Cisco configuration task
Project description
LWWN 2013-2014 Case Study
Section A LANs and WANs Scenario
You have been employed as the network administrator at a new local network academy in North Staffordshire. You investigated the current network and
found it to be as shown in Diagram A below.
Diagram A Initial Configuration
StaffStudent
192.168.1.0/24
You decide that the router-hub topology has some major flaws in its design. In the light of this you suggest to your manager that you should
implement a router-switch configuration so that VLANs can be used. Between the two of you, you work out the topology in Diagram B below.
Diagram B Proposed Configuration
ISP
StokeStafford
S0/0 (DCE)S0/0 (DTE)
S0/1 12.12.12.0/30
.2
Fa0/0
.1
192.168.5.0/30
Fa0/0
192.168.4.0/24
802.1q Trunk
Fa0/1Fa0/1
Fa0/2
Switch 2Switch 1
802.1q Trunk
VLAN 99
192.168.99.0/24
VLAN 20
Student
192.168.20.0/24
VLAN 10
Staff
VLAN 99
192.168.99.0/24
VLAN 20
Student 192.168.20.0/24
VLAN 10
Staff
192.168.10.0/24
192.168.10.0/24
The interface utilization is shown in the table below:
VLAN 100VLAN 10VLAN 20Management IP AddressTrunk
Switch 1All remaining portsFa0/5-6Fa0/7-8192.168.99.1/24Fa0/1, Fa0/2
Switch 2All remaining portsFa0/5-6Fa0/7-8192.168.99.2/24Fa0/1
The VLAN addressing scheme is shown in the table below:
VLANAddress RangeDefault Gateway
10192.168.10.0/24192.168.10.254
20192.168.20.0/24192.168.20.254
99192.168.99.0/24192.168.99.254
Diagram C: Logical Diagram
Diagram D: Physical Diagram
Your task:
Review the following points before you start this assessment:
You need to supply the configuration files for: Stoke router, Stafford router, Switch 1 and Switch 2.
You do not need access to the devices to start on this assessment. The configuration files can be written in a text editor such as Notepad, then cut
and pasted into the devices so that you can test your configuration.
Objectives:
Basic switch configuration
VLAN configuration on Stafford router
Configure VLANs on the switches
Configure VLAN trunking
Configure VTP
Configure switch port security
Configure a serial link
Configure addressing scheme for the scenario
Configure PPP (using CHAP)
Configure DHCP
Configure NAT
Configure access control lists
Verify connectivity
Configuration Tasks:
1.0 Configure serial link(1 mark)
Configure a serial link between Stafford and Stoke. The routing protocol to be used is OSPF.
2.0 VLAN Configuration on Stafford(3 marks)
Configure the Stafford Fa0/0 interface to trunk for VLAN 99, VLAN 10, and VLAN 20 with 802.1Q encapsulation.
3.0 Basic Switch Configuration(3 marks)
Use the following IP addresses to configure the switches:
Configure Switch 1 with the VLAN 1 IP address of 192.168.99.1/24.
Configure Switch 2 with the VLAN 1 IP address of 192.168.99.2/24.
Configure both switches with the default gateway address of 192.168.99.254.
4.0 Configure VLANs on the Switches
Use the following values to configure VLANs on Switch 1:(4 marks)
On Switch 1 configure the interfaces Fa0/5 and Fa0/6 on VLAN 10.
On Switch 1 configure the interfaces Fa0/7 and Fa0/8 on VLAN 20.
All other unused interfaces on Switch 1 are in VLAN100.
Use the following values to configure VLANs on Switch 2: (4 marks)
On Switch 2 configure the interfaces Fa0/5 and Fa0/6 on VLAN 10.
On Switch 2 configure the interfaces Fa0/7 and Fa0/8 on VLAN 20.
All other unused interfaces on Switch 2 are in VLAN 100.
5.0 Configure VLAN Trunking(2 marks)
Use the following values to configure VLAN trunking on Switch 1 and 2:
Configure trunking between Switch 1 and Switch 2 with 802.1Q encapsulation using port Fa0/1 on both switches only allowing relevant VLANs.
Configure Switch 1 for trunking between Switch 1 and Stafford with 802.1Q encapsulation using port Fa0/2 only allowing relevant VLANs.
6.0 Configure VTP(6 marks)
Use the following values to configure VTP on Switch 1 and 2:
Configure both Switch 1 and Switch 2 as part of VTP domain Group1.
Configure Switch 1 as the VTP server and Switch 2 as the VTP client.
Create VLAN 10 with the name staff.
Create VLAN 20 with the name student.
Please note: some of the VTP configuration commands may not show when looking at the running-configuration. Therefore to provide proof that these
have been configured please include screen outputs using suitable show commands.
7.0 Configure Switch Port Security(8 marks)
Configure port security on ports Fa0/5 to Fa0/8 inclusive to allow only two hosts. If the port security is violated change the status to protected.
All unused ports are to be assigned to VLAN 100, and shut down.
8.0 Verify Port Security(3 marks)
Use the proper show command to verify the following port security settings:
Port security is enabled.
Port status
Maximum MAC addresses
9.0 Verify VLAN configuration(2 marks)
Use suitable show commands to verify the VLAN configuration for switch 1 and 2.
10.0 Router Configuration
Basic configuration of the three routers completed (6 marks)
Addressing scheme as shown in figure B applied across all of the routers (6 marks)
Configure OSPF to operate between the Stafford and Stoke routers using the correct
wildcard masks for the range (4 marks)
Using OSPF to advertise the serial interface to ISP as the default route for the network (2 marks)
11.0 PPP
Configure PPP between the Stoke and ISP router (2 marks)
Configure PPP CHAP authentication across the link between Stoke and ISP routers using the password of cisco on both (4 marks)
12.0 DHCP
Create DHCP pools on the Stafford router for the VLANs 10 and 20 (4 marks)
Exclude the first 5 addresses of each range (2 marks)
Allocate the correct default-gateway for each range (2 marks)
Allocate the DNS server address of 192.168.X.3 for each range where X is the VLAN
Number (2 marks)
13.0 NAT Network/Port Address Translation
Translate all valid IP addresses at the Stoke router which are being sent towards ISP. The translation range is 12.12.12.4/30 (8 marks)
On ISP use a static route to return only the 12.12.12.4/30 range to the Stoke router
(2 marks)
14.0 Access Control Lists
Only allow devices from the management range 192.168.99.0/24 access to telnet to the routers (6 marks)
Configure the following ACL for the LANs (8 marks)
Deny VLAN 10 access to FTP services
Permit all other VLAN 10 traffic
Deny VLAN 20 access to HTTP services
Permit all other VLAN 20 traffic
VLAN 99 should be allowed access to all locations and protocols
15.0 Verify Connectivity(6 marks)
All routers and switches should be able to ping the interfaces of the other devices. Submit suitable screen dumps showing this.
16.0 Report (25 marks)
You need to supply a report explaining the reasons behind moving to a router- switch configuration, and discussing the advantages and disadvantages
of using VLANs in this scenario (1500 words). Your report needs to include the complete configurations for all your routers and switches.