Assignment 1 ITC308 Draft Final Final

Network ImplementationIn network implementation we organized all devices, ip table, configuring VLAN, Subnet Mask, VPN, Access-list and NAT. In the WAN configuration we maintain secure communication among the branches. OSPF has been used as a routing protocol.

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway Location

R0 S1/0 200.18.5.1/29 255.255.255.248 Head Office

S1/1 172.16.1.0 255.255.255.252 Head Office

F0/0 172.16.1.65 255.255.255.224 Head Office

R1 S1/0 172.16.1.2 255.255.255.252 Head Office

S1/1 172.16.1.5 255.255.255.252 Head Office

F0/0 192.168.1.1 255.255.255.0 Head Office

F0/1 172.16.1.33 255.255.255.224 Head Office

R2 S1/0 172.16.1.6 255.255.255.252 Head Office

F0/0 172.16.1.129 255.255.255.224 Head Office

R3 S1/0 200.18.5.2/29 255.255.255.248 Melbourne

F0/0 10.1.2.0/24 255.255.255.0 Melbourne

F0/1 10.1.1.0/29 255.255.255.248 Melbourne

R4 S1/0 200.18.5.3/29 255.255.255.248 Perth

F0/0 20.1.1.0/29 255.255.255.248 Perth

F0/1 20.1.2.0/24 255.255.255.0 Perth

Multi Layer Switch 1

F0/1 192.168.2.1 255.255.255.0 Head Office

F0/2 192.168.3.1 255.255.255.0 Head Office

F0/3 192.168.4.1 255.255.255.0 Head Office

F0/4 192.168.5.1 255.255.255.0 Head Office

F0/5 192.168.6.1 255.255.255.0 Head Office

F0/6 NA NA Head Office

F0/7 192.168.7.1 255.255.255.0 Head Office


F0/1 NA Melbourne

F0/2 NA Melbourne

F0/3 NA Melbourne

F0/4 NA Melbourne


F0/1 NA Perth

F0/2 NA Perth

F0/3 NA Perth

F0/4 NA Perth

Wireless Router 1

Ethernet 1 192.168.7.2 255.255.255.0 Head office

Wireless Router 2

Ethernet 1 10.1.5.1 255.255.255.0 Melbourne

Wireless Router 3

Ethernet 1 20.1.5.1 255.255.255.0 Perth

Switch 0 F0/1 NA Head office

F0/2 NA Head office

F0/3 NA Head office

F0/4 NA Head office

F0/5 NA Head office

F0/6 NA Head office

F0/7 NA Head office


F0/2 NA Head office


F0/2 NA Head office


F0/2 NA Head office


F0/2 NA Head office


F0/2 NA Head office


F0/2 NA Head office

F0/3 NA Head office

Switch 7 F0/1 NA

F0/2 NA

F0/3 NA

F0/4 NA

Switch 8 F0/1 NA

F0/2 NA

Switch 9 F0/1 NA

F0/2 NA

Switch 10 F0/1 NA

F0/2 NA

Switch 11 F0/1 NA

F0/2 NA

Switch 12 F0/1

F0/2

DNS Server Fast Ethernet 172.16.1.35 255.255.255.224 Head office

DHCP Server Fast Ethernet 172.16.1.34 255.255.255.224 Head office

Active Directory

Fast Ethernet 172.16.1.36 255.255.255.224 Head office

Mail Server Fast Ethernet 172.16.1.37 255.255.255.224 Head office

Database Server


Database Backup Server


RAID Fast Ethernet 172.16.1.131 255.255.255.224 Head office

Authentication Server


IIS Server Fast Ethernet 172.16.1.67 255.255.255.224 Head office

BO1 S1 Fast Ethernet Melbourne

BO1 S2 Fast Ethernet Melbourne

BO2 S1 Fast Ethernet Perth

BO2 S2 Fast Ethernet Perth

VLAN Structure

VLAN Structure of Sydney (Head Office)

