Assessment 4 – Layer 2 switching and VLANs
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Assessment 4 – Layer 2 switching and VLANs
BackgroundThe ‘Career Advance’ (CA) is a higher education provider located in Melbourne. Currently, they are renting three floors of a building in the suburb of Southbank. It has been recently confirmed that they will move to a new building located in the nearby suburb of St Kilda by the end of next month.
The existing network infrastructure is not efficient and is not secured. There are a lot of complaints from staff about slow network performance and security issues such as unauthorized access to administrative documents. The reason for this is in part that the institute currently has only two networks, one for staff and one for students. There is one router (Cisco 2620XM) connecting both networks together.
As part of the move to the new location, they are looking forward to putting a more reliable, scalable and cost-effective network in place.
Project cost is a factor, so these existing components are to be used within the design. They have 8 Cisco 2960 Switches and 1 Cisco 2620XM router. As per Network Manager, only cables are approved for purchasing.
Below is a breakdown of the number of staff, students and devices by location in the current building.
Staff/Students Level Number
Administrative Staff Ground 25
Academics First Floor 5
Academics Second floor 5
Students First Floor 50
Students Second floor 60
IT staff and Servers Ground floor 10
Printers First Floor 2
Printers Second floor 2
Table 1
This breakdown will be the same in the new building.
Below is the topology proposed by the Network Manager. Your job is to create the network plan, allocate the IP addresses appropriately, configure the network according to the given guidelines and troubleshoot errors if there are any.
2
Figure 1
Note• The diagram does not show all end devices.• Each workstation/printer represents a group.• All switches and routers are shown.• Only the devices shown in the diagram are to be used throughout this
assessment.
You have been given 192.168.100.0/24 as the base address for this network.
Requirement
As a staff member of IT department, you have been given the task of re-configuring the whole network for the newly rented building.Below listed are the documented tasks for you.
Task 1: Building the topology
Create the network diagram shown in Figure 1 using Cisco packet tracer. Use suitable cable types when cabling the devices. Label the devices as depicted in Figure 01.
While creating the topology please use the ports listed in Table 2 (below) for connecting devices on each switch. This will be useful for your future planning of the network.
Switch Name Connecteddevice/switch Connected port/ports of thename switch
SW1-GF ADMIN1-GF Fa0/3
ADMIN25-GF Fa0/4
SW2-GF Fa0/1, Fa0/2
SW1-FF Fa0/5, Fa0/6
SW2-GF ADMIN2-GF Fa0/3
IT10-GF Fa0/4
WEB-GF Fa0/5
FILE-GF Fa0/6
SW1-GF Fa0/1, Fa0/2
Router-GF Fa0/7
SW1-FF SW1-GF Fa0/1, Fa0/2
SW2-FF Fa0/3, Fa0/4
SW3-FF Fa0/5, Fa0/6
SW1-SF Fa0/9, Fa0/10
Academic4-FF Fa0/7
Student49-FF Fa0/8
SW2-FF SW1-FF Fa0/1, Fa0/2
4 © Didasko 2018. All rights reserved.
Student1-FFFa0/3
Academic1-FF Fa0/4
Printer2-FF Fa0/5
SW3-FF SW1-FF Fa0/1, Fa0/2
Student50-FF Fa0/3
Academic5-FF Fa0/4
Printer1-FF Fa0/5
SW1-SF SW1-FF Fa0/1, Fa0/2
SW2-SF Fa0/3, Fa0/4
SW3-SF Fa0/5, Fa0/6
Academic4-SF Fa0/7
Student59-SF Fa0/8
SW2-SF SW1-SF Fa0/1, Fa0/2
Student1-SF Fa0/3
Academic1-SF Fa0/4
Printer2-SF Fa0/5
SW3-SF SW1-SF Fa0/1, Fa0/2
Student60-SF Fa0/3
Academic5-SF Fa0/4
Printer1-SFFa0/5
Table 2
a) Save the Cisco Packet Tracer file as xxx_cse2cnx_assessment4.pkt. (where xxx is your student number)
b) Include a screenshot of your topology as evidence of the completion of this task.
