Ccna3 Exploration Lan Switching and Wireless free essay sample

CCNA3 Exploration: LAN Switching and Wireless Guided Case Study Student: Date: Marks: Overview and Objectives To enhance the Learner’s knowledge of switching and wireless networks. The following case study is used to illustrate the process required for designing a redundant switched network. This case study presents a scenario in which XYZ Insurance Company has hired a Network Consultant Group to design their network. In order to help you organize this project, the scenario has been divided into phases listing the requirements for each task. Configure security via VLANs and propagate with VTP. †¢ Design a redundant switched network. †¢ Configure switch port VLAN information and port security †¢ Connect and verify connectivity to a wireless router †¢ Configure the IP settings of a Linksys wireless router †¢ Configure DHCP on a Linksys wireless router †¢ Change the network mode and corresponding network channel on a wireless router †¢ Enable WE P encryption and disable SSID broadcast. †¢ Enable a wireless MAC filter if available. †¢ Configure access restrictions on a wireless router if available. Background XYZ Insurance Company requires 24/7 access to the Internet in order to service its clients. You have been retained to design a network which meets these requirements. In order to achieve this, you have decided to develop the design in stages proving each stage on the way. In addition some users within your company are provided with wireless laptops and are allowed to log onto the company’s local area network in a secure fashion. Two wireless routers are provided for this for security and the Sales staff will be shared between them. Unauthorised wireless laptop users must be denied access in order to preserve security. Requirements The company has 3 main departments – Personnel, Finance and Sales. The offsite sales team are provided with laptops and, when in the head office, are regarded as part of the Sales Department. Your design must provide for †¢ 5 employees in the Personnel department. †¢ 10 employees in the Finance department. †¢ 5 wired workstations and 5 wireless workstations for internal Sales staff. †¢ 100 laptops for external mobile Sales staff. . Lifetime max of 2 servers for each department regardless of company growth. †¢ Expect 100% growth of current IP requirements when determining size of subnets. †¢ All networking devices must have IP addresses. †¢ Use the private class B 172. 25. 0. 0 network for internal addressing. †¢ Use VLSM for IP addressing. †¢ Use subnet 200. 1. 1. 0/29 for connection to the Internet via a router. †¢ There is a D NS server at address 195. 195. 1. 2/24 connected to the router. †¢ A redundant switched network using a layered design is required with one router for access to the internet. Two routers would be needed in the final analysis). Phase 1 – Network Design (20 marks) To meet the requirements the eventual topology is shown below; Worksheet 1. Produce a logical diagram based on the above diagram for the LAN for XYZ Insurance Company that includes: ? Router and switch names ? VLAN names and details ? Network addresses ? Number of hosts per network ? Link Speeds The next few sections have example grids for documenting this information. 2. The company expects the use of VLSM Design to maximize the use of IP addresses. A table is to be produced showing the subnets that meet the Companies requirements using a VLSM design. A sample table layout for recording the VLSM design is below. |Network Name |VLAN |Number of host |Network Address |Subnet Mask |Max Number of Hosts |Gateway Address | | | |addresses required | | |Possible | | |Personnel |10 |5 |172. 5. 1. 48 |/29 |6 |172. 25. 1. 49 | |Finance |20 |10 |172. 25. 1. 32 |/28 |14 |172. 25. 1. 33 | |Int sales |30 |5c, 5w |172. 25. 1. 0 |/28 |14 |172. 25. 1. 1 | |Ext sales |40 |100 |172. 25. 0. 0 |/25 |126 172. 25. 0. 1 | | | | | | | | | | | | | | | | | | | | | | | | | . For each device, a set of tables is required. These will assist with design and development activities and used when configuring switches and routers. A separate table should be created for each router and switch. Below is a sample layout for routers. Router Name: Network Name |Description and |Interface/Sub Interface|VLAN |Encapsulation |Network Number |Interface IP |Subnet Mask | | |Pu rpose |Type/Number | | | |Address | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Router Name: |Network Name |Description and |Interface/Sub Interface|VLAN |Encapsulation |Network Number |Interface IP |Subnet Mask | | |Purpose |Type/Number | | | |Address | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Wireless Router Name: |Interface Type/Port |Description and |Network Name|Network Number |Interface IP |Subnet Mask | | |Purpose | | |Address | | |Internet Port (Wired) | | | | | | |Wireless Port | | | | | | Wireless Access Point Name: Interface Type/Port |Description and |Network Name|Network Number |Interface IP |Subnet Mask | | |Purpose | | |Address | | |Port 0 (Wired) | | | | | | |Port 1 (Wireless) | | | | | | Below is the sample layout for the switch tables. Distribution Switch Name: Switch IP address: VLAN: |Port/Number |Description