VLAN 10 LAB One 192.168.2.0 /24 192.168.2.1 - 192.168.2.255

VLAN 20 LAB Two 192.168.3.0 /24 192.168.3.1 - 192.168.3.255

VLAN 30 Administration 192.168.4.0 /24 192.168.4.1 - 192.168.4.255

VLAN 40 Accounting 192.168.5.0 /24 192.168.5.1 - 192.168.5.255

VLAN 50 Teachers 192.168.6.0 /24 192.168.6.1 - 192.168.6.255

VLAN 60 Wireless Router

192.168.7.0 /24 192.168.7.1 - 192.168.7.255

VLAN Structure of Melbourne (Branch Office 1)


VLAN 20 Teachers 192.168.9.0 /24 192.168.9.1 - 192.168.9.255

VLAN Structure of Perth (Branch Office 2)


VLAN 20 Teachers 192.168.11.0 /24 192.168.11.1 - 192.168.11.255

IP Plan & IP RangesHead Office

Network 172.16.1.0/20

IP Range 172.16.1.0 - 172.16.15.255

Default Gateway 172.16.1.1

Domain Name Sydney.domain.com

Server 172.16.1.32/27Server IP Range172.16.1.32 - 172.16.1.63

Router 172.16.1.0/30172.16.1.0 - 172.16.1.3

172.16.1.4/30172.16.1.4 - 172.16.1.7

IP Range of Melbourne (Branch Office 1)

Network 10.1.1.0/24

Server IP Range 10.1.1.0/29

IP Range of Perth (Branch Office 2)

Network 20.1.2.0/24

Server IP Range 20.1.1.0/29

WAN Link or VPN IP Addressing

VPN Cloud 1 200.18.5.1/29200.18.5.0- 200.18.5.7

VPN Cloud 2 200.18.5.2/29200.18.5.0- 200.18.5.7

VPN Cloud 3 200.18.5.3/29200.18.5.0- 200.18.5.7

Configuration of Networking Devices

Multilayer Switch 1

Switch#sh runn

Building configuration...

Current configuration : 1749 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Switch

!

ip routing

!

interface FastEthernet0/1

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport mode access

!





!





!





!





!



switchport mode trunk

!




!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!


!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

no ip address

!

interface Vlan20

no ip address

!

interface Vlan30

no ip address

!

interface Vlan40

no ip address

!

ip classless

!

line con 0

line vty 0 4

login

!

End

VLAN configuration of Layer 3 switch

VTP Configuration of Layer 3 switch

R1 Configuration


!

version 12.4




!

hostname Router

ip name-server 0.0.0.0


ip address 172.16.1.65 255.255.255.224

duplex auto

speed auto

!


no ip address

duplex auto

speed auto

shutdown

!

interface Serial1/0

ip address 200.18.5.1 255.255.255.252

encapsulation frame-relay

ip nat outside

clock rate 64000

!

interface Serial1/1

ip address 172.16.1.1 255.255.255.252

ip nat inside

clock rate 64000

!

interface Serial1/2

no ip address

shutdown

!

interface Serial1/3

no ip address

shutdown

!

interface Serial1/4

no ip address

shutdown

!

interface Serial1/5

no ip address

shutdown

!

interface Serial1/6

no ip address

shutdown

!

interface Serial1/7

no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

log-adjacency-changes

network 172.16.1.0 0.0.0.3 area 0

network 172.16.1.64 0.0.0.31 area 0

network 200.18.5.0 0.0.0.3 area 0

!

ip nat inside source static 192.168.0.0 200.18.5.0

ip classless

no cdp run

line con 0

line vty 0 4

login

end

R0 Configuration


!

version 12.4




!

hostname Router



ip address 172.16.1.65 255.255.255.224

duplex auto

speed auto

!


no ip address

duplex auto

speed auto

shutdown

!

interface Serial1/0

ip address 200.18.5.1 255.255.255.252


ip nat outside

clock rate 64000

!

interface Serial1/1

ip address 172.16.1.1 255.255.255.252

ip nat inside

clock rate 64000

!

interface Serial1/2

no ip address

shutdown

!

interface Serial1/3

no ip address

shutdown

!

interface Serial1/4

no ip address

shutdown

!

interface Serial1/5

no ip address

shutdown

!

interface Serial1/6

no ip address

shutdown

!

interface Serial1/7

no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1


network 172.16.1.0 0.0.0.3 area 0

network 172.16.1.64 0.0.0.31 area 0

network 200.18.5.0 0.0.0.3 area 0

!


ip classless

no cdp run

line con 0

line vty 0 4

login

End

Router 2 Configuration and Routing Protocol implementation


!

version 12.4




!

hostname Router

!

