Lab 5.1.1.4 Applying Design Constraints
Step 1: Identify possible project constraints
a. Use word processing software to create a new Project Constraints document.
b. The identified constraints that set limits or boundaries on the network upgrade project should be
entered into the Gathered Data field of the constraints document. Brainstorm ideas with other
students to identify additional constraints.
Classify each constraint as one of the following four types:
* • Budget
* • Policy
* • Schedule
* • Personnel
Step 2: Tabulate comments based on the identified constraints
a. Using the list of constraints discovered from the FilmCompany case study, apply appropriate
comments on how the constraints affect the design.
b. Enter the comments into a table
FILM COMPANY CONSTRAINTS
CONSTRAINT GATHERED DATA COMMENTS
to IT personnel
* • Training needed for new hires on company security policy
of a failure.
Schedule
* • Project must be completed within 4 months of project start.
* • Maintenance windows are between 2am and 6am Monday through Friday.
* • Less than 4 months to get the project completed.
Personnel
* • Looking to hire 6 temporary and parttime production staff and at least 1 IT technician.
* • Training on new equipment for IT personnel is needed.
* • Will new personnel affect security policy?
* • Do the new personnel need training on the equipment?
* • Do existing personnel need training?
c. Save your Project Constraints checklist.
Step 3: Identify trade-offs
a. Use word processing software to create an addition to the Project Constraints document.
b. The identified constraints that set limits or boundaries on the network upgrade project will require
potential trade-offs. Discuss ideas with other students regarding trade-offs for proposed designs.
Mungkin tidak mendapatkan peralatan baru karena keterbatasan anggaran, sehingga peralatan yang ada mungkin perlu upgrade. Layanan ISP mungkin tidak optimal untuk jenis lalu lintas yang dihasilkan, sehingga sebuah ISP baru mungkin diperlukan. Anggaran tidak dapat mendukung penggantian infrastruktur yang ada; alternatif perlu dikembangkan untuk ekspansi masa depan.
c. Record the trade-offs in your Project Constraints checklist.
d. Save your Project Constraints checklist.
Step 4: Reflection
The constraints imposed on this network design project are determined by the internal requirements of the FilmCompany. Consider and discuss the identified constraints and potential trade-offs. Do the trade-offs pose a significant obstacle to the design? Are there alternate methods that can be employed to achieve the success criteria without a significant budget?
• Kurang dari empat bulan untuk menyelesaikan proyek akan membutuhkan alokasi personel lebih banyak.
• Pelatihan personil mungkin perlu dilakukan secara bertahap.
• Tidak tersedianya peralatan atau kabel dari spesifikasi teknis yang diperlukan
• Kurangnya akomodasi ke rumah usaha yang diperluas dan infrastruktur jaringannya sejak proyek dapat mengkonsolidasikan ke dalam satu lokasi.
• keterbatasan ISP mungkin memerlukan perubahan dalam desain. Haruskah ISP lain digunakan?
Lab 5.1.2.4 Identifying Design Strategies for Scalability
Step 1: Identify the areas that will be used for designing a strategy that facilitates scalability
a. Use word processing software to create a new document called “Design Strategies.”
b. Use the identified constraints that set limits or boundaries on the network upgrade project and the
potential trade-offs to assist in the discussion with other students.
The strategy should cover the following areas:
* • Access Layer modules that can be added
* • Expandable, modular equipment or clustered devices that can be easily upgraded
* • Choosing routers or multilayer switches to limit broadcasts and filter traffic
* • Planned redundancy
* • An IP address strategy that is hierarchal and that supports summarization
* • Identification of VLANs needed
Step 2: Create an Access Layer module design
Using the list developed from the group discussion, create an Access Layer module (design only).
a. Create your design using the existing equipment.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
Several servers
1 x Linksys WRT300N Wireless Router (FC-AP)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules that can be added to the existing equipment to support
new features and devices without requiring major equipment upgrades.
c. Save your Design Strategies documentation.
Step 3: Select Distribution Layer devices
a. Use word processing software to create an addition to the Design Strategies document.
b. Use the identified Access Layer module diagram to create the Distribution Layer design. Equipment
selected must include existing equipment. Use Layer 3 devices at the Distribution Layer to filter and
reduce traffic to the network core.
c. With a modular Layer 3 Distribution Layer design, new Access Layer modules can be connected
without requiring major reconfiguration. Using your documentation, identify what modules can be
added to increase bandwidth.
d. Save your Design Strategies document.
Step 4: Reflection
The constraints and trade-offs identified for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
• Mengembangkan skema pengalamatan IP menggunakan jaringan 10.xxx benar-benar menantang.
• Memisahkan VLAN
• Rancangan ACL unik mengingat penyaringan tidak diidentifikasi oleh klien.
Lab 5.1.3.5 Identifying Availability Strategies
Step 1: Identify the areas that will be used for designing a strategy that facilitates availability
a. Use word processing software to create a new document called “Availability Strategies.”
b. Use the identified constraints that set limits or boundaries on the network upgrade project and the
potential trade-offs to assist in brainstorming ideas with other students.
The strategy should cover the following areas:
Availability strategies for switches:
* • Redundant power supplies and modules
* • Hot-swappable cards and controllers
* • Redundant links
* • UPS and generator power
Availability strategies for routers:
* • Redundant power supplies, UPS, and generator power
* • Redundant devices
* • Redundant links
* • Out-of-band management
* • Fast converging routing protocols
Availability strategies for Internet/Enterprise Edge:
* • Dual ISP providers or dual connectivity to a single provider
* • Co-located servers
* • Secondary DNS servers
Step 2: Create availability strategies for switches
a. Using the list developed from the brainstorming session, create a list of equipment that will be
incorporated into the availability strategy.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
Several servers
1 x Linksys WRT300N Wireless Router (FC-AP)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules and redundant power supplies that will increase
availability for the switches.
c. Identify potential hot swappable cards and controllers that can be used. Create a list that identifies
each with cost and features.
d. Develop a diagram that shows potential redundant links that can be incorporated into the network
design.
e. Identify at least two possible UPS devices that can be incorporated into the design. Create a list that
identifies the cost and features of each.
f. Save your Availability Strategies document.
Step 3: Create availability strategies for routers
a. Use word processing software to create an addition to the Availability Strategies document.
b. Using the list of equipment, identify redundant power supplies that will increase availability for the
switches.
c. Identify potential redundant devices and links that can be used. Create a list that identifies each with
cost and features.
d. Create a diagram that displays the redundant connections.
e. Develop a list of potential routing protocols that will facilitate fast convergence times.
f. Save your Availability Strategies document.
Step 4: Create availability strategies for Internet/Enterprise Edge
a. Use word processing software to create an addition to the Availability Strategies document.
b. Identify options available that would allow for dual ISP or dual connectivity to a single provider.
c. Create a design that will co-locate the servers to allow for redundancy and ease of maintenance.
d. Save your Availability Strategies document.
Step 5: Reflection
The creation of availability strategies poses many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
• Berbagai modul dapat dibeli dengan berbagai fitur dan biaya.
• Berbagai perangkat UPS dapat dibeli dengan berbagai fitur dan biaya.
• Beberapa protokol routing dapat dipilih, tetapi mana yang paling sesuai desain?
Lab 5.1.5.2 Identifying Security Requirements
Step 1: Identify potential security weaknesses within the FilmCompany topology
a. Use word processing software to create a new document called “Security Strategies.”
b. Using the documents created in previous labs and the existing topology; identify potential
weaknesses in the existing design. (No firewalls, no VPNs)
c. Create a list of recommended security practices that should be employed in the FilmCompany
network.
d. Save your Security Strategies document.
Step 2: Create a security practices list
a. Using the list developed from the brainstorming session, create a finalized list of recommended
security practices for the FilmCompany.
Recommended security practices include:
* • Use firewalls to separate all levels of the secured corporate network from other unsecured
networks, such as the Internet. Configure firewalls to monitor and control the traffic, based on
a written security policy.
* • Create secured communications by using VPNs to encrypt information before it is sent
through third-party or unprotected networks.
* • Prevent network intrusions and attacks by deploying intrusion prevention systems. These
systems scan the network for harmful or malicious behavior and alert network managers.
* • Control Internet threats by employing defenses to protect content and users from viruses,
spyware, and spam.
* • Manage endpoint security to protect the network by verifying the identity of each user before
granting access.
* • Ensure that physical security measures are in place to prevent unauthorized access to
network devices and facilities.
* • Secure wireless Access Points and deploy wireless management solutions.
b. Identify what devices and software will need to be purchased to facilitate the recommended security
practices. (Hardware firewalls, intrusion detection systems etc.)
c. Save your Security Strategies document.
Step 3: Create a security strategy
a. Use word processing software to create an addition to the Security Strategies document.
b. Using the list of identified equipment, develop a chart of costs and features of the recommended
devices.
c. Using the list of identified software needed, develop a chart of costs and features of the
recommended software.
d. Save your Security Strategies document.
Step 4: Create a security design
a. Use word processing software to create an addition to the Securities Strategies document.
b. Identify which types of access to the network should be secured by incorporating VPNs.
c. Identify methods for controlling physical security at the FilmCompany building and at the stadium.
d. Identify potential ACLs that can be created to filter unwanted traffic from entering the network.
(Standard ACLS or Extended need to be identified.)
e. Identify methods for securing the wireless Access Points. Determine the best method for the
FilmCompany network. (128 bit encryption etc.)
f. Save your Security Strategies document.
Step 5: Reflection
The creation of a security strategy creates many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified challenges. Do all of the proposed strategies accomplish the task the
same way?
Would one be less expensive or less time-consuming than the other?
How could implementing a physical security plan into an existing company be difficult?
• Berbagai perangkat keras dapat dibeli dengan berbagai fitur dan biaya.
• Berbagai software keamanan dapat dibeli dengan berbagai fitur dan biaya.
• karyawan yang ada mungkin tidak menerima perubahan kebijakan keamanan mereka, jadi siapa yang perlu memastikan bahwa rencana itu ditegakkan?
• ACL dapat menyaring lalu lintas, tapi apa dampaknya pada arus lalu lintas yang akan mereka miliki? Apakah ACL diterapkan pada Akses Layer atau Pembagian Layer atau keduanya?
Lab 5.2.3.3 Designing the Core Layer
Step 1: Identify Core Layer Requirements
a. Use word processing software to create a new document called “Core Layer Diagram.”
b. Use the identified topology and associated equipment to determine Core Layer design requirements.
Design requirements for the Core Layer network include:
High-speed connectivity to the Distribution Layer switches
24 x 7 availability
Routed interconnections between Core devices
High-speed redundant links between Core switches and between the Core and Distribution Layer
devices
c. Brainstorm with other students to identify areas that may have been missed in the initial requirements
document.
Step 2: Create an Access Layer module design
Using the list developed from the group discussion, create an Access Layer module (design only).
a. Create your design using the existing equipment.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules that can be added to the existing equipment to support
new features, such as redundancy.
c. Save your Core Layer Diagram document.
Step 3: Select Core Layer devices
a. Use word processing software to create an addition to the Core Layer Diagram document.
b. The identified Core Layer module diagram will be used to adjust the Distribution Layer design.
Equipment selected must include existing equipment. Use Layer 3 devices at the Core Layer in a
redundant configuration.
c. Save your Core Layer Diagram document.
Step 4: Design Redundancy
a. Use word processing software to create an addition to the Core Layer Diagram document.
b. Design a redundancy plan that combines multiple Layer 3 links to increase available bandwidth.
c. Create a design that incorporates redundancy
d. Save your Core Layer Diagram document.
Step 5: Reflection / Challenge
The design strategies for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat yang dapat digunakan sebagai pengganti Layer 3 switch? Dapatkah perangkat tersebut memberikan kinerja yang sama?
• Apa kelemahan potensial untuk diagram yang diusulkan?
Lab 5.2.4.2 Creating a Diagram of the FilmCompany LAN
Step 1: Identify LAN Requirements
a. Use word processing software to create a new document called “LAN Diagram.”
b. Use the identified topology and associated equipment to determine LAN design requirements.
Design requirements for the LAN include:
High-speed connectivity to the Access Layer switches 24 x 7 availability
High-speed redundant links between switches on the LAN and the Access Layer devices
Identifying available hardware for the LAN
The current network has two VLANs.
1. General VLAN consisting of:
12 Office PCs
2 Printers
This VLAN serves the general office and managers, including reception, accounts and administration.
Addressing:
Network 10.0.0.0/24
Gateway 10.0.0.1
Hosts (dynamic) 10.0.0.200 – 10.0.0.254
Hosts (static) 10.0.0.10 – 10.0.0.20
2. Production VLAN consisting of:
9 High Performance Workstations
5 Office PCs
2 Printers
c. Brainstorm with other students to identify areas that may have been missed in the initial requirements
document.
Step 2: Determine equipment features
Using the list developed from the brainstorming session create a LAN based on technical requirements
(design only).
a. Create your design using the existing equipment.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules that can be added to the existing equipment to support
new features, such as redundancy.
c. Save your LAN Diagram document.
Step 3: Select LAN devices
a. Use word processing software to create an addition to the LAN Diagram document.
b. The identified LAN diagram will be used to adjust the Access Layer design. Equipment selected must
include existing equipment.
c. Save your LAN Diagram document.
Step 4: Design Redundancy
a. Use word processing software to create an addition to the LAN Diagram document.
b. Design a redundancy plan that combines multiple Layer 2 links to increase available bandwidth.
c. Create a design that incorporates redundancy.
d. Save your LAN Diagram document.
Step 5: Reflection / Challenge
The design strategies for the FilmCompany LAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
Would the chosen LAN design allow for future growth and the addition of the WLAN?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat yang dapat digunakan sebagai pengganti Layer 2 switch?
• Apa kelemahan potensial untuk diagram yang diusulkan?
Lab 5.4.2.2 Selecting Access Points
Step 1: Identify WLAN requirements
a. Use word processing software to create a new document called “WLAN Diagram.”
b. Use the identified topology and associated equipment to determine WLAN design requirements.
Design requirements for the WLAN include:
* • Scalability
* • Availability
* • Security
* • Manageability
c. Brainstorm with other students to identify areas that may have been missed in the initial requirements
document.
Step 2: Determine equipment features
Using the list developed from the brainstorming session create a WLAN based on technical requirements
(design only).
a. Begin by creating your design using the existing equipment.
Network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
1 x Network and Business Server
1 x Linksys WRT300N Wireless Router (FC-AP)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify the model of wireless router. Identify the features and range of the
device. Identify whether there are upgrades that can be made to extend the range, security, and existing features.
c. Create a list of features and potential upgrades and compare them to other models of wireless router.
Determine the device that can easily meet the technical requirements of the WLAN. (Standalone
Access Points for ease of installation or wireless controllers for security and management)
d. With the previous list estimate the range of coverage available with the existing wireless router.
Determine if the wireless router can provide thorough coverage of the work area. Determine if standalone access points or wireless controllers are needed for the design.
e. Save your WLAN Diagram document.
Step 3: Select WLAN devices
a. Use word processing software to create an addition to the WLAN Diagram document.
b. The identified WLAN diagram will be used to determine the type of wireless device that will be
included into the proposed network.
c. Ensure that the chosen wireless equipment meets the following requirements:
Design requirements for the WLAN include:
* • Scalability
* • Availability
* • Security
* • Manageability
d. Save your WLAN Diagram document.
Step 4: Design the WLAN
a. Use word processing software to create an addition to the WLAN Diagram document.
b. Design a WLAN that provides scalability. Annotate on the WLAN Diagram document how the design
provides scalability.
(Scalability – New lightweight Access Points can be added easily and managed centrally)
c. Design a WLAN that provides availability. Annotate on the WLAN Diagram document how the design
provides availability.
(Availability – Access Points can automatically increase their signal strength if one Access Point fails)
d. Design a WLAN that provides security. Annotate on the WLAN Diagram document how the design
provides security.
(Security – Enterprise-wide security policies apply to all layers of a wireless network, from the radio
layer through the MAC Layer and into the Network Layer. This solution makes it easier to provide
uniformly enforced security, QoS, and user policies. These policies address the specific capabilities of
different classes of devices, such as handheld scanners, PDAs, and notebook computers.
Security policies also provide discovery and mitigation of DoS attacks, and detection and denial of
rogue Access Points. These functions occur across an entire managed WLAN.)
e. Design a WLAN that provides manageability. Annotate on the WLAN Diagram document how the
design provides manageability.
(Manageability – The solution provides dynamic, system-wide radio frequency (RF) management,
including features that aid smooth wireless operations, such as dynamic channel assignment,
transmit power control, and load balancing. The single graphical interface for enterprise-wide policies
includes VLANs, security, and QoS.)
f. Save your WLAN Diagram document.
Step 5: Reflection / Challenge
The design strategies for the FilmCompany WLAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed or hardware identified
accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
Would the current topology allow for future growth and the addition of the WLAN?
• Apakah keterbatasan throughput WLAN?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat dapat digunakan sebagai pengganti akses poin mandiri?
• Apa kelemahan potensial untuk diagram yang diusulkan?
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Set
Step 1: Cable and connect the network as shown in the topology diagram
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab.
a. Connect and configure the devices in accordance with the given topology and configuration.
Routing will have to be configured across the serial links to establish data communications.
b. Configure Telnet access on each router.
c. Ping between Host1, Host2, and Production Server to confirm network connectivity.