and |Speed |Duplex |VLANs allowed |Switchport Type|Encapsul ation (if | | |Purpose | | | | needed) | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Distribution Switch Name: Switch IP address: VLAN: Interface/Sub Interface |Description and |Speed |Duplex |VLANs allowed |Switchport Type|Encapsulation (if | |Type/Port/Number |Purpose | | | | |needed) | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Access Switch Name: Switch IP address: VLAN: |Interface/Sub |Description and |Speed |Duplex |Network Name |Network Number | |Interface |Purpose | | | | | |Type/Port/Number | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The tables and supporting text will be part of the documentation delivered to the XYZ Research Company. Before you commence with the implementation the logical diagram and tables need to be approved by the company. Instructors Signature: ______________________Date:_______________ For this Case Study, implement your design in phases with Packet Tracer and check out any particular aspects not supported by Packet Tracer with the equipment. Deliverables: Assignment with answers, Packet Tracer file and relevant configuration records and testing records.. Phase 2: Basic Switch Configurations (5 marks) Using Packet Tracer, create and connect three access switches, one distribution switch, the servers and PCs together to form basic connectivity. †¢ Name the distribution switch DistSW1. †¢ Name the access switches AccessSW1 and AccessSW2. †¢ On all switches, configure a login password as cisco, an encrypted privileged password as class, and provide secure telnet login capability. All passwords should be encrypted. †¢ Connect the access switches to the PCs representing ultimately the VLANs. †¢ Assign ip addresses to all PCs and the switches within the network 192. 168. 1. 0 solely to test connectivity. These addresses are purely temporary. †¢ The distribution switch is connected by trunk links to the access switches. Configure port security on the ports to which the PCs are connected with a maximum of 1 and violation mode as shutdown. †¢ DO NOT create any VLANs at this stage. Testing 1. Is there connectivity between all devices? [Y/N] ___________ 2. Can the PCs ping every device? [Y/N] ______________ 3. Do the access connected ports acquire the first MAC address? [Y/N] _______ First MAC address _____________ 4. Do the connected ports shutdown if a second PC replaces the first PC? [Y/N] _ Record the MAC addresses learned on each access port across all switches. Phase 3: VLAN Configurations (20 marks) Assign the VLANs from your design to achieve security between the Personnel, Sales and the IT management function of the network. Based on your Network Design in Phase 1, create the networks and assign the ip addresses to the access switches and one distribution switch, and the PCs and servers. NB: Do not include redundancy with the second Distribution switch in this phase. Steps 1. Via VTP, assign version 2 to all switches. 2. Assign server mode to the distribution switch and client mode to the access switches. 3. Assign a domain and password to the switches. 4. Use VTP to propagate the VLAN database from the distribution switch. 5. Create the VLANs on the distribution switch as in your design for Personnel, Finance and Sales. 6. Create a Management VLAN for the switches. 7. Assign single ports as access ports with port security as in the previous phase for each VLAN on both access switches. 8. Configure the PCs to represent the departments and assign representative ip addresses from each VLAN. Tests 1. Has the VLAN database propagated to the access switches? [Y/N] ____ 2. Test connectivity across the network for each of the three VLANs [Y/N]____ 3. Is there connectivity between different VLANs? [Y/N] ________ 4. Test that pings are successful from switch to switch: Ping from Distribution Switch 1 to Access Switch 1 and 2? [Y/N] ________ Ping from Access Switch 1 to Access Switch 2? [Y/N] ___________ Save and print out (1) Switch configurations, (2) show interface trunk, (3) show VLAN for each switch, (4) show VTP mode and status for each switch.. Phase 4: Router Configuration (20 marks) Add one router to provide inter-network communication between VLANs and simulate the Internet with a web server with a home page with the text â€Å"CCNA3 Exploration Case Study. Communication successful. Your name and date†. NB. Whilst this inter-network connectivity negates the security provided by VLANs, with access control lists firewalls would be configured to deny or allow communication as necessary. Steps 1. Select a router with two fastethernet ports and name it Router1 with login password as cisco and secret password as class. 2. Configure sub-interfaces on Router1 fa0/0 for the VLANs and the native VLAN. The sub-interfaces become the default gateways for each of these networks. 3. Connect a web server with a home page to simulate the Internet for test purposes. 