this network design case study.
Step 5: Reflection
Consider the issue of communication between the network designer and a manager of the company considering an upgrade of the business network. The network designer is trained in network operation and performance and how to optimize network resources and technologies to best provide network services. To the manager, the network is only one of a number of business tools that the company may use. The business manager probably wants to improve profitability and sees an enhanced network as a tool to help achieve that goal. A business manager is not likely to relate to a goal that is expressed solely in technical terms, such as an upgraded LAN with higher bandwidth, less latency, and maximized server utilization. Although most designers may want to talk about network capabilities, the lifecycle approach is about customer requirements and enabling the business process. Discuss some strategies that will enable clear communication between a network designer and a business manager so that the resulting Project Goal document represents business needs that ultimately can be met by a network design. Responses and discussion will vary. Important points could include: Students interested in networking, including related computer, IT systems, and technologies, may tend to be overly focused on the technical aspects of network design. At this early stage of the design lifecycle, it is important that students develop an awareness of the business imperatives that will drive a network upgrade of the nature, in this case study. Ensure that financial, sales, organizational, customer, and market goals are brought to the attention of students. Strategies could include: Moderate the technical language students may be tempted to use when communicating with nontechnical managers and staff. Have them role-play a customer of the organization with no technical networking knowledge. List the business outcomes from network capabilities; e.g., increased bandwidth may allow more simultaneous VoIP phone calls to be made, or wireless network access may result in inventories being more up-to-date and accurate.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Background / Preparation
Instructor Notes: This is a written lab. As the network designers, students are to create and write each section of a Design Requirements document. In this lab, given the FilmCompany case study details, students are to develop an overall Project Scope statement. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Regardless of the lab strategy adopted, each student should submit an individually compiled Project Scope document. The instructor may review this as at the completion of the lab or, alternatively, at the completion of the full project requirements document. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network designer. Your job is to develop network design and project documents for FilmCompany that will meet the requirements of this upgrade.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Step 1: Consider how meeting the project goals will impact the existing network
a. As the network designer, look at the existing network topology and the services that it provides. Consider how much of the network is affected or changed as a result of the project. b. Record what areas of the existing network will have to change or will in some way be affected by meeting the project goals. Draft informal descriptive notes of these possible changes. Organize these notes under headings such as: c. Access Layer Distribution Layer Core Layer Data Center Network Services WAN Access
Use word processing software to create a Project Scope document based on these notes.
Step 2: Refine and record the proposed changes to the existing network
a. Distinguish between possible upgrades to existing network resources, such as additional servers or VLANs, and completely new additional resources, such as QoS and WAN links. b. Record which areas and users will be affected by these changes. c. Include these network changes in your Project Scope document.
Step 3: Define the areas of the existing network not covered by the project
It is important to note the parts of the existing network that are not within the areas covered by the project. These out-of-scope areas are defined so that there is no misunderstanding between the NetworkingCompany and FilmCompany management. In this case study, for example, providing IP telephony services may be a future consideration, but it is not within the scope of this project. Clearly state these out-of-scope areas in your Project Scope document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Background / Preparation
Instructor Notes: This is a written lab. As the network designers, students are to create and write each section of a Design Requirements document. In this lab, given the FilmCompany case study details, students are to develop a Network Requirements document. Unlike the first two sections of the Design Requirements document (Labs 3.5.2 and 3.5.3), which are usually short, and without much detail, the Network Requirements section is more detailed. This section helps drive the network design and implementation of new technologies. Students are encouraged to consider all technical possibilities, with the understanding that not all possibilities may be implemented when the network requirements are finalized. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Step 1: Record the company business goals and constraints that will influence the network design
As the network designer, you need to identify and prioritize the business goals of FilmCompany as defined in the Project Goals document. Develop your understanding of what these goals are from the FilmCompany case study information. a. List these goals in order of priority. b. Expand and consider the details of how these goals can be achieved using the network as a platform. c. Note any constraints that these expanded goals may impose on the network design, such as retaining the current number of IT and network support staff.
d. Use word processing software to create a Network Requirements document. e. Clearly state the business goals and constraints in the document.
Step 2: Record the technical requirements that will influence the network design
a. Evaluate each of the business goals and determine the technical requirements to meet the goals. List these technical requirements under the headings of: Scalability Availability and Performance Security Manageability
b. Initially, list all technologies that may be able to meet these technical requirements. c. Include these requirements in your Network Requirements document.
Step 3: Record the user requirements that will influence the network design
a. Consider the types of users that will influence the network design. These users may be onsite, in the office, in the video editing room, offsite (at the stadium), or mobile. Which types of users generate the heaviest amount of network traffic? Which types generate the lightest traffic? _______________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 4
Step 4: Record the application requirements that will influence the network design
a. Consider the type of applications that will influence the network design. What applications are essentially device-based, with minimal network requirements? _______________________________________________________ _______________________________________________________ _______________________________________________________ Which applications are network-intensive? _______________________________________________________ _______________________________________________________ _______________________________________________________ Which applications and services are delivered onsite, in the offices, and which may need to be delivered offsite over the WAN or to mobile users? _______________________________________________________ _______________________________________________________ _______________________________________________________ b. Include these requirements in your Network Requirements document.
d. Save and retain your Technical Requirements document for the next stage of this network design case study.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Background / Preparation
Instructor Notes: This is a written lab. As the network designers, students are to create and write each section of a Design Requirements document. In this lab, given the FilmCompany case study details, students are to analyze the current network in relation to the identified business and technical requirements of a new network design project. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Regardless of the lab strategy adopted, each student should submit an individually compiled written analysis of the current FilmCompany Corporation network. The instructor may review this at the completion of the lab or, alternatively, at the completion of the full project requirements document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
Step 1: Document and confirm existing network topology, addressing, and naming schemes
a. Examine the existing network topology diagram. 1) Record the current addressing scheme in a table. 2) Associate device names with addresses on the table. b. Highlight any inconsistencies in the naming and addressing schemes. For example: c. Naming some devices by location and others by function Inconsistent or confusing use of abbreviations Some gateway addresses as the first address of a subnet, others as the last address
Step 2: Identify those parts of the existing network that currently meet the project technical requirements
a. Examine the network topology and specifications. Record which current features meet the technical requirements of the proposed network upgrade. Examples include: Capacity (bandwidth, address ranges, VLANs) Redundant links Router and switch interfaces and ports Router and switch feature sets, memory, and processing capability WAN Wireless QoS
b. Include these strengths and capabilities in your Current Network document. Potential strengths may include: New wiring and adequate communications closets Adequate space for a new data center Servers and PCs are current models and will not need replacement
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Step 3: Identify those parts of the existing network that can be scaled to meet the project technical requirements
a. Examine the network topology and specifications. Record which current features do not meet the technical requirements of the proposed network upgrade but can be scaled within the capacity of the network to do so. Examples include: Capacity (bandwidth, address ranges, VLANs) Redundant links Router and switch interfaces and ports Router and switch feature sets, memory, and processing capability WAN Wireless QoS
b. Include these scalable features and capabilities in your Current Network document.
Step 4: Identify those parts of the existing network that do not to meet the project technical requirements
a. Examine the network topology and specifications. Record which current features do not meet the technical requirements of the proposed network upgrade and what additional networking resources are required. Examples include: Capacity (bandwidth, address ranges, VLANs) Redundant links Router and switch interfaces and ports Router and switch feature sets, memory, and processing capability WAN Wireless QoS
b. Include these weaknesses and shortfalls in your Current Network document. Possible weaknesses include: Flat network design Insufficient bandwidth at Distribution Layer, no true Core Layer Servers poorly located Multiple networks, difficult to maintain Poor IP addressing structure No dedicated bandwidth for WAN connectivity Limited wireless implementation
Page 3 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Step 5: Obtain agreement and authorization from the company to continue with the network upgrade design
a. Finalize the Current Network document so that the strengths and shortfalls are clearly and precisely presented. b. Discuss and review your Current Network document with another student to ensure that it clearly states which parts of the network meet the technical requirements of the upgrade project and which parts do not. Amend the document as necessary to clarify any areas that could be misunderstood. At this stage of the network design process, a meeting with the FilmCompany management would be held to obtain their agreement and authorization to continue with the design of the upgrade. c. Save and retain your Current Network document so that it can be incorporated with the previous documents to complete this network design case study.
Step 6: Reflection
Consider the resources and information that will facilitate the task of analyzing a current network. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Responses and discussion may vary. Important points may include: Having up-to-date documentation showing such information as addressing, device names, VLAN allocations, switch port assignments Systematic and consistent host names, descriptions, and addressing schemes Software tools that record data flows and device identification Efficient and accurate fault and incidence reporting and clearance documentation to highlight and record problems
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Objective
Configure NetFlow to observe how the traffic flows.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 8
Background / Preparation
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. This lab introduces the configuration of NetFlow. This feature will be specifically applied in the later labs. Although Discovery Server is used to represent the FilmCompany business server, no actual services are used in this lab; therefore, a PC may be substituted and configured with the same IP address. Cisco IOS can include a feature called NetFlow that provides information about network users, network applications, peak usage times, and traffic routing. NetFlow can provide the following services: Network traffic accounting Usage-based network billing Network planning Security Denial of Service monitoring capabilities Network monitoring
Cisco routers that have the NetFlow feature enabled generate NetFlow records. These details can be viewed using show commands or exported from the router and collected using a NetFlow collector. Although initially implemented by Cisco, NetFlow is emerging as an IETF standard: Internet Protocol Flow Information eXport (IPFIX). See RFC 3954 at http://www.ietf.org/rfc/rfc3954.txt. NetFlow defines a data flow as a unidirectional sequence of packets that includes all of the following five values: 1. Source IP address 2. Destination IP address 3. Source TCP port 4. Destination TCP port 5. IP protocol In this lab, you will observe the results of configuring NetFlow. In later labs, you will see how the state of data flows across the current network can be established so that a network upgrade can be planned and implemented.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 8
Which option captures traffic that is being received by the interface? __________ ingress Which option captures traffic that is being transmitted by the interface? __________ egress b. Complete the NetFlow configuration. FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#interface fastethernet 0/1 FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#exit FC-CPE-1(config)#end
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 8
DstIPaddress
Pr SrcP DstP
b. List the seven highlighted column headings and consider what use this information may be in characterizing the network. ______________________________________________ Protocol ______________________________________________ Total Flows ______________________________________________ Flows per Second ______________________________________________ Packets per Flow ______________________________________________ Bytes per Packet ______________________________________________ Packets per Second ______________________________________________ Seconds of active flow
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 8
b. Examine your output and list details that indicate data flow. Answers vary; details may be found for some or all of the following characteristics: ______________________________________________ Protocol ______________________________________________ Total Flows
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 8
Step 7: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Step 8: Reflection
Consider the possible range of data flow types across a network and how a tool like NetFlow could be implemented to assist in analyzing those flows. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Responses and discussion may vary. Important points may include: List of data flow categories and types: Client to Client, Client to Server, Server to Client, and Server to Server Email, intranet web, database flows, document file flows Number of separate flows of each type, size (bytes) of each flow, time each flow is on the network
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 8
Objective
Upon completion of this activity, you will be able to: Identify and describe the network requirements to support file transfer and email applications.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 13
Background / Preparation
Instructor Notes: In this hands-on lab activity, students design a small network topology that supports email and file transfers. Upon completion, the traffic will be monitored using NBAR (Network-Based Application Recognition). NBAR is a Cisco IOS feature that identifies and classifies network applications. This allows critical business network applications and non-critical network applications to be classified using NBAR and marked for best effort service, policed, or blocked as required. This lab introduces only the monitoring features of NBAR; policy configuration is beyond the scope of this course. Discovery Server is used in this lab to provide representative application data traffic. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative application services, FTP, and Email. If an alternate server is used or DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name. After students design the network, they will use FTP to download the Thunderbird email client from Discovery Server. The email client is then installed on the local PC and used to send and receive emails to and from the other PC. Refer to the Discovery Server documentation for user accounts and password information. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 13
Your Name E-mail address Type of incoming server you are using Incoming Server (SMTP) Outgoing Server (SMTP)
2) Complete the required Thunderbird Account Settings. 3) In the left pane of the Account Settings screen, click Server Settings and complete the necessary details.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 13
4) In the left pane, click Outgoing Server (SMTP) and complete the proper configuration for the Outgoing Server (SMTP).
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 13
Output -----Packet Count Byte Count 5min Bit Rate (bps) 5min Max Bit Rate (bps) -----------------------10757 14127498 62000 363000 0 0 0 0 59 7487 0 1000 67 5142 0 0 2 1222 0 0 10 816 0 0 0 0 0 0 0 0 0 0 3 170 0 0
Page 7 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
FC-CPE-1# b. List each protocol identified and the Input and Output information. ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ Output varies; sample for FTP: ftp 18 1295 0 0 16 1288 0 0
c.
Although the data traffic in this lab may not be sufficient to generate values for the 5min Bit rate (bps) and 5min Max Bit Rate (bps) fields, consider and discuss how these values would be applied to designing an FTP and email network. _____________________________________________________________________________ Can help determine average and peak network bandwidth requirements.
6355 5634
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 13
Step 5: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 13
Objective
Explain where QoS can be implemented to affect traffic flow.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
Background / Preparation
Instructor Notes: This is a written lab. This lab refers to the curriculum StadiumCompany case study, not the lab FilmCompany case study. Students are to read all the information about the StadiumCompany presented to this stage of the course. Using this information and their understanding of the StadiumCompany network expansion project, students are to rank the expected network data traffic by priority. At the conclusion of this lab, each student should submit an individually compiled list of data traffic ranked by priority. However, student group discussion will enable an understanding of the wider, and often subjective, issues of determining QoS policy to be attained.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
List the possible data sources and destinations on the StadiumCompany network. For example, there is likely to be data communications between the stadium management and the vendor management, but not between Team A and Team B. ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
Step 4: Reflection
Ideally, it may seem that all data traffic should be given a priority and queued accordingly. Consider and discuss the potential for network performance to be negatively affected if this policy were implemented everywhere on the network. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Delay sensitive data would see the same priority as non-delay sensitive data. Voice, video, given the same priority as other traffic, etc.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Address 172.17.1.1 Fa0/1 172.17.0.1 S0/1/0 10.10.0.1 Fa0/0 10.0.0.1 S0/1/0 10.10.0.2 10.0.0.200
Objective
Explain where QoS can be implemented to affect traffic flow.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 12
Background / Preparation
Instructor Notes: Correctly configuring and applying QoS policies to a network requires extensive networking knowledge, which is beyond CCNA level. However, it is very important that CCNA level students understand the need for QoS and the general principles that are applied in its implementation. This lab has students examine and apply some Cisco IOS priority commands to enable these commands to be recognized in production configurations they may encounter in the workplace. Data traffic generated in the lab will most likely be insufficient to test the configured priorities. Discussion of load testing a network to generate traffic of sufficient volume and variety to fully test configured priorities is the topic of the Challenge at the end of this lab. Further information is available at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt2/qcfpq.pdf The routers may be preconfigured or configured by the students with the IP addresses shown in the table. Important: Students may need to be reminded that routing has to be configured between the two routers before data traffic will flow. This lab uses Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP and HTTP/Web. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. The required network upgrade to support this growth in business will need to be able to carry a variety of data traffic types. Some of these data types may require priority access to network resources to ensure their useful and effective delivery. In this lab, you will examine and apply some of the Cisco IOS commands to configure priority queuing on a router.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 12
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 12
____________________________________ compressedtcp Compressed TCP (VJ) ____________________________________ http ____________________________________ ip ____________________________________ llc2 ____________________________________ pad ____________________________________ pppoe ____________________________________ snapshot c. Note the IP protocol options available. FC-CPE-1(config)#priority-list 1 protocol ip ? ____________________________________ high ____________________________________ medium ____________________________________ normal ____________________________________ low d. Note the HTTP protocol options available. FC-CPE-1(config)#priority-list 1 protocol http ? ____________________________________ high ____________________________________ medium ____________________________________ normal ____________________________________ low e. Note the IP protocol high priority options available. FC-CPE-1(config)#priority-list 1 protocol ip high ? ____________________________________ fragments packets ____________________________________ gt than a specified size ____________________________________ list ____________________________________ lt specified size ____________________________________ tcp 'from' the specified port Prioritize fragmented IP Prioritize packets greater To specify an access list Prioritize packets less than a Prioritize TCP packets 'to' or HTTP IP llc2 PAD links PPP over Ethernet Snapshot routing support
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 12
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 12
priority-list 1 protocol http high priority-list 1 protocol ip normal tcp ftp priority-list 1 protocol ip medium tcp telnet c. Confirm that issuing the show queueing priority command from the privileged EXEC mode produces the following output: FC-CPE-1#show queueing priority Current DLCI priority queue configuration: Current priority queue configuration: List 1 1 1 Queue high normal medium Args protocol http protocol ip protocol ip
d. From the privileged EXEC mode, issue the following command: FC-CPE-1#show queueing interface s0/1/0 Output similar to this should be displayed: Interface Serial0/1/0 queueing strategy: priority Output queue utilization (queue/count) high/94 medium/0 normal/106759 low/0 Note the packet count for each queue: High __________ Medium __________ Normal __________ Low __________ e. Initiate a Telnet session from R2 to R1 and issue some show commands on R1. f. Close the Telnet session.
g. Issue the following command from the R2 privileged EXEC mode: FC-CPE-1#show queueing interface s0/1/0 Note the packet count for each queue: High __________ Medium __________ Normal __________ Low __________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 12
Step 6: Determine the priority queue requirements for the case study
a. Using the FilmCompany case study, what would you expect the priority queue requirements to be? b. Discuss and compare your priorities with other students. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ c. Amend your priority list statements to include traffic associated with the proposed network upgrade. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________
Step 7: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
The following privileged EXEC command displays the contents of packets inside a queue for a particular interface: show queue interface-type interface-number However, in this lab, it is not likely that sufficient data traffic was generated at one time for the interface queues to hold packets long enough to be inspected. Discuss how a network has to be load tested to ensure that all traffic priorities are met.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 12
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 12
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 12
Router 2
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1/0 ip address 10.10.0.2 255.255.255.252 priority-group 1 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 12
1000
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 12
Address 172.17.1.1 Fa0/1 172.17.0.1 S0/1/0 10.10.0.1 Fa0/0 10.0.0.1 S0/1/0 10.10.0.2 10.0.0.200
Objective
Explain how voice and video traffic impacts the network design.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
CCNA Discovery Designing and Supporting Computer Networks Expected Results and Success Criteria
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How could streaming video data affect the network performance? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What possible actions could a network administrator take if network performance was noted to be deteriorating due to video? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Background / Preparation
Instructor Notes: This lab demonstrates the impact of video data flows on the performance of the network when other data traffic is also flowing. Discovery Server is required to be set up to deliver streaming video/video on demand. Refer to Discovery Server documentation for details on configuring the video services. QuickTime Player has to be installed on Host1 - this can be downloaded from http:/www.apple.com/downloads The routers may be preconfigured or configured by the students with the IP addresses shown in the table and a clock rate of 56000 bps on the DCE interface of the serial connection. Important: Students may need to be reminded that routing has to be configured between the two routers before data traffic will flow. At least two different clock rates should be used for comparison; if time permits, a progressive increase of clock rate should be applied. The PC used requires both browser and media player software to be installed. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. The required network upgrade to support this growth in business will need to be able to carry video data traffic from remote sites without degrading the performance of the network for other users. In this lab, you will observe video streaming from Discovery Server across a serial connection and note the impact on other data traffic.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 8
d. Download a large file from the server; for example, the Thunderbird setup program file. Note the total time taken to complete the pings, access the web page, and download the file. _________________________________________ answers vary
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 8
Step 5: Observe the data flows with a different serial link clock rate
a. Change the serial link clock rate to 250000 on the router with the DCE interface. b. Repeat Step 4 and record your observations. Note the total time taken to complete the pings, access the web page, and download the file. _________________________________________ Answers vary. Note rate at which it plays back and the video and sound quality. Video Quality _________________________________ Answers vary. Sound Quality _________________________________ Answers vary. c. Change the serial link clock rate to 2000000 on the router with the DCE interface.
d. Repeat Step 4 and record your observations. Note the total time taken to complete the pings, access the web page, and download the file. _________________________________________ Answers vary. Note rate at which it plays back and the video and sound quality. Video Quality _________________________________ Answers vary. Sound Quality _________________________________ Answers vary. Instructor Note: The Cisco 1841 router with WIC 2T Serial interfaces can support clock rates up to 4 000 0000 bits per second (4Mbps); other platforms and WIC 2A/S Serial interfaces may have a lower maximum clock rate.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 8
Step 8: Reflection
Consider and discuss how video and other data traffic can share network resources while maintaining acceptable performance. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Video and data traffic can share the same network resources if adequate bandwidth is available or if traffic is prioritized. Data traffic can be delayed slightly in order to allow the more time sensitive video traffic to make use of the available bandwidth.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 8
Router 2
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1/0 ip address 10.10.0.2 255.255.255.252 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! router rip version 2
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 8
Objective
Describe what is meant by application traffic flows.
