Assignment 3: Technical Details Task

profilesecure
CiscoNetworkProposal-Example.docx
Home>Computer Science homework help>Assignment 3: Technical Details Task

Cisco Network Proposal (Part-3)

CMIT350

Professor: James Graves

Generated by: Mohammad Tanzim

Date: 02/25/2018

Summary:

1) The VLAN of Sacramento, Router OS, the implementation of DHCP, Los Angeles

Site Management, xACME WAN – WAN Implementation

2) Bibliography

Sacramento Site Configuration

The Sacramento office site will need three main materials which are implementing a

VLAN for specific switches, implementing a routing stick topology to fulfil the

requirement of VLAN, and utilizing dynamic host control protocol. Besides, UMUC need

to care about allowing limited mac address per port with the restrictions for unauthorized

users. IP address has to be assigned automatically.

VLAN

This site can be divided into 4 VLANs for faculty, administrator, instructional, and a

general server. The name of these VLAN will be required as ID and the necessary

security for additional port can be configured later with switchport access mode and

trunk mode. Access mode works as a protocol which can allow ports to provide

communication with specific nodes within the same VLAN. In contrast, the trunk mode

ensures connection between VLAN and the switch. In the end, DHCP can be helpful to

assign IP addresses for all devices or hosts.

The administrative VLAN can be identified with number 14, instructional with 35, server

with 8 and faculty with 6. All the subnet mask of these 4 VLAN is 255.255.255.192 and

IP addresses can be assigned automatically within a range. Take that range for

Administrative VLAN 15 is 10.50.0.64 to 10.50.0.116 with default gateway 10.50.0.66,

instructional VLAN 35 is 10.50.0.128 to 10.50.0.180 with default gateway 10.50.0.130,

server VLAN 8 is 10.50.0.192 to 10.50.0.192 to 10.50.0.245 with default gateway

10.50.0.194, and faculty VLAN 5 is 10.50.0.0 to 10.50.0.52 with default gateway

10.50.0.2.

Configuring New VLAN

SacSw1>ena

SacSw1#conf t

SacSw1(config)#vlan 15

SacSw1(config-if)#switchport port-security

SacSw1(config-if)#switchport port-security maximun 2

SacSw1(config-if)#switchport port-security mac-address sticky

SacSw1(config-if)#switchport port-security violation shut

SacSw1(config-if)#Ctrl+Z

SacSw1#copy run start

SacSw1#exit

Configuring Switch

Faculty vlan: 10.50.0.1 /26

Administrative vlan: 10.50.0.65 /26

Instructional vlan: 10.50.0.129 /26

Server vlan: 10.50.0.193 /26

SacSw1>ena

SacSw1#conf t

SacSw1(config)#int fa0/24

SacSw1(config)#switchport mode trunk

SacSw1(config)#switchport trunk allowed vlan 6, 8, 15, 35

SacSw1(config)#switchport trunk encapsulation dot1q

SacSw1(config)#description Uplink to Sacramento Router

SacSw1(config)#no shut

SacSw1(config)#Ctrl+Z

SacSw1#copy run start

Configuring Router

SacRouter>ena

SacRouter#conf t

SacRouter(config)#int fa0/0.5

SacRouter(config-subif)#ip address 10.50.0.1 255.255.255.192

SacRouter(config-subif)#encap dot1q 3

SacRouter(config-subif)#description administrative vlan 6

SacRouter(config-subif)#no shut

SacRouter(config)#int fa0/0.14

SacRouter(config-subif)#ip address 10.50.0.66 255.255.255.192

SacRouter(config-subif)#encap dot1q 15

SacRouter(config-subif)#description administrative vlan 15

SacRouter(config-subif)#no shut

SacRouter(config-subif)#Ctrl+Z

SacRouter#copy run start

Configuring DHCP

SacRouter>ena

SacRouter#conf t

SacRouter(config)#ip dhcp pool server

remote assistance to the VLAN. In the end, to sync properly with necessary materials

like logging records, authentication protocol, netowrk time protocol can be used. From

the topology of this site, Los Angeles has a TFTP server and it needs to provide backup

configuration for easy recovery. Then, secure shell SSH can be good option to remote

management. Finally, with the implementation of NTP can maintain synchronization to

the all servers in this site.

Configuration Remote Storage(IOS)

LARouter#copy running-config tftp: Server Directory

LARouter#copy nvram:startup-config tftp: Server directory

LARouter#copy run start

Configuring SSH

LASw2>ena

LASw2#conf t

LASw2(config)#crypto key generate rsa

LASw2(config)#aaa newmodel

LASw2(config)#username admin password PASSWORD

LASw2(config)#line vty 0 16

LASw2(config-line)#transport input ssh

LASw2(config-line)#login local

LASw2(config-line)#password 8

LASw2(config-line)#exit

LAw2(config)#line console 0

LASw2(config-line)#logging synchronous

LASw2(config-line)#login local

LASw2(config-line)#exit

LASw2#Ctrl+Z

LASw2#copy run start

Configuring ACL

LARouter>ena

LARouter #config t

LARouter(config)#IP access-list extended VLAN

LARouter(config-ext-nacl)#permit IP 10.40.7.0 0.0.04 host 10.40.7.10

LARouter(config)#interface fa0/0

LARouter(config-if)#ip access-group VLAN in

LARouter(config)#line vty 0 16

LARouter(config-line)#ip access-class VLAN in

LARouter(config-line)#Ctrl+Z

LARouter#copy run start

LARouter#exit

Configuring NTP

Router(config)#int s0/0/0

Router(config-if)#encap ppp

Router(config-if)#ppp authentication chap

Router(config-if)#Ctrl+Z

Router(config)#exit

Router#copy run start

Topology

Every networking plan should have a definition of requirements and proper topological

description for WAN connection. The total design must be going through under secure

protocol and development of this sites performance and connectivity. Some factors like

preceding calculation of traffic, the period of using network infrastructure need to be

focused. Security is much important where unsecured protocol and host need to be

secured and all the unauthorized access need to be restricted. Moreover, all the VLAN

and switch should have clear communication between each other where needed. This

topology must have a multiple point of entry and exit, otherwise if any IP scheme has

failed, that will make drastic result. Moreover, xACME wan site need to ignore any

higher work being placed on those 2 devices which can provide incoming and outgoing

per multiple sites together. They have to be determined by alleviating the heavy traffic

on those 2 devices within the creation of some redundancy in this topology.

Bibliography

1) “Routing and Switching Pro”, TestOut, 2017. [Online]. Available:

www.testout.com. [Accessed 02 25 2018]

2) P. Support, C. Firewall, T. Alerts and T. TechNotes, "Configuring IP Access

Lists", Cisco, 2016. [Online]. Available:

http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602confaccesslists.html. [Accessed: 25- Feb- 2018].

3) B. Ahmedi, P. Mitrevski, “On the Development of Methodology for Planning and

Cost-Modeling of Wide Area Netowrk.”, International Journal of

Computer Networks & Communications (IJCNC) Vol.6, No.3, May 2014

1) “Routing and Switching Pro”, TestOut, 2017. [Online]. Available:

www.testout.com. [Accessed 02 25 2018]

2) P. Support, C. Firewall, T. Alerts and T. TechNotes, "Configuring IP Access

Lists", Cisco, 2016. [Online]. Available:

http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-

confaccesslists.html. [Accessed: 25- Feb- 2018].

3) B. Ahmedi, P. Mitrevski, “On the Development of Methodology for Planning and

Cost-Modeling of Wide Area Netowrk.”, International Journal of

Computer Networks & Communications (IJCNC) Vol.6, No.3, May 2014

Company