IP Network Specification, v1.1



Similar documents
Lab Developing ACLs to Implement Firewall Rule Sets

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Lab Load Balancing Across Multiple Paths

Objectives. Router as a Computer. Router components and their functions. Router components and their functions

Lab Review of Basic Router Configuration with RIP. Objective. Background / Preparation. General Configuration Tips

Lab Creating a Logical Network Diagram

Lab Advanced Telnet Operations

Lab Configuring Basic Router Settings with the Cisco IOS CLI

LAB Configuring NAT. Objective. Background/Preparation

3.1 Connecting to a Router and Basic Configuration

Lab Diagramming External Traffic Flows

Lab Introductory Lab 1 - Getting Started and Building Start.txt

Packet Tracer 3 Lab VLSM 2 Solution

Lab 2 - Basic Router Configuration

PT Activity 8.1.2: Network Discovery and Documentation Topology Diagram

Lab Introductory Lab 1 Getting Started and Building Start.txt

Lab Configuring OSPF with Loopback Addresses

Lab: Basic Router Configuration

CCNA Access List Sim

Lab Configuring PAT with SDM and Static NAT using Cisco IOS Commands

Lab Creating a Network Map using CDP Instructor Version 2500

CCNA Exploration 4.0: (II) Routing Protocols and Concepts. Chapter 1: Introduction to Routing and Packet Forwarding

Lab 8.4.3a Managing Cisco IOS Images with TFTP

Lab 5.3.9b Managing Router Configuration Files Using TFTP

Applicazioni Telematiche

Introduction to Routing and Packet Forwarding. Routing Protocols and Concepts Chapter 1

Lab Load Balancing Across Multiple Paths Instructor Version 2500

Lab Configuring DHCP with SDM and the Cisco IOS CLI

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Router Lab Reference Guide

Lab Configure Cisco IOS Firewall CBAC

Sample Configuration Using the ip nat outside source static

Skills Assessment Student Training Exam

CCNA 2 Chapter 5. Managing Cisco IOS Software

Lab Characterizing Network Applications

Lab Configuring Basic Router Settings with the Cisco IOS CLI

Router and Routing Basics

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

CCT vs. CCENT Skill Set Comparison

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Lab Diagramming Intranet Traffic Flows

Device Interface IP Address Subnet Mask Default Gateway

You can probably work with decimal. binary numbers needed by the. Working with binary numbers is time- consuming & error-prone.

How To Block On A Network With A Group Control On A Router On A Linux Box On A Pc Or Ip Access Group On A Pnet 2 On A 2G Router On An Ip Access-Group On A Ip Ip-Control On A Net

Lab a Basic Subnetting

Lab Diagramming Traffic Flows to and from Remote Sites

RIPv2 with Variable Length Subnet Masks (VLSMs)

Firewall Stateful Inspection of ICMP

Part A:Background/Preparation

Chapter 1 Introduction to Network Maintenance Objectives

Lab 3.5.1: Basic VLAN Configuration (Instructor Version)

Sample Configuration Using the ip nat outside source list C

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Objectives. Background. Required Resources. CCNA Security

Troubleshooting the Firewall Services Module

Source net: Destination net: Subnet mask: Subnet mask: Router Hub

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

Cisco Configuring Commonly Used IP ACLs

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Lab Managing the MAC Address Table

Lab IP Addressing Overview

Lab Configure Basic AP Security through IOS CLI

ASA 8.3 and Later: Mail (SMTP) Server Access on Inside Network Configuration Example

Computer Networks I Laboratory Exercise 1

Lab 3 Routing Information Protocol (RIPv1) on a Cisco Router Network

- The PIX OS Command-Line Interface -

Chapter 3: IP Addressing and VLSM

Prestige 310. Cable/xDSL Modem Sharing Router. User's Guide Supplement

During this lab time you will configure the routing protocol OSPF with IPv4 addresses.

