Project # 5

postadmin Post in Uncategorized

Project # 5

Tables

Note: You are provided with the networks that interfaces should be configured on. Unless you are told to do differently in the detailed instructions below, you are free to choose the host addresses to assign.

Addressing Table:

Device Interface Network Configuration Details
Site-1 S0/0/0 192.168.100.20/30 any address in the network
S0/0/1 192.168.100.28/30 any address in the network
G0/0 192.168.8.0/24 first host address
G0/1 192.168.9.0/24 first host address
HQ S0/0/0 192.168.100.20/30 any address in the network
S0/0/1 192.168.100.36/30 any address in the network
S0/1/0 203.0.113.16/29 (The first address in this network is already in use on the ISP router. Any other address in the network can be assigned to this interface.)
Site-2 S0/0/0 192.168.100.28/30 any address in the network
S0/0/1 192.168.100.36/30 any address in the network
G0/1.2 10.10.2.0/24 first address in the network
G0/1.4 10.10.4.0/24 first address in the network
G0/1.8 10.10.8.0/24 first address in the network
G0/1.15 10.10.15.0/24 first address in the network
G0/1.25 10.10.25.0/24 first address in the network
SW-A SVI 10.10.25.0/24 the highest address in the network
SW-B SVI 10.10.25.0/24 the second to the highest address in the network
SW-C SVI 10.10.25.0/24 the third to the highest address in the network
Oper 1A NIC 192.168.8.0/24 any available address in the network
Clerk 1C NIC 192.168.9.0/24 any available address in the network
Admin-A NIC 10.10.15.0/24 any available address in the network
Admin-B NIC 10.10.15.0/24 any available address in the network

VLAN Switch Port Assignment Table:

VLAN Name Network Device Switch Ports
2 sales 10.10.2.0/24 SW-A Fa0/5
SW-C Fa0/7
4 prod 10.10.4.0/24 SW-A Fa0/10
SW-C Fa0/10
8 acct 10.10.8.0/24 SW-A Fa0/15
SW-C Fa0/15
15 admin 10.10.15.0/24 SW-A Fa0/24
SW-C Fa0/24
25 SVI-NET 10.10.25.0/24 SW-A SVI
SW-B SVI
SW-C SVI
99 null N/A SW-A all unused ports

Ether-Trunk Group Interfaces:

Channel Device Interfaces
1 SW-A Fa0/1, Fa0/2
SW-C Fa0/1, Fa0/2
2 SW-A Fa0/3, Fa0/4
SW-B Fa0/3, Fa0/4
3 SW-B Fa0/5, Fa0/6
SW-C Fa0/5, Fa0/6
  • You are required to do the following:

Part I: OSPF Router Configuration

Step 1: Plan the Addressing.

Determine the IP addresses that you will use for the required interfaces on the devices and LAN hosts. Follow the configuration details provided in the Addressing Table.

Step 2: Configure Site-1.

Configure Site-1 with initial settings:

  • Configure the router host name: Site-1. This value must be entered exactly as it appears here.

<Huawei>system-view

[Huawei]sysname Site-1

  • Protect device configurations from unauthorized access with an encrypted secret password.

[Site-1]user-interface console 0

[Site-1-ui-console0]authentication-mode password

[Site-1-ui-console0]set authentication password cipher mtc-5

  • Secure the router console and remote access lines.
  • Configure a Welcome message.

[Site-1]header login information “Welcome in (Site-1) router”

  • Encrypt all clear text passwords.

Step 3: Configure the Router Interfaces.

Use the information in the addressing table to configure the interfaces of all routers for full connectivity with the following:

  • Configure IP addressing.
  • Descriptions for the three connected interfaces of HQ.
  • The Ethernet sub interfaces on Site-2 will be configured later in this assessment.