Background / Preparation
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. An introduction to the configuration and features of NetFlow was provided in Lab 4.1.2. Each lab in this series can be performed independently or may be performed as a single group of activities. These labs use Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP, HTTP/Web, and email. If the Discovery Server is used in this lab activity, the PCs will need to have a statically configured DNS of 172.17.1.1 (the Discovery Server) so that they can retrieve the web page using the URL of http://server.discovery.ccna. If an alternate server is used or DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this expansion, the state of data flow across the current network has to be established so that the network upgrade can be planned and implemented. In this lab, you will use the Cisco routers IOS NetFlow feature capture and view data flow information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 7
Step 6: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Step 7: Reflection
Create a projected applications document listing the applications planned to use the network. Responses vary but may include:
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 7
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 7
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 7
Objective
Diagram the flow of traffic to and from hosts and servers within the LAN.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 8
Background / Preparation
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. An introduction to the configuration and features of NetFlow was provided in Lab 4.1.2. Each lab in this series can be performed independently or may be performed as a single group of activities. These labs use Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP, HTTP/Web, and email. If the Discovery Server is used in this lab activity, the PCs will need to have a statically configured DNS of 172.17.1.1 (the Discovery Server) so that they can retrieve the web page using the URL of http://server.discovery.ccna. If DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name. The purpose of this lab is to simulate and capture typical local data traffic flows across a local LAN segment. As much example data traffic, such as web, FTP, and email, should be generated as possible. A local LAN segment typically includes a networked printer and a data exchange between the two hosts. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this expansion, the state of data flow across the current network has to be established so that the network upgrade can be planned and implemented. Developing a diagram of applications, devices, and traffic flow enables the designer to analyze the proposed design and identify where the network can be improved. The logical topology diagram shows that the servers are identified with the applications that will be used. Areas that require redundancy or increased security are also easier to identify. Redundant paths to the server and security measures, such as a hardware firewall, can be marked on the diagram. The logical design for the network must be aligned with the initial business goals
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 8
Step 6: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 8
Lab 4.5.3 Diagramming Traffic Flows to and from Remote Sites (Instructor Version)
Address 172.17.1.1 Fa0/1 172.17.0.1 Fa0/0 10.10.0.1 Fa0/0 10.10.0.2 Fa0/1 10.0.0.1 S0/1/0 10.10.10.1 Fa0/1 10.20.0.1 S0/1/0 10.10.10.2 10.0.0.200 10.20.0.200
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.0
R2
FC-CPE-2
R3 PC1 PC2
Objective
Diagram the flow of traffic to and from remote sites.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 14
CCNA Discovery Designing and Supporting Computer Networks 640-802 CCNA Exam Objective
This lab contains skills that relate to the following CCNA exam objective: Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network.
Background / Preparation
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. An introduction to the configuration and features of NetFlow was provided in Lab 4.1.2. Each lab in this series can be performed independently or may be performed as a single group of activities. These labs use Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP, HTTP/Web, and email. If the Discovery Server is used in this lab activity, the PCs will need to have a statically configured DNS of 172.17.1.1 (the Discovery Server) so that they can retrieve the web page using the URL of http://server.discovery.ccna. If an alternate server is used or DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name. The purpose of this lab is to simulate and capture typical network traffic flows from remote sites. As much example data traffic should be generated as possible, such as web, FTP, and email. This remote access would normally include VPN traffic. In this lab, a serial link to another router and connected hosts will simulate this remotely generated traffic from the sports stadium. Ensure that students examine and discuss the recorded data flows in the context of understanding which devices and resources are used for particular flows.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 14
d. To simulate data traffic between the two PCs, ping between them. Attempt to establish a Telnet session between the two PCs. If file sharing has been enabled, copy a file in both directions between the two.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 14
DstIPaddress Pr TOS Flgs Pkts NextHop B/Pk Active 255.255.255.255 11 00 10 120 0.0.0.0 604 729.9 224.0.0.9 11 C0 10 1 0.0.0.0 52 0.0
b. Examine the output and record the different data flows for each router. Instructor Note: Flows details may vary, examples shown. Comments relate to network design considerations and could include the number of each flow, or size of the flow. Router FC-CPE-1 Data Flows Application Type Source Destination Comments
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 14
Router FC-CPE-2 Data Flows Application Type Web Web File Transfer File Transfer Email Email File Share File Share Source Network Web Server Network Web Server Network File Server Network File Server Network Email Server Network Email Server Local Remote Destination Local Remote Local Remote Local Remote Remote Local Comments Vary
Router ISP Data Flows Application Type Web File Transfer Email File Share File Share Source Network Web Server Network File Server Network Email Server Local Remote Destination Remote Remote Remote Remote Local Comments Vary
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 14
c.
Discuss and compare the data flows for each router. Particularly consider how recording these flows can assist in understanding which network devices and resources are used for particular flows.
Challenge
This lab simulates the flow of traffic to and from FilmCompany remote sites. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN. On the FilmCompany initial current network topology shown on the next page, add two remote site hosts attached to the "far" side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study initially, the FilmCompany remote sites access its network across the Internet. One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame Relay for the stadium-based remote sites to access the FilmCompany network. Using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different data flows between the remote hosts and devices on the FilmCompany network.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 14
Router 2
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-2 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.10.0.2 255.255.255.252 ip flow ingress ip flow egress duplex auto speed auto ! interface FastEthernet0/1 ip address 10.0.0.1 255.255.255.0 ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/1/0
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 14
Router 3
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 14
Address 172.17.1.1 Fa0/1 172.17.0.1 Fa0/0 10.10.0.1 Fa0/0 10.10.0.2 Fa0/1 10.0.0.1 S0/1/0 10.10.10.1 Fa0/1 10.20.0.1 S0/1/0 10.10.10.2 10.0.0.200 10.20.0.200
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.0
R2
FC-CPE-2
R3 PC1 PC2
Objective
Diagram traffic flows destined to the Internet gateway and incoming from the Internet to locally provided services.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 14
CCNA Discovery Designing and Supporting Computer Networks 640-802 CCNA Exam Objective
This lab contains skills that relate to the following CCNA exam objective: Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network.
Background / Preparation
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. An introduction to the configuration and features of NetFlow was provided in Lab 4.1.2. Each lab in this series can be performed independently or may be performed as a single group of activities. These labs use Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP, HTTP/Web, and email. If the Discovery Server is used in this lab activity, the PCs will need to have a statically configured DNS of 172.17.1.1 (the Discovery Server) so that they can retrieve the web page using the URL of http://server.discovery.ccna. If the DNS is not configured, the IP address 172.17.1.1 will need to be used in place of the domain name. The purpose of this lab is to simulate and capture typical outgoing network traffic flows to the Internet gateway and incoming flows from the external Internet. As much example data traffic should be generated as possible, such as web, FTP, and email. In this lab, a serial link between two routers and a connected host will simulate the Internet, with Discovery Server representing the FilmCompany web, email and file servers. Students should examine and discuss the recorded data flows in the context of understanding which devices and resources are used for particular flows, and then compare these flows with those of the previous lab.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 14
b. Examine the output and record the different data flows for each router. Instructor Note: Flows details may vary, examples shown. Comments relate to network design considerations and could include the number of each flow, or size of the flow. Router FC-CPE-1 Data Flows Application Type Web Web File Transfer File Transfer Source Network Web Server Network Web Server Network File Server Network File Server Destination Local Remote Local Remote Comments Vary
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 14
Router FC-CPE-2 Data Flows Application Type Web Web File Transfer File Transfer Email Email Source Network Web Server Network Web Server Network File Server Network File Server Network Email Server Network Email Server Destination Local Remote Local Remote Local Remote Comments Vary
Router ISP Data Flows Application Type Web File Transfer Email Source Network Web Server Network File Server Network Email Server Destination Remote Remote Remote Comments Vary
c.
Discuss and compare the data flows for each router. Particularly consider how these flows differ from Lab 4.5.3 and the implications this has in understanding which network devices and resources are used for particular flows.
Challenge
This lab simulates the flow of traffic to and from FilmCompany network and the Internet. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 14
Router 2
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-2 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.10.0.2 255.255.255.252 ip flow ingress ip flow egress duplex auto speed auto ! interface FastEthernet0/1 ip address 10.0.0.1 255.255.255.0 ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/1/0
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 14
Router 3
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 14
Address 172.17.1.1 Fa0/1 172.17.0.1 Fa0/0 10.10.0.1 Fa0/0 10.10.0.2 Fa0/1 10.0.0.1 S0/1/0 10.10.10.1 Fa0/1 10.20.0.1 S0/1/0 10.10.10.2 10.0.0.200 10.20.0.200
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.0
R2
FC-CPE-2
R3 PC1 PC2
Objective
Use NetFlow to diagram FilmCompany Extranet traffic flows.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
CCNA Discovery Designing and Supporting Computer Networks Expected Results and Success Criteria
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is diagramming extranet traffic flows useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What can be learned from diagramming traffic flows to and from the extranet? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Background / Preparation
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. An introduction to the configuration and features of NetFlow was provided in Lab 4.1.2. Each lab in this series can be performed independently or may be performed as a single group of activities. These labs use Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP, HTTP/Web, and email. If the Discovery Server is used in this lab activity, the PCs will need to have a statically configured DNS of 172.17.1.1 (the Discovery Server) so that they can retrieve the web page using the URL of http://server.discovery.ccna. If an alternate server is used, or DNS is not configured, the IP address 172.17.1.1 must be substituted for the domain name. The purpose of this lab is to simulate and capture typical network traffic flows from the FilmCompany extranet. This service provides network access from remote trusted sites, such as customers. As much example data traffic should be generated as possible, such as web, FTP, and email. This remote access would normally include VPN traffic. In this lab, a serial link to another router and connected hosts will simulate this remotely generated traffic from the FilmCompany extranet at the sports stadium. Students should examine and discuss the recorded data flows in the context of understanding that devices and resources are used for particular flows, and then compare these flows with those of the previous labs, noting similarities and differences. Important: Students may need to be reminded that routing has to be configured between the routers before data traffic will flow. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 14
Instructor Note: If Discovery Server v2 is used an option is to also have PC2 access the streaming video service. See Chapter 4 Lab 4.4.4 for details.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 14
AS 0 0 0
10.20.0.200 10.20.0.200
0 0
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 14
11 00
AS 0 0
10.20.0.200
10 5 62 4.3 06 00 18 1152 Pr TOS Flgs Pkts B/Pk Active 71 184.9 06 00 18 1210 71 194.7 11 C0 10 52 1 0.0
10.10.0.1 0
10.20.0.200 10.20.0.200
b. Examine the output and record the different data flows for each router.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 14
Router FC-CPE-2 Data Flows Application Type ICMP ICMP Telnet Telnet File Share File Share RTSP Source Video Workstation Extranet Host Video Workstation Extranet Host Extranet Host Extranet Host Video Server Destination Extranet Host Video Workstation Extranet Host Video Workstation Video Workstation Video Workstation Extranet Host Comments Vary
Router ISP Data Flows Application Type ICMP ICMP Telnet Telnet File Share File Share RTSP Source Video Workstation Extranet Host Video Workstation Extranet Host Extranet Host Extranet Host Video Server Destination Extranet Host Video Workstation Extranet Host Video Workstation Video Workstation Video Workstation Extranet Host Comments Vary
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 14
Challenge
This lab simulates the flow of traffic to and from FilmCompany and from selected trusted partners and customers. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access from trusted sites would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN. On the FilmCompany initial current network topology shown on the next page, add two trusted remote site hosts attached to the "far" side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study, initially the FilmCompany remote sites access its network across the Internet. One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame Relay for the stadium-based remote sites to access the FilmCompany network. Then, using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different extranet data flows between the trusted remote hosts and devices on the FilmCompany network. Diagram traffic flows to and from selected trusted partners, customers, and vendors.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
CCNA Discovery: Designing and Supporting Computer Networks Lab 3.4.1 Planning and Preparing For A Site Visit
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 14
CCNA Discovery: Designing and Supporting Computer Networks Lab 3.4.1 Planning and Preparing For A Site Visit
no ip http secure-server ! ! ! control-plane ! ! ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Router 2
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-2 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.10.0.2 255.255.255.252 ip flow ingress ip flow egress duplex auto speed auto ! interface FastEthernet0/1 ip address 10.0.0.1 255.255.255.0 ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/1/0
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 14
CCNA Discovery: Designing and Supporting Computer Networks Lab 3.4.1 Planning and Preparing For A Site Visit
ip address 10.10.10.1 255.255.255.252 ip flow ingress ip flow egress no fair-queue clock rate 64000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! router rip version 2 network 10.0.0.0 ! ! ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! line con 0 password cisco login line aux 0 line vty 0 1 password cisco login line vty 2 4 login ! scheduler allocate 20000 1000 end
Router 3
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 13 of 14
CCNA Discovery: Designing and Supporting Computer Networks Lab 3.4.1 Planning and Preparing For A Site Visit
ip cef ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 ip address 10.20.0.1 255.255.255.0 ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/1/0 ip address 10.10.10.2 255.255.255.252 ip flow ingress ip flow egress ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! router rip version 2 network 10.0.0.0 ! ! ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 14 of 14
Background / Preparation
Instructor notes: This is a written lab. Acting as the network designers, students are to create a checklist of project design constraints for the FilmCompany case study. This lab is based upon, and requires access to, the information in the document, "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues where the case study does not provide sufficient information. Wherever possible, apply local examples to the network design process, to provide students with a realistic workplace context. Use a class group discussion to identify the constraints and relate them to the prioritized case study business goals. Students may then compile the checklist individually or in small groups. Although the lab may be delivered as an instructor-led exercise, each student should give careful consideration to the issues and develop an understanding of the network design process. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is clearly expressed or known by a customer, and that good communications skills are often necessary to gather all the relevant details. Regardless of the lab strategy adopted, each student should complete an individually compiled project constraints checklist. The completed checklist should become part of the FilmCompany RFP Response document that the students will build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Recommend to students that they keep their documents in a portfolio.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 4
Policy
Planning to consolidate staff and facilities into Building F. Temporary staff not permitted to access other accounts. Payroll/accounting not accessible by other departments Physical access to equipment is limited
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
c.
Step 4: Reflection
The constraints imposed on this network design project are determined by the internal requirements of the FilmCompany. Consider and discuss the identified constraints and potential trade-offs. Do the trade-offs pose a significant obstacle to the design? Are there alternate methods that can be employed to achieve the success criteria without a significant budget? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Background / Preparation
Instructor notes: This is a written lab. Acting as the network designers, students have created a checklist of project constraints for the FilmCompany case study. From those constraints the students were to derive trade-offs that may affect the design of the network. In this lab the student is going to create design strategies that will meet the technical requirements of the FilmCompany. This lab is based upon, and requires access to, the information in the document, "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues where the case study does not provide sufficient information. Wherever possible, apply local examples to the network design process, to provide students with a realistic workplace context. Use a class group discussion to identify design strategies and relate them to the prioritized case study business goals. Students may then compile the checklist individually or in small groups. Although the lab may be delivered as an instructor-led exercise, each student should give careful consideration to the issues and develop an understanding of the network design process. Class group discussions will clarify different
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 3
Step 1: Identify the areas that will be used for designing a strategy that facilitates scalability
a. Use word processing software to create a new document called Design Strategies. b. Use the identified constraints that set limits or boundaries on the network upgrade project and the potential trade-offs to assist in the discussion with other students. The strategy should cover the following areas: Access Layer modules that can be added Expandable, modular equipment or clustered devices that can be easily upgraded Choosing routers or multilayer switches to limit broadcasts and filter traffic Planned redundancy An IP address strategy that is hierarchal and that supports summarization Identification of VLANs needed
Step 4: Reflection
The constraints and trade-offs identified for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Would one be less expensive or less time-consuming than the other? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Outcomes will vary; points may include: Developing an IP addressing scheme using the 10.x.x.x network was really challenging. Separating the VLANs was challenging. The design of ACLs was unique in that the filtering was not identified by the client.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Background / Preparation
Instructor notes: This is a written lab. Acting as the network designers, students created a list of project design strategies for the FilmCompany case study. From those strategies the students were to derive trade-offs that may affect the design of the network. In this lab the student is going to create design availability strategies that will meet the technical requirements of the FilmCompany. This lab is based upon, and requires access to, the information in the document, "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues where the case study does not provide sufficient information. Wherever possible, apply local examples to the network design process, to provide students with a realistic workplace context. Use a class group discussion to identify the availability strategies and relate them to the prioritized case study business goals. Students may compile the checklist individually or in small groups. Although the lab may be delivered as an instructor-led exercise, each student should give careful consideration to the issues and develop an understanding of the network design process. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
Step 1: Identify the areas that will be used for designing a strategy that facilitates availability
a. Use word processing software to create a new document called Availability Strategies. b. Use the identified constraints that set limits or boundaries on the network upgrade project and the potential trade-offs to assist in brainstorming ideas with other students. The strategy should cover the following areas: Availability strategies for switches: Redundant power supplies and modules Hot-swappable cards and controllers Redundant links UPS and generator power
Availability strategies for routers: Redundant power supplies, UPS, and generator power Redundant devices Redundant links Out-of-band management Fast converging routing protocols
Availability strategies for Internet/Enterprise Edge: Dual ISP providers or dual connectivity to a single provider Co-located servers Secondary DNS servers
d. Develop a diagram that shows potential redundant links that can be incorporated into the network design. (Example shown)
instructor only graphic e. Identify at least two possible UPS devices that can be incorporated into the design. Create a list that identifies the cost and features of each. f. Save your Availability Strategies document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
d. Create a diagram that displays the redundant connections. (This may include the need for additional routers which can be added into the proposal. The students need to be reminded that the client wishes to reuse the existing equipment and is operating on a tight budget.) (Example shown)
Instructor only graphic. e. Develop a list of potential routing protocols that will facilitate fast convergence times. (For the purpose of this lab the students should look at STP for the internal network. Further, the students will be directed to use Frame Relay between the two locations.) f. Save your Availability Strategies document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
Step 5: Reflection
The creation of availability strategies poses many challenges for the designer. What were a few of the more difficult challenges you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way? ______________________________________________________________________________________ ______________________________________________________________________________________ Would one be less expensive or less time-consuming than the other? ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Objectives
Research different security options and make a recommendation. Select an appropriate design strategy to meet the requirements.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Background / Preparation
Instructor notes: This is a written lab. Acting as the network designers, students are to create a list of security strategies for the FilmCompany case study. From those strategies, the students will derive multiple methods for the design of the network. In this lab, the students will create security strategies that will meet the requirements of the FilmCompany. This lab is based upon, and requires access to, the information in the document, "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues where the case study does not provide sufficient information. Wherever possible, apply local examples to the network design process, to provide students with a realistic workplace context. Use a class group discussion to identify the potential security threats that can be encountered with the FilmCompany with their given network design. Students may compile a list individually or in small groups. Although the lab may be delivered as an instructor-led exercise, each student should give careful consideration to the issues and develop an understanding of the network design process. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is clearly expressed or known by a customer, and that good communications skills are often necessary to gather all the relevant details. Regardless of the lab strategy adopted, each student should complete an individually compiled security design strategy based on the previously identified constraints and trade-offs. The completed documentation should become part of the FilmCompany RFP Response document that the students will build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Recommend to students that they keep their documents in a portfolio. FilmCompany is an expanding, small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. This lab is one of a series of labs that explore the FilmCompany existing network and its upgrade requirements.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 4
b. Identify what devices and software will need to be purchased to facilitate the recommended security practices. (Hardware firewalls, intrusion detection systems etc.) c. Save your Security Strategies document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Step 5: Reflection
The creation of a security strategy creates many challenges for the designer. What were a few of the more difficult challenges you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified challenges. Do all of the proposed strategies accomplish the task the same way? ______________________________________________________________________________________ ______________________________________________________________________________________ Would one be less expensive or less time-consuming than the other? ______________________________________________________________________________________ ______________________________________________________________________________________ How could implementing a physical security plan into an existing company be difficult? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Outcomes will vary; points may include: A variety of hardware can be purchased with varying features and costs. A variety of security software can be purchased with varying features and costs. Existing employees may not be receptive to changes in their security policy, so who would need to ensure that the plan is enforced? ACLs can filter traffic, but what impact on traffic flow will they have? Are ACLs applied at the Access Layer or Distribution Layer or both?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Objective
Design requirements for the Core Layer network.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
Background / Preparation
Instructor notes: An introduction to the configuration of devices was provided in the Chapter 4 labs. Each lab in this series can be performed independently or may be performed as a single group of activities. This lab can be designed to test the students understanding of the content and to verify students understanding of important design concepts. Alternatively, a local lab can be set up to provide representative equipment configurations. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this expansion, the state of data flow across the current network has to be established so that the network upgrade can be planned and implemented. Developing a diagram of the Core Layer enables the designer to analyze the proposed design and identify where the network can be improved. The logical topology diagram shows that each router is identified by name and has a unique address. Redundant paths to the internal network should be planned and implemented when applicable. The logical design for the Core Layer must be aligned with the initial business goals and technical requirements of the customer. The diagram gives the designer and customer a visual idea of what is already on the network and helps to get a better view of what is still required. In this lab, you will use a graphic program (PT, PowerPoint, etc.) to create the Core Layer topology design.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
(Are there multiple designs possible with the given equipment? What is the benefit of adding redundancy to the FilmCompany network?) d. Save your Core Layer Diagram document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Existing Layout
Objective
Design and diagram the new FilmCompany LAN.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
Background / Preparation
Instructor notes: Each lab in this series can be performed independently or may be performed as a single group of activities. This lab can be designed to test the students understanding of the content and to verify students understanding of important design concepts. Alternatively, a local lab can be set up to provide representative equipment configurations. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. As a member of the network design team, the student will investigate the Film Company existing network and will plan, design, and prototype the upgrades necessary to enable the network to cope with this growth in business. Developing a diagram of the LAN enables the designer to analyze the proposed design and identify where the network can be improved. The logical topology diagram shows that the switches are identified; each computer should have a unique address. Redundant paths from the switches should be planned and implemented when applicable. The logical design for the LAN must be aligned with the initial business goals and technical requirements of the customer. The diagram gives the designer and customer a visual idea of what is already on the network and helps to get a better view of what is still required. In this lab, you will use a graphic program (PT, PowerPoint, etc.) to create the LAN design.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
2. Production VLAN consisting of: 9 High Performance Workstations 5 Office PCs 2 Printers c. Brainstorm with other students to identify areas that may have been missed in the initial requirements document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
(Are there multiple designs possible with the given equipment? What is the benefit of adding redundancy to the FilmCompany network?) d. Save your LAN Diagram document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Objective
Evaluate an existing Access Point placement. Select appropriate APs for a new WLAN design.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
CCNA Discovery Designing and Supporting Computer Networks Expected Results and Success Criteria
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are the inherent risks of using wireless in a network? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are several methods to limit the security risks of wireless LANs? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Background / Preparation
A small wireless LAN is currently used occasionally by a few project managers with laptops and by guests at Building F. The FilmCompany believes that the WLAN may be used more regularly when the StadiumCompany contract work starts and mobile and contract workers will require network access. The FilmCompany plans to consolidate all their personnel and resources in one building.
