15
Network Design Prototype Document AnyCompany Nathan Reed GLENDALE IT SERVICES

C4 CISCO Project

Embed Size (px)

Citation preview

Page 1: C4 CISCO Project

Network Design Prototype DocumentAnyCompany

Nathan ReedGLENDALE IT SERVICES

Page 2: C4 CISCO Project

ContentsExecutive Summary...............................................................................................................................2

Introduction...........................................................................................................................................3

Background........................................................................................................................................3

Purpose.............................................................................................................................................3

Description........................................................................................................................................3

Objectives..............................................................................................................................................3

Requirements........................................................................................................................................3

Scope.....................................................................................................................................................4

Equipment.............................................................................................................................................4

IP Addressing.........................................................................................................................................5

Logical Internetwork Topology Diagram................................................................................................6

Prioritised Task List................................................................................................................................7

Switches.............................................................................................................................................7

Routers..............................................................................................................................................7

Test Cases..............................................................................................................................................8

Switches.............................................................................................................................................8

Routers............................................................................................................................................10

Page 3: C4 CISCO Project

Executive Summary

Glendale IT Services has been asked by AnyCompany Corporation to prototype a network that will connect all AnyCompany Corporation offices and provide internet access. The prototype network will consist of three routers, five switches and internet access from the ISP via Sydney.

IP Addresses will be received from Sydney and NAT will be used to provide network privacy and security from the internet. Networks will be shared throughout the whole network via OSPF and switches will have MAC address violations security on their ports.

Computers inside the AnyCompany network and the internet will be able to access the File and Web servers. Departments will be kept separate through the use of VLANs, departments will still be able to access shared resources. Remote IT management can be conducted through the Management VLAN.

Page 4: C4 CISCO Project

Introduction

BackgroundAnyCompany Corporation is expanding to multimedia marketing ahead of schedule and requires adequate networking to be able to support an office in Newcastle, Sydney and Wollongong.

PurposeThe purpose of this project is to determine the feasibility of implementing the proposed networking solution provided by Glendale IT Services. The network will provide the ability to communicate between offices and access file and web servers in Sydney as well as Internet access via the Sydney router.

DescriptionAnyCompany Corporation is shortly going to acquire a business with offices in Sydney and Wollongong. AnyCompany will use these extra offices to expand their business and will require an internal network and an Internet connection via Sydney to communicate within the business and with the internet. The Wollongong and Newcastle offices will each have 2 switches and a router, the Sydney office will have a web server, a file server and a router connecting all 3 offices together as well as the connection to the internet.

ObjectivesThe objective of this project is to create a suitable network design prototype to demonstrate the feasibility of creating a secure network between all AnyCompany Corporation offices, servers and computers.

RequirementsTo create a network prototype that will connect AnyCompany Corporation’s Newcastle, Sydney and Wollongong offices together as well as provide internet access via Sydney.

The network will require the following in order to function to specifications:

3 VLANs at Newcastle and Wollongong and 1 Management VLAN on all devices 3 Data VLANs for network traffic flow InterVLAN routing for communication between offices Minimum 2 switches at Newcastle and Wollongong to accommodate for physical location of

employees inside offices Private IP Addressing Scheme for all internal links and 209.165.200.225/29 for WAN link Restricted violation state port security on all switches Trunking between all switches DHCP on SR1 for all internal networks

Page 5: C4 CISCO Project

OSPF for internal network discovery NAT to protect the internal addresses of the network from the Internet

ScopeThe following will be included in this project but is not limited to:

Equipment cost and sourcing Serial link connections from Newcastle to Sydney and Sydney to Wollongong Internet access via the Sydney router DHCP for users and static IP addresses for vital networking machines i.e. routers and servers

The following will not be included in this report:

Router Firewalls Purchasing of PCs and servers WAN links beyond 209.165.200.226 in Sydney

Equipment

Equipment Name

Source Qty Cost (AUD)

CISCO Catalyst 2960 Switch

https://www.mwave.com.au/product/cisco-catalyst-2960x-series-24-port-gigabit-ethernet-4x-gigabit-sfp-switch-ab59633

5 $1755 ea$8775 total

CISCO 1941 Router

https://www.mwave.com.au/product/cisco-1941-integrated-services-router-wireless-router-aa96546#detailTabs=tabShipping

3 $2272 ea$6816 total

CISCO HWIC-2T Module

https://www.mwave.com.au/product/cisco-hwic2t-2port-serial-wan-interface-card-ab80302

3 $808 ea$2424 total

CISCO HWIC-1ADSL Module

http://www.ao3.com.au/product.asp?ManufPartNo=HWIC-1ADSL 1 $591 ea$591 total

Total: $18606

Page 6: C4 CISCO Project

IP Addressing

Device Name Interface IP Address Subnet Mask MethodSR1 s0/0/0 10.0.1.1 255.255.255.252 Static

s0/0/1 10.0.2.1 255.255.255.252 Staticg0/0 209.165.200.225 255.255.255.248 Staticg0/1 10.0.5.1 255.255.255.0 Static

NR1 s0/0/0 10.0.1.2 255.255.255.252 Staticg0/1.10 10.0.10.1 255.255.255.0 Staticg0/1.20 10.0.20.1 255.255.255.0 Staticg0/1.99 10.0.99.1 255.255.255.0 Static

WR1 s0/0/1 10.0.2.2 255.255.255.252 Staticg0/1.10 10.0.101.1 255.255.255.0 Staticg0/1.20 10.0.201.1 255.255.255.0 Staticg0/1.99 10.0.199.1 255.255.255.0 Static