Welcome to Todd Lammle s CCNA Bootcamp

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Configuring a Leased Line

Networking Guide Redwood Manager 3.0 August 2013

Network Simulator Lab Study Plan

Configuring the PIX Firewall with PDM

Chapter 3 Using Access Control Lists (ACLs)

Troubleshooting the Firewall Services Module

Basic Software Configuration Using the Cisco IOS Command-Line Interface

Specialized Programme on Internetworking Design and LAN WAN Administration

Lab - Using IOS CLI with Switch MAC Address Tables

School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management. Lab 4: Remote Monitoring (RMON) Operations

ICND IOS CLI Study Guide (CCENT)

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Security and Access Control Lists (ACLs)

VLSM & IP ADDRESSING EXAMPLE QUESTIONS with answers;

Interconnecting Cisco Network Devices 1 Course, Class Outline

Lab Configuring Access Policies and DMZ Settings

How To Configure A Vyatta As A Ds Internet Connection Router/Gateway With A Web Server On A Dspv.Net (Dspv) On A Network With A D

Configuring System Message Logging

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

CCNA 2 v5.0 Routing Protocols Final Exam Answers

Configuring a Router

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Workstation ARP. Objective. Background / Preparation

Chapter 10 Troubleshooting

Lab PC Network TCP/IP Configuration

IP Addressing and Subnetting. 2002, Cisco Systems, Inc. All rights reserved.

UNIVERSIDADE DA BEIRA INTERIOR Faculdade de Engenharia Departamento de Informática

Transcription:

IP Network Specification, v1.1 (Class C Network)

Table of Contents IP Network Specifications, v1.1... 1 (Class C Network)... 1 IP Network Requirements - General... 3 Documentation - General... 3 Configuration Guide - General Instructions... 4 Network optimization strategy:... 4 Network Diagram... 5 Table 1: Network/Host Information (Basic information)... 6 IP Address Worksheet... 7 Subnetting Worksheet: CIDR /27 (255.255.255.224)... 7 VLSM Worksheet... 8 Configuration Worksheet (detail)... 10 Initial (Baseline) Configuration Verification - Checklist #1... 11 ACL Lists and Statements... 11 Configuration notes:... 11 ACL s 100 (inbound)... 13 Benefits:... 13 ACL 100: e0 inbound (Boaz and Eva)... 13 Configuration Test Plan (basic connectivity/security using ACL s)... 13 Monitoring the Network... 14 Validate the ACL Configuration - Checklist#2... 15 CM Documentation (command outputs from validated configuration)... 15 Security Management Documentation (command outputs from validated configuration)... 15

IP Network Requirements - General In addition to existing specifications, the following requirements are to be followed: o Class C IP Network o RIP v1 o Configure IP addressing scheme (and network diagrams) o Sample network configuration and validity/connectivity test data (command outputs) o Site-Validation & Equipment list: serial numbers, diagrams, etc. (Recorded for documentation; see example network worksheets, test scripts, and data samples) All other customer requirements are referenced in sections, below. Documentation - General Included in this description is an outline of all tasks required to build, test, and manage the proposed configuration. To fulfill these requirements, we provide network diagrams, change management and configuration data needed to correctly connect each network component and perform software configuration. To accomplish these stated goals, the following steps shall be taken: Set up all physical systems, as per the network diagrams/layout provided and the instructions provided herein. Correctly install and configure each system/component, including each router and their basic router configuration. Set up a TFTP server on one of the workstations (eg: on the Admin. WS). Create and apply access Control Lists (ACL s) on the appropriate router(s) and interface(s), as per the instructions provided herein. Test and verify connectivity between each network device (router, workstation, and server) as described, including the Configuration Notes, and Configuration Test Plan which have been provided. It is assumed that the reader is familiar with basic MS Windows, and Cisco networking software, and has basic knowledge of TCP/IP, Cisco IOS 12.x, and networking/hardware technology used to configure each component specified in the network diagram (see below). Based upon the instructions provided, it is possible to correctly build, test, and verify a fully functioning inter-network, as described herein. Troubleshooting configuration and/or hardware failures and errors is beyond the scope of this document.

