CMIT350 Project 3 PDF

Preview

Summary

The full cover of project 3...

Description

Cisco Network Proposal (Part-3)

CMIT350 Professor: James Graves Generated by: Mohammad Tanzim Date: 02/25/2018

Summary: 1) The VLAN of Sacramento, Router OS, the implementation of DHCP, Los Angeles Site Management, xACME WAN – WAN Implementation 2) Bibliography

Sacramento Site Configuration

The Sacramento office site will need three main materials which are implementing a VLAN for specific switches, implementing a routing stick topology to fulfil the requirement of VLAN, and utilizing dynamic host control protocol. Besides, UMUC need to care about allowing limited mac address per port with the restrictions for unauthorized users. IP address has to be assigned automatically.

VLAN

This site can be divided into 4 VLANs for faculty, administrator, instructional, and a general server. The name of these VLAN will be required as ID and the necessary security for additional port can be configured later with switchport access mode and trunk mode. Access mode works as a protocol which can allow ports to provide communication with specific nodes within the same VLAN. In contrast, the trunk mode ensures connection between VLAN and the switch. In the end, DHCP can be helpful to assign IP addresses for all devices or hosts.

The administrative VLAN can be identified with number 14, instructional with 35, server with 8 and faculty with 6. All the subnet mask of these 4 VLAN is 255.255.255.192 and IP addresses can be assigned automatically within a range. Take that range for Administrative VLAN 15 is 10.50.0.64 to 10.50.0.116 with default gateway 10.50.0.66, instructional VLAN 35 is 10.50.0.128 to 10.50.0.180 with default gateway 10.50.0.130, server VLAN 8 is 10.50.0.192 to 10.50.0.192 to 10.50.0.245 with default gateway 10.50.0.194, and faculty VLAN 5 is 10.50.0.0 to 10.50.0.52 with default gateway 10.50.0.2.

Configuring New VLAN

SacSw1>ena SacSw1#conf t SacSw1(config)#vlan 15

SacSw1(config-vlan)#name administrative Sacw1(config-vlan)#int gi0/1 SacSw1(config-if)#switchport access vlan 6 SacSw1(config-if)#Ctrl+Z SacSw1#copy run start SacramentoSw1#exit

Configuring Access mode

SacSw1>ena SacSw1#conf t SacSw1(config)#int gi0/1 SacSw1(config-if)#switchport mode access SacSw1(config-if)#switchport access vlan 6 SacSw1(config-if)#no shut SacSw1(config-if)#Ctrl+Z SacSw1#copy run start SacSw1#exit

Configuring Security of Port SacSw1>ena SacSw1#conf t SacSw1(config)#int gi0/1

SacSw1(config-if)#switchport port-security SacSw1(config-if)#switchport port-security maximun 2 SacSw1(config-if)#switchport port-security mac-address sticky SacSw1(config-if)#switchport port-security violation shut SacSw1(config-if)#Ctrl+Z SacSw1#copy run start SacSw1#exit

Configuring Switch Faculty vlan: 10.50.0.1 /26 Administrative vlan: 10.50.0.65 /26 Instructional vlan: 10.50.0.129 /26 Server vlan: 10.50.0.193 /26

SacSw1>ena SacSw1#conf t SacSw1(config)#int fa0/24 SacSw1(config)#switchport mode trunk SacSw1(config)#switchport trunk allowed vlan 6, 8, 15, 35 SacSw1(config)#switchport trunk encapsulation dot1q SacSw1(config)#description Uplink to Sacramento Router SacSw1(config)#no shut SacSw1(config)#Ctrl+Z SacSw1#copy run start

Configuring Router

SacRouter>ena SacRouter#conf t SacRouter(config)#int fa0/0.5 SacRouter(config-subif)#ip address 10.50.0.1 255.255.255.192 SacRouter(config-subif)#encap dot1q 3 SacRouter(config-subif)#description administrative vlan 6 SacRouter(config-subif)#no shut SacRouter(config)#int fa0/0.14 SacRouter(config-subif)#ip address 10.50.0.66 255.255.255.192 SacRouter(config-subif)#encap dot1q 15 SacRouter(config-subif)#description administrative vlan 15 SacRouter(config-subif)#no shut SacRouter(config-subif)#Ctrl+Z SacRouter#copy run start

