Lab 6.1.4 Using CIDR to Ensure Route Summarization
Step 1: Cable and configure the network
Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router.
Step 2: Perform basic router configurations
Establish a HyperTerminal, or other terminal emulation program, from PC1 to each of the three routers in turn and perform the following configuration functions:
Clear any existing configurations on the routers.
Configure the router hostname.
Disable DNS lookup.
Configure an EXEC mode password.
Configure a message-of-the-day banner.
Configure a password for console connections.
Configure a password for vty connections.
Step 3: Configure the interfaces on the three routers
Configure the interfaces on the three routers with the IP addresses from the table.
Save the running configuration to the NVRAM of the router.
Step 4: Configure the Ethernet interfaces
Configure the Ethernet interfaces of Hosts PC1, PC2, and PC3 with the IP addresses from the addressing
table provided under the topology diagram.
Step 5: Verify connectivity of routers
Verify that each router can ping each of the neighboring routers across the WAN links. You should
not have connectivity between end devices yet. However, you can test connectivity between two
routers and between an end device and its default gateway. Troubleshoot if connectivity is not achieved.
Step 6: Verify connectivity of Host PCs
Verify that PC1, PC2, and PC3 can ping their respective default gateways. Troubleshoot if connectivity is not achieved.
Step 7: Configure EIGRP routing on router R1
Consider the networks that need to be included in the EIGRP updates that are sent out by the R1 router.
What directly connected networks exist on R1?
172.17.0.0
172.18.0.0
172.19.0.0
What commands are required to enable EGIRP and include the connected networks in the routing updates?
router eigrp 1
network 172.17.0.0
network 172.18.0.0
network 172.19.0.0
Are there any router interfaces that do not need to have EIGRP updates sent out? Ya
If yes, which ones? Fa0/0 and Fa0/1
What command is used to disable EIGRP updates on these interfaces?
passive-interface FastEthernet0/0 and passive-interface FastEthernet0/1
Step 8: Configure EIGRP on router R2
Consider the networks that need to be included in the EIGRP updates that are sent out by the R2 router.
What directly connected networks exist on R2?
172.16.0.0
172.17.0.0
172.20.0.0
What commands are required to enable EGIRP and include the connected networks in the routing updates?
router eigrp 1
network 172.16.0.0
network 172.17.0.0
network 172.20.0.0
Are there any router interfaces that do not need to have EIGRP updates sent out?Ya
If yes, which ones?
Fa0/0 and Fa0/1
What command is used to disable EIGRP updates on these interfaces?
passive-interface FastEthernet0/0
Step 9: Configure EIGRP routing on the R3 router
Consider the networks that need to be included in the EIGRP updates that are sent out by the R3 router.
What directly connected networks exist on R3?
172.20.0.0
10.1.0.0
What commands are required to enable EGIRP and include the connected networks in the routing updates?
router eigrp 1
network 172.20.0.0
network 10.1.0.0
Are there any router interfaces that do not need to have EIGRP updates sent out?Ya
If yes, which ones?Fa0/0 and Fa0/1
What command is used to disable EIGRP updates on these interfaces?
passive-interface FastEthernet0/0
Step 10: Verify the configurations
Ping between devices to confirm that each router can reach each device on the network and that there is
connectivity between all the PCs. If any of the above pings failed, check your physical connections and configurations. Troubleshoot until connectivity is achieved.
Step 11: Display the EIGRP routing table for each router
Are there summary routes in any of the routing tables?
Ya, tetapi hanya untuk jaringan 10.1.0.0. Auto-summary EIGRP diaktifkan secara default dan merangkum subnetwork 10.1.0.0/16 ke jaringan 10.0.0.0 / 8 classful.
Are there any summary routes for the 172.x.0.0 networks?Tidak
Step 12: Remove automatic summarization
On each of the three routers, remove automatic summarization to force EIGRP to report all subnets. A sample command is given for R1.
R1(config)#router eigrp 1
R1(config-router)#no auto-summary
Step 13: Configure manual summarization on R2
On R2, configure manual summarization so that EIGRP summarizes the four networks 172.16.0.0/16,
172.17.0.0/16, 172.18.0.0/16, and 172.19.0.0/16 as one CIDR route, or 172.16.0.0/14.
You are summarizing multiple classful networks, which creates a supernet, and results in a classless (/14)
network address being advertised.
R2(config)#interface s0/0/1
R2(config-if)#ip summary-address eigrp 1 172.16.0.0 255.252.0.0
Step 14: Confirm that R2 is advertising a CIDR summary route
Examine the routing table of each router using the show ip route command.
R1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 172.17.0.0/16 is directly connected, Serial0/0/0
D 172.16.0.0/16 [90/2172416] via 172.17.0.2, 02:13:05, Serial0/0/0
C 172.19.0.0/16 is directly connected, Loopback0
C 172.18.0.0/16 is directly connected, FastEthernet0/0
D 172.20.0.0/16 [90/2681856] via 172.17.0.2, 02:05:21, Serial0/0/0
10.0.0.0/16 is subnetted, 1 subnets
D 10.1.0.0 [90/2684416] via 172.17.0.2, 00:04:25, Serial0/0/0
R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 172.17.0.0/16 is directly connected, Serial0/0/0
C 172.16.0.0/16 is directly connected, FastEthernet0/0
D 172.19.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0
D 172.18.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0
C 172.20.0.0/16 is directly connected, Serial0/0/1
10.0.0.0/16 is subnetted, 1 subnets
D 10.1.0.0 [90/2172416] via 172.20.0.1, 00:05:57, Serial0/0/1
D 172.16.0.0/14 is a summary, 00:11:55, Null0
R3#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 172.20.0.0/16 is directly connected, Serial0/0/1
10.0.0.0/16 is subnetted, 1 subnets
C 10.1.0.0 is directly connected, FastEthernet0/0
D 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1
Which router has a summarized route to the 172.x.0.0 networks in its routing table?
R3
D 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1
Step 15: Clean up
Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are
normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Reflection
In this lab, automatic summarization was used. Could route summarization still be applied if more effective use of the IPv4 address space had been made by using VLSM for those networks requiring fewer addresses, such as the serial links between routers?
Lab 6.2.1 Determining an IP Addressing Scheme
Step 1: Consider VLAN issues
The initial step in determining the required VLANs is to group users and services into VLANs. Each of these VLANs will represent an IP subnet.