Troubleshoot and establish connectivity if the pings or Telnet fail.
Step 2: Perform basic router configurations
a. Configure the network devices according to the following guidelines:
* • Configure the hostnames on each device.
* • Configure an EXEC mode password of class.
* • Configure a password of cisco for console connections.
* • Configure a password of cisco for vty connections.
* • Configure IP addresses on all devices.
* • Enable EIGRP on all routers and configure each to advertise all of the connected networks.
* • Verify full IP connectivity using the ping command.
b. Confirm Application Layer connectivity by telneting to all routers.
Step 3: Create firewall rule set and access list statements
Using the security policy information for the FilmCompany remote access, create the firewall rules that must be implemented to enforce the policy. After the firewall rule is documented, create the access list statement that will implement the firewall rule. There may be more than one statement necessary to implement a rule.
Security Policy 1: Remote users must be able to access the Production Server to view their schedules
over the web and to enter new orders.
Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP
port 80.
Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80
Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be
placed close as possible to the source of the traffic). For each of the following security policies:
a. Create a firewall rule.
b. Create an access list statement.
c. Determine the access list placement to implement the firewall rule.
Security Policy 2: Remote users must be able to FTP files to and from the Production Server.
Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP
ports 20 and 21.
Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range
20 21 or two separate access-list statements, each permitting one of the ports.
Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be
placed close as possible to the source of the traffic)
Security Policy 3: Remote users can use the Production Server to send and retrieve email using IMAP
and SMTP protocols.
Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP
ports 143 and 25
Access List statement(s):
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143
Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be
placed close as possible to the source of the traffic)
Security Policy 4: Remote users must not be able to access any other services available on the
Production Server.
Firewall Rule: Deny all other IP protocols between users on the 10.1.1.0/24 network to the
Production Server (172.17.1.1)
Access List statement(s): deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1.
Access List placement: Inbound on router SR1 Fa0/1
Security Policy 5: No traffic is permitted from individual workstations at the main office to remote worker
workstations. Any files that need to be transferred between the two sites must be stored on the
Production Server and retrieved via FTP.
Firewall Rule: Deny all IP protocols from users on the 10.3.1.0/24 to the 10.1.1.0/24 network.
Access List statement(s): deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255
Access List placement: Inbound on router BR4 Fa0/1
Security Policy 6: No traffic is permitted from workstations at the remote site to workstations at the main
site.
Firewall Rule: Deny all IP protocols from users on the 10.1.1.0/24 to the 10.3.1.0/24 network.
Access List statement(s): deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255
Access List placement: Inbound on router SR1 Fa0/1
Security Policy 7: No Telnet traffic is permitted from the remote site workstations to any devices,
except their local switch.
Firewall Rule: Deny all TCP traffic from users on the 10.1.1.0/24 network on port 23.
Access List statement(s): deny tcp 10.1.1.0 0.0.0.255 any eq 23
Access List placement: Inbound on router SR1 Fa0/1
Step 4: Create Extended ACLs
a. Review the access list placement information that you created to implement each of the
FilmCompany security policies. List all of the different access list placements that you noted above.
Inbound on router SR1 Fa0/1
Inbound on router BR4 Fa0/1
Based on the placement information, how many access lists do you have to create?
On Router SR1
1
On Router Edge2
0
On Router BR4
1
b. Based on the access list statements you developed in Task 3, create each access list that is needed
to implement the security policies. When creating access lists, remember the following principles:
* • Only one access list can be applied per protocol, per direction on each interface.
* • Access list statements are processed in order.
* • Once an access list is created and applied on an interface, all traffic that does not match any access
list statement will be dropped.
c. Use a text file to create the access lists, or write them here. Evaluate each access list statement to
ensure that it will filter traffic as intended.
Access list to be placed on SR1 Fa0/1 inbound:
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range 20 21
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143
deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1
deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255
deny tcp 10.1.1.0 0.0.0.255 any eq 23
permit ip any any
Access list to be placed on BR4 Fa0/1 inbound:
deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip any any
Why is the order of access list statements so important?
untuk mengurangi beban prosesor router dan menurunkan latency
Kamis, 11 Januari 2007
Lab 6.1.4 Using CIDR to Ensure Route Summarization
Lab 6.1.4 Using CIDR to Ensure Route Summarization
Step 1: Cable and configure the network
Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router.
Step 2: Perform basic router configurations
Establish a HyperTerminal, or other terminal emulation program, from PC1 to each of the three routers in turn and perform the following configuration functions:
Clear any existing configurations on the routers.
Configure the router hostname.
Disable DNS lookup.
Configure an EXEC mode password.
Configure a message-of-the-day banner.
Configure a password for console connections.
Configure a password for vty connections.
Step 3: Configure the interfaces on the three routers
Configure the interfaces on the three routers with the IP addresses from the table.
Save the running configuration to the NVRAM of the router.
Step 4: Configure the Ethernet interfaces
Configure the Ethernet interfaces of Hosts PC1, PC2, and PC3 with the IP addresses from the addressing
table provided under the topology diagram.
Step 5: Verify connectivity of routers
Verify that each router can ping each of the neighboring routers across the WAN links. You should
not have connectivity between end devices yet. However, you can test connectivity between two
routers and between an end device and its default gateway. Troubleshoot if connectivity is not achieved.
Step 6: Verify connectivity of Host PCs
Verify that PC1, PC2, and PC3 can ping their respective default gateways. Troubleshoot if connectivity is not achieved.
Step 7: Configure EIGRP routing on router R1
Consider the networks that need to be included in the EIGRP updates that are sent out by the R1 router.
What directly connected networks exist on R1?
172.17.0.0
172.18.0.0
172.19.0.0
What commands are required to enable EGIRP and include the connected networks in the routing updates?
router eigrp 1
network 172.17.0.0
network 172.18.0.0
network 172.19.0.0
Are there any router interfaces that do not need to have EIGRP updates sent out? Ya
If yes, which ones? Fa0/0 and Fa0/1
What command is used to disable EIGRP updates on these interfaces?
passive-interface FastEthernet0/0 and passive-interface FastEthernet0/1
Step 8: Configure EIGRP on router R2
Consider the networks that need to be included in the EIGRP updates that are sent out by the R2 router.
What directly connected networks exist on R2?
172.16.0.0
172.17.0.0
172.20.0.0
What commands are required to enable EGIRP and include the connected networks in the routing updates?
router eigrp 1
network 172.16.0.0
network 172.17.0.0
network 172.20.0.0
Are there any router interfaces that do not need to have EIGRP updates sent out?Ya
If yes, which ones?
Fa0/0 and Fa0/1
What command is used to disable EIGRP updates on these interfaces?
passive-interface FastEthernet0/0
Step 9: Configure EIGRP routing on the R3 router
Consider the networks that need to be included in the EIGRP updates that are sent out by the R3 router.
What directly connected networks exist on R3?
172.20.0.0
10.1.0.0
What commands are required to enable EGIRP and include the connected networks in the routing updates?
router eigrp 1
network 172.20.0.0
network 10.1.0.0
Are there any router interfaces that do not need to have EIGRP updates sent out?Ya
If yes, which ones?Fa0/0 and Fa0/1
What command is used to disable EIGRP updates on these interfaces?
passive-interface FastEthernet0/0
Step 10: Verify the configurations
Ping between devices to confirm that each router can reach each device on the network and that there is
connectivity between all the PCs. If any of the above pings failed, check your physical connections and configurations. Troubleshoot until connectivity is achieved.
Step 11: Display the EIGRP routing table for each router
Are there summary routes in any of the routing tables?
Ya, tetapi hanya untuk jaringan 10.1.0.0. Auto-summary EIGRP diaktifkan secara default dan merangkum subnetwork 10.1.0.0/16 ke jaringan 10.0.0.0 / 8 classful.
Are there any summary routes for the 172.x.0.0 networks?Tidak
Step 12: Remove automatic summarization
On each of the three routers, remove automatic summarization to force EIGRP to report all subnets. A sample command is given for R1.
R1(config)#router eigrp 1
R1(config-router)#no auto-summary
Step 13: Configure manual summarization on R2
On R2, configure manual summarization so that EIGRP summarizes the four networks 172.16.0.0/16,
172.17.0.0/16, 172.18.0.0/16, and 172.19.0.0/16 as one CIDR route, or 172.16.0.0/14.
You are summarizing multiple classful networks, which creates a supernet, and results in a classless (/14)
network address being advertised.
R2(config)#interface s0/0/1
R2(config-if)#ip summary-address eigrp 1 172.16.0.0 255.252.0.0
Step 14: Confirm that R2 is advertising a CIDR summary route
Examine the routing table of each router using the show ip route command.
R1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 172.17.0.0/16 is directly connected, Serial0/0/0
D 172.16.0.0/16 [90/2172416] via 172.17.0.2, 02:13:05, Serial0/0/0
C 172.19.0.0/16 is directly connected, Loopback0
C 172.18.0.0/16 is directly connected, FastEthernet0/0
D 172.20.0.0/16 [90/2681856] via 172.17.0.2, 02:05:21, Serial0/0/0
10.0.0.0/16 is subnetted, 1 subnets
D 10.1.0.0 [90/2684416] via 172.17.0.2, 00:04:25, Serial0/0/0
R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 172.17.0.0/16 is directly connected, Serial0/0/0
C 172.16.0.0/16 is directly connected, FastEthernet0/0
D 172.19.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0
D 172.18.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0
C 172.20.0.0/16 is directly connected, Serial0/0/1
10.0.0.0/16 is subnetted, 1 subnets
D 10.1.0.0 [90/2172416] via 172.20.0.1, 00:05:57, Serial0/0/1
D 172.16.0.0/14 is a summary, 00:11:55, Null0
R3#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 172.20.0.0/16 is directly connected, Serial0/0/1
10.0.0.0/16 is subnetted, 1 subnets
C 10.1.0.0 is directly connected, FastEthernet0/0
D 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1
Which router has a summarized route to the 172.x.0.0 networks in its routing table?
R3
D 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1
Step 15: Clean up
Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are
normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Reflection
In this lab, automatic summarization was used. Could route summarization still be applied if more effective use of the IPv4 address space had been made by using VLSM for those networks requiring fewer addresses, such as the serial links between routers?
Lab 6.2.1 Determining an IP Addressing Scheme
Step 1: Consider VLAN issues
The initial step in determining the required VLANs is to group users and services into VLANs. Each of these VLANs will represent an IP subnet.
A VLAN can be considered to be a group of switch ports assigned to a broadcast domain. Grouping the
switch ports confines broadcast traffic to specified hosts so that bandwidth is not unnecessarily consumed in unrelated VLANs. It is therefore a recommended best practice to assign only one IP network or subnetwork to each VLAN.
When determining how to group users and services, consider the following issues:
Flexibility
The employees and hardware of the former AnyCompany will move into the building with the FilmCompany in the near future. The network from this newly acquired company needs to be tightly integrated with the FilmCompany network and a structure put in place to enhance the security of the network.
To support this integration, with improvements in security and performance, additional VLANs need to be
created on the network. These VLANs will also allow the personnel to move to the buildings without additional network changes or interruption in network services.
Security
Security can be better enforced between VLANs than within VLANs.
* • Access control lists can be applied to the Distribution Layer router subinterfaces that interconnect the
VLANs to enforce this security.
* • The interfaces on the switches can be assigned to VLANs as appropriate to support the network for
the connected device.
* • Additional Layer 2 security measures can also be applied to these switch interfaces.
WANs and VPNs
The contract with StadiumCompany adds a number of new requirements. Some FilmCompany personnel will be located at the stadium. Additional personnel and contract workers will also be present at the stadium during live events. These employees will use laptops and the wireless LAN at the FilmCompany branch as well as the wireless LAN at the stadium. To provide network connectivity for these laptops, they will be in their own VLAN. At the stadium, the FilmCompany laptop users will connect to a secure wireless VLAN and use a VPN over the Frame Relay connection between stadium and the FilmCompany branch. With this connection, the laptop users can be attached to the internal FilmCompany network regardless of physical location. To support the video feeds, FilmCompany will need resources available at the stadium. Some of the servers providing these resources will be located at the stadium. Other servers will be located at the branch office of the FilmCompany. For security and performance reasons, these servers, regardless of location, will be on secured VLANs. A separate VPN over the Frame Relay link will be created to connect the servers at the stadium to the servers located at the FilmCompany office.
What are the advantages and disadvantages of using a VPN to extend the wireless and video server
networks over the Frame Relay connection from FilmCompany to the stadium?
Advantages:
Memperluas VLAN melalui VPN di WAN memiliki keuntungan dari keamanan tindakan yang dilakukan terhadap VLAN yang juga sedang diterapkan pada semua host di manapun lokasinya.
Disadvantages:
Kerugiannya adalah bahwa semua siaran VLAN juga melintasi bandwidth sempit pada WAN link, yang mungkin mempengaruhi throughput data
Redundancy
The VLAN structure will support load balancing and redundancy, which are major needs of this new network design. With such a large portion of the FilmCompany operations and revenues dependent on the network operation, a network failure could be devastating. The new VLAN arrangement allows the FC-ASW1 and FCASW2 switches to share the load of the traffic and be backups for each other.
This redundancy is accomplished by sharing the RSTP primary and secondary root duties for the traffic for the different VLANs:
* • FC-ASW1 will be the primary root for approximately one-half of the VLAN traffic (not necessarily one half of the VLANs) and FC-ASW2 will be the secondary root for these VLANs.
* • The remaining VLANs will have FC-ASW2 as the primary root and FC-ASW1 as the secondary root.
Step 2: Group network users and services
Examine the planned network topology. Applying the issues considered in Step 1, list all the possible
groupings of users and services that may require separate VLANs and subnets.
default VLAN for the Layer 2 devices
voice VLAN to support Voice over IP
VLAN for management hosts and secure peripherals (payroll printer)
VLAN for administrative hosts
VLAN for support hosts
VLAN for high performance production workstations (stationary)
VLAN for mobile production hosts
VLAN for stadium to FilmCompany mobile access VPN
VLAN for network support
VLAN for peripherals for general use (printers, scanners)
VLAN for servers to support video services and storage
VLAN for stadium to FilmCompany video services VPN
VLAN for servers that are publicly accessible
VLAN for terminating unwanted or suspicious traffic
VLAN for undefined future services
Block of addresses are required for NAT pool for BR4
DSL link to the ISP
Addresses for the Frame Relay link to the stadium
Step 3: Tabulating the groupings
The new addressing design needs to be scalable to allow easy inclusion of future services, such as voice.
The current addressing scheme does not allow for managed growth. Correcting this scheme will mean that most devices will be placed on new VLANs and new subnets. In some cases, a device address may not be able to be changed; for example, some of the servers have software registered to their IP addresses. In such cases, the server VLAN will keep its current addressing even though it may not be consistent with the remaining addressing scheme. Other addresses that cannot be changed are the addresses used with the WAN links and the addresses for NAT pool used to access the Internet.
This table shows a possible grouping and addressing scheme. The number of hosts required for the
FilmCompany branch office, including growth, has been determined. Assigning one subnet to each VLAN, the host count for each has been rounded up to the next logical network size supported by the binary patterns used in the subnet mask. Rounding up prevents underestimating the total number of host addresses required
VLAN number Network name Nomor alamat host PredeterminedNetwork Address Deskripsi
1 default 14 Default VLAN for the Layer 2 devices
10 voice 254 Voice VLAN to support Voice over IP
20 management 14 Management hosts and secure peripherals (payroll printer)
30 administrative 62 Administrative hosts
40 support 126 Support hosts
50 production 126 High performance production workstations (stationary)
60 mobile 62 Mobile production hosts
70 net_admin 14 Network support
80 servers 65534 172.17.0.0 /16 Servers to support video servicesand storage
90 peripherals 62 Peripherals for general use (printers,scanners)
100 web_access 14 VLAN for servers that are publiclyaccessible
120 future 126 VLAN for future services
999 null 126 VLAN for terminating unwanted orsuspicious traffic
NA NAT_pool 6 209.165.200.224/29 Addresses for NAT pool for BR4 orinterface to ISP4
NA DSL_Link 2 192.0.2.40 /30 DSL link to the ISP
NA Frame_Link 2 172.18.0.16/30 Address of the FR link to thestadium
Step 4: Determine the total number of hosts to be addressed
To determine the block of addresses to be used, count the number of hosts. To calculate the addresses,
count only the hosts that will receive addresses from the new block. Use the information in the table in Step 3 to complete this chart to calculate the total number of hosts in the new FilmCompany network requiring addresses.
Reflection / Challenge
This lab provided a step-by-step process for determining an addressing scheme for a corporate network.
Discuss and consider the issues that would arise if this planning process was not methodically used.
Lab 6.2.2 Determining the Number of IP Networks
Task 1: Review Address Block Size
Review and record the total number of hosts to be addressed.
Complete this table with the information determined in Lab 6.2.1.
Network/VLAN Name #Number of host addresses
Default 14
Voice 254
Management 14
Administrative 62
Support 126
Production 126
Mobile 62
Peripherals 62
Net_admin 14
Web_access 14
Future 126
Null 126
Total 1000
What is the smallest address block size that can potentially satisfy the FilmCompany network needs?
1024
Task 2: Choose or Obtain an Address Block
Step 1: Choose public or private addresses?