!


!


ip address 172.16.1.129 255.255.255.224

duplex auto

speed auto

!


ip address 172.16.1.130 255.255.255.224

duplex auto

speed auto

shutdown

!

interface Serial1/0

ip address 172.16.1.6 255.255.255.252

!

interface Serial1/1

no ip address

shutdown

!

interface Serial1/2

no ip address

shutdown

!

interface Serial1/3

no ip address

shutdown

!

interface Serial1/4

no ip address

shutdown

!

interface Serial1/5

no ip address

shutdown

!

interface Serial1/6

no ip address

shutdown

!

interface Serial1/7

no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1


network 172.16.1.128 0.0.0.31 area 0

network 172.16.1.4 0.0.0.3 area 0

!

ip classless

no cdp run

line con 0

line vty 0 4

login

End

Network Diagram

Sydney Branch Diagram

Melbourne Branch

Perth Branch

Computer configuration

Routing Protocol (OSPF) Configuration

Router 0 Sydney Branch

Routing Protocol is "ospf 1"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Router ID 200.18.1.1

Number of areas in this router is 1. 1 normal 0 stub 0 nssa

Maximum path: 4

Routing for Networks:

172.16.1.0 0.0.0.3 area 0

172.16.1.64 0.0.0.31 area 0

200.18.5.0 0.0.0.3 area 0

200.18.5.0 0.0.0.7 area 0

200.18.0.0 0.0.255.255 area 0

Routing Information Sources:

Gateway Distance Last Update

172.16.1.2 110 00:05:16

Distance: (default is 110)

Routing table

Gateway of last resort is not set

172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks

C 172.16.1.0/30 is directly connected, Serial1/1

O 172.16.1.4/30 [110/1562] via 172.16.1.2, 00:02:08, Serial1/1

O 172.16.1.32/27 [110/782] via 172.16.1.2, 00:02:08, Serial1/1

C 172.16.1.64/27 is directly connected, FastEthernet0/0

O 172.16.1.128/27 [110/1563] via 172.16.1.2, 00:02:08, Serial1/1

O 192.168.1.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1

O 192.168.2.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1

O 192.168.3.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1

O 192.168.4.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1

O 192.168.5.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1

O 192.168.6.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1

O 192.168.7.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1


Router 1




Router ID 192.168.7.1


Maximum path: 4


192.168.0.0 0.0.255.255 area 0

172.16.1.0 0.0.0.3 area 0

172.16.1.32 0.0.0.31 area 0

172.16.1.4 0.0.0.3 area 0



172.16.1.6 110 00:07:15

172.16.1.1 110 00:07:15


Routing Table



S 172.16.0.0/16 [1/0] via 172.16.1.0




O 172.16.1.64/27 [110/782] via 172.16.1.1, 00:01:25, Serial1/0

O 172.16.1.128/27 [110/782] via 172.16.1.6, 00:01:25, Serial1/1


C 192.168.2.0/24 is directly connected, FastEthernet0/0.1






O 200.18.1.0/24 [110/1562] via 172.16.1.1, 00:01:25, Serial1/0

Router 2




Router ID 172.16.1.129


Maximum path: 4


172.16.1.128 0.0.0.31 area 0

172.16.1.4 0.0.0.3 area 0



172.16.1.5 110 00:08:05


Routing Table



O 172.16.1.0/30 [110/1562] via 172.16.1.5, 00:03:21, Serial1/0


O 172.16.1.32/27 [110/782] via 172.16.1.5, 00:03:21, Serial1/0

O 172.16.1.64/27 [110/1563] via 172.16.1.5, 00:03:10, Serial1/0


O 192.168.1.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0

O 192.168.2.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0

O 192.168.3.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0

O 192.168.4.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0

O 192.168.5.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0

O 192.168.6.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0

O 192.168.7.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0

O 200.18.1.0/24 [110/2343] via 172.16.1.5, 00:03:10, Serial1/0

VLAN Configuration & IP Plan

Sydney office has six VLan, here is the diagram for vlans

VLAN Structure of Sydney (Head Office)

VLAN 10 LAB One 192.168.2.0 /24 192.168.2.1 - 192.168.2.255

VLAN 20 LAB Two 192.168.3.0 /24 192.168.3.1 - 192.168.3.255


VLAN 40 Accounting 192.168.5.0 /24 192.168.5.1 - 192.168.5.255

VLAN 50 Teachers 192.168.6.0 /24 192.168.6.1 - 192.168.6.255

VLAN 60 Wireless Router

192.168.7.0 /24 192.168.7.1 - 192.168.7.255

Frame-relay Configuration among branches

Secure VPN connection has been used for communication among branches.