A VLAN can be considered to be a group of switch ports assigned to a broadcast domain. Grouping the
switch ports confines broadcast traffic to specified hosts so that bandwidth is not unnecessarily consumed in unrelated VLANs. It is therefore a recommended best practice to assign only one IP network or subnetwork to each VLAN.
When determining how to group users and services, consider the following issues:
Flexibility
The employees and hardware of the former AnyCompany will move into the building with the FilmCompany in the near future. The network from this newly acquired company needs to be tightly integrated with the FilmCompany network and a structure put in place to enhance the security of the network.
To support this integration, with improvements in security and performance, additional VLANs need to be
created on the network. These VLANs will also allow the personnel to move to the buildings without additional network changes or interruption in network services.
Security
Security can be better enforced between VLANs than within VLANs.
* • Access control lists can be applied to the Distribution Layer router subinterfaces that interconnect the
VLANs to enforce this security.
* • The interfaces on the switches can be assigned to VLANs as appropriate to support the network for
the connected device.
* • Additional Layer 2 security measures can also be applied to these switch interfaces.
WANs and VPNs
The contract with StadiumCompany adds a number of new requirements. Some FilmCompany personnel will be located at the stadium. Additional personnel and contract workers will also be present at the stadium during live events. These employees will use laptops and the wireless LAN at the FilmCompany branch as well as the wireless LAN at the stadium. To provide network connectivity for these laptops, they will be in their own VLAN. At the stadium, the FilmCompany laptop users will connect to a secure wireless VLAN and use a VPN over the Frame Relay connection between stadium and the FilmCompany branch. With this connection, the laptop users can be attached to the internal FilmCompany network regardless of physical location. To support the video feeds, FilmCompany will need resources available at the stadium. Some of the servers providing these resources will be located at the stadium. Other servers will be located at the branch office of the FilmCompany. For security and performance reasons, these servers, regardless of location, will be on secured VLANs. A separate VPN over the Frame Relay link will be created to connect the servers at the stadium to the servers located at the FilmCompany office.
What are the advantages and disadvantages of using a VPN to extend the wireless and video server
networks over the Frame Relay connection from FilmCompany to the stadium?
Advantages:
Memperluas VLAN melalui VPN di WAN memiliki keuntungan dari keamanan tindakan yang dilakukan terhadap VLAN yang juga sedang diterapkan pada semua host di manapun lokasinya.
Disadvantages:
Kerugiannya adalah bahwa semua siaran VLAN juga melintasi bandwidth sempit pada WAN link, yang mungkin mempengaruhi throughput data
Redundancy
The VLAN structure will support load balancing and redundancy, which are major needs of this new network design. With such a large portion of the FilmCompany operations and revenues dependent on the network operation, a network failure could be devastating. The new VLAN arrangement allows the FC-ASW1 and FCASW2 switches to share the load of the traffic and be backups for each other.
This redundancy is accomplished by sharing the RSTP primary and secondary root duties for the traffic for the different VLANs:
* • FC-ASW1 will be the primary root for approximately one-half of the VLAN traffic (not necessarily one half of the VLANs) and FC-ASW2 will be the secondary root for these VLANs.
* • The remaining VLANs will have FC-ASW2 as the primary root and FC-ASW1 as the secondary root.
Step 2: Group network users and services
Examine the planned network topology. Applying the issues considered in Step 1, list all the possible
groupings of users and services that may require separate VLANs and subnets.
default VLAN for the Layer 2 devices
voice VLAN to support Voice over IP
VLAN for management hosts and secure peripherals (payroll printer)
VLAN for administrative hosts
VLAN for support hosts
VLAN for high performance production workstations (stationary)
VLAN for mobile production hosts
VLAN for stadium to FilmCompany mobile access VPN
VLAN for network support
VLAN for peripherals for general use (printers, scanners)
VLAN for servers to support video services and storage
VLAN for stadium to FilmCompany video services VPN
VLAN for servers that are publicly accessible
VLAN for terminating unwanted or suspicious traffic
VLAN for undefined future services
Block of addresses are required for NAT pool for BR4
DSL link to the ISP
Addresses for the Frame Relay link to the stadium
Step 3: Tabulating the groupings
The new addressing design needs to be scalable to allow easy inclusion of future services, such as voice.
The current addressing scheme does not allow for managed growth. Correcting this scheme will mean that most devices will be placed on new VLANs and new subnets. In some cases, a device address may not be able to be changed; for example, some of the servers have software registered to their IP addresses. In such cases, the server VLAN will keep its current addressing even though it may not be consistent with the remaining addressing scheme. Other addresses that cannot be changed are the addresses used with the WAN links and the addresses for NAT pool used to access the Internet.
This table shows a possible grouping and addressing scheme. The number of hosts required for the
FilmCompany branch office, including growth, has been determined. Assigning one subnet to each VLAN, the host count for each has been rounded up to the next logical network size supported by the binary patterns used in the subnet mask. Rounding up prevents underestimating the total number of host addresses required
VLAN number Network name Nomor alamat host PredeterminedNetwork Address Deskripsi
1 default 14 Default VLAN for the Layer 2 devices
10 voice 254 Voice VLAN to support Voice over IP
20 management 14 Management hosts and secure peripherals (payroll printer)
30 administrative 62 Administrative hosts
40 support 126 Support hosts
50 production 126 High performance production workstations (stationary)
60 mobile 62 Mobile production hosts
70 net_admin 14 Network support
80 servers 65534 172.17.0.0 /16 Servers to support video servicesand storage
90 peripherals 62 Peripherals for general use (printers,scanners)
100 web_access 14 VLAN for servers that are publiclyaccessible
120 future 126 VLAN for future services
999 null 126 VLAN for terminating unwanted orsuspicious traffic
NA NAT_pool 6 209.165.200.224/29 Addresses for NAT pool for BR4 orinterface to ISP4
NA DSL_Link 2 192.0.2.40 /30 DSL link to the ISP
NA Frame_Link 2 172.18.0.16/30 Address of the FR link to thestadium
Step 4: Determine the total number of hosts to be addressed
To determine the block of addresses to be used, count the number of hosts. To calculate the addresses,
count only the hosts that will receive addresses from the new block. Use the information in the table in Step 3 to complete this chart to calculate the total number of hosts in the new FilmCompany network requiring addresses.
