PHASE I (20 points total)—Due Week 3

Tasks to Do.
Task 1: Subnet the [Link]/16 network for NY and assign the first
nonzero subnets to Services followed by Engineering. You may need to re-
subnet for Executive and Native&Management subnets to avoid wasting IP
addresses. Ensure that you re-subnet only the first unused subnet and
nothing else. Assign the nonzero subnets to Executive and
Native&Management. (5 points)
New York Office IP Address Subnet Mask Network Address
IP
VLAN 15 [Link]/26 [Link] [Link]
VLAN 25 [Link]/25 [Link] [Link]
VLAN 35 [Link]/25 [Link] [Link]
VLAN 99 [Link]/28 [Link] [Link]

Task 2: Subnet the [Link] /25 network for IL and assign the last IP
address on the first three nonzero subnets to the Loopback 1, Loopback 2,
and Loopback 3 interfaces of the router. We will use a loopback or virtual
interface to simulate the LAN subnets. This will speed up configuration and
allows us to create our topology without rewiring. (3 points)
Illinois Branch IP IP Address Subnet Mask Network Address
Loopback 1 [Link]/2 [Link] [Link]
6
Loopback 2 [Link]/ [Link] [Link]
26
Loopback 3 [Link]/ [Link] [Link]
26

Task 3: Subnet the [Link] /25 network for CA and assign the last IP
address on the first three nonzero subnets to the Loopback 1, Loopback 2,
and Loopback 3 interfaces of the router. We will use a loopback or virtual
interface to simulate the LAN subnets. This will speed up configuration and
allows us to create our topology without rewiring. (3 points)
California Branch IP Address Subnet Mask Network Address
IP
Loopback 1 [Link]/2 [Link] [Link]
7
Loopback 2 [Link]/2 [Link] [Link]
7
Loopback 3 [Link]/2 [Link] [Link]
7
Task 4: Use the following network address ([Link]/25) to find the WAN
subnets between NY and IL and NY and CA respectively. Note that there are
only two IP addresses per subnet for each WAN link. Assign the first WAN
subnet to NY to IL and the second WAN subnet to NY to CA. (2 points)

WAN Subnets IP Address Subnet Mask Network Address

NY to IL [Link]/30 [Link] [Link]
NY to CA [Link]/30 [Link] [Link]

Task 5: Use Microsoft Visio to design the current network topology.

Remember to use Loopback interfaces for the subnets in NY, IL, and CA. Use
point-to-point interfaces to connect the remote branch offices to NY. See the
sample network diagram below. Replace the phrase “IP Address” by the
correct IP address for each interface on the routers. Include the WAN IP
addresses on the diagram as well. (7 points)
 First Major Deliverable in the Project: IP scheme for all three locations
(fill in the IP tables above) and the Visio Diagram.

PHASE II (30 points total)—Due Week 5

Now that you have completed your first major deliverable in the project, let
us move on to the next phase in the project. You need to plan to implement
the network. You will configure the switches first.

Task 1: Configure SW1. (3.5 points possible)

Configuration Required Information >enable Points
Task #configure terminal
Switch name SW1 #hostname SW1 ¼
Secret Password Netw204 #enable password ¼
Netw204
Disable DNS #no ip domain-lookup ¼
lookup
Username and User= Admin1, username Admin1 ¼
Password Password=cisco123 privilege 15 secret
cisco123
Message of the Unauthorized Access is #banner motd ¼
Day (MOTD) Highly Prohibited! ^Unauthorized Access is
Banner Highly Prohibited!^
VTY Enable SSH and Disable #line vty 0 15 ½
Telnet. (c- line)#transport input
ssh
(config-line)#exit
Encrypt the clear Use the correct #service password- ¼
text passwords command to encrypt encryption
clear text passwords.
Create the Use the information (c-if)#interface vlan 15 ¼
required VLANs. provided to create the (c-if)#name Executive
VLANs. (I also added (c-if)#interface vlan 25
Names) (c-if)#name Engineering
(c-if)#interface vlan 35
(c-if)#name Services
(c-if)#interface vlan 99
 (c-if)#name
Native&Management