[Site-1]interface s0/0/0

[Site-1-Serial0/0/0]ip address 192.168.100.21 30

[Site-1-Serial0/0/0]undo shutdown

[Site-1-Serial0/0/0]q

[Site-1]interface s0/0/1

[Site-1-Serial0/0/1]ip address 192.168.100.29 30

[Site-1-Serial0/0/1]undo shutdown

[Site-1-Serial0/0/1]q

[Site-1]interface GigabitEthernet0/0/1

[Site-1-GigabitEthernet0/0/1]ip address 192.168.9.1 24

[Site-1-GigabitEthernet0/0/1]undo shutdown

[Site-1-GigabitEthernet0/0/1]q

[Site-1]interface GigabitEthernet0/0/0

[Site-1-GigabitEthernet0/0/0]ip address 192.168.8.1 24

[Site-1-GigabitEthernet0/0/0]undo shutdown

——————————————————

<Huawei>system-view

[Huawei]sysname Site-2

[Site-2]interface s0/0/0

[Site-2-Serial0/0/0]ip address 192.168.100.30 30

[Site-2-Serial0/0/0]undo shutdown

[Site-2-Serial0/0/0]q

[Site-2]interface s0/0/1

[Site-2-Serial0/0/1]ip address 192.168.100.37 30

[Site-2-Serial0/0/1]undo shutdown

—————————————————-

<Huawei>system-view

[Huawei]sysname HQ

[HQ]interface s0/0/0

[HQ-Serial0/0/0]ip address 192.168.100.22 30

[HQ-Serial0/0/0]undo shutdown

[HQ-Serial0/0/0]description This interface connect to Site-1-S0/0/0

[HQ-Serial0/0/0]q

[HQ]interface s0/0/1

[HQ-Serial0/0/1]ip address 192.168.100.38 30

[HQ-Serial0/0/1]undo shutdown

[HQ-Serial0/0/1]description This interface connect to Site-2-S0/0/1

[HQ-Serial0/0/1]q

[HQ]interface s0/0/3

[HQ-Serial0/0/3]ip address 203.0.113.18 29

[HQ-Serial0/0/3]undo shutdown

[HQ-Serial0/0/3]description This interface connect to Internet-S0/0/1

Step 4: Configure inter-VLAN ;’routing on Site-2.

Configure router Site-2 to route between VLANs using information in the Addressing Table and VLAN Switch Port Assignment Table. The VLANs will be configured on the switches later in this assessment.

  • Do not route the VLAN 99 network.

[Site-2]vlan batch 2

[Site-2]interface GigabitEthernet0/0/1.2

[Site-2-GigabitEthernet0/0/1.4]ip address 10.10.2.1 24

[Site-2]vlan batch 4

[Site-2]interface GigabitEthernet0/0/1.4

[Site-2-GigabitEthernet0/0/1.4]ip address 10.10.4.1 24

[Site-2]vlan batch 8

[Site-2]interface GigabitEthernet0/0/1.8

[Site-2-GigabitEthernet0/0/1.4]ip address 10.10.8.1 24

[Site-2]vlan batch 15

[Site-2]interface GigabitEthernet0/0/1.15

[Site-2-GigabitEthernet0/0/1.4]ip address 10.10.15.1 24

[Site-2]vlan batch 25

[Site-2]interface GigabitEthernet0/0/1.25

[Site-2-GigabitEthernet0/0/1.4]ip address 10.10.25.1 24

Step 5: Configure OSPF Routing and a default route.

  1. On all routers:
    • Configure OSPF for IPv4 to route between the internal networks.
    • Use the precise wild card masks for all network statements.
    • You are not required to route the SVI-NET VLAN network over OSPF.
    • Prevent routing updates from being sent on the LAN networks. Do not use the default keyword version of the command to do so.

[HQ]ospf 1

[HQ-ospf-1]area 0

[HQ-ospf-1-area-0.0.0.0]net

[HQ-ospf-1-area-0.0.0.0]network 192.168.100.20 0.0.0.3

[HQ-ospf-1-area-0.0.0.0]network 192.168.100.36 0.0.0.3

[HQ-ospf-1-area-0.0.0.0]network 203.0.113.16 0.0.0.7

————————————————————————————————

[Site-1]ospf 1

[Site-1-ospf-1]area 0

[Site-1-ospf-1-area-0.0.0.0]

[Site-1-ospf-1-area-0.0.0.0]network 192.168.100.28 0.0.0.3

[Site-1-ospf-1-area-0.0.0.0]network 192.168.100.20 0.0.0.3

[Site-1-ospf-1-area-0.0.0.0]network 192.168.8.0 0.0.0.255

[Site-1-ospf-1-area-0.0.0.0]network 192.168.9.0 0.0.0.255

————————————————————–

[Site-2]ospf 1

[Site-2-ospf-1]area 0

[Site-2-ospf-1-area-0.0.0.0]network 192.168.100.28 0.0.0.3

[Site-2-ospf-1-area-0.0.0.0]network 192.168.100.36 0.0.0.3

  1. On the HQ router:
    • Configure a default route to the Internet. Use the exit interface argument.

[HQ]ip route-static 0.0.0.0 0.0.0.0 203.0.113.16

  1. Configure OSPF for IPv4 to distribute the default route to the other routers.

[HQ]ospf 1

[HQ-ospf-1]area 0

[HQ-ospf-1-area-0.0.0.0]network 203.0.113.16 0.0.0.7

Step 6: Customize OSPF for IPv4.

Customize OSPF for IPv4 by performing the following configuration tasks:

  1. Create a summary route for the LANs connected to SW-C. It should include all networks from 10.10.0.0 to 10.10.15.0.
  2. Do not include the SVI-NET VLAN network in the summary route.
  3. Configure OSPF for IPv4 with the route summary so that it will be sent to the other routers. Be sure to configure the summary on all of the appropriate interfaces.

Part II: Switching and DHCP Configuration

Step 1: Create and name VLANs.

On all three switches that are attached to Site-2, create and name the VLANs shown in the VLAN Table.

  1. The VLAN names that you configure must match the values in the table exactly.  Each switch should be configured with all of the VLANs shown in the table.