Reflection / Challenge
This lab provided a step-by-step process for determining an addressing scheme for a corporate network.
Discuss and consider the issues that would arise if this planning process was not methodically used.
Lab 6.2.2 Determining the Number of IP Networks
Task 1: Review Address Block Size
Review and record the total number of hosts to be addressed.
Complete this table with the information determined in Lab 6.2.1.
Network/VLAN Name #Number of host addresses
Default 14
Voice 254
Management 14
Administrative 62
Support 126
Production 126
Mobile 62
Peripherals 62
Net_admin 14
Web_access 14
Future 126
Null 126
Total 1000
What is the smallest address block size that can potentially satisfy the FilmCompany network needs?
1024
Task 2: Choose or Obtain an Address Block
Step 1: Choose public or private addresses?
A block of addresses needs to be acquired to support the addressing scheme. This block of addresses could be private space addresses or public addresses. In most cases, the network users require only outbound connections to the Internet. Only a few hosts, such as web servers, require public addresses. These often exist on the local LAN with private addresses and have static NAT entries on the border router to translate to public addresses. Public address, however, are expensive and often difficult to justify. Can you make a justification of the use public addresses in this network?
Tidak
If so, write this justification to forward to the ISP:
Step 2: Ensure that the private space addresses do not conflict
Although you are allowed to use private space addresses any way you choose, you must make sure that the addresses used do not conflict with another private space address to which this network will be connected. You must identify other networks to which you are connected and make sure that you are not using the same private addresses. In this case, you need to examine the addresses used by the StadiumCompany.
What address private space block does the StadiumCompany use?
172.18.0.0 /16
What address blocks are used by the WAN links?
172.18.0.16/30
192.0.2.40 /30
Are there other devices or connections that need to be excluded from use?
Ya
What types?
servers
What address block?
172.17.0.0 /16
Step 3: Ensure that the private space addresses are consistent with policy
The company should have a network policy and method of allocating addresses. This is true even when using
private addresses. You should contact the FilmCompany network administrators to request a block of
addresses. In this case, ask your instructor if there is a preferred set of addresses to use.
Did your instructor assign a block of addresses?
If so, what block?
If your instructor does not assign addresses, you may choose any private space block that does not conflict.
What block of addresses are you using for this FilmCompany Branch?
192.168.0.0 /22
Task 3: Allocate Addresses for the Network
When assigning addresses to the different networks, start the assignments with the subnet that requires the largest address block and progress to the network that requires the smallest.
Step 1: Order the networks from largest to smallest
Using the information from Lab 6.2.1, list the networks in order of size, from the network that requires the
largest address block to the network that requires the smallest block.
Network/VLAN Name Number of host addresses
Voice 254
support 126
production 126
Future 126
Null 126
administrative 62
Mobile 62
peripherals 62
Web_access 14
Default 14
management 14
Net_admin 14
Step 2: Assign address blocks to the networks
From the address block chosen in the previous task, begin calculating and assigning the address blocks to these networks. You should use contiguous blocks of addresses when making these assignments.
Network/VLAN Name Number of host addresses Network address
Voice 254 192.168.0.0 /24
support 126 192.168.1.0 /25
production 126 192.168.1.128 /25
Future 126 192.168.2.0 /25
Null 126 192.168.2.128 /25
administrative 62 192.168.3.0 /26
Mobile 62 192.168.3.64 /26
Peripherals 62 192.168.3.128 /26
web_access 14 192.168.3.192 /28
Default 14 192.168.3.208 /28
management 14 192.168.3.224 /28
net_admin 14 192.168.3.240 /28
Step 3: Complete the address planning table
Using the addresses you calculated in the previous step, complete this table from Lab 6.2.1. This plan will be used in future labs.
VLAN # Network/VLAN Name Number of host addresses Network Address Description
1 default 14 192.168.3.208 /28 Default VLAN for the Layer 2 devices
10 voice 254 192.168.0.0 /24 Voice VLAN to support Voice over IP
20 management 14 192.168.3.224 /28 Management hosts and secureperipherals (payroll printer)
30 administrative 62 192.168.3.0 /26 Administrative hosts
40 support 126 192.168.1.0 /25 Support hosts
50 production 126 192.168.1.128 /25 High performance productionworkstations (stationary)
60 mobile 62 192.168.3.64 /26 Mobile production hosts.
70 net_admin 14 192.168.3.240 /28 Network support
80 servers 65534 172.17.0.0 /16 Servers to support video services and storage.
90 peripherals 62 192.168.3.128 /26 Peripherals for general use (printers, scanners)
100 web_access 14 192.168.3.192 /28 VLAN for server that are publiclyaccessible
120 future 126 192.168.2.0 /25 VLAN for future services
999 null 126 192.168.2.128 /25 VLAN for terminating unwanted orsuspicious traffic
NA NAT_pool 6 209.165.200.224/29 Addresses for NAT pool for BR4 or interface to ISP4
NA DSL_Link 2 192.0.2.40 /30 DSL link to the ISP
NA Frame_link 2 172.18.0.16/30 Address of the FR link to the stadium
Reflection / Challenge
This lab specifically used private IPv4 addresses. Discuss the issues to be considered if it was decided to use public IP addresses throughout the network. Are there any situations that would require this?
Alamat IP versi 4 (sering disebut dengan Alamat IPv4) adalah sebuah jenis pengalamatan jaringan yang digunakan di dalam protokol jaringan TCP/IP yang menggunakan protokol IP versi 4. Panjang totalnya adalah 32-bit, dan secara teoritis dapat mengalamati hingga 4 miliar host komputer atau lebih tepatnya 4.294.967.296 host di seluruh dunia, jumlah host tersebut didapatkan dari 256 (didapatkan dari 8 bit) dipangkat 4(karena terdapat 4 oktet) sehingga nilai maksimal dari alamt IP versi 4 tersebut adalah 255.255.255.255 dimana nilai dihitung dari nol sehingga nilai nilai host yang dapat ditampung adalah 256x256x256x256=4.294.967.296 host. Alamat publik adalah alamat-alamat yang telah ditetapkan oleh InterNIC dan berisi beberapa buah network identifier yang telah dijamin unik (artinya, tidak ada dua host yang menggunakan alamat yang sama) jika intranet tersebut telah terhubung ke Internet. Ketika beberapa alamat publik telah ditetapkan, maka beberapa rute dapat diprogram ke dalam sebuah router sehingga lalu lintas data yang menuju alamat publik tersebut dapat mencapai lokasinya.
