Assignment1 - Laurentianweb.cs.laurentian.ca/.../assets/documents/Assignment1.docx · Web viewIn this Assignment, you will be using Packet Tracer, a network simulator software. With

ASSIGNMENT 1SETTING UP WIFI NETWORK: SECURE AND OPEN

Administrative Info

Mode of delivery Demonstration and ReportDue July 6, 2017Group As assigned by the professor

A. OBJECTIVES

Learn about network simulation Access Point (AP) usage Wireless router usage Setting up WiFi security: WPA2-PSK, WPA2-Enterprise Setting up and usage of AAA server Setting up and usage of DHCP server Setting up and usage of DNS server

B. INTRODUCTION TO PACKET TRACER

In this Assignment, you will be using Packet Tracer, a network simulator software. With packet tracer, you can quickly build network involving cisco networking devices (e.g. routers, switches, hubs, security appliances, etc.) and standard hosts (e.g. desktop PC, laptop PCs, tablets, smartphone, VoIP phones, etc.). Also, the program provides some simulated servers very useful for network operation and testing. In this activity we will be using web (HTTP) server, DNS server, DHCP server, and AAA (Authentication, Authorization and Accounting) server.

For a quick introduction of the software interface and usage, watch any youtube video.

Also, go over the following video tutorial that comes with the software (Help menuTutorial).

a. Getting Started Interface Overviewb. Logical Workspace Creating a Network Topologyc. Configuring Devices Configuring Devices Using the Config tabd. Configuring Devices Configuring Devices Using the Desktop tabe. Configuring Devices Configuring Devices Using the CLI tab f. LinksysWRT300N Topologiesg. LinksysWRT300N Local Loop Connectionsh. LinksysWRT300N Configuring Linksys Security

Refer to help menu for any setup or configuring.

© Khaled Mahmud P a g e 1 | 37

CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING

C. PROCEDURE

In this activity you will create a network for a small organization (any name of your choice) provides WiFi service to its staff, as well as the guest to the office. For testing purposes, you will setup access points (AP) in both secure and open mode. Again, in secure mode, you will setup AP with WPA2-PSK and WPA2-Enterprise authentication. WPA2-Enterprise will use an AAA (radius) server for user authentication.

Additionally, you will setup the access and core network (distribution system), and add necessary servers and networking devices to support the overall deployment.

Note that even though we are providing secure access WiFi, not other security mechanism (e.g. ACL, Firewall, etc.) is implemented in this lab network.

Using the following step, you will gradually build the network, and configure the devices for proper operation.

(I) TOPOLOGY SETUP

(1) Start an empty topology.

(2) From the Devices palette at the bottom of the window, drag and drop the following devices on the topology.

Table 1: Device List for the topology

Device Number Comment

Router (819HGW) 4 1 router for the ISP;

3 for the core network of ABC Co.

Switch (2960-24TT) 4

End Device (Generic, Server-PT)

5 ExtWebSer in the ISP’s network;

IntWebSer in the ABC Co’s LAN1;

DNSSer in the ABC Co’s LAN1;

AAASer in the ABC Co’s LAN1;

DHCPSer in ABC Co’s LAN2

Wireless Devices (Generic, AccessPoint-PT-N)

2 These are pure Access Point, without any routing functionality;

Both are place in LAN2, and will provide secure access to the client



Wireless Devices (WRT300N)

3 These are APs with built-in router;

In addition to routing function, there wireless routers provide NAT and DHCP service.

One will be used for guest without any security

One will be used for internal staff with WPA2-PSK (pre-shared key) security mode.

One will be used for internal staff with WPA2-Enterprise security mode, in conjunction with the AAA server

Note about connecting WRT300N to the uplink. Make sure ‘Internet’ interface is used to connect the uplink device (switch or router). This interface represents ‘WAN’ interface of a usual home router.

End Devices (Generic, PC-PT)

2 For testing purposes

One as DHCP client, placed in LAN2

One with static IP, place in the same LAN with Wireless routers.

End Devices (Generic, Laptop-PT)

2

End Devices (Wireless Tablet, TabletPC-PT)

2 One for WPA2-PSK configuration

One for WPA2-Enterprise configuration

End Devices (Smart Device, Smartphon-PT)

1 For guest access

(3) Use the following diagram to connect the devices and create the network topology for the activity.