Note• Please add all the screenshots and written answers in a word file
named xxx_cse2cnx_assessment4.docx. (where xxx is your student number)
Task 2: Basic configurations of the switches
a) Configure the following on each switch.- Switch name should be same as the label on each switch. (SW1-GF is an example).- Configure an enable password.- Configure an enable secret.- Configure a console password.- Configure a telnet password.- Configure Message of the Day banner (MOTD) as “Unauthorized access
is prohibited!!”.- Save the configurations.
b) Fill Table 2 shown below with the chosen hostnames and passwords.
Switch name
Enable password Enable
secret Console
password Telnet
password
Table 2
c) Take a screenshot of the startup-configuration for each switch and include it in the word file as evidence of completing this task.
Task 3: Basic configurations of the router
a) Configure the following on Router-GF. - Configure router name as Router-GF. - Configure an enable password.- Configure an enable secret.
- Configure a console password. -Configure a telnet password.- Configure Message of the Day banner (MOTD) as “Unauthorized access
is prohibited!!”.- Save the configurations.
b) Fill Table 3 shown below with the chosen hostnames and passwords.
Router name
Enable password
Enable secret
Console password
Telnet password
Table 3
c) Take a screenshot of the startup-configuration and include it in the word file as evidence of completing this task.
Task 4: Planning VLANs
Plan Virtual Local Area Networks (VLANs) so that the groups of people and devices shown in Table 4 (below) are in different sub-networks.
Group Device Names under that group
Administrative staff Admin1-GF, Admin2-GF, Admin25-GF
IT IT10-GF, WEB-GF, FILE-GF
Printers Printer1-FF, Printer2-FF, Printer1-SF,Printer2-SF
Students Student1-FF, Student49-FF, Student50_FF
Student1-SF, Student59-SF, Student60_FF
Academics Academic1-FF, Academic4-FF, Academic5-FF
Academic1-SF, Academic4-SF, Academic5-SF
Table 4
© Didasko 2018. All rights reserved. 7
Note• You should not use VLAN numbers 1, 1002-1005 or above 1005.
This is a critical planning step. To support your planning, two table templates (Table 5 and Table 6) are given below.
a) Fill Table 5 with the planned VLAN Numbers and Names for each group or subnetwork.
Group VLAN Number VLAN Name
Administrative staff
IT
Printers
Students
Academics
Table 5
b) Table 6 (below) is a modified version of Table 2. For each device include information relating to assigned VLANs and connected ports.
Switch Connected VLAN VLAN name ConnectedName device/switch Number port/ports of the
name switch
SW1-GF ADMIN1-GF
ADMIN25-GF
SW2-GF ADMIN2-GF
IT10-GF
WEB-GF
FILE-GF
SW1-FF Academic4-FF
Student49-FF
SW2-FF Student1-FF
Academic1-FF
Printer2-FF
SW3-FF Student50-FF
Academic5-FF
Printer1-FF
SW1-SF Academic4-SF
Student59-SF
SW2-SF Student1-SF
Academic1-SF
Printer2-SF
SW3-SF Student60-SF
Academic5-SF
Academic5-SF
Printer1 – SF
Table 6
Task 5: Configure VLANs and assign ports to appropriate VLANs
In Task 4 you have planned VLAN details and identified the ports to assign into each VLAN.
a) Configure VLANs (VLAN ID and VLAN name) on each switch.b) Assign ports to each VLAN as per Table 6.c) Save the configurations.d) Issue appropriate “show” command to list all created VLANs
and assigned ports on each switch.e) Include screenshots of “show” command output as evidence (for each switch).
Task 6: Planning IP Addresses
The Base IP address given to you for this network is 192.168.100.0/24.
a) Fill Table 7 shown below to identify decimal subnet mask, useable IP address range and broadcast address for each subnet.
Group Subnet address Decimal Useable IP BroadcastSubnet mask address range address
Students 192.168.100.0/25
Administration 192.168.100.128/27
Academics 192.168.100.160/28
IT 192.168.100.176/28
Printers 192.168.100.192/29
Table 7
b) Guidelines for end device addressing:
• Keep the last useable IP address of each subnet reserved for its gateway.
• You can choose end device addresses from the useable range of addresses for each subnet.
Fill Table 8 (below) with appropriate end device IP addresses, decimal subnet masks and gateways.