Brainstorm with other students to identify areas that may have been missed in the initial requirements document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
d. With the previous list estimate the range of coverage available with the existing wireless router. Determine if the wireless router can provide thorough coverage of the work area. Determine if standalone access points or wireless controllers are needed for the design. e. Save your WLAN Diagram document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Set Instructor Version
Instructor note: The access list answers in this document are one of a few possible combinations that will work to meet the requirements. There are other less optimal solutions and access list placements. Be prepared to discuss with the students the benefits of placing Extended ACLs closest to the source of the traffic and to limit the number of times a packet must be processed during its journey.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 17
Interface VLAN 1 Fa0/1 S0/1/0 S0/1/0 S0/1/1 S0/1/1 Fa0/0 Fa0/1 VLAN 1 VLAN 1
IP Address 10.1.1.253/24 10.1.1.254/24 10.1.0.1/30 10.1.0.2/30 10.3.0.1/30 10.3.0.2/30 172.17.0.1/16 10.3.1.254/24 172.17.1.25/16 10.3.1.253/24 10.1.1.1/24 10.3.1.1/24 172.17.1.1/16
Objectives
Interpret a security policy to define firewall rules. Create ACL statements to implement firewall rules. Configure and test ACLs.
Background / Preparation
The FilmCompany provides services to branch offices such as the one located at the stadium. This office has some minor security and performance concerns. These concerns will require the network designer to incorporate several ACLs to secure the network. The ACLs need to be implemented as a simple and effective tool to control traffic. Given a security policy for the FilmCompany, create a firewall rule set and implement Named Extended ACLs to enforce the rule set. The security policy for the FilmCompany has a section that relates to access from remote sites. Here is the text from the security policy:
Security Policy
Users accessing the network from remote locations, including remote branch offices, require the following access to the on-site network resources: 1. Remote users must be able to access the Production Server in order to view their schedules over the web and to enter new orders. 2. Remote users must be able to FTP files to and from the Production Server. 3. Remote users can use the Production Server to send and retrieve email using IMAP and SMTP protocols. 4. Remote users must not be able to access any other services available on the Production Server. 5. No traffic is permitted from individual workstations at the main office to remote worker workstations. Any files that need to be transferred between the two sites must be stored on the Production Server and retrieved via FTP. 6. No traffic is permitted from workstations at the remote site to workstations at the main site. 7. No Telnet traffic is permitted from the remote site workstations to any devices, except their local switch.
Step 1: Cable and connect the network as shown in the topology diagram
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Connect and configure the devices in accordance with the given topology and configuration. Routing will have to be configured across the serial links to establish data communications. NOTE: Your instructor may substitute for Production Server an equivalent server for this lab. b. Configure Telnet access on each router. c. Ping between Host1, Host2, and Production Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings or Telnet fail.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 17
Instructor note: If time is an issue, the routers and switches can be preconfigured, with students only doing the access list creation component. See basic router configurations at the end of this lab for this step.
For each of the following security policies: a. Create a firewall rule. b. Create an access list statement. c. Determine the access list placement to implement the firewall rule.
Security Policy 2: Remote users must be able to FTP files to and from the Production Server. Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP ports 20 and 21. _______________________________________________________________________________ _______________________________________________________________________________ Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range 20 21 or two separate access-list statements, each permitting one of the ports.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 17
_______________________________________________________________________________ _______________________________________________________________________________ Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be placed close as possible to the source of the traffic) _______________________________________________________________________________ _______________________________________________________________________________ Security Policy 3: Remote users can use the Production Server to send and retrieve email using IMAP and SMTP protocols. Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP ports 143 and 25 _______________________________________________________________________________ _______________________________________________________________________________ Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25 permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143 _______________________________________________________________________________ _______________________________________________________________________________ Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be placed close as possible to the source of the traffic) _______________________________________________________________________________ _______________________________________________________________________________ Security Policy 4: Remote users must not be able to access any other services available on the Production Server. Firewall Rule: Deny all other IP protocols between users on the 10.1.1.0/24 network to the Production Server (172.17.1.1) _______________________________________________________________________________ _______________________________________________________________________________ Access List statement(s): deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1. _______________________________________________________________________________ _______________________________________________________________________________ Access List placement: Inbound on router SR1 Fa0/1 _______________________________________________________________________________ _______________________________________________________________________________ Security Policy 5: No traffic is permitted from individual workstations at the main office to remote worker workstations. Any files that need to be transferred between the two sites must be stored on the Production Server and retrieved via FTP. Firewall Rule: Deny all IP protocols from users on the 10.3.1.0/24 to the 10.1.1.0/24 network. _______________________________________________________________________________ _______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 17
SR1#show run Building configuration... Current configuration : 1448 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SR1 ! boot-start-marker boot-end-marker ! !
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 17
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range permit permit deny deny deny tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq smtp tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143 ip 10.1.1.0 0.0.0.255 host 172.17.1.1 ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255 tcp 10.1.1.0 0.0.0.255 any eq telnet
Edge2#show run Building configuration... Current configuration : 1022 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Edge2 ! boot-start-marker boot-end-marker ! enable password class ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! !
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 10 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 17
BR4#show run Building configuration... Current configuration : 1057 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname BR4 ! boot-start-marker boot-end-marker ! enable password class ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 172.17.0.1 255.255.0.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.3.1.254 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 !
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 17
Step 7: Reflection
The design strategies for the FilmCompany LAN pose many challenges for the designer. What were a few of the more difficult challenges of creating an ACL you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified strategies. Do all of the strategies designed or hardware identified accomplish the task the same way? ______________________________________________________________________________________ ______________________________________________________________________________________ Would one ACL work better than another?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 13 of 17
Instructor note: Below is the running config from the routers after completing Task 2: SR1#show run Building configuration... Current configuration : 1019 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SR1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! ! ! ! ! ! !
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 15 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 17
Device
Interface Fa0/0
IP Address 172.18.0.1 172.17.0.1 172.19.0.1 172.16.0.1 172.17.0.2 172.20.0.2 10.1.0.1 172.20.0.1 172.18.0.254
Subnet Mask 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0
Default Gateway N/A N/A N/A N/A N/A N/A N/A N/A 172.18.0.1
R1
R2
S0/0/0 S0/0/1
R3 PC1
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 14
Objectives
Configure routers, including EIGRP routing protocol. Configure EIGRP for manual CIDR route summarization. Verify EIGRP default operation and with manual summarization. Test and verify full connectivity. Reflect upon and document the network implementation.
Background / Preparation
Instructor Note: This lab demonstrates route summarization to reduce the size of routing update information and the number of routing table entries. Loopbacks can be added on R1 and R2 to increase the number of networks to be summarized as a challenge. Crossover cables can be used in place of switches. In this lab activity, you will configure and examine the operation of routes to take advantage of Classless Interdomain Routing (CIDR). You will configure the routers and observe the default operation of EIGRP with automatic summarization. Then you will configure manual summarization to create a supernet. The following
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 14
d. Configure an EXEC mode password. e. Configure a message-of-the-day banner. f. Configure a password for console connections.
Step 11: Display the EIGRP routing table for each router
Are there summary routes in any of the routing tables? __________ Yes but only for the 10.1.0.0 network. EIGRP Auto-summary is on by default and it summarizes the 10.1.0.0 /16 subnetwork to a classful 10.0.0.0/8 network. Are there any summary routes for the 172.x.0.0 networks? __________ No. None of the 172.x.0.0 will be summarized automatically. EIGRP will not summarize except on classful network boundaries. Only classful 172.x.0.0 networks are being advertised. There are no 172.x.0.0 subnets to summarize, R1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C D C C D D 172.17.0.0/16 is directly connected, Serial0/0/0 172.16.0.0/16 [90/2172416] via 172.17.0.2, 01:36:51, Serial0/0/0 172.19.0.0/16 is directly connected, Loopback0 172.18.0.0/16 is directly connected, FastEthernet0/0 172.20.0.0/16 [90/2681856] via 172.17.0.2, 01:29:07, Serial0/0/0 10.0.0.0/8 [90/2684416] via 172.17.0.2, 01:29:04, Serial0/0/0
R2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C C D 172.17.0.0/16 is directly connected, Serial0/0/0 172.16.0.0/16 is directly connected, FastEthernet0/0 172.19.0.0/16 [90/2172416] via 172.17.0.1, 01:38:10, Serial0/0/0
Page 5 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
R3#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set D D D D C D C 172.17.0.0/16 [90/2681856] via 172.20.0.2, 00:02:57, Serial0/0/1 172.16.0.0/16 [90/2172416] via 172.20.0.2, 00:02:57, Serial0/0/1 172.19.0.0/16 [90/2684416] via 172.20.0.2, 00:02:57, Serial0/0/1 172.18.0.0/16 [90/2684416] via 172.20.0.2, 00:02:57, Serial0/0/1 172.20.0.0/16 is directly connected, Serial0/0/1 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 10.0.0.0/8 is a summary, 01:31:34, Null0 10.1.0.0/16 is directly connected, FastEthernet0/0
R2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C C D D C D D 172.17.0.0/16 is directly connected, Serial0/0/0 172.16.0.0/16 is directly connected, FastEthernet0/0 172.19.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0 172.18.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0 172.20.0.0/16 is directly connected, Serial0/0/1 10.0.0.0/16 is subnetted, 1 subnets 10.1.0.0 [90/2172416] via 172.20.0.1, 00:05:57, Serial0/0/1 172.16.0.0/14 is a summary, 00:11:55, Null0
R3#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C C D 172.20.0.0/16 is directly connected, Serial0/0/1 10.0.0.0/16 is subnetted, 1 subnets 10.1.0.0 is directly connected, FastEthernet0/0 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1
Which router has a summarized route to the 172.x.0.0 networks in its routing table? __________ R3 D 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 14
Reflection
In this lab, automatic summarization was used. Could route summarization still be applied if more effective use of the IPv4 address space had been made by using VLSM for those networks requiring fewer addresses, such as the serial links between routers? ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 14
Device Configs Routers R1, R2 and R3 - 1841s IOS 12.4 R1#sh running-config Building configuration... Current configuration : 1218 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$.QNi$kwK3bZUgi0czFFHuqj.vE. enable password cisco ! no aaa new-model ip cef ! ! ! ! no ip domain lookup ! ! ! ! ! ! ! ! interface Loopback0 ip address 172.19.0.1 255.255.0.0 ! interface FastEthernet0/0 ip address 172.18.0.1 255.255.0.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto no keepalive ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 14
R2#sh running-config Building configuration... Current configuration : 1202 bytes ! version 12.4 service timestamps debug datetime msec
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 10 of 14
R3#sh running-config Building configuration... Current configuration : 1090 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! enable secret 5 $1$jMJ6$avAW5obhhul6geSUOsf2./ enable password cisco ! no aaa new-model
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 14
Objective
Determine an appropriate IP addressing strategy for the FilmCompany network.
Background / Preparation
Instructor notes: This is a written lab. It is the first of three in a series. Lab 6.2.1 (this lab) considers the issues relating to designing an addressing scheme. Lab 6.2.2 determines the number of IP subnets. Lab 6.2.5 considers the assignment of subnets and addresses to particular VLANs. In this lab, students consider the best way to manage addressing of the redesigned FilmCompany network topology. Among the important issues that need to be clarified are: The difference between VLANs and subnets Providing a scaleable addressing design There may be more than one solution An optimal solution may not be always attainable
This lab is part of a series of labs in which you design the IP addressing scheme for the new FilmCompany network. This series includes Determining an IP Addressing Scheme (Lab 6.2.1), Determining the Number of IP Networks (Lab 6.2.2) and Creating an Address Allocation Spreadsheet (Lab 6.2.5). In this lab, you will start to plan an IP addressing scheme that satisfies the new network design of the branch office of FilmCompany. This scheme will be applied to the network over the following two labs. The IP address scheme has to meet the network requirements to support scalability and a hierarchical design model. With the acquisition of AnyCompany and the new contract with the StadiumCompany, the network infrastructure of this branch office of FilmCompany needs to change significantly. To begin planning the addressing scheme, you will examine the topology in conjunction with the different user types and traffic types. The different users and services will be grouped into VLANs and subnets. The IP addressing scheme will then be applied to the subnets.
A VLAN can be considered to be a group of switch ports assigned to a broadcast domain. Grouping the switch ports confines broadcast traffic to specified hosts so that bandwidth is not unnecessarily consumed in unrelated VLANs. It is therefore a recommended best practice to assign only one IP network or subnetwork to each VLAN. When determining how to group users and services, consider the following issues: Flexibility The employees and hardware of the former AnyCompany will move into the building with the FilmCompany in the near future. The network from this newly acquired company needs to be tightly integrated with the FilmCompany network and a structure put in place to enhance the security of the network.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
WANs and VPNs The contract with StadiumCompany adds a number of new requirements. Some FilmCompany personnel will be located at the stadium. Additional personnel and contract workers will also be present at the stadium during live events. These employees will use laptops and the wireless LAN at the FilmCompany branch as well as the wireless LAN at the stadium. To provide network connectivity for these laptops, they will be in their own VLAN. At the stadium, the FilmCompany laptop users will connect to a secure wireless VLAN and use a VPN over the Frame Relay connection between stadium and the FilmCompany branch. With this connection, the laptop users can be attached to the internal FilmCompany network regardless of physical location. To support the video feeds, FilmCompany will need resources available at the stadium. Some of the servers providing these resources will be located at the stadium. Other servers will be located at the branch office of the FilmCompany. For security and performance reasons, these servers, regardless of location, will be on secured VLANs. A separate VPN over the Frame Relay link will be created to connect the servers at the stadium to the servers located at the FilmCompany office. What are the advantages and disadvantages of using a VPN to extend the wireless and video server networks over the Frame Relay connection from FilmCompany to the stadium? Advantages: _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Disadvantages: _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Extending a VLAN through a VPN across a WAN has the advantage of the security measures applied to that VLAN being also applied to all hosts regardless of location. A disadvantage is that all VLAN broadcasts also traverse the narrow bandwidth WAN link, which may adversely affect data throughput. Redundancy The VLAN structure will support load balancing and redundancy, which are major needs of this new network design. With such a large portion of the FilmCompany operations and revenues dependent on the network operation, a network failure could be devastating. The new VLAN arrangement allows the FC-ASW1 and FCASW2 switches to share the load of the traffic and be backups for each other. This redundancy is accomplished by sharing the RSTP primary and secondary root duties for the traffic for the different VLANs: FC-ASW1 will be the primary root for approximately one-half of the VLAN traffic (not necessarily onehalf of the VLANs) and FC-ASW2 will be the secondary root for these VLANs.
Page 3 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
Network Name default voice management administrative support production mobile net_admin servers peripherals web_access future null NAT_pool DSL_Link Frame_Link
Description Default VLAN for the Layer 2 devices Voice VLAN to support Voice over IP Management hosts and secure peripherals (payroll printer) Administrative hosts Support hosts High performance production workstations (stationary) Mobile production hosts
Network support Servers to support video services and storage Peripherals for general use (printers, scanners) VLAN for servers that are publicly accessible VLAN for future services VLAN for terminating unwanted or suspicious traffic 209.165.200.224 /29 Addresses for NAT pool for BR4 or interface to ISP4 192.0.2.40 /30 DSL link to the ISP 172.18.0.16/30 Address of the FR link to the stadium 172.17.0.0 /16
NOTE: For this exercise, VLANs 60 and 80 have been extended over VPNs to support hosts and services to the stadium. As discussed in Step 1, this may not be an optimal solution.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
What is the smallest address block size that can potentially satisfy the FilmCompany network needs? __________________ 1024 NOTE: Often, when adding the total number off addresses needed, the total count may not accurately reflect the number of addressing blocks required. This discrepancy can occur when the host counts for the networks have not been rounded up to the next logical network size. Because the individual counts represent rounded values, you can be confident that this block size can satisfy the network requirements. File this information in your design portfolio for use in the next lab.
Reflection / Challenge
This lab provided a step-by-step process for determining an addressing scheme for a corporate network. Discuss and consider the issues that would arise if this planning process was not methodically used. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Objective
Define an addressing block scheme to support summarization.
