MOD002630 Networking Technologies

MOD002630 Networking Technologies

Assignment element 011: Case Study and Live Brief specificationTrimester 2, 2021/2Module leader: Dr Erika Sanchez-Velazquez

Table of Contents TOC o "1-3"

Introduction PAGEREF _Toc93570506 h 3

Background PAGEREF _Toc93570507 h 3

Topology and initial configuration PAGEREF _Toc93570508 h 4

Network Design (30%) PAGEREF _Toc93570509 h 9

Implement the network (35%) PAGEREF _Toc93570510 h 12

Testing the network (25%) PAGEREF _Toc93570511 h 12

Reports quality (10%) PAGEREF _Toc93570512 h 12

What to submit and where? PAGEREF _Toc93570513 h 13

IntroductionThis document describes all the information related to assessment element 011 of the Networking Technologies module. Make sure that you read the whole document and highlight elements that are not clear.

If you have questions about the case study, then please submit them via the Discussion Group 2021/22 Module Assessments, Support, and Your Questions found in Canvas. Queries made via email will not be answered.

BackgroundFor this assessment, we will incorporate a Live Brief, which means that a company has approached ARU with a case study for students to complete as part of the final assessment of the module. This should have been already explained to you during week 1.

Steven Kear, founder of Kear Technology Solutions has brought an exciting opportunity to design, implement and test an Internet of Things (IoT) solution and produce a proof of concept using Packet Tracer.

Together with the other protocols and mechanisms that you will learn through this module, the end product of this assessment element will consist of a:

network design (30%), including the live brief,

network implementation (35%), including IoT, and

test plan (25%).

To implement the protocols and mechanisms, including the IoT solution, you will be given the initial network topology and configuration to work with. The following sections of the document describe this topology as well as the final requirements of the assessment.

Topology and initial configurationBritish Land PLC is headquartered (HQ) in York House (West London) and have a new 100 Liverpool Street (East London) office. Figure 1 depicts the current topology of the companys network.

Figure 1. British Land PCLs network topology.

The network is structured as follows:

PUBLIC NETWORK: This network is outside British Lands management and should not be changed. It has an HTTPS server accessible through the https://google.com/ URL, a PC representing a teleworker (i.e. belongs to the company but works remotely), a PC representing an outsider to the company and, a DNS server that is used by devices belonging to the PUBLIC NETWORK. The ISP router belongs to the PUBLIC NETWORK and therefore should not be modified (assume that ISP has been configured properly).

DMZ: This is the demilitarized zone of British Land and contains all servers that are public to internal and external areas. This is under the management of the company and should be considered within your network design. It contains the companys web server (https://britishland.com/) and a DNS server that is used by users of York House (West London) Headquarters and the Liverpool Street (East London) office. The DMZ servers are known externally through their public IP addresses and internally through their private IP addresses, which means that static NAT has been configured in the York House router to perform this translation.

York House HQ: This is the internal network of the York House (West London) headquarters and is also under the management of the company. Right now, it only contains two PCs that, when connecting to an external device, use a public IP address that is translated via NAT by the York House router. Internally they use the private IP address.

Liverpool Street: This network has all devices of the Liverpool Street (East London) branch and also uses NAT when connecting to external devices but internally uses the internal IP addresses. This network is also under the management of British Land PLC.

The topology has already been created for you and it has been made available as a Packet Tracer file. Please note that the file was created with version 8.1.1.0022, which means the file wont open on later versions of Packet Tracer. If you are using a different version and the tutor cant open your file OR if you submit a file that has removed all restrictions set by the tutor in the original Packet Tracer file then you will receive 0 marks for the network implementation.

The following configurations have already been made for you:

Interfaces on most of the devices (except for the serial interfaces of the three routers)

Hostname and passwords (shown in Table 1)

SSH (username admin password br1t1sh4dm1np4ss)

NAT in York House and Liverpool Street routers. It is recommended not to modify anything of the existing NAT configuration on those routers unless consulted with the module tutor. Assume that NAT is working properly.

Static routing in ISP, assume that it has been configured correctly. The other devices have not been configured with any routing protocol.

Where? Password

Enable Br1t1shL3n4p4ss

Console Br1t1shLc0np4ss

Table 1. Passwords configured in the networking devices

Figure 1 and Table 2 show the IP addresses assigned to each device interface.

