Case Study WANs Routing & Switching: Connecting Networks Overview and Objectives This final case study allows students to build and configure a complex network using skills gained throughout the course. This case study is not a trivial task. To complete it as outlined with all required documentation will be a significant accomplishment. The case study scenario describes the project in general terms, and will explain why the network is being built. Following the scenario, the project is broken into a number of phases, each of which has a detailed list of requirements. It is important to read and understand each requirement to make sure that the project is completed accurately. The following tasks are required to complete this case study: Set up the physical layout of the network using the diagram and accompanying narrative Correctly configure single-area OSPF Correctly configure VLANs and 802.1q trunking Correctly configure Frame Relay Correctly configure the two Point to Point links with PPP encapsulation, CHAP Authentication over one link and PAP over the second link. Correctly configure a GRE Tunnel Correctly configure routing Correctly configure DHCP Correctly configure NAT Create and apply access control lists (ACL’S) on the appropriate routers and interfaces Test/Verify and document that all devices are operational and functioning according to the scenario guidelines Provide detailed documentation in a prescribed form as listed in the deliverables sections Scenario S0/0/0 Galway S0/0/0 209.165.200.6/30 ISP Frame Relay (Use a Router to simulate the Internet) DCE Derry 209.165.200.4/30 DCE RIP V2 Galway LAN 150 hosts 209.165.200.0/30 S0/1/0 209.165.200.1/30 S0/0/0 S0/0/0 Cork Nat Outside 200.10.10.64/26 Nat Inside 172.16.0.0/22 Belfast S0/0/1 PPP Link CHAP G0/0 10 hosts S0/0/1 G0/0 S0/0/0 PPP Link PAP Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 VLAN 99 OSPF 10 area 0 Web Server Belfast LAN 50 hosts Limerick LAN 100 hosts Cork VLANs 426 hosts (total) A company needs a network to be designed and implemented; the company has locations in four cities. Three of the locations will be connected using leased-line serial links. The fourth location (Galway) will be connected using Frame Relay and the fifth location (Derry) will be connected using a VPN due to cost considerations. The company has previously used RIP version 2 at the Galway location and wishes to continue using it for now. However, the other four locations will use OSPF. So RIP routes must be redistributed into the OSPF routing process and RIP networks must be reached from the OSPF routing. Also, OSPF networks must be reached from the Galway networks through default static route. One location, Cork, has a large and complex LAN. Due to the size and complexity, the company wants to create VLANs to control broadcasts, enhance security, and logically group users. The company also wants to use private addresses throughout the Autonomous System, DHCP over most of the LAN segments, and NAT implemented for Internet connectivity. The company also wishes to limit Internet access to Web traffic while allowing multiple protocols (not all) within its own WAN. Although private addresses (RFC 1918) will be used, the company appreciates efficiency and address conservation in design. To minimize wasted address space, they have requested VLSM to be used when appropriate. Phase 1: Addressing the WAN & LAN S0/0/0 Galway S0/0/0 209.165.200.6/30 ISP Frame Relay (Use a Router to simulate the Internet) DCE Derry 209.165.200.4/30 DCE RIP V2 Galway LAN 150 hosts 209.165.200.0/30 S0/1/0 209.165.200.1/30 S0/0/0 S0/0/0 Cork Nat Outside 200.10.10.64/26 Nat Inside 172.16.0.0/22 Belfast S0/0/1 PPP Link CHAP G0/0 10 hosts S0/0/1 G0/0 S0/0/0 Limerick PPP Link PAP G0/0 VLA N 2 VLAN 3 VLAN 4 N VLA 99 OSPF 10 area 0 Web Server Belfast LAN 50 hosts Limerick LAN 100 hosts Cork VLANs 426 hosts (total) Use the following instructions to complete Phase 1: Use 172.16.0.0/22 for internal addressing with IP subnet zero enabled. Apply /30 subnets on all serial interfaces, using the