Assign the Assign the IP Address #interface vlan 99 ¼

management IP just before the last valid (c-if)#ip address
address. IP Address on the [Link]
Native&Management [Link]
VLAN. VLAN 99 is the
Native VLAN.
Enable the Use the correct #interface fastethernet ¼
802.1Q Trunk switchport command to 0/2
ports. set the Trunk port. (c-if)#switchport trunk
encapsulation dot1q
(c-if)#switchport mode
trunk
(c-if)#no shutdown
(c-if)#interface
fastethernet 0/1
(c-if)#switchport trunk
encapsulation dot1q
(c-if)#switchport mode
trunk
(c-if)#no shutdown
(c-if)#exit
Configure all Use the interface range #interface range fa0/2, ¼
other ports as command. fa0/1, fa0/5, fa0/3
access ports. (c-if)#switchport mode
access
Assign F0/5 to the See the network #interface fastethernet ¼
correct VLAN as diagram you drew for 0/5
per the diagram. part 1. (c-if)# witchport mode
switchport mode access
access is redundant if (c-if)#switchport access
this is continuing vlan 25
from the previous (c-if)#exit
command

Shutdown all Disable all unused ports I don’t know all the ports ¼
unused ports. in software. because I am not using
the software but in the
even this was a live
production network I
would use #show vlan for
 port information,
#interface range {port
range}, and #shutdown
commands to shutdown
unused ports.

Task 2: Configure SW2. (3.5 points possible)

Configuration Required Information >enable Points
Task #configure terminal
Switch name SW2 #hostname SW2 ¼
Secret Netw204 #enable password ¼
Password Netw204
Disable DNS #no ip domain-lookup ¼
lookup
Username and User= Admin1, username Admin1 ¼
Password Password=cisco123 privilege 15 secret
cisco123
Message of the Unauthorized Access is #banner motd ¼
Day (MOTD) Highly Prohibited! ^Unauthorized Access is
Banner Highly Prohibited!^
VTY Enable SSH and Disable #line vty 0 15 ½
Telnet. (c- line)#transport input
ssh
(c-line)#exit
Encrypt the Use the correct command #service password- ¼
clear text to encrypt clear text encryption
passwords passwords.
Create the Use the information (c-if)#interface vlan 15 ¼
required provided to create the (c-if)#name Executive
VLANs. VLANs. (c-if)#interface vlan 25
(c-if)#name Engineering
(c-if)#interface vlan 35
(c-if)#name Services
(c-if)#interface vlan 99
(c-if)#name
Native&Management

Assign the Assign the IP Address just #interface vlan 99 ¼

management before the last valid IP (c-if)#ip address
IP address. Address on the [Link]
Native&Management [Link]
VLAN. VLAN 999 is the
 Native VLAN.
Enable the Use the correct switchport #interface fastethernet ¼
802.1Q Trunk command to set the Trunk 0/2
ports. port. (c-if)#switchport trunk
encapsulation dot1q
(c-if)#switchport mode
trunk
(c-if)#no shutdown
(c-if)#interface
fastethernet 0/1
(c-if)#switchport trunk
encapsulation dot1q
(c-if)#switchport mode
trunk
(c-if)#no shutdown
(c-if)#exit
Configure all Use the interface range #interface range fa0/2, ¼
other ports as command. fa0/1, fa0/5, fa0/3
access ports. (c-if)#switchport mode
access
Assign F0/3 to See the network diagram #interface fastethernet ¼
the correct you drew for part 1. 0/3
VLAN as per (c-if)# witchport mode
the diagram. access
(c-if)#switchport access
vlan 15
(c-if)#exit
Shutdown all Disable all unused ports in Again I don’t know all ¼
unused ports. software. the ports because I am
not using the software
but in the even this was
a live production network
I would use #show vlan
for port information,
#interface range {port
range}, and #shutdown
commands to shutdown
unused ports.
 >enable
Configuration Required #configure
Item or Task Information terminal Points