4. Add default gateways to the PCs. Tests 1. Is there communication between PCs and servers? [Y/N] ________ 2. Is there communication via the router between each VLAN? [Y/N] ________ 3. Test that pings are still successful from switch to switch. Ping from Distribution Switch 1 to Access Switch 1 and 2? [Y/N] ________ Ping from Access Switch 1 to Access Switch 2? [Y/N] ___________ 4. Can each PC browse to the web server on the internet? [Y/N] ____________ Save and print out (1) the router configuration, (2) show ip route, (3) show protocols. Phase 5: Wireless Configuration (20 marks) Add a wireless router for mobile communication for the external Sales staff with secure access to the Sales network and the wireless access point for the internal Sales staff with wireless laptops. NB. With Packet Tracer, full security may not be achievable on the wireless devices. If not, state what additional security measures you would configure. Steps 1. Select a wireless router with an internet port connected to the wired Sales VLAN. 2. Configure the wireless router internet port with a static IP address in the Sales network. 3. Configure the wireless LAN on the wireless router with DHCP and the SSID: â€Å"ExternalXYZSales†. 4. Configure additional security with a WEP key and explain the addition of MAC filters. 5. Install a LAN wireless card in a PC and configure with DHCP selected. 6. Select a wireless access point and configure it with secure access to the wired Sales VLAN with SSID: â€Å"InternalXYZSales† and a WEP key. Tests 1. Is there communication from wireless router to the Sales PCs on the wired network via both access switches? [Y/N] ________ 2. Record the IP address assigned to wireless PC via DHCP? ____________ 3. Is wireless communication via the access point? [Y/N] 4. Is there communication from the wireless PCs and the wired Sales PCs? Successful ping from external wireless PC to a wired Sales PC via wireless router? Y/N] ____ Successful ping from internal wireless PC to a wired Sales PC via wireless access point? [Y/N] ____ 5. Test that pings are still successful from switch to switch: Ping from Distribution Switch 1 to Access Switch 1 and 2? [Y/N] ________ Ping from Access Switch 1 to Access Switch 2? [Y/N] ___________ 6. Can the wireless PCs browse to the web server on the internet? [Y/N] ______ Save, capture and print out configuration of (1) wireless router, (2) wireless access point. Phase 6: Redundant Distribution Switch (15 marks) Add a second switch at the distribution level to create a redundant switched network. Steps 1. Add the redundant switch in server mode with the same domain and password. 2. Ensure the root bridge is one of the distribution switches. 3. Connect the redundant switch via a trunk link to the first distribution switch. 4. Connect trunk links from the distribution switches to the access switches. 5. Allow spanning-tree protocol to set the port states. Tests Enter show spanning-tree to record: 1. Identity of the root bridge: _____________________ 2. Assign same priority to all VLANs. 3. For each switch on VLAN99record the root bridge identity, ensuring one of the distribution switches is a root bridge, and the status of the trunk ports as shown below: Switch:_DistSW1__ MAC Address:__________________ Priority: ____ Root ID: ___________________________ Trunk Port |Status |Trunk Port |Status |Trunk Port |Status | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switch:_DistSW2_ MAC Address:__________________ Priority: ____ Root ID: Trunk Port |Status |Trunk Port |Status |Trunk Port |Status | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switch:_AccessSW1 MAC Address:__________________ Priority: ____ Root ID: ___________ |Trunk Port |Status |Trunk Port |Status |Trunk Port |Status | | | | | | | | | | | | | | | | | | | | | | Switch: AccessSW2 MAC Address:__________________ Priority: ____ Root ID: ___________ Trunk Port |Status |Trunk Port |Status |Trunk Port |Status | | | | | | | | | | | | | | | | | | | | | | Switch:AccessSW3 MAC Address:__________________ Priority: ____ Root ID: |Trunk Port |Status |Trunk Port |Status |Trunk Port |Status | | | | | | | | | | | | | | | | | | | | | | 4. Change the bridge priorities so that the other distribution switch becomes the root bridge and record the states and identities as previously. Save, capture and print out the output from show spanning-tree of all switches for both root bridge assignments. EXTRA Phase 7: Fully Redundant Switched Network (No marks) To provide 24/7 access to the Internet, a second router would be installed with a trunk link to the redundant distribution switch. Steps †¢ Add the second router and name it Router2. †¢ Configure it in the same manner as Router1. †¢ Connect the web server via a switch to Router1 and Router2. †¢ Connect it via a switch to the fastethernet ports on the two routers.. †¢ Connect Router2 to the second distribution switch. Tests 1. Access the web server from all PCs? [Y/N] ________ 2. If DistSW1 fails, can all PCs still access the Internet. [Y/N] _____ NB. Default gateway of web server may need changing. Save and print the port status for the surviving Distribution switch. 3. If Router1 fails, can all PCs still access the Internet. [Y/N] _____ NB. Default gateway of web server may need changing. END of CASE STUDY EXTRA [pic] [pic] [pic] [pic] [pic] Internet WRS2 Fa0/0 Fa0/1 Fa0/0 Fa0/1 Fa0/24 Fa0/2 Fa0/3 Fa0/4 Fa0/24 Fa0/2 Fa0/3 Fa0/4 Fa0/23 Fa0/24 Fa0/23 Fa0/24 Fa0/23 Fa0/24 [pic] DNS Server 195. 195. 1. 2/24 Fa0/5 Fa0/5