last available subnet. Assign an appropriately sized subnet for the Cork LAN, which has about 900 devices: - VLAN 99: 31 devices (Management VLAN) - VLAN 2: 120 hosts - VLAN 3: 40 hosts - VLAN 4: 225 hosts Assign the appropriately sized subnet to the Limerick LAN, which has 100 hosts. Assign the appropriate sized subnet to the Belfast LAN, which has 50 hosts. Assign an appropriately sized subnet for the Galway LAN, which has 150 devices. Assign an appropriately sized subnet for the Derry LAN, which has 10 devices. Document all of the addressing in tables. DHCP POOL (covered in phase 6) Configure DHCP services on the Galway router. DHCP should provide services to the following LANs hosts: Galway LAN, Cork’s VLAN 2, VLAN 3 and VLAN 4 Phase 2: Configuring Static and Default Routes, RIP & OSPF Routing S0/0/0 Galway S0/0/0 209.165.200.6/30 ISP Frame Relay (Use a Router to simulate the Internet) DCE Derry 209.165.200.4/30 DCE RIP V2 Galway LAN 150 hosts 209.165.200.0/30 S0/1/0 209.165.200.1/30 S0/0/0 S0/0/0 Cork Nat Outside 200.10.10.64/26 Nat Inside 172.16.0.0/22 Belfast S0/0/1 PPP Link CHAP G0/0 10 hosts S0/0/1 G0/0 S0/0/0 Limerick PPP Link PAP G0/0 VLA N 2 VLAN 3 VLAN 4 N VLA 99 OSPF 10 area 0 Web Server Belfast LAN 50 hosts Limerick LAN 100 hosts Cork VLANs 426 hosts (total) Use the following instructions to complete Phase 2: Configure each router with a hostname and required passwords. Configure each interface on all routers documented in Phase 1. Configure OSPF on the Cork, Limerick, and Belfast routers. Configure Default Route and redistribute such route within the AS Configure RIP version 2 on the Cork and Galway routers. Redistribute RIP networks into the OSPF routing process. Configure a Default Route on Galway pointing to the OSPF networks. Verify that the Limerick, Belfast, Galway, Derry and Cork routers have connectivity through Layers 1-7. Capture and save the five router configuration files. Edit the text files, and include comments at the top of each file documenting the following: – Your name – The date – Case Study – Phase 2 – The router name that corresponds to each file. This documentation will serve as the deliverable item for Phase 2. Phase 3: Configuring Frame Relay, PPP & GRE VPN S0/0/0 Galway S0/0/0 209.165.200.6/30 ISP Frame Relay (Use a Router to simulate the Internet) DCE Derry 209.165.200.4/30 DCE RIP V2 Galway LAN 150 hosts 209.165.200.0/30 S0/1/0 209.165.200.1/30 S0/0/0 S0/0/0 Cork Nat Outside 200.10.10.64/26 Nat Inside 172.16.0.0/22 Belfast S0/0/1 PPP Link CHAP G0/0 10 hosts S0/0/1 G0/0 S0/0/0 Limerick PPP Link PAP G0/0 VLA N 2 VLAN 3 VLAN 4 N VLA 99 OSPF 10 area 0 Web Server Belfast LAN 50 hosts Limerick LAN 100 hosts Cork VLANs 426 hosts (total) Use the following instructions to complete Phase 3: 1. Configure the Frame Relay as follows: Configure the serial interfaces on both the Cork and the Galway routers to use Frame Relay encapsulation and LMI type ANSI. Use Frame-Relay maps (disable Inverse-Arp) 2. Configure PPP encapsulation between: The Belfast router and the Cork router using CHAP authentication. The Belfast router the Limerick router using PAP authentication. Use the password cisco 3. Configure a Site-to-Site GRE tunnel Configure a Site-to-Site GRE tunnel between the Belfast router and the Derry router. Configure a static route on Derry and Enable OSPF routing between the Belfast and Derry routers Document the PP & NAT configuration in a chart; it will serve as the deliverable item for Phase 3. Phase 4: Configuring ACLs S0/0/0 Galway S0/0/0 209.165.200.6/30 ISP Frame Relay (Use a Router to simulate the Internet) DCE Derry 209.165.200.4/30 DCE RIP V2 Galway LAN 150 hosts 209.165.200.0/30 S0/1/0 209.165.200.1/30 S0/0/0 S0/0/0 Cork Nat Outside 200.10.10.64/26 Nat Inside 172.16.0.0/22 Belfast S0/0/1 PPP Link CHAP G0/0 10 hosts S0/0/1 G0/0 S0/0/0 PPP Link PAP Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 VLAN 99 OSPF 10 area 0 Web Server Belfast LAN 50 hosts Limerick LAN 100 hosts Cork VLANs 426 hosts (total) Use the following instructions to complete Phase 4: 1. Configure an Extended ACL to filter traffic. The ACL should: Deny the Galway LAN FTP and HTTP access to VLAN 2 (HR network); allow all other traffic to all destinations within the Autonomous System. Setup WEB and FTP server at the HR VLAN to test your ACL 2. Configure a Standard ACL to filter traffic. The ACL should: Permit the HR (VLAN 3) and the Belfast LAN users access the Limerick LAN while denying all others. 