Description Executive leaving out (c-if) for

Configure LAN space
802.1Q Assign VLAN 15. #interface gigabitethernet
½
subinterface . Assign the last valid IP 0/1.15
15 on G0/1 address to this #encapsulation dot1q 15
interface. #ip address [Link]
Description Engineering [Link]
Configure LAN #description Executive LAN
802.1Q Assign VLAN 25. #interface gigabitethernet
0/1.25 ½
subinterface . Assign the last valid IP
25 on G0/1 address to this #encapsulation dot1q 15
interface. #ip address [Link]
[Link]
Description Services
LAN #description Engineering
Configure
LAN
802.1Q Assign VLAN 35.
#interface gigabitethernet ½
subinterface . Assign the first
35 on G0/1 0/1.35
available address to
this interface. #encapsulation dot1q 15
#ip address [Link]
Description
[Link]
Native&Management
Configure LAN #description Services LAN
802.1Q #interface gigabitethernet
Assign VLAN 99. ½
subinterface . 0/1.99
99 on G0/1 Assign the last valid IP
address to this #encapsulation dot1q 15
interface. #ip address [Link]
[Link]
#description
Native&Management LAN
Activate
#interface gigabitethernet ½
Interface G0/1
0/1
(c-if)#no shutdown
Bring up interfaces
OSPF Process 204 #router ospf 204 ½
ID #router-id [Link]
Router ID [Link] #network [Link] ½
[Link] area 0
Use classless network
addresses #network [Link]
Advertise
[Link] area 0
directly Assign all directly ½
connected connected networks to #network [Link]
networks. Area 0 [Link] area 0
#passive-interface
fastethernet 0/0
Set all LAN ½
interfaces as Type necessary #end
passive. commands to do so.
Change the #router ospf 204
default cost #auto-cost reference
reference bandwidth 1000
bandwidth to ½
#end
support Gigabit
interface
calculations. 1000
#interface range serial 2/0,
3/0
Set the serial ½
interface (c-if)#bandwidth 768
bandwidth. 768 Kb/s
Adjust the #ip ofsf cost 7500
metric cost of ½
S0/0/0. Cost: 7500
Configuration Required
Task Information Points

#interface loopback 1
#ip address
[Link]
[Link]
#interface loopback 2
#ip address
[Link]
½
[Link]
Assign IP #interface loopback 3
addresses to
#ip address
appropriate
[Link]
interfaces
[Link]
including
Loopback and #interface serial 2/0
serial #ip address [Link]
interfaces. [Link]
Activate the #interface serial 2/0 ½
nonLoopback #no shutdown
interfaces.

OSPF Process #router ospf 204 ½

ID 204
#router-id [Link] ½
Router ID [Link]
Use classless #network [Link]
network addresses. [Link] area 0
Assign interfaces to #network [Link]
Area 0. [Link] area 0 ½
Advertise Use a single
directly summary address for
connected the LAN (loopback)
networks. interfaces.
#passive-interface
Set all LAN
fastethernet 0/0 ½
(Loopback)
interfaces as #end
passive.
Change the #router ospf 204
default cost #auto- cost reference
reference bandwidth 1000 ½
bandwidth to
support Gigabit
interface
calculations. 1000
Set the serial #interface serial 2/0 ½
interface #bandwidth 256
bandwidth. 256 Kb/s

Note: You will probably notice that all the Loopback IP addresses show up
as /32. To change that /32 to the real subnet mask of the Loopback interfaces
you need to type the following command on each Loopback interface in the
routers.
Interface Loopback 1
ip ospf network point-to-point
Task 5: Configure the CA Router. (4 points)
Configura Required
tion Task Information Points

#interface loopback 1
#ip address [Link]
[Link]
Assign IP #interface loopback 2
addresses #ip address [Link]
to [Link] ½
appropriat #interface loopback 3
e
#ip address [Link]
interfaces
[Link]
including
Loopback #interface serial 3/0
and serial #ip address [Link]
interfaces. [Link]
Activate #interface serial 3/0
the #no shutdown ½
nonLoopba
ck
interfaces.

