Embed Size (px)
DESCRIPTION
Network design & configuration on cisco packet tracer (simulator)
Citation preview
NETWORK DESIGN USING ACCESS CONTROLS AND VOIP
Saurav Kumar Pandey
CONTENTSAbstractNetwork TopologyFrame – RelayDHCPRouting ProtocolVLANTelnetACLVoIP
ABSTRACT To deploy well-designed computer networks supporting
converged applications of data, audio, and video. To support better performance, resilience, security,
maintainability. This is to propose a network model that can be implemented
in different network environments and also be used to implement MAN, WAN.
Use of Voice over Internet Protocol technology allows to make a phone call using an Internet connection or a dedicated network that uses the IP protocol, rather than go through the normal telephone line.
This save bandwidth used. Data packets, containing voice information are routed over the network, encoded in digital form.
To filters & check unauthorized traffic that travels across the network.
The major objective of this network design is to allow only the genuine users to access the network and prevent the intruders from accessing it.
NETWORK TOPOLOGY
Network description • This network has a total number of 3 locations
locations; 1 Head office,and other two are Branch office-A and Branch Office-B.
• The routers used are 2811 • Also have opted for 2960 switches • Have added PC's as voice functionality can be
added to those if desired and to check whether both the network could ping each other or not and for various operational functionalities.
• Have kept IPV4 addressing sceme to the various networks.
• The Head office and the Branch office-A are connected via leased line(Frame Relay).
Router configurationRouter 1 Router>en Router#conf t Router(config)#int s 0/2/0 Router(config-if)#ip addr 192.168.0.1 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit
Router(config)#int s0/3/0 Router(config-if)#ip addr 192.168.1.1 255.255.255.0 Router(config-if)#clock rate 64000 Router(config-if)#no shut Router(config-if)#exit
Router(config)#int f0/0 Router(config-if)#ip addr 172.21.0.1 255.255.0.0 Router(config-if)#no shut
Router(config)#int f0/1 Router(config-if)#ip addr 172.20.0.1 255.255.0.0 Router(config-if)#no shut
Contd...
Router2 Router>en Router#conf t Router(config)#int s0/2/0 Router(config-if)#ip addr 192.168.0.2 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit
Router(config)#int s0/3/0 Router(config-if)#ip addr 192.168.2.1 255.255.255.0 Router(config-if)#clock rate 64000 Router(config-if)#no shut Router(config-if)#exit
Router(config)#int f0/0 Router(config-if)#ip addr 172.17.0.1 255.255.0.0 Router(config-if)#no shutRouter(config-if)#exit
Router(config)#int f0/1 Router(config-if)#ip addr 172.16.0.1 255.255.0.0 Router(config-if)#no shut Router(config-if)#exit contd…..
Router3 Router>en Router#conf t Router(config)#int s0/3/0 Router(config-if)#ip addr 192.168.1.2 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit
Router(config)#int s0/2/0 Router(config-if)#ip addr 192.168.2.2 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit
Router(config)#int f0/0 Router(config-if)#ip addr 172.19.0.1 255.255.0.0 Router(config-if)#no shut Router(config-if)#exit
Router(config)#int f0/1 Router(config-if)#ip addr 172.18.0.1 255.255.0.0 Router(config-if)#no shut Router(config-if)#exit
Frame-RelayFrame relay is a telecommunication
service designed for cost-efficient data transmission for intermittent traffic between local area networks (LANs) and between end-points in a wide area network (WAN). Frame relay puts data in a variable-size unit called a frame and leaves any necessary error correction (retransmission of data) up to the end-points, which speeds up overall data transmission.
Frame-relay configuration
Frame-relay config.Router1 (frame-relay) Router(config)#int s0/2/0 Router(config-if)#encapsulation frame-relay Router(config-if)#frame-relay lmi-type cisco Router(config-if)#frame-relay interface-dlci 102 Router(config-if)#no shut
Router3 (frame-relay) Router(config)#int s0/2/0 Router(config-if)#encapsulation frame-relay Router(config-if)#frame-relay lmi-type cisco Router(config-if)#frame-relay interface-dlci 201 Router(config-if)#no shut
DHCP
DHCP Config.Router1 Router(config)#ip dhcp pool R1 Router(dhcp-config)#network 172.20.0.0 255.255.0.0 Router(dhcp-config)#default-router 172.20.0.1 Router(dhcp-config)#exit
contd…
Router2 Router(config)#ip dhcp pool R2 Router(dhcp-config)#network 172.17.0.0 255.255.0.0 Router(dhcp-config)#default-router 172.17.0.1 Router(dhcp-config)#exit
Router3 Router(config)#ip dhcp pool R3 Router(dhcp-config)#network 172.19.0.0 255.255.0.0 Router(dhcp-config)#default-router 172.18.0.1 Router(dhcp-config)#exit
RIP(ROUTING INFORMATION PROTOCOL)It is a dynamic routing protocol
technique
RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination. The maximum number of hops allowed for RIP is 15.