A block of addresses needs to be acquired to support the addressing scheme. This block of addresses could be private space addresses or public addresses. In most cases, the network users require only outbound connections to the Internet. Only a few hosts, such as web servers, require public addresses. These often exist on the local LAN with private addresses and have static NAT entries on the border router to translate to public addresses. Public address, however, are expensive and often difficult to justify. Can you make a justification of the use public addresses in this network?
Tidak
If so, write this justification to forward to the ISP:
Step 2: Ensure that the private space addresses do not conflict
Although you are allowed to use private space addresses any way you choose, you must make sure that the addresses used do not conflict with another private space address to which this network will be connected. You must identify other networks to which you are connected and make sure that you are not using the same private addresses. In this case, you need to examine the addresses used by the StadiumCompany.
What address private space block does the StadiumCompany use?
172.18.0.0 /16
What address blocks are used by the WAN links?
172.18.0.16/30
192.0.2.40 /30
Are there other devices or connections that need to be excluded from use?
Ya
What types?
servers
What address block?
172.17.0.0 /16
Step 3: Ensure that the private space addresses are consistent with policy
The company should have a network policy and method of allocating addresses. This is true even when using
private addresses. You should contact the FilmCompany network administrators to request a block of
addresses. In this case, ask your instructor if there is a preferred set of addresses to use.
Did your instructor assign a block of addresses?
If so, what block?
If your instructor does not assign addresses, you may choose any private space block that does not conflict.
What block of addresses are you using for this FilmCompany Branch?
192.168.0.0 /22
Task 3: Allocate Addresses for the Network
When assigning addresses to the different networks, start the assignments with the subnet that requires the largest address block and progress to the network that requires the smallest.
Step 1: Order the networks from largest to smallest
Using the information from Lab 6.2.1, list the networks in order of size, from the network that requires the
largest address block to the network that requires the smallest block.
Network/VLAN Name Number of host addresses
Voice 254
support 126
production 126
Future 126
Null 126
administrative 62
Mobile 62
peripherals 62
Web_access 14
Default 14
management 14
Net_admin 14
Step 2: Assign address blocks to the networks
From the address block chosen in the previous task, begin calculating and assigning the address blocks to these networks. You should use contiguous blocks of addresses when making these assignments.
Network/VLAN Name Number of host addresses Network address
Voice 254 192.168.0.0 /24
support 126 192.168.1.0 /25
production 126 192.168.1.128 /25
Future 126 192.168.2.0 /25
Null 126 192.168.2.128 /25
administrative 62 192.168.3.0 /26
Mobile 62 192.168.3.64 /26
Peripherals 62 192.168.3.128 /26
web_access 14 192.168.3.192 /28
Default 14 192.168.3.208 /28
management 14 192.168.3.224 /28
net_admin 14 192.168.3.240 /28
Step 3: Complete the address planning table
Using the addresses you calculated in the previous step, complete this table from Lab 6.2.1. This plan will be used in future labs.
VLAN # Network/VLAN Name Number of host addresses Network Address Description
1 default 14 192.168.3.208 /28 Default VLAN for the Layer 2 devices
10 voice 254 192.168.0.0 /24 Voice VLAN to support Voice over IP
20 management 14 192.168.3.224 /28 Management hosts and secureperipherals (payroll printer)
30 administrative 62 192.168.3.0 /26 Administrative hosts
40 support 126 192.168.1.0 /25 Support hosts
50 production 126 192.168.1.128 /25 High performance productionworkstations (stationary)
60 mobile 62 192.168.3.64 /26 Mobile production hosts.
70 net_admin 14 192.168.3.240 /28 Network support
80 servers 65534 172.17.0.0 /16 Servers to support video services and storage.
90 peripherals 62 192.168.3.128 /26 Peripherals for general use (printers, scanners)
100 web_access 14 192.168.3.192 /28 VLAN for server that are publiclyaccessible
120 future 126 192.168.2.0 /25 VLAN for future services
999 null 126 192.168.2.128 /25 VLAN for terminating unwanted orsuspicious traffic
NA NAT_pool 6 209.165.200.224/29 Addresses for NAT pool for BR4 or interface to ISP4
NA DSL_Link 2 192.0.2.40 /30 DSL link to the ISP
NA Frame_link 2 172.18.0.16/30 Address of the FR link to the stadium
Reflection / Challenge
This lab specifically used private IPv4 addresses. Discuss the issues to be considered if it was decided to use public IP addresses throughout the network. Are there any situations that would require this?
Alamat IP versi 4 (sering disebut dengan Alamat IPv4) adalah sebuah jenis pengalamatan jaringan yang digunakan di dalam protokol jaringan TCP/IP yang menggunakan protokol IP versi 4. Panjang totalnya adalah 32-bit, dan secara teoritis dapat mengalamati hingga 4 miliar host komputer atau lebih tepatnya 4.294.967.296 host di seluruh dunia, jumlah host tersebut didapatkan dari 256 (didapatkan dari 8 bit) dipangkat 4(karena terdapat 4 oktet) sehingga nilai maksimal dari alamt IP versi 4 tersebut adalah 255.255.255.255 dimana nilai dihitung dari nol sehingga nilai nilai host yang dapat ditampung adalah 256x256x256x256=4.294.967.296 host. Alamat publik adalah alamat-alamat yang telah ditetapkan oleh InterNIC dan berisi beberapa buah network identifier yang telah dijamin unik (artinya, tidak ada dua host yang menggunakan alamat yang sama) jika intranet tersebut telah terhubung ke Internet. Ketika beberapa alamat publik telah ditetapkan, maka beberapa rute dapat diprogram ke dalam sebuah router sehingga lalu lintas data yang menuju alamat publik tersebut dapat mencapai lokasinya.
Lab 6.2.5 Creating an Address Allocation Spreadsheet
Step 1: Record the network address block
In the first column, record the address block used for the entire FilmCompany network chosen in the previous lab.
Step 2: Define the 254-host networks
Based on the requirements for the FilmCompany network, the address block is divided into twelve separate networks using four different masks.
In the second column of the table above, record the network blocks that will support 254 hosts per
network. In the last column, record the names of the networks that need to be assigned to these blocks.
The CIDR notation mask for the 254-host network is /24. What is the dotted decimal equivalent mask?
255.255.255.0
Step 3: Define the 126-host networks
In the third column of the table above, choose the first unused 254 host address block to subdivide
into 126-host networks. In the last column, record the names of the networks assigned to these 126-host blocks.
The CIDR notation mask for the 126-host network is /25. What is the dotted decimal equivalent mask?
255.255.255.128
Step 4: Define the 62-host networks
In the fourth column of the table above, choose the first unused 126-host address block to subdivide
into 62-host networks.
In the last column, record the names of the networks assigned to these 62-host blocks.
The CIDR notation mask for the 62-host network is /26. What is the dotted decimal equivalent mask?
255.255.255.192
Step 5: Define the 14-host networks
In the fifth column of the table above, choose the first unused 62-host address block to subdivide into
14-host networks. In the last column, record the names of the networks assigned to these 14-host blocks.
The CIDR notation mask for the 14-host network is /28. What is the dotted decimal equivalent mask?
255.255.255.240
Task 2: Define the Host Address Assignments
For each network, determine and document the host addresses and broadcast addresses. Use the table
below to document these networks and host information.
Step 1: Record the network names and addresses in the addressing table
In the table below, record the network names for the FilmCompany in the first column and the corresponding network address in the second column.
Step 2: Calculate the lowest host address in the addressing table
The lowest address for a network is one greater than the address of the network. Therefore, to calculate the lowest host address, add a 1 to the network address. For each of these networks, calculate and record the lowest host address in the second column of the table.
Step 3: Calculate the broadcast address in the addressing table
The broadcast address uses the highest address in the network range. This is the address in which the bits in the host portion are all 1s. To calculate the broadcast for each of the networks listed, convert the last octet of the network address into binary. Then fill the remaining host bits with 1s. Finally, convert the binary back to decimal. For each of these networks, calculate and record the broadcast address in the last column.
Step 4: Calculate the highest host address in the addressing table
The highest address for each address is the network address is one less than the broadcast address for that network. Therefore, to calculate the highest host address, subtract a 1 from the broadcast address. For each of these networks, calculate and record the highest host address in the second column.
Network Names Network Address Lowest HostAddress Highest HostAddress Broadcast Address
voice 192.168.0.0 /24 192.168.0.1 192.168.1.254 192.168.1.255
support 192.168.1.0 /25 192.168.1.1 192.168.1.126 192.168.1.127
production 192.168.1.128 /25 192.168.1.129 192.168.1.254 192.168.1.255
future 192.168.2.0 /25 192.168.2.1 192.168.2.126 192.168.2.127
null 192.168.2.128 /25 192.168.2.129 192.168.2.254 192.168.2.255
administrative 192.168.3.0 /26 192.168.3.1 192.168.3.62 192.168.3.63
mobile 192.168.3.64 /26 192.168.3.65 192.168.3.126 192.168.3.127
peripherals 192.168.3.128 /26 192.168.3.129 192.168.3.190 192.168.3.191
Web_access 192.168.3.192 /28 192.168.3.193 192.168.3.206 192.168.3.207
default 192.168.3.208 /28 192.168.3.209 192.168.3.222 192.168.3.223
management 192.168.3.224 /28 192.168.3.225 192.168.3.238 192.168.3.239
net_admin 192.168.3.240 /28 192.168.3.241 192.168.3.254 192.168.3.255
Task 3: Examine Address Blocks for Overlapping Addresses
One of the major issues of planning network addresses is overlapping addresses. This is especially true when using VLSM addressing. Examine the table in the previous step to ensure that each network has a unique address range.
Are there any overlapping addresses in the networks?Tidak
If there are any overlapping addresses, recalculate the addressing plan for the FilmCompany network.
Lab 6.2.6 Diagramming the Network
Step 1: Identify the appropriate VLAN
In the previous labs, you identified VLANs and subnets to be used in the FilmCompany network expansion. For each device listed in the table in the final section of this lab, assign each host the appropriate VLAN based on its description. Record these VLAN assignments in the third column of the table in Step 5.
Step 2: Assign addresses to the devices
In the previous lab, an address range was established for each subnet and VLAN. Using these established ranges and the VLAN assignments to the devices in the previous step, assign a host address to each of the selected hosts. Record this information in the last column of the table in Step 5 of this lab.
Step 3: Define the codes for device naming
From the device information, develop and apply a naming convention for the hosts.
A good naming scheme follows these guidelines:
* • Keep the names as short as possible; using fewer than twelve characters is recommended.
* • Indicate the device type, purpose, and location with codes, rather than words or abbreviations.
* • Maintain a consistent scheme. Consistent naming makes it easier to sort and report on the devices,
and to set up management systems.
* • Document the names in the IT department files and on the network topology diagrams.
* • Avoid names that make it easy to find protected resources.
For each naming criteria, assign a code for type. You will use these codes in different combinations to create device names. In the tables below, create codes for the elements of the device names. Use as many or as few codes as needed.
Device Type Type code Device Purpose Purpose code Device Location Location code
Laptop LT Management MGMT Stadium STAD
Desktop PC PC Production PROD 1st Floor 1FLR
Workstation WS Netadmin NETA 3rd Floor 3FLR
Printer PT
ServerRoom SVRM
Scanner SC
Server SV
Step 4: Establish the naming convention
In the spaces below, indicate the order and the number of letters to be used in the device naming. Again, use as many or as few letters as necessary. List the criteria in the blanks and draw a line to indicate the number of letters used. You may also choose to use hyphens (-) or underscores (_) to separate fields.
Step 5: Apply a naming convention
For each of the twelve devices shown in this table, apply the naming convention. Then add these device
names in the appropriate boxes in the topology at the beginning of the lab.
Number Device Name VLAN Description IP Address
1 servers Server for capturing raw video feeds from stadium
2 servers Server for storing finished (postproduction) video
3 web_access Public web server for on demand video access
4 management Branch manager’s computer
5 production Live event production worker (switched)
6 support Human resource clerk
7 support Payroll Manager
8 mobile Live event mobile worker (audio producer)
9 mobile Live event mobile worker (camera coordinator)
10 support Receptionist’s computer
11 management Financial Manager’s computer
12 net_admin Information Technology manager’s computer
Step 1: Cable and configure the network
Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router.
Step 2: Perform basic router configurations
Establish a HyperTerminal, or other terminal emulation program, from PC1 to each of the three routers in turn and perform the following configuration functions:
Clear any existing configurations on the routers.
Configure the router hostname.
Disable DNS lookup.
Configure an EXEC mode password.
Configure a message-of-the-day banner.
Configure a password for console connections.
Configure a password for vty connections.
Step 3: Configure the interfaces on the three routers
Configure the interfaces on the three routers with the IP addresses from the table.
Save the running configuration to the NVRAM of the router.
Step 4: Configure the Ethernet interfaces
Configure the Ethernet interfaces of Hosts PC1, PC2, and PC3 with the IP addresses from the addressing
table provided under the topology diagram.
Step 5: Verify connectivity of routers
Verify that each router can ping each of the neighboring routers across the WAN links. You should
not have connectivity between end devices yet. However, you can test connectivity between two
routers and between an end device and its default gateway. Troubleshoot if connectivity is not achieved.
Step 6: Verify connectivity of Host PCs
Verify that PC1, PC2, and PC3 can ping their respective default gateways. Troubleshoot if connectivity is not achieved.
Step 7: Configure EIGRP routing on router R1
Consider the networks that need to be included in the EIGRP updates that are sent out by the R1 router.
What directly connected networks exist on R1?
172.17.0.0
172.18.0.0
172.19.0.0
What commands are required to enable EGIRP and include the connected networks in the routing updates?
router eigrp 1
network 172.17.0.0
network 172.18.0.0
network 172.19.0.0
Are there any router interfaces that do not need to have EIGRP updates sent out? Ya
If yes, which ones? Fa0/0 and Fa0/1
What command is used to disable EIGRP updates on these interfaces?
passive-interface FastEthernet0/0 and passive-interface FastEthernet0/1
Step 8: Configure EIGRP on router R2
Consider the networks that need to be included in the EIGRP updates that are sent out by the R2 router.
What directly connected networks exist on R2?
172.16.0.0
172.17.0.0
172.20.0.0
What commands are required to enable EGIRP and include the connected networks in the routing updates?
router eigrp 1
network 172.16.0.0
network 172.17.0.0
network 172.20.0.0
Are there any router interfaces that do not need to have EIGRP updates sent out?Ya
If yes, which ones?
Fa0/0 and Fa0/1
What command is used to disable EIGRP updates on these interfaces?
passive-interface FastEthernet0/0
Step 9: Configure EIGRP routing on the R3 router
Consider the networks that need to be included in the EIGRP updates that are sent out by the R3 router.
What directly connected networks exist on R3?
172.20.0.0
10.1.0.0
What commands are required to enable EGIRP and include the connected networks in the routing updates?
router eigrp 1
network 172.20.0.0
network 10.1.0.0
Are there any router interfaces that do not need to have EIGRP updates sent out?Ya
If yes, which ones?Fa0/0 and Fa0/1
What command is used to disable EIGRP updates on these interfaces?
passive-interface FastEthernet0/0
Step 10: Verify the configurations
Ping between devices to confirm that each router can reach each device on the network and that there is
connectivity between all the PCs. If any of the above pings failed, check your physical connections and configurations. Troubleshoot until connectivity is achieved.
Step 11: Display the EIGRP routing table for each router
Are there summary routes in any of the routing tables?
Ya, tetapi hanya untuk jaringan 10.1.0.0. Auto-summary EIGRP diaktifkan secara default dan merangkum subnetwork 10.1.0.0/16 ke jaringan 10.0.0.0 / 8 classful.
Are there any summary routes for the 172.x.0.0 networks?Tidak
Step 12: Remove automatic summarization
On each of the three routers, remove automatic summarization to force EIGRP to report all subnets. A sample command is given for R1.
R1(config)#router eigrp 1
R1(config-router)#no auto-summary
Step 13: Configure manual summarization on R2
On R2, configure manual summarization so that EIGRP summarizes the four networks 172.16.0.0/16,
172.17.0.0/16, 172.18.0.0/16, and 172.19.0.0/16 as one CIDR route, or 172.16.0.0/14.
You are summarizing multiple classful networks, which creates a supernet, and results in a classless (/14)
network address being advertised.
R2(config)#interface s0/0/1
R2(config-if)#ip summary-address eigrp 1 172.16.0.0 255.252.0.0
Step 14: Confirm that R2 is advertising a CIDR summary route
Examine the routing table of each router using the show ip route command.
R1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 172.17.0.0/16 is directly connected, Serial0/0/0
D 172.16.0.0/16 [90/2172416] via 172.17.0.2, 02:13:05, Serial0/0/0
C 172.19.0.0/16 is directly connected, Loopback0
C 172.18.0.0/16 is directly connected, FastEthernet0/0
D 172.20.0.0/16 [90/2681856] via 172.17.0.2, 02:05:21, Serial0/0/0
10.0.0.0/16 is subnetted, 1 subnets
D 10.1.0.0 [90/2684416] via 172.17.0.2, 00:04:25, Serial0/0/0
R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 172.17.0.0/16 is directly connected, Serial0/0/0
C 172.16.0.0/16 is directly connected, FastEthernet0/0
D 172.19.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0
D 172.18.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0
C 172.20.0.0/16 is directly connected, Serial0/0/1
10.0.0.0/16 is subnetted, 1 subnets
D 10.1.0.0 [90/2172416] via 172.20.0.1, 00:05:57, Serial0/0/1
D 172.16.0.0/14 is a summary, 00:11:55, Null0
R3#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 172.20.0.0/16 is directly connected, Serial0/0/1
10.0.0.0/16 is subnetted, 1 subnets
C 10.1.0.0 is directly connected, FastEthernet0/0
D 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1
Which router has a summarized route to the 172.x.0.0 networks in its routing table?