Lab 6.2.5 Creating an Address Allocation Spreadsheet
Step 1: Record the network address block
In the first column, record the address block used for the entire FilmCompany network chosen in the previous lab.
Step 2: Define the 254-host networks
Based on the requirements for the FilmCompany network, the address block is divided into twelve separate networks using four different masks.
In the second column of the table above, record the network blocks that will support 254 hosts per
network. In the last column, record the names of the networks that need to be assigned to these blocks.
The CIDR notation mask for the 254-host network is /24. What is the dotted decimal equivalent mask?
255.255.255.0
Step 3: Define the 126-host networks
In the third column of the table above, choose the first unused 254 host address block to subdivide
into 126-host networks. In the last column, record the names of the networks assigned to these 126-host blocks.
The CIDR notation mask for the 126-host network is /25. What is the dotted decimal equivalent mask?
255.255.255.128
Step 4: Define the 62-host networks
In the fourth column of the table above, choose the first unused 126-host address block to subdivide
into 62-host networks.
In the last column, record the names of the networks assigned to these 62-host blocks.
The CIDR notation mask for the 62-host network is /26. What is the dotted decimal equivalent mask?
255.255.255.192
Step 5: Define the 14-host networks
In the fifth column of the table above, choose the first unused 62-host address block to subdivide into
14-host networks. In the last column, record the names of the networks assigned to these 14-host blocks.
The CIDR notation mask for the 14-host network is /28. What is the dotted decimal equivalent mask?
255.255.255.240
Task 2: Define the Host Address Assignments
For each network, determine and document the host addresses and broadcast addresses. Use the table
below to document these networks and host information.
Step 1: Record the network names and addresses in the addressing table
In the table below, record the network names for the FilmCompany in the first column and the corresponding network address in the second column.
Step 2: Calculate the lowest host address in the addressing table
The lowest address for a network is one greater than the address of the network. Therefore, to calculate the lowest host address, add a 1 to the network address. For each of these networks, calculate and record the lowest host address in the second column of the table.
Step 3: Calculate the broadcast address in the addressing table
The broadcast address uses the highest address in the network range. This is the address in which the bits in the host portion are all 1s. To calculate the broadcast for each of the networks listed, convert the last octet of the network address into binary. Then fill the remaining host bits with 1s. Finally, convert the binary back to decimal. For each of these networks, calculate and record the broadcast address in the last column.
Step 4: Calculate the highest host address in the addressing table
The highest address for each address is the network address is one less than the broadcast address for that network. Therefore, to calculate the highest host address, subtract a 1 from the broadcast address. For each of these networks, calculate and record the highest host address in the second column.
Network Names Network Address Lowest HostAddress Highest HostAddress Broadcast Address
voice 192.168.0.0 /24 192.168.0.1 192.168.1.254 192.168.1.255
support 192.168.1.0 /25 192.168.1.1 192.168.1.126 192.168.1.127
production 192.168.1.128 /25 192.168.1.129 192.168.1.254 192.168.1.255
future 192.168.2.0 /25 192.168.2.1 192.168.2.126 192.168.2.127
null 192.168.2.128 /25 192.168.2.129 192.168.2.254 192.168.2.255
administrative 192.168.3.0 /26 192.168.3.1 192.168.3.62 192.168.3.63
mobile 192.168.3.64 /26 192.168.3.65 192.168.3.126 192.168.3.127
peripherals 192.168.3.128 /26 192.168.3.129 192.168.3.190 192.168.3.191
Web_access 192.168.3.192 /28 192.168.3.193 192.168.3.206 192.168.3.207
default 192.168.3.208 /28 192.168.3.209 192.168.3.222 192.168.3.223
management 192.168.3.224 /28 192.168.3.225 192.168.3.238 192.168.3.239
net_admin 192.168.3.240 /28 192.168.3.241 192.168.3.254 192.168.3.255
Task 3: Examine Address Blocks for Overlapping Addresses
One of the major issues of planning network addresses is overlapping addresses. This is especially true when using VLSM addressing. Examine the table in the previous step to ensure that each network has a unique address range.
Are there any overlapping addresses in the networks?Tidak
If there are any overlapping addresses, recalculate the addressing plan for the FilmCompany network.
Lab 6.2.6 Diagramming the Network
Step 1: Identify the appropriate VLAN
In the previous labs, you identified VLANs and subnets to be used in the FilmCompany network expansion. For each device listed in the table in the final section of this lab, assign each host the appropriate VLAN based on its description. Record these VLAN assignments in the third column of the table in Step 5.
Step 2: Assign addresses to the devices
In the previous lab, an address range was established for each subnet and VLAN. Using these established ranges and the VLAN assignments to the devices in the previous step, assign a host address to each of the selected hosts. Record this information in the last column of the table in Step 5 of this lab.
Step 3: Define the codes for device naming
From the device information, develop and apply a naming convention for the hosts.
A good naming scheme follows these guidelines:
* • Keep the names as short as possible; using fewer than twelve characters is recommended.
* • Indicate the device type, purpose, and location with codes, rather than words or abbreviations.
* • Maintain a consistent scheme. Consistent naming makes it easier to sort and report on the devices,
and to set up management systems.
* • Document the names in the IT department files and on the network topology diagrams.
* • Avoid names that make it easy to find protected resources.
For each naming criteria, assign a code for type. You will use these codes in different combinations to create device names. In the tables below, create codes for the elements of the device names. Use as many or as few codes as needed.
Device Type Type code Device Purpose Purpose code Device Location Location code
Laptop LT Management MGMT Stadium STAD
Desktop PC PC Production PROD 1st Floor 1FLR
Workstation WS Netadmin NETA 3rd Floor 3FLR
Printer PT
ServerRoom SVRM
Scanner SC
Server SV
Step 4: Establish the naming convention
In the spaces below, indicate the order and the number of letters to be used in the device naming. Again, use as many or as few letters as necessary. List the criteria in the blanks and draw a line to indicate the number of letters used. You may also choose to use hyphens (-) or underscores (_) to separate fields.
Step 5: Apply a naming convention
For each of the twelve devices shown in this table, apply the naming convention. Then add these device
names in the appropriate boxes in the topology at the beginning of the lab.