RIP Config.Router1 Router(config)#router rip Router(config-router)#network 192.168.0.0 Router(config-router)#network 192.168.1.0 Router(config-router)#network 172.20.0.0 Router(config-router)#network 172.21.0.0
contd…
Router2 Router(config)#router rip Router(config-router)#network 192.168.0.0 Router(config-router)#network 192.168.2.0 Router(config-router)#network 172.16.0.0 Router(config-router)#network 172.17.0.0
Router3 Router(config)#router rip Router(config-router)#network 192.168.1.0 Router(config-router)#network 192.168.2.0 Router(config-router)#network 172.18.0.0 Router(config-router)#network 172.19.0.0
VLAN In computer networking, a single layer-2 network may
be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN or VLAN.
Vlan config.Switch1 Switch>en Switch#conf t Switch(config)#vlan 2 Switch(config-vlan)#name HR Switch(config-vlan)#exit Switch(config)#vlan 3Switch(config-vlan)#name AC Switch(config-vlan)#exit Switch(config)#vlan 2 Switch(config-vlan)#int f0/3 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 2 Switch(config-if)#int f0/4 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 2 Switch(config-if)#exit contd….
Switch(config)#vlan 3 Switch(config-vlan)#int f0/5 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 3 Switch(config-if)#int f0/6 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 3 Switch(config-if)#exit
Switch(config)#int f0/2 Switch(config-if)#switchport mode trunk
(trunk is used to connect one switch with another switch)
contd…
Switch7 Switch(config)#vlan 2 Switch(config-vlan)#int f0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 2 Switch(config-if)#int f0/3 Switch(config-if)#switchport mode access 83
Switch(config-if)#switchport access vlan 2 Switch(config-if)#exit
contd….
Switch(config)#vlan 3 Switch(config-vlan)#int f0/4 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 3 Switch(config-if)#int f0/5 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 3 Switch(config-if)#exit
Switch(config)#int f0/1 Switch(config-if)#switchport mode trunk
TELNETTelnet is a user command and an
underlying TCP/IP protocol for accessing remote computers. Through Telnet, an administrator or another user can access someone else's computer remotely.
Telnet configuration on router2 & router3Router2 Router(config)#line vty 0 4 Router(config-line)#password ccna1 Router(config-line)#login Router(config-line)#exit Router(config)#enable password ccie Router3 Router(config)#line vty 0 4 Router(config-line)#password ccna2 Router(config-line)#login Router(config-line)#exit Router(config)#enable password ccie1
Accessing router 2
ACL(Access Control lists)ACLs are basically a set of commands,
grouped together by a number or name that is used to filter traffic entering or leaving an interface. An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object.
Restricting PC10 from accessing Router2 via telnet Router 3(extended ACL) Router(config)#access-list 101 deny tcp host 172.19.0.2 host 192.168.2.1 eq 23 Router(config)#access-list 101 deny tcp host 172.19.0.2 host 172.17.0.1 eq 23 Router(config)#access-list 101 deny tcp host 172.19.0.2 host 192.168.0.2 eq 23 Router(config)#access-list 101 permit ip any any Router(config)#int f0/0 Router(config-if)#ip access-group 101 in Router(config-if)#exit contd….
Restriction in accessing telnet through PC 10
Restricting PC10 from accessing network 172.20.0.0
Router1 (standard ACL) Router(config)#access-list 1 deny host 172.19.0.2 Router(config)#access-list 1 permit any Router(config)#int f0/1 Router(config-if)#ip access-group 1 out Router(config-if)#exit
Restriction in accessing the network through PC10
VOIPVoice over IP (voice over Internet
Protocol, VoIP) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet.
Protocols in VoipDHCPCALL MANAGER EXPRESSPHONE DIRECTORYDIAL PEER CONFIGURATION
DHCP Config. In VoIPRouter1 Router(config)#ip dhcp pool voice Router(dhcp-config)#network 172.21.0.0 255.255.0.0 Router(dhcp-config)#default-router 172.21.0.1 Router(dhcp-config)#option 150 ip 172.21.0.1 Router(dhcp-config)#exit
Router2 Router(config)#ip dhcp pool voiceRouter(dhcp-config)#network 172.16.0.0 255.255.0.0 Router(dhcp-config)#default-router 172.16.0.1 Router(dhcp-config)#option 150 ip 172.16.0.1 Router(dhcp-config)#exit contd…..