Device Interface Private IP address Default Gateway Public IP address Subnet mask (of internal network)

York House S0/0/0 -- -- 209.165.100.194 255.255.255.252

G0/1 10.0.0.1 -- -- 255.192.0.0

S0/1/0 10.128.0.1 -- -- 255.255.255.252

S0/1/1 10.128.0.5 255.255.255.252

ISP S0/0/0 -- -- 209.165.100.193 255.255.255.252

S0/0/1 -- -- 209.165.100.197 255.255.255.252

Liverpool Street S0/0/1 -- -- 209.165.100.198 255.255.255.252

G0/1 10.192.0.1 -- -- 255.192.0.0

RA S0/0/0 10.128.0.2 -- -- 255.255.255.252

G0/1 10.64.0.2 -- -- 255.192.0.0

RB S0/0/1 10.128.0.6 -- -- 255.255.255.252

G0/1 10.64.0.3 -- -- 255.192.0.0

DMZ-Switch VLAN 1 10.0.0.2 10.0.0.1 -- 255.192.0.0

S1 VLAN 1 10.64.0.4 10.64.0.1 -- 255.192.0.0

S2 VLAN 1 10.64.0.5 10.64.0.1 -- 255.192.0.0

S3 VLAN 1 10.64.0.6 10.64.0.1 -- 255.192.0.0

S4 VLAN 1 10.192.0.2 10.192.0.1 -- 255.192.0.0

PC1 Fa0 10.64.0.7 10.64.0.1 Dynamic NAT 255.192.0.0

PC2 Fa0 10.64.0.8 10.64.0.1 Dynamic NAT 255.192.0.0

PC3 Fa0 10.192.0.3 10.192.0.1 Dynamic NAT 255.192.0.0

PC4 Fa0 10.192.0.4 10.192.0.1 Dynamic NAT 255.192.0.0

PC5 Fa0 10.192.0.5 10.192.0.1 Dynamic NAT 255.192.0.0

britishland.com Fa0 10.0.0.3 10.0.0.1 209.165.200.3 255.192.0.0

Internal DNS Server Fa0 10.0.0.4 10.0.0.1 209.165.200.4 255.192.0.0

Table 2. British Land PLC IP address scheme

It is your responsibility to verify that the IP addresses indicated in the table are correct and correspond to the ones configured in the initial topology. Assume that the ones configured are the correct ones and modify the table if needed.

It is also your responsibility to verify connectivity. Right now, all devices don't have to have connectivity between them, but you should try to understand the current state of the connectivity between the devices. This is important because when ACLs are implemented you will not know if the traffic was stopped because of the security or because there was no communication from the beginning.

It is recommended, although not required at this stage of the assignment, to complete a table like the one shown in Table 3. You could use this table later for connectivity tests after all elements have been incorporated.From To Is communication successful? Comments

PC1

(York House) britishland.com Yes google.com Yes PC2 Yes

PC4 No Missing configurations in York House and Liverpool Street

britishland.com

(DMZ) PC1 google.com PC3 DNS PC3

(Liverpool Street) britishland.com google.com PC1 PC4 Teleworker

(PUBLIC NETWORK) britishland.com PC1 PC2 PC3 PC4 Table 3. Connectivity Tests before security

Other considerations:

You must not touch the PUBLIC NETWORK, this one is outside your admin rights. Assume ISP is working properly, and you can use the Teleworker and Outsider PCs for testing.

You must use the Admin laptop to configure the devices, dont add more laptops to configure other devices, use the same one or use SSH to connect remotely.

Finally, you must focus on the requirements of the company, not on the current design of the network.

Network Design (30%)As part of the consulting job, British Land PLC requires you to perform an analysis of their current network and come up with a design to implement the mechanisms needed to achieve secure connectivity. You will write a technical document that describes the networking elements that you would recommend the company to implement supporting your decision with references to best practices and/or industry recommendations. The CCNA curriculum or the slides of any other networking module from your course cannot be used as references but you can use white papers from Cisco or other similar documents.

Your design must consider the following points:

L2 and L3 redundancy in York House. Including STP, Etherchannel and HSRP. You must explain the design you want to implement and support it with best practices. You must indicate what would be the desired STP configuration, which switch should be the root, which other STP enhancements to include and so on. A similar approach must be used when proposing a design for Etherchannel and HSRP.

WLAN, you are required to add a wireless router (WRT300N) to the Liverpool Street Office to provide network access to wireless users. Your design and implementation must be secure and efficient. You must explain the design you want to implement and support it with best practices.

Internet of Things, implement an example on how IoT can be integrated in Packet Tracer. The devices must be connected to a server, located in the DMZ and should be accessible to all users within the company network.

Dynamic routing protocol and tunnel, for this you will need to consider that administrators want York House and Liverpool Street to see each other as within the same network connected through the GRE tunnel. You must explain the design you want to implement and support it with best practices.

WAN connectivity to ISP as indicated in the initial topology. ISP has already been configured and it is requesting PAP authentication within a PPP link. Table 4 indicates the passwords that need to be used for PAP link authentication.

From To Username Password

York House ISP YorkHousePPPs3cr3tY0rkH0us3

Liverpool Street ISP LivStreetPPPs3cr3tL1vStr33t

ISP York House and Liverpool Street ISP PPPs3cr3tISP

Table 4. Passwords to use for PAP link authentication

In your analysis and design, you must try to convince the company to move to CHAP authentication. For this, you must indicate the advantages of CHAP over PAP supporting it with valid references. You must then implement WAN protocols as follows:

Serial links between York House and ISP and Liverpool Street and ISP must implement PAP using the passwords indicated in Table 4.