Configuration Guide - General Instructions This network requires a single, class C network, and is configured with a maximum of 6 subnets (note: only 5 required), and each subnet has no more than 30 network devices (i.e., no more than 30 interfaces) per subnet. The following access restrictions are required, as indicated: WorkStation 2 (WS2) and File Server 1 are on the Management Network, and are able to access all other network devices (routers, workstations, server). Unless noted otherwise, all WorkStations (WS) on the Boaz LAN shall be permitted to access to File Server 1 only, and they are NOT permitted access outside their own LAN. For example, the WS s on the Boaz LAN can access fileserver 1 and the WS s connected to their own Boaz LAN, but they are not allowed to access any WS s connected to other (external) networks or LAN s outside the Boaz LAN. Unless noted otherwise, all WorkStations (WS) on the Eva LAN shall be permitted to access to File Server 1 only, and they are NOT permitted access outside their own LAN. For example, the WS s on the Eva LAN can access fileserver 1 and the WS s connected to their own Eva LAN, but they are not allowed to access any WS s connected to other (external) networks or LAN s outside the Eva LAN. The Center, Eva, and Boaz routers are permitted to access to any device on the network, including all routers, workstations, and servers. WS s on the Boaz LAN may access each other. WS s on the Eva LAN may access each other. Refer to the Network Diagram and Configuration Worksheets for all additional information and instructions for configuring, testing, and maintaining this inter-network. Network optimization strategy: For new designs, a trade-off always occurs regarding cost, performance and expansion capabilities. Based on a key customer requirement to provide 6 sub-nets (1 unassigned ) with up to 20 additional workstations per remote office, the following solutions are to be implemented. Network Diagram and Configuration Worksheets for all additional information and instructions for configuring, testing, and maintaining this inter-network. This configuration is considered to be optimized for lowest-cost solution adding more nodes over time (up to 30 per subnet, maximum) at each location.

Network Diagram

Table 1: Network/Host Information (Basic information) Router Designation Router Name Enable Secret VTY/Console Password Routing Protocol Routing Statements Router 1 Center class cisco RIP v1 192.168.10.0 Router 2 Boaz class cisco RIP v1 192.168.10.0 Router 3 Eva class cisco RIP v1 192.168.10.0 Router Ethrnt 0 IP Ethrnt 1 IP Serial 0 IP Serial 1 IP Subnet Mask Designation Address Addr. Address Address Router 1 192.168.10.97 xxx.xxx.xxx.xxx 192.168.10.65 192.168.10.129 255.255.255.224 Router 2 192.168.10.33 xxx.xxx.xxx.xxx 192.168.10.66 xxx.xxx.xxx.xxx 255.255.255.224 Router 3 192.168.10.161 xxx.xxx.xxx.xxx 192.168.10.130 xxx.xxx.xxx.xxx 255.255.255.224 Host S/N IP Address Subnet Mask Gateway Fileserver1 192.168.10.125 255.255.255.224 192.168.10.97 WS2(admin) 192.168.10.126 255.255.255.224 192.168.10.97 WS3 192.168.10.61 255.255.255.224 192.168.10.33 WS4 192.168.10.62 255.255.255.224 192.168.10.33 WS5 192.168.10.189 255.255.255.224 192.168.10.161 WS6 192.168.10.190 255.255.255.224 192.168.10.161 Device Router1 Router2 Router3 Fileserver1 WS2(admin) WS3 WS4 WS5 OS (Vers.) MAC Address XP XP XP XP XP WS6 XP

IP Address Worksheet Net Zero: 192.168.10.0 /27 Net-Zero b-cast: 192.168.10.255 NetMask/CIDR: 255.255.255.224 Subnet # 192.168.10.32 192.168.10.64 192.168.10.96 192.168.10.128 192.168.10.160 First host 192.168.10.33 192.168.10.65 192.168.10.97 192.168.10.129 192.168.10.161 Last host 192.168.10.62 192.168.10.94 192.168.10.126 192.168.10.158 192.168.10.190 Broadcast 192.168.10.63 192.168.10.95 192.168.10.127 192.168.10.159 192.168.10.191 Subnetting Worksheet: CIDR /27 (255.255.255.224) Requirements: Network must provide for 5 subnets. No more than 30 hosts per subnet. Use a Class C network address, RIP v1 (classful routing). Results: CIDR = /27 (subnet mask 255.255.255.224); Blocksize = 32; Provides up to 6 valid subnets, (only the first 5 subnets are assigned/utilized). 30 nodes (interfaces) per subnet (maximum).