WAN Link or Frame-relay IP Addressing

Frame-realy Cloud 1 200.18.5.0/29200.18.5.0- 200.18.5.3



Implementation of Access Control List

Head Office (Sydney)

Policies:

Lab1 Restriction & Configuration

Lab1 can only access to Lab2, Internet and all other http server, other all request from the lab will be denied.

Extended IP access list Lab1

permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

permit tcp 192.168.2.0 0.0.0.255 any eq domain

permit tcp 192.168.2.0 0.0.0.255 any eq www

permit ip 192.168.2.0 0.0.0.255 host 172.16.1.35

permit udp any any

Lab2 Restriction & Configuration

Lab2 can only access to Lab1, Internet and all other http server, other all request from the lab will be denied.

Extended IP access list Lab2

permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

permit tcp 192.168.3.0 0.0.0.255 any eq domain

permit tcp 192.168.3.0 0.0.0.255 any eq www

permit udp any any

Teachers Department Permissions

Teachers depart has access to anywhere except Accounts and Administration Department

Extended IP access list Teachers

deny ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255

deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

permit ip any any

Account Department Permissions

Only Host PC7 has access in Accounting department, all other access denied for security purpose

Extended IP access list 140

permit ip host 192.168.4.2 192.168.5.0 0.0.0.255 (8 match(es))

Access Control List configuration of Router 1

Frame Relay Configuration

Only Administration Department, Accounts Department and Teachers Department

Frame Relay Mapping for Router1

Configurations

Serial1/0 (up): ip 200.18.5.2 dlci 102, dynamic, broadcast, CISCO, status defined, active

Serial1/0 (up): ip 200.18.5.3 dlci 103, dynamic, broadcast, CISCO, status defined, active

Frame Relay Mapping for Router 3

Frame Relay Mapping for Router 4

Router Redistribution (OSPF & RIPv2)

Figure: In the screen shot Router0 is running RIPv2 and Router 2 is running OSPF. Router1 is running RIPv2 and OSPF both. As we applied router redistribution on Router1, it is translating OSPF as RIP to Router0 and RIP as OSPF to Router2.

Router 1 is the translator for RIP and OSPF of both sides. Here are the ip routes of router 1, router 0 and router 2.

Routing Protocols Configuration of Router1:

router ospf 1


redistribute rip subnets

redistribute connected subnets

network 192.168.0.0 0.0.255.255 area 0

network 172.16.1.32 0.0.0.31 area 0

network 172.16.1.4 0.0.0.3 area 0

network 192.168.7.0 0.0.0.255 area 0

!

router rip

version 2

redistribute ospf 1

redistribute connected

network 172.16.0.0

!