OSPF #router ospf 204 ½

Process ID 204
#router-id [Link] ½
Router ID [Link]
Use classless #network [Link]
network [Link] area 0
addresses. #network [Link]
Assign [Link] area 0
interfaces to ½
Area 0.
Use a single
Advertise summary
directly address for the
connected LAN (loopback)
networks. interfaces.
#passive-interface fastethernet
Set all LAN
0/0 ½
(Loopback)
interfaces #end
as passive.
Change #router ospf 204
the default #auto- cost reference
cost bandwidth 1000
reference
bandwidth ½
to support
Gigabit
interface
calculation
s. 1000
Set the #interface serial 3/0
serial #bandwidth 256 ½
interface #end
bandwidth. 256 Kb/s

Task 6: Verify OSPF Configuration (6 points)

 Question Points
Type the command that displays all connected OSPFv2 #show 1
routers. Capture the output for your project and ip ospf
explains what you see. neighb
or
Type the command that displays the OSPF process ID, #show 1
router ID, routing networks, address summarization, ip ospf
and passive interfaces configured on a router. Capture
the output for your project and explain what you see.
What command displays only OSPF routes? #show 1
ip route
ospf
What command displays detail information about the #show 1
OSPF interfaces, including the authentication method? ip ospf
inerfac
e
What command displays the OSPF link states types? #show 1
ip ospf
databa
se [link
state
id]
What command displays the OSPF database? #show 1
ip ospf
databa
se

Task 7: Summarize the output of the commands used in Task 6. How can
you tell that the network is working correctly? (3 points)

You would be able to see link state and the ospf routers would for
adjacencies with their neighbors and this would be visible in the ospf
database. The ip route command would show the routes of the packet sent
from one network over to the neighboring network. To see if the overall
network is up and the interfaces are properly turned on, you would ping
addresses on the network to see if the packets go through. “Tracert” would
be the command a network admin would use to see the route these packets
take to get to their destination addess.
PHASE III (70 Points Total)—Due Week 7
Task 1: Configure the NY router as a DHCPv4 server for the executive and
engineering VLAN. (4 points)

>enable
Configuration Required
Task Information #config t Points

Reserve the first 10 #ip dhcp excluded-address

IP addresses in [Link] [Link] (1
VLAN 15 for static point)
configurations.
Reserve the first 10 #ip dhcp excluded-address
IP addresses in [Link] [Link] (1
VLAN 25 for static point)
configurations.
Name: #ip dhcp pool EXECUTIVE
EXECUTIVE #network [Link]/26
DNS-Server: #dns-server [Link]
[Link] #domain-name [Link]
Create a DHCP pool Domain- (1
#default-router [Link]
for VLAN 15. Name: point)
[Link] #lease 7
Set the
default
gateway.
Name: #ip dhcp pool ENGINEERING
ENGINEERING #network [Link]/25
DNS-Server: #dns-server [Link]
[Link] #domain-name
Create a DHCP pool Domain- [Link] (1
for VLAN 25. Name: point)
#default-router [Link]
engineering.c
om #lease 7
Set the
default
gateway.
Task 2: Restrict Access to the VTY Lines to only come from
Native&Management VLAN. (15 points)