Background / Preparation
Instructor notes: This is a written lab. It is the second of three in a series. Lab 6.2.1 considered the issues relating to designing an addressing scheme. Lab 6.2.2 (this lab) determines the number of IP subnets. Lab 6.2.5 considers the assignment of subnets and addresses to particular VLANs. In this lab, students consider the best way to manage addressing of the redesigned FilmCompany network topology. Among the important issues that need to be clarified are: The difference between VLANs and subnets Providing a scaleable addressing design There may be more than one solution An optimal solution may not be always attainable
This lab is part of a series of labs in which you design the IP addressing scheme for the new FilmCompany network. This series includes Determining an IP Addressing Scheme (Lab 6.2.1), Determining the Number of IP Networks (Lab 6.2.2) and Creating an Address Allocation Spreadsheet (Lab 6.2.5). With the acquisition of AnyCompany and the new contract with StadiumCompany, the network infrastructure of this branch office of FilmCompany needs to change significantly. In this lab, you will design an IPv4 addressing plan that satisfies the requirements of the addressing scheme developed for the new FilmCompany network in Lab 6.2.1. This plan will be applied to the network in the next lab.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
What is the smallest address block size that can potentially satisfy the FilmCompany network needs? __________________ 1024
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
Network/VLAN Name Voice support production Future Null administrative Mobile peripherals web_access Default management Net_admin
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
Network address 192.168.0.0 /24 192.168.1.0 /25 192.168.1.128 /25 192.168.2.0 /25 192.168.2.128 /25 192.168.3.0 /26 192.168.3.64 /26 192.168.3.128 /26 192.168.3.192 /28 192.168.3.208 /28 192.168.3.224 /28 192.168.3.240 /28
Instructor Note: the exact order and address will vary based on address block chosen in the previous task. 192.168.0.0 /22 is used in this example.
VLAN # 1 10 20 30 40 50
Network Address 192.168.3.208 /28 192.168.0.0 /24 192.168.3.224 /28 192.168.3.0 /26 192.168.1.0 /25 192.168.1.128 /25
Description Default VLAN for the Layer 2 devices Voice VLAN to support Voice over IP Management hosts and secure peripherals (payroll printer) Administrative hosts Support hosts High performance production workstations (stationary)
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
Network/VLAN Name mobile net_admin servers peripherals web_access future null NAT_pool DSL_Link Frame_link
Network Address 192.168.3.64 /26 192.168.3.240 /28 172.17.0.0 /16 192.168.3.128 /26 192.168.3.192 /28 192.168.2.0 /25 192.168.2.128 /25
Description Mobile production hosts. Network support Servers to support video services and storage. Peripherals for general use (printers, scanners) VLAN for server that are publicly accessible VLAN for future services
VLAN for terminating unwanted or suspicious traffic Addresses for NAT pool for BR4 or 209.165.200.224 /29 interface to ISP4 192.0.2.40 /30 DSL link to the ISP 172.18.0.16/30 Address of the FR link to the stadium
File this information in your design portfolio for use in the next lab.
Reflection / Challenge
This lab specifically used private IPv4 addresses. Discuss the issues to be considered if it was decided to use public IP addresses throughout the network. Are there any situations that would require this? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Objective
Document the address assignment within the FilmCompany network.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
Background / Preparation
Instructor notes: This is a written lab. It is the third of three in a series. Lab 6.2.1 considered the issues relating to designing an addressing scheme. Lab 6.2.2 determined the number of IP subnets. Lab 6.2.5 (this lab) considers the assignment of subnets and addresses to particular VLANs. In this lab, students consider the best way to manage addressing of the redesigned FilmCompany network topology. Among the important issues that need to be clarified are: The difference between VLANs and subnets Providing a scaleable addressing design There may be more than one solution An optimal solution may not be always attainable
This lab is part of a series of labs in which you design the IP addressing scheme for the new FilmCompany network. This series includes Determining an IP Addressing Scheme (Lab 6.2.1), Determining the Number of IP Networks (Lab 6.2.2) and Creating an Address Allocation Spreadsheet (Lab 6.2.5). Based on the addressing plan you created in Labs 6.2.1, Determining the IP Addressing Scheme, and Lab 6.2.2, Determining the Number of IP Networks, you will create a spreadsheet showing the VLSM addressing allocation for the networks. This information will to be placed in the IP Network Requirements table to show the size of the IP address blocks that are needed for each area of the network. You should group areas that have similar requirements, to reduce the number of different subnet masks that must be supported. By reducing the number of subnet combinations, the designer simplifies the configurations. This makes it easier for the existing FilmCompany network staff to support and troubleshoot. The design requires the support of four different subnet masks.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
Instructor Note: These values can vary and are dependent on values used in the previous lab. However, the prefixes (subnet masks) should remain the same. These examples use 192.168.0.0 /22 from the previous lab. For this task, first list the block you have chosen and then show the allocation of this block into the subnets. Begin with the largest block and work to the smallest. NOTE: You may want to use a pencil to fill in this table so that you can make changes until it is complete and final.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
Step 1: Record the network names and addresses in the addressing table
In the table below, record the network names for the FilmCompany in the first column and the corresponding network address in the second column.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
Network Names voice support production future null administrative mobile peripherals Web_access default management net_admin
Network Address 192.168.0.0 /24 192.168.1.0 /25 192.168.1.128 /25 192.168.2.0 /25 192.168.2.128 /25 192.168.3.0 /26 192.168.3.64 /26 192.168.3.128 /26 192.168.3.192 /28 192.168.3.208 /28 192.168.3.224 /28 192.168.3.240 /28
Lowest Host Address 192.168.0.1 192.168.1.1 192.168.1.129 192.168.2.1 192.168.2.129 192.168.3.1 192.168.3.65 192.168.3.129 192.168.3.193 192.168.3.209 192.168.3.225 192.168.3.241
Highest Host Address 192.168.1.254 192.168.1.126 192.168.1.254 192.168.2.126 192.168.2.254 192.168.3.62 192.168.3.126 192.168.3.190 192.168.3.206 192.168.3.222 192.168.3.238 192.168.3.254
Broadcast Address 192.168.1.255 192.168.1.127 192.168.1.255 192.168.2.127 192.168.2.255 192.168.3.63 192.168.3.127 192.168.3.191 192.168.3.207 192.168.3.223 192.168.3.239 192.168.3.255
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Objective
Diagram selected portions of the new FilmCompany network, including devices, device names, and IP addressing.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Network device names are sometimes assigned without a unified plan. Without a good network naming scheme, the network can become difficult to manage. However, it must also be recognized that device names that display their function and location can present a security issue. In this lab, you will develop a naming convention and apply labels using this convention to selected devices. You should use the planning information from the previous three labs to complete this lab. The naming scheme will be documented in the topology above and in the table at the end of the lab.
For each naming criteria, assign a code for type. You will use these codes in different combinations to create device names. In the tables below, create codes for the elements of the device names. Use as many or as few codes as needed.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
Instructor Note: The code values can vary greatly. There is no established method for the codes. Encourage students to be creative but practical and ensure that the codes used follow the guidelines shown in this step. A PARTIAL EXAMPLE IS SHOWN.
__dev-type____ __location_____ ___dev-purp___ _____________ ______________ _____________ Instructor Note: These can be mapped in a variety of ways. Above is A PARTIAL example.
IP Address
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Instructor Note: Device name values can vary greatly. The IP addresses assigned are dependent on values used in the previous lab but can be any value within the appropriate network range. Important: File this information in your design portfolio; it is an essential part of your design documentation.
Reflection / Challenge
If you developed additional criteria to add to the naming convention, discuss why these criteria were used. If you did not use additional criteria, discuss what other criteria might need to be used and why they would be used. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Lab 7.1.6 Analyzing a Test Plan and Performing a Test Instructor Version
Objectives
Analyze a sample test plan to determine: The subject of the test The methods and tools for testing The potential results
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Background / Preparation
Instructor notes: Using the sample test plan included with the lab and the topology shown, students will review the contents of the test plan and determine the test to be performed, how it should be conducted, and how to determine success or failure. The test scenario is simple: create two VLANs on a switch and test connectivity between the VLANs depending on which port the PC is attached to. Connect the switch to a router and configure and verify inter-vlan routing. This lab, as written, uses 2 PCs. PC1 is on one VLAN and PC2 is on another. If resources and time are available, configuring more VLANs of two or three PCs each will provide a more comprehensive demonstration, however conducting the test with two PCs and two VLANS is sufficient to achieve the goals of the test. If it works with two PCs and two VLANs is it will work with more PCs and more VLANs, unless configuration errors are introduced. To conclude this lab, students should reflect on the design implications and rationale of implementing VLANs in a network. The instructions and CLI command and output format given in this lab are based on the Cisco Catalyst C2960 switch running IOS version 12.2 and a Cisco 1841 router running IOS version 12.4. Note that different switch and router platforms and IOS versions may result in different command and output formats than shown. This lab demonstrates the analysis of a standardized test plan to determine the nature of the test to be performed, the methods and tools to be used, and the potential results. After analyzing and answering questions regarding the test plan, you will document the results of the specified tests. The configuration output used in this lab matches that of a 2960 switch and 1841 series router. The same commands can be used with other Cisco switches and routers but may produce slightly different output.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 20
Table of Contents
Introduction Equipment Design and Topology Diagram Test 1. Description: Basic VLAN Connectivity Test Test 1. Procedures Test 1. Expected Results and Success Criteria Test 1. Results and Conclusions Test 2. Description: VLAN Routing Test Test 2. Procedures Test 2. Expected Results and Success Criteria Test 2. Results and Conclusions
Introduction
INSTRUCTIONS: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run. The purpose of this prototype is to demonstrate how the individual Access Layer VLANs can be configured to separate traffic from the end devices, IP telephones, and video cameras. The intent is to demonstrate that computers on VLAN 10 cannot access devices on the voice VLAN unless inter-vlan routing is configured. Test 1: Basic VLAN Connectivity Test Verify physical and IP connectivity between devices on the prototype network. Demonstrate IP connectivity between devices on the same VLANs. Demonstrate lack of IP connectivity between devices on different VLANs.
Test 2: VLAN Routing Test Demonstrate routing of traffic between separate VLANs, unrestricted.
Page 3 of 20
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Qty. Rqd 1 1
FastEthernet NIC
none
Substitute Any 2950 or 2960 model switch Any multilayer switch or router with minimum 1 FastEthernet port. At least one PC and any other IP enddevice (camera, printer, etc.) none
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 20
IP Address Plan Device Designation R1 S1 PC1 PC2 VLAN Plan VLAN Names and IDs VLAN1 management VLAN10 main-net VLAN20 voice Switch Ports Fa0/1 Fa0/2 -12 10.0.10.0 / 24 10.0.20.0 / 24 Network Users Fa0/13 - 24 IP Phones Device Name FC-CPE-1 FC-ASW-1 Host1 Host2 Fast Ethernet Address Fa0/0.1 10.0.1.1 Fa0/0.10 10.0.10.1 Fa0/0.20 10.0.20.1 VLAN1 10.0.1.2 10.0.10.2 10.0.20.2 Subnet Mask Default Gateway
Switch S1 S1 S1
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 20
Goals of Test: The goal of the basic connectivity test is to verify that the proper physical connections are made, that the topology is up, and that devices are correctly configured.
Test 1. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Console into the switch and start a log file. Get the show running-config and show vlans from the switch. 2. Verify that VLANs are correctly configured. Record any anomalies. 3. Verify the IP configurations of the PCs. 4. Test IP connectivity between host devices on the same VLAN. 5. Test IP connectivity between host devices on different VLANs.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 20
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 20
Test 2. Procedures
1. Console into the switch and ping all router subinterfaces and other devices in the topology. Record any anomalies. 2. Ping the switch and the router default gateway from each PC. Record any anomalies. 3. Telnet from each PC to the switch and the router. 4. Start a log file and get the show running-config and show vlans from the switch and router. Get the show ip route from the router. 5. Test IP connectivity between host devices on the same VLAN. 6. Test IP connectivity between host devices on different VLANs.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 20
CCNA Discovery Designing and Supporting Computer Networks Task 1: Analyze the Test Plan
Analyze the test plan shown above and answer the following questions: a. What are the four main sections of the test plan? ___________________________________________________ ___________________________________________________ ___________________________________________________ ___________________________________________________ 1) Introduction, 2) Equipment, 3) Design / Topology Diagram, 4) Test Descriptions and related testing information. (Test procedure, success criteria, and conclusions subsections repeat for each test within the test plan.) b. How many tests are defined within the test plan in this lab? __________ 2 c. In which testing subsection would you find the types of commands or analysis tools used to determine if the test was successful? _________________________ Procedures
d. In which main test plan section would you find a description the devices and cabling used to build the prototype for the test plan? _________________________ Equipment e. In which main testing section would an overall description of the tests to be performed and the reasons why they are being specified in the test plan? _________________________ Introduction
Task 2: Configure the PCs and switch VLANs and perform Test 1
Step 1: Connect devices and configure PC IP addresses
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Connect the switch to the router as shown in the Test Plan topology diagram. b. Connect the PC1 and PC2 hosts to the switch using the ports indicated in the Test Plan topology table. c. Using the IP address information from the Test Plan table, configure PC1 and PC2.
Step 4: Perform Test 1 to determine if the hosts can communicate between VLANs
a. Issue the show running-config commands from the switch and verify all basic configuration settings. See output at end of lab. b. Issue the show vlan brief command on the switch to verify what ports are in which VLANs. Which switch ports are in VLAN 1? ___________________ Fa0/1 Gi0/1, Gi0/2 Which switch ports are in VLAN 10? ___________________ Fa0/2 Fa0/12 Which switch ports are in VLAN 20? ___________________ Fa0/13 Fa0/24 FC-ASW-1#show vlan brief VLAN Name ---- ---------------------1 default 10 main-net Status --------active active Ports ------------------------------Fa0/1, Gi0/1, Gi0/2 Fa0/2, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24
20
voice
active
<*** output omitted ***> c. With PC1 connected to switch port 4 and PC2 attached to port 14, attempt to ping from PC1 to PC2. Would you expect the ping to be successful? __________ No Why or why not? __________________________________________________________________ PC IP addresses are on different networks (PC1 is on net 10.0.10.0/24 and PC2 is on net 10.0.20.0/24 and in different VLANs. d. Change the IP address of PC2 to 10.0.10.5 so that the two PCs are on the same network and ping again. Would you expect the ping to be successful? __________ No Why or why not? __________________________________________________________________ PC IP addresses have the same network address now but are still in different VLANs. e. Move the cable for PC2 to a port that is in the VLAN 10 range (Fa0/2 to Fa0/12) and ping again. Would you expect the ping to be successful? __________ Yes Why or why not? __________________________________________________________________ PC IP addresses are in the same network and are now in the same VLAN. f. Change the IP address for PC2 back to 10.0.20.2 and move the cable back to Fa0/14 in VLAN 20.
This test demonstrated that the PCs from the main-net cannot communicate with the PCs on the voice net without assistance from a Layer 3 device.
Task 3: Configure the switch and router for VLAN routing and perform Test 2
Step 1: Configure VLAN trunking on switch S1
NOTE: If using he 2900XL switch be sure to configure the DOT1Q encapsulation to ensure trunking works.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 20
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 20
This is configured as native Vlan for the following interface(s) : FastEthernet0/0 Protocols Configured: IP Other Address: 10.0.1.1 Received: 21 0 Transmitted: 43 138
396 packets, 67954 bytes input 181 packets, 51149 bytes output Virtual LAN ID: 10 (IEEE 802.1Q Encapsulation) FastEthernet0/0.10 Address: 10.0.10.1 Received: 94 0 Transmitted: 25 12
94 packets, 15324 bytes input 37 packets, 3414 bytes output Virtual LAN ID: 20 (IEEE 802.1Q Encapsulation) FastEthernet0/0.20 Address: 10.0.20.1 Received: 9781 0 113 14
9781 packets, 939660 bytes input 127 packets, 9617 bytes output c. From switch S1, issue the command show interfaces trunk. What interface on switch S1 is in trunking mode? __________________________________ Fa0/1 Which VLANs are allowed and active in the management domain? ______________________ 1, 10, 20 FC-ASW-1#show interfaces trunk Port Fa0/1 Port Fa0/1 Mode on Encapsulation 802.1q Status trunking Native vlan 1
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Vlans allowed and active in management domain 1,10,20 Vlans in spanning tree forwarding state and not pruned 1,10,20
Step 4: Perform Test 2 to determine if the hosts can communicate between VLANs through the use of inter-vlan routing provide by a router
a. Issue the show running-config commands from the switch and verify all basic configuration settings. See output at end of lab. b. Ping from the switch to the router default gateway for VLAN 1. Was the ping successful? __________ Yes c. Telnet from the switch to the router. Where you successful? __________ Yes d. With PC1 connected to switch port 4 and PC2 attached to port 14, attempt to ping from PC1 to PC2. Would you expect the ping to be successful? __________ Yes Why or why not? __________________________________________________________________ PC IP addresses are on different networks (PC1 is on net 10.0.10.0/24 and PC2 is on net 10.0.20.0/24 and in different VLANs but the router is routing packet between the two independent subnets. e. Telnet from PC1 to the switch and the router. Would you expect the Telnet to be successful? __________ Yes Why or why not? __________________________________________________________________ Physical and IP connectivity has been previously verified. As long as there are no VTY restrictions or ACLs in place, each PC should be able to telnet to either the switch using the VLAN1 IP address or to the router using any of the router subinterface addresses. f. Issue the show ip route command on the router to display the routing table. How many subnet routes are there? __________ 3 - All directly connected to the subinterfaces defined for Fa0/0. (10.0.1.0, 10.0.10.0 and 10.0.20.0) FC-CPE-1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 3 subnets 10.0.10.0 is directly connected, FastEthernet0/0.10 10.0.1.0 is directly connected, FastEthernet0/0.1 10.0.20.0 is directly connected, FastEthernet0/0.20
C C C
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 20
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 15 of 20
APPENDIX
Sample Configurations
FC-ASW-1#show running-config Building configuration... Current configuration : 2571 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname FC-ASW-1 ! enable secret 5 $1$p421$26.k4AK.iHLb7NhiDvAb6. enable password cisco ! no aaa new-model ip subnet-zero ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport access vlan 10 switchport mode access ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access ! interface FastEthernet0/5 switchport access vlan 10 switchport mode access ! interface FastEthernet0/6 switchport access vlan 10 switchport mode access
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 16 of 20
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 18 of 20
FC-CPE-1#show running-config Building configuration... Current configuration : 1371 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$HGWn$CICdaWyXJ6reegr1jmnIt0 enable password cisco ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! ! no ip domain lookup ! ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 10.0.1.1 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/0.10 encapsulation dot1Q 10 ip address 10.0.10.1 255.255.255.0 no snmp trap link-status
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 19 of 20
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 20 of 20
End Date
Table of Contents
Attendees ................................................................................................................................................3 Introduction .............................................................................................................................................4 Equipment ...............................................................................................................................................5 Design and Topology Diagram ..............................................................................................................6 Design and Topology Diagram ..............................................................................................................6 Test 1. Description: Basic Connectivity Test .......................................................................................8 Test 1. Procedures..................................................................................................................................8 Test 1. Expected Results and Success Criteria ...................................................................................9 Test 1. Results and Conclusions...........................................................................................................9 Test 2. Description: VLAN Configuration Test...................................................................................10 Test 2. Procedures................................................................................................................................10 Test 2. Expected Results and Success Criteria .................................................................................11 Test 2. Results and Conclusions.........................................................................................................11 Test 3. Description: VLAN Routing Test.............................................................................................12 Test 3. Procedures................................................................................................................................12 Test 3. Expected Results and Success Criteria .................................................................................13 Test 3. Results and Conclusions.........................................................................................................13 Appendix ...............................................................................................................................................14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 14
Attendees
Name Company FilmCompany FilmCompany NetworkingCompany NetworkingCompany NetworkingCompany Position IT Manager Business Manager Account Manager Network Designer System Engineer
Instructor note: Students can enter their own names in the roles they choose or make up names for the attendees.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 14
Introduction
INSTRUCTIONS: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run. Instructor note: Example answers to this section are: To verify the FilmCompany LAN Design. To test the switch and router configurations proposed for the FilmCompany network. To ensure that the design functions as expected. Purpose of this test: _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Instructor note: These tests are given to the student at a very high level. Later in this lab, the students are expected to record the detailed steps to perform the test. Test 1 is given as an example. Tests to run: Test 1: Basic Connectivity Test Verify physical and IP connectivity between devices on the prototype network. Document operation.