(4) Using the annotation tools, label the topology. The wireless connections may not show up until you configure the AP or wireless routers.

(5) IMPORTANT: Make sure you connect between proper interfaces (see the names of interfaces) of the routers as indicated in the diagram; because the configuration codes that follow will use these



interface names exactly. If you connect to wrong interfaces, your network will not function. Legend used in the diagram as follows.

Table 2: Interface legend

In the diagram In the configuration

f0/0 FastEthernet0

f0/1 FastEthernet1

f1/0 FastEthernet2

f1/1 FastEthernet3

Figure 1: Activity Topology



(II) ROUTER CONFIGURATION

Configure all the routers using Command Line Interface (CLI). First set the router’s hostname and display name.

(1) Click on a router to bring the configuration window. In the ‘Config’ tab, set the Display Name and Hostname as (e.g. as ISPR) according to Fig. 1. See the figure below.

Figure 2: Setting router’s Hostname and display name

(2) Go the ‘CLI’ tab (see Fig. 3), enter the configurations. Note that everything on left of # sign or > sign is displayed by the device. You do not have to type. The required configuration for each router is given in the codeboxes below, (I) through (IV).

Figure 3(a): CLI Console of a router



Figure 3(b): CLI Console of a router

(I) !Configuration of ISP Router

ISPR>enable

ISPR#

ISPR#config terminal

ISPR(config)#interface FastEthernet0

ISPR(config-if)#ip address 10.0.0.1 255.255.255.252

ISPR(config-if)#no shutdown

ISPR(config-if)interface FastEthernet1

ISPR(config-if)ip address 10.20.20.1 255.255.255.0

ISPR(config-if)#no shutdown

ISPR(config-if)#exit

ISPR(config)#

ISPR(config)#ip route 10.0.0.0 255.0.0.0 10.0.0.2



ISPR(config)#exit

ISPR#

ISPR#copy run start

(II) !Configuration of WAN Router

WANR>en

WANR#config terminal

WANR(config)#interface FastEthernet0

WANR(config-if)#ip address 10.1.0.1 255.255.255.252

WANR(config-if)#no shutdown

WANR(config-if)#interface FastEthernet1



WANR(config-if)#interface FastEthernet3



WANR(config-if)#exit

WANR(config-if)#

WANR(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.1







WANR(config)#exit

WANR#

WANR#copy run start

(III) !Configuration of Data Centre Router

DCR>

DCR>enable

DCR>

DCR#config terminal

DCR(config-if)#interface FastEthernet0



DCR(config-if)#ip address 10.1.0.2 255.255.255.252

DCR(config-if)#no shutdown







DCR(config-if)#exit

DCR(config)#ip route 0.0.0.0 0.0.0.0 10.1.0.1






DCR(config)#exit

DCR#

DCR#copy run start

(IV) !Configuration of End-user Router

ENDR>

ENDR>enable

ENDR#config terminal

ENDR(config)#

ENDR(config)#interface FastEthernet0

ENDR(config-if)#ip address 10.1.0.10 255.255.255.252

ENDR(config-if)#no shutdown

ENDR(config-if)#interface FastEthernet1










ENDR(config-if)#exit

ENDR(config)#

ENDR(config)#ip route 10.1.2.0 255.255.255.0 10.1.0.18





ENDR(config)#exit

ENDR#copy run start



(II I) ACCESS POINT CONFIGURATION

(1) For both the APs, configure ‘Port 1’ according to the figures below. Set (i) SSID, (ii) Channel, (iii) Authentication, (iv) PSK Pass Phrase, and (v) Encryption Type. Note that there is no option of WPA2-Enterprise security option.

(2) Both the APs will be using WPA2-PSK mechanism.

Figure 4(a): AP Configuration

Figure 4(b): AP Configuration



(IV) WIRELESS ROUTER CONFIGURATION

(1) Configure the Wireless Routers according to the following figures.

(2) Make sure to save the changes in each device.