VLSM Worksheet 0 Network 0: 192.168.10.0 4 8 12 16 20 24 28 32 Sub-Network 1: 192.168.10.32 36 40 44 48 52 56 60 64 Sub-Network 2: 192.168.10.64 68 72 76 80 84 88 92 Sub-Network 3: 192.168.10.92 96 100 104 108 112 116 120 124 128 Sub-Network 4: 192.168.10.128 132 136 140 144 148 152 156 160 Sub-Network 5: 192.168.10.160 154 158

172 176 180 184 188 192 Sub-Network 6: 192.168.10.192 (un-used) 196 200 204 208 212 216 220 224 Sub-Network 7: 192.168.10.224 (invalid) 228 232 236 240 244 248 252 256

Configuration Worksheet (detail) Hostname Boaz Center Eva Router Type (Model #) 2509 2509 2509 Router S/N Console / Aux Password cisco / cisco cisco / cisco cisco / cisco Secret Password class class class VTY 0 4 Password Cisco cisco cisco Net Mask 255.255.255.224 255.255.255.224 255.255.255.224 Serial 0 IP Address 192.168.10.66 192.168.10.65 192.168.10.130 Serial 1 IP Address n/a 192.168.10.129 n/a Serial 0 Clock Rate DTE DCE/64000 DTE Serial 1 Clock Rate N/A DCE/64000 N/A e0 IP Address 192.168.10.33 192.168.10.97 192.168.10.161 e1 IP Address n/a n/a n/a Enable interfaces no shut no shut no shut Add Routing Protocol RIP (v1) RIP (v1) RIP (v1) Add Network Statements 192.168.10.0 192.168.10.0 192.168.10.0 Host Table: Routers/Hosts Message of the day Center, WS3, WS4, Eva, WS5, WS6, WS2 Warning: You have entered a Restricted access area. **** Please log off!! Boaz, WS3, WS4, Eva, WS5, WS6, WS2 Warning: You have entered a Restricted access area. **** Please log off!! Center, Boaz, WS3, WS4, WS5, WS6, WS2 Warning: You have entered a Restricted access area. **** Please log off!! Ser 0 Description WAN link-center (CKT#123) WAN link - Boaz (CKT#123) Ser 1 Description N/A WAN link-eva (CKT#456) Fa 0 Description Boaz-LAN Center-LAN Eva-LAN Fa 1 Description N/A N/A N/A WAN link-center (CKT#456) N/A

Initial (Baseline) Configuration Verification - Checklist #1 Prior to adding ACL s to the initial configuration, it is important to verify the baseline configuration has been successfully achieved. The checklist, below, includes a list of key tests (and the expected results) to be conducted. A similar checklist of tests will be conducted, later, and after the ACL s have been applied to the network. At this time, verify the baseline configuration has been achieved, according to the following checklist. Record the results of each test, in the space provided. Successful? Test/Condition telnet Boaz to Eva telnet WS4 to Eva telnet WS5 to Boaz telnet WS2 to Boaz telnet WS2 to Eva ping WS5 to Fileserver 1 ping WS3 to Fileserver 1 ping WS3 to WS4 ping WS5 to WS6 ping WS3 to WS5 ping WS2 to WS5 ping WS2 to WS3 ping Eva to WS3 ping Boaz to WS5 Expected Result ACL Lists and Statements Configuration notes: Prior to applying any ACL statements, perform the following steps: First, verify all network devices can successfully ping each of the other devices, for the entire network. This includes all routers, workstations, and servers (each device successfully pings the other device, ensuring fully functioning (i.e., full connectivity) between all networks, interfaces, and devices). Verify the baseline configuration has been achieved (see previous checklist). Next, copy this initial configuration to NVRAM (copy run start). Next, make a backup of each configuration of each router (without ACL s applied). This is the Fall-Back configuration, for later (i.e. if this process fails or an incorrect configuration is applied, re-use this FB configuration). For example, create a sample backup, with the filename: Router-Center-FB-cfg- 1.0.txt. Then, save this backup to fileserver, CDROM and/or diskette.