Number Device Name VLAN Description IP Address
1 servers Server for capturing raw video feeds from stadium
2 servers Server for storing finished (postproduction) video
3 web_access Public web server for on demand video access
4 management Branch manager’s computer
5 production Live event production worker (switched)
6 support Human resource clerk
7 support Payroll Manager
8 mobile Live event mobile worker (audio producer)
9 mobile Live event mobile worker (camera coordinator)
10 support Receptionist’s computer
11 management Financial Manager’s computer
12 net_admin Information Technology manager’s computer
Senin, 10 Januari 2011
Tugas CCNA 4 Labskill Chapter 5
CCNA 4 Chapter 5 Oleh IAMINDA DEWI SUTIASIH
Lab 5.1.1.4 Applying Design Constraints
Step 1: Identify possible project constraints
a. Use word processing software to create a new Project Constraints document.
b. The identified constraints that set limits or boundaries on the network upgrade project should be
entered into the Gathered Data field of the constraints document. Brainstorm ideas with other
students to identify additional constraints.
Classify each constraint as one of the following four types:
* • Budget
* • Policy
* • Schedule
* • Personnel
Step 2: Tabulate comments based on the identified constraints
a. Using the list of constraints discovered from the FilmCompany case study, apply appropriate
comments on how the constraints affect the design.
b. Enter the comments into a table
FILM COMPANY CONSTRAINTS
CONSTRAINT GATHERED DATA COMMENTS
to IT personnel
* • Training needed for new hires on company security policy
of a failure.
Schedule
* • Project must be completed within 4 months of project start.
* • Maintenance windows are between 2am and 6am Monday through Friday.
* • Less than 4 months to get the project completed.
Personnel
* • Looking to hire 6 temporary and parttime production staff and at least 1 IT technician.
* • Training on new equipment for IT personnel is needed.
* • Will new personnel affect security policy?
* • Do the new personnel need training on the equipment?
* • Do existing personnel need training?
c. Save your Project Constraints checklist.
Step 3: Identify trade-offs
a. Use word processing software to create an addition to the Project Constraints document.
b. The identified constraints that set limits or boundaries on the network upgrade project will require
potential trade-offs. Discuss ideas with other students regarding trade-offs for proposed designs.
Mungkin tidak mendapatkan peralatan baru karena keterbatasan anggaran, sehingga peralatan yang ada mungkin perlu upgrade. Layanan ISP mungkin tidak optimal untuk jenis lalu lintas yang dihasilkan, sehingga sebuah ISP baru mungkin diperlukan. Anggaran tidak dapat mendukung penggantian infrastruktur yang ada; alternatif perlu dikembangkan untuk ekspansi masa depan.
c. Record the trade-offs in your Project Constraints checklist.
d. Save your Project Constraints checklist.
Step 4: Reflection
The constraints imposed on this network design project are determined by the internal requirements of the FilmCompany. Consider and discuss the identified constraints and potential trade-offs. Do the trade-offs pose a significant obstacle to the design? Are there alternate methods that can be employed to achieve the success criteria without a significant budget?
• Kurang dari empat bulan untuk menyelesaikan proyek akan membutuhkan alokasi personel lebih banyak.
• Pelatihan personil mungkin perlu dilakukan secara bertahap.
• Tidak tersedianya peralatan atau kabel dari spesifikasi teknis yang diperlukan
• Kurangnya akomodasi ke rumah usaha yang diperluas dan infrastruktur jaringannya sejak proyek dapat mengkonsolidasikan ke dalam satu lokasi.
• keterbatasan ISP mungkin memerlukan perubahan dalam desain. Haruskah ISP lain digunakan?
Lab 5.1.2.4 Identifying Design Strategies for Scalability
Step 1: Identify the areas that will be used for designing a strategy that facilitates scalability
a. Use word processing software to create a new document called “Design Strategies.”
b. Use the identified constraints that set limits or boundaries on the network upgrade project and the
potential trade-offs to assist in the discussion with other students.
The strategy should cover the following areas:
* • Access Layer modules that can be added
* • Expandable, modular equipment or clustered devices that can be easily upgraded
* • Choosing routers or multilayer switches to limit broadcasts and filter traffic
* • Planned redundancy
* • An IP address strategy that is hierarchal and that supports summarization
* • Identification of VLANs needed
Step 2: Create an Access Layer module design
Using the list developed from the group discussion, create an Access Layer module (design only).
a. Create your design using the existing equipment.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
Several servers
1 x Linksys WRT300N Wireless Router (FC-AP)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules that can be added to the existing equipment to support
new features and devices without requiring major equipment upgrades.
c. Save your Design Strategies documentation.
Step 3: Select Distribution Layer devices
a. Use word processing software to create an addition to the Design Strategies document.
b. Use the identified Access Layer module diagram to create the Distribution Layer design. Equipment
selected must include existing equipment. Use Layer 3 devices at the Distribution Layer to filter and
reduce traffic to the network core.
c. With a modular Layer 3 Distribution Layer design, new Access Layer modules can be connected
without requiring major reconfiguration. Using your documentation, identify what modules can be
added to increase bandwidth.
d. Save your Design Strategies document.
Step 4: Reflection
The constraints and trade-offs identified for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
• Mengembangkan skema pengalamatan IP menggunakan jaringan 10.xxx benar-benar menantang.
• Memisahkan VLAN
• Rancangan ACL unik mengingat penyaringan tidak diidentifikasi oleh klien.
Lab 5.1.3.5 Identifying Availability Strategies
Step 1: Identify the areas that will be used for designing a strategy that facilitates availability
a. Use word processing software to create a new document called “Availability Strategies.”
b. Use the identified constraints that set limits or boundaries on the network upgrade project and the
potential trade-offs to assist in brainstorming ideas with other students.
The strategy should cover the following areas:
Availability strategies for switches:
* • Redundant power supplies and modules
* • Hot-swappable cards and controllers
* • Redundant links
* • UPS and generator power
Availability strategies for routers:
* • Redundant power supplies, UPS, and generator power
* • Redundant devices
* • Redundant links
* • Out-of-band management
* • Fast converging routing protocols
Availability strategies for Internet/Enterprise Edge:
* • Dual ISP providers or dual connectivity to a single provider
* • Co-located servers
* • Secondary DNS servers
Step 2: Create availability strategies for switches
a. Using the list developed from the brainstorming session, create a list of equipment that will be
incorporated into the availability strategy.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
Several servers
1 x Linksys WRT300N Wireless Router (FC-AP)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules and redundant power supplies that will increase
availability for the switches.
c. Identify potential hot swappable cards and controllers that can be used. Create a list that identifies
each with cost and features.
d. Develop a diagram that shows potential redundant links that can be incorporated into the network
design.
e. Identify at least two possible UPS devices that can be incorporated into the design. Create a list that
identifies the cost and features of each.
f. Save your Availability Strategies document.