Router3 Router(config)#ip dhcp pool voice Router(dhcp-config)#network 172.18.0.0 255.255.0.0 Router(dhcp-config)#default-router 172.18.0.1 Router(dhcp-config)#option 150 ip 172.18.0.1 Router(dhcp-config)#exit
Call Manager express config.Router 1 Router(config)#telephony-service Router(config-telephony)#max-dn 5 Router(config-telephony)#max-ephones 5 Router(config-telephony)#ip source-addr 172.21.0.1 port 2000 Router(config-telephony)#auto assign 4 to 6 Router(config-telephony)#auto assign 1 to 5 Router(config-telephony)#exit
contd…..
Router2 Router(config)#telephony-service Router(config-telephony)#max-dn 5 Router(config-telephony)#max-ephones 5 Router(config-telephony)#ip source-addr 172.16.0.1 port 2005 77 Router(config-telephony)#auto assign 4 to 6 Router(config-telephony)#auto assign 1 to 5 Router(config-telephony)#exit
Router3 Router(config)#telephony-service Router(config-telephony)#max-dn 5 Router(config-telephony)#max-ephones 5 Router(config-telephony)#ip source-addr 172.18.0.1 port 2010 Router(config-telephony)#auto assign 4 to 6 Router(config-telephony)#auto assign 1 to 5 Router(config-telephony)#exit
contd……
Switch0 Switch(config)#int range f0/1-5 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport voice vlan 1 Switch(config-if-range)#exit Switch5 Switch(config)#int range f0/1-5 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport voice vlan 1 Switch(config-if-range)#exit Switch4 Switch(config)#int range f0/1-5 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport voice vlan 1 Switch(config-if-range)#exit contd….
Phone Directory config.
Router1 Router(config)#ephone-dn 1 Router(config-ephone-dn)#number 1101 Router(config-ephone-dn)#exit Router(config)#ephone-dn 2 Router(config-ephone-dn)#number 1102 Router(config-ephone-dn)#exit
contd…..
Router2 Router(config)#ephone-dn 1 Router(config-ephone-dn)#number 2101 Router(config-ephone-dn)#exit Router(config)#ephone-dn 1 Router(config-ephone-dn)#number 2102 Router(config-ephone-dn)#exit Router 3 Router(config)#ephone-dn 1 Router(config-ephone-dn)#number 3101 Router(config-ephone-dn)#exit Router(config)#ephone-dn 1 Router(config-ephone-dn)#number 3102 Router(config-ephone-dn)#exit contd…
Dial-Peer config…. Router1 Router(config)#dial-peer voice 1 voip Router(config-dial-peer)#destination-pattern 2... Router(config-dial-peer)#session target ipv4:192.168.0.2 Router(config-dial-peer)#exit Router(config)#dial-peer voice 2 voip Router(config-dial-peer)#destination-pattern 3... Router(config-dial-peer)#session target ipv4:192.168.1.2 Router(config-dial-peer)#exit
contd…
Router2 Router(config)#dial-peer voice 3 voip Router(config-dial-peer)#destination-pattern 1... Router(config-dial-peer)#session target ipv4:192.168.0.1 Router(config-dial-peer)#exit Router(config)#dial-peer voice 5 voip Router(config-dial-peer)#destination-pattern 3... Router(config-dial-peer)#session target ipv4:192.168.2.2 Router(config-dial-peer)#exit
Router3 Router(config)#dial-peer voice 4 voip Router(config-dial-peer)#destination-pattern 1... Router(config-dial-peer)#session target ipv4:192.168.1.1 Router(config-dial-peer)#exit 80 Router(config)#dial-peer voice 6 voip Router(config-dial-peer)#destination-pattern 2... Router(config-dial-peer)#session target ipv4:192.168.2.1 Router(config-dial-peer)#exit contd….
Dialing phone
Connected phone
Benefits of voipThe call cost is lower, especially
over long distancesThe infrastructure costs are
lower: When it became available any IP network infrastructure is required.
This save bandwidth used. Data packets, containing voice information are routed over the network, encoded in digital form.
BIBLIOGRAPHYBOOKS CISCO CCNA ICND2 official exam certification book CCNA study guide access control list standard and
extended.
REFERENCES http://www.packettracer.com/ voipconfiguration.html http://www.packettracer.com/
VoIP_in_Cisco_Packet_Tracer.htm http://www.howstuffworks.com/ ip-telephony.htm http://www.wikipedia.com/ Voice_over_IP.html http://www.louisvilleuniversity.com/intro.html http://www.rogerdarlington.me.uk/VoIP.html http://www.baumann.info/public/voip Syngress Cisco Internetworking Book
THANK YOU