R3
D 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1
Step 15: Clean up
Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are
normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Reflection
In this lab, automatic summarization was used. Could route summarization still be applied if more effective use of the IPv4 address space had been made by using VLSM for those networks requiring fewer addresses, such as the serial links between routers?
Lab 6.2.1 Determining an IP Addressing Scheme
Step 1: Consider VLAN issues
The initial step in determining the required VLANs is to group users and services into VLANs. Each of these VLANs will represent an IP subnet.
A VLAN can be considered to be a group of switch ports assigned to a broadcast domain. Grouping the
switch ports confines broadcast traffic to specified hosts so that bandwidth is not unnecessarily consumed in unrelated VLANs. It is therefore a recommended best practice to assign only one IP network or subnetwork to each VLAN.
When determining how to group users and services, consider the following issues:
Flexibility
The employees and hardware of the former AnyCompany will move into the building with the FilmCompany in the near future. The network from this newly acquired company needs to be tightly integrated with the FilmCompany network and a structure put in place to enhance the security of the network.
To support this integration, with improvements in security and performance, additional VLANs need to be
created on the network. These VLANs will also allow the personnel to move to the buildings without additional network changes or interruption in network services.
Security
Security can be better enforced between VLANs than within VLANs.
* • Access control lists can be applied to the Distribution Layer router subinterfaces that interconnect the
VLANs to enforce this security.
* • The interfaces on the switches can be assigned to VLANs as appropriate to support the network for
the connected device.
* • Additional Layer 2 security measures can also be applied to these switch interfaces.
WANs and VPNs
The contract with StadiumCompany adds a number of new requirements. Some FilmCompany personnel will be located at the stadium. Additional personnel and contract workers will also be present at the stadium during live events. These employees will use laptops and the wireless LAN at the FilmCompany branch as well as the wireless LAN at the stadium. To provide network connectivity for these laptops, they will be in their own VLAN. At the stadium, the FilmCompany laptop users will connect to a secure wireless VLAN and use a VPN over the Frame Relay connection between stadium and the FilmCompany branch. With this connection, the laptop users can be attached to the internal FilmCompany network regardless of physical location. To support the video feeds, FilmCompany will need resources available at the stadium. Some of the servers providing these resources will be located at the stadium. Other servers will be located at the branch office of the FilmCompany. For security and performance reasons, these servers, regardless of location, will be on secured VLANs. A separate VPN over the Frame Relay link will be created to connect the servers at the stadium to the servers located at the FilmCompany office.
What are the advantages and disadvantages of using a VPN to extend the wireless and video server
networks over the Frame Relay connection from FilmCompany to the stadium?
Advantages:
Memperluas VLAN melalui VPN di WAN memiliki keuntungan dari keamanan tindakan yang dilakukan terhadap VLAN yang juga sedang diterapkan pada semua host di manapun lokasinya.
Disadvantages:
Kerugiannya adalah bahwa semua siaran VLAN juga melintasi bandwidth sempit pada WAN link, yang mungkin mempengaruhi throughput data
Redundancy
The VLAN structure will support load balancing and redundancy, which are major needs of this new network design. With such a large portion of the FilmCompany operations and revenues dependent on the network operation, a network failure could be devastating. The new VLAN arrangement allows the FC-ASW1 and FCASW2 switches to share the load of the traffic and be backups for each other.
This redundancy is accomplished by sharing the RSTP primary and secondary root duties for the traffic for the different VLANs:
* • FC-ASW1 will be the primary root for approximately one-half of the VLAN traffic (not necessarily one half of the VLANs) and FC-ASW2 will be the secondary root for these VLANs.
* • The remaining VLANs will have FC-ASW2 as the primary root and FC-ASW1 as the secondary root.
Step 2: Group network users and services
Examine the planned network topology. Applying the issues considered in Step 1, list all the possible
groupings of users and services that may require separate VLANs and subnets.
default VLAN for the Layer 2 devices
voice VLAN to support Voice over IP
VLAN for management hosts and secure peripherals (payroll printer)
VLAN for administrative hosts
VLAN for support hosts
VLAN for high performance production workstations (stationary)
VLAN for mobile production hosts
VLAN for stadium to FilmCompany mobile access VPN
VLAN for network support
VLAN for peripherals for general use (printers, scanners)
VLAN for servers to support video services and storage
VLAN for stadium to FilmCompany video services VPN
VLAN for servers that are publicly accessible
VLAN for terminating unwanted or suspicious traffic
VLAN for undefined future services
Block of addresses are required for NAT pool for BR4
DSL link to the ISP
Addresses for the Frame Relay link to the stadium
Step 3: Tabulating the groupings
The new addressing design needs to be scalable to allow easy inclusion of future services, such as voice.
The current addressing scheme does not allow for managed growth. Correcting this scheme will mean that most devices will be placed on new VLANs and new subnets. In some cases, a device address may not be able to be changed; for example, some of the servers have software registered to their IP addresses. In such cases, the server VLAN will keep its current addressing even though it may not be consistent with the remaining addressing scheme. Other addresses that cannot be changed are the addresses used with the WAN links and the addresses for NAT pool used to access the Internet.
This table shows a possible grouping and addressing scheme. The number of hosts required for the
FilmCompany branch office, including growth, has been determined. Assigning one subnet to each VLAN, the host count for each has been rounded up to the next logical network size supported by the binary patterns used in the subnet mask. Rounding up prevents underestimating the total number of host addresses required
VLAN number Network name Nomor alamat host PredeterminedNetwork Address Deskripsi
1 default 14 Default VLAN for the Layer 2 devices
10 voice 254 Voice VLAN to support Voice over IP
20 management 14 Management hosts and secure peripherals (payroll printer)
30 administrative 62 Administrative hosts
40 support 126 Support hosts
50 production 126 High performance production workstations (stationary)
60 mobile 62 Mobile production hosts
70 net_admin 14 Network support
80 servers 65534 172.17.0.0 /16 Servers to support video servicesand storage
90 peripherals 62 Peripherals for general use (printers,scanners)
100 web_access 14 VLAN for servers that are publiclyaccessible
120 future 126 VLAN for future services
999 null 126 VLAN for terminating unwanted orsuspicious traffic
NA NAT_pool 6 209.165.200.224/29 Addresses for NAT pool for BR4 orinterface to ISP4
NA DSL_Link 2 192.0.2.40 /30 DSL link to the ISP
NA Frame_Link 2 172.18.0.16/30 Address of the FR link to thestadium
Step 4: Determine the total number of hosts to be addressed
To determine the block of addresses to be used, count the number of hosts. To calculate the addresses,
count only the hosts that will receive addresses from the new block. Use the information in the table in Step 3 to complete this chart to calculate the total number of hosts in the new FilmCompany network requiring addresses.
Reflection / Challenge
This lab provided a step-by-step process for determining an addressing scheme for a corporate network.
Discuss and consider the issues that would arise if this planning process was not methodically used.
Lab 6.2.2 Determining the Number of IP Networks
Task 1: Review Address Block Size
Review and record the total number of hosts to be addressed.
Complete this table with the information determined in Lab 6.2.1.
Network/VLAN Name #Number of host addresses
Default 14
Voice 254
Management 14
Administrative 62
Support 126
Production 126
Mobile 62
Peripherals 62
Net_admin 14
Web_access 14
Future 126
Null 126
Total 1000
What is the smallest address block size that can potentially satisfy the FilmCompany network needs?
1024
Task 2: Choose or Obtain an Address Block
Step 1: Choose public or private addresses?
A block of addresses needs to be acquired to support the addressing scheme. This block of addresses could be private space addresses or public addresses. In most cases, the network users require only outbound connections to the Internet. Only a few hosts, such as web servers, require public addresses. These often exist on the local LAN with private addresses and have static NAT entries on the border router to translate to public addresses. Public address, however, are expensive and often difficult to justify. Can you make a justification of the use public addresses in this network?
Tidak
If so, write this justification to forward to the ISP:
Step 2: Ensure that the private space addresses do not conflict
Although you are allowed to use private space addresses any way you choose, you must make sure that the addresses used do not conflict with another private space address to which this network will be connected. You must identify other networks to which you are connected and make sure that you are not using the same private addresses. In this case, you need to examine the addresses used by the StadiumCompany.
What address private space block does the StadiumCompany use?
172.18.0.0 /16
What address blocks are used by the WAN links?
172.18.0.16/30
192.0.2.40 /30
Are there other devices or connections that need to be excluded from use?
Ya
What types?
servers
What address block?
172.17.0.0 /16
Step 3: Ensure that the private space addresses are consistent with policy
The company should have a network policy and method of allocating addresses. This is true even when using
private addresses. You should contact the FilmCompany network administrators to request a block of
addresses. In this case, ask your instructor if there is a preferred set of addresses to use.
Did your instructor assign a block of addresses?
If so, what block?
If your instructor does not assign addresses, you may choose any private space block that does not conflict.
What block of addresses are you using for this FilmCompany Branch?
192.168.0.0 /22
Task 3: Allocate Addresses for the Network
When assigning addresses to the different networks, start the assignments with the subnet that requires the largest address block and progress to the network that requires the smallest.
Step 1: Order the networks from largest to smallest
Using the information from Lab 6.2.1, list the networks in order of size, from the network that requires the
largest address block to the network that requires the smallest block.
Network/VLAN Name Number of host addresses
Voice 254
support 126
production 126
Future 126
Null 126
administrative 62
Mobile 62
peripherals 62
Web_access 14
Default 14
management 14
Net_admin 14
Step 2: Assign address blocks to the networks
From the address block chosen in the previous task, begin calculating and assigning the address blocks to these networks. You should use contiguous blocks of addresses when making these assignments.
Network/VLAN Name Number of host addresses Network address
Voice 254 192.168.0.0 /24
support 126 192.168.1.0 /25
production 126 192.168.1.128 /25
Future 126 192.168.2.0 /25
Null 126 192.168.2.128 /25
administrative 62 192.168.3.0 /26
Mobile 62 192.168.3.64 /26
Peripherals 62 192.168.3.128 /26
web_access 14 192.168.3.192 /28
Default 14 192.168.3.208 /28
management 14 192.168.3.224 /28
net_admin 14 192.168.3.240 /28
Step 3: Complete the address planning table
Using the addresses you calculated in the previous step, complete this table from Lab 6.2.1. This plan will be used in future labs.
VLAN # Network/VLAN Name Number of host addresses Network Address Description
1 default 14 192.168.3.208 /28 Default VLAN for the Layer 2 devices
10 voice 254 192.168.0.0 /24 Voice VLAN to support Voice over IP
20 management 14 192.168.3.224 /28 Management hosts and secureperipherals (payroll printer)
30 administrative 62 192.168.3.0 /26 Administrative hosts
40 support 126 192.168.1.0 /25 Support hosts
50 production 126 192.168.1.128 /25 High performance productionworkstations (stationary)
60 mobile 62 192.168.3.64 /26 Mobile production hosts.
70 net_admin 14 192.168.3.240 /28 Network support
80 servers 65534 172.17.0.0 /16 Servers to support video services and storage.
90 peripherals 62 192.168.3.128 /26 Peripherals for general use (printers, scanners)
100 web_access 14 192.168.3.192 /28 VLAN for server that are publiclyaccessible
120 future 126 192.168.2.0 /25 VLAN for future services
999 null 126 192.168.2.128 /25 VLAN for terminating unwanted orsuspicious traffic
NA NAT_pool 6 209.165.200.224/29 Addresses for NAT pool for BR4 or interface to ISP4
NA DSL_Link 2 192.0.2.40 /30 DSL link to the ISP
NA Frame_link 2 172.18.0.16/30 Address of the FR link to the stadium
Reflection / Challenge
This lab specifically used private IPv4 addresses. Discuss the issues to be considered if it was decided to use public IP addresses throughout the network. Are there any situations that would require this?
Alamat IP versi 4 (sering disebut dengan Alamat IPv4) adalah sebuah jenis pengalamatan jaringan yang digunakan di dalam protokol jaringan TCP/IP yang menggunakan protokol IP versi 4. Panjang totalnya adalah 32-bit, dan secara teoritis dapat mengalamati hingga 4 miliar host komputer atau lebih tepatnya 4.294.967.296 host di seluruh dunia, jumlah host tersebut didapatkan dari 256 (didapatkan dari 8 bit) dipangkat 4(karena terdapat 4 oktet) sehingga nilai maksimal dari alamt IP versi 4 tersebut adalah 255.255.255.255 dimana nilai dihitung dari nol sehingga nilai nilai host yang dapat ditampung adalah 256x256x256x256=4.294.967.296 host. Alamat publik adalah alamat-alamat yang telah ditetapkan oleh InterNIC dan berisi beberapa buah network identifier yang telah dijamin unik (artinya, tidak ada dua host yang menggunakan alamat yang sama) jika intranet tersebut telah terhubung ke Internet. Ketika beberapa alamat publik telah ditetapkan, maka beberapa rute dapat diprogram ke dalam sebuah router sehingga lalu lintas data yang menuju alamat publik tersebut dapat mencapai lokasinya.
Lab 6.2.5 Creating an Address Allocation Spreadsheet
Step 1: Record the network address block
In the first column, record the address block used for the entire FilmCompany network chosen in the previous lab.
Step 2: Define the 254-host networks
Based on the requirements for the FilmCompany network, the address block is divided into twelve separate networks using four different masks.
In the second column of the table above, record the network blocks that will support 254 hosts per
network. In the last column, record the names of the networks that need to be assigned to these blocks.
The CIDR notation mask for the 254-host network is /24. What is the dotted decimal equivalent mask?
255.255.255.0
Step 3: Define the 126-host networks
In the third column of the table above, choose the first unused 254 host address block to subdivide
into 126-host networks. In the last column, record the names of the networks assigned to these 126-host blocks.
The CIDR notation mask for the 126-host network is /25. What is the dotted decimal equivalent mask?
255.255.255.128
Step 4: Define the 62-host networks
In the fourth column of the table above, choose the first unused 126-host address block to subdivide
into 62-host networks.
In the last column, record the names of the networks assigned to these 62-host blocks.
The CIDR notation mask for the 62-host network is /26. What is the dotted decimal equivalent mask?
255.255.255.192
Step 5: Define the 14-host networks
In the fifth column of the table above, choose the first unused 62-host address block to subdivide into
14-host networks. In the last column, record the names of the networks assigned to these 14-host blocks.
The CIDR notation mask for the 14-host network is /28. What is the dotted decimal equivalent mask?
255.255.255.240
Task 2: Define the Host Address Assignments
For each network, determine and document the host addresses and broadcast addresses. Use the table
below to document these networks and host information.
Step 1: Record the network names and addresses in the addressing table
In the table below, record the network names for the FilmCompany in the first column and the corresponding network address in the second column.
Step 2: Calculate the lowest host address in the addressing table
The lowest address for a network is one greater than the address of the network. Therefore, to calculate the lowest host address, add a 1 to the network address. For each of these networks, calculate and record the lowest host address in the second column of the table.
Step 3: Calculate the broadcast address in the addressing table
The broadcast address uses the highest address in the network range. This is the address in which the bits in the host portion are all 1s. To calculate the broadcast for each of the networks listed, convert the last octet of the network address into binary. Then fill the remaining host bits with 1s. Finally, convert the binary back to decimal. For each of these networks, calculate and record the broadcast address in the last column.
Step 4: Calculate the highest host address in the addressing table
The highest address for each address is the network address is one less than the broadcast address for that network. Therefore, to calculate the highest host address, subtract a 1 from the broadcast address. For each of these networks, calculate and record the highest host address in the second column.
Network Names Network Address Lowest HostAddress Highest HostAddress Broadcast Address
voice 192.168.0.0 /24 192.168.0.1 192.168.1.254 192.168.1.255
support 192.168.1.0 /25 192.168.1.1 192.168.1.126 192.168.1.127
production 192.168.1.128 /25 192.168.1.129 192.168.1.254 192.168.1.255
future 192.168.2.0 /25 192.168.2.1 192.168.2.126 192.168.2.127
null 192.168.2.128 /25 192.168.2.129 192.168.2.254 192.168.2.255
administrative 192.168.3.0 /26 192.168.3.1 192.168.3.62 192.168.3.63
mobile 192.168.3.64 /26 192.168.3.65 192.168.3.126 192.168.3.127
peripherals 192.168.3.128 /26 192.168.3.129 192.168.3.190 192.168.3.191
Web_access 192.168.3.192 /28 192.168.3.193 192.168.3.206 192.168.3.207
default 192.168.3.208 /28 192.168.3.209 192.168.3.222 192.168.3.223
management 192.168.3.224 /28 192.168.3.225 192.168.3.238 192.168.3.239
net_admin 192.168.3.240 /28 192.168.3.241 192.168.3.254 192.168.3.255
Task 3: Examine Address Blocks for Overlapping Addresses
One of the major issues of planning network addresses is overlapping addresses. This is especially true when using VLSM addressing. Examine the table in the previous step to ensure that each network has a unique address range.
