Network Implementation In network implementation we organized all devices, ip table, configuring VLAN, Subnet Mask, VPN, Access-list and NAT. In the WAN configuration we maintain secure communication among the branches. OSPF has been used as a routing protocol. Addressing Table Device Interface IP Address Subnet Mask Default Gateway Location R0 S1/0 200.18.5. 1/29 255.255.255. 248 Head Office S1/1 172.16.1. 0 255.255.255. 252 Head Office F0/0 172.16.1. 65 255.255.255. 224 Head Office R1 S1/0 172.16.1. 2 255.255.255. 252 Head Office S1/1 172.16.1. 5 255.255.255. 252 Head Office F0/0 192.168.1 .1 255.255.255. 0 Head Office F0/1 172.16.1. 33 255.255.255. 224 Head Office R2 S1/0 172.16.1. 6 255.255.255. 252 Head Office F0/0 172.16.1. 129 255.255.255. 224 Head Office
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Network ImplementationIn network implementation we organized all devices, ip table, configuring VLAN, Subnet Mask, VPN, Access-list and NAT. In the WAN configuration we maintain secure communication among the branches. OSPF has been used as a routing protocol.
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway Location
R0 S1/0 200.18.5.1/29 255.255.255.248 Head Office
S1/1 172.16.1.0 255.255.255.252 Head Office
F0/0 172.16.1.65 255.255.255.224 Head Office
R1 S1/0 172.16.1.2 255.255.255.252 Head Office
S1/1 172.16.1.5 255.255.255.252 Head Office
F0/0 192.168.1.1 255.255.255.0 Head Office
F0/1 172.16.1.33 255.255.255.224 Head Office
R2 S1/0 172.16.1.6 255.255.255.252 Head Office
F0/0 172.16.1.129 255.255.255.224 Head Office
R3 S1/0 200.18.5.2/29 255.255.255.248 Melbourne
F0/0 10.1.2.0/24 255.255.255.0 Melbourne
F0/1 10.1.1.0/29 255.255.255.248 Melbourne
R4 S1/0 200.18.5.3/29 255.255.255.248 Perth
F0/0 20.1.1.0/29 255.255.255.248 Perth
F0/1 20.1.2.0/24 255.255.255.0 Perth
Multi Layer Switch 1
F0/1 192.168.2.1 255.255.255.0 Head Office
F0/2 192.168.3.1 255.255.255.0 Head Office
F0/3 192.168.4.1 255.255.255.0 Head Office
F0/4 192.168.5.1 255.255.255.0 Head Office
F0/5 192.168.6.1 255.255.255.0 Head Office
F0/6 NA NA Head Office
F0/7 192.168.7.1 255.255.255.0 Head Office
Multi Layer Switch 2
F0/1 NA Melbourne
F0/2 NA Melbourne
F0/3 NA Melbourne
F0/4 NA Melbourne
Multi Layer Switch 3
F0/1 NA Perth
F0/2 NA Perth
F0/3 NA Perth
F0/4 NA Perth
Wireless Router 1
Ethernet 1 192.168.7.2 255.255.255.0 Head office
Wireless Router 2
Ethernet 1 10.1.5.1 255.255.255.0 Melbourne
Wireless Router 3
Ethernet 1 20.1.5.1 255.255.255.0 Perth
Switch 0 F0/1 NA Head office
F0/2 NA Head office
F0/3 NA Head office
F0/4 NA Head office
F0/5 NA Head office
F0/6 NA Head office
F0/7 NA Head office
Switch 1 F0/1 NA Head office
F0/2 NA Head office
Switch 2 F0/1 NA Head office
F0/2 NA Head office
Switch 3 F0/1 NA Head office
F0/2 NA Head office
Switch 4 F0/1 NA Head office
F0/2 NA Head office
Switch 5 F0/1 NA Head office
F0/2 NA Head office
Switch 6 F0/1 NA Head office
F0/2 NA Head office
F0/3 NA Head office
Switch 7 F0/1 NA
F0/2 NA
F0/3 NA
F0/4 NA
Switch 8 F0/1 NA
F0/2 NA
Switch 9 F0/1 NA
F0/2 NA
Switch 10 F0/1 NA
F0/2 NA
Switch 11 F0/1 NA
F0/2 NA
Switch 12 F0/1
F0/2
DNS Server Fast Ethernet 172.16.1.35 255.255.255.224 Head office
DHCP Server Fast Ethernet 172.16.1.34 255.255.255.224 Head office