3. Configure an Extended ACL On the Belfast Router. The ACL should: Allow IP traffic for TCP and ICMP sessions originating from the inside (established sessions) while denying IP traffic for sessions originating outside the network. 4. Use an ACL to control VTY access to all routers. The ACL should: Allow telnet session to all routers from the Management VLAN (VLAN 99) only; telnet from other networks should be denied Document the ACL configuration a chart. This will serve as the deliverable item for Phase 4. Phase 5: Configuring VLANs S0/0/0 Galway S0/0/0 209.165.200.6/30 ISP Frame Relay (Use a Router to simulate the Internet) DCE Derry 209.165.200.4/30 DCE RIP V2 Galway LAN 150 hosts 209.165.200.0/30 S0/1/0 209.165.200.1/30 S0/0/0 S0/0/0 Cork Nat Outside 200.10.10.64/26 Nat Inside 172.16.0.0/22 Belfast S0/0/1 PPP Link CHAP G0/0 10 hosts S0/0/1 G0/0 S0/0/0 PPP Link PAP Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 N VLA 99 OSPF 10 area 0 Web Server Belfast LAN 50 hosts Limerick LAN 100 hosts Cork VLANs 426 hosts (total) Use the following instructions to complete Phase 4: 1. Apply the basic switch configuration Hostname and passwords 2. Configure the Cork Local Area Network switch as follows: Create and name three Data and one Management VLAN for a total of 4 VLANs. - VLAN VLAN VLAN VLAN 99: Management (Native) 2: HR 3: R&D 4: Production. Assign - Connect Fa0/0 of the Cork router to port 1 Connect one workstation per VLAN. Configure the workstations IP automatically. ports: Ports 1-2 to trunk mode (802.1Q) Ports 3 to VLAN 99 Ports 4-7 to VLAN 2 Ports 8-11 to VLAN 3 Ports 12-15 to VLAN 4 Disable all unused ports This documentation will serve as the deliverable item for Phase 5 Phase 6: Configuring DHCP S0/0/0 Galway S0/0/0 209.165.200.6/30 ISP Frame Relay (Use a Router to simulate the Internet) DCE Derry 209.165.200.4/30 DCE RIP V2 Galway LAN 150 hosts 209.165.200.0/30 S0/1/0 209.165.200.1/30 S0/0/0 S0/0/0 Cork Nat Outside 200.10.10.64/26 Nat Inside 172.16.0.0/22 Belfast S0/0/1 PPP Link CHAP G0/0 10 hosts S0/0/1 G0/0 S0/0/0 Limerick PPP Link PAP G0/0 VLA N 2 VLAN 3 VLAN 4 N VLA 99 OSPF 10 area 0 Web Server Belfast LAN 50 hosts Limerick LAN 100 hosts Cork VLANs 426 hosts (total) DHCP Services DHCP should provide services to the following LANs hosts: Galway LAN, Cork’s VLAN 2, VLAN 3 and VLAN 4 DHCP should pass the following parameters to the hosts: IP address, Subnet Mask and Default Gateway The Galway router will perform DHCP. Configure the Galway using the DHCP pools documented in Phase 1. Configure DHCP services on the Galway router as follows: Fa0/0 and sub-interfaces with the first useable address. Configure the DHCP pools on the Galway router. Exclude the first 10 IP addresses from each pool (to be used for printers and servers) Connect a workstation to Fa0/0 on Galway and VLANs 2-4 on the Cork router. Configure the workstation to obtain its IP address automatically. Recapture and save the Galway router configuration file. Edit the text file, and include comments at the top documenting the following: – Your name – The date – Case Study – Phase 5 – Galway router This documentation will serve as the deliverable item for Phase 6 Phase 7: Configuring Dynamic & Static NAT S0/0/0 Galway S0/0/0 209.165.200.6/30 ISP Frame Relay (Use a Router to simulate the Internet) DCE Derry 209.165.200.4/30 DCE RIP V2 Galway LAN 150 hosts 209.165.200.0/30 S0/1/0 209.165.200.1/30 S0/0/0 S0/0/0 Cork Nat Outside 200.10.10.64/26 Nat Inside 172.16.0.0/22 Belfast S0/0/1 PPP Link CHAP G0/0 10 hosts S0/0/1 G0/0 S0/0/0 Limerick PPP Link PAP G0/0 VLA N 2 VLAN 3 VLAN 4 N VLA 99 OSPF 10 area 0 Web Server Belfast LAN 