LANs and Routing - Autumn Case Study
Scenario
Apricot Pty Ltd is a medium sized company that has grown quickly since its formation 10 years ago. Its main businesses concerns are Engineering, Telecommunication and Banking. The Apricot P/L has embarked on a project to redesign the company's network infrastructure and has therefore moved into larger HO area, with additional support at its Branch Office.
The completed Apricot P/L infrastructure will be undertaken in stages progressively - building each stage on the previous structure until completed. The full structure will network will emerge as each stage is completed.
The network that Apricot P/L is implementing should support 100% growth over the next five years. A partial logical Topology Diagram has been provided (see Fig. 1). The task is to design, implement and fully document the networks at the two sites. In addition to a formal report, Apricot P/L requires a working prototype of the network built before final implementation, to verify that all Apricot P/L requirements are met.
Apricot Pty Ltd will implement DHCP services for all employee LANs on Branch Router. For all LANs receiving addresses via DHCP, the first 5 addresses are reserved for static implementation, such as default gateways.
NAT for IPv4 will be implemented by Apricot P/L on HO Router for all traffic leaving the company's network.
Objectives
- Design an aggregated addressing scheme for both IPv4 and IPv6 addresses to allow summarization on each router. For IPv4 VLSM is to be used for all networks, whilst for IPv6 all networks need a /64 mask.
- Internal routing for IPv4 will use the RIP routing protocol.
- Internal routing for IPv6 will be implemented using static, default static and summary static routing as appropriate.
- Routing between the company's network and the Internet (via ISP) will be using static and
default static routing.
- Configure switching networks for management using VLANs and 802.1q trunking,
- Design and implement Dynamic Host Configuration Protocol (DHCP) for IPv4 for all end hosts. IPv6 addresses for end hosts will use SLAAC.
- Design and implement Network Address Translation (NAT) for IPv4.
- Design and implement standard Access Control Lists (ACLs) and restrict SSH access and for NAT Implementation.
- Use the resources provided to cable, configure and verify the dual-stack network. A model should be built using Packet Tracer.
- Verify the functionality and troubleshoot the network when necessary.
- Produce and submit detailed professional written documentation in appropriate format.
Requirements in Tasks
In order to help your group organise this Case Study, the scenario has been broken into six tasks and detailed requirements are listed for each task. The final written report should be prepared progressively as each design feature is implemented. The whole network will be built and demonstrated on real equipment (routers and switches) to demonstrate full functionality when all tasks are completed.
Task One: Addressing the Network
The Apricot P/L's ISP has allocated 200.20.1.0/30 for the IPv4 address and 2001:200:20:1::/64 for IPv6 to address the link to the ISP. The company's internal network will use 192.168.32.0/20 for IPv4 addressing and 2001:ACAD:FEE::/60 for IPv6 addressing.
The HO site is the main company location and provides Apricot with its Internet connection. Host requirements at that site are:
- 10 Hosts for Executive
- 350 Hosts for Sales
- 40 Hosts for Accounts
- 25 Hosts for HR
Management Addresses should also be allocated as required here. The switch used at this site should have sufficient ports for current requirements and for expected growth.
Note: As we will be using a 24 port switch to represent links to all hosts. Therefore allocation of the access ports should be proportional to the ‘actual' requirements. For the demonstration only one switch will be used here.
The Branch site is designed to expand the business into a new area. This site will be used for DHCP services with all Internet connections will be forwarded to HO. Host requirements at this site are:
- 2 Hosts for Executive,
- 75 Hosts for Sales
- 8 Hosts for Accounts
- 6 Hosts for HR
Management Addresses should also be allocated as required here. The switch/es used here should have sufficient ports for current requirements and for expected growth.
Note: As we will be using two 24 port switch to represent links to all hosts. Therefore allocation of the access ports should be proportional to the ‘actual' requirements. For the demonstration only two switches will be used here.
The company requires:
- Aggregation of the address space for both IPv4 and IPv6 is required so that summarization can occur.
- The use of hierarchical VLSM design is required at each site to maximise the use of IPv4 addresses and CIDR.
- All IPv6 Addressed networks will have a mask of /64.
- There is a 100% growth of the current IP requirements for all hosts unless otherwise stated, when sizing the subnets.
- All networking devices must have IP addresses and the PC hosts' gateways will use the first available usable address in each subnet.
- The Management/Native VLAN for the switching network should have sufficient address space for current requirements. This address space should not increase regardless of any growth.
? When addressing the routers interfaces (both WAN & LAN) and switch management VLAN interfaces, the first available usable address/es should be nearest to the ISP.
? The network administrator has the last usable address on the Executive VLAN at HO.
At this stage, Apricot P/L agrees that it is enough to assign all hosts with an IP address statically. However, DHCP for IPv4 must be added at a later stage and used for the final network demonstration.
Task Two: Routing the Network
The Apricot P/L policy is that RIP Routing will be used internally for the IPv4 network between HO and Branch. Check that all networks appear in the routing tables on both HO and Branch routers.