Test 2: VLAN Configuration Test Demonstrate multiple VLANs and port security. Verify that members of the same VLAN can communicate successfully and that members of different VLANs are not able to communicate successfully. Demonstrate 802.1q trunk links between devices. Verify STP to ensure that S1 becomes the root bridge. Document operation.
Test 3: VLAN Routing Test Demonstrate routing of traffic between separate VLANs, unrestricted. Demonstrate routing of traffic between separate VLANs, with restrictions. Document operation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 14
Equipment
INSTRUCTIONS: List all of the equipment needed to perform the tests. Be sure to include cables, optional connectors or components, and software. Additional options or software required none none IOS Software Rev. 12.2 or above 12.2 or above
Qty. Rqd 3 1
FastEthernet NIC
Substitute Any 2950 or 2960 model switch Any multilayer switch or router with minimum 2 FastEthernet ports At least one PC and any other IP end device (camera, printer, etc.)
none
6 6
none
none
n/a
Instructor note: Based on the topology of the proposed FilmCompany LAN created at the end of Chapter 5, students fill in the equipment necessary to perform the prototype tests. If the physical lab does not contain the exact models of equipment, assist the students in specifying the correct substitutes.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 14
IP Address Plan Instructor note: The students use the IP addresses that they designed in Chapter 6 Lab 6.2.5.4. Device Name Interface IP Address Subnet Mask
VLAN Plan Instructor note: Students create VLANs based on the requirements specified in the logical design created in Chapter 5 Lab 5.2.4.2. Switch VLAN Names and IDs IP Address Range Group
Additional Notes and Instructions: Instructor note: Students record any other information that they think might be useful to the technicians performing the tests. An example might be: This test must show that the new VLAN design segregates traffic as expected. INSTRUCTIONS: Add a description about this design here that is essential to provide a better understanding of the testing or to emphasize any aspect of the test network to the reader. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 14
INSTRUCTIONS: For each test to be performed state the goals of the test, the data to record during the test, and the estimated time required to perform the test. Test 1 is given as an example.
Test 1. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Build the topology according to the Design and Topology Diagram. Assign IP addresses according to the IP address plan. 2. Create a basic configuration on each device. Include applicable passwords, device names, default routes, default gateways, and activate interfaces. 3. Console into one of the devices in the topology and ping all of the other devices in the topology. Record any anomalies. 4. Telnet to each device in the configuration and verify that each is reachable. 5. Copy the output of the show running-config, show ip route, show processes cpu sorted, show interfaces, and the first few lines of show memory and paste into a document using a text editor such as Notepad. Repeat for all devices in the topology.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 14
Data to Record: VLAN Configurations STP Configuration CPU & Memory Ping Test Output
Test 2. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 10 of 14
Student answers may vary slightly from the above list and may be in a different order. The exercise is to encourage students to think about all of the steps that they need to perform to verify the VLAN design. Planning installation tasks and estimating the effort necessary to accomplish them is critical to the success of the students when they leave the course.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 14
Data to Record: Router Configuration IP Routing Table Information CPU & Memory Ping Test Output
Test 3. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Instructor note: Students list the procedures. Example answer is:
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 14
Appendix
INSTRUCTIONS: Record the starting configurations, any modifications, log file or command output, and any other relevant documentation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 14
Lab 7.2.2 Creating a Test Plan for the Campus Network (Instructor Version)
Instructor Note: This lab is part of a series of labs that includes 7.2.2, 7.2.5, and 7.2.6. In this series the students create a test plan to verify the FilmCompany network design (7.2.2), and then execute the test plan (7.2.5), and finally analyze the results of the testing (7.2.6). Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. In most organizations, this type of activity is done by a team of people, consisting of the account manager, network designer, systems engineers, and field engineers. If the students are working in a group to complete the lab, it is important for each one to be assigned a specific role (described in Chapter 2) and to provide input appropriate for the role.
Objective
Create a test plan for a prototype test.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
Background / Preparation
Instructor notes: This lab takes the students through the steps required for creating a test plan to use to test the LAN design created in earlier chapters. Students are required to review the documentation that they have kept in their portfolios and use this information to prepare the test plan. This lab takes you through the steps required for creating a test plan to test the FilmCompany LAN design. To prepare for this lab, you will need information from the results of earlier labs that you saved in your portfolio. The required information can be found in these labs: The topology diagram created in Lab 5.2.4 The IP address spreadsheet created in Lab 6.2.5
Instructor note: Use the Instructor version of these labs (5.2.4 and 6.2.5) for the answer diagram and spreadsheet.
Step 2: Review the proposed IP Address Allocation spreadsheet created in Lab 6.2.5
a. Determine the appropriate IP addressing for the devices identified in Step 1a. b. Determine an appropriate IP address range for each VLAN identified in Step 1b. Instructor note: Answers may vary slightly, depending on how the address allocation was made in the earlier lab.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
CCNA Discovery Designing and Supporting Computer Networks Task 2: Create the LAN Design Test Plan
The format used to create the test plans may vary. The format used for this and subsequent labs is similar to the document used by the Cisco Customer Proof-of-Concept Labs. It is divided into sections to make it easier to read and understand. The test plan is a formal document that can be included in a proposal. It verifies that the design functions as expected. Many times, customer representatives are invited to view the prototype tests. In these cases, the customer can review the design and see for themselves that the network meets the requirements.
Three tests are entered for you to use with this test plan. Test 1: Basic Connectivity Test 2: VLAN Configuration Test 3: VLAN Routing.
Step 4: Complete the Design and Topology Section of the test plan
a. Copy the LAN topology from the diagram created previously in Lab 5.2.4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
d. Enter any additional information that you want the technician performing the test to be aware of before the test begins.
Step 5: Complete the Test Description, Procedures, and Expected Results sections of the test plan
a. In the Test Description section, enter the goals for each of the three tests that you plan to perform. Test 1 is completed as an example of how to fill in the information. b. In the Test Procedures section, enter the steps that are necessary to perform each planned test. c. In the Expected Results and Success Criteria section, enter what you expect the results to be if all the steps in the Test Procedures section are followed correctly. Determine what results need to be observed for the test to be considered a success.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Objective
Use a test plan to test the design of a LAN.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 20
Background / Preparation
Instructor notes: The students will use the test plan they created in Lab 7.2.2 to build and test a prototype of the FilmCompany network. Refer to the Instructor Version of Lab 7.2.2 for the steps that the students will perform during each of the three tests. Network designers build and test prototype networks to ensure that the elements they have included in their designs work as expected and meet the objectives of their customers. Using a test plan is one way to organize the testing and ensure that all of the design elements are tested in a way that is appropriate. Using the test plan that you completed in Lab 7.2.2, you will perform the following tests: Test 1: Baseline Connectivity Test Verify physical and IP connectivity between devices on the prototype network. Document operation.
Test 2: VLAN Configuration Test Demonstrate multiple VLANs, vty, and port security. Verify that members of the same VLAN can communicate successfully and that members of different VLANs are not able to communicate successfully. Demonstrate 802.1q trunk links between devices. Verify STP to ensure that S1 becomes the root bridge. Document operation.
Test 3: VLAN Routing Test Demonstrate routing of traffic between separate VLANs, unrestricted. Demonstrate routing of traffic between separate VLANs, with restrictions.
Page 2 of 20
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
a. Select the necessary equipment and cables as specified in the Equipment section of the test plan. See your instructor for assistance in identifying the appropriate equipment. b. Using the topology diagram and IP address plan contained in the Design and Topology Diagram section of the test plan, connect and configure the prototype network. c. Following the procedures in the Test 1: Procedures section, console into one of the devices and verify that you can ping all of the other device addresses. If you are unsuccessful, verify each device configuration. Repeat the connectivity testing.
d. Copy and paste the initial device configurations into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.
Step 3: Record the test results in the Results and Conclusions section of the test plan
a. Compare the results that you observed during the testing with the expected results listed in the Test 1: Expected Results and Success Criteria section. b. Determine if the testing indicates that the network meets the success criteria. If it does, indicate that the test is successful.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 20
CCNA Discovery Designing and Supporting Computer Networks Task 2: Perform Test 2: VLAN Configuration Test
Step 1: Configure the prototype network
Instructor Notes: The prototype uses 2 PCs. PC1 is on one VLAN and PC2 is on another. If resources and time are available, configuring more VLANs of two or three PCs each will provide a more comprehensive demonstration, however conducting the test with two PCs and two VLANS is sufficient to achieve the goals of the test. If it works with two PCs and two VLANs is it will work with more PCs and more VLANs, unless configuration errors are introduced. This lab uses the topology diagram and device names from the instructor version of Lab 5.2.4. It uses the following VLAN and IP address ranges from the IP addressing plan in the instructor version of Lab 6.2.5. General VLAN 11 (192.168.3.0/26) Production VLAN 22 (192.168.3.0/26) Default VLAN 1 (192.168.3.208/28)
a. Follow the steps you created in the Test 2: Procedures section of the test plan to configure the VLANs on the prototype network. b. Using the VLAN plan specified in the Design and Topology Diagram section of the test plan, configure the switches with the appropriate VLANs. c. Configure the links between the switches as trunk links and permit all VLANs across the trunks.
d. Configure one switch to be the root bridge. e. Configure port security on the ports attached to the two PCs to only accept one MAC address. f. Copy and paste the initial device configurations into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.
d. Attempt a ping from PC1 to PC2 to verify that the VLANs are successfully isolating traffic between the two PCs. e. Record the results in the Test 2: Results and Conclusions section of the test plan.
Step 3: Record the test results in the Results and Conclusions section of the test plan
a. Compare the results that you observed during the testing with the expected results listed in the Test 2: Expected Results and Success Criteria section. b. Determine if the testing indicates that the network meets the success criteria. If it does, indicate that the test is successful.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 20
CCNA Discovery Designing and Supporting Computer Networks Task 3: Perform Test 3: VLAN Routing Test
Step 1: Configure the prototype network
a. Follow the steps you created in the Test 3: Procedures section of the test plan to configure the router to route between VLANs. b. Using the topology diagram shown in the Design and Topology Diagram section of the test plan, configure the appropriate router to route between the VLANs created in Task 2. c. Following the steps you listed in the Test 3: Procedures section, console into the switch that is directly connected to the router. Configure the link between the switch and the router as an 802.1q trunk link and permit all VLANs across the trunk.
d. Console into the router and configure the router interface directly connected to the switch for 802.1q encapsulation. e. Configure the router with the appropriate IP addresses for the various VLANs. Verify that the routes appear correctly in the routing table. f. Copy and paste the initial device configurations into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.
d. Record the results in the Test 3: Results and Conclusions section of the test plan.
Step 3: Record the test results in the Results and Conclusions section of the test plan
a. Compare the results that you observed during the testing with the expected results listed in the Test 3: Expected Results and Success Criteria section. b. Determine if the testing indicates that the network meets the success criteria. If it does, indicate that the test is successful.
Step 4: Reflection
Was the prototype testing of the FilmCompany LAN design successful? Did having a test plan to work from help you organize your testing? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 20
*** Refer to following output for show vlan brief and show spanning tree for each switch
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 20
PINGS FROM BR4 to all three switches (VLAN 1), PC1 (VLAN 11) and PC2 (VLAN 22)
Ping switch FC-ASW-1 BR4#ping 192.168.3.210 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.210, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms BR4# Ping switch FC-ASW-2 BR4#ping 192.168.3.211 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.211, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms BR4# Ping switch ProductionSW BR4#ping 192.168.3.212 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.212, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms BR4# Ping switch Host PC1 (FC-ASW-1, VLAN 11) BR4#ping 192.168.3.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms BR4# Ping switch Host PC2 (ProductionSW, VLAN 22) BR4# BR4#ping 192.168.1.130 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.130, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms BR4# BR4#
FC-ASW-1#sh running-config Building configuration... Current configuration : 2614 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname FC-ASW-1 ! enable secret 5 $1$3L5M$0BhB0bowM6lL..p7pw9ZD1 enable password cisco ! no aaa new-model ip subnet-zero ! no ip domain-lookup ! ! ! no file verify auto ! spanning-tree mode pvst spanning-tree extend system-id spanning-tree vlan 1 priority 4096 ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport mode trunk ! interface FastEthernet0/4 switchport mode access ! interface FastEthernet0/5 switchport access vlan 11 switchport mode access ! interface FastEthernet0/6 switchport access vlan 11 switchport mode access ! interface FastEthernet0/7 switchport access vlan 11 switchport mode access ! interface FastEthernet0/8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 20
FC-ASW-1#sh vlan brief VLAN ---1 11 22 Name -------------------------------default General Production Status --------active active active Ports ------------------------------Fa0/4, Gi0/1, Gi0/2 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24
Bridge ID
Priority 4097 (priority 4096 sys-id-ext 1) Address 001d.4635.0c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Desg Sts --FWD FWD FWD Cost --------19 19 19 Prio.Nbr -------128.1 128.2 128.3 Type -------------------------------P2p P2p P2p
VLAN0011 Spanning tree enabled protocol ieee Root ID Priority 32779 Address 001c.f9bb.7000 Cost 19 Port 3 (FastEthernet0/3) Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32779 (priority 32768 sys-id-ext 11) Address 001d.4635.0c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Root Desg Sts --FWD FWD FWD FWD Cost --------19 19 19 19 Prio.Nbr -------128.1 128.2 128.3 128.11 Type -------------------------------P2p P2p P2p P2p
VLAN0022 Spanning tree enabled protocol ieee Root ID Priority 32790 Address 001c.f9bb.7000 Cost 19 Port 3 (FastEthernet0/3) Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32790 (priority 32768 sys-id-ext 22) Address 001d.4635.0c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Root Sts --FWD FWD FWD Cost --------19 19 19 Prio.Nbr -------128.1 128.2 128.3 Type -------------------------------P2p P2p P2p
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 20
CCNA Discovery Designing and Supporting Computer Networks Switch FC-ASW-2 2960 IOS 12.2
FC-ASW-2#sh run Building configuration... Current configuration : 2538 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname FC-ASW-2 ! enable secret 5 $1$P1ZY$A.BvHzZ6AXIgDxzuQvmEm0 enable password cisco ! no aaa new-model ip subnet-zero ! no ip domain-lookup ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 ! interface FastEthernet0/4 switchport mode access ! interface FastEthernet0/5 switchport access vlan 11 switchport mode access ! interface FastEthernet0/6 switchport access vlan 11 switchport mode access ! interface FastEthernet0/7 switchport access vlan 11 switchport mode access ! interface FastEthernet0/8 switchport access vlan 11
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 20
FC-ASW-2#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 4097 Address 001d.4635.0c80 Cost 19 Port 2 (FastEthernet0/2) Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32769 (priority 32768 sys-id-ext 1) Address 001d.4662.7b00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300
Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/1 Altn BLK 19 128.1 P2p
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 15 of 20
VLAN0011 Spanning tree enabled protocol ieee Root ID Priority 32779 Address 001c.f9bb.7000 Cost 19 Port 1 (FastEthernet0/1) Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32779 (priority 32768 sys-id-ext 11) Address 001d.4662.7b00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Root Altn Sts --FWD BLK Cost --------19 19 Prio.Nbr -------128.1 128.2 Type -------------------------------P2p P2p
VLAN0022 Spanning tree enabled protocol ieee Root ID Priority 32790 Address 001c.f9bb.7000 Cost 19 Port 1 (FastEthernet0/1) Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32790 (priority 32768 sys-id-ext 22) Address 001d.4662.7b00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Root Altn Sts --FWD BLK Cost --------19 19 Prio.Nbr -------128.1 128.2 Type -------------------------------P2p P2p
ProductionSW#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 4097 Address 001d.4635.0c80 Cost 19 Port 3 (FastEthernet0/3) Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32769 (priority 32768 sys-id-ext 1) Address 001c.f9bb.7000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Root Sts --FWD FWD Cost --------19 19 Prio.Nbr -------128.2 128.3 Type -------------------------------P2p P2p
VLAN0011 Spanning tree enabled protocol ieee Root ID Priority 32779 Address 001c.f9bb.7000 This bridge is the root Hello Time 2 sec Max Age 20 sec
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Bridge ID
Priority 32779 (priority 32768 sys-id-ext 11) Address 001c.f9bb.7000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Sts --FWD FWD Cost --------19 19 Prio.Nbr -------128.2 128.3 Type -------------------------------P2p P2p
VLAN0022 Spanning tree enabled protocol ieee Root ID Priority 32790 Address 001c.f9bb.7000 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32790 (priority 32768 sys-id-ext 22) Address 001c.f9bb.7000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Desg Sts --FWD FWD FWD Cost --------19 19 19 Prio.Nbr -------128.2 128.3 128.22 Type -------------------------------P2p P2p P2p
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 20 of 20
Objective
Analyze a network design and the results of a prototype test to determine if weaknesses exist in the proposed design.
Background / Preparation
Instructor notes: The students will use the test plan they created in Lab 7.2.2 and the results of the testing from Lab 7.2.5 to identify any weaknesses in the LAN design. Network designs often have weaknesses or areas of risk because the designer must work within constraints applied by the customer. These weaknesses can include obvious risks, such as no firewall or security filtering,
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Can new Access Layer modules be integrated into the network without disrupting services to existing users? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Answers will vary. Yes. Additional switches can be added to increase the number of connections in the design with minimal disruption. Does the design provide for the smallest possible failure domains? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Yes, switches provide microsegmentation and VLANs contain broadcasts with the use of routers and subinterfaces. Are there multiple paths and redundant devices to protect against losing connectivity to important services? ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 4
Step 2: Determine what the risks are of not correcting the weaknesses
If, in Step 1, you identify weaknesses in the proposed design, what risks do these weaknesses present to FilmCompany? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Answers will vary. Since stackable fixed configuration switches are used in the prototype, changes to port densities, media types or link speeds may present a problem. Other than adding more switches, expansion of port densities is not easily accomplished.
Step 3: Suggest ways that the design can be improved to reduce the risk
In what ways could the proposed design be improved to reduce the areas of risk? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ A higher-end chassis-based layer 3 switch could be implemented that can support multiple high-density port modules of differing speeds and media types. Having layer 3 routing built in avoids the router-on-a-stick design approach. On the other hand, having all modules in one chassis could present a problem as a single point of failure and possibly limit flexibility as to access device placement and increase cable run lengths.
Step 5: Reflection
Why do you think it is important to identify weaknesses and risks in the proposed design before presenting it to the customer? What are some reasons that weaknesses cannot be corrected? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
End Date
Table of Contents
Attendees ................................................................................................................................................3 Introduction .............................................................................................................................................4 Equipment ...............................................................................................................................................5 Design and Topology Diagram ..............................................................................................................6 Test 1. Description: Basic Connectivity Test .......................................................................................9 Test 1. Procedures..................................................................................................................................9 Test 1. Expected Results and Success Criteria .................................................................................10 Test 1. Results and Conclusions.........................................................................................................10 Test 2. Description: VLAN Configuration Test...................................................................................11 Test 2. Procedures................................................................................................................................11 Test 2. Expected Results and Success Criteria .................................................................................12 Test 2. Results and Conclusions.........................................................................................................12 Test 3. Description: VLAN Routing Test.............................................................................................13 Test 3. Procedures................................................................................................................................13 Test 3. Expected Results and Success Criteria .................................................................................14 Test 3. Results and Conclusions.........................................................................................................14 Test 4. Description: ACL Filtering Test...............................................................................................15 Test 4. Procedures................................................................................................................................15 Test 4. Expected Results and Success Criteria .................................................................................16 Test 4. Results and Conclusions.........................................................................................................16 Appendix ...............................................................................................................................................17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 17
Attendees
Name Company FilmCompany FilmCompany NetworkingCompany NetworkingCompany NetworkingCompany Position IT Manager Business Manager Account Manager Network Designer System Engineer
Instructor note: Students can enter their own names in the roles they choose or make up names for the attendees.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 17
Introduction
INSTRUCTIONS: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run. Instructor note: Example answers to this section are: To verify the FilmCompany server farm Design. To test the switch and router configurations proposed for the FilmCompany server farm network. To ensure that the design functions as expected. Purpose of this test: _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Instructor note: These tests are given to the student at a very high level. Later in this lab, the students are expected to record the detailed steps to perform the test. Test 1 is given as an example. Tests to run: Test 1: Basic Connectivity Test Verify physical and IP connectivity between devices on the prototype network. Document operation.