.
Group End device Name IP Address (Dotted Decimal Subnet Gateway
decimal format) Mask address
Students Student1-FF
Student49-FF
Student50-FF
Student1-SF
Student59-SF
Student60-SF
Administration ADMIN1-GF
ADMIN2-GF
ADMIN25-GF
Academics Academic1-FF
Academic4-FF
Academic5-FF
Academic1-SF
Academic4-SF
Academic5-SF
IT IT10-GF
WEB-GF
FILE-GF
Printers Printer1-FF
Printer2-FF
Printer1-SF
Printer2-SF
Table 8
11
Task 7: End Device Configuration
a) You have already planned the end device IP addresses in Task 6.
Configure IP address, subnet mask and gateways on all end devices as outlined in Table 8.
For Admin1-GF, Printer1-FF, Student1-FF, Academic1-SF take screenshots of the completed IP configuration window as evidence of the completion of this task and include in the word file.
b) Issue a “ping” command from Student1-FF to Student49-FF. Include a screenshot of the ping command output.
c) If “ping” is not successful at this stage provide an explanation as to why.
Task 8: Configuring trunk links
In this task you will identify the trunks and configure trunk ports.
Note• Use IEEE 802.1Q encapsulation for trunking.
a) Identify the trunk ports on each switch and fill the “Trunk Ports” column in Table 9 shown below. (Trunk ports can be easily identified using information from Table 2)
b) Configure the identified ports in “trunk” mode and set the encapsulation type as “IEEE 802.1Q”. Fill the column “Configured” in Table 9 with either YES or NO.
c) Save the configurations.d) Mention two “show” commands that give:
• Output showing all the configured trunk ports and• Output showing the individual port/interface mode (Administrative mode, operational
mode, etc.)
e) Issue the appropriate command to show all the configured trunk ports on each switch and include screenshots as evidence in the word file.
12
Switch Name Trunk Ports Configured (YES/NO)
SW1-GF
SW2-GF
SW1-FF
SW2-FF
SW3-FF
SW1-SF
SW2-SF
SW3-SF
Table 9
Task 9: Connectivity test
a) Check connectivity between ADMIN1-GF and ADMIN2-GF using the “ping” command.Provide a screenshot of the ping result.
b) Check connectivity between ADMIN1-GF and PRINTER1-FF using the “ping” command. Provide a screenshot of the ping result.
c) Discuss the outcome of the results.
Task 10: Configuring inter-VLAN routing
Requirements:
• Academics should be able to communicate with Students.• IT should be able to communicate with Administrative staff.• All staff and students should be able to communicate with printers.
This task is for you to configure inter-VLAN routing to achieve this.
The template Table 10 (below) can be used to assist in this task.
a) Collect details from your previous planning tasks and fill in Table 10 (below)
Group Subnet address VLAN Number Gateway ip address ofthis subnet/subnetmask
Students 192.168.100.0/25
Administration 192.168.100.128/27
Academics 192.168.100.160/28
IT 192.168.100.176/28
Printers 192.168.100.192/29
Table 10
Now, it is time for you to start planning the router configurations.
b) Fill Table 11 (below) with router sub-interfaces and appropriate IP addresses for those sub-interfaces.
Guidelines given are,
• Sub-interface number should be same as the VLAN number.
• Sub-interface IP address should be same as the default gateway address of the sub-network
VLAN Number Router Sub Interface IP Address Subnet Mask
Table 11c) Create and configure planned sub-interfaces with appropriate commands to achieve the
task requirements.d) Save the configurations.e) Take a screenshot of the startup-configuration file to show the changes you have
made.
Task 11: Connectivity Test
a) Check connectivity between Academic5-FF and Student60-SF using the “ping” command.
Provide a screenshot of the ping result.
14
b) Check connectivity between IT10-GF and ADMIN1-GF using the “ping” command. Provide a screenshot of the ping result.
c) Check connectivity between Student60-SF and Printer1-FF using the “ping” command.Provide a screenshot of the ping result.
Task 12: Configure Port Security
This task is to secure two ports on SW2-GF connected to the servers.
a) Figure 2 (below) shows the port-security status of Fa0/5 on SW2-GF.
