Friday, 30 March 2018

32524 | LANs and Routing | Networking

Task One: Addressing the Network

The ISP provider has allocated 50.80.120.16/29 for the two ISP links. Note that, this address space needs to be subnetted into two /30 addresses for being used on the CITY-ISP and the GLEBE-ISP links respectively. For IPv6 the 2001:50:80:120::/64 and 2001:50:80:121::/64 addresses the two links to the ISP.
As part of the network redesign, the AIT has allocated 10.0.80.0/20 and 2001:DB8:CA5E::/52 for the internal network addressing. Note that each of the below user groups at different sites will be on their unique IP networks.

The CITY site is the main campus location and provides the AIT with its primary Internet connection.
Host requirements at that site are:
50 host for Academic Staff 360 hosts for the Students 20 hosts for Support Staff
All user groups will each have hosts located in two levels, i.e. Level 1 and Level 2 switches.
The GLEBE site is designed to expand the business into a new area. Host requirements at this site are:
10 Hosts for Academic Staff,
100 Hosts for Students
5 Hosts for Support Staff
The CHATS site is designed to grow the business into new markets and is very new. Host requirements at this site are:
6 Hosts for Academic Staff,
100 Hosts for Students
3 Hosts for Support Staff
The AIT requires that
¨   The use of hierarchical VLSM design to maximise the use of IPv4 addresses, and account for CIDR and route aggregation between the main sites.
¨ All IPv6 Addressed networks will have a mask of /64.
¨   100% growth1 of the current IP requirements for all hosts unless otherwise stated, when sizing the subnets.

¨   All networking devices (including switches) must have IPv4 addresses and the PC hosts’ gateways will use the first available usable address in each subnet. For the purpose of lab demonstration, the switches do not need to have IPv6 addresses.
¨ The ISP links will be allocated a subnet mask of /29 for IPv4 and a prefix of /64 for IPv6.
¨ The switching network sites will also use IPv6 addressing and will use EUI-64 for the
addressing.
¨   The routers’ interfaces for IPv6 will use static link-local addressing (to keep the addressing simple).
1  “100% growth” means the network designed needs to accommodate doubled number of users.
  • The Management/Native VLANs for the switching networks will each have two extra hosts for potential administration usage. This is for the lifetime of the network design regardless of any growth.
  • The network administrator hosts will have the last usable addresses on each of the Management/Native VLAN subnets at the CITY site.
At this stage, the AIT agrees that it is enough to assign all hosts with an IP address statically. However, DHCP for IPv4 will be used in a later stage and the final network demonstration.

 Milestone Submission:
  • Network subnetting tables, which show possible subnets that meet the design requirements; see Tables A1 and A2. Subnets that are not used are to be clearly identified in each table.
  • Detailed IP addressing tables showing all networking devices’ names and interface details (see Table B).
  • Switch and Router tables (see Tables C and D).
  • A device/host addressing table to tabulate hosts’ addresses and gateways; see Table E.
These tables, with necessary updates if needed for later stages, will be used for verifying the functionality of the network during the Case Study Demonstration marking. These tables may be used as the basis for the discussion about the design of the network.

Task Two: Routing the Network

The AIT Group’s ICT policy is that RIP (version 2) routing will be used internally for the IPv4 network. Check that all networks required appear in the routing tables on both CITY and Glebe routers. Routing between CITY and CHATS will use static and default static routing only.
All IPv6 routing will use static, default, summary and or floating static routing. It is your group’s responsibility to design your implementation of this routing requirement in a most efficient manner. You should fully document how this is achieved in your Written Report.
The routing to and from ISP will be using default and static routing for both IPv4 and IPv6. When correctly implemented all hosts within the AIT network should be able to successfully ping the loopback address on ISP, which is 11.11.11.11/32 for IPv4 and 2001:11:11:11::11/128 for IPv6, simulating the Internet.
Note that, NAT at CITY and GLEBE will be implemented at a later stage.
fig 2
 Deliverables – 1:
Discuss how you implement (with the specific commands), and verify (with verification strategy and screen-captured verification results) the following functions:
  • static routing and failover routing via the GLEBE-ISP link when the CITY-ISP link fails for both IPv4 and IPv6 networks.
  • RIP routing for the GLEBE and CITY sites for IPv4, and static routing for IPv6.
  • static routing between CHATS and CITY for both IPv4 and IPv6 networks, and route redistribution, if there is any, for IPv4 networks.
  • routing for inter-VLAN communication (see Task Three on the next page).
  1. Running configuration and screen captures without explanation/justification will not be marked.