Configuring DHCP

SacRouter>ena SacRouter#conf t SacRouter(config)#ip dhcp pool server

SacRouter(dhcp-config)#network 10.48.0.193 /26 SacRouter(dhcp-config)#dns-server 10.50.0.194 SacRouter(dhcp-config)#default-router 10.50.0.194 SacRouter(dhcp-config)#exit SacRouter(config)#ip dhcp excluded-address 10.50.0.193 10.48.0.255 SacRouter(config)#ctrl+z SacRouter#copy run start SacRouter#exit

Sample Topology

2) Site Configuration of Los Angeles

Remote IOS strogage and remote management of switches are needed for this site configuration. Los Angeles site must be covered with proper security and be restricted from unathorized access of unknown hosts. ACL implementation can be provided for

remote assistance to the VLAN. In the end, to sync properly with necessary materials like logging records, authentication protocol, netowrk time protocol can be used. From the topology of this site, Los Angeles has a TFTP server and it needs to provide backup configuration for easy recovery. Then, secure shell SSH can be good option to remote management. Finally, with the implementation of NTP can maintain synchronization to the all servers in this site.

Configuration Remote Storage(IOS)

LARouter#copy running-config tftp: Server Directory LARouter#copy nvram:startup-config tftp: Server directory LARouter#copy run start Configuring SSH

LASw2>ena LASw2#conf t LASw2(config)#crypto key generate rsa LASw2(config)#aaa newmodel LASw2(config)#username admin password PASSWORD LASw2(config)#line vty 0 16 LASw2(config-line)#transport input ssh LASw2(config-line)#login local LASw2(config-line)#password 8

LASw2(config-line)#exit LAw2(config)#line console 0 LASw2(config-line)#logging synchronous LASw2(config-line)#login local LASw2(config-line)#exit LASw2#Ctrl+Z LASw2#copy run start

Configuring ACL

LARouter>ena LARouter #config t LARouter(config)#IP access-list extended VLAN LARouter(config-ext-nacl)#permit IP 10.40.7.0 0.0.04 host 10.40.7.10 LARouter(config)#interface fa0/0 LARouter(config-if)#ip access-group VLAN in LARouter(config)#line vty 0 16 LARouter(config-line)#ip access-class VLAN in LARouter(config-line)#Ctrl+Z LARouter#copy run start LARouter#exit

Configuring NTP

LARouter>ena LARouter#config t LARouter(config)#feature ntp LARouter(config)#ntp server 10.40.7.10 LARouter(config)#Ctrl+Z LARouter#copy run start LARouter#exit

3) xACME WAN configuration

The last site xACME WAN should have proper WAN implementation, authentication and topology suggestions. With the using of PPP protocol, that will be possible to provide full-duplex communication by encapsulating. Security is very important for this sites as well password and confidential file must be encrypted. To protect the redundancy, this site needs to arrange all lines properly with better traffic flow. The more xACME can reduce the error, the more better connectivity can be provided.

Sample Configurations

Router>ena Router#conf t Router(config)#hostname LosAngeles_Router Router(config)#username admin password PASSWORD

Router(config)#int s0/0/0 Router(config-if)#encap ppp Router(config-if)#ppp authentication chap Router(config-if)#Ctrl+Z Router(config)#exit Router#copy run start

Topology

Every networking plan should have a definition of requirements and proper topological description for WAN connection. The total design must be going through under secure protocol and development of this sites performance and connectivity. Some factors like preceding calculation of traffic, the period of using network infrastructure need to be focused. Security is much important where unsecured protocol and host need to be secured and all the unauthorized access need to be restricted. Moreover, all the VLAN and switch should have clear communication between each other where needed. This topology must have a multiple point of entry and exit, otherwise if any IP scheme has failed, that will make drastic result. Moreover, xACME wan site need to ignore any higher work being placed on those 2 devices which can provide incoming and outgoing per multiple sites together. They have to be determined by alleviating the heavy traffic on those 2 devices within the creation of some redundancy in this topology.

Bibliography

1) “Routing and Switching Pro”, TestOut, 2017. [Online]. Available: www.testout.com. [Accessed 02 25 2018] 2) P. Support, C. Firewall, T. Alerts and T. TechNotes, "Configuring IP Access Lists", Cisco, 2016. [Online]. Available: http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602confaccesslists.html. [Accessed: 25- Feb- 2018]. 3) B. Ahmedi, P. Mitrevski, “On the Development of Methodology for Planning and Cost-Modeling of Wide Area Netowrk.”, International Journal of Computer Networks & Communications (IJCNC) Vol.6, No.3, May 2014...