Step 3: Create availability strategies for routers
a. Use word processing software to create an addition to the Availability Strategies document.
b. Using the list of equipment, identify redundant power supplies that will increase availability for the
switches.
c. Identify potential redundant devices and links that can be used. Create a list that identifies each with
cost and features.
d. Create a diagram that displays the redundant connections.
e. Develop a list of potential routing protocols that will facilitate fast convergence times.
f. Save your Availability Strategies document.
Step 4: Create availability strategies for Internet/Enterprise Edge
a. Use word processing software to create an addition to the Availability Strategies document.
b. Identify options available that would allow for dual ISP or dual connectivity to a single provider.
c. Create a design that will co-locate the servers to allow for redundancy and ease of maintenance.
d. Save your Availability Strategies document.
Step 5: Reflection
The creation of availability strategies poses many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
• Berbagai modul dapat dibeli dengan berbagai fitur dan biaya.
• Berbagai perangkat UPS dapat dibeli dengan berbagai fitur dan biaya.
• Beberapa protokol routing dapat dipilih, tetapi mana yang paling sesuai desain?
Lab 5.1.5.2 Identifying Security Requirements
Step 1: Identify potential security weaknesses within the FilmCompany topology
a. Use word processing software to create a new document called “Security Strategies.”
b. Using the documents created in previous labs and the existing topology; identify potential
weaknesses in the existing design. (No firewalls, no VPNs)
c. Create a list of recommended security practices that should be employed in the FilmCompany
network.
d. Save your Security Strategies document.
Step 2: Create a security practices list
a. Using the list developed from the brainstorming session, create a finalized list of recommended
security practices for the FilmCompany.
Recommended security practices include:
* • Use firewalls to separate all levels of the secured corporate network from other unsecured
networks, such as the Internet. Configure firewalls to monitor and control the traffic, based on
a written security policy.
* • Create secured communications by using VPNs to encrypt information before it is sent
through third-party or unprotected networks.
* • Prevent network intrusions and attacks by deploying intrusion prevention systems. These
systems scan the network for harmful or malicious behavior and alert network managers.
* • Control Internet threats by employing defenses to protect content and users from viruses,
spyware, and spam.
* • Manage endpoint security to protect the network by verifying the identity of each user before
granting access.
* • Ensure that physical security measures are in place to prevent unauthorized access to
network devices and facilities.
* • Secure wireless Access Points and deploy wireless management solutions.
b. Identify what devices and software will need to be purchased to facilitate the recommended security
practices. (Hardware firewalls, intrusion detection systems etc.)
c. Save your Security Strategies document.
Step 3: Create a security strategy
a. Use word processing software to create an addition to the Security Strategies document.
b. Using the list of identified equipment, develop a chart of costs and features of the recommended
devices.
c. Using the list of identified software needed, develop a chart of costs and features of the
recommended software.
d. Save your Security Strategies document.
Step 4: Create a security design
a. Use word processing software to create an addition to the Securities Strategies document.
b. Identify which types of access to the network should be secured by incorporating VPNs.
c. Identify methods for controlling physical security at the FilmCompany building and at the stadium.
d. Identify potential ACLs that can be created to filter unwanted traffic from entering the network.
(Standard ACLS or Extended need to be identified.)
e. Identify methods for securing the wireless Access Points. Determine the best method for the
FilmCompany network. (128 bit encryption etc.)
f. Save your Security Strategies document.
Step 5: Reflection
The creation of a security strategy creates many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified challenges. Do all of the proposed strategies accomplish the task the
same way?
Would one be less expensive or less time-consuming than the other?
How could implementing a physical security plan into an existing company be difficult?
• Berbagai perangkat keras dapat dibeli dengan berbagai fitur dan biaya.
• Berbagai software keamanan dapat dibeli dengan berbagai fitur dan biaya.
• karyawan yang ada mungkin tidak menerima perubahan kebijakan keamanan mereka, jadi siapa yang perlu memastikan bahwa rencana itu ditegakkan?
• ACL dapat menyaring lalu lintas, tapi apa dampaknya pada arus lalu lintas yang akan mereka miliki? Apakah ACL diterapkan pada Akses Layer atau Pembagian Layer atau keduanya?
Lab 5.2.3.3 Designing the Core Layer
Step 1: Identify Core Layer Requirements
a. Use word processing software to create a new document called “Core Layer Diagram.”
b. Use the identified topology and associated equipment to determine Core Layer design requirements.
Design requirements for the Core Layer network include:
High-speed connectivity to the Distribution Layer switches
24 x 7 availability
Routed interconnections between Core devices
High-speed redundant links between Core switches and between the Core and Distribution Layer
devices
c. Brainstorm with other students to identify areas that may have been missed in the initial requirements
document.
Step 2: Create an Access Layer module design
Using the list developed from the group discussion, create an Access Layer module (design only).
a. Create your design using the existing equipment.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules that can be added to the existing equipment to support
new features, such as redundancy.
c. Save your Core Layer Diagram document.
Step 3: Select Core Layer devices
a. Use word processing software to create an addition to the Core Layer Diagram document.
b. The identified Core Layer module diagram will be used to adjust the Distribution Layer design.
Equipment selected must include existing equipment. Use Layer 3 devices at the Core Layer in a
redundant configuration.
c. Save your Core Layer Diagram document.
Step 4: Design Redundancy
a. Use word processing software to create an addition to the Core Layer Diagram document.
b. Design a redundancy plan that combines multiple Layer 3 links to increase available bandwidth.
c. Create a design that incorporates redundancy
d. Save your Core Layer Diagram document.
Step 5: Reflection / Challenge
The design strategies for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat yang dapat digunakan sebagai pengganti Layer 3 switch? Dapatkah perangkat tersebut memberikan kinerja yang sama?
• Apa kelemahan potensial untuk diagram yang diusulkan?