<SW-B>system-view

[SW-B]vlan 25

<SW-A>system-view

[SW-A]vlan 2

[SW-A-vlan2]q

[SW-A]vlan 4

[SW-A-vlan4]q

[SW-A]vlan 8

[SW-A-vlan8]q

[SW-A]vlan 15

[SW-A-vlan15]q

[SW-A]vlan 25

[SW-A-vlan25]

<SW-C>system-view

[SW-C]vlan 2

[SW-C-vlan2]q

[SW-C]vlan 4

[SW-C-vlan4]q

[SW-C]vlan 8

[SW-C-vlan8]q

[SW-C]vlan 15

[SW-C-vlan15]q

[SW-C]vlan 25

[SW-C-vlan25]

Step 2: Assign switch ports to VLANs.

Using the VLAN table, assign the switch ports to the VLANs you created in Step 1, as follows:

  1. All switch ports that you assign to VLANs should be configured to static access mode.
  2. All switch ports that you assign to VLANs should be activated.

Step 3: Configure the SVIs.

Refer to the Addressing Table. Create and address the SVIs on all three of the switches that are attached to Site-2. Configure the switches so that they can communicate with hosts on other networks. Full connectivity will be established after routing between VLANs has been configured later in this assessment.

Step 4: Configure Trunking and EtherTrunk.

  1. Use the information in the Port-Channel Groups table to configure EtherTrunk as follows:
    • Use LACP.
    • The switch ports on both sides of Channels 1 and 2 should initiate negotiations for channel establishment.
    • The switch ports on the SW-B side of the Channel 3 should initiate negotiations with the switch ports on SW-C.
    • The switch ports on the SW-C side of Channel 3 should not initiate negotiations with the switch ports on the other side of the channel.
    • All channels should be ready to forward data after they have been configured.
  2. Configure all port-channel interfaces as trunks.
  1. Configure static trunking on the switch port on SW-B that is connected to Site-2.

Step 5: Configure Rapid PVST+.

Configure Rapid PVST+ settings as follows:

  1. Activate Rapid PVST+ and set root priorities.
    • All three switches should be configured to run Rapid PVST+.
    • SW-A should be configured as root primary for VLAN 2 and VLAN 4 using the default primary priority values.
    • SW-A should be configured as root secondary for VLAN 8 and VLAN 15 using the default secondary priority values.
    • SW-C should be configured as root primary for VLAN 8 and VLAN 15 using the default primary priority values.
    • SW-C should be configured as root secondary for VLAN 2 and VLAN 4 using the default secondary priority values.
  2. Activate PortFast and BPDU Guard ontheactive SW-C switch access ports.
    • Configure PortFast on all access ports that are connected to hosts.
    • Activate BPDU Guard on all access ports that are connected to hosts.

Step 6: Configure switch security.

You are required to complete the following only on some of the devices in the network for this assessment. In reality, security should be configured on all devices in the network.

  1. Secure unused switch ports. Following security best practices, do the following on SW-A only:
    • Shutdown all unused switch ports.
    • Configure all unused switch ports as static access ports.
    • Ensure that all unused switch ports have been assigned to VLAN 99.
  2. Configure port security on all active access ports on SW-A.
    • Each switch port should accept only two MAC addresses before a security action occurs.
    • The learned MAC addresses should be recorded in the running configuration.
    • If a security violation occurs, the switch ports should provide notification that a violation has occurred but not place the interface in an err-disabled state.

Step 7: Configure Site-2 as a DHCP server for the hosts attached to the SW-A and SW-B switches.

Configure three DHCP pools as follows:

  1. Create a DHCP pool for hosts on VLAN 2 using the pool name vlan2pool.  Create a DHCP pool for hosts on VLAN 4 using the pool name vlan4pool.
  2. Create a DHCP pool for hosts on VLAN 8 using the pool name vlan8pool.
  3. All VLAN pool names must match the provided values above exactly.
  4. Exclude the first five addresses from each pool.
  5. Configure a DNS server address of 192.168.200.225.
  6. All hosts should be able to communication with hosts on other networks.

Step 8: Configure host addressing.

Note: This assessment is a simulation of a working network. Due to the complexities of the protocols and technologies that are simulated in this network, some connectivity tests may not succeed even though the network has been properly configured. If all required configurations are complete, your score will not be affected.

All hosts should be able to ping each other and the two external servers after they have been addressed.

  1. Hosts on VLANs 2, 4, and 8 should be configured to receive addresses dynamically over DHCP.
  2. Hosts on VLAN 15 should be addressed statically as indicated in the addressing table. Once configured, the hosts should be able to ping hosts on other networks.
  3. Hosts on the LANs attached to Site-1 should be statically assigned addressing that enables them to communicate with hosts on other networks.

Topology:

Important Notes:

  1. If there are no specific configurations requirement then you may choose according to your best judgment.
  2. For each and every step you should present a detailed configuration and its verification in your report.
  3. If you think anything is missing or incompatible, you must discuss this with your teacher urgently.

Presentation:

  1. The students’ participation should be equally distributed.
  2. Any result in technical failure will not be compensated hence precautionary backup measures are advisable.
  3. Each group will have a maximum of 15 minutes which includes 5-7 minutes of presentation and the rest 8-10 minutes for the viva voce.
  4. The whole group will be given a single mark. Every student should be able to answer as it will affect all of the group members.