Router 1 Configuration

Router1#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route


R 10.0.0.0/8 [120/2] via 172.16.1.1, 00:00:12, Serial1/0

R 20.0.0.0/8 [120/2] via 172.16.1.1, 00:00:12, Serial1/0


S 172.16.0.0/16 [1/0] via 172.16.1.0




R 172.16.1.64/27 [120/1] via 172.16.1.1, 00:00:12, Serial1/0

O 172.16.1.128/27 [110/782] via 172.16.1.6, 03:34:27, Serial1/1







C 192.168.7.0/24 is directly connected, Ethernet0/3/0

R 200.18.5.0/24 [120/1] via 172.16.1.1, 00:00:12, Serial1/0

Router0 Configuration

Router0#sh ip route









R 10.0.0.0/8 [120/1] via 200.18.5.2, 00:00:01, Serial1/0

R 20.0.0.0/8 [120/1] via 200.18.5.3, 00:00:17, Serial1/0



R 172.16.1.4/30 [120/1] via 172.16.1.2, 00:00:06, Serial1/1

R 172.16.1.32/27 [120/1] via 172.16.1.2, 00:00:06, Serial1/1


R 192.168.1.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1

R 192.168.2.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1

R 192.168.3.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1

R 192.168.4.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1

R 192.168.5.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1

R 192.168.6.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1

200.18.5.0/29 is subnetted, 1 subnets

C 200.18.5.0 is directly connected, Serial1/0

Router 2 Configuration

Router2#sh ip route









O E2 10.0.0.0/8 [110/20] via 172.16.1.5, 03:37:47, Serial1/0

O E2 20.0.0.0/8 [110/20] via 172.16.1.5, 03:37:47, Serial1/0


O E2 172.16.1.0/30 [110/20] via 172.16.1.5, 03:37:47, Serial1/0


O 172.16.1.32/27 [110/65] via 172.16.1.5, 03:37:47, Serial1/0

O E2 172.16.1.64/27 [110/20] via 172.16.1.5, 03:37:47, Serial1/0


O 192.168.1.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0

O 192.168.2.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0

O 192.168.3.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0

O 192.168.4.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0

O 192.168.5.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0

O 192.168.6.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0

O 192.168.7.0/24 [110/74] via 172.16.1.5, 03:37:47, Serial1/0

O E2 200.18.5.0/24 [110/20] via 172.16.1.5, 03:37:47, Serial1/0

Apply Router on a Stick

Figure: Router on a stick applied on the LAN network. Fast Ethernet 0/0 has created 5 more sub interface to give support VLAN10 – VLAN 50

Configuration of Router on a Stick

Router1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.1 YES manual up up

FastEthernet0/0.1 192.168.2.1 YES manual up up





FastEthernet0/0.6 unassigned YES unset administratively down down

FastEthernet0/1 172.16.1.33 YES manual up up

Ethernet0/3/0 192.168.7.1 YES manual up up

Serial1/0 172.16.1.2 YES manual up up

Serial1/1 172.16.1.5 YES manual up up

Serial1/2 unassigned YES unset administratively down down






Vlan1 unassigned YES unset administratively down down

Virtual Private Network (VPN) Configuration

A virtual private network (VPN) is a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization.

It encapsulates data transfers between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks. There are many different classifications, implementations, and uses for VPNs.

Here we have connected 2 branch office with Sydney head office.

VPN Details

Ping AAA Server(30.0.0.2) to update ARP table first.

Group Name: ciscogroup

Group Key: ciscogroup

Server IP: 200.18.5.0

User: sunny

Pass: cisco

VPN Connected

After connecting with vpn server it accusers new ip address.

VPN Server configuration

hostname Router0

aaa new-model

aaa authentication login vpnauth group radius local

aaa authorization network vpnauth local

username sunny password 0 cisco

crypto isakmp policy 10

encr aes 256

authentication pre-share

group 2

crypto isakmp client configuration group ciscogroup

key ciscogroup

pool vpnclients

netmask 255.255.255.0

crypto ipsec transform-set mytrans esp-3des esp-sha-hmac

crypto dynamic-map mymap 10

set transform-set mytrans

reverse-route

crypto map mymap client authentication list vpnauth

crypto map mymap isakmp authorization list vpnauth

crypto map mymap client configuration address respond

crypto map mymap 10 ipsec-isakmp dynamic mymap

ip ssh version 1

ip domain-name cisco.com



ip address 172.16.1.65 255.255.255.224

duplex auto

speed auto


ip address 30.0.0.1 255.255.255.0

duplex auto

speed auto

interface Serial1/0

ip address 200.18.5.1 255.255.255.248


clock rate 64000

crypto map mymap

interface Serial1/1

ip address 172.16.1.1 255.255.255.252

clock rate 64000

router rip

version 2

network 30.0.0.0

network 172.16.0.0

network 200.18.5.0

ip local pool vpnclients 30.0.0.100 30.0.0.200


ip classless

Ping vpn client after getting VPN Connection

DNS Server

Web Server

DHCP Server

Wireless Network Configuration

Wireless network has been configured in every site on the network.

Wireless Router

Wireless Client

Wireless network

Documents

Assignment 1 ITC308 Draft Final Final