Lab 5.2.4.2 Creating a Diagram of the FilmCompany LAN
Step 1: Identify LAN Requirements
a. Use word processing software to create a new document called “LAN Diagram.”
b. Use the identified topology and associated equipment to determine LAN design requirements.
Design requirements for the LAN include:
High-speed connectivity to the Access Layer switches 24 x 7 availability
High-speed redundant links between switches on the LAN and the Access Layer devices
Identifying available hardware for the LAN
The current network has two VLANs.
1. General VLAN consisting of:
12 Office PCs
2 Printers
This VLAN serves the general office and managers, including reception, accounts and administration.
Addressing:
Network 10.0.0.0/24
Gateway 10.0.0.1
Hosts (dynamic) 10.0.0.200 – 10.0.0.254
Hosts (static) 10.0.0.10 – 10.0.0.20
2. Production VLAN consisting of:
9 High Performance Workstations
5 Office PCs
2 Printers
c. Brainstorm with other students to identify areas that may have been missed in the initial requirements
document.
Step 2: Determine equipment features
Using the list developed from the brainstorming session create a LAN based on technical requirements
(design only).
a. Create your design using the existing equipment.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules that can be added to the existing equipment to support
new features, such as redundancy.
c. Save your LAN Diagram document.
Step 3: Select LAN devices
a. Use word processing software to create an addition to the LAN Diagram document.
b. The identified LAN diagram will be used to adjust the Access Layer design. Equipment selected must
include existing equipment.
c. Save your LAN Diagram document.
Step 4: Design Redundancy
a. Use word processing software to create an addition to the LAN Diagram document.
b. Design a redundancy plan that combines multiple Layer 2 links to increase available bandwidth.
c. Create a design that incorporates redundancy.
d. Save your LAN Diagram document.
Step 5: Reflection / Challenge
The design strategies for the FilmCompany LAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
Would the chosen LAN design allow for future growth and the addition of the WLAN?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat yang dapat digunakan sebagai pengganti Layer 2 switch?
• Apa kelemahan potensial untuk diagram yang diusulkan?
Lab 5.4.2.2 Selecting Access Points
Step 1: Identify WLAN requirements
a. Use word processing software to create a new document called “WLAN Diagram.”
b. Use the identified topology and associated equipment to determine WLAN design requirements.
Design requirements for the WLAN include:
* • Scalability
* • Availability
* • Security
* • Manageability
c. Brainstorm with other students to identify areas that may have been missed in the initial requirements
document.
Step 2: Determine equipment features
Using the list developed from the brainstorming session create a WLAN based on technical requirements
(design only).
a. Begin by creating your design using the existing equipment.
Network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
1 x Network and Business Server
1 x Linksys WRT300N Wireless Router (FC-AP)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify the model of wireless router. Identify the features and range of the
device. Identify whether there are upgrades that can be made to extend the range, security, and existing features.
c. Create a list of features and potential upgrades and compare them to other models of wireless router.
Determine the device that can easily meet the technical requirements of the WLAN. (Standalone
Access Points for ease of installation or wireless controllers for security and management)
d. With the previous list estimate the range of coverage available with the existing wireless router.
Determine if the wireless router can provide thorough coverage of the work area. Determine if standalone access points or wireless controllers are needed for the design.
e. Save your WLAN Diagram document.
Step 3: Select WLAN devices
a. Use word processing software to create an addition to the WLAN Diagram document.
b. The identified WLAN diagram will be used to determine the type of wireless device that will be
included into the proposed network.
c. Ensure that the chosen wireless equipment meets the following requirements:
Design requirements for the WLAN include:
* • Scalability
* • Availability
* • Security
* • Manageability
d. Save your WLAN Diagram document.
Step 4: Design the WLAN
a. Use word processing software to create an addition to the WLAN Diagram document.
b. Design a WLAN that provides scalability. Annotate on the WLAN Diagram document how the design
provides scalability.
(Scalability – New lightweight Access Points can be added easily and managed centrally)
c. Design a WLAN that provides availability. Annotate on the WLAN Diagram document how the design
provides availability.
(Availability – Access Points can automatically increase their signal strength if one Access Point fails)
d. Design a WLAN that provides security. Annotate on the WLAN Diagram document how the design
provides security.
(Security – Enterprise-wide security policies apply to all layers of a wireless network, from the radio
layer through the MAC Layer and into the Network Layer. This solution makes it easier to provide
uniformly enforced security, QoS, and user policies. These policies address the specific capabilities of
different classes of devices, such as handheld scanners, PDAs, and notebook computers.
Security policies also provide discovery and mitigation of DoS attacks, and detection and denial of
rogue Access Points. These functions occur across an entire managed WLAN.)
e. Design a WLAN that provides manageability. Annotate on the WLAN Diagram document how the
design provides manageability.
(Manageability – The solution provides dynamic, system-wide radio frequency (RF) management,
including features that aid smooth wireless operations, such as dynamic channel assignment,
transmit power control, and load balancing. The single graphical interface for enterprise-wide policies
includes VLANs, security, and QoS.)
f. Save your WLAN Diagram document.
Step 5: Reflection / Challenge
The design strategies for the FilmCompany WLAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed or hardware identified
accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
Would the current topology allow for future growth and the addition of the WLAN?
• Apakah keterbatasan throughput WLAN?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat dapat digunakan sebagai pengganti akses poin mandiri?
• Apa kelemahan potensial untuk diagram yang diusulkan?
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Set
Step 1: Cable and connect the network as shown in the topology diagram
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab.
a. Connect and configure the devices in accordance with the given topology and configuration.
Routing will have to be configured across the serial links to establish data communications.
b. Configure Telnet access on each router.
c. Ping between Host1, Host2, and Production Server to confirm network connectivity.
Troubleshoot and establish connectivity if the pings or Telnet fail.
Step 2: Perform basic router configurations
a. Configure the network devices according to the following guidelines:
* • Configure the hostnames on each device.
* • Configure an EXEC mode password of class.
* • Configure a password of cisco for console connections.
* • Configure a password of cisco for vty connections.
* • Configure IP addresses on all devices.
* • Enable EIGRP on all routers and configure each to advertise all of the connected networks.
* • Verify full IP connectivity using the ping command.
b. Confirm Application Layer connectivity by telneting to all routers.
