Advanced Network Configuration and Troubleshooting NETW3001

Comprehensive Network Configuration and Troubleshooting Assignment

Task 1: Basic Configuration and Topology Design

1. a) The logical topology consists of two routers (ISP and Gateway), two switches (S1 and S2), and end devices including PCs. Serial module cards, such as WIC-2T, are inserted into each router to enable WAN connections between them.
2. b) On each router, console and VTY access lines are secured using the password 'cisco'. This ensures basic line-level security for administrative access.
3. c) A Privileged EXEC password is configured on each router using 'enable secret class' to restrict access to critical configurations.
4. d) On each switch, similar console and VTY passwords are configured using 'cisco' to standardize device security.
5. e) The Privileged EXEC password is also set to 'class' on all switches to maintain uniform security policies.
6. f) Each router is assigned a unique hostname such as 'ISP' and 'Gateway' to improve network manageability and clarity in configurations.
7. g) Each switch is also assigned a unique hostname like 'S1' and 'S2'.
8. h) DNS lookup is disabled on all routers and switches using the 'no ip domain-lookup' command to avoid unnecessary delays during mistyped commands.
9. i) A banner message of the day (MOTD) is configured using 'banner motd' with the text 'Unauthorised Access Prohibited!' for legal and operational warnings.
10. j) The ISP router is configured with IP addresses on its interfaces and each interface is activated using the 'no shutdown' command.
11. k) Similarly, the Gateway router is configured with its appropriate IP addresses and interfaces are activated.
12. l) IP addresses are assigned to the end devices (PC10PC21) using static IPs corresponding to their VLANs and default gateways.

Task 2: VLAN Configuration

ab) VLANs such as VLAN 10, 20, and 100 are created on switches S1 and S2 using the 'vlan' command. VLANs segment the network for improved security and traffic management.

cd) The switch virtual interfaces (SVIs) on both switches are assigned IP addresses to allow Layer 3 communication and remote access.

ef) Trunk ports are configured on the switch ports connecting S1 to S2 and to the router, enabling VLAN tagging and inter-switch communication.

gh) Access ports are placed into the appropriate VLANs to associate end-user devices with the correct network segments.

Task 3: Static Routing

2. a) A recursive static route to 2.3.2.3/32 is created on the Gateway router pointing to the next hop IP address (e.g., the ISP routers interface).
3. b) A directly connected default route is created on the ISP router using the 'ip route' command with the exit interface defined as 's0/0/0'. This provides default routing for unknown destinations.

Task 4: Network Connectivity Testing

1. a) Connectivity between PCs in VLAN 10 and VLAN 20 is tested using the 'ping' command. A screenshot should confirm successful communication.
2. b) Loopback address 2.3.2.3 is configured on the ISP router and tested for reachability from VLAN 10 and VLAN 20 PCs.
3. c) Telnet connectivity to the Gateway router is validated by initiating a Telnet session from any PC and ensuring login with the configured credentials.
4. d) VLAN 100 is confirmed as the trunk VLAN on S1 using the 'show interfaces trunk' command.
5. e) On S2, port-to-VLAN assignments are verified using the 'show vlan brief' command.
6. f) The final Packet Tracer (.pkt) file containing the complete simulation should be uploaded as proof of implementation.

Task 5: Router Troubleshooting

Routers are checked using diagnostic commands like 'show ip interface brief', 'show ip route', and 'ping'. Issues such as incorrect IPs, down interfaces, or routing misconfigurations are addressed.

Administrators can also use 'debug ip routing' or 'traceroute' to trace packet paths and identify bottlenecks.

Task 6: Switch Troubleshooting

Switches are debugged using 'show vlan', 'show interfaces status', and 'show interfaces trunk' commands to verify VLAN membership and trunk configurations.

Port security, misassigned VLANs, or administrative shutdowns are typical causes of VLAN communication issues.

Task 7: Saving Configuration to NVRAM

1. a) The configuration is saved using the 'write memory' or 'copy running-config startup-config' command.
2. b) The saved configuration is verified using 'show startup-config' to ensure it matches the running configuration.

Task 8: IOS Image Upgrade via TFTP

The IOS upgrade is performed by copying the new image from a TFTP server to the switch flash memory. Example:

copy tftp: flash:
Address of TFTP server: 192.168.1.100
Source filename: new_ios.bin
Destination filename: new_ios.bin

Once the file is copied, the boot variable is set using 'boot system flash:new_ios.bin'. The configuration is saved and the switch is reloaded.