Embed Size (px)
Citation preview
Network Design Prototype DocumentAnyCompany
Nathan ReedGLENDALE IT SERVICES
ContentsExecutive Summary...............................................................................................................................2
Introduction...........................................................................................................................................3
Background........................................................................................................................................3
Purpose.............................................................................................................................................3
Description........................................................................................................................................3
Objectives..............................................................................................................................................3
Requirements........................................................................................................................................3
Scope.....................................................................................................................................................4
Equipment.............................................................................................................................................4
IP Addressing.........................................................................................................................................5
Logical Internetwork Topology Diagram................................................................................................6
Prioritised Task List................................................................................................................................7
Switches.............................................................................................................................................7
Routers..............................................................................................................................................7
Test Cases..............................................................................................................................................8
Switches.............................................................................................................................................8
Routers............................................................................................................................................10
Executive Summary
Glendale IT Services has been asked by AnyCompany Corporation to prototype a network that will connect all AnyCompany Corporation offices and provide internet access. The prototype network will consist of three routers, five switches and internet access from the ISP via Sydney.
IP Addresses will be received from Sydney and NAT will be used to provide network privacy and security from the internet. Networks will be shared throughout the whole network via OSPF and switches will have MAC address violations security on their ports.
Computers inside the AnyCompany network and the internet will be able to access the File and Web servers. Departments will be kept separate through the use of VLANs, departments will still be able to access shared resources. Remote IT management can be conducted through the Management VLAN.
Introduction
BackgroundAnyCompany Corporation is expanding to multimedia marketing ahead of schedule and requires adequate networking to be able to support an office in Newcastle, Sydney and Wollongong.
PurposeThe purpose of this project is to determine the feasibility of implementing the proposed networking solution provided by Glendale IT Services. The network will provide the ability to communicate between offices and access file and web servers in Sydney as well as Internet access via the Sydney router.
DescriptionAnyCompany Corporation is shortly going to acquire a business with offices in Sydney and Wollongong. AnyCompany will use these extra offices to expand their business and will require an internal network and an Internet connection via Sydney to communicate within the business and with the internet. The Wollongong and Newcastle offices will each have 2 switches and a router, the Sydney office will have a web server, a file server and a router connecting all 3 offices together as well as the connection to the internet.
ObjectivesThe objective of this project is to create a suitable network design prototype to demonstrate the feasibility of creating a secure network between all AnyCompany Corporation offices, servers and computers.
RequirementsTo create a network prototype that will connect AnyCompany Corporation’s Newcastle, Sydney and Wollongong offices together as well as provide internet access via Sydney.
The network will require the following in order to function to specifications:
3 VLANs at Newcastle and Wollongong and 1 Management VLAN on all devices 3 Data VLANs for network traffic flow InterVLAN routing for communication between offices Minimum 2 switches at Newcastle and Wollongong to accommodate for physical location of
employees inside offices Private IP Addressing Scheme for all internal links and 209.165.200.225/29 for WAN link Restricted violation state port security on all switches Trunking between all switches DHCP on SR1 for all internal networks
OSPF for internal network discovery NAT to protect the internal addresses of the network from the Internet
ScopeThe following will be included in this project but is not limited to:
Equipment cost and sourcing Serial link connections from Newcastle to Sydney and Sydney to Wollongong Internet access via the Sydney router DHCP for users and static IP addresses for vital networking machines i.e. routers and servers
The following will not be included in this report:
Router Firewalls Purchasing of PCs and servers WAN links beyond 209.165.200.226 in Sydney
Equipment
Equipment Name
Source Qty Cost (AUD)
CISCO Catalyst 2960 Switch
https://www.mwave.com.au/product/cisco-catalyst-2960x-series-24-port-gigabit-ethernet-4x-gigabit-sfp-switch-ab59633
