NET2000 Intermediate Networking

Case Study
Setup a VLSM addressing scheme Configure VTP, VLANS, VLAN trunking with manual pruning and interVLAN routing Configure STP and document expected topolog for each VLAN Configure !"CP ser#ers on the $atewa router Configure switching hardening as appropriate and possi%le with PacketTracer

Network Topology

The la out for the central LAN for Compan &'L is shown %elow( The implementation follows a hierarchical model with a collapsed core)distri%ution la er and some o#erlap %etween access)distri%ution la ers( The network should %e segmented into research, guest and staff VLANs( The restricted VLAN should %e known onl to switch !* and the traffic to)from the restricted VLAN should tra#el onl o#er the reser#ed link from the router( Traffic anal sis shows that the wireless PC+s and the guest VLANs %eha#e in a t pical ,-)*- model. *-/ of the traffic sta s in the local workgroup0 ,-/ is directed to remote destinations( The %eha#iour of the staff VLAN follows a more historical pattern. ,-/ of the traffic in the staff VLAN is directed to the staff ser#er0 onl *-/ lea#es the local workgroup(

!"Ns and Subnets

Allocate )*1 su%nets from the 2-(-(-(-), network with the exception of the link %etween the wireless router and $atewa which should %e a )3- link(

Initial switc# con$iguration

4nclude a description for all switch and router interfaces with connected de#ices( 4nitial switch config. all ports should %e access ports in the notinuse VLAN 5 shutdown( 6ou must add the workstations that will connect to A2 and A*( All trunk links should use nati#e VLAN 2( Connections to the router which will carr traffic for more than 2 VLAN should %e configured as trunk links( Trunks should %e configured manuall on distri%ution)core switches 7!2)!*8 and d namicall on access la er switches 7A2)A*8( Manuall restrict the VLAN traffic allowed on each trunk( 7not negotiated d namicall with VTP pruning8(

Trunk !inks % on switc#es &

The compan has decided to implement VTP( Allocate a VTP ser#er and configure the remaining switches as client or transparent switches as re9uired( The onl switch which should %e aware of the :restricted; VLAN is !*( <ther switches should not ha#e this VLAN in their data%ase(

!"Ns Create VLANs as re9uired( Assign access ports to VLANs as re9uired and %ring the interfaces up( ST' Choose an appropriate switch as root of the spanning tree for each of VLANs 2-,*-,3- %ased on the traffic patterns specified in the pream%le <nce spanning tree con#erges, document the links that are acti#e 5 inacti#e for each VLAN(

Serial -)-. *-=(*22(1-(2>)3?ast@thernet -)-. ,-*(29 support for staff)guest VLANs ?ast@thernet -)2. ,-*(29 support for 4T)ABS VLANs ?ast@thernet 2)-. gatewa for restricted VLAN Configure a default route #ia serial -)-

)ireless The C4nternetC port should connect to switch !2( The :4nternet; port should ha#e a static 4P address in our ABS network0 !NS *-*(*(*(*( The network port should ha#e an 4P in the su%net allocated for wireless de#ices( Configure an SS4! and APA* Personal securit ( Change the admin password to cisco(

$atewa should act as a !"CP ser#er for the guest VLAN( !"CP should assign network, mask, default router and dnsDser#er( 7dns ser#er is *-*(*(*(*8 Setup an SV4 on each switch for the 4T VLAN( Assign the addresses staticall (


)orkstations , Server
$atewa should act as a !"CP ser#er for the guest VLAN( $uest workstations should recei#e their addresses #ia !"CP from a ser#er on $atewa ( Aireless workstations should recei#e addresses from the wireless router( Staff, 4T and Bestricted workstations should ha#e static 4P addresses( All workstations should %e a%le to #iew the we% page at www(N@T*---(ca All workstations should ha#e connecti#it to the staff ser#er( <n A2, implement an switch securit policies supported % packet tracer that ou deem appropriate( 7this should %e on all switches %ut A2 is sufficient for this exercise8( !ocument the policies implemented and the purpose(

Switc# +ardening

Completed packet tracer implementation Network topolog , clearl indicating ip address allocation !ocumentation of the spanning tree topolog for each VLAN( This is most appropriatel presented VLAN % VLAN0 for each VLAN, diagram the acti#e 5 %locked links 7highlight the acti#e links8( !ocumentation of the switch hardening policies Test plan showing complete connecti#it Set of commands and command outputs demonstrating correct configuration