Port Security
Port Status
Violation Mode
Aging Time
Aging Type
SecureStatic Address Aging
Maximum MAC Addresses
Total MAC Addresses
Configured MAC Addresses
Sticky MAC Addresses
Last Source Address : Vlan
Security Violation Count
: Disabled
: Secure-down
: Shutdown
: 0 mins
: Absolute
: Disabled
: 1
: 0
: 0
: 0
: 0000.0000.0000:0
: 0
Figure 2
You can see that the port-security status is “Disabled”. Discuss why this is the case?
b) Enable port-security on Fa0/5 and Fa0/6 of SW2-GF which are connected to the servers.
c) Verify port-security status using the appropriate “show” command and provide screenshots.
d) Configure port-security on Fa0/5 and Fa0/6 as per the guidelines given below.
• First MAC address coming in to the port should “stick” to it.• Maximum of 1 Mac addresses are allowed.• If the above condition is violated the port should go to “shutdown” mode.
e) Issue the “show “command to check the port-security status and provide screenshots to demonstrate the changes you have made.
16 © Didasko 2018. All rights reserved.
Assessment 4 – Marking Criteria
Task Item Mark/Item Mark/Task
Task1: Building the a) Proposed network topologytopology was created in Cisco Packet 6
Tracer. (As per Figure 1) 8b) Screenshot of the topology
2was provided.Task 2: Basic a) All configurations were done
3.5configurations of the properly.switches b) Table 2 was filled with
2.5proper information.8c) startup-configuration
screenshot provided and2shows the configurations
changes.Task 3: Basic a) All configurations were done
3.5configurations of the properly.router b) Table 3 was filled with
2.5proper information.8c) startup-configuration
screenshot provided and2shows the configurations
changes.Task 4: Planning a) Table 5 was filled with proper
5VLANs VLAN information.16b) Table 6 was filled with proper
11VLAN and port information.Task 5: Configure a) VLANs were configured
4VLANs and assign properly in each switch.ports to appropriate b) Ports were assigned as per
4VLANs Table 6.c) Configuration was saved. 1 11d) Appropriate show command
1issued.e) Screenshot of the “show”
command output was 1provided.
Task 6: Planning IP a) Table 7 was filled withAddresses. correct IP address 7.5
information.18.5b) Table 8 was filled with
appropriate IP address11information as per the
guidelines given.
. 17
Task 7: End device a) IP addresses wereconfiguration configured on all end devices 11
as per Table 8.b) Ping command was issued
from Student1-FF to 13.5Student49-FF and 2screenshot of the commandoutput provided.
c) Explanation provided. 0.5Task 8: Configure a) Trunk ports identified on eachtrunk links switch and filled the “Trunk 4
Ports” column in Table 9.b) Trunk ports were configured
4correctly.c) Configurations was saved. 1 13d) Two show commands were
2mentioned.e) Appropriate “show”
command was issued, and2screenshots were provided
for each switch.Task 9: Connectivity a) Connectivity betweentest ADMIN-GF and ADMIN2-GF
2tested, and screenshotprovided.
5b) Connectivity betweenADMIN-GF and PRINTER1-
2FF tested, and screenshotprovided.
c) Outcome was discussed. 1Task 10: Configuring a) Table 10 was filled with 5inter-VLAN routing proper information.
b) Table 11 was filled with 10correct sub-interface and IPaddress information.
c) Sub interfaces were 5 23configured correctly.d) Configuration was saved. 1e) Screenshot of the startup- 2
configuration was provided todemonstrate the changesmade.
Task 11: Connectivity a) Connectivity between 2test Academic5-FF and Student60-
SF was tested, andscreenshot provided. 6
b) Connectivity between IT10-GF 2and ADMIN1-GF was tested,
18
and screenshot provided.
c) Connectivity between 2Student60-SF and Printer1-FFwas tested, and screenshotprovided.
Task 12: Configure a) Port-security status was 2Port Security discussed.
b) Port-security on Fa0/5 and 2Fa0/6 enabled.
c) Port-security status verified 2using the proper command. 10Screenshot provided.
d) Port-security configured as 3per the guidelines.
e) Port-security status verified 1using the proper command.Screenshot provided.
Total 140
Related Documents
