32524 LANs and Routing Case Study Assignment

Scenario

Apricot Pty Ltdis a medium sized company that has grown quickly since its formation 10 years ago. Its main businesses concerns are Engineering, Telecommunication and Banking. The Apricot P/L has embarked on a project to redesign the companys network infrastructure and has therefore moved into larger HO area, with additional support at its Branch Office.

The completed Apricot P/L infrastructure will be undertaken in stages progressively building each stage on the previous structure until completed. The full structure will network will emerge as each stage is completed.

The network that Apricot P/L is implementing should support 100% growth over the next five years. A partial logical Topology Diagram has been provided (see Fig. 1). The task is to design, implement and fully document the networks at the two sites. In addition to a formal report, Apricot P/L requires a working prototype of the network built before final implementation, to verify that all Apricot P/L requirements are met.

Apricot Pty Ltd will implement DHCP services for all employee LANs on Branch Router. For all LANs receiving addresses via DHCP, the first 5 addresses are reserved for static implementation, such as default gateways.

NAT for IPv4 will be implemented by Apricot P/L on HO Router for all traffic leaving the companys network.

Objectives

• Design an aggregated addressing scheme for both IPv4 and IPv6 addresses to allow summarization on each router. For IPv4 VLSM is to be used for all networks, whilst for IPv6 all networks need a /64 mask.
• Internal routing for IPv4 will use the RIP routing protocol.
• Internal routing for IPv6 will be implemented using static, default static and summary static routing as appropriate.
• Routing between the companys network and the Internet (via ISP) will be using static and default static routing.
• Configure switching networks for management using VLANs and 802.1q trunking,?Design and implement Dynamic Host Configuration Protocol (DHCP) for IPv4 for all end hosts. IPv6 addresses for end hosts will use SLAAC.
• Design and implement Network Address Translation (NAT) for IPv4.
• Design and implement standard Access Control Lists (ACLs) and restrict SSH access and for NAT Implementation.
• Use the resources provided to cable, configure and verify the dual-stack network. A model should be built using Packet Tracer.
• Verify the functionality and troubleshoot the network when necessary.
• Produce and submit detailed professional written documentation in appropriate format.

Requirements in Tasks

In order to help your group organise this Case Study, the scenario has been broken intosix tasksand detailed requirements are listed for each task. The final written report should be prepared progressively as each design feature is implemented. The whole network will be built and demonstrated on real equipment (routers and switches) to demonstrate full functionality when all tasks are completed.

Task One: Addressing the Network

The Apricot P/Ls ISP has allocated200.20.1.0/30for the IPv4 address and2001:200:20:1::/64for IPv6 to address the link to the ISP. The companys internal network will use192.168.32.0/20for IPv4 addressing and2001:ACAD:FEE::/60for IPv6 addressing.

TheHOsite is the main company location and provides Apricot with its Internet connection. Host requirements at that site are:

• 10 Hosts for Executive
• 350 Hosts for Sales
• 40 Hosts for Accounts
• 25 Hosts for HR

Management Addresses should also be allocated as required here. The switch used at this site should have sufficient ports for current requirements and for expected growth.

Note: As we will be using a 24 port switch to represent links to all hosts. Therefore allocation of the access ports should be proportional to the actual requirements. For the demonstration only one switch will be used here.

TheBranchsite is designed to expand the business into a new area. This site will be used for DHCP services with all Internet connections will be forwarded to HO. Host requirements at this site are:2 Hosts for Executive,

• 75 Hosts for Sales
• 8 Hosts for Accounts
• 6 Hosts for HR

Management Addresses should also be allocated as required here. The switch/es used here should have sufficient ports for current requirements and for expected growth.

The company requires:

• Aggregation of the address space for both IPv4 and IPv6 is required so that summarization can occur.
• The use ofhierarchical VLSMdesign is required at each site to maximise the use of IPv4 addresses and CIDR.
• All IPv6 Addressed networks will have a mask of /64.
• There is a100% growthof the current IP requirements for all hosts unless otherwise stated, when sizing the subnets.
• All networking devices must have IP addressesand the PC hostsgateways will use the first available usable address in each subnet.
• TheManagement/Native VLANfor the switching network should have sufficient address space for current requirements. This address space should not increase regardless of any growth.
• When addressing the routers interfaces (both WAN & LAN) and switch management VLAN interfaces,the first available usable address/es should be nearest to the ISP.
• Thenetwork administrator has the last usable address on the Executive VLAN at HO.

