CCNA Discovery: Designing and Supporting Computer Networks Chapter 3 Case Study
Network Design Note: This case study utilizes Packet Tracer. Please see the Chapter 3 Packet Tracer file located in Supplemental Materials. Introduction and Scenario You have now successfully set up the spanning tree process so that the traffic is flowing across the links you chose. However, there has been an embarrassing security issue during which an unauthorized user in the production area managed to access payroll data in the human resources department. Understandably, company management is somewhat upset about this. You and the IT Manager have discussed ways you might tighten security on the network. One obvious approach is to configure a series of Virtual LANs (VLANs) in the switches. Of course, there will be other advantages in doing this, including reducing the effect of broadcast traffic. One downside that has been identified is that you will probably need to purchase a couple more routers to enable inter‐VLAN routing. (You could, of course, perform this function on the gateway router at the core layer. To provide proper network efficiency within the network infrastructure, you have convinced the IT Manager that it should be performed at the distribution layer.) Luckily, the security breach has convinced management to provide adequate funding to solve this problem! © 2009 Cisco Learning Institute
CCNA Discovery: Designing and Supporting Computer Networks Chapter 3 Case Study
You decide to go ahead and plan for six VLANs which you believe will be adequate for the current network. As part of this planning, you will add two Cisco 2811 routers to act as Distribution layer inter‐ VLAN routers. Of course, there will also be some major reconfiguration required on the network switches to support this new structure. Task You must set up six VLANs on the network, numbered VLAN 10; 20; 30; 40; 50 and 100. They will be named VLAN10; VLAN20…etc. The addressing range for each VLAN will be 192.168.x.0 / 24 where x = VLAN number. Reconfigure the 8 user PCs (PC0 through PC7) as follows: PC0 ‐ VLAN10 ‐ 192.168.10.50 / 24 ‐ gateway 192.168.10.3 PC1 ‐ VLAN20 ‐ 192.168.20.50 / 24 ‐ gateway 192.168.20.3 PC2 ‐ VLAN10 ‐ 192.168.10.60 / 24 ‐ gateway 192.168.10.3 PC3 ‐ VLAN40 ‐ 192.168.40.50 / 24 ‐ gateway 192.168.40.3 PC4 ‐ VLAN10 ‐ 192.168.10.70 / 24 ‐ gateway 192.168.10.5 PC5 ‐ VLAN50 ‐ 192.168.50.50 / 24 ‐ gateway 192.168.50.5 PC6 ‐ VLAN10 ‐ 192.168.10.80 / 24 ‐ gateway 192.168.10.5 PC7 ‐ VLAN30 ‐ 192.168.30.50 / 24 ‐ gateway 192.168.30.5 The servers in the server farm are to be placed in VLAN 100. The new addresses are: Internal Web Server ‐ VLAN100 ‐ 192.168.100.10 / 24 ‐ gateway 192.168.100.3 Internal DNS Server ‐ VLAN100 ‐ 192.168.100.20 / 24 ‐ gateway 192.168.100.3 Reset the spanning tree priority to its default value on every internal switch to minimize confusion. Add a 2811 router to Dist#2 and Dist#4. Connect the fa0/0 port on the router to fa0/22 on the respective switch. Name the routers Dist2 and Dist4. © 2009 Cisco Learning Institute
CCNA Discovery: Designing and Supporting Computer Networks Chapter 3 Case Study
The sub‐interfaces on fa0/0 on Dist2 will be configured with the IP address 192.168.x.3 / 24 where x = VLAN number. The sub‐interfaces on fa0/0 on Dist4 will be configured with the IP address 192.168.x.5 / 24 where x = VLAN number. Note that the PCs use their respective gateway according to which sector of the network they are physically connected to. Set up the necessary sub‐interfaces on the Gateway router. Set up RIP Version 2 routing across the network. Set up the switches so that they now handle VLAN traffic. Conclusion and Reflection You should be able to ping between any two hosts on the network – internally and externally – at the completion of this reconfiguration exercise. What does the traffic pattern look like now you have set up VLANs? Is it acceptable? © 2009 Cisco Learning Institute