Figure 4(a): WRGuest: Wireless Router Configuration (Basic Setup)



Figure 4(b): WRGuest: Wireless Router Configuration (Wireless Settings)

Figure 4(c): WRGuest: Wireless Router Configuration (Wireless Security)



Figure 5(a): WRSecPSK: Wireless Router Configuration (Basic Setup)



Figure 5(b): WRSecPSK: Wireless Router Configuration (Wireless Settings)

Figure 5(c): WRSecPSK: Wireless Router Configuration (Wireless Security)



Figure 6(a): WRSecAAA: Wireless Router Configuration (Basic Setup)



Figure 6(b): WRSecAAA: Wireless Router Configuration (Wireless Settings)

Figure 6(c): WRSecAAA: Wireless Router Configuration (Wireless Security)



(V) SMART PHONE CONFIGURATION

(1) This device is to be used in the Guest wireless router that has no security.

(2) Configure the device according to the figures below.

(3) Note in Fig. 7(b) that the device acquired IP address through DHCP.

Figure 7(a): Smart Phone Setting (Wireless Interface Setting)



Figure 7(b): Smart Phone Setting (IP Setting)

(VI) TABLET PC CONFIGURATION

(1) In the topology, tablet PCs are set to use secure access points. Use the following parameters.

Figure 8(a): Tablet PC Setting



(VII) LAPTOP CONFIGURATION

(1) Laptops in Packet Trace do not have built-in wireless interface. Add Linksys-WPC300N module as shown in the figure. (power off, remove LAN interface, add WiFi interface)

Figure 9: MPC2: Laptop Setting (Adding Wireless Card)

(2) From ConfigWireless0, Set IPv4 and security setting of both the laptops according to Fig.10. Leave the default MAC addresses unchanged.

(3) Note that MPC1 will be using WPA-PSK (preshared key). MPC2 will be using WPA2 (Enterprise) access mechanism that requires the user authentication using some AAA server, which you will configure later.

(4) For MPC2, using ‘Desktop’ tab, PC Wireless menu, create different profiles for connecting different wireless routers. See Fig. 10(c).



Figure 10(a): MPC1: Laptop Setting (Wireless Interface and IP Setting)

Figure 10(b): MPC2: Laptop Setting (Wireless Interface and IP Setting)



Figure 10(c): MPC2: Laptop Setting (Create Profiles)



(VIII) TEST PC CONFIGURATION

(1) The test PCs are placed in the network to verify connectivity as well as DHCP operation.

(2) Configure TestPC1 to use DHCP (see the figures below).

(3) Set static IP configuration in TestPC2.

Figure 11(a): TestPC1: Desktop Setting (IP Setting)

Figure 11(b): TestPC2: Desktop Setting (IP Setting)



(IX) WEB SERVER CONFIGURATION

(1) Two web servers are placed in the topology to test application layer communication in the network.

(2) Set the IP address of both to be static.

(3) Modify the html code of both the web servers’ pages to personalize your work (e.g. use your name, company name, your unique message, etc.)

Figure 12(a): ExtWebSer: Web Server Setting (IP Setting)

Figure 12(b): ExtWebSer: Web Server Setting (Customizing the web page)



Modify here.

Figure 12(c): ExtWebSer: Web Server Setting (HTML Code)

Figure 12(d): IntWebSer: Web Server Setting (IP Setting)



(X) DNS SERVER CONFIGURATION

(1) This DNS server is for the hosts inside the network of ABC Co.

(2) While doing static IP configuration, use this DNS server.

(3) For DHCP clients, DHCP server should provide this DNS server’s IP address (see the DHCP server settings below).

(4) In the DNS service setting, add a couple domain names, as shown, in the resource record.

Figure 13(a): DNSSer: DNS Server Setting (IP Setting)

Figure 13(b): DNSSer: DNS Server Setting (DNS Service Setting)



(XI) DHCP SERVER CONFIGURATION

(1) This DHCP server will provide IP address and other IP configuration parameters to the DHCP clients in LAN2.

(2) Set its own IP parameters according to the Fig. 14(a).

(3) Set its DHCP parameters according to the Fig. 149(b).

Figure 14(a): DHCPSer: DHCP Server Setting (IP Setting)

Figure 14(b): DHCPSer: DHCP Server Setting (DHCP Information)



(X) AAA SERVER CONFIGURATION

(1) This AAA server will provide user authentication for AP that uses WAP2-Enterprise. In our topology, WRSecAAA is set up to use this server.