Are there any overlapping addresses in the networks?Tidak
If there are any overlapping addresses, recalculate the addressing plan for the FilmCompany network.
Lab 6.2.6 Diagramming the Network
Step 1: Identify the appropriate VLAN
In the previous labs, you identified VLANs and subnets to be used in the FilmCompany network expansion. For each device listed in the table in the final section of this lab, assign each host the appropriate VLAN based on its description. Record these VLAN assignments in the third column of the table in Step 5.
Step 2: Assign addresses to the devices
In the previous lab, an address range was established for each subnet and VLAN. Using these established ranges and the VLAN assignments to the devices in the previous step, assign a host address to each of the selected hosts. Record this information in the last column of the table in Step 5 of this lab.
Step 3: Define the codes for device naming
From the device information, develop and apply a naming convention for the hosts.
A good naming scheme follows these guidelines:
* • Keep the names as short as possible; using fewer than twelve characters is recommended.
* • Indicate the device type, purpose, and location with codes, rather than words or abbreviations.
* • Maintain a consistent scheme. Consistent naming makes it easier to sort and report on the devices,
and to set up management systems.
* • Document the names in the IT department files and on the network topology diagrams.
* • Avoid names that make it easy to find protected resources.
For each naming criteria, assign a code for type. You will use these codes in different combinations to create device names. In the tables below, create codes for the elements of the device names. Use as many or as few codes as needed.
Device Type Type code Device Purpose Purpose code Device Location Location code
Laptop LT Management MGMT Stadium STAD
Desktop PC PC Production PROD 1st Floor 1FLR
Workstation WS Netadmin NETA 3rd Floor 3FLR
Printer PT
ServerRoom SVRM
Scanner SC
Server SV
Step 4: Establish the naming convention
In the spaces below, indicate the order and the number of letters to be used in the device naming. Again, use as many or as few letters as necessary. List the criteria in the blanks and draw a line to indicate the number of letters used. You may also choose to use hyphens (-) or underscores (_) to separate fields.
Step 5: Apply a naming convention
For each of the twelve devices shown in this table, apply the naming convention. Then add these device
names in the appropriate boxes in the topology at the beginning of the lab.
Number Device Name VLAN Description IP Address
1 servers Server for capturing raw video feeds from stadium
2 servers Server for storing finished (postproduction) video
3 web_access Public web server for on demand video access
4 management Branch manager’s computer
5 production Live event production worker (switched)
6 support Human resource clerk
7 support Payroll Manager
8 mobile Live event mobile worker (audio producer)
9 mobile Live event mobile worker (camera coordinator)
10 support Receptionist’s computer
11 management Financial Manager’s computer
12 net_admin Information Technology manager’s computer
Lab 7.1.6 Analyzing a Test Plan and Performing a Test
Lab 7.1.6 Analyzing a Test Plan and Performing a Test
Task 1: Analyze the Test Plan
Analyze the test plan shown above and answer the following questions:
a. What are the four main sections of the test plan?
1) Introduction,
2) Equipment,
3) Design / Topology Diagram,
4) Test Descriptions and related testing information. (Test procedure, success criteria, and conclusions subsections repeat for each test within the test plan.)
How many tests are defined within the test plan in this lab?
2
In which testing subsection would you find the types of commands or analysis tools used to determine
if the test was successful?
Procedures
d. In which main test plan section would you find a description the devices and cabling used to build the
prototype for the test plan?
Equipment
e. In which main testing section would an overall description of the tests to be performed and the
reasons why they are being specified in the test plan?
Introduction
Task 2: Configure the PCs and switch VLANs and perform Test 1
Step 1: Connect devices and configure PC IP addresses
Connect the switch to the router as shown in the Test Plan topology diagram.
Connect the PC1 and PC2 hosts to the switch using the ports indicated in the Test Plan topology table.
Using the IP address information from the Test Plan table, configure PC1 and PC2.
Step 2: Prepare the switch for configuration
Connect a PC with a console cable to the switch to perform configurations using a terminal emulation
program. Confirm that the switch is ready for lab configuration by ensuring that all existing VLAN and general configurations are removed. Remove the switch startup configuration file from NVRAM.
Switch#erase startup-config
Erasing the nvram filesystem will remove all files! Continue? [confirm]
Press Enter to confirm. The response should be:
Erase of nvram: complete
If the switch has previously been configured with VLANs, it will necessary to delete the VLAN
database information file. From the privileged EXEC mode, issue the following commands:
Switch#delete vlan.dat
Delete filename [vlan.dat]?[Enter]
Delete flash:/vlan.dat? [confirm] [Enter]
If there was no VLAN file, this message is displayed.
%Error deleting flash:/vlan.dat (No such file or directory)
It is recommended that the delete command not be issued as: delete flash:vlan.dat.
Accidentally omitting vlan.dat from this command could lead to the complete IOS being deleted
from flash memory. Issuing the reload command to restart the switch may not always clear the previous VLAN configuration; for that reason, the power cycle (hardware restart) step is recommended.
Step 3: Configure VLANs on switch S1
Configure switch S1 with a hostname and passwords.
Switch(config)#hostname FC-ASW-1
FC-ASW-1(config)#enable password cisco
FC-ASW-1(config)#enable secret class
FC-ASW-1(config)#line console 0
FC-ASW-1(config-line)#password cisco
FC-ASW-1(config-line)#login
FC-ASW-1(config-line)#line vty 0 15
FC-ASW-1(config-line)#password cisco
FC-ASW-1(config-line)#login
FC-ASW-1(config-line)#exit
FC-ASW-1(config)#
Configure switch S1 with the VLAN 1 IP address of 10.0.1.2/24.
FC-ASW-1(config)#interface vlan1
FC-ASW-1(config-if)#ip address 10.0.1.2 255.255.255.0
FC-ASW-1(config-if)#no shutdown
FC-ASW-1(config-if)#exit
FC-ASW-1(config)#
Configure switch S1 with the default gateway address of 10.0.1.1.
FC-ASW-1(config)#ip default-gateway 10.0.1.1
FC-ASW-1(config)#
Create VLAN 10 named main-net and VLAN 20 named voice.
FC-ASW-1(config)#vlan 10
FC-ASW-1(config-vlan)#name main-net
FC-ASW-1(config-vlan)#exit
FC-ASW-1(config-vlan)#vlan 20
FC-ASW-1(config-vlan)#name voice
FC-ASW-1(config-vlan)#exit
FC-ASW-1(config)#
Assign interface range Fa0/2 through Fa0/12 to VLAN 10.
FC-ASW-1(config)#interface range fa0/2 – 12
FC-ASW-1(config-if-range)#switchport mode access
FC-ASW-1(config-if-range)#switchport access vlan 10
FC-ASW-1(config-if-range)#exit
FC-ASW-1(config)#
Assign interface range Fa0/13 through Fa0/24 to VLAN 20.
FC-ASW-1(config)#interface range fa0/13 – 24
FC-ASW-1(config-if-range)#switchport mode access
FC-ASW-1(config-if-range)#switchport access vlan 20
FC-ASW-1(config-if-range)#end
FC-ASW-1#
Step 4: Perform Test 1 to determine if the hosts can communicate between VLANs
a. Issue the show running-config commands from the switch and verify all basic configuration
settings. See output at end of lab.
b. Issue the show vlan brief command on the switch to verify what ports are in which VLANs.
Which switch ports are in VLAN 1?
Fa0/1 Gi0/1, Gi0/2
Which switch ports are in VLAN 10?
Fa0/2 – Fa0/12
Which switch ports are in VLAN 20?
Fa0/13 – Fa0/24
FC-ASW-1#show vlan brief
VLAN Name Status Ports
1 default active Fa0/1, Gi0/1, Gi0/2
10 main-net active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12
20 voice active Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
<*** output omitted ***>
c. With PC1 connected to switch port 4 and PC2 attached to port 14, attempt to ping from PC1 to PC2.
Would you expect the ping to be successful?
Tidak
Why or why not?
PC IP addresses are on different networks (PC1 is on net 10.0.10.0/24 and PC2 is on net 10.0.20.0/24 and in different VLANs.
d. Change the IP address of PC2 to 10.0.10.5 so that the two PCs are on the same network and ping again. Would you expect the ping to be successful?
Tidak
Why or why not?
Alamat IP PC punya alamat jaringan yang sama tapi masih di VLAN yang berbeda
e. Move the cable for PC2 to a port that is in the VLAN 10 range (Fa0/2 to Fa0/12) and ping again.
Would you expect the ping to be successful?
Ya
Why or why not?
Alamat IP PC berada pada jaringan dan VLAN yang sama
f. Change the IP address for PC2 back to 10.0.20.2 and move the cable back to Fa0/14 in VLAN 20.
This test demonstrated that the PCs from the main-net cannot communicate with the PCs on the voice net without assistance from a Layer 3 device.
Task 3: Configure the switch and router for VLAN routing and perform Test 2
Step 1: Configure VLAN trunking on switch S1
Configure trunking between switch S1 and the router with 802.1 encapsulation on both devices.
FC-ASW-1#int fa0/1
FC-ASW-1(config-if)#switchport mode trunk
FC-ASW-1(config-if)#end
Step 2: Perform basic configuration of the router.
Connect a PC to the console port of the router to perform configurations using a terminal emulation
program. Configure router R1 with a hostname and console, Telnet, and privileged passwords according to the table diagram.
Router(config)#hostname FC-CPE-1
FC-CPE-1(config)#line con 0
FC-CPE-1(config-line)#password cisco
FC-CPE-1(config-line)#login
FC-CPE-1(config-line)#line vty 0 4
FC-CPE-1(config-line)#password cisco
FC-CPE-1(config-line)#login
FC-CPE-1(config-line)#exit
FC-CPE-1(config)#enable password cisco
FC-CPE-1(config)#enable secret class
FC-CPE-1(config)#no ip domain lookup
Step 3: Configure VLAN Trunking on the Router
Configure router R1 Fa0/0 interface to trunk for VLAN 1, VLAN 10, and VLAN 20 with 802.1Q
encapsulation.
FC-CPE-1(config)#interface fa0/0
FC-CPE-1(config-if)#no shutdown
FC-CPE-1(config-if)#interface fa0/0.1
FC-CPE-1(config-subif)#encapsulation dot1Q 1
FC-CPE-1(config-subif)#ip address 10.0.1.1 255.255.255.0
FC-CPE-1(config-subif)#exit
FC-CPE-1(config)#interface fa0/0.10
FC-CPE-1(config-subif)#encapsulation dot1Q 10
FC-CPE-1(config-subif)#ip address 10.0.10.1 255.255.255.0
FC-CPE-1(config-subif)#exit
FC-CPE-1(config)#interface fa0/0.20
FC-CPE-1(config-subif)#encapsulation dot1Q 20
FC-CPE-1(config-subif)#ip address 10.0.20.1 255.255.255.0
FC-CPE-1(config-subif)#end
FC-CPE-1#
On the router, issue the command show vlans.
What information is displayed?
The 802.1Q trunk subinterfaces, the address configured and the number of packet transmitted and received
FC-CPE-1#show vlans
Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.1
This is configured as native Vlan for the following interface(s) :
FastEthernet0/0
Protocols Configured: Address: Received: Transmitted:
IP 10.0.1.1 21 43
Other 0 138
396 packets, 67954 bytes input
181 packets, 51149 bytes output
Virtual LAN ID: 10 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.10
Protocols Configured: Address: Received: Transmitted:
IP 10.0.10.1 94 25
Other 0 12
94 packets, 15324 bytes input
37 packets, 3414 bytes output
Virtual LAN ID: 20 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.20
Protocols Configured: Address: Received:
Transmitted:
IP 10.0.20.1 9781 113
Other 0 14
9781 packets, 939660 bytes input
127 packets, 9617 bytes output
From switch S1, issue the command show interfaces trunk.
What interface on switch S1 is in trunking mode?
Fa0/1
Which VLANs are allowed and active in the management domain?
1, 10, 20
FC-ASW-1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
c.
Port Vlans allowed and active in management domain
Fa0/1 1,10,20
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,10,20
Step 4: Perform Test 2 to determine if the hosts can communicate between VLANs through the use of inter-vlan routing provide by a router
a. Issue the show running-config commands from the switch and verify all basic configuration
settings. See output at end of lab.
b. Ping from the switch to the router default gateway for VLAN 1.
Was the ping successful?
Ya
c. Telnet from the switch to the router.
Where you successful?
Ya
d. With PC1 connected to switch port 4 and PC2 attached to port 14, attempt to ping from PC1 to PC2.
Would you expect the ping to be successful?
Ya
Why or why not?
PC IP addresses are on different networks (PC1 is on net 10.0.10.0/24 and PC2 is on net 10.0.20.0/24 and in different VLANs but the router is routing packet between the two independent subnets.
e. Telnet from PC1 to the switch and the router.
Would you expect the Telnet to be successful?
Ya
Why or why not?
Physical and IP connectivity has been previously verified. As long as there are no VTY restrictions or ACLs in place, each PC should be able to telnet to either the switch using the VLAN1 IP address or to the router using any of the router subinterface addresses.
f. Issue the show ip route command on the router to display the routing table. How many subnet
routes are there?
3 – All directly connected to the subinterfaces defined for Fa0/0.
(10.0.1.0, 10.0.10.0 and 10.0.20.0)
FC-CPE-1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS
level-2
ia – IS-IS inter area, * – candidate default, U – per-user
static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
C 10.0.10.0 is directly connected, FastEthernet0/0.10
C 10.0.1.0 is directly connected, FastEthernet0/0.1
C 10.0.20.0 is directly connected, FastEthernet0/0.20
Task 4: Reflection
Why is it important to develop a test plan and prototype network behavior?
Sebuah rencana uji menyediakan dokumen terstruktur digunakan untuk menguji dan membutuhkan tester untuk berpikir dengan hati-hati tentang bagaimana fungsi jaringan untuk diuji dan dievaluasi. Ini membantu untuk membuktikan bahwa hasil yang diharapkan adalah nyata dan bahwa jaringan akan tampil seperti yang diharapkan. Ini berfungsi untuk mendokumentasikan hasil dari upaya pengujian.
Lab 7.2.2 Creating a Test Plan for the Campus Network
Task 1: Review the Supporting Documentation
Step 1: Refer to the proposed LAN Design Topology diagram created in Lab 5.2.4
a. Make a list of all the necessary equipment and cables required to build the LAN portion of the
proposed network design.
b. Make a list of all the VLANs required to implement the design.
Step 2: Review the proposed IP Address Allocation spreadsheet created in Lab 6.2.5
Determine the appropriate IP addressing for the devices identified in Step 1a.
Determine an appropriate IP address range for each VLAN identified in Step 1b.
Task 2: Create the LAN Design Test Plan
The format used to create the test plans may vary. The format used for this and subsequent labs is similar to the document used by the Cisco Customer Proof-of-Concept Labs. It is divided into sections to make it easier to read and understand. The test plan is a formal document that can be included in a proposal. It verifies that the design functions as expected. Many times, customer representatives are invited to view the prototype tests. In these cases, the customer can review the design and see for themselves that the network meets the requirements.
Step 1: Review the contents of the test plan document
Download and review the LAN Design Test Plan. Record a description of each section and what types of
information each section requires you to enter.
Introduction:
Equipment:
Design and Topology:
Test Description:
Test Procedures:
Test Expected Results and Success Criteria:
Test Results and Conclusions:
Appendix:
Step 2: Complete the Introduction section of the test plan
In this example test plan, much of the information has already been entered for you.
Enter the purpose of the test.
Think about why you want to test the LAN portion of the design.
Enter what functions of the LAN design you intend to test.
Three tests are entered for you to use with this test plan.
Test 1: Basic Connectivity
Test 2: VLAN Configuration
Test 3: VLAN Routing.
Step 3: Complete the Equipment Section of the test plan
Using the information you recorded in Task 1, Step 1a, fill in the chart in the equipment section. List
all network devices and cables. Two personal computers are already listed to assist in the testing of
the design. If your school lab does not include the required equipment for the design, discuss possible substitute models with your instructor.
Step 4: Complete the Design and Topology Section of the test plan
a. Copy the LAN topology from the diagram created previously in Lab 5.2.4
Enter the IP addressing information recorded in Task 1, Step 2a, in the IP Address Plan chart.
Enter the VLAN names and IDs recorded in Task 1, Steps 1b and 2b, in the VLAN plan.
Enter any additional information that you want the technician performing the test to be aware of
before the test begins.
Step 5: Complete the Test Description, Procedures, and Expected Results sections of the test plan
In the Test Description section, enter the goals for each of the three tests that you plan to perform.
Test 1 is completed as an example of how to fill in the information. In the Test Procedures section, enter the steps that are necessary to perform each planned test. In the Expected Results and Success Criteria section, enter what you expect the results to be if all the steps in the Test Procedures section are followed correctly. Determine what results need to be observed for the test to be considered a success.
Lab 7.2.5 Testing the FilmCompany Network
Step 1: Build the prototype network
1. Select the necessary equipment and cables as specified in the Equipment section of the test plan.
2. See your instructor for assistance in identifying the appropriate equipment.
3. Using the topology diagram and IP address plan contained in the Design and Topology Diagram section of the test plan, connect and configure the prototype network.