Test 2: Server Farm Switch Configuration Test Demonstrate the VLAN and VTP configuration. Demonstrate that separate server VLANs prevent traffic from one server to access other servers in the network. Demonstrate 802.1q trunk links between Access Layer switches. Verify rapid per-VLAN Spanning Tree operation. Document operation.
Test 3: VLAN Routing Test Demonstrate routing of traffic between separate VLANs. Document operation.
Test 4: ACL Filtering Test Demonstrate filtering of traffic between separate VLANs. Document operation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 17
Equipment
INSTRUCTIONS: List all of the equipment needed to perform the tests. Be sure to include cables, optional connectors or components, and software. Additional options or software required none IOS Software Rev. 12.2 or above
Qty. Rqd 2
3 1 2
2960 Layer 2 switch Discovery Server Personal computer end devices Cat 5 or above straight-through patch cables Cat 5 or above crossover patch cables
Substitute Any router with two Ethernet or FastEthernet interfaces capable of running 802.1q protocol Any 2950 or 2960 model switch
12.2 or above
none
none
none
none
none
n/a
Instructor note: Based on the topology diagram in lab 7.3.2, students will fill out the equipment required for the test.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 17
IP Address Plan Device Designation S1 S2 S3 R1 Simulated Internet Connection Router Interface VLAN1 VLAN1 VLAN1 Loopback0/0 IP Address 172.18.1.11/24 172.18.1.12/24 172.18.1.13/24 209.165.200.15/30 Default Gateway 172.18.1.1 172.18.1.1 172.18.1.1 Simulated Internet Address
Fa0/1 R2 Simulated Branch Router Fa0/0 Fa0/1.1 Fa0/1.10 Fa0/1.20 Fa0/1.30 PC1 Simulated Database Server PC2 Simulated File Server PC3 Discovery Server Fast Ethernet Fast Ethernet Fast Ethernet
172.18.4.1/28 172.18.4.2/28 172.18.1.1/24 172.18.10.1/27 172.18.20.1/27 172.17.0.1/16 172.18.10.21/27 172.18.20.22/27 172.17.1.1/16 172.18.10.1 172.18.20.1 172.17.0.1 Default Route: 172.18.4.1 to the Internet connection
VLAN Plan VLAN Name Management Backbone Database FileServers WebServers Default Switches to Configure All S1 All All All All IDs 1 4 10 20 30 99 IP Address Range 172.18.1.0/24 172.18.4.0/30 172.18.10.0/27 172.18.20.0/27 172.17.0.0/16 None Group IT Managers Routers Private Servers Internal-only Servers Web-accessible Servers Default VLAN for switchports and trunks
Additional Notes and Instructions: Instructor note: Students record any other information that they think might be useful to the technicians performing the tests. These might be things like: This test must show that the new VLAN design enables additional security measures to be put in place to regulate traffic.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 17
INSTRUCTIONS: For each test to be performed state the goals of the test, the data to record during the test, and the estimated time required to perform the test. Test 1 is given as an example.
Test 1. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Build the topology according to the Design and Topology Diagram. Assign IP addresses according to the IP Address Plan. 2. Create a basic configuration on each device. Include applicable passwords, device names, IP addresses, default routes, default gateways, and activate interfaces. 3. Console into one of the devices in the topology and ping all of the other routers and switches in the topology. Record any anomalies. 4. Telnet to each device in the configuration and verify that each is reachable. 5. Verify that Spanning Tree disables the redundant switched links. 6. Record the output of the show running-config, show spanning-tree, show interfaces, and the first few lines of show memory in a text file, using a text editor such as Notepad. Save the log file for later analysis. Repeat for all devices in the topology.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 17
Data to Record: VLAN Configurations Show vlan output STP Configuration Show spanning-tree output Ping Test Output
Test 2. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 17
Student answers may vary slightly from the above list and may be in a different order. The exercise is to encourage students to think about all of the steps that they need to perform to verify the VLAN design. Planning installation tasks and estimating the effort necessary to accomplish them is critical to the success of the students when they leave the course.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 17
Data to Record: Router Configuration IP Routing Table Information CPU & Memory Ping Test Output
Test 3. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 17
Data to Record: ACL Configuration Show IP access-list output Ping Test Output
Test 4. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 15 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 16 of 17
Appendix
INSTRUCTIONS: Record the starting configurations, any modifications, log file or command output, and any other relevant documentation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
PC1 Simulated Database Server PC2 Simulated File Server PC3 Discovery Server
172.18.10.1 172.18.20.1
VLAN Plan
VLAN Name Management Backbone Database FileServers WebServers Default VLAN Switches to Configure All S1 All All All All IDs 1 4 10 20 30 99 IP Address Range 172.18.1.0/24 172.18.4.0/30 172.18.10.0/27 172.18.20.0/27 172.17.0.0/16 none Group IT Managers Routers Private Servers Internal-only Servers Web-accessible Servers Default VLAN for unassigned ports and trunk links
Objective
Create a test plan designed to test the functionality of the server farm. The plan should include: The subject and scope of the proposed test The methods and tools for testing Data to record The potential results
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
Step 2: Describe the functions of the network that the designer wants to test with this prototype
______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Basic connectivity, VLAN configurations, VTP operation, VLAN routing, ACL filtering.
Step 3: Using the topology diagram, create a list of the equipment necessary to complete the prototype tests
List any cables that are needed to connect the devices as shown in the topology diagram. Use the information from this list to fill out the chart in the Equipment section of the test plan document. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ 2 Routers, 3 switches, 2 PCs, 1 Server, 6 Cat 5 Straight-through cables, 6 Cat 5 crossover cables, 1 console cable.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
Reflection
Why is it important to think about and document the expected results and success criteria for each of the individual tests? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Lab 7.3.3 Configuring and Testing the Rapid Spanning Tree Prototype Instructor Version
Device Designation
Device Name
R1
BR4
S1 S2 H1 H2 H3 H4
FC-ASW-1 ProductionSW H1 H2 H3 H4
IP Address Fa0/0.1 10.0.0.1 Fa0/0.10 10.10.10.254 Fa0/0.20 10.10.20.254 VLAN1: 10.0.0.2 VLAN1: 10.0.0.3 10.10.10.10 10.10.20.10 10.10.10.11 10.10.20.11
Subnet Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Default Gateway
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
Background / Preparation
The network designer has developed a test plan for the proposed FilmCompany server farm. The tests depend on the ability of the technicians to configure the switches to use STP, because the server farm test topology implements redundant switched links. In this lab, you will review the basic functionality Cisco Rapid PVST.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
VLAN Number 10 20
VLAN Number 10 20
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
Step 14: Configure two hosts for server VLAN, and two hosts for end user VLAN
a. H1 and H3 should be given IP addresses in the Servers VLAN, with a default gateway of 10.10.10.254. b. H2 and H4 should be given IP addresses in the Users VLAN, with a default gateway of 10.10.20.254.
Task 3: Introduce link and device failures into the network, and observe results
Step 1: Determine the port status of the spanning tree on the server switch
FC-ASW-1#show span VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 0030.F2C9.90A0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0090.21AC.0C10 Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------Fa0/1 Desg FWD 19 128.3 Shr Fa0/2 Root FWD 19 128.3 Shr Fa0/4 Altn BLK 19 128.3 Shr Fa0/5 Desg FWD 19 128.3 Shr VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 32788 Address 0030.F2C9.90A0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 0090.21AC.0C10 Aging Time 300 Interface ---------------Fa0/1 Fa0/2 Fa0/4 Fa0/6 Role ---Desg Root Altn Desg Sts --FWD FWD BLK FWD Cost --------19 19 19 19 Prio.Nbr -------128.3 128.3 128.3 128.3 Type -------------------------Shr Shr Shr Shr
Which port is not currently participating in forwarding data? __________ Fa0/4 is an Alternate and is currently in blocking state (BLK).
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
Why is it important when implementing a server farm? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Answers will vary. RSTP will help to ensure that switches can recover quickly and keep servers accessible to users in the event of a switch, link or port failure.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 7
PC1 Simulated Database Server PC2 Simulated File Server PC3 Discovery Server VLAN Plan: VLAN Name Management Backbone Database FileServers WebServers Default VLAN
172.18.10.1 172.18.20.1
IDs 1 4 10 20 30 99
Group IT Managers Routers Private Servers Internal-only Servers Web-accessible Servers Default VLAN for unassigned ports and trunk links
Objectives
Connect and configure the devices for the prototype FilmCompany server farm. Verify successful implementation of RSTP, VLAN trunking, and VTP. Configure routing between VLANs. Create and apply appropriate ACLs to filter undesirable traffic. Evaluate network performance based on previously determined checklist criteria.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Background / Preparation
This lab is designed to test the students understanding of the content presented throughout the chapter. This lab puts it all together for students to observe the interaction of the networking devices and to analyze network performance results. Detailed step-by-step directions are not supplied, because students have already performed much of the configuration in Lab 7.3.3. This lab adds routing and security to the network prototype. In this lab, you will construct the FilmCompany server farm prototype network and perform the tests described in the Server Farm Test Plan. You will analyze the network performance after applying all the configurations, and will complete the results and conclusions sections of the Test Plan.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 7
CCNA Discovery Designing and Supporting Computer Networks Task 1: Assemble and connect component devices
Step 1: Review the Topology Diagram and the Equipment section of the test plan
a. Determine which equipment or suitable substitutes will be required to meet the objectives of the lab. b. Modify the topology diagram as necessary to fit available equipment.
Step 2: Perform the Test 1 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.
Step 7: Set switch S1 as the root bridge. Step 8: Perform Test 2 according to the Server Farm Design Test Plan
Step 2: Perform the Test 2 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.
Step 2: Perform the Test 3 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.
Step 2: Examine results of connectivity tests to determine targets for the ACLs
Decide which devices should be permitted, which protocols should be used, and where ACLs should be placed.
Firewall Rule
ACL Statements
Step 4: Using the Installation Checklist, perform the steps to connect and configure the prototype network to perform Test 4.
Test 4 Requirements: Step 1: On router R2, configure ACLs to limit or permit access for testing. Step 2: Apply the access control lists to the appropriate interfaces and subinterfaces to permit or deny the selected traffic. Step 3: Perform Test 4 according to the Server Farm Design Test Plan
Step 5: Perform the Test 4 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary
Task 6 Reflection
Examine the test results and conclusions. How this network would be affected if: 1. The number of servers was doubled? _______________________________________________________________________________ _______________________________________________________________________________ Traffic on S2 would increase. It may be worthwhile adding a switch and splitting up servers to avoid single point of failure. 2. The S2 switch had a system failure? _______________________________________________________________________________ _______________________________________________________________________________ Access to the servers would be lost. 3. A new branch office with 25 new hosts was added?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 7
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 7
Lab 7.3.6 Identifying Risks and Weaknesses in the Design Instructor Version
Instructor Note: This lab is part of a series of labs that includes 7.3.2, 7.3.5, and 7.3.6. In this series the students create a test plan to verify the FilmCompany server farm design (7.3.2), and then execute the test plan (7.3.5), and finally analyze the results of the testing (7.3.6). Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. In most organizations, this type of activity is done by a team of people, consisting of the account manager, network designer, systems engineers, and field engineers. If the students are working in a group to complete the lab, it is important for each one to be assigned a specific role (described in Chapter 2) and to provide input appropriate for the role.
Objectives
Identify areas of risk and weakness in the server farm design implementation. Recommend solutions that will support eventual growth of the data center while maintaining desired network performance.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Task 1: Identify areas of risk and weakness in the server farm implementation
Step 1: Analyze the physical topology
Examine the server farm topology as one entity and as a part of the entire FilmCompany topology. Look for each of the risks and weaknesses listed in the chart. Describe the devices, connections, and issues that you find, or record None found if the design appears to avoid risks in that area. Instructor notes: One option for performing Tasks 1 and 2 is to work with the class as a whole. The instructor can display the server farm topology and the entire FilmCompany topology using a projector and discuss the weaknesses listed here and analyze the risks with students in a class discussion. Location and devices can be identified during the discussion. In Task2, the discussion can center around suggested changes to the design to help mitigate any weaknesses identified, also balancing cost vs risk. Weakness Single point of failure Risk If a device fails, a portion of the network will be inoperable. Description of Location and Devices
If a device or link fails, a large portion of the network will be affected If the traffic volume increases, there is a potential for response time to degrade. If the network grows more rapidly than expected, a costly upgrade will be needed. If the design is too complex, the current staff will not be able to support it properly.
Possible bottlenecks
Limited scalability
Overly-complex design
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
Task 2: Suggest modifications to the design to address identified risks and weaknesses
From the analysis performed in Task 1, list each risk or weakness and suggest possible changes to the design to minimize or eliminate it. Risk or Weakness Identified Modification Suggested
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Device Designation R1 R2
Objective
Describe ways to simulate WAN connectivity in a prototype lab.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
Background / Preparation
Instructor notes: In this lab, students review the configuration of WAN links. Ensure that the concepts of DCE/DTE, clock rate, and encapsulation are understood. In this lab, you will review the configuration of WAN links. Cable the network shown in the topology diagram. Any router that meets the interface requirements displayed on the diagram may be used. These include the following routers and any of their possible combinations: The configuration output used in this lab is produced from 1841 and 1721 series routers. Any other routers used may produce slightly different output. *** It should be stressed to the students that configuring a router to provide the clock as DCE is not the norm and that we only do it in the classroom environment to enable the serial links to work since we do not have a CSU/DSU as we would with a real serial WAN link.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
RTS=up
CTS=up
Challenge
Determine why it is necessary to set the encapsulation types when configuring a network. _________________________________________________________________________________ _________________________________________________________________________________ _________________________________________________________________________________ _________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
End Date
Table of Contents
Attendees ................................................................................................................................................3 Introduction .............................................................................................................................................4 Equipment ...............................................................................................................................................5 Design and Topology Diagram ..............................................................................................................6 Design and Topology Diagram ..............................................................................................................6 Test 1. Description: Frame Relay Configuration Test .........................................................................8 Test 1. Procedures..................................................................................................................................8 Test 1. Expected Results and Success Criteria .................................................................................10 Test 1. Results and Conclusions.........................................................................................................11 Test 2. Description: Backup Link Configuration Test .......................................................................12 Test 2. Procedures................................................................................................................................12 Test 2. Expected Results and Success Criteria .................................................................................13 Test 2. Results and Conclusions.........................................................................................................13 Appendix ...............................................................................................................................................14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 14
Attendees
Name Company FilmCompany FilmCompany NetworkingCompany NetworkingCompany NetworkingCompany Position IT Manager Business Manager Account Manager Network Designer System Engineer
Instructor note: Students can enter their own names in the roles they choose or make up names for the attendees.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 14
Introduction
INSTRUCTIONS: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run. Instructor note: Example answers to this section are: To verify the FilmCompany WAN Design. To test the router configurations proposed for the FilmCompany connections to the stadium network. To ensure that the design functions as expected. Purpose of this test: _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Instructor note: These tests are given to the student at a very high level. Later in this lab, the students are expected to record the detailed steps to perform the test. Test 1 is given as an example. Tests to run: Test 1: Frame Relay Configuration Test Verify Frame Relay configuration using point-to-point subinterfaces. Verify that EIGRP is configured and that MD5 authentication is set. Verify EIGRP routing between the stadium Edge2 router and the FilmCompany BR3 router. Document operation.
Test 2: Backup Link Configuration Test Demonstrate that traffic will take the alternate route if the Frame Relay link goes down. Document operation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 14
Equipment
INSTRUCTIONS: List all of the equipment needed to perform the tests. Be sure to include cables, optional connectors or components, and software. Additional options or software required none IOS Software Rev. 12.2 or above
Qty. Rqd 2
Router to simulate ISP can be 1841 with two FastEthernet interfaces Preconfigured router to simulate Frame Relay switch 2960 switch
none
Substitute Any Cisco router with 1 serial interface and 2 FastEthernet or Ethernet interfaces Any router or multilayer switch that can support two separate Ethernet networks Any Cisco router with two serial interfaces Any switch or hub to simulate the remote LAN. Can use crossover cable in place of hub/switch At least one PC and any other IP end device (camera, printer, etc.) V.35 crossover cable none none
any
12.2 or above
any
FastEthernet NIC
2 2 3
V.35 DTE cables V.35 DCE cables Cat 5 or above crossover patch cables Cat 5 or above straight-through patch cables (if hub/switch is used) Console cable
none
none
n/a
none
none
none
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 14
Topology - Prototype test topology Instructor note: The students assign addresses for the PCs that are appropriate for the topology.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 14
IP Address Plan Device Name Edge2 Interface S0/1/1 Fa0/0 Fa0/1 BR3 S0/1/0 Fa0/0 Fa0/1 ISPX PC1 PC2 Fa0/0 Fa0/1 NIC NIC IP Address 172.18.0.9/30 172.18.3.1/24 172.18.0.249/30 172.18.0.10/30 172.18.225.249/30 172.18.225.0/25 172.18.225.250/30 172.18.0.250/30 Subnet Mask
Additional Notes and Instructions: Instructor note: Students record any other information that they think might be useful to the technicians performing the tests. These might be things like: This test must show that the new WAN design operates as expected and that the backup links function if the primary link is down. INSTRUCTIONS: Add a description about this design here that is essential to provide a better understanding of the testing or to emphasize any aspect of the test network to the reader. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 14
INSTRUCTIONS: For each test to be performed state the goals of the test, the data to record during the test, and the estimated time required to perform the test. Test 1 is given as an example.
Data to Record: Configurations Interface status Routing Tables CPU & Memory Traceroute Output Ping Test Output
Test 1. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Build the topology according to the Design and Topology Diagram. Assign IP addresses according to the IP address plan. 2. Using console connections, create a basic configuration on routers Edge2, BR3, and ISPX. The router FR1 is preconfigured as a Frame Relay switch. Include applicable passwords, device names, default routes, default gateways, and activate interfaces. 3. Copy and paste the show running-config, show ip route, show processes cpu sorted, show interfaces, and the first few lines of show memory. Save the log file for later analysis using a text editor program such as Notepad. Repeat for all devices in the topology. 4. Configure the Frame Relay connections on point-to-point subinterfaces on the Edge2 and BR3 routers. Use the DLCI values shown on the topology diagram.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 14
Test 2. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 14
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 14
Appendix
INSTRUCTIONS: Record the starting configurations, any modifications, log file or command output, and any other relevant documentation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 14
Objectives
Create WAN connectivity test plan with multiple tests to determine: Simulated Frame Relay connectivity Backup Simulated VPN link functionality
Describe the necessary information for each test to include: Description of the test Procedures Anticipated Results and Success Criteria
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
CCNA Discovery Designing and Supporting Computer Networks 640-802 CCNA Exam Objectives
This lab contains skills that relate to the following CCNA exam objectives: Interpret network diagrams. Determine the path between two hosts across a network. Select the components required to meet a network specification. Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts. Access and use the router to set basic parameters, including CLI/SDM. Connect, configure, and verify operation status of a device interface. Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH, or other utilities. Perform and verify routing configuration tasks for a static or default route given specific routing requirements. Configure, verify, and troubleshoot EIGRP. Troubleshoot routing issues. Verify router hardware and software operation using show and debug commands. Implement basic router security. Describe different methods for connecting to a WAN. Configure and verify a basic WAN serial connection. Configure and verify Frame Relay on Cisco routers. Troubleshoot WAN implementation issues.