Serial links between York House and RA and York House and RB, CHAP authentication. Part of your task is to define the design for this implementation.

Finally, you must design appropriate ACLs that restrict connection to the companys network according to best practices. For that you must consider the following restrictions:

By inside the network, we refer to the York House area.

By DMZ we refer to the DMZ area.

By outside network, we refer to everything that is not part of the inside nor the DMZ.

Traffic from theinsidenetwork going to theoutside should beallowed.

Traffic from theinsideto theDMZshould beallowedonly for the services that are available in the DMZ.

Traffic from theoutsideto theDMZshould beallowedonly for the services that are available in the DMZ.

Traffic from theoutsideto theinsidenetwork should bedenied. Remember theestablishedoption and how it should help to allow the traffic that is initiated from theinside.

Traffic from theDMZto theoutsideshould beallowedonly for the services available in the DMZ.

Traffic from theDMZto theinsideshould bedenied.

The final design must be thorough and can include the addition of new elements to the networks that belong to the company. If your network design is incomplete, then this will also affect your final configuration.

The requirement analysis report MUST NOT include configuration, for each of the bullet points described above you must explain the design you want to implement and support your decisions with best practices or experts opinions.

Implement the network (35%)Once you are happy with the network mechanisms to implement you must configure them as described in the network design. For the configuration, you must use the initial topology provided to you via Canvas (011_MOD002630_2021-2_Case_Study.pka). The implementation must follow the design specified in the Network Requirements Design.

Testing the network (25%)Finally, you must provide a test plan of the mechanisms implemented. Your test plan should not include screenshots and it should just indicate the test that needs to be done (complete command to use) and the expected result. You MUST use the same test plan format used for Network Routing and Switching Essentials. Please note that show run must NOT be used as a command to verify a protocol and you must demonstrate that the protocol is working and not just that it has been configured. This means that show commands are not the way to test that a protocol is working therefore, show commands will need to be complemented with other tests.

Your test should also include the final connectivity tests.

Reports quality (10%)Please note that the quality of your report will also have a 10% weight of the final mark for this assessment element. In this criteria, we will be looking at the language used (it must be proper academic language), the structure of the document, grammar, and spelling, correct use of the Harvard Referencing style, etc. For support on this please refer to the Academic Writing Step by Step guide provided by Study Skills Plus.

To understand how your final mark will be calculated as well as the weight of each of the elements described here please refer to the Marking Scheme of the case study available in Canvas (MOD002630_011_2021-2_Marking_Scheme.xlsx).

What to submit and where?Before submitting make sure you have all the following and that you are submitting through the Canvas submission page:

Final Design Report -> The name of the file must be your SID number in 7 digits, i.e. 1234567.docx or 1234567.pdf containing the following:

A cover page that includes your SID number (NOT YOUR NAME), and the module code. This is not the cover page that is available in e-Vision.

The network design.

The test plan.

Final connectivity tests.

Final Implementation -> Final Packet Tracer file with your solution. The name of the PT file must be your SID number in 7 digits, i.e. 1234567.pka.

Both the report and the Packet Tracer file must be submitted via the Canvas submission page as separate files which MUST NOT BE ZIPPED. If you zip the files you will be awarded 0 marks for this assessment element.

The submission of everything related to the case study must be done by the dates indicated in e-Vision.

Additional Assessment Task Detail and Instructions:

Please note that you are going to work on the same case study as your first attempt with some minor changes.You can reuse the report submitted for your first attempt however, you must address the feedback provided.You must also use the latest Packet Tracer file containing the initial topology.To demonstrate their full understanding of the protocols and mechanisms reviewed in class, students will be required to complete a case study in which they will design and implement a solution that incorporates all of the elements reviewed in class. This also includes a "live brief" component as requested by Kear Technology Solutions.

All the information relevant to the case study and "live brief" is detailed in the following document:MOD002630_011_2021-2_Case_Study-RESIT.docxActionsThe initial topology, as described in the document, has been created in the following Packet Tracer file:MOD002630_011_2021-2_Case_Study.pkaDownload MOD002630_011_2021-2_Case_Study.pka(Please note that this file was created with the latest version of Packet Tracer (8.1.1.0022), which is now available in the Virtual Desktop) or you can use this installer:CiscoPacketTracer_811_Windows_64bit.exeDownload CiscoPacketTracer_811_Windows_64bit.exe

Please note that if your tutor can't open the file OR if you submit a file that has removed all the restrictions set by the tutor then you will be awarded 0 (zero) marks.

Guidance Resources:

The teaching material reviewed every week, including labs, should help you to complete this assessment, therefore, it is important that you complete every activity. You can complement your learning by accessing the Cisco curricula. This module follows two Cisco Netacad courses:

Switching, Routing and Wireless Essentials - you were given access to it as part of the Network Routing and Switching Essentials module

Enterprise Networking, Security, and Automation - you should have access now as part of this module

They should appear on your Cisco Netacad account via this URL:https://cisco.netacad.com(Links to an external site.)

Feedback from your first attempt must be useful.