4. Following the procedures in the Test 1: Procedures section, console into one of the devices and verify that you can ping all of the other device addresses. If you are unsuccessful, verify each device configuration. Repeat the connectivity testing.
5. Copy and paste the initial device configurations into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.
Step 2: Verify the functionality of the prototype network
Following the procedures in the Test 1: Procedures, execute the various commands and record the
results of the testing.
Copy and paste the output of the various commands into a document using Notepad or a word
processing program. Save or print the document to include with the completed test plan.
Step 3: Record the test results in the Results and Conclusions section of the test plan
Compare the results that you observed during the testing with the expected results listed in the Test
1: Expected Results and Success Criteria section.
Determine if the testing indicates that the network meets the success criteria. If it does, indicate that
the test is successful.
Task 2: Perform Test 2: VLAN Configuration Test
Step 1: Configure the prototype network
Step 2: Verify the VLAN configuration design
Step 3: Record the test results in the Results and Conclusions section of the test plan
Task 3: Perform Test 3: VLAN Routing Test
Step 1: Configure the prototype network
a. Follow the steps you created in the Test 3: Procedures section of the test plan to configure the router
to route between VLANs.
b. Using the topology diagram shown in the Design and Topology Diagram section of the test plan,
configure the appropriate router to route between the VLANs created in Task 2.
c. Following the steps you listed in the Test 3: Procedures section, console into the switch that is directly
connected to the router. Configure the link between the switch and the router as an 802.1q trunk link
and permit all VLANs across the trunk.
d. Console into the router and configure the router interface directly connected to the switch for 802.1q
encapsulation.
e. Configure the router with the appropriate IP addresses for the various VLANs. Verify that the routes
appear correctly in the routing table.
f. Copy and paste the initial device configurations into a document using Notepad or a word processing
program. Save or print the document to include with the completed test plan.
Step 2: Verify the VLAN routing design
a. Verify that the PCs are configured to be in different VLANs and that the IP address configuration on
the PCs is correct. Configure the IP addresses assigned to the router, in Step 1e, as the default
gateway addresses for the PCs. Verify that the default gateway addresses are on the same networks
as the addresses assigned to the PCs.
b. Following the procedures in the Test 3: Procedures, ping from PC1 to PC2. Copy and paste the
results into a document using Notepad or a word processing program. Save or print the document to
include with the completed test plan.
c. Execute the various show commands to verify that the routing is correct.
d. Record the results in the Test 3: Results and Conclusions section of the test plan.
Step 3: Record the test results in the Results and Conclusions section of the test plan
a. Compare the results that you observed during the testing with the expected results listed in the Test 3: Expected Results and Success Criteria section.
b. Determine if the testing indicates that the network meets the success criteria. If it does, indicate that
the test is successful.
Step 4: Reflection
Was the prototype testing of the FilmCompany LAN design successful? Did having a test plan to work from help you organize your testing?
Lab 7.2.6 Analyzing Results of Prototype Tests
Step 1: Identify if weaknesses are present in the design
Is the design able to scale to meet the growth, or do budget constraints limit the types of hardware and
infrastructure that can be included?
Secara umum, desain bersifat scalable. Prototipe menggunakan beberapa switch dan link yang berulang.
Do the IP addressing and VLAN configurations allow for the proposed growth?
Pengalamatan IP menggunakan skema swasta memanfaatkan ruang alamat 192.168.0.0/22 yang menyediakan ruang cukup untuk pertumbuhan. Ke-11 VLAN pasti semua memungkinkan untuk alamat tambahan yang akan ditambahkan. Melakukan pengujian dengan dua PC dan dua VLAN cukup untuk mencapai tujuan pengujian. Jika bekerja dengan dua PC dan dua VLAN itu akan bekerja dengan PC lebih banyak dan lebih VLAN, kecuali kesalahan konfigurasi diperkenalkan.
Can the selected hardware be upgraded easily without a major reconfiguration of the network?
Secara umum, ya. Stackable tetap 2960 konfigurasi switch digunakan dalam prototipe. IOS software dapat ditingkatkan dengan cukup mudah tapi upgrade perangkat keras mungkin tidak menjadi pilihan. Perluasan kepadatan pelabuhan dan penggunaan kecepatan link berbeda dan media yang dapat menyajikan isu-isu.
Can new Access Layer modules be integrated into the network without disrupting services to existing users?
Ya. Switch tambahan dapat ditambahkan untuk meningkatkan jumlah koneksi di desain dengan gangguan minimal.
Does the design provide for the smallest possible failure domains?
Ya, switch menyediakan segmentasi mikro dan VLAN berisi broadcast dengan menggunakan router dan subinterfaces.
Are there multiple paths and redundant devices to protect against losing connectivity to important services?
Ya. Switch memiliki hubungan yang berulang untuk memberikan cadangan.
Step 2: Determine what the risks are of not correcting the weaknesses
If, in Step 1, you identify weaknesses in the proposed design, what risks do these weaknesses present to
FilmCompany?
Sejak stackable switch dengan konfigurasi tetap digunakan dalam prototipe, perubahan kepadatan port, jenis media atau kecepatan link dapat menimbulkan masalah. Selain menambahkan lebih banyak switch, perluasan kepadatan port tidak mudah dilakukan.
Step 3: Suggest ways that the design can be improved to reduce the risk
In what ways could the proposed design be improved to reduce the areas of risk?
Step 4: Document the weaknesses and risks on the test plan
In the Results and Conclusions section of the test plan, record any weaknesses, risks, and suggested
improvements.
Step 5: Reflection
Why do you think it is important to identify weaknesses and risks in the proposed design before presenting it to the customer? What are some reasons that weaknesses cannot be corrected?
Penting untuk mengidentifikasi kelemahan dan risiko dalam desain yang diusulkan sebelum menyajikannya kepada pelanggan untuk memastikan bahwa pelanggan memahami keterbatasan prototipe dan tidak mengarah pada memiliki harapan yang tidak realistis berdasarkan prototipe. Mungkin mustahil untuk mengimbangi semua kelemahan yang dapat diidentifikasi karena masalah waktu, uang atau kendala personil. Risiko harus dianalisa dan seimbang terhadap variabel-variabel lainnya.
Lab 7.3.2 Creating a Server Farm Test Plan
Task 1: Review the Supporting Documentation
Step 1: Before completing the Server Farm Design Test Plan, review the following materials:
* • The prototype topology diagram included at the top of this lab
* • The IP Address Plan and VLAN Plan for the prototype topology in the Server Farm Design Test Plan provided with this lab
* • The Prototype Network Installation Checklist created by the network designer and provided with this lab
* • The partially completed Server Farm Design Test Plan provided with this lab
Step 2: Describe the functions of the network that the designer wants to test with this prototype
Konektivitas dasar, konfigurasi VLAN, operasi VTP, VLAN routing, penyaringan ACL.
Step 3: Using the topology diagram, create a list of the equipment necessary to complete the prototype tests
List any cables that are needed to connect the devices as shown in the topology diagram. Use the information from this list to fill out the chart in the Equipment section of the test plan document.
2 Router, 3 switch, 2 PC, 1 Server, 6 Cat 5 Straight-through kabel, 6 Cat 5 crossover kabel, 1 console cable.
Task 2: Determine the Testing Procedures
Using the information contained on the Prototype Network Installation Checklist and the partially completed Server Farm Design Test Plan document, determine what procedures should be followed to perform each test listed on the plan. Using Test 1 as an example, fill out the procedures sections for Tests 2, 3, and 4.
Think about which commands and tools (such as ping, traceroute, and show commands) you can use to verify that the prototype network is functioning as designed. Decide which outputs to save to prove the results of your tests.
Task 3: Document the Expected Results and Success Criteria
Carefully identify what you expect the results of each test to show. What results would indicate that the tests were a success?
Test 2: VLAN Configuration Test
Show vlans, show spanning-tree, show interface, failure of ping between VLANs
Test 3: VLAN Routing Test
Show vlans, show interface, show IP route, traceroute, and successful ping between VLANs.
Test 4: ACL Filtering Test
Show running config, show interface, show IP route, traceroute, attempts to access unauthorized resources denied.
a. Fill in the Expected Results and Success Criteria section for each test, using the information collected above.
b.Save the completed Server Farm Test Plan. It will be used in subsequent labs.
Reflection
Why is it important to think about and document the expected results and success criteria for each of the
individual tests?
Lab 7.3.3 Configuring and Testing the Rapid Spanning Tree Prototype
Task 1: Configure all devices
Step 1: Configure S1 and S2
Configure the host name, access, and command mode passwords on each switch.
Step 2: Configure interface VLAN 1
Configure the VLAN1 IP address and default gateway on each switch.
Step 3: Configure FC-ASW-1 for server and end user VLANs
VLAN Number VLAN Name
10 Servers
20 Users
Step 4: Configure ProductionSW for server and end user VLANs
VLAN Number VLAN Name
10 Servers
20 Users
Step 5: Assign ports to VLANs on FC-ASW-1
FC-ASW-1#configure terminal
FC-ASW-1(config)#interface Fa0/5
FC-ASW-1(config-if)#switchport mode access
FC-ASW-1(config-if)#switchport access VLAN10
FC-ASW-1(config-if)#interface Fa0/6
FC-ASW-1(config-if)#switchport mode access
FC-ASW-1(config-if)#switchport access VLAN20
Step 6: Assign ports to VLANs on ProductionSW
ProductionSW#configure terminal
ProductionSW(config)#interface Fa0/5
ProductionSW(config-if)#switchport mode access
ProductionSW(config-if)#switchport access VLAN10
ProductionSW(config-if)#interface Fa0/6
ProductionSW(config-if)#switchport mode access
ProductionSW(config-if)#switchport access VLAN20
Step 7: Configure trunk ports on FC-ASW-1 to the router and ProductionSW
FC-ASW-1(config)#interface Fa0/1
FC-ASW-1(config-if)#switchport mode trunk
FC-ASW-1(config-if)#interface Fa0/2
FC-ASW-1(config-if)#switchport mode trunk
FC-ASW-1(config-if)#interface Fa0/4
FC-ASW-1(config-if)#switchport mode trunk
Step 8: Configure trunk ports on ProductionSW to FC-ASW-1
ProductionSW(config)#interface Fa0/2
ProductionSW(config-if)#switchport mode trunk
ProductionSW(config-if)#interface Fa0/4
ProductionSW(config-if)#switchport mode trunk
Step 9: Configure VTP on both switches
FC-ASW-1#vlan database
FC-ASW-1(vlan)#vtp server
Step 10: Configure ProductionSW to be a VTP client
ProductionSW#vlan database
ProductionSW(vlan)#vtp client
ProductionSW(vlan)#vtp domain ServerFarm
Step 11: Configure Rapid Spanning Tree Protocol
On each switch, configure Per-VLAN Rapid Spanning Tree Protocol.
FC-ASW-1(config)#spanning-tree mode rapid-pvst
ProductionSW(config)#spanning-tree mode rapid-pvst
Step 12: Perform basic router configuration
Configure hostname, passwords, and line access on R1.
Step 13: Configure Subinterface Fa0/0
BR4#configure terminal
BR4(config)#interface Fa0/0
BR4(config-if)#no shut
BR4(config-if)#interface Fa0/0.1
BR4(config-subif)#description VLAN1
BR4(config-subif)#encapsulation dot1q 1
BR4(config-subif)#ip address 10.0.0.1 255.255.255.0
BR4(config-subif)#interface Fa0/0.10
BR4(config-subif)#description VLAN10
BR4(config-subif)#encapsulation dot1q 10.
BR4(config-subif)#ip address 10.10.10.254 255.255.255.0
BR4(config-subif)#interface Fa0/0.20
BR4(config-subif)#description VLAN20
BR4(config-subif)#encapsulation dot1q20
BR4(config-subif)#ip address 10.10.20.254 255.255.255.0
BR4(config-subif)#end
BR4#
Step 14: Configure two hosts for server VLAN, and two hosts for end user VLAN
a. H1 and H3 should be given IP addresses in the Servers VLAN, with a default gateway of
10.10.10.254.
b. H2 and H4 should be given IP addresses in the Users VLAN, with a default gateway of 10.10.20.254.
Task 2: Perform basic connectivity tests
Step 1: Test intra-VLAN connectivity
a. Ping from H1 to H3.
Is the ping successful?
Ya
If the ping fails, troubleshoot the configuration on the hosts and the VLAN configuration on the switches.
b. Ping from H2 to H4.
Is the ping successful?
Ya
If the ping fails, troubleshoot the configuration on the hosts and the VLAN configuration on the switches.
Step 2: Test inter-VLAN connectivity
Ping from a host on the Servers VLAN to a host on the Users VLAN.
Is the ping successful?
Ya
If the ping fails, troubleshoot the router and switch configurations.
Task 3: Introduce link and device failures into the network, and observe results
Step 1: Determine the port status of the spanning tree on the server switch
FC-ASW-1#show span
VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 32778
Address 0030.F2C9.90A0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 0090.21AC.0C10
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ————————–
Fa0/1 Desg FWD 19 128.3 Shr
Fa0/2 Root FWD 19 128.3 Shr
Fa0/4 Altn BLK 19 128.3 Shr
Fa0/5 Desg FWD 19 128.3 Shr
VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 32788
Address 0030.F2C9.90A0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 0090.21AC.0C10
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ————————–
Fa0/1 Desg FWD 19 128.3 Shr
Fa0/2 Root FWD 19 128.3 Shr
Fa0/4 Altn BLK 19 128.3 Shr
Fa0/6 Desg FWD 19 128.3 Shr
Which port is not currently participating in forwarding data?
Fa0/4 adalah alternatif
Step 2: Induce a link failure on the server switch
Remove the cable from one of the forwarding ports on FC-ASW-1.
Step 3: View the adjustment to the spanning-tree
Re-issue the show span command.
How long did it take the switches to determine and utilize a backup link?
Step 4: Induce a device failure on the network
Turn off the ProductionSW switch.
Ping from H1 to H2.
Was the ping successful?
Yes, both hosts are on the FC-ASW-1 switch and inter-VLAN
routing is still taking place.
Step 5: Reflect on the test results
In a network with multiple branch offices, why is the use of Rapid Spanning Tree Protocol important?
RSTP adalah penting untuk memastikan konektivitas perangkat pada layer akses di setiap kantor cabang dan bahwa sumber daya seperti server yang dapat diakses oleh pengguna di kantor-kantor lain yang bergantung pada mereka, dalam hal terjadi kegagalan switch-terkait setempat.
Why is it important when implementing a server farm?
RSTP akan membantu untuk memastikan bahwa switch dapat sembuh dengan cepat dan menyimpan server diakses oleh pengguna dalam hal link, switch atau kegagalan port.
Lab 7.3.5 Testing a Prototype Network
Task 1: Assemble and connect component devices
Step 1: Review the Topology Diagram and the Equipment section of the test plan
a. Determine which equipment or suitable substitutes will be required to meet the objectives of the lab.
b. Modify the topology diagram as necessary to fit available equipment.
Step 2: Review the Installation Checklist provided in lab 7.3.2.
Accommodate any equipment limitations with the use of loopback addresses.
Task 2: Perform Test 1: Basic Connectivity Test
Step 1: Using the Installation Checklist, perform the steps to connect and configure the
prototype network to perform Test 1.
Step 2: Perform the Test 1 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.
Task 3: Perform Test 2: VLAN Configuration Test
Step 1: Using the Installation Checklist, perform the steps to connect and configure the
prototype network to perform Test 2.
Step 2: Perform the Test 2 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.
Task 4: Perform Test 3: VLAN Routing Test
Step 1: Using the Installation Checklist, perform the steps to connect and configure the
prototype network to perform Test 3.
Step 2: Perform the Test 3 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.
Task 5: Perform Test 4: ACL Filtering Test
Step 1: Review security goals for the FilmCompany network
Examine the test plan, checklist, and other documentation to determine how ACLs can support the security goals.
Step 2: Examine results of connectivity tests to determine targets for the ACLs
Decide which devices should be permitted, which protocols should be used, and where ACLs should be
placed.
Step 3: Create ACLs
Step 4: Using the Installation Checklist, perform the steps to connect and configure the
prototype network to perform Test 4.
Step 5: Perform the Test 4 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary
Task 6 Reflection
Examine the test results and conclusions. How this network would be affected if:
1. The number of servers was doubled?
Lalu lintas di S2 akan meningkat. Mungkin akan bermanfaat menambahkan saklar dan pemecahan server untuk menghindari single point of failure.
2. The S2 switch had a system failure?
Akses ke server akan hilang.
3. A new branch office with 25 new hosts was added?
Beban pada router R2 atau R1 akan meningkat tergantung pada akses apa yang dibutuhkan pengguna terhadap sumber daya.
Now that you have followed the process of prototyping from creating the plan through testing and recording results and conclusions, what are the advantages and disadvantages of using a simulation program, such as Packet Tracer, compared to building the prototype with physical devices?
Penggunaan program simulasi dapat sangat membantu dalam skenario pengujian berbagai koneksi, alamat IP dan isu-isu lainnya. Perangkat lain dapat dimasukkan ke dalam bermain daripada ketika membangun prototipe menggunakan peralatan yang nyata, namun tidak ada pengganti untuk menggunakan perlengkapan nyata, jika tersedia.