At this stage, Apricot P/L agrees that it is enough to assign all hosts with an IP address statically. However, DHCP for IPv4 must be added at a later stage and used for the final network demonstration.

Task Two: Routing the Network

The Apricot P/L policy is that RIP Routing will be used internally for the IPv4 network between HO and Branch. Check that all networks appear in the routing tables on both HO and Branch routers.

All IPv6 routing will use static, default or summary routing. It is your groups responsibility to design your implementation of this routing requirement in the most efficient manner.

The routing to and from ISP will be using default and static routing for both IPv4 and IPv6. When correctly implemented all hosts within the Apricot network should be able to successfully ping the loopback address on ISP.

NAT at HO will be implemented at a later stage.

Task Three: Switching Network

Due to the size and complexity of LANs, the company wants to use VLAN technologies to control broadcasts, enhance security and logically organise user groups at both HO and Branch sites.

HO and Branch sites switching networks:

Switch access ports allocated to each VLAN should be proportional to the VLANs users at each site.?VLAN 521 should be assigned as the Management and VLAN 133 as the Native VLAN.?VLAN 721 should be used for all unused ports, which should be shutdown.

• There will be one switch at the HO site and two switches at Branch site for the demonstration. You are required to investigate the best possible switch arrangement that should be possible at both sites considering the number of hosts required.
• Port security is required on all access ports, with a maximum of one MAC Address per port. Any violation should shut down the port.
• The default VLAN 1 is not allowed onto

Task Four: Network Security

TheApricot P/Lalso wishes to enforce certain security policies in order to filter network traffic.

At the current stage, the followingpolicyis to be implemented:

1. Access toallinternal routers and switches must only occur using SSH using the usernameCaseStudywith passwordcisco1.
2. Only IPv4 Internal Hosts from VLANs 5, 10, 20 & 30 are permitted to be NATTed beyond the HO Router.

Task Five: NAT & DHCP

NAT

Apricot P/L has been allocated with a small block of public IPv4 addresses200.20.2.0/29.Use this public IPv4 address range, overloaded for addressing the internal network for Internet connectivity. Assign the Network Administrator a static NAT address from the available NAT pool of addresses.

DHCP

Users from the internal network shall be allocated with IP addresses dynamically whenever it is feasible except for some special devices to which IP addresses will be assigned statically. Users on the Executive LAN at each site should have their addresses statically assigned.

The Branch site router will performDHCP for IPv4and has the followingrequirements:

• All hosts will dynamically receive their IP addresses from the DHCP server, located on theBranch router.
• The first 5 hosts addresses of each DHCP pool will be reserved and not used for end host addressing.
• The Management VLANs will be statically assigned addresses.
• No DHCP Addressing is required for IPv6 addresses. All end hosts should receive their IPv6 address using SLAAC.

Task Six: Verifying Network Functionality

Apricot P/L now requires a demonstration of the completed network using the routers and switches provided.

The demonstration requires basic device configuration on all routers and switches according to the following guidelines:

• Ahost nameas per the partial Topology Diagram.
• Domain Name Server(DNS) lookupto be disabled
• Password for console connections asciscoand all virtual terminal lines with usernameCaseStudyand passwordcisco1.
• Encrypt the enable privileged EXEC mode using passwordclass.
• Privileged EXEC mode for the console and virtual terminal lines should be configured to time out after 10 minutes of no user input.
• Enablelogging synchronousfor console connections and all virtual terminal lines.?Configure a Message of the Day banner warning against un-authorised access.
• To assist in documentation and troubleshooting all active interfaces, including loopback interfaces, must havemeaningfuldescriptions.
• Configure the interfaces of routers and hosts as per the Topology Diagram and the Address Tables 1, 2 & 3.
• Configure Management/Native VLAN interfaces on all switches.
• Configure one host PC for each VLAN based on your addressing.

Note: These PCs are not shown on the topology diagram provided.

Apricot requires the following network verification that will be assessed in lab Demonstration:

• Verification of dynamic routing for IPv4.
• Verification of static routing for both IPv4 and IPv6.
• Verification of DHCP and NAT.
• Verification of network security and ACLs.
• Verifying access of all hosts to each other and the ISPs loopback addresses.

The Apricot P/L policies state that the group must develop and implement a verification strategy that will verify the functionality of the network, and include this as part of the Case Study Report.