MOD005342 Routing and Switching Essentials
Assignment Element 010
The assignment consists of two parts:
- Configuration and testing of a small network (60%) –You are required to complete the configuration and testing of a small network. The instructions are indicated in the following sections of this document and you must use the 010_MOD005342_Case_study.pka pre-configured Packet Tracer file to complete your solution. This part is subdivided as follows:
- IP addressing (10%)
- Configuration (40%)
- Testing (10%)
- Technical report (40%) – More information about this part is indicated below.
Overall words count for both parts (together) equivalent to 2500 (+/-10%) words.
Configuration and Testing of a Small Network
The following sections describe the requirements to fulfil the first part of the assessment element.
Poco Loco Co. is a brand-new company based in Chelmsford that is looking into designing and deploying their internal network. They have approached ARU with a consulting contract for students to design, implement and document a proper network design that can accommodate the requirements of the company.
This document describes the current state of the network as well as the requirements of Poco Loco Co., with a description of the final deliverables for this assignment.
About the Company
Poco Loco Co. is a small business dedicated to the import of Latin American produce into the UK, most of their business relies on the use of a network and therefore the importance of guaranteeing a reliable and secure connection.
The company is divided in four main units: IT department with five members of staff, the senior management with ten members and the rest of the staff which consists of 50 employees dedicated to different tasks within the company.
The network is structured as follows:
- The Internet: This network is outside Poco Loco Co. and can’t be modified. It represents the connection to the internet and for now it only has an HTTPS server accessible through the https://PocoLoco.com URL. ISP has been correctly configured to allow communication between Poco Loco Co. and the internet.
- R2: This is the router that acts as the company’s gateway towards the internet. This router will translate all private IP addresses of the company into a public IP address (more details below).
- R1: This router connects the devices belonging to IT, staff and servers to the other networks (Internet and R3 LAN).
- R3: This router connects the senior management devices to the rest of the networks (Internet and R1 LAN).
- Server Farm: The company has three servers in total with no intentions on expanding the number of servers. The DNS server has already been configured and it shouldn’t be changed.
Connections between certain devices have already been made, you will need to complete the connections according to the requirements of the company as described below.
IP Addressing (10%)
The only thing that the company knows is that they will be using the private IP network address of 192.168.1.0/24. They have already calculated the network IP address needed for the Server Farm and they would like you to create an efficient (VLSM) IP addressing scheme that fulfils the requirements indicated in Table 1. You must complete Table 1 with the appropriate network IP addresses and subnet masks to be used. Notice that they would like to use a different IP address for each of the different group of users available within the company.
|# of devices
|Network IP address
|2 (R1 to R2)
|2 (R3 to R2)
Table 1. IP addressing Requirements
Considering also that:
- IT_1 and IT_2 PCs belong to the IT group
- STAFF_1 and STAFF_2 PCs belong to the STAFF group
- SENIOR_1 and SENIOR_2 PCs belong to the Senior Management group
- NTP_Server, Syslog_Server and DNS_Server belong to the Servers group
Use Table 2 to write down the IP addresses of each device in the network. You can add rows if needed.
Poco Loco Co. has specified the following requirements to be considered when designing and implementing the network:
- Basic configuration. All routers and switches within the network domain must have basic configuration such as hostname, passwords, SSH, and other parameters reviewed in the lessons (at least the minimum number of parameters that you need to configure, if you don’t configure enough parameters, then you lose marks). You must provide a table of the passwords configured in each device, failing to do so will earn a mark of zero for the whole implementation section.
- VLANs and Inter-VLAN routing. The LAN connected to R1 must implement the VLANs specified in Table 3.
- Notice that port assignment is empty. You must complete Table 3 indicating which ports have been assigned to each VLAN as well as the corresponding Network IP address and subnet mask.
All VLANs (except Native) should be able to communicate with each other.
- Static and Dynamic routing. Routers within the company’s domain must implement RIPv2 in the most secure and efficient way. R2 must propagate via RIPv2 a default route to connect to the Internet. As a backup, R1 and R2 will implement floating static routes that will become active in case the routing protocol stops working.
- DHCP. Hosts will receive an IP address via DHCP from the router they are connected to. The parameters must be provided according to the VLAN the devices belong to and it should include the DNS server.
- NAT for IPv4. R2 will implement NAT when devices from the Poco Loco Co. try to connect to the internet. The ISP has assigned the first 50 public IP addresses from network 184.108.40.206/24 to be used by the company. Servers must translate to a static IP address whilst the rest of the devices must receive a dynamic one.
- Syslog and NTP. The company has a syslog and a NTP server that must be used by the networking devices of the company.
- Port Security. Switches must allow only one device to connect to each port, the MAC address of the device must be saved within the configuration and the port must shutdown in case of a violation. Unused ports must be disabled.
- ACLs. The following ACLs must be used to restrict the access to the VTY, only the hosts from the management VLAN can access the routers via VTY. To be able to go out to the internet the users must belong to either the STAFF or the SENIOR VLAN, the rest of the devices can’t connect to the internet. IT IS RECOMMENDED THAT BEFORE IMPLEMENTING THE ACLs YOU VERIFY THAT THE NETWORK CONNECTIVITY IS WORKING.