(2) This server will use static IP. Set the IP parameters according to Fig. 15(a).

(3) Set the AAA service parameters according to Fig. 15(b).

(4) For AAA mechanism, we will use Radius protocol.

(5) Client for this server will be WRSecAAA, which was set to use WPA2-Enterprise. Add IP address of WRSecAAA as client with a password (secret) that was set in WRSecAAA also (Fig. 6(c)).

(6) Add some sample users, as shown. One of these user name should be set in MPC2, which we already did in Fig. 10(b) or 10(c).

Figure 15(a): AAASer: AAA Server Setting (IP Setting)



Figure 15(b): AAASer: AAA Server Setting (AAA parameters setting)



(XI) TESTING

If all the configuration steps are done correctly, you will see that all the mobile devices are successfully associated with appropriate APs. Also, the devices should have acquired IP addresses from corresponding DHCP servers.

After implementing all the router configurations given in the codeboxes above, the mobile devices should be able to reach any other device in the network. Note, however, that the devices that are behind a NAT will not be reachable from other devices that are not within the same NAT. For example, if MPC1 is connected to WRSecPSK and MPC2 is connected to WRSecAAA, they are not reachable from each other, as they behind different NATs.

Now that your network is ready and functional, perform extensive reachability and verification tests. Do at least the followings.

a. From all the mobile devices ping both the web servers.b. From all the mobile devices browse both the web servers.c. Investigate the IP configuration of all DHCP clients. Verify if they are acquiring IP addresses

properly. d. You can login to the Linksys router using web interface. Demonstrate.e. For all the wireless routers, show the status and client list.f. From mobile device in one LAN, ping other mobile devices in other LANs.g. From the ISP router, ping the mobile devices.

Perform some tests of your own. You can add new devices, modify the configuration of existing devices, test different protocols etc. To get full marks in this section, you will be required to add 3 new tests, explain reason for each of them and present results with explanation.

Make sure whole network is ready for demonstration to the professor.



D. REPORT SUBMISSION

1. Prepare an appropriate cover page for the report.

2. Start the report body with a short ‘Introduction’, outlining the objectives of the activity.

3. Provide a clean screen capture of your topology. Make sure the figure is adequately labeled. Refer to this topology diagram when you explain your test scenario/results.

4. Prepare the rest of the report in sections according to the tests you performed. a. Describe the scenario of the test.b. Describe your test action.c. Present the result/output (e.g. screen capture)d. Give your observation/comment on the result.

5. Give a ‘conclusion’ section summarizing the learning.

6. The report should be submitted in MS Word or PDF. Make sure everything is clearly visible.

7. Put names of all members on the cover page. The file name of the word document should be as below.

TeamName-Assign1.docx

10% marks deduction for wrong file naming or format.

8. Send the report by email, by due date.

9. Save all your work for future reference.

10. Demonstrate your work when asked by the professor.



E. MARKING SCHEME

Important: Marking will be done after successful demo.

Max Mark Your Mark1 Introduction 102 Topology Screenshot 103 Test 1: From all the mobile devices ping both the

web servers.50

4 Test 2: From all the mobile devices browse both the web servers.

20

5 Test3: Investigate the IP configuration of all DHCP clients. Verify if they are acquiring IP addresses properly.

10

6 Test4: You can login to the Linksys router using web interface. Demonstrate.

10

7 Test 5: For all the wireless routers, show the status and client list.

10

8 Test 6: From mobile device in one LAN, ping other mobile devices in other LANs.

10

9 Test 7: From the ISP router, ping the mobile devices. 1010 Own investigation (do something interesting) 30

11 Conclusion 10Total 180



F. APPENDIX

Here are some output of my test.

Fig A.1: Internal web server access from Smart Phone.



Fig A.2: Dynamic IP address acquisition of MPC2.



Fig A.3: External web server access by MPC2.



Fig A.4 (a): Web interface access of WRSecPSk by MPC1



Fig A.5: Local Network status of WRSecPSk



Fig A.6: DHCP client table of WRSecPSK



Assignment1 - Laurentianweb.cs.laurentian.ca/.../assets/documents/Assignment1.docx · Web viewIn this Assignment, you will be using Packet Tracer, a network simulator software. With

Documents