Active Directory
Fast Ethernet 172.16.1.36 255.255.255.224 Head office
Mail Server Fast Ethernet 172.16.1.37 255.255.255.224 Head office
Database Server
Fast Ethernet 172.16.1.38 255.255.255.224 Head office
Database Backup Server
Fast Ethernet 172.16.1.130 255.255.255.224 Head office
RAID Fast Ethernet 172.16.1.131 255.255.255.224 Head office
Authentication Server
Fast Ethernet 172.16.1.66 255.255.255.224 Head office
IIS Server Fast Ethernet 172.16.1.67 255.255.255.224 Head office
BO1 S1 Fast Ethernet Melbourne
BO1 S2 Fast Ethernet Melbourne
BO2 S1 Fast Ethernet Perth
BO2 S2 Fast Ethernet Perth
VLAN Structure
VLAN Structure of Sydney (Head Office)
VLAN 10 LAB One 192.168.2.0 /24 192.168.2.1 - 192.168.2.255
VLAN 20 LAB Two 192.168.3.0 /24 192.168.3.1 - 192.168.3.255
Lab1 can only access to Lab2, Internet and all other http server, other all request from the lab will be denied.
Extended IP access list Lab1
permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
permit tcp 192.168.2.0 0.0.0.255 any eq domain
permit tcp 192.168.2.0 0.0.0.255 any eq www
permit ip 192.168.2.0 0.0.0.255 host 172.16.1.35
permit udp any any
Lab2 Restriction & Configuration
Lab2 can only access to Lab1, Internet and all other http server, other all request from the lab will be denied.
Extended IP access list Lab2
permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
permit tcp 192.168.3.0 0.0.0.255 any eq domain
permit tcp 192.168.3.0 0.0.0.255 any eq www
permit udp any any
Teachers Department Permissions
Teachers depart has access to anywhere except Accounts and Administration Department
Extended IP access list Teachers
deny ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255
deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip any any
Account Department Permissions
Only Host PC7 has access in Accounting department, all other access denied for security purpose
Extended IP access list 140
permit ip host 192.168.4.2 192.168.5.0 0.0.0.255 (8 match(es))
Access Control List configuration of Router 1
Frame Relay Configuration
Only Administration Department, Accounts Department and Teachers Department
Frame Relay Mapping for Router1
Configurations
Serial1/0 (up): ip 200.18.5.2 dlci 102, dynamic, broadcast, CISCO, status defined, active
Serial1/0 (up): ip 200.18.5.3 dlci 103, dynamic, broadcast, CISCO, status defined, active
Frame Relay Mapping for Router 3
Frame Relay Mapping for Router 4
Router Redistribution (OSPF & RIPv2)
Figure: In the screen shot Router0 is running RIPv2 and Router 2 is running OSPF. Router1 is running RIPv2 and OSPF both. As we applied router redistribution on Router1, it is translating OSPF as RIP to Router0 and RIP as OSPF to Router2.
Router 1 is the translator for RIP and OSPF of both sides. Here are the ip routes of router 1, router 0 and router 2.
Routing Protocols Configuration of Router1:
router ospf 1
log-adjacency-changes
redistribute rip subnets
redistribute connected subnets
network 192.168.0.0 0.0.255.255 area 0
network 172.16.1.32 0.0.0.31 area 0
network 172.16.1.4 0.0.0.3 area 0
network 192.168.7.0 0.0.0.255 area 0
!
router rip
version 2
redistribute ospf 1
redistribute connected
network 172.16.0.0
!
