32524 LANs and Routing Case Study Assignment

Scenario 

Apricot Pty Ltd is a medium sized company that has grown quickly since its formation 10 years ago. Its  main businesses concerns are Engineering, Telecommunication and Banking. The Apricot P/L has  embarked on a project to redesign the company’s network infrastructure and has therefore moved into  larger HO area, with additional support at its Branch Office. 

The completed Apricot P/L infrastructure will be undertaken in stages progressively – building each stage  on the previous structure until completed. The full structure will network will emerge as each stage is  completed. 

The network that Apricot P/L is implementing should support 100% growth over the next five years. A  partial logical Topology Diagram has been provided (see Fig. 1). The task is to design, implement and fully  document the networks at the two sites. In addition to a formal report, Apricot P/L requires a working  prototype of the network built before final implementation, to verify that all Apricot P/L requirements  are met. 

Apricot Pty Ltd will implement DHCP services for all employee LANs on Branch Router. For all LANs  receiving addresses via DHCP, the first 5 addresses are reserved for static implementation, such as default  gateways. 

NAT for IPv4 will be implemented by Apricot P/L on HO Router for all traffic leaving the company’s  network. 

Objectives 

• Design an aggregated addressing scheme for both IPv4 and IPv6 addresses to allow  summarization on each router. For IPv4 VLSM is to be used for all networks, whilst for IPv6 all  networks need a /64 mask. 
• Internal routing for IPv4 will use the RIP routing protocol. 
• Internal routing for IPv6 will be implemented using static, default static and summary static routing as appropriate. 
• Routing between the company’s network and the Internet (via ISP) will be using static and  default static routing. 
• Configure switching networks for management using VLANs and 802.1q trunking,  ? Design and implement Dynamic Host Configuration Protocol (DHCP) for IPv4 for all end hosts.  IPv6 addresses for end hosts will use SLAAC. 
• Design and implement Network Address Translation (NAT) for IPv4. 
• Design and implement standard Access Control Lists (ACLs) and restrict SSH access and for NAT  Implementation. 
• Use the resources provided to cable, configure and verify the dual-stack network. A model should  be built using Packet Tracer. 
• Verify the functionality and troubleshoot the network when necessary.  
• Produce and submit detailed professional written documentation in appropriate format. 

Requirements in Tasks 

In order to help your group organise this Case Study, the scenario has been broken into six tasks and  detailed requirements are listed for each task. The final written report should be prepared  progressively as each design feature is implemented. The whole network will be built and  demonstrated on real equipment (routers and switches) to demonstrate full functionality when all  tasks are completed.

Task One: Addressing the Network 

The Apricot P/L’s ISP has allocated 200.20.1.0/30 for the IPv4 address and 2001:200:20:1::/64 for  IPv6 to address the link to the ISP. The company’s internal network will use 192.168.32.0/20 for IPv4  addressing and 2001:ACAD:FEE::/60 for IPv6 addressing. 

The HO site is the main company location and provides Apricot with its Internet connection. Host  requirements at that site are: 

• 10 Hosts for Executive 
• 350 Hosts for Sales 
• 40 Hosts for Accounts 
• 25 Hosts for HR 

Management Addresses should also be allocated as required here. The switch used at this site should  have sufficient ports for current requirements and for expected growth.  

Note: As we will be using a 24 port switch to represent links to all hosts. Therefore allocation of  the access ports should be proportional to the ‘actual’ requirements. For the demonstration only  one switch will be used here. 

The Branch site is designed to expand the business into a new area. This site will be used for DHCP  services with all Internet connections will be forwarded to HO. Host requirements at this site are: 2 Hosts for Executive, 

• 75 Hosts for Sales 
• 8 Hosts for Accounts 
• 6 Hosts for HR 

Management Addresses should also be allocated as required here. The switch/es used here should have  sufficient ports for current requirements and for expected growth. 

The company requires: 

• Aggregation of the address space for both IPv4 and IPv6 is required so that summarization can  occur. 
• The use of hierarchical VLSM design is required at each site to maximise the use of IPv4 addresses and CIDR. 
• All IPv6 Addressed networks will have a mask of /64. 
• There is a 100% growth of the current IP requirements for all hosts unless otherwise stated,  when sizing the subnets. 
• All networking devices must have IP addresses and the PC hosts’ gateways will use the first  available usable address in each subnet. 
• The Management/Native VLAN for the switching network should have sufficient address space  for current requirements. This address space should not increase regardless of any growth.
• When addressing the routers interfaces (both WAN & LAN) and switch management VLAN  interfaces, the first available usable address/es should be nearest to the ISP. 
• The network administrator has the last usable address on the Executive VLAN at HO. 