>enable
Configuration Required Point
Task Information #conf t s

ACL Name: #ip access-list extended NETMGMT

NETMGMT #10 permit tcp [Link]
Telnet is port [Link] 5 any eq 22
22, so If we #20 permit tcp [Link]
Configure a are only [Link] 5 any eq 23
named access allowing ssh 5
#500 deny ip any any log (this
list to only connections logs all the attempts to ssh)
allow then we
Native&Manag would
ement VLAN to eliminate
SSH to the that line in
routers. the list.
#line vty 0-15
Apply the #ip access-class NETMGMT in 5
named ACL to
the VTY lines. #end

#show access-list
then go to an unauthorized device
and try to SSH to the router, it 5
Verify ACL is should give out a “connection
working as refused by remote host” error
expected. message.

Task 3: Configure static and dynamic NAT on NY. (25 points)

 >enable
Configuration Required
Task Information #conf t Points

Create a local #username webadmin privilege 15

database with secret cisco 123
one user
account. Use
the command
Username: 5
username
webadmin
webadmin
privilege 15 Password:
secret cisco123
cisco123. Privilege level: 15
Enable HTTP #ip http server
2
server service. ip http ?
Configure the #ip http authentication local
HTTP server to
use the local 2
database for ip http
authentication. authentication ?
Create a static Inside Global #ip inside source static
NAT to the web Address: 2
server. [Link] --> [Link]
Configure NY’s #interface loopback 0
Loopback 0 #[Link] [Link]
interface with
the following IP
1
address. This is
a simulated
internal web
server. [Link]/32
Assign the #interface fa 0/0
inside and #ip nat inside
outside [Link]  1
#interface serial 2/0
interface for [Link] /
the static NAT. 26 #ip nat outside
 Access List: 10 #ip access-list extended 10
Allow the #access-list 10 permit
executive
[Link]
and [Link]
engineering #access-list 10 permit [Link]
networks on NY to
be translated. #access-list 10 permit
Configure the Allow a summary
[Link] [Link]
dynamic NAT of the LANs #access-list 10 permit
(loopback) 5
inside private [Link] [Link]
ACL. networks on IL and
CA to be #access-list 10 deny [Link]
translated.
Do not allow the
Services and
Native&Manageme
nt VLANs to be
translated.
Pool Name: #ip nat pool THE_NET
THE_NET
Define the pool
Pool of addresses [Link]
of usable public 5
include:
IP addresses.
[Link] –
[Link]
Define the #ip nat inside source list 10 pool
dynamic NAT 2
translation.
Task 4: Secure the network services. (16 points)
Configuration Task Required >enable Point
Informatio s
#conf t
n
Configure an ACL No.: #ip access-list extended 10
extended ACL to 105 105
 allow Internet #105 permit tcp
hosts WWW [Link] [Link] any
access to the eq 80
simulated web #105 permit tcp
server on NY by [Link] [Link] any
accessing the eq 953
static NAT #105 deny icmp any any
address redirect log
([Link] / #105 deny icmp any any
26) that you echo
configured in #105 deny icmp any any
Task 3; mask-request log in
 allow Internet
hosts DNS
access to the
simulated web
server on NY by
accessing the
static NAT
address
([Link] /
26) that you
configured in
Task 3; and
 prevent traffic
from the
Internet from
pinging internal
networks, while
continuing to
allow LAN
interfaces to
ping the
Internet hosts.
Apply ACL to the #ip access-class 105 in 6
appropriate
interface(s).
Task 5: Verify that your project meets the above requirements. Write a
summary of what you did and explain what you have learned in the process.
(10 points)
I created access control lists to permit only those assigned to the VLAN to
gain remote access to the VLAN. Then we moved forward to set up a NAT
service on the router to translate local addresses to public IP addresses. We
had to first define the inside interface and the outer interface. We created a
pool of usable ip addresses for dynamic translating. Last we secured the
network services with an extended ACL that allowed certain hosts to access
the web server. In the process I have learned to use my resources because
not everything will always stick in my brain, but this was ultimately great
practice.