Admin. WS Tests: Perform tests from the Admin Workstation to each node, especially nodes that exist on ACL-protected networks. o For example, verify Admin station (WS2) can successfully ping (and/or telnet, if enabled) to WS3, WS4, WS5, and WS6. o Verify all customer and admin. applications successfully function, such as those that send/receive data and files between the fileserver (and/or the Admin Workstation) and all other hosts (from WS2 to/from all subnetworks), as required. After identifying the ACL statements required for each router and interface (including direction each ACL is to be applied), follow these instructions as you begin to apply them to each router. Remote administration is important, since it is not possible to physically maintain equipment in remote offices (Boaz and Eva). Prior to applying a new (i.e., untested) ACL to an interface, it is advisable to, first, execute a reload in 50 command at the router (PRIV mode) prompt. This will reload the NVRAM configuration, in case the ACL results in total, remote lock-out. After 50 seconds, or so, you will be able to re-connect, since the router will have returned to its Fall-Back configuration. o NOTE: If the ACL works, then you ll need to disable the reload before the 50 second reload-timer has expired. Using a text editor to store each statement, create ACL s for each router (i.e., Router- Center-ACL-cfg-1.0.txt). Enter each ACL statement into these files, and save to disk. To configure each router, copy/paste the ACL statements from the file into the HyperTerminal session of each router, as appropriate. In this manner, configure each router to use the ACL that has been created specifically for it (i.e., unless otherwise noted, do not use the Center router s ACL on the Eva, or Boaz router s, since each ACL is unique to each sub-network). Finally, after all customer tests (including the Configuration Test Plan, below) have been successfully completed, save the configuration to NVRAM (i.e., copy run start), and make copies of all disk files (that is, making copies of all the running-configuration on each router using HyperTerminal to capture/record, and cut/paste into a text file named Router-Center-cfg-1.0.txt), plus all ACL s.(i.e., text files), plus the configuration worksheets, Configuration Management information, and Network Diagram: Save all configuration information and files to a secure system, or PC, such as the Administrative WorkStation, and/or the Fileserver (using a password protected directory, with restricted read, write, or execute access permissions). Also, create an additional backup of these materials using a CD-R, and 3.5 floppy diskette (write-protected, afterwards!), and store them in a secure, cool, dry place. It is advisable to create a 3 rd set of backup media, stored in a similar manner, but in an off-site location, for use during Disaster/Recovery operations (in the event of flooding, fire, earthquake, etc.).