Router 1 Configuration
Router1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
R 10.0.0.0/8 [120/2] via 172.16.1.1, 00:00:12, Serial1/0
R 20.0.0.0/8 [120/2] via 172.16.1.1, 00:00:12, Serial1/0
172.16.0.0/16 is variably subnetted, 6 subnets, 3 masks
S 172.16.0.0/16 [1/0] via 172.16.1.0
C 172.16.1.0/30 is directly connected, Serial1/0
C 172.16.1.4/30 is directly connected, Serial1/1
C 172.16.1.32/27 is directly connected, FastEthernet0/1
R 172.16.1.64/27 [120/1] via 172.16.1.1, 00:00:12, Serial1/0
O 172.16.1.128/27 [110/782] via 172.16.1.6, 03:34:27, Serial1/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0.1
C 192.168.3.0/24 is directly connected, FastEthernet0/0.2
C 192.168.4.0/24 is directly connected, FastEthernet0/0.3
C 192.168.5.0/24 is directly connected, FastEthernet0/0.4
C 192.168.6.0/24 is directly connected, FastEthernet0/0.5
C 192.168.7.0/24 is directly connected, Ethernet0/3/0
R 200.18.5.0/24 [120/1] via 172.16.1.1, 00:00:12, Serial1/0
Router0 Configuration
Router0#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
R 10.0.0.0/8 [120/1] via 200.18.5.2, 00:00:01, Serial1/0
R 20.0.0.0/8 [120/1] via 200.18.5.3, 00:00:17, Serial1/0
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.16.1.0/30 is directly connected, Serial1/1
R 172.16.1.4/30 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 172.16.1.32/27 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
C 172.16.1.64/27 is directly connected, FastEthernet0/0
R 192.168.1.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 192.168.2.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 192.168.3.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 192.168.4.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 192.168.5.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 192.168.6.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
200.18.5.0/29 is subnetted, 1 subnets
C 200.18.5.0 is directly connected, Serial1/0
Router 2 Configuration
Router2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
O E2 10.0.0.0/8 [110/20] via 172.16.1.5, 03:37:47, Serial1/0
O E2 20.0.0.0/8 [110/20] via 172.16.1.5, 03:37:47, Serial1/0
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O E2 172.16.1.0/30 [110/20] via 172.16.1.5, 03:37:47, Serial1/0
C 172.16.1.4/30 is directly connected, Serial1/0
O 172.16.1.32/27 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O E2 172.16.1.64/27 [110/20] via 172.16.1.5, 03:37:47, Serial1/0
C 172.16.1.128/27 is directly connected, FastEthernet0/0
O 192.168.1.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.2.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.3.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.4.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.5.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.6.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.7.0/24 [110/74] via 172.16.1.5, 03:37:47, Serial1/0
O E2 200.18.5.0/24 [110/20] via 172.16.1.5, 03:37:47, Serial1/0
Apply Router on a Stick
Figure: Router on a stick applied on the LAN network. Fast Ethernet 0/0 has created 5 more sub interface to give support VLAN10 – VLAN 50
Configuration of Router on a Stick
Router1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/0.1 192.168.2.1 YES manual up up
FastEthernet0/0.2 192.168.3.1 YES manual up up
FastEthernet0/0.3 192.168.4.1 YES manual up up
FastEthernet0/0.4 192.168.5.1 YES manual up up
FastEthernet0/0.5 192.168.6.1 YES manual up up
FastEthernet0/0.6 unassigned YES unset administratively down down
FastEthernet0/1 172.16.1.33 YES manual up up
Ethernet0/3/0 192.168.7.1 YES manual up up
Serial1/0 172.16.1.2 YES manual up up
Serial1/1 172.16.1.5 YES manual up up
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Serial1/4 unassigned YES unset administratively down down
Serial1/5 unassigned YES unset administratively down down
Serial1/6 unassigned YES unset administratively down down
Serial1/7 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
Virtual Private Network (VPN) Configuration
A virtual private network (VPN) is a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization.
It encapsulates data transfers between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks. There are many different classifications, implementations, and uses for VPNs.
Here we have connected 2 branch office with Sydney head office.
VPN Details
Ping AAA Server(30.0.0.2) to update ARP table first.
Group Name: ciscogroup
Group Key: ciscogroup
Server IP: 200.18.5.0
User: sunny
Pass: cisco
VPN Connected
After connecting with vpn server it accusers new ip address.
VPN Server configuration
hostname Router0
aaa new-model
aaa authentication login vpnauth group radius local
aaa authorization network vpnauth local
username sunny password 0 cisco
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp client configuration group ciscogroup