共计 5756 个字符,预计需要花费 15 分钟才能阅读完成。
22/02/2021 v1.2
Overview
The Fully Unreal Reality (FUR) company took another offer of design instead of your submission.
Unfortunately, the company that was picked for the design did complete the design but was unable
to implement the network completely due to time constraints and budget issues. You were brought
on once again as a consultant and asked to implement the network that the other company
designed. To keep things simple, the Melbourne head office is not being fully implemented in the
design given because it is the same as the Sydney office. You will be expected to use the skills that
you have gained throughout the past weeks to configure a network and document tests and IP
addressing.
Deliverables
You will be required to complete three deliverables and include them in your submission:
• IP addressing scheme (Excel Spreadsheet or Word Document/PDF).
• Test documentation (Excel Spreadsheet or Word Document/PDF).
• Completed network configuration (Packet Tracer file).
Weighting
IP addressing scheme 2.5%
Basic configuration 2.5%
VLANs & VTP 3.75%
IP addressing implementation 1.25%
OSPF & Routing 3.75%
DHCP 2.5%
NAT 2.5%
ACLs 3.75%
Testing 2.5%
Configuration Guide
Below you will find some helpful steps to follow in order to assist you with configuring the network.
You may find that you do not want to do the steps in the order they are presented in, the order is up
to you to determine. The configuration is complete when all steps have been completed in the order
presented, or your own order.
To start, download the associated Packet Tracer file available on Learnonline. This includes the
devices and the layout of the network along with all connections already completed. See Figure 1 for
an overview of the supplied Packet Tracer file.
Figure 1 – FUR Network Overview
Step 1 – IP addressing scheme.
• This must be done before you start. If the IP addressing scheme documentation is not
included in your submission you will get zero for this section.
• Your IP addressing scheme must include an IP assignment table. See your practicals for an
example of this type of table.
• Melbourne is represented by a single subnet. The single PC needs its own IP address in the
Melbourne LAN subnet.
• Use 10.0.0.0/8 for internal addressing:
o The second octet represents the location (1 = Sydney, 2 = Adelaide, 3 = Melbourne,
255 = other IP addressing).
o The third octet represents the VLAN.
22/02/2021 v1.2
o The fourth octet represents the hosts.
o For example, 10.2.50.5: 2 = Adelaide, 50 = VLAN ID, 5 = Host.
Step 2 – Implement basic configuration.
On switches and routers perform the following:
• Set hostnames and domain name (fur.com.au)
• Disable IP domain lookup.
• Configure enable password (“class”).
• Configure password for console (“cisco”).
• Configure a user account named“admin”with password“cisco”.
• Create RSA key.
• Configure password for VTY (“cisco”) and only allow SSH connections.
• Encrypt all passwords.
Step 3 – Implement VLANs & VTP.
• VLANs are implemented as groups of devices, one per group. For example: management –
for switch management VLAN, Servers, HR & Finance, Art, Wi-Fi, Cameras and more.
• Configure the distribution switch in Sydney with the VLANs and set it as VTP server and the
access switches as VTP clients.
• Configure the access switch in Adelaide with the VLANs.
• Configure access ports to be in the correct VLAN.
• Shut down all unused ports and move them into a blackhole/unused VLAN.
• Configure management SVI’s on each switch.
• Configure trunk links as appropriate and change the native VLAN.
Step 4 – Implement IP addressing.
• Configure each interface with their IP address information according to your scheme.
• Configure sub-interfaces on the Adelaide router and SVIs on the distribution switch in
Sydney.
• The ISP router already has the IP address configured on the serial link to Sydney. The Sydney
link to the ISP has already been configured. You do not need to change the link between the
Sydney office and the ISP router.
• Use private IP addresses for the WAN links between locations excluding the ISP.
• End devices (PC, laptop, tablet, camera) should not have IP addressing because they will get
their IP addresses through DHCP.
• Configure static IP addresses for the servers and printers as well as the Admin PC’s. Admin
PC’s should be placed into the Management VLAN.
• Admin PC’s can be used to test the management VLAN through SSHing to switches to
manage them.
Step 5 – Implement OSPF and routing.
• Configure OSPF on the 3 routers (Adelaide, Sydney and Melbourne). DO NOT configure OSPF
on the ISP router.
• Configure OSPF on the distribution switch in Sydney.
• Configure default routes as appropriate.
Step 6 – Implement DHCP.
• DHCP is done from the distribution switch in Sydney (dist.mls1.syd) to every device in the
network.
• Configure your DHCP pools according to your subnets defined in Step 1.
• Configure excluded addresses to ensure no IP conflicts occur.
• Configure the IP helper address in the Adelaide and Melbourne locations so devices there
can receive their IP addressing information from the distribution switch in Sydney.
• Configure all end devices (excluding printers and servers) to obtain their IP addressing
information through DHCP.
Step 7 – Implement NAT.
• Packets destined for the ISP must be passed through NAT to avoid leaking private IP
addresses to the ISP. Use the external IP address of the network (205.169.255.6) and
implement PAT.
• Add a static NAT for the web server using the IP address 205.169.255.8.
Step 8 – Implement ACLs.
• Devices on the Training Wi-Fi should not be able to access other devices on the network
except for the Internet.
• The web server should be accessible when connecting from the ISP test server to the web
server in FUR on port 80 and 443.
• The HR & Finance department should be isolated from all devices and the Internet. This
means HR & Finance should not have access to the ISP server or the ISP, nor any internal
devices.
• Only the Admin PC’s should be able to SSH to the switches for remote management.
Step 9 – Verify the network connectivity.
• The ISP server can be used to test the network connectivity (192.168.1.2). Use it to
effectively test the network and server access.
• You can also use the Admin PC’s to test the management VLANs and SSH connectivity to
switches.
• Your tests should demonstrate the ACL’s, NAT, and DHCP features of the network, along
with general connectivity.
• Tests should be documented and included in your submission. If no testing is documented,
you will receive zero for this section.
• It is recommended to test at the end of each step to ensure configuration is working before
proceeding to the next step.
Tests should be documented in a table like the following:
Test Name Source Destination Result Expected Result Reason
Ping to ISP
from HR PC
HR & Finance
Syd
ISP Server Fail Fail ACL blocks
Internet
access.
WX:codehelp