Task Three: Switching Network

Due to the size and complexity of LANs, the AIT Group wants to use VLAN technologies to control broadcasts, enhance security and logically organise user groups at all AIT sites. 802.1Q trunk-based Inter-VLAN routing for both IPv4 and IPv6 will need to be implemented to advertise all VLAN networks at each of the three sites.
fig 3
The switching networks at the CITY, GLEBE and CHATS sites:
Switch access ports allocated to each VLAN should be proportional to the ports for VLAN’s used at each site.
Use the following VLAN IDs and Names for the required networks:
  • VLAN 10 – ACADEMICS
  • VLAN 20 – STUDENTS
  • VLAN 30 – SUPPORT
VLAN 99 should be assigned as the Management and Native VLAN.
VLAN 111 “Blackhole VLAN” should be used for all unused ports, which must be shutdown.
Port security is required on all access ports, with a maximum of one MAC Address per port. Any violation should shut down the port.
The default VLAN 1 is not allowed onto the trunks.
 Deliverables – 2:
Discuss how you design, implement (with the specific commands), and verify (with verification strategy and screen-captured verification results) the following functions:
  • VLANs (including user and Management VLANs) at each of the three sites,
  • port security,
  • 1q trunking, and
  • Inter-VLAN routing.
This should be supported with Tables D and E.
  1. Running configuration and screen captures without explanation/justification will not be marked.
fig 6

Task Four: Network Security

The AIT Group also wishes to enforce certain security policies in order to filter network traffic.
At this current stage, the following policy is to be implemented:
  • Access to all internal routers and switches must use SSH with the username casestudy and password cisco1, with the ONLY host permitted access being the Network Administrator.
  • Only IPv4 Internal Hosts from VLANs 10, 20 & 30 are permitted to be NATTed beyond the CITY Router, and GLEBE Router if the CITY/ISP link fails.

Task Five: IP Addressing Services for IPv4

NAT
The AIT Group has purchased a small block of public IPv4 addresses 50.80.120.0/28 for IPv4 NAT pool. Split this address space into two /29 blocks for CITY and GLEBE routers. Then use each public IPv4 address range, overloaded for addressing the internal network requirements for Internet connectivity. For the Network Administrator, assign a static NAT address from the available NAT pools of addresses.

                                                                                                        

For IPv6 network, NAT is not needed.
DHCP
Users from the internal network shall be allocated IPv4 addresses dynamically whenever it is feasible except for some special devices to which addresses will be assigned statically.
The AIT Group agrees that hosts’ IPv6 addresses can be configured either statically (for network administrator hosts) or Stateless Address Autoconfiguration (SLAAC) without the need of DHCPv6 support.
The CHATS router will perform DHCP for IPv4 and has the following requirements:
  • All users from the internal network will dynamically receive their IP addresses from the DHCP server, located on the CHATS router.
  • The first 3 hosts addresses of each DHCP pool will be reserved and not used for end host addressing.
  • The Network Administrator’s address is statically assigned and must be excluded from the required pool.
  • The Management VLANs will use statically assigned addresses.
  • No DHCP Addressing is required for IPv6 addresses. All end hosts should receive their IPv6 address using SLAAC.
You will need consider the use of DHCP relay where appropriate.
 Deliverables – 3:
  • Provide details of your design, such as NAT pools (see below Table F), DHCP pools for IPv4 (see Table G),
  • Provide partial configuration scripts specific to implementing DHCP and NAT.
  • Discuss the impact of the routing with NAT enabled and the influence of ACL on DHCP traffic.
  • Discuss how you verify (with verification strategy and screen-captured verification results) that the functionality of your DHCP and NAT design meets all requirements.

Task Six: Verifying Network Functionality

The AIT Group now wants a demonstration of the completed networks (partial topology diagram shown in the Appendix) using the equipment provided.
The demonstration requires basic settings on all routers and switches including hostname, local passwords, MOTD banner, management address and SSH access, detailed as follows:
  • Configure hostnames as per the partial Topology Diagram.
  • Configure password cisco for console connections.
  • Encrypt the privileged EXEC mode using password class.
  • Secure all VTY lines to allow SSH connections only and use the local database for authentication with a username casestudy and password cisco1.
  • Disable Domain Name Server (DNS) lookup.
  • Enable logging synchronous for console connections and all virtual terminal lines.
  • Configure a Message of the Day (MOTD) banner warning against unauthorised access.
  • Configure meaningful descriptions for all active interfaces, including loopback interfaces, on routers.
  • Configure the interfaces of routers and hosts as per the Topology Diagram and your Addressing Tables B&C.
  • Configure Management/Native VLAN SVI interfaces on all switches for TCP/IPv4 connectivity. TCP/IPv6 for switches are not required at this stage.
  • Configure the host PC for the required VLANs as shown on the partial topology diagram.
  • Configure DHCP and NAT.
Note: These PCs are all shown on the partial topology diagram provided.
The AIT Group requires the following network verification that will be assessed in lab Demonstration:
Verification of dynamic routing for IPv4.
Verification of static routing for both IPv4 and IPv6. Verification of DHCP and NAT.
Verification of network security and ACLs.
Verifying access of all hosts to each other and the ISP’s loopback addresses.
The AIT Group policies state that the group must develop and implement a verification strategy that will verify the functionality of the network with captures of important tests that demonstrate the functionality of the network, and include this as part of the Case Study Report.

No comments:

Post a Comment

Recent Questions

Learn 11 Unique and Creative Writing Examples | AssignmentHelp4Me

Learn 11 Unique and Creative Writing Examples | AssignmentHelp4Me elp4Meelp4Me