Lab 7.3.6 Identifying Risks and Weaknesses in the Design
Task 1: Identify areas of risk and weakness in the server farm implementation
Step 1: Analyze the physical topology
Examine the server farm topology as one entity and as a part of the entire FilmCompany topology. Look for each of the risks and weaknesses listed in the chart. Describe the devices, connections, and issues that you find, or record None found if the design appears to avoid risks in that area.
Weakness Risk Description of Location and Devices
Single point of failure If a device fails, a portion of the network will be inoperable.
Large failure domain If a device or link fails, a large portion of the network will be affected
Possible bottlenecks If the traffic volume increases, thereis a potential for response time to degrade.
Limited scalability If the network grows more rapidly than expected, a costly upgrade will be needed.
Overly-complex design If the design is too complex, the current staff will not be able to support it properly.
Other possibleweaknesses (specify):
Step 2: Analyze the results and conclusions of the testing
Basic router and switch configurations were modified to support the following protocols and functions.
Evaluate the results and conclusions that were drawn from the testing. Identify any areas where modifications to the configuration would provide better results, both now and in the future.
No Change Needed Modifications Possible
VLAN port assignments
VTP client/server assignments
Root bridge designations
Switch security
Traffic filtering through ACLs
Other (specify):
Task 2: Suggest modifications to the design to address identified risks and weaknesses
From the analysis performed in Task 1, list each risk or weakness and suggest possible changes to the
design to minimize or eliminate it.
Task 1: Analyze the Test Plan
Analyze the test plan shown above and answer the following questions:
a. What are the four main sections of the test plan?
1) Introduction,
2) Equipment,
3) Design / Topology Diagram,
4) Test Descriptions and related testing information. (Test procedure, success criteria, and conclusions subsections repeat for each test within the test plan.)
How many tests are defined within the test plan in this lab?
2
In which testing subsection would you find the types of commands or analysis tools used to determine
if the test was successful?
Procedures
d. In which main test plan section would you find a description the devices and cabling used to build the
prototype for the test plan?
Equipment
e. In which main testing section would an overall description of the tests to be performed and the
reasons why they are being specified in the test plan?
Introduction
Task 2: Configure the PCs and switch VLANs and perform Test 1
Step 1: Connect devices and configure PC IP addresses
Connect the switch to the router as shown in the Test Plan topology diagram.
Connect the PC1 and PC2 hosts to the switch using the ports indicated in the Test Plan topology table.
Using the IP address information from the Test Plan table, configure PC1 and PC2.
Step 2: Prepare the switch for configuration
Connect a PC with a console cable to the switch to perform configurations using a terminal emulation
program. Confirm that the switch is ready for lab configuration by ensuring that all existing VLAN and general configurations are removed. Remove the switch startup configuration file from NVRAM.
Switch#erase startup-config
Erasing the nvram filesystem will remove all files! Continue? [confirm]
Press Enter to confirm. The response should be:
Erase of nvram: complete
If the switch has previously been configured with VLANs, it will necessary to delete the VLAN
database information file. From the privileged EXEC mode, issue the following commands:
Switch#delete vlan.dat
Delete filename [vlan.dat]?[Enter]
Delete flash:/vlan.dat? [confirm] [Enter]
If there was no VLAN file, this message is displayed.
%Error deleting flash:/vlan.dat (No such file or directory)
It is recommended that the delete command not be issued as: delete flash:vlan.dat.
Accidentally omitting vlan.dat from this command could lead to the complete IOS being deleted
from flash memory. Issuing the reload command to restart the switch may not always clear the previous VLAN configuration; for that reason, the power cycle (hardware restart) step is recommended.
Step 3: Configure VLANs on switch S1
Configure switch S1 with a hostname and passwords.
Switch(config)#hostname FC-ASW-1
FC-ASW-1(config)#enable password cisco
FC-ASW-1(config)#enable secret class
FC-ASW-1(config)#line console 0
FC-ASW-1(config-line)#password cisco
FC-ASW-1(config-line)#login
FC-ASW-1(config-line)#line vty 0 15
FC-ASW-1(config-line)#password cisco
FC-ASW-1(config-line)#login
FC-ASW-1(config-line)#exit
FC-ASW-1(config)#
Configure switch S1 with the VLAN 1 IP address of 10.0.1.2/24.
FC-ASW-1(config)#interface vlan1
FC-ASW-1(config-if)#ip address 10.0.1.2 255.255.255.0
FC-ASW-1(config-if)#no shutdown
FC-ASW-1(config-if)#exit
FC-ASW-1(config)#
Configure switch S1 with the default gateway address of 10.0.1.1.
FC-ASW-1(config)#ip default-gateway 10.0.1.1
FC-ASW-1(config)#
Create VLAN 10 named main-net and VLAN 20 named voice.
FC-ASW-1(config)#vlan 10
FC-ASW-1(config-vlan)#name main-net
FC-ASW-1(config-vlan)#exit
FC-ASW-1(config-vlan)#vlan 20
FC-ASW-1(config-vlan)#name voice
FC-ASW-1(config-vlan)#exit
FC-ASW-1(config)#
Assign interface range Fa0/2 through Fa0/12 to VLAN 10.
FC-ASW-1(config)#interface range fa0/2 – 12
FC-ASW-1(config-if-range)#switchport mode access
FC-ASW-1(config-if-range)#switchport access vlan 10
FC-ASW-1(config-if-range)#exit
FC-ASW-1(config)#
Assign interface range Fa0/13 through Fa0/24 to VLAN 20.
FC-ASW-1(config)#interface range fa0/13 – 24
FC-ASW-1(config-if-range)#switchport mode access
FC-ASW-1(config-if-range)#switchport access vlan 20
FC-ASW-1(config-if-range)#end
FC-ASW-1#
Step 4: Perform Test 1 to determine if the hosts can communicate between VLANs
a. Issue the show running-config commands from the switch and verify all basic configuration
settings. See output at end of lab.
b. Issue the show vlan brief command on the switch to verify what ports are in which VLANs.
Which switch ports are in VLAN 1?
Fa0/1 Gi0/1, Gi0/2
Which switch ports are in VLAN 10?
Fa0/2 – Fa0/12
Which switch ports are in VLAN 20?
Fa0/13 – Fa0/24
FC-ASW-1#show vlan brief
VLAN Name Status Ports
1 default active Fa0/1, Gi0/1, Gi0/2
10 main-net active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12
20 voice active Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
<*** output omitted ***>
c. With PC1 connected to switch port 4 and PC2 attached to port 14, attempt to ping from PC1 to PC2.
Would you expect the ping to be successful?
Tidak
Why or why not?
PC IP addresses are on different networks (PC1 is on net 10.0.10.0/24 and PC2 is on net 10.0.20.0/24 and in different VLANs.
d. Change the IP address of PC2 to 10.0.10.5 so that the two PCs are on the same network and ping again. Would you expect the ping to be successful?
Tidak
Why or why not?
Alamat IP PC punya alamat jaringan yang sama tapi masih di VLAN yang berbeda
e. Move the cable for PC2 to a port that is in the VLAN 10 range (Fa0/2 to Fa0/12) and ping again.
Would you expect the ping to be successful?
Ya
Why or why not?
Alamat IP PC berada pada jaringan dan VLAN yang sama
f. Change the IP address for PC2 back to 10.0.20.2 and move the cable back to Fa0/14 in VLAN 20.
This test demonstrated that the PCs from the main-net cannot communicate with the PCs on the voice net without assistance from a Layer 3 device.
Task 3: Configure the switch and router for VLAN routing and perform Test 2
Step 1: Configure VLAN trunking on switch S1
Configure trunking between switch S1 and the router with 802.1 encapsulation on both devices.
FC-ASW-1#int fa0/1
FC-ASW-1(config-if)#switchport mode trunk
FC-ASW-1(config-if)#end
Step 2: Perform basic configuration of the router.
Connect a PC to the console port of the router to perform configurations using a terminal emulation
program. Configure router R1 with a hostname and console, Telnet, and privileged passwords according to the table diagram.
Router(config)#hostname FC-CPE-1
FC-CPE-1(config)#line con 0
FC-CPE-1(config-line)#password cisco
FC-CPE-1(config-line)#login
FC-CPE-1(config-line)#line vty 0 4
FC-CPE-1(config-line)#password cisco
FC-CPE-1(config-line)#login
FC-CPE-1(config-line)#exit
FC-CPE-1(config)#enable password cisco
FC-CPE-1(config)#enable secret class
FC-CPE-1(config)#no ip domain lookup
Step 3: Configure VLAN Trunking on the Router
Configure router R1 Fa0/0 interface to trunk for VLAN 1, VLAN 10, and VLAN 20 with 802.1Q
encapsulation.
FC-CPE-1(config)#interface fa0/0
FC-CPE-1(config-if)#no shutdown
FC-CPE-1(config-if)#interface fa0/0.1
FC-CPE-1(config-subif)#encapsulation dot1Q 1
FC-CPE-1(config-subif)#ip address 10.0.1.1 255.255.255.0
FC-CPE-1(config-subif)#exit
FC-CPE-1(config)#interface fa0/0.10
FC-CPE-1(config-subif)#encapsulation dot1Q 10
FC-CPE-1(config-subif)#ip address 10.0.10.1 255.255.255.0
FC-CPE-1(config-subif)#exit
FC-CPE-1(config)#interface fa0/0.20
FC-CPE-1(config-subif)#encapsulation dot1Q 20
FC-CPE-1(config-subif)#ip address 10.0.20.1 255.255.255.0
FC-CPE-1(config-subif)#end
FC-CPE-1#
On the router, issue the command show vlans.
What information is displayed?
The 802.1Q trunk subinterfaces, the address configured and the number of packet transmitted and received
FC-CPE-1#show vlans
Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.1
This is configured as native Vlan for the following interface(s) :
FastEthernet0/0
Protocols Configured: Address: Received: Transmitted:
IP 10.0.1.1 21 43
Other 0 138
396 packets, 67954 bytes input
181 packets, 51149 bytes output
Virtual LAN ID: 10 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.10
Protocols Configured: Address: Received: Transmitted:
IP 10.0.10.1 94 25
Other 0 12
94 packets, 15324 bytes input
37 packets, 3414 bytes output
Virtual LAN ID: 20 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.20
Protocols Configured: Address: Received:
Transmitted:
IP 10.0.20.1 9781 113
Other 0 14
9781 packets, 939660 bytes input
127 packets, 9617 bytes output
From switch S1, issue the command show interfaces trunk.
What interface on switch S1 is in trunking mode?
Fa0/1
Which VLANs are allowed and active in the management domain?
1, 10, 20
FC-ASW-1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
c.
Port Vlans allowed and active in management domain
Fa0/1 1,10,20
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,10,20
Step 4: Perform Test 2 to determine if the hosts can communicate between VLANs through the use of inter-vlan routing provide by a router
a. Issue the show running-config commands from the switch and verify all basic configuration
settings. See output at end of lab.
b. Ping from the switch to the router default gateway for VLAN 1.
Was the ping successful?
Ya
c. Telnet from the switch to the router.
Where you successful?
Ya
d. With PC1 connected to switch port 4 and PC2 attached to port 14, attempt to ping from PC1 to PC2.
Would you expect the ping to be successful?
Ya
Why or why not?
PC IP addresses are on different networks (PC1 is on net 10.0.10.0/24 and PC2 is on net 10.0.20.0/24 and in different VLANs but the router is routing packet between the two independent subnets.
e. Telnet from PC1 to the switch and the router.
Would you expect the Telnet to be successful?
Ya
Why or why not?
Physical and IP connectivity has been previously verified. As long as there are no VTY restrictions or ACLs in place, each PC should be able to telnet to either the switch using the VLAN1 IP address or to the router using any of the router subinterface addresses.
f. Issue the show ip route command on the router to display the routing table. How many subnet
routes are there?
3 – All directly connected to the subinterfaces defined for Fa0/0.
(10.0.1.0, 10.0.10.0 and 10.0.20.0)
FC-CPE-1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS
level-2
ia – IS-IS inter area, * – candidate default, U – per-user
static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
C 10.0.10.0 is directly connected, FastEthernet0/0.10
C 10.0.1.0 is directly connected, FastEthernet0/0.1
C 10.0.20.0 is directly connected, FastEthernet0/0.20
Task 4: Reflection
Why is it important to develop a test plan and prototype network behavior?
Sebuah rencana uji menyediakan dokumen terstruktur digunakan untuk menguji dan membutuhkan tester untuk berpikir dengan hati-hati tentang bagaimana fungsi jaringan untuk diuji dan dievaluasi. Ini membantu untuk membuktikan bahwa hasil yang diharapkan adalah nyata dan bahwa jaringan akan tampil seperti yang diharapkan. Ini berfungsi untuk mendokumentasikan hasil dari upaya pengujian.
Lab 7.2.2 Creating a Test Plan for the Campus Network
Task 1: Review the Supporting Documentation
Step 1: Refer to the proposed LAN Design Topology diagram created in Lab 5.2.4
a. Make a list of all the necessary equipment and cables required to build the LAN portion of the
proposed network design.
b. Make a list of all the VLANs required to implement the design.
Step 2: Review the proposed IP Address Allocation spreadsheet created in Lab 6.2.5
Determine the appropriate IP addressing for the devices identified in Step 1a.
Determine an appropriate IP address range for each VLAN identified in Step 1b.
Task 2: Create the LAN Design Test Plan
The format used to create the test plans may vary. The format used for this and subsequent labs is similar to the document used by the Cisco Customer Proof-of-Concept Labs. It is divided into sections to make it easier to read and understand. The test plan is a formal document that can be included in a proposal. It verifies that the design functions as expected. Many times, customer representatives are invited to view the prototype tests. In these cases, the customer can review the design and see for themselves that the network meets the requirements.
Step 1: Review the contents of the test plan document
Download and review the LAN Design Test Plan. Record a description of each section and what types of
information each section requires you to enter.
Introduction:
Equipment:
Design and Topology:
Test Description:
Test Procedures:
Test Expected Results and Success Criteria:
Test Results and Conclusions:
Appendix:
Step 2: Complete the Introduction section of the test plan
In this example test plan, much of the information has already been entered for you.
Enter the purpose of the test.
Think about why you want to test the LAN portion of the design.
Enter what functions of the LAN design you intend to test.
Three tests are entered for you to use with this test plan.
Test 1: Basic Connectivity
Test 2: VLAN Configuration
Test 3: VLAN Routing.
Step 3: Complete the Equipment Section of the test plan
Using the information you recorded in Task 1, Step 1a, fill in the chart in the equipment section. List
all network devices and cables. Two personal computers are already listed to assist in the testing of
the design. If your school lab does not include the required equipment for the design, discuss possible substitute models with your instructor.
Step 4: Complete the Design and Topology Section of the test plan
a. Copy the LAN topology from the diagram created previously in Lab 5.2.4
Enter the IP addressing information recorded in Task 1, Step 2a, in the IP Address Plan chart.
Enter the VLAN names and IDs recorded in Task 1, Steps 1b and 2b, in the VLAN plan.
Enter any additional information that you want the technician performing the test to be aware of
before the test begins.
Step 5: Complete the Test Description, Procedures, and Expected Results sections of the test plan
In the Test Description section, enter the goals for each of the three tests that you plan to perform.
Test 1 is completed as an example of how to fill in the information. In the Test Procedures section, enter the steps that are necessary to perform each planned test. In the Expected Results and Success Criteria section, enter what you expect the results to be if all the steps in the Test Procedures section are followed correctly. Determine what results need to be observed for the test to be considered a success.
Lab 7.2.5 Testing the FilmCompany Network
Step 1: Build the prototype network
1. Select the necessary equipment and cables as specified in the Equipment section of the test plan.
2. See your instructor for assistance in identifying the appropriate equipment.
3. Using the topology diagram and IP address plan contained in the Design and Topology Diagram section of the test plan, connect and configure the prototype network.
4. Following the procedures in the Test 1: Procedures section, console into one of the devices and verify that you can ping all of the other device addresses. If you are unsuccessful, verify each device configuration. Repeat the connectivity testing.
5. Copy and paste the initial device configurations into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.
Step 2: Verify the functionality of the prototype network
Following the procedures in the Test 1: Procedures, execute the various commands and record the
results of the testing.
Copy and paste the output of the various commands into a document using Notepad or a word
processing program. Save or print the document to include with the completed test plan.
Step 3: Record the test results in the Results and Conclusions section of the test plan
Compare the results that you observed during the testing with the expected results listed in the Test
1: Expected Results and Success Criteria section.
Determine if the testing indicates that the network meets the success criteria. If it does, indicate that
the test is successful.
Task 2: Perform Test 2: VLAN Configuration Test
Step 1: Configure the prototype network
Step 2: Verify the VLAN configuration design
Step 3: Record the test results in the Results and Conclusions section of the test plan
Task 3: Perform Test 3: VLAN Routing Test
Step 1: Configure the prototype network
a. Follow the steps you created in the Test 3: Procedures section of the test plan to configure the router
to route between VLANs.
b. Using the topology diagram shown in the Design and Topology Diagram section of the test plan,
configure the appropriate router to route between the VLANs created in Task 2.
c. Following the steps you listed in the Test 3: Procedures section, console into the switch that is directly
connected to the router. Configure the link between the switch and the router as an 802.1q trunk link
and permit all VLANs across the trunk.
d. Console into the router and configure the router interface directly connected to the switch for 802.1q
encapsulation.
e. Configure the router with the appropriate IP addresses for the various VLANs. Verify that the routes
appear correctly in the routing table.
f. Copy and paste the initial device configurations into a document using Notepad or a word processing
program. Save or print the document to include with the completed test plan.