50 hosts Limerick LAN 100 hosts Cork VLANs 426 hosts (total) The Belfast router will perform NAT. Configure the Belfast router as follows: Define the NAT pool. The pool consists of public network address 200.10.10.64/26. Exclude first 10 addresses from this pool (to be used for public domain servers, when required). Define an access control list, which will translate for all internal (172.16.0.0/22) addresses only. Establish dynamic source translation, specifying the NAT pool and the ACL defined in the previous steps. Specify the inside and the outside NAT interfaces. Configure Static NAT so the Web Server can be accessed from the Internet Phase 8: Verification and Testing S0/0/0 Galway S0/0/0 209.165.200.6/30 ISP Frame Relay (Use a Router to simulate the Internet) DCE Derry 209.165.200.4/30 DCE RIP V2 Galway LAN 150 hosts 209.165.200.0/30 S0/1/0 209.165.200.1/30 S0/0/0 S0/0/0 Cork Nat Outside 200.10.10.64/26 Nat Inside 172.16.0.0/22 Belfast S0/0/1 PPP Link CHAP G0/0 10 hosts S0/0/1 G0/0 S0/0/0 PPP Link PAP Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 N VLA 99 OSPF 10 area 0 Limerick LAN 100 hosts Web Server Belfast LAN 50 hosts Cork VLANs 426 hosts (total) S0/0 the following instructions to complete Use InternetPhase 5: Frame Galway 1. 2. Galway LAN 400 hosts (Use a PC to Relay Verify communication between various hosts in the network. Troubleshoot simulate DCE and fix any problems in the network until10.0.0.2/30) it works Galaway properly. Document the results of the tests in a table. DCE RIP V2 and save the router configuration files for all four routers. Edit the Recapture Fa0/0 text files, and include comments at the top of10.0.0.1/30 each file documenting the S0/0 following: S0/0 – Your name S0/1 Cork S0/1 Belfast – The date PPP Link – Fa0/0 –CHAP Final RouterFa0/1 Configuration – The router name that corresponds to each file. S0/0 Nat Outside Limerick PPP Link 200.10.10.64/26 PAP Fa0/0 Nat Inside 172.16.0.0/21 This documentation, along with the completed tables from Phase 1, Phase 2, Phase 3, Phase4, Phase 5, Phase 6, and Phase 7, will serveBelfast as theLAN final deliverable item for the 20 hosts case study. VLA N Limerick LAN N VLA VLAN VLAN 2 99 200 hosts 3 4 Cork VLANs 900 hosts (total) OSPF 10 area 0 Phase 9: Case Study Deliverables Documentation & Presentation The final task in this case study is to deliver a 20 minutes presentation of the main features of the design decisions and recommendations. A formal written report should also be provided that contains all of the design documents as well as all the supporting worksheets (see the case study requirements; Overview and Objectives on page 1). The design documentation should include: device configurations, a list of the number and types of networking devices selected for this design, logical and physical diagrams, subnetting scheme, and network testing verifications. The completed tables from Phase 1, Phase 2, Phase 3, Phase 4, Phase 6, Phase 6, Phase 7, and Phase 8 should be included with the final deliverable items. The following items must be included in the final report and presentation: • Outline • Summary of the Company and Network Requirements • Discussion on the implementation of IP address and VLSM • Discussion on the implementation of Routing • Discussion on the implementation of VLANs, STP, and switches • Discussion on the physical layer design and equipment • Discussion on testing and verification strategies • Recommendations for future network upgrades • Logical Diagram • Physical Diagram • IP Addressing Table • Router Interface Table • Switch Table • Equipment Table including quantity, make and model (Routers & Switches • • • ONLY) Show Commands outputs to verify connectivity and operation: show ip route, show ip ospf neighbors, show spanning-tree, show vlan, ping, telnet, etc. Router Configurations Switch Configuration The documentation should be complete and should contain enough information to allow a third party to properly install and configure or troubleshoot the network without requesting additional information.