Background / Preparation
Instructor notes: Using the test plan template included with the lab and the topology shown, students will fill in the test plan sections to describe the tests to be performed, how they should be tested, and how to determine success or failure. This test plan will be used in subsequent labs to test simulated Frame Relay prototypes. To conclude this lab, students should reflect on the use of Frame Relay WAN links, the testing of primary links, and of backup links. In this lab, you will demonstrate the ability to develop a test plan to support the business goal of improving network availability. This is accomplished by configuring backup connections so that connectivity is not lost for major applications if the Frame Relay link fails. These requirements include testing a Frame Relay WAN simulation with backup links. You will determine the nature of the tests to be performed, the methods and tools to be used, and the expected results. This test plan will be used as a basis for subsequent labs 8.2.4 and 8.2.5, to test simulated Frame Relay WAN prototypes.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
CCNA Discovery Designing and Supporting Computer Networks Task 2: Document information regarding Test 1
Test 1. Description: ______________________________________________
Frame Relay Configuration Test a. Determine the goals of Test 1. Record them on the WAN Design Test Plan in the appropriate section. Goals of Test: The goals of this test are to: 1. ___________________________________________________________________ 2. ___________________________________________________________________ 3. ___________________________________________________________________ 4. ___________________________________________________________________ 1. Verify that the topology is up and proper physical connections are made between the CPE1, CPE2, and the FR1 router. 2. Verify that the devices are correctly configured for Frame Relay. 3. Verify that CPE1 and CPE2 can communicate via Frame Relay.
b. Read through the Test 1 Procedures section in the test plan. Are there any additional procedures that you think are necessary to document the operation of the Frame Relay link and the EIGRP routing between Edge2 and BR3? __________ If there are, add them here: _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ Instructor note: Students may suggest additional tests or configuration tasks. c. Review the Expected Results and Success Criteria for Test 1. Are there any additional results you expect as a result of doing the procedures outlined for Test1? __________ If there are, add them here: _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
CCNA Discovery Designing and Supporting Computer Networks Task 3: Document information regarding Test 2
Test 2. Description: ______________________________________________
Backup Link Configuration Test Complete the sections in the WAN Design Test Plan document for Test 2. a. Fill in the Test 2 Description, Procedures, and Expected Results and Success Criteria sections. b. Save the test plan in your portfolio. The WAN Design Test Plan is the basis for the next two labs in the course.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Lab 8.2.5 Configuring and Verifying WAN Backup Links Instructor Version
Instructor Note: This lab is part of a series of labs that includes 8.2.2, 8.2.5, and 8.2.6. In this series, the students create a test plan to verify the FilmCompany WAN network design (8.2.2), and then execute the test plan (8.2.5), and finally analyze the results of the testing (8.2.6). Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. In most organizations, this type of activity is done by a team of people, consisting of the account manager, network designer, systems engineers, and field engineers. If the students are working in a group to complete the lab, it is important for each one to be assigned a specific role (described in Chapter 2) and to provide input appropriate for the role.
Objectives
Use a test plan to test the functionality of a Frame Relay WAN. Verify that the backup route is installed and connectivity is restored if the primary Frame Relay link goes down
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 17
Background / Preparation
Instructor notes:
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 17
Step 3: Configure a static route on the ISPX router to the FilmCompany local network
On the ISPX router, configure a normal static route to the BR3 network 172.18.225.0/25 via the Fa0/0 interface on BR3.
Step 4: Configure a static route on the ISPX router to the stadium local network
On the ISPX router, configure a normal static route to the Edge2 network 172.18.3.0/24 via the Fa0/1 interface on Edge2.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 17
Task 5: Conduct Primary Frame Relay Link Testing Based on the Test Plan. Task Complete: ________
Execute the procedures outlined in Test 1 to test the simulated Frame relay network. Record the results of the tests in the Test 1: Results and Conclusions section.
Step 1: Console into routers Edge2 and BR3 and verify the basic configuration, IP addressing, Frame Relay
Issue the show running-config command for each of the routers to verify passwords, IP addressing, and Frame Relay configuration. See end of lab for router configs.
Step 2: Verify the Frame Relay configuration on Edge2, BR3, and FR1
Use show frame-relay commands to verify the Frame Relay configurations. See Lab 8.2.4 for command output. show frame-relay map Status of point-to-point links show frame-relay pvc Permanent Virtual Circuit (PVC) status and statistics show frame-relay lmi Local Management Interface (LMI) statistics show frame-relay route DLCI/interface routing (FR1 switch only)
C D C C
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 17
C S C S
Step 6: Test IP connectivity between routers Edge2 and BR3 via the primary Frame Relay link
a. Ping from Edge2 to the IP address of host PC2. Was the ping successful? __________ Yes If not, troubleshoot until successful. b. Ping from BR3 to the IP address of host PC1. Was the ping successful? __________ Yes If not, troubleshoot until successful. c. Verify that traffic is taking the correct path by using the traceroute command.
d. Turn off all debugging using the undebug all command. e. Record all results in the WAN Design Test Plan document in the Test 1: Results and Conclusions section.
C S C
Is there an EIGRP route to the FilmCompany network 172.18.225.0/25 now? __________ No, The route was removed since the primary link is down. Is the floating static backup route to the FilmCompany network 172.18.225.0/25 that you defined earlier now present? __________ Yes What is the AD of this route? __________ 130 What is the next hop IP address to get to the 172.18.225.0/25 network? __________________________________________ 172.18.0.250 (ISPX Fa0/1 link) Does the backup route take the ISPX link? __________ Yes
C C S
NOTE: It will take BR3 some time to declare the EIGRP route to the Edge2 172.18.3.1 network via the Frame Relay link as being down. The link from BR3 to the Frame Relay switch appears to be good from the BR3 side. BR3 will have to wait until the timers expire after receiving no EIGRP updates from Edge2. b. Continue to issue the show ip route command until the EIGRP route is gone and the floating static route is installed, otherwise ping responses (echo reply) cannot be sent back to Edge2. Is there an EIGRP route to the Edge2 network 172.18.3.0/24? __________ No
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 17
Step 4: Test IP connectivity between routers Edge2 and BR3 via the backup Ethernet link
a. Ping from PC1 on Edge2 to the IP address of host PC2. Was the ping successful? __________ Yes If not, troubleshoot until successful. Note: While the backup link route is active, if you ping from router Edge2 to the IP address of host PC2 it will not be successful. The source of the ping will the IP address of the Fa0/1 interface (172.18.0.249) instead of the PC1 IP address and router BR3 does not have a route back to that network when static routing is in effect. b. Verify that traffic is taking the backup link by using the tracert command from PC1 to PC2. Record the results in the WAN Design Test Plan section Test 2: Results and Conclusions. c. Turn off any debugging using the undebug all command.
Step 5: Clean up
Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 17
Appendix
Instructor Notes: To preconfigure FR1 as a Frame Relay switch, follow these instructions. If the students are to configure FR1 in your lab, provide them with these instructions.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Device Configurations:
Edge2 Router 1841 IOS 12.4
Edge2#sh run Building configuration... Current configuration : 1545 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Edge2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$SVJw$4mmsluvH6tKGL8Hkhlmoz. enable password cisco ! no aaa new-model ip cef ! ! ! ! no ip domain lookup ! ! key chain MYCHAIN key 1 key-string securetraffic ! interface FastEthernet0/0 description Stadium LAN ip address 172.18.3.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 description backup link to ISP ip address 172.18.0.249 255.255.255.252 duplex auto speed auto ! interface FastEthernet0/1/0 !
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 17
CCNA Discovery Designing and Supporting Computer Networks BR3 Router 1841 IOS 12.4
BR3#sh run Building configuration... Current configuration : 1547 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname BR3 ! boot-start-marker boot-end-marker ! enable secret 5 $1$Oy22$IpotUI2nuqkDwA9Mh4sAW/ enable password cisco ! no aaa new-model ip cef ! ! no ip domain lookup ! ! key chain MYCHAIN key 1 key-string securetraffic ! ! interface FastEthernet0/0 description backup link to ISP ip address 172.18.225.249 255.255.255.252 duplex auto speed auto ! interface FastEthernet0/1 description BR3 LAN ip address 172.18.225.1 255.255.255.128 duplex auto speed auto ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 description primary link to Edge2
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 15 of 17
^C ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end ISPX#
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 17
Objectives
Analyze the results of the WAN Connectivity prototype test. Document the results and identify potential risks or weaknesses in the prototype and planned design. Complete the Results and Conclusions section of the test plan.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
CCNA Discovery Designing and Supporting Computer Networks Expected Results and Success Criteria
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why do you think it is important to identify any weaknesses or risks contained in a proposed network design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Background / Preparation
Instructor notes: The students will use the test plan they created in Lab 8.2.2 and the results of the testing from Lab 8.2.5 to identify any weaknesses in the WAN design. Network designs often have weaknesses or areas of risk because the designer must work within constraints applied by the customer. These weaknesses can include obvious risks, such as no firewall or security filtering, or can be harder to identify. Using the results and conclusions of the Test Plan you finished in Lab 8.2.5, determine if there are areas where risk exists in your proposed design.
Are there any weaknesses associated with using the VPN connections as backup to the Frame Relay WAN? ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 4
Will a failure of the primary link cause the FilmCompany to lose connectivity to the Stadium LAN? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ No, the backup link with a floating static route will be activated to provide connectivity in the event the primary F/R link fails. Does the EIGRP authentication provide for a secure transmission of the routing updates? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Yes, though the use of Message Digest 5 (MD5). The combination of the key identifier and the interface associated with the message uniquely identifies the authentication algorithm and MD5 authentication key in use.
Step 2: Determine what the risks are of not correcting the weaknesses
If, in Step 1, you identify weaknesses in the proposed design, what risks do these weaknesses present to FilmCompany? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ The risks are that an actual Frame Relay network under actual user loads would not perform as well as the simulated links in the prototype. Also, the simulated VPN backup link might not perform as expected in terms of recovery using a real VPN link instead of a simulated FastEthernet link. The final acceptance of the design may have to wait until the results of a pilot installation are known.
Step 3: Suggest ways that the design can be improved to reduce the risk
In what ways could the proposed design be improved to reduce the areas of risk? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 4
Step 4: Reflection
Why do you think it is important to identify weaknesses and risks in the proposed design before presenting it to the customer? What are some reasons that weaknesses cannot be corrected? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ It is important to identify weaknesses and risks in the proposed design before presenting it to the customer to ensure that the customer understands the limitations of the prototype and is not lead to have unrealistic expectation based on a prototype. It may not be possible to compensate for all weaknesses identified due to time, money or personnel constraints. Risks must be analyzed and balanced against these other variables.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
End Date
Table of Contents
Attendees ................................................................................................................................................3 Introduction .............................................................................................................................................4 Equipment ...............................................................................................................................................5 Design and Topology Diagram ..............................................................................................................6 Test 1. Description: EasyVPN Server Setup Verification ....................................................................8 Test 1. Procedures..................................................................................................................................8 Test 1. Expected Results and Success Criteria ...................................................................................9 Test 1. Results and Conclusions.........................................................................................................10 Test 2. Description: VPN Client Connectivity Test ............................................................................11 Test 2. Procedures................................................................................................................................11 Test 2. Expected Results and Success Criteria .................................................................................11 Test 2. Results and Conclusions.........................................................................................................12 Appendix ...............................................................................................................................................13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 13
Attendees
Name Company FilmCompany FilmCompany NetworkingCompany NetworkingCompany NetworkingCompany Position IT Manager Business Manager Account Manager Network Designer System Engineer
Instructor note: Students can enter their own names in the roles they choose or make up names for the attendees.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 13
Introduction
INSTRUCTIONS: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run.
Purpose of this test: The purpose of this prototype is to demonstrate the use of a VPN server to provide secure connections for remote users via the Internet. A Cisco router is configured as a VPN server and a client is setup to access the server to establish a VPN tunnel to internal LAN resources. Tests to run: Test 1: EasyVPN Server Setup Verification Demonstrate that the setup of EasyVPN server can be done using Cisco SDM. Verify that the IOS version to support EasyVPN is available for the 1841 router. Document operation.
Test 2: VPN Client Connectivity Test Demonstrate the configuration of the VPN client software. Verify that the client can connect to the EasyVPN server and successfully send data through the VPN connection. Document operation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 13
Equipment
INSTRUCTIONS: List all of the equipment needed to perform the tests. Be sure to include cables, optional connectors or components, and software. Additional options or software required Substitute Advanced IP service Router with two IOS image and Cisco Ethernet interfaces SDM none IOS Software Rev. Advanced IP services IOS 12.4 or above and Cisco SDM 12.2 or above
Qty. Rqd 1
2960 Switch for Stadium internal network Windows XP VPN Client computer PC running XP on internal network
1 2
none none
Any standalone hub/switch or 1841 integrated switch Any PC with N/A compatible VPN client software Any PC or other N/A device that can respond to a ping or Discovery CD server none N/A none N/A
Instructor Note: If the Discovery Live CD Server is used for the internal host, its IP address is 172.17.1.1/16. IP addressing for the internal network will need to be adjusted accordingly.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 13
IP Address Plan Device Name VPN VPN H1 H1 H2 Interface Fa0/0 Fa0/1 NIC Local Address VPN Dynamic Address NIC Local Address IP Address 10.10.10.1/29 192.168.2.99/24 10.10.10.2/29 192.168.2.x/24 192.168.2.6/24 Subnet Mask
Additional Notes and Instructions: Instructor note: Students record any other information that they think might be useful to the technicians performing the tests. These might be things like: This test must show the VPN configuration and management using SDM is easy enough to be managed by the existing personnel. INSTRUCTIONS: Add a description about this design here that is essential to provide a better understanding of the testing or to emphasize any aspect of the test network to the reader. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 13
INSTRUCTIONS: For each test to be performed state the goals of the test, the data to record during the test, and the estimated time required to perform the test. Test 1 is given as an example.
Data to Record: Configurations Interface status Routing Tables CPU & Memory Traceroute Output Ping Test Output Output of SDM utilities
Test 1. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Build the topology according to the topology diagram. Assign IP addresses according to the IP address plan. 2. Configure the EasyVPN server using Cisco SDM. 3. Console into the router VPN and capture the show running-config to verify the basic configuration, IP addressing, and VPN configuration. 4. Verify router VPN configuration using the built-in SDM GUI testing capability.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 13
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 13
Data to Record: VPN statistics Ipconfig output Traceroute Output Ping Test Output
Test 2. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Create a new VPN network connection using the VPN client software. 2. Connect to the VPN server using the external VPN client. 3. Observe the VPN tunnel establishment. 4. Use ipconfig on the VPN client to verify that it has received an IP address. 5. Use ping to test connectivity with the internal network through the VPN.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 13
Appendix
INSTRUCTIONS: Record the starting configurations, any modifications, log file or command output, and any other relevant documentation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 13
The upper part of the diagram shows an example of a real VPN network. The lower part shows the simulated network to be used for testing. Actual VPN remote access network topology
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
Objectives
Create VPN connectivity test plan with multiple tests to determine: Setup of VPN server on edge router Simulate VPN client connectively
Describe the necessary information for the overall Test Plan to include: Introduction Equipment Design and Topology Diagram
Describe the necessary information for each test to include: Description of the test Procedures Anticipated Results and Success Criteria Conclusions
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Background / Preparation
Using the VPN Design Test Plan included with the lab and the topology shown, students will determine how to fill in the test plan sections to describe the tests to be performed, how they should be tested and how to determine success or failure. This test plan will be used in subsequent labs to test simulated VPN prototypes. To conclude this lab, students should reflect on the use of VPN technology and how it can be used to create a more scalable and flexible LAN. An important business goal for the both the stadium and the FilmCompany is the ability to support remote workers. An important technical requirement includes providing secure VPN connectivity via the Internet with ease of manageability. This can be accomplished using Cisco EasyVPN Server to configure and manage a VPN server and installing Cisco VPN on clients. This lab demonstrates the ability to develop a test plan to support the network VPN prototype. The prototype includes the configuration and testing of a VPN client, to simulate a remote worker, and a VPN server, to simulate the server, to be installed on the network. The Cisco SDM GUI on the 1841 is used to configure the EasyVPN Server for the remote clients. In this lab, you will determine the nature of the tests to be performed, the methods and tools to be used, and the expected results. This test plan will be used as a basis for subsequent labs 8.3.4.3 and 8.3.4.4.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
Step 4: Review the Test 1 Description, Procedures, and Expected Results sections
The designer needs to verify that the EasyVPN server can be configured and managed by the existing personnel. It is important to document how the Cisco SDM software can be used to configure and manage the VPN server.
Step 5: Review the Test 2 Description, Procedures, and Expected Results sections
Read through the Test 2 information in the test plan. Determine an appropriate goal for Test 2 and fill in the table in the VPN Design Test Plan. After reading the Procedures section, what do you think would be a successful outcome of completing the Test 2 procedures? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Successful connection to the VPN server using the external VPN client Successful tunnel establishment VPN client has received an internal IP address from the VPN server.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 5
Reflection / Challenge
Why do you think it is important to test the VPN operation in a pilot installation, as well as a prototype test? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ A pilot implementation can test the configurations and operation in a real-world environment. What are the benefits of managing the VPN server with internal personnel, rather than using the ISP to manage it? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Answers will vary but should include: It is more flexible. It may cost less. It is easier to add additional clients.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Lab 8.3.4.3 Creating a Cisco EasyVPN Server (Optional Lab) Instructor Version
The 1841 used with this lab is running the Advanced IP Services IOS image version 12.4. The standard base IP IOS image does not support VPN. Even if equipment is not available to actually perform this lab, students should read through it to get a better understanding of how VPNs function. This lab is part of a series of labs that includes 8.3.2, Creating a VPN Connectivity Test Plan, 8.3.4.3, Creating a Cisco EasyVPN Server (Optional), and 8.3.4.4, Configuring and Testing the VPN Client (Optional). Although the 8.3.4 labs require an IOS version that may not be available in your lab, it is important that the students review the labs to see what is required to configure the VPN server and client.
Objectives
Configure basic router global settings using IOS for SDM access. Configure EasyVPN Server using SDM on a Cisco router.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 21
CCNA Discovery Designing and Supporting Computer Networks Expected Results and Success Criteria
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is the ability to create a VPN server important in network design and prototyping? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Background / Preparation
In this lab you will configure a Cisco 1841 router as a VPN server using the SDM graphical user interface and the EasyVPN Server Wizard. This router will simulate the VPN server in the Stadium network prototype for remote worker access. The router will provide the endpoint for an IPSec VPN tunnel for VPN clients. You will test the VPN configuration using the built-in test options according to the test plan outlined previously in Lab 8.3.2. NOTE: Even if the equipment is not available to actually perform this lab, you should read through it to get a better understanding of how VPNs function. The following resources are required: Cisco 1841 router with IOS 12.4 Advanced IP Services IOS image, a Virtual Private Network (VPN) Module, and SDM version 2.4 installed Windows XP computer with Internet Explorer 5.5 or higher and SUN Java Runtime Environment (JRE) version 1.4.2_05 or later (or Java Virtual Machine (JVM) 5.0.0.3810). Access to PC network TCP/IP configuration and command prompt Console cable with DB-9 to RJ-45 adapter Cabling as shown in the topology and described in test plan Lab 8.3.2
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 21
CCNA Discovery Designing and Supporting Computer Networks Task 1: Build the Network and Configure the Devices for SDM Access
Step 1: Configure basic router settings for SDM access
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Connect to the PC to the router console port using a serial cable with a DB-9/RJ-45 adapter. Use the erase startup-config and the reload commands from the privileged EXEC prompt, to ensure that you are starting with a clean configuration. b. Configure basic routers settings to prepare the router for access using SDM. Router(config)#hostname VPN VPN(config)#line console 0 VPN(config-line)#password cisco VPN(config-line)#login VPN(config-line)#line vty 0 4 VPN(config-line)#password cisco VPN(config-line)#login VPN(config-line)#enable password cisco VPN(config)#enable secret class VPN(config)#no ip domain-lookup VPN(config)# VPN(config)#interface Fa0/0 VPN(config-if)#ip address 10.10.10.1 255.255.255.248 VPN(config-if)#no shutdown VPN(config-if)# VPN(config-if)#ip http server VPN(config)#ip http authentication local VPN(config)#username admin privilege 15 password 0 cisco123 VPN(config)#end c. Copy the running-config to the startup-config.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 21
d. SDM does not load automatically on the router. You must open the web browser to reach the SDM. Open the web browser on the PC and connect to the following URL: http://10.10.10.1 e. In the Connect to dialog box, enter admin for the username and cisco123 for the password. Click OK. The main SDM web application will start and you will be prompted to use HTTPS. Click Cancel. In the Security Warning window, click Yes to trust the Cisco application.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 21
CCNA Discovery Designing and Supporting Computer Networks Task 2: Use EasyVPN to configure the router as a VPN server
Step 1: Launch the EasyVPN Server Wizard
a. From the Configure menu, click the VPN button to view the VPN configuration page. Select Easy VPN Server from the main VPN window, and then click Launch Easy VPN Server Wizard.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 21
c.