Step 2: Verify the VLAN routing design
a. Verify that the PCs are configured to be in different VLANs and that the IP address configuration on
the PCs is correct. Configure the IP addresses assigned to the router, in Step 1e, as the default
gateway addresses for the PCs. Verify that the default gateway addresses are on the same networks
as the addresses assigned to the PCs.
b. Following the procedures in the Test 3: Procedures, ping from PC1 to PC2. Copy and paste the
results into a document using Notepad or a word processing program. Save or print the document to
include with the completed test plan.
c. Execute the various show commands to verify that the routing is correct.
d. Record the results in the Test 3: Results and Conclusions section of the test plan.
Step 3: Record the test results in the Results and Conclusions section of the test plan
a. Compare the results that you observed during the testing with the expected results listed in the Test 3: Expected Results and Success Criteria section.
b. Determine if the testing indicates that the network meets the success criteria. If it does, indicate that
the test is successful.
Step 4: Reflection
Was the prototype testing of the FilmCompany LAN design successful? Did having a test plan to work from help you organize your testing?
Lab 7.2.6 Analyzing Results of Prototype Tests
Step 1: Identify if weaknesses are present in the design
Is the design able to scale to meet the growth, or do budget constraints limit the types of hardware and
infrastructure that can be included?
Secara umum, desain bersifat scalable. Prototipe menggunakan beberapa switch dan link yang berulang.
Do the IP addressing and VLAN configurations allow for the proposed growth?
Pengalamatan IP menggunakan skema swasta memanfaatkan ruang alamat 192.168.0.0/22 yang menyediakan ruang cukup untuk pertumbuhan. Ke-11 VLAN pasti semua memungkinkan untuk alamat tambahan yang akan ditambahkan. Melakukan pengujian dengan dua PC dan dua VLAN cukup untuk mencapai tujuan pengujian. Jika bekerja dengan dua PC dan dua VLAN itu akan bekerja dengan PC lebih banyak dan lebih VLAN, kecuali kesalahan konfigurasi diperkenalkan.
Can the selected hardware be upgraded easily without a major reconfiguration of the network?
Secara umum, ya. Stackable tetap 2960 konfigurasi switch digunakan dalam prototipe. IOS software dapat ditingkatkan dengan cukup mudah tapi upgrade perangkat keras mungkin tidak menjadi pilihan. Perluasan kepadatan pelabuhan dan penggunaan kecepatan link berbeda dan media yang dapat menyajikan isu-isu.
Can new Access Layer modules be integrated into the network without disrupting services to existing users?
Ya. Switch tambahan dapat ditambahkan untuk meningkatkan jumlah koneksi di desain dengan gangguan minimal.
Does the design provide for the smallest possible failure domains?
Ya, switch menyediakan segmentasi mikro dan VLAN berisi broadcast dengan menggunakan router dan subinterfaces.
Are there multiple paths and redundant devices to protect against losing connectivity to important services?
Ya. Switch memiliki hubungan yang berulang untuk memberikan cadangan.
Step 2: Determine what the risks are of not correcting the weaknesses
If, in Step 1, you identify weaknesses in the proposed design, what risks do these weaknesses present to
FilmCompany?
Sejak stackable switch dengan konfigurasi tetap digunakan dalam prototipe, perubahan kepadatan port, jenis media atau kecepatan link dapat menimbulkan masalah. Selain menambahkan lebih banyak switch, perluasan kepadatan port tidak mudah dilakukan.
Step 3: Suggest ways that the design can be improved to reduce the risk
In what ways could the proposed design be improved to reduce the areas of risk?
Step 4: Document the weaknesses and risks on the test plan
In the Results and Conclusions section of the test plan, record any weaknesses, risks, and suggested
improvements.
Step 5: Reflection
Why do you think it is important to identify weaknesses and risks in the proposed design before presenting it to the customer? What are some reasons that weaknesses cannot be corrected?
Penting untuk mengidentifikasi kelemahan dan risiko dalam desain yang diusulkan sebelum menyajikannya kepada pelanggan untuk memastikan bahwa pelanggan memahami keterbatasan prototipe dan tidak mengarah pada memiliki harapan yang tidak realistis berdasarkan prototipe. Mungkin mustahil untuk mengimbangi semua kelemahan yang dapat diidentifikasi karena masalah waktu, uang atau kendala personil. Risiko harus dianalisa dan seimbang terhadap variabel-variabel lainnya.
Lab 7.3.2 Creating a Server Farm Test Plan
Task 1: Review the Supporting Documentation
Step 1: Before completing the Server Farm Design Test Plan, review the following materials:
* • The prototype topology diagram included at the top of this lab
* • The IP Address Plan and VLAN Plan for the prototype topology in the Server Farm Design Test Plan provided with this lab
* • The Prototype Network Installation Checklist created by the network designer and provided with this lab
* • The partially completed Server Farm Design Test Plan provided with this lab
Step 2: Describe the functions of the network that the designer wants to test with this prototype
Konektivitas dasar, konfigurasi VLAN, operasi VTP, VLAN routing, penyaringan ACL.
Step 3: Using the topology diagram, create a list of the equipment necessary to complete the prototype tests
List any cables that are needed to connect the devices as shown in the topology diagram. Use the information from this list to fill out the chart in the Equipment section of the test plan document.
2 Router, 3 switch, 2 PC, 1 Server, 6 Cat 5 Straight-through kabel, 6 Cat 5 crossover kabel, 1 console cable.
Task 2: Determine the Testing Procedures
Using the information contained on the Prototype Network Installation Checklist and the partially completed Server Farm Design Test Plan document, determine what procedures should be followed to perform each test listed on the plan. Using Test 1 as an example, fill out the procedures sections for Tests 2, 3, and 4.
Think about which commands and tools (such as ping, traceroute, and show commands) you can use to verify that the prototype network is functioning as designed. Decide which outputs to save to prove the results of your tests.
Task 3: Document the Expected Results and Success Criteria
Carefully identify what you expect the results of each test to show. What results would indicate that the tests were a success?
Test 2: VLAN Configuration Test
Show vlans, show spanning-tree, show interface, failure of ping between VLANs
Test 3: VLAN Routing Test
Show vlans, show interface, show IP route, traceroute, and successful ping between VLANs.
Test 4: ACL Filtering Test
Show running config, show interface, show IP route, traceroute, attempts to access unauthorized resources denied.
a. Fill in the Expected Results and Success Criteria section for each test, using the information collected above.
b.Save the completed Server Farm Test Plan. It will be used in subsequent labs.
Reflection
Why is it important to think about and document the expected results and success criteria for each of the
individual tests?
Lab 7.3.3 Configuring and Testing the Rapid Spanning Tree Prototype
Task 1: Configure all devices
Step 1: Configure S1 and S2
Configure the host name, access, and command mode passwords on each switch.
Step 2: Configure interface VLAN 1
Configure the VLAN1 IP address and default gateway on each switch.
Step 3: Configure FC-ASW-1 for server and end user VLANs
VLAN Number VLAN Name
10 Servers
20 Users
Step 4: Configure ProductionSW for server and end user VLANs
VLAN Number VLAN Name
10 Servers
20 Users
Step 5: Assign ports to VLANs on FC-ASW-1
FC-ASW-1#configure terminal
FC-ASW-1(config)#interface Fa0/5
FC-ASW-1(config-if)#switchport mode access
FC-ASW-1(config-if)#switchport access VLAN10
FC-ASW-1(config-if)#interface Fa0/6
FC-ASW-1(config-if)#switchport mode access
FC-ASW-1(config-if)#switchport access VLAN20
Step 6: Assign ports to VLANs on ProductionSW
ProductionSW#configure terminal
ProductionSW(config)#interface Fa0/5
ProductionSW(config-if)#switchport mode access
ProductionSW(config-if)#switchport access VLAN10
ProductionSW(config-if)#interface Fa0/6
ProductionSW(config-if)#switchport mode access
ProductionSW(config-if)#switchport access VLAN20
Step 7: Configure trunk ports on FC-ASW-1 to the router and ProductionSW
FC-ASW-1(config)#interface Fa0/1
FC-ASW-1(config-if)#switchport mode trunk
FC-ASW-1(config-if)#interface Fa0/2
FC-ASW-1(config-if)#switchport mode trunk
FC-ASW-1(config-if)#interface Fa0/4
FC-ASW-1(config-if)#switchport mode trunk
Step 8: Configure trunk ports on ProductionSW to FC-ASW-1
ProductionSW(config)#interface Fa0/2
ProductionSW(config-if)#switchport mode trunk
ProductionSW(config-if)#interface Fa0/4
ProductionSW(config-if)#switchport mode trunk
Step 9: Configure VTP on both switches
FC-ASW-1#vlan database
FC-ASW-1(vlan)#vtp server
Step 10: Configure ProductionSW to be a VTP client
ProductionSW#vlan database
ProductionSW(vlan)#vtp client
ProductionSW(vlan)#vtp domain ServerFarm
Step 11: Configure Rapid Spanning Tree Protocol
On each switch, configure Per-VLAN Rapid Spanning Tree Protocol.
FC-ASW-1(config)#spanning-tree mode rapid-pvst
ProductionSW(config)#spanning-tree mode rapid-pvst
Step 12: Perform basic router configuration
Configure hostname, passwords, and line access on R1.
Step 13: Configure Subinterface Fa0/0
BR4#configure terminal
BR4(config)#interface Fa0/0
BR4(config-if)#no shut
BR4(config-if)#interface Fa0/0.1
BR4(config-subif)#description VLAN1
BR4(config-subif)#encapsulation dot1q 1
BR4(config-subif)#ip address 10.0.0.1 255.255.255.0
BR4(config-subif)#interface Fa0/0.10
BR4(config-subif)#description VLAN10
BR4(config-subif)#encapsulation dot1q 10.
BR4(config-subif)#ip address 10.10.10.254 255.255.255.0
BR4(config-subif)#interface Fa0/0.20
BR4(config-subif)#description VLAN20
BR4(config-subif)#encapsulation dot1q20
BR4(config-subif)#ip address 10.10.20.254 255.255.255.0
BR4(config-subif)#end
BR4#
Step 14: Configure two hosts for server VLAN, and two hosts for end user VLAN
a. H1 and H3 should be given IP addresses in the Servers VLAN, with a default gateway of
10.10.10.254.
b. H2 and H4 should be given IP addresses in the Users VLAN, with a default gateway of 10.10.20.254.
Task 2: Perform basic connectivity tests
Step 1: Test intra-VLAN connectivity
a. Ping from H1 to H3.
Is the ping successful?
Ya
If the ping fails, troubleshoot the configuration on the hosts and the VLAN configuration on the switches.
b. Ping from H2 to H4.
Is the ping successful?
Ya
If the ping fails, troubleshoot the configuration on the hosts and the VLAN configuration on the switches.
Step 2: Test inter-VLAN connectivity
Ping from a host on the Servers VLAN to a host on the Users VLAN.
Is the ping successful?
Ya
If the ping fails, troubleshoot the router and switch configurations.
Task 3: Introduce link and device failures into the network, and observe results
Step 1: Determine the port status of the spanning tree on the server switch
FC-ASW-1#show span
VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 32778
Address 0030.F2C9.90A0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 0090.21AC.0C10
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ————————–
Fa0/1 Desg FWD 19 128.3 Shr
Fa0/2 Root FWD 19 128.3 Shr
Fa0/4 Altn BLK 19 128.3 Shr
Fa0/5 Desg FWD 19 128.3 Shr
VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 32788
Address 0030.F2C9.90A0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 0090.21AC.0C10
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ————————–
Fa0/1 Desg FWD 19 128.3 Shr
Fa0/2 Root FWD 19 128.3 Shr
Fa0/4 Altn BLK 19 128.3 Shr
Fa0/6 Desg FWD 19 128.3 Shr
Which port is not currently participating in forwarding data?
Fa0/4 adalah alternatif
Step 2: Induce a link failure on the server switch
Remove the cable from one of the forwarding ports on FC-ASW-1.
Step 3: View the adjustment to the spanning-tree
Re-issue the show span command.
How long did it take the switches to determine and utilize a backup link?
Step 4: Induce a device failure on the network
Turn off the ProductionSW switch.
Ping from H1 to H2.
Was the ping successful?
Yes, both hosts are on the FC-ASW-1 switch and inter-VLAN
routing is still taking place.
Step 5: Reflect on the test results
In a network with multiple branch offices, why is the use of Rapid Spanning Tree Protocol important?
RSTP adalah penting untuk memastikan konektivitas perangkat pada layer akses di setiap kantor cabang dan bahwa sumber daya seperti server yang dapat diakses oleh pengguna di kantor-kantor lain yang bergantung pada mereka, dalam hal terjadi kegagalan switch-terkait setempat.
Why is it important when implementing a server farm?
RSTP akan membantu untuk memastikan bahwa switch dapat sembuh dengan cepat dan menyimpan server diakses oleh pengguna dalam hal link, switch atau kegagalan port.
Lab 7.3.5 Testing a Prototype Network
Task 1: Assemble and connect component devices
Step 1: Review the Topology Diagram and the Equipment section of the test plan
a. Determine which equipment or suitable substitutes will be required to meet the objectives of the lab.
b. Modify the topology diagram as necessary to fit available equipment.
Step 2: Review the Installation Checklist provided in lab 7.3.2.
Accommodate any equipment limitations with the use of loopback addresses.
Task 2: Perform Test 1: Basic Connectivity Test
Step 1: Using the Installation Checklist, perform the steps to connect and configure the
prototype network to perform Test 1.
Step 2: Perform the Test 1 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.
Task 3: Perform Test 2: VLAN Configuration Test
Step 1: Using the Installation Checklist, perform the steps to connect and configure the
prototype network to perform Test 2.
Step 2: Perform the Test 2 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.
Task 4: Perform Test 3: VLAN Routing Test
Step 1: Using the Installation Checklist, perform the steps to connect and configure the
prototype network to perform Test 3.
Step 2: Perform the Test 3 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.
Task 5: Perform Test 4: ACL Filtering Test
Step 1: Review security goals for the FilmCompany network
Examine the test plan, checklist, and other documentation to determine how ACLs can support the security goals.
Step 2: Examine results of connectivity tests to determine targets for the ACLs
Decide which devices should be permitted, which protocols should be used, and where ACLs should be
placed.
Step 3: Create ACLs
Step 4: Using the Installation Checklist, perform the steps to connect and configure the
prototype network to perform Test 4.
Step 5: Perform the Test 4 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary
Task 6 Reflection
Examine the test results and conclusions. How this network would be affected if:
1. The number of servers was doubled?
Lalu lintas di S2 akan meningkat. Mungkin akan bermanfaat menambahkan saklar dan pemecahan server untuk menghindari single point of failure.
2. The S2 switch had a system failure?
Akses ke server akan hilang.
3. A new branch office with 25 new hosts was added?
Beban pada router R2 atau R1 akan meningkat tergantung pada akses apa yang dibutuhkan pengguna terhadap sumber daya.
Now that you have followed the process of prototyping from creating the plan through testing and recording results and conclusions, what are the advantages and disadvantages of using a simulation program, such as Packet Tracer, compared to building the prototype with physical devices?
Penggunaan program simulasi dapat sangat membantu dalam skenario pengujian berbagai koneksi, alamat IP dan isu-isu lainnya. Perangkat lain dapat dimasukkan ke dalam bermain daripada ketika membangun prototipe menggunakan peralatan yang nyata, namun tidak ada pengganti untuk menggunakan perlengkapan nyata, jika tersedia.
Lab 7.3.6 Identifying Risks and Weaknesses in the Design
Task 1: Identify areas of risk and weakness in the server farm implementation
Step 1: Analyze the physical topology
Examine the server farm topology as one entity and as a part of the entire FilmCompany topology. Look for each of the risks and weaknesses listed in the chart. Describe the devices, connections, and issues that you find, or record None found if the design appears to avoid risks in that area.
Weakness Risk Description of Location and Devices
Single point of failure If a device fails, a portion of the network will be inoperable.
Large failure domain If a device or link fails, a large portion of the network will be affected
Possible bottlenecks If the traffic volume increases, thereis a potential for response time to degrade.
Limited scalability If the network grows more rapidly than expected, a costly upgrade will be needed.
Overly-complex design If the design is too complex, the current staff will not be able to support it properly.
Other possibleweaknesses (specify):
Step 2: Analyze the results and conclusions of the testing
Basic router and switch configurations were modified to support the following protocols and functions.
Evaluate the results and conclusions that were drawn from the testing. Identify any areas where modifications to the configuration would provide better results, both now and in the future.
No Change Needed Modifications Possible
VLAN port assignments
VTP client/server assignments
Root bridge designations
Switch security
Traffic filtering through ACLs
Other (specify):
Task 2: Suggest modifications to the design to address identified risks and weaknesses
From the analysis performed in Task 1, list each risk or weakness and suggest possible changes to the
design to minimize or eliminate it.
Langganan:
Postingan (Atom)