At this stage, Apricot P/L agrees that it is enough to assign all hosts with an IP address statically.  However, DHCP for IPv4 must be added at a later stage and used for the final network demonstration.

Task Two: Routing the Network 

The Apricot P/L policy is that RIP Routing will be used internally for the IPv4 network between HO and  Branch. Check that all networks appear in the routing tables on both HO and Branch routers.  

All IPv6 routing will use static, default or summary routing. It is your group’s responsibility to design  your implementation of this routing requirement in the most efficient manner. 

The routing to and from ISP will be using default and static routing for both IPv4 and IPv6. When  correctly implemented all hosts within the Apricot network should be able to successfully ping the  loopback address on ISP. 

NAT at HO will be implemented at a later stage. 

Task Three: Switching Network 

Due to the size and complexity of LANs, the company wants to use VLAN technologies to control  broadcasts, enhance security and logically organise user groups at both HO and Branch sites.  

HO and Branch sites switching networks: 

Switch access ports allocated to each VLAN should be proportional to the VLAN’s users at each site. ? VLAN 521 should be assigned as the Management and VLAN 133 as the Native VLAN. ? VLAN 721 should be used for all unused ports, which should be shutdown.  

• There will be one switch at the HO site and two switches at Branch site for the demonstration.  You are required to investigate the best possible switch arrangement that should be possible at  both sites considering the number of hosts required.  
• Port security is required on all access ports, with a maximum of one MAC Address per port. Any  violation should shut down the port. 
• The default VLAN 1 is not allowed onto

Task Four: Network Security 

The Apricot P/L also wishes to enforce certain security policies in order to filter network traffic. 

At the current stage, the following policy is to be implemented: 

1. Access to all internal routers and switches must only occur using SSH using the username CaseStudy with password cisco1. 
2. Only IPv4 Internal Hosts from VLANs 5, 10, 20 & 30 are permitted to be NATTed beyond the HO  Router.  

Task Five: NAT & DHCP 

NAT 

Apricot P/L has been allocated with a small block of public IPv4 addresses 200.20.2.0/29. Use this  public IPv4 address range, overloaded for addressing the internal network for Internet connectivity.  Assign the Network Administrator a static NAT address from the available NAT pool of addresses. 

DHCP 

Users from the internal network shall be allocated with IP addresses dynamically whenever it is feasible  except for some special devices to which IP addresses will be assigned statically. Users on the Executive  LAN at each site should have their addresses statically assigned. 

The Branch site router will perform DHCP for IPv4 and has the following requirements: 

•  All hosts will dynamically receive their IP addresses from the DHCP server, located on the Branch router. 
•  The first 5 hosts addresses of each DHCP pool will be reserved and not used for end host  addressing. 
•  The Management VLANs will be statically assigned addresses. 
•  No DHCP Addressing is required for IPv6 addresses. All end hosts should receive their IPv6  address using SLAAC.

Task Six: Verifying Network Functionality 

Apricot P/L now requires a demonstration of the completed network using the routers and switches provided.  

The demonstration requires basic device configuration on all routers and switches according to the  following guidelines: 

•  A host name as per the partial Topology Diagram. 
•  Domain Name Server (DNS) lookup to be disabled 
•  Password for console connections as cisco and all virtual terminal lines with username  CaseStudy and password cisco1. 
•  Encrypt the enable privileged EXEC mode using password class. 
•  Privileged EXEC mode for the console and virtual terminal lines should be configured to time  out after 10 minutes of no user input. 
•  Enable logging synchronous for console connections and all virtual terminal lines. ? Configure a Message of the Day banner warning against un-authorised access. 
• To assist in documentation and troubleshooting all active interfaces, including loopback  interfaces, must have meaningful descriptions. 
•  Configure the interfaces of routers and hosts as per the Topology Diagram and the Address  Tables 1, 2 & 3. 
•  Configure Management/Native VLAN interfaces on all switches. 
•  Configure one host PC for each VLAN based on your addressing. 

Note: These PCs are not shown on the topology diagram provided. 

Apricot requires the following network verification that will be assessed in lab Demonstration:  

•  Verification of dynamic routing for IPv4. 
•  Verification of static routing for both IPv4 and IPv6. 
•  Verification of DHCP and NAT. 
•  Verification of network security and ACLs.  
•  Verifying access of all hosts to each other and the ISP’s loopback addresses. 

The Apricot P/L policies state that the group must develop and implement a verification strategy that will  verify the functionality of the network, and include this as part of the Case Study Report.