ACL s 100 (inbound) The following Extended ACL statements restrict access between nodes, as per the requirements of this case study. For this study, ACL s are to be applied to the e0 interface (inbound) on both the Boaz and Eva routers. Since Boaz and Eva are configured as per the Network Diagram, the same ACL is to be applied to each router, (i.e., ACL 100, applied to their inbound, e0 interfaces), as described in the table below. Please note: The ACL number is local-only, and is not a global value. If additional traffic/applications shall be permitted between these WS s, then additional ACL s (and/or statements) must be created/applied. If additional security is required, ACL s can be applied to Center, thereby limiting traffic destined for the Center LAN (192.168.10.96 network). At this time, additional restrictions are unnecessary, since the Administrator is the primary user on the Center-LAN and is, also, responsible for maintaining the entire network. Benefits: This is an Extended ACL created as a security standard throughout the network (in this case, standard implies it is an identical ACL used on all remote routers, Boaz and Eva), which minimizes complexity, and simplifies CM, test, and management procedures. Furthermore, only the remote routers are affected by these ACL s, thereby minimizing overall performance impact on the network by a) limiting the number of ACL s (and statements) to be applied to each packet, and b) limiting the amount of unwanted traffic from traversing the WAN (serial links). ACL 100: e0 inbound (Boaz and Eva) Statements access-list 100 permit / ip any host / 192.168.10.125 access-list 100 permit / icmp any any echo-reply ip access-group 100 in Descriptions Permit any host on LAN access to fileserver 1 Allow successful ping originating from any host on external network to return to source Apply ACL to LAN interface (e0, incoming) Configuration Test Plan (basic connectivity/security using ACL s) The access control (security) goals for this network include the following conditions: WorkStation 2 (WS2) and File Server 1 are on the Management Network, and are able to access all other network devices (routers, workstations, server). Unless noted otherwise, all WorkStations (WS) on the Boaz LAN shall be permitted to access to File Server 1 only, and they are NOT permitted access

outside their own LAN. For example, the WS s on the Boaz LAN can access fileserver 1 and the WS s connected to their own Boaz LAN, but they are not allowed to access any WS s connected to other (external) networks or LAN s outside the Boaz LAN. Unless noted otherwise, all WorkStations (WS) on the Eva LAN shall be permitted to access to File Server 1 only, and they are NOT permitted access outside their own LAN. For example, the WS s on the Eva LAN can access fileserver 1 and the WS s connected to their own Eva LAN, but they are not allowed to access any WS s connected to other (external) networks or LAN s outside the Eva LAN. The Center, Eva, and Boaz routers are permitted to access to any device on the network, including all routers, workstations, and servers. WS s on the Boaz LAN may access each other. WS s on the Eva LAN may access each other. Monitoring the Network After each component has been configured and the procedures (and configurations) documented, as outlined above (and according to the Network Diagram), the following tests should be conducted to verify the correct configuration has been achieved (and is maintained) for each node on the network. Place a checkmark next to each line item, to indicate the test was successful, according to the instructions provided on each line. The following tests and commands should be conducted as part of routine and/or preventative maintenance procedures. Verify each test achieves the expected result. Periodically, verify the Configuration Management information has not changed, and the CM data is still valid, and is running on each router and system in the network. The CM Worksheets, below, document the validated configuration. In the future, testing should be conducted to ensure the configuration has not been modified, and the configuration adheres to the validated CM information contained in this document. Any changes/modifications made to any network component must be re-tested (i.e. re-validated according to the testing guidelines listed herein), and all changes documented using the CM worksheets, Network Diagram, and Checklists. Because the network is vital to the company (i.e., business-critical) it is recommended that Change Management policies and procedures be defined and implemented, and strictly adhered to even for relatively minor changes to any network component, or device.

Validate the ACL Configuration - Checklist#2 Successful? Test/Condition telnet Boaz to Eva telnet WS4 to Eva telnet WS5 to Boaz telnet WS2 to Boaz telnet WS2 to Eva ping WS5 to Fileserver 1 ping WS3 to Fileserver 1 ping WS3 to WS4 ping WS5 to WS6 ping WS3 to WS5 ping WS2 to WS5 ping WS2 to WS3 ping Eva to WS3 ping Boaz to WS5 Expected Result unreachable unreachable unreachable CM Documentation (command outputs from validated configuration) Commands (outputs) Boaz Center Eva show cdp neighbors show ip route show ip protocol show ip interface brief show version show hosts show startup-config show running-config Note: For specific configuration data, refer to previous worksheets, tables and descriptions (i.e., interfaces, directions, protocols, etc.) Security Management Documentation (command outputs from validated configuration) Commands (outputs) Boaz Center Eva show ip interface show ip access lists Show access-lists Note: For specific configuration data, refer to previous worksheets, tables and descriptions (i.e., interfaces, directions, protocols, etc.)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information