Uploaded by Nelson Mwaniki

CIS 238 Final

advertisement
CIS 238 Final
Complete this network using the following criteria:
All of the following criteria must be fulfilled for full points. The scoring engine is
partially accurate and should only be used to give you a rough estimate of your score.
As always I'll grade based off of your configs.
Addressing requirements:
1. See the packet tracer for your addressing networks and subnetting req's.
2. Legend: N = Network (i.e N1 for 10.0.0.0/24 should be 10.0.0.0/30 N2 should be
10.0.0.4/30).
3. PC's/Servers in the 192.168 networks should get the 10th usable address
Basic device requirements:
1. All switches and routers should on the Edge side should be configured with the
secret password class.
2. All passwords should be encrypted.
3. All switches and routers on the Edge side should be configured with Console & VTY
password cisco.
4. All hostnames on the Edge side should be set according to their display name.
5. Disable domain lookup on all Edge side devices
6. Logging synchronous should be enabled
VLAN requirements:
1. Central WA Side, Largest network should be VLAN 10, smaller network should be
VLAN 20.
2. PC1 on Edge_1 should be VLAN 10
3. PC2 on Edge_2 should be VLAN 20.
4. Configure inter-vlan routing for each of the networks.
o
Only VLANs utilized on the network should be allowed.
o
Trunk lines should use dot1q encapsulation.
o
Trunk lines should not negotiate the trunking protocol.
o
VLAN 88 should be used as the native VLAN.
Port Security requirements:
1. Port security should be placed only where appropriate.
2. Ports should only allow the first 2 MAC addresses.
3. Ports should dynamically remember the MAC addresses that are connected.
4. The security mode should be set to Restrict.
DHCP requirements:
1. Spokane_Edge should provide DHCP addresses for the Downtown_SP_BLD1&2
VLANs.
2. Seattle_Edge should provide DHCP to all Seattle Servers & PC’s
3. All other devices should be statically assigned see above for addressing
requirements.
Routing requirements:
1. There should be a default route on Central_Edge pointing towards ISP. This route
should be shared to all other devices participating in OSPF.
2. ISP should have static routes for the internal networks. (NOTE: You do NOT need
to do the Point to Point links).
3. OSPF should be used for all internal routers
4. Apply passive interface where appropriate
NAT requirements:
1. NAT should be applied on Central_Edge
2. Static NAT should be implemented for the Web Servers. The Web Server should be
mapped to 12.34.5.3(Seattle), 12.34.5.4(Spokane).
3. PAT should be configured for all other internal machines and should use the IP
address set on Central_Edge G0/2.
ACL requirements: Note, remember that the demarcation line for your network
would typically be Central_Edge.
1. The Internet Device should only be able to reach the Web Servers on ports 80 and
443.
2. All internal machines should be able to reach NotGoogle.com on 80 and 443.
3. All internal machines should be able to ping anywhere on the internet
Connectivity requirements:
1. All internal machines should be able to ping each other except for the Admin
workstation.
2. All internal machines should be able to ping the egress port on Edge.
3. The Internet Device should be able to connect to the Web Server and open its web
page.
HSRP requirements:
1. Edge_1 should be primary for VLAN 10, priority should be 110 and should be
secondary for VLAN 20, priority should be 95.
2. Edge_2 should be primary for VLAN 20, priority should be 110 and should be
secondary for VLAN 10, priority should be 95.
3. Configure preempt and configure HSRP to track G0/0
Etherchannel:
1. See labels on topology for channel groups.
Download