NS1 int vlan 99 10.0.99.2 255.255.255.0 StaticNS2 int vlan 99 10.0.99.3 255.255.255.0 StaticWS1 int vlan 99 10.0.199.2 255.255.255.0 StaticWS2 int vlan 99 10.0.199.3 255.255.255.0 StaticFile Server f0/0 10.0.5.2 255.255.255.0 StaticWeb Server f0/0 10.0.5.3 255.255.255.0 StaticNew_Ad_1-5 f0/0 10.0.10.2-6 255.255.255.0 DHCPWoll_Ad_1-2 f0/0 10.0.101.2-3 255.255.255.0 DHCPNew_Fi_1-15 f0/0 10.0.20.2-16 255.255.255.0 DHCPWoll_Fi_1-5 f0/0 10.0.201.2-6 255.255.255.0 DHCP

Page 7: C4 CISCO Project

Logical Internetwork Topology Diagram

Page 8: C4 CISCO Project

Prioritised Task List

SwitchesTask SS1 NS 1 NS 2 WS1 WS2HostnamePasswords – EXEC, Priv, TelnetNo DNS LookupShutdown all unused portsPort Security – MAC Address LimitsVLANs – 10, 20, 99 and int VLAN 99IP Addressing – int VLAN 99Trunking – Switch to switch, switch to router

RoutersTask SR1 NR1 WR1HostnamePasswords – EXEC, Priv, TelnetNo DNS LookupIP AddressingNo shutdown ports in useOSPF – Router –ID, network statementsDefault RouteSub-interfaces – f0/1.10, 1.20, 1.99Inter-VLAN RoutingDHCP – 5, 10, 20, 99, 101, 201 and 199 networksNAT - Overload

Page 9: C4 CISCO Project

Test Cases

SwitchesReason Description Command/Action Expected

OutcomeActual Outcome

Pre-configuration

Erase startup-config

erase startup-config

Switch will ask for confirmation and then return to default state

Pre-configuration

Erase vlan.dat delete flash:vlan.dat

Switch will delete vlan.dat

To disable DNS resolution

Disable DNS lookup after incorrect command entered

Enter a non-command word e.g. box

Switch will not begins DNS lookup

To confirm hostname configuration

Verify hostname Check switch name at beginning of a line

Hostname will be [CITY] Switche.g. New Router 1

To confirm passwords

Verification of passwords

Enter PRIV and EXEC passwords when prompted

Correct passwords authenticate

To confirm passwords

Verification of console password

Enter Console password when prompted

Correct password authenticates

To confirm passwords

Verification of telnet password

Enter Telnet password when accessing switch via Telnet

Correct password authenticates

Confirm vlan database

Check for successful vlan database creation

Show vlan Vlan database has entries

Confirm default gateway

Verify correct gateway

Show running-config

Default gateway points towards Sydney router

Port security Unused ports are shutdown

Show running-config

Unused ports have the ‘shutdown’ status

Confirm trunk functionality

Communicate with devices across a trunk

Ping directly connected switch or router

5 successful replies

Confirm port security

Testing MAC limit violations

Connect a new device into a port with port security enabled

Port shutdown due to MAC address violation

Connectivity Ping default Ping default 5 successful

Page 10: C4 CISCO Project

gateway gateway (e.g. 10.0.99.1, 10.0.199.1)

replies

Connectivity Ping New_Ad_1 Ping 10.0.10.2 5 successful replies

Connectivity Ping New_Fi_1 Ping 10.0.20.2 5 successful replies

Connectivity Ping Woll_Ad_1 Ping 10.0.101.2 5 successful replies

Connectivity Ping Woll_Fi_1 Ping 10.0.201.2 5 successful replies

Connectivity Ping File Server Ping 10.0.5.2 5 successful replies

Connectivity Ping ISP Router Ping 209.165.200.226

5 successfully replies

Page 11: C4 CISCO Project

RoutersReason Description Command/Action Expected

OutcomeActual Outcome

Pre-configuration

Erase startup-config

erase startup-config

Router will ask for confirmation and then return to default state

Pre-configuration

Reboot Routers reload Router will restart

To disable DNS resolution

Disable DNS lookup after incorrect command entered

Enter a non-command word e.g. box

Router will not begins DNS lookup

To confirm hostname configuration

Verify hostname Check router name at beginning of a line

Hostname will be [CITY] Routere.g. Sydney Router

To confirm passwords

Verification of passwords

Enter PRIV and EXEC passwords when prompted

Correct passwords authenticate

To confirm passwords

Verification of console password

Enter Console password when prompted

Correct password authenticates

To confirm passwords

Verification of telnet password

Enter Telnet password when accessing router via Telnet

Correct password authenticates

Confirm MOTD Verify correct MOTD

show running-config

motd displayed in running-config

Default Route Verify default route on R1 & R3

show running-config

ip route points to Sydney router

OSPF functionality

Verify functioning OSPF

Show ip route ospf

OSPF entries discovered and displayed

Verify OSPF Check network statements and Router-id

Show running-config

Network statements and Router-ID displayed and correct

DHCP functionality

Verify DHCP configuration

show running-config

Excluded address range, default gateway, network and pool name are displayed

NAT functionality

Verify NAT configuration

Show ip nat statistics

NAT translations taking place and displayed

Connectivity Ping connected switch

Ping (10.0.99.1 for New,

5 successful replies

Page 12: C4 CISCO Project

10.0.199.1 for Woll)

Connectivity Ping New_Ad_1 Ping 10.0.10.2 5 successful replies

Connectivity Ping New_Fi_1 Ping 10.0.20.2 5 successful replies

Connectivity Ping Woll_Ad_1 Ping 10.0.101.2 5 successful replies

Connectivity Ping Woll_Fi_1 Ping 10.0.201.2 5 successful replies

Connectivity Ping File Server Ping 10.0.5.2 5 successful replies

Connectivity Ping ISP Router Ping 209.165.200.226

5 successfully replies