5 $1755 ea$8775 total
CISCO 1941 Router
https://www.mwave.com.au/product/cisco-1941-integrated-services-router-wireless-router-aa96546#detailTabs=tabShipping
3 $2272 ea$6816 total
CISCO HWIC-2T Module
https://www.mwave.com.au/product/cisco-hwic2t-2port-serial-wan-interface-card-ab80302
3 $808 ea$2424 total
CISCO HWIC-1ADSL Module
http://www.ao3.com.au/product.asp?ManufPartNo=HWIC-1ADSL 1 $591 ea$591 total
Total: $18606
IP Addressing
Device Name Interface IP Address Subnet Mask MethodSR1 s0/0/0 10.0.1.1 255.255.255.252 Static
s0/0/1 10.0.2.1 255.255.255.252 Staticg0/0 209.165.200.225 255.255.255.248 Staticg0/1 10.0.5.1 255.255.255.0 Static
NR1 s0/0/0 10.0.1.2 255.255.255.252 Staticg0/1.10 10.0.10.1 255.255.255.0 Staticg0/1.20 10.0.20.1 255.255.255.0 Staticg0/1.99 10.0.99.1 255.255.255.0 Static
WR1 s0/0/1 10.0.2.2 255.255.255.252 Staticg0/1.10 10.0.101.1 255.255.255.0 Staticg0/1.20 10.0.201.1 255.255.255.0 Staticg0/1.99 10.0.199.1 255.255.255.0 Static
NS1 int vlan 99 10.0.99.2 255.255.255.0 StaticNS2 int vlan 99 10.0.99.3 255.255.255.0 StaticWS1 int vlan 99 10.0.199.2 255.255.255.0 StaticWS2 int vlan 99 10.0.199.3 255.255.255.0 StaticFile Server f0/0 10.0.5.2 255.255.255.0 StaticWeb Server f0/0 10.0.5.3 255.255.255.0 StaticNew_Ad_1-5 f0/0 10.0.10.2-6 255.255.255.0 DHCPWoll_Ad_1-2 f0/0 10.0.101.2-3 255.255.255.0 DHCPNew_Fi_1-15 f0/0 10.0.20.2-16 255.255.255.0 DHCPWoll_Fi_1-5 f0/0 10.0.201.2-6 255.255.255.0 DHCP
Logical Internetwork Topology Diagram
Prioritised Task List
SwitchesTask SS1 NS 1 NS 2 WS1 WS2HostnamePasswords – EXEC, Priv, TelnetNo DNS LookupShutdown all unused portsPort Security – MAC Address LimitsVLANs – 10, 20, 99 and int VLAN 99IP Addressing – int VLAN 99Trunking – Switch to switch, switch to router
RoutersTask SR1 NR1 WR1HostnamePasswords – EXEC, Priv, TelnetNo DNS LookupIP AddressingNo shutdown ports in useOSPF – Router –ID, network statementsDefault RouteSub-interfaces – f0/1.10, 1.20, 1.99Inter-VLAN RoutingDHCP – 5, 10, 20, 99, 101, 201 and 199 networksNAT - Overload
Test Cases
SwitchesReason Description Command/Action Expected
OutcomeActual Outcome
Pre-configuration
Erase startup-config
erase startup-config
Switch will ask for confirmation and then return to default state
Pre-configuration
Erase vlan.dat delete flash:vlan.dat
Switch will delete vlan.dat
To disable DNS resolution
Disable DNS lookup after incorrect command entered
Enter a non-command word e.g. box
Switch will not begins DNS lookup
To confirm hostname configuration
Verify hostname Check switch name at beginning of a line
Hostname will be [CITY] Switche.g. New Router 1
To confirm passwords
Verification of passwords
Enter PRIV and EXEC passwords when prompted
Correct passwords authenticate
To confirm passwords
Verification of console password
Enter Console password when prompted
Correct password authenticates
To confirm passwords
Verification of telnet password
Enter Telnet password when accessing switch via Telnet
Correct password authenticates
Confirm vlan database
Check for successful vlan database creation
Show vlan Vlan database has entries
Confirm default gateway
Verify correct gateway
Show running-config
Default gateway points towards Sydney router
Port security Unused ports are shutdown
Show running-config
Unused ports have the ‘shutdown’ status
Confirm trunk functionality
Communicate with devices across a trunk
Ping directly connected switch or router
5 successful replies
Confirm port security
Testing MAC limit violations
Connect a new device into a port with port security enabled
Port shutdown due to MAC address violation
Connectivity Ping default Ping default 5 successful
gateway gateway (e.g. 10.0.99.1, 10.0.199.1)
replies
Connectivity Ping New_Ad_1 Ping 10.0.10.2 5 successful replies
Connectivity Ping New_Fi_1 Ping 10.0.20.2 5 successful replies
Connectivity Ping Woll_Ad_1 Ping 10.0.101.2 5 successful replies
Connectivity Ping Woll_Fi_1 Ping 10.0.201.2 5 successful replies
Connectivity Ping File Server Ping 10.0.5.2 5 successful replies
Connectivity Ping ISP Router Ping 209.165.200.226
5 successfully replies
RoutersReason Description Command/Action Expected
OutcomeActual Outcome
Pre-configuration
Erase startup-config
erase startup-config
Router will ask for confirmation and then return to default state
Pre-configuration
Reboot Routers reload Router will restart
To disable DNS resolution
Disable DNS lookup after incorrect command entered
Enter a non-command word e.g. box
Router will not begins DNS lookup
To confirm hostname configuration
Verify hostname Check router name at beginning of a line
Hostname will be [CITY] Routere.g. Sydney Router
To confirm passwords
Verification of passwords
Enter PRIV and EXEC passwords when prompted
Correct passwords authenticate
To confirm passwords
Verification of console password
Enter Console password when prompted
Correct password authenticates
To confirm passwords
Verification of telnet password
Enter Telnet password when accessing router via Telnet
Correct password authenticates
Confirm MOTD Verify correct MOTD
show running-config
motd displayed in running-config
Default Route Verify default route on R1 & R3
show running-config
ip route points to Sydney router
OSPF functionality
Verify functioning OSPF
Show ip route ospf
OSPF entries discovered and displayed
Verify OSPF Check network statements and Router-id
Show running-config
Network statements and Router-ID displayed and correct
DHCP functionality
Verify DHCP configuration
show running-config
Excluded address range, default gateway, network and pool name are displayed
NAT functionality
Verify NAT configuration
Show ip nat statistics
NAT translations taking place and displayed
Connectivity Ping connected switch
Ping (10.0.99.1 for New,
5 successful replies
10.0.199.1 for Woll)
Connectivity Ping New_Ad_1 Ping 10.0.10.2 5 successful replies
Connectivity Ping New_Fi_1 Ping 10.0.20.2 5 successful replies
Connectivity Ping Woll_Ad_1 Ping 10.0.101.2 5 successful replies
Connectivity Ping Woll_Fi_1 Ping 10.0.201.2 5 successful replies
Connectivity Ping File Server Ping 10.0.5.2 5 successful replies
Connectivity Ping ISP Router Ping 209.165.200.226
5 successfully replies