Click OK to continue to the VPN Wizard Welcome screen. Click Next to start the Easy VPN Server Wizard.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 15 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 16 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 18 of 21
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 21 of 21
Lab 8.3.4.4 Configuring and Testing the VPN Client (Optional Lab) Instructor Version
The 1841 used with this lab is running the Advanced IP Services IOS image version 12.4. The standard base IP IOS image does not support VPN. Even if equipment is not available to actually perform this lab, students should read through it to get a better understanding of how VPNs function. This lab is part of a series of labs that includes 8.3.2, Creating a VPN Connectivity Test Plan, 8.3.4.3, Creating a Cisco EasyVPN Server (Optional), and 8.3.4.4, Configuring and Testing the VPN Client (Optional). Although the 8.3.4 labs require an IOS version that may not be available in your lab, it is important that the students review the labs to see what is required to configure the VPN server and client.
FastEthernet 0/0 or NIC IP Address 10.10.10.1 /29 10.10.10.2 /29 192.168.2.6 /24
Default Gateway
10.10.10.1 192.168.2.99
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 11
Objectives
Configure basic router settings using IOS. Configure a VPN client for remote access. Configure the internal network. Verify VPN tunnel establishment between client and server. Verify VPN client access to internal network resources.
Background / Preparation
In this lab you will configure a VPN client to simulate remote access to the Stadium network internal LAN resources through a VPN server. Prior to starting this lab, you must complete Lab 8.3.4.3 to configure the 1841 VPN server using the SDM graphical user interface and the EasyVPN Server Wizard. You will test the remote VPN client access according to the test plan outlined previously in Lab 8.3.2. NOTE: Even if the equipment is not available to actually perform this lab, you should read through it to get a better understanding of how VPNs function. The following resources are required: Cisco 1841 router with 2 Fast Ethernet routed interfaces and the following: IOS 12.4 Advanced IP Services IOS image Virtual Private Network (VPN) Module SDM version 2.4 installed 4-port switch add-in module (an external hub or switch can be substituted)
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 11
Windows XP computer or other computer to act as internal host (Use of Discovery CD Server is an option but addressing for internal network will need to match the 172.16.1.1/16 address of the server) Console cable with DB-9 to RJ-45 adapter Access to PC network TCP/IP configuration and command prompt Cabling as shown in the topology and described in test plan Lab 8.3.2
Task 1: Build the Network and Configure the Devices for SDM Access
Step 1: Connect the PCs and devices as shown in the topology diagram
a. The internal VPN router interface Fa0/1 may be connected to the integrated 1841 Ethernet switch, if one is installed, or may be attached to a standalone hub or switch. b. It is not necessary to configure the switch. If an external standalone switch is used, erase the startup configuration file and delete the vlan.dat file. Issue the reload command or power-cycle the switch to clear any previous configurations. c. Connect host PC2 to the same switch (1841 integrated or standalone hub/switch) as the router Fa0/1 interface. Configure the IP address as shown in the topology diagram table.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 11
b. Enter the following information to define the new connection entry. Click Save when you are finished. Connection Entry: VPN Description: Connection to Stadium network Host: 10.10.10.1 Group Authentication Name: VPN (Configured in Lab 8.3.4.3) Password: cisco (Configured in Lab 8.3.4.3) Confirm Password: cisco NOTE: Name and password are case-sensitive and must match the ones created on the VPN server.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 11
d. Enter the user name admin created previously on the VPN router and enter the password of cisco123. Click OK to continue. The VPN Client window will minimize to an icon in the tools tray of the taskbar.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 11
CCNA Discovery Designing and Supporting Computer Networks Task 3: Verify the VPN Tunnel between Client, Server, and the Internal Network
Perform testing as outlined in Lab 8.3.2 Test 2 of the VPN Connectivity Test Plan and as described here.
What is the Client IP address obtained from the VPN server? __________________________________________________________________ Answers will vary but can range from 192.168.2.1 through 192.168.2.5. The pool of addresses was defined in Lab 8.3.4.3. What is the VPN server address? ______________________________________ 10.10.10.1 How many packets have been encrypted? ________________________________ Answers will vary What is the encryption method being used? ______________________________ 168-bit 3-DES What is the authentication being used? __________________________________ HMAC-SHA1
Step 2: Open a command prompt window and verify the VPN connection
Click Start > Run, enter cmd and press Enter. Use the ipconfig /all command to see the network connections currently in use. C:\>ipconfig /all Windows IP Configuration Host Name . . . . . Primary Dns Suffix Node Type . . . . . IP Routing Enabled. WINS Proxy Enabled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : : : : : PC1 Hybrid No No
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 11
Ethernet adapter Local Area Connection 1: Connection-specific Description . . . . Connection Physical Address. . Dhcp Enabled. . . . IP Address. . . . . Subnet Mask . . . . Default Gateway . . DNS Suffix . : . . . . . . . : Intel(R) PRO/100 VE Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : : : : : 00-07-E9-63-CE-53 No 10.10.10.2 255.255.255.248 10.10.10.1
Ethernet adapter Local Area Connection 2: Connection-specific Description . . . . Physical Address. . Dhcp Enabled. . . . IP Address. . . . . Subnet Mask . . . . Default Gateway . . DNS . . . . . . . . . . . . Suffix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : : : : : : :
What is the IP configuration for the first Local Area Connection? IP Address: ___________________________________ 10.10.10.2 Subnet Mask: _________________________________ 255.255.255.248 Default Gateway: _______________________________ 10.10.10.1 Description: ________________________________________________________ Intel(R) PRO/100 VE Network Connection. (Answers will vary) What is the IP configuration for the second Local Area Connection? IP Address: ___________________________________ 192.168.2.3 (answers will vary) Subnet Mask: _________________________________ 255.255.255.0 Default Gateway: _______________________________ 192.168.2.3 (same as host IP address) Description: ________________________________________________________ Cisco Systems VPN Adapter
Step 3: Test connectivity between the remote VPN client and the internal stadium network
Ping from the external (remote) host PC1 to host PC2 (IP address 192.168.2.6) on the internal stadium network to simulate access to internal resources. Were the pings successful? __________Yes. If they are not, troubleshoot until they are. C:\>ping 192.168.2.6 Pinging 192.168.2.6 with 32 bytes of data: Reply Reply Reply Reply from from from from 192.168.2.6: 192.168.2.6: 192.168.2.6: 192.168.2.6: bytes=32 bytes=32 bytes=32 bytes=32 time=1ms time<1ms time<1ms time<1ms TTL=64 TTL=64 TTL=64 TTL=64
Ping statistics for 192.168.2.6: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 11
Task 4: Reflection
Why is VPN a good option for remote users? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Answers will vary but should include: It is a flexible technology that is widely supported by equipment vendors. Service is commonly available from ISPs. A VPN server can be set up independent of the ISP if desired. VPN provides easy and secure access to internal LAN resources for remote workers and business partners. Any authorized person with an Internet connection can access internal resources as if they were on the local LAN.
What would happen if the VPN client tunneling protocol or encryption did not match that of the VPN server? _____________________________________________________________________________________ _____________________________________________________________________________________ The client would not be able to establish a connection.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 11
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 11
Lab 9.1.2 Editing and Organizing the Existing Information Instructor Version
Instructor Note: This lab is part of a series of labs in which the student creates an Implementation Plan to be included in the network proposal. The labs in this series are: Lab 9.2.1 Creating an Implementation Plan Lab 9.2.2 Creating a Phased Installation Plan Lab 9.2.3 Creating a Timeline Lab 9.2.4 Creating an Installation Schedule
Objective
Collect and organize information into a network proposal.
Background / Preparation
Instructor Notes: This is a written lab. In the labs in Chapter 9, students finalize the FilmCompany network upgrade Implementation Plan and Project Proposal using the design information that they have compiled in their portfolios from previous labs, and then prepare and present this Proposal to the class. The activities required by these labs may be performed individually or in small groups. At the conclusion of this series of labs, each student should submit an individually compiled Project Proposal document and presentation and should be able to demonstrate the skills and knowledge required of the network design process. The activities required by these labs may be performed individually or in small groups or syndicates.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Network Requirements
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Cost Proposal
Important notes about the Executive Summary: The Executive Summary is presented first because it provides the reader with an overview of the complete proposal. The proposal will be read by people with different roles and requirements. These may include managers; network engineers and technicians; marketing and sales consultants; and finance and accounting personnel. By reviewing the Executive Summary first, readers can then decide whether to read through the complete document or read only those sections that apply to their role. Although presented first, the Executive Summary cannot be written until the rest of the proposal document has been compiled. This section is therefore the final section to be written.
d. Clearly note those sections of the proposal that have to be completed; these sections will be compiled in the following labs. e. Save the word processing documents and file the hardcopy information in your portfolio.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Objectives
Create an Implementation Plan. Recognize the importance of customer approval.
Background / Preparation
Instructor Notes: This is a written lab. In this series of four labs, students finalize the FilmCompany network upgrade Implementation Plan section of the Project Proposal presentation. The Implementation Plan uses the results of the previous design and testing labs that students have saved in their project portfolio. The next three labs develop the details of the three sections of the Implementation Plan: Installation Method Timeline and Resource Estimates
Page 1 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
This lab focuses on developing a structure for the Implementation Plan based on the FilmCompany network upgrade requirements. Knowing the technical network requirements of the upgrade from previous labs, students should discuss and clarify their understanding of the requirements. During these discussions, have students consider any issues that would affect the implementation of such a project in their local area. In the PPDIOO process, the next step after completing the network design is to develop the Implementation Plan. It is important to include as much detail as possible. The network engineers and technicians use the Implementation Plan documentation to perform the network upgrade. This lab is the first of four that will lead you through the creation of an Implementation Plan for the FilmCompany network upgrade. In this lab, you will establish the format of the Implementation Plan using the results of earlier design and testing labs. In the next three labs, you will compile and finalize the details for three sections of the Implementation Plan: the Installation Method, the Timeline and Resource Estimates, and the Maintenance and Downtime Planning.
Analyze the FilmCompany network design documentation that you have compiled in previous labs. Determine and list the three main sets of tasks required to be performed to implement the network upgrade. These sets of tasks will be referred to as phases. Instructor Note: Some variation in the derived tasks may occur and is acceptable. Students may need to be directed to focus on the critical tasks as developed from the design and testing labs. Phase 1 ____________________________________________ Install Distribution and Core Layer equipment ____________________________________________ Configure new IP addressing & VLAN scheme ____________________________________________ Configure routing Phase 2 ____________________________________________ Upgrade the WAN connectivity ____________________________________________ Extend the network to the remote site ____________________________________________ Configure ACLs & security Phase 3 ____________________________________________ Install wireless/mobility network ____________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
You will enter details into the table over the next three labs.
You will enter details into the table over the next three labs.
You will enter details into the table over the next three labs.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Objective
Determine the best installation method.
Background / Preparation
Instructor Notes: This is a written lab. In this lab, students create the FilmCompany network upgrade Installation Plan. The Installation Plan describes how the implementation of the network upgrade will be carried out. In the preparation of the Implementation Plan, encourage class discussion. If possible, provide realistic examples of local issues that can affect the implementation of a project. Examples could include shortage of trained network installation staff, the logistics of delivering networking equipment to the site, disruption to current services, and local regulations or customary work practices that affect the timing or scheduling of project tasks. In the preparation of the Implementation Plan, have the class discuss and consider the three installations methods:
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 4
Then discuss why the phased installation will be used in this case. In this lab you, will compile and finalize the details of the Implementation Plan relating to the planned installation method of the FilmCompany network upgrade. An Installation Plan may be subject to a number of factors. These include: Budget constraints that can affect the project by limiting the money available to purchase the equipment needed Time constraints on a business factors, such as the inability to handle downtime for transaction processing and major events happening in a short period of time Lack of trained personnel or the need for training, which could prevent a new installation from being fully implemented at one time
Consider and list the advantages and disadvantages of the three installation methods. New Installation Advantages: ________________________________________________________________________________ All of the equipment and services can be installed and tested at the same time. ________________________________________________________________________________ The implementation plan for a new network is less complex than the other two types of installations. ________________________________________________________________________________ Schedules are more flexible than when an existing network is in place. ________________________________________________________________________________ There is minimal disruption to the company. Disadvantages: ________________________________________________________________________________ High capital expense because all of the equipment and services are installed at the same time. Phased Installation into Existing Network Advantages: ________________________________________________________________________________ Portions of the network upgrade are implemented in isolation from the current running portions. ________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
Select the appropriate installation approach for the FilmCompany network upgrade. ___________________________________________________________ A Phased Installation approach will be used for this project
b. On the table for Phase 2, fill in the Task/Step, Description, and Implementation Details information: Upgrade the WAN connectivity Extend the network to the remote site Configure Access Control Lists & security
Page 3 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Objective
Estimate timelines and resources.
Background / Preparation
Instructor Notes: This is a written lab. In this lab students will develop a timeline for the FilmCompany network upgrade case study. This timeline will be entered as dates for each step of each task in the Project Implementation Plan. If the resources are available, this lab can be enriched by demonstrating, or have the students use, a project management software such as MS Project. Students need to develop an understanding of the types of resources (people and materials) that need to be allocated to each step of a task in the project and any relationships and dependencies between the steps. Have the students discuss the possible causes of delays in projects and how these may be managed to minimize the affect on the overall project. Emphasize the need for the management of an Installation Plan to
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
On the table for Phase 3, fill in the Date information: Install and configure the wireless and associated mobility network equipment
If this software is available, enter the resources and timeline for one phase of the Implementation Plan and examine the output.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Objective
Create an installation schedule based on maintenance windows and downtime allowances.
Background / Preparation
Instructor Notes: This is a written lab. In this lab, students will develop a maintenance and downtime schedule for the FilmCompany network upgrade case study. Stress to students that with a phased installation, it may not be possible to compete a task within a single period of time. The task may need to be carried out in stages of shorter times across a longer period. For example, a task scheduled to take 10 hours may, in fact, have to be carried out over 5 days in 2-hour blocks. This extends the overall project timeline and needs to be reflected in the Implementation Plan documentation. Present to students examples of where careful planning of downtime for operating networks is necessary to minimize disruption to customers and users. Where it is not possible to use scheduled network maintenance
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 3
Step 1: List and prioritize the tasks that require downtime on the current network
List the tasks that require network downtime. _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ Instructor Note: These are tasks that impact the working network, such as reassigning VLANS, and IP addresses. However, installing the Frame Relay WAN link will have little impact because it is a new feature.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Background / Preparation
Instructor Notes: This is a written lab. In this lab, students compile a Bill Of Material and add costs to the FilmCompany network upgrade Project Proposal. Some networking and associated equipment costs may be readily obtained by Internet searches of suppliers and vendor distribution channels. However, some costs and prices may be commercially sensitive and only obtainable by requesting quotations. It may be necessary for instructors to assist students in obtaining this information. Where costs are not available, set a reasonable standard cost of that item for all students in the class. Wherever possible, ensure that costs and prices reflect local supplies that the students would encounter in the workplace. In this lab, you will create the Bill Of Material (BOM) and enter the appropriate information into the Costs section of the FilmCompany proposal. A Bill Of Material is a document that details all of the required hardware and components necessary to implement the proposed upgrade. It consists of an itemized list of hardware, software, and other items that must be ordered and installed. The network designer uses this list to obtain quotations and to create the equipment orders. The BOM is then used to order new equipment and replacement parts for existing
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Part No.
Qty
Cost
Maint. Cost
Total Cost
Vendor
Notes
b. Search the Internet or use information provided by your instructor to add possible suppliers or vendors to the BOM table. c. Add costs to the BOM. Where possible, obtain costs from local vendors and suppliers. If this information is not readily available, your instructor will provide estimated costs for you to use.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Background / Preparation
Instructor Notes: This is a written lab. In this lab, students compile the complete FilmCompany network upgrade Project Proposal. The proposal is based on the material collected in the student portfolios from the specified labs in this course. When the proposal is completed, the student creates a presentation based on the proposal. This presentation is to be made to the class or to guests as the instructor arranges. If possible, students should create an MS PowerPoint or equivalent slide presentation. However, this requires access to presentation resources such as a PC connected to an overhead data projector and a screen. If these resources are not available, alternate presentation means such as overhead transparencies or display boards can be used. Instructors may need to assist students in board writing and presentation techniques. The academy may also need to assist with the printing and copying of student proposals if these are to be distributed to the class or guests. Prepare a list of important terms and conditions that all students can use in Task 1, Step 7 of this lab. Have these terms and conditions reflect local business practices to enable the students to become familiar with the industry. In this lab, you will compile the implementation and costing information created for the FilmCompany network upgrade and integrate this in the Project Proposal documentation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
If the customer accepts the proposal, an appropriate customer representative signs the Terms and Signatures page. Your instructor will advise of the standard terms and conditions that will apply to all proposals. b. Save this file and include in the proposal document.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Background / Preparation
Instructor Notes: This is a written lab. In this lab students present their finalized FilmCompany network upgrade Implementation Plan and Project Proposal to the class. It is important that students understand the importance of presenting their proposal in a professional manner just as they would if presenting to a customer. If possible, set up the presentation class as a special event. Encourage students to dress appropriately and be prepared to "sell" their proposal. They will need to be prepared to answer questions. Be aware of the individual abilities of students. Instructors may need to coach those students who find the presentation process intimidating. The ability to present technical information to peers and customers is an important skill in the workplace. This final presentation may be given to the class. However, to provide an environment more representative of the workplace, presentations could be made to a wider audience. For example, if your academy has other IT faculty and staff, perhaps they could be invited to attend the presentations. Other guests could include instructors from neighboring academies or representatives from local IT or networking businesses. It is important to ensure that the presentations are performed in a positive and supportive environment. Students in the audience are there to learn from the other presentations and not to criticize others needlessly.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
c.
Demonstrate that you know the content of the proposal and sell it as the one that the customer should adopt.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Background / Preparation
Instructor Notes: This is a written lab. Acting as Cisco Networking Academy graduates, students are to research an IT position that interests them and then create a rsum and cover letter to apply for the position. The websites listed below offer free assessment tools that students can download to help in their skill strengths assessments. They are not the only tools available. One of the activities that students can be assigned is to research how many resources are available for career assessments. The Academy Career Connection requires students to register as Alumni once they have completed one of the Cisco Networking Academy courses. However, there may be an age restriction for students under the age of 18. A data sheet is available on the Career Connection site at: http://www.cisco.com/web/learning/netacad/career_connection/promoteIT/NetWork/docs/CareerConnectionDS.pdf Two resources offered through the Cisco Networking Academy provide instructor and student resources: The Cisco Virtual Field Trip site, which will link to the Cyber Careers site: http://www.cisco.com/go/virtualfieldtrips and http://www.cybercareers.org.
Page 1 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Other resources that may be available to help students create a rsum and cover letter are the Language Arts and Guidance departments in your school or local college. Contact a Human Resource person from a local company and request a presentation or workshop for your students to review what employers consider an acceptable rsum and cover letter. If these resources are not available, you may be able to have other school personnel help review the job description, cover letter, and rsum submitted by each student in an effort to provide constructive feedback. In this lab, you will research an IT position that interests you and then create a rsum and cover letter to apply for the position. There are many resources available today to provide job seekers with a better idea of their attitudes and interests in terms of career choices. The resources available vary widely from free self-assessment tools to resources that require a fee. Some sites may have an age requirement as well as a fee. Some of the resources available can be found on websites, in books, or through memberships with companies that specialize in helping people identify and make career choices. One method is not necessarily better than the other. Over time, you may find that your career choices change as your skill set, experience, and knowledge-base broadens. Career choices may also change as you discover other areas of interest related to your chosen career path. As you perform your job search, remember that the areas of strength and interest identified by the assessment tools are areas that can always be improved upon.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4