All IPv6 routing will use static, default or summary routing. It is your group's responsibility to design your implementation of this routing requirement in the most efficient manner.
The routing to and from ISP will be using default and static routing for both IPv4 and IPv6. When correctly implemented all hosts within the Apricot network should be able to successfully ping the loopback address on ISP.
NAT at HO will be implemented at a later stage.
Task Three: Switching Network
Due to the size and complexity of LANs, the company wants to use VLAN technologies to control broadcasts, enhance security and logically organise user groups at both HO and Branch sites.
HO and Branch sites switching networks:
Switch access ports allocated to each VLAN should be proportional to the VLAN's users at each site.
- VLAN 521 should be assigned as the Management and VLAN 133 as the Native VLAN.
- VLAN 721 should be used for all unused ports, which should be shutdown.
- There will be one switch at the HO site and two switches at Branch site for the demonstration. You are required to investigate the best possible switch arrangement that should be possible at both sites considering the number of hosts required.
- Port security is required on all access ports, with a maximum of one MAC Address per port. Any violation should shut down the port.
- The default VLAN 1 is not allowed onto the trunks.
32524 LANs and Routing 2017 Autumn Case Study
Table 1 - IPV4 Subnetting Table
Subnet Number
|
Subnet Address
|
Subnet Mask
|
Hosts Required
|
Maximum Hosts in Subnet
|
In Uses (Yes or No)
|
Network Name
|
|
|
|
|
|
|
|
Table 2 IPV6 Subnetting Table
Subnet Number
|
Subnet Address
|
Subnet Mask
|
Hosts Required
|
Maximum Hosts in Subnet
|
In Uses (Yes or No)
|
Network Name
|
|
|
|
|
|
|
|
Table 3 Device Interface IP Addressing Table
Device
|
Interface
|
IPv4 address
|
Subnet Mask
|
IPv6 Address/Prefix Length
|
ISP
|
|
|
|
|
|
|
|
|
|
|
|
|
N/A
|
|
|
|
|
|
Table 4 Host Addressing Table
Host
|
IPv4 Address
|
Gateway
|
Subnet Mask
|
IPv6 Address/Prefix Length
|
|
|
|
|
|
|
|
|
|
|
Task Four: Network Security
The Apricot P/L also wishes to enforce certain security policies in order to filter network traffic. At the current stage, the following policy is to be implemented:
a. Access to all internal routers and switches must only occur using SSH using the username
CaseStudy with password cisco1.
b. Only IPv4 Internal Hosts from VLANs 5, 10, 20 & 30 are permitted to be NATTed beyond the HO Router.
Task Five: NAT & DHCP
NAT
Apricot P/L has been allocated with a small block of public IPv4 addresses 200.20.2.0/29. Use this public IPv4 address range, overloaded for addressing the internal network for Internet connectivity. Assign the Network Administrator a static NAT address from the available NAT pool of addresses.
DHCP
Users from the internal network shall be allocated with IP addresses dynamically whenever it is feasible except for some special devices to which IP addresses will be assigned statically. Users on the Executive LAN at each site should have their addresses statically assigned.
The Branch site router will perform DHCP for IPv4 and has the following requirements:
? All hosts will dynamically receive their IP addresses from the DHCP server, located on the Branch router.
? The first 5 hosts addresses of each DHCP pool will be reserved and not used for end host addressing.
? The Management VLANs will be statically assigned addresses.
? No DHCP Addressing is required for IPv6 addresses. All end hosts should receive their IPv6 address using SLAAC.
Task Six: Verifying Network Functionality
Apricot P/L now requires a demonstration of the completed network using the routers and switches provided.
The demonstration requires basic device configuration on all routers and switches according to the following guidelines:
? A host name as per the partial Topology Diagram.
? Domain Name Server (DNS) lookup to be disabled
? Password for console connections as cisco and all virtual terminal lines with username
CaseStudy and password cisco1.
? Encrypt the enable privileged EXEC mode using password class.
? Privileged EXEC mode for the console and virtual terminal lines should be configured to time out after 10 minutes of no user input.
? Enable logging synchronous for console connections and all virtual terminal lines.
? Configure a Message of the Day banner warning against un-authorised access.
? To assist in documentation and troubleshooting all active interfaces, including loopback interfaces, must have meaningful descriptions.
? Configure the interfaces of routers and hosts as per the Topology Diagram and the Address Tables 1, 2 & 3.
? Configure Management/Native VLAN interfaces on all switches.
? Configure one host PC for each VLAN based on your addressing.
Note: These PCs are not shown on the topology diagram provided.
Apricot requires the following network verification that will be assessed in lab Demonstration:
- Verification of dynamic routing for IPv4.
- Verification of static routing for both IPv4 and IPv6.
- Verification of DHCP and NAT.
- Verification of network security and ACLs.
- Verifying access of all hosts to each other and the ISP's loopback addresses.
The Apricot P/L policies state that the group must develop and implement a verification strategy that will verify the functionality of the network, and include this as part of the Case Study Report.