Step 3: Create firewall rule set and access list statements
Using the security policy information for the FilmCompany remote access, create the firewall rules that must be implemented to enforce the policy. After the firewall rule is documented, create the access list statement that will implement the firewall rule. There may be more than one statement necessary to implement a rule.
Security Policy 1: Remote users must be able to access the Production Server to view their schedules
over the web and to enter new orders.
Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP
port 80.
Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80
Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be
placed close as possible to the source of the traffic). For each of the following security policies:
a. Create a firewall rule.
b. Create an access list statement.
c. Determine the access list placement to implement the firewall rule.
Security Policy 2: Remote users must be able to FTP files to and from the Production Server.
Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP
ports 20 and 21.
Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range
20 21 or two separate access-list statements, each permitting one of the ports.
Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be
placed close as possible to the source of the traffic)
Security Policy 3: Remote users can use the Production Server to send and retrieve email using IMAP
and SMTP protocols.
Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP
ports 143 and 25
Access List statement(s):
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143
Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be
placed close as possible to the source of the traffic)
Security Policy 4: Remote users must not be able to access any other services available on the
Production Server.
Firewall Rule: Deny all other IP protocols between users on the 10.1.1.0/24 network to the
Production Server (172.17.1.1)
Access List statement(s): deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1.
Access List placement: Inbound on router SR1 Fa0/1
Security Policy 5: No traffic is permitted from individual workstations at the main office to remote worker
workstations. Any files that need to be transferred between the two sites must be stored on the
Production Server and retrieved via FTP.
Firewall Rule: Deny all IP protocols from users on the 10.3.1.0/24 to the 10.1.1.0/24 network.
Access List statement(s): deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255
Access List placement: Inbound on router BR4 Fa0/1
Security Policy 6: No traffic is permitted from workstations at the remote site to workstations at the main
site.
Firewall Rule: Deny all IP protocols from users on the 10.1.1.0/24 to the 10.3.1.0/24 network.
Access List statement(s): deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255
Access List placement: Inbound on router SR1 Fa0/1
Security Policy 7: No Telnet traffic is permitted from the remote site workstations to any devices,
except their local switch.
Firewall Rule: Deny all TCP traffic from users on the 10.1.1.0/24 network on port 23.
Access List statement(s): deny tcp 10.1.1.0 0.0.0.255 any eq 23
Access List placement: Inbound on router SR1 Fa0/1
Step 4: Create Extended ACLs
a. Review the access list placement information that you created to implement each of the
FilmCompany security policies. List all of the different access list placements that you noted above.
Inbound on router SR1 Fa0/1
Inbound on router BR4 Fa0/1
Based on the placement information, how many access lists do you have to create?
On Router SR1
1
On Router Edge2
0
On Router BR4
1
b. Based on the access list statements you developed in Task 3, create each access list that is needed
to implement the security policies. When creating access lists, remember the following principles:
* • Only one access list can be applied per protocol, per direction on each interface.
* • Access list statements are processed in order.
* • Once an access list is created and applied on an interface, all traffic that does not match any access
list statement will be dropped.
c. Use a text file to create the access lists, or write them here. Evaluate each access list statement to
ensure that it will filter traffic as intended.
Access list to be placed on SR1 Fa0/1 inbound:
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range 20 21
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143
deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1
deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255
deny tcp 10.1.1.0 0.0.0.255 any eq 23
permit ip any any
Access list to be placed on BR4 Fa0/1 inbound:
deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip any any
Why is the order of access list statements so important?
untuk mengurangi beban prosesor router dan menurunkan latency
Lab 5.1.1.4 Applying Design Constraints
Step 1: Identify possible project constraints
a. Use word processing software to create a new Project Constraints document.
b. The identified constraints that set limits or boundaries on the network upgrade project should be
entered into the Gathered Data field of the constraints document. Brainstorm ideas with other
students to identify additional constraints.
Classify each constraint as one of the following four types:
* • Budget
* • Policy
* • Schedule
* • Personnel
Step 2: Tabulate comments based on the identified constraints
a. Using the list of constraints discovered from the FilmCompany case study, apply appropriate
comments on how the constraints affect the design.
b. Enter the comments into a table
FILM COMPANY CONSTRAINTS
CONSTRAINT GATHERED DATA COMMENTS
to IT personnel
* • Training needed for new hires on company security policy
of a failure.
Schedule
* • Project must be completed within 4 months of project start.
* • Maintenance windows are between 2am and 6am Monday through Friday.
* • Less than 4 months to get the project completed.
Personnel
* • Looking to hire 6 temporary and parttime production staff and at least 1 IT technician.
* • Training on new equipment for IT personnel is needed.
* • Will new personnel affect security policy?
* • Do the new personnel need training on the equipment?
* • Do existing personnel need training?
c. Save your Project Constraints checklist.
Step 3: Identify trade-offs
a. Use word processing software to create an addition to the Project Constraints document.
b. The identified constraints that set limits or boundaries on the network upgrade project will require
potential trade-offs. Discuss ideas with other students regarding trade-offs for proposed designs.
Mungkin tidak mendapatkan peralatan baru karena keterbatasan anggaran, sehingga peralatan yang ada mungkin perlu upgrade. Layanan ISP mungkin tidak optimal untuk jenis lalu lintas yang dihasilkan, sehingga sebuah ISP baru mungkin diperlukan. Anggaran tidak dapat mendukung penggantian infrastruktur yang ada; alternatif perlu dikembangkan untuk ekspansi masa depan.
c. Record the trade-offs in your Project Constraints checklist.
d. Save your Project Constraints checklist.
Step 4: Reflection
The constraints imposed on this network design project are determined by the internal requirements of the FilmCompany. Consider and discuss the identified constraints and potential trade-offs. Do the trade-offs pose a significant obstacle to the design? Are there alternate methods that can be employed to achieve the success criteria without a significant budget?
• Kurang dari empat bulan untuk menyelesaikan proyek akan membutuhkan alokasi personel lebih banyak.
• Pelatihan personil mungkin perlu dilakukan secara bertahap.
• Tidak tersedianya peralatan atau kabel dari spesifikasi teknis yang diperlukan
• Kurangnya akomodasi ke rumah usaha yang diperluas dan infrastruktur jaringannya sejak proyek dapat mengkonsolidasikan ke dalam satu lokasi.
• keterbatasan ISP mungkin memerlukan perubahan dalam desain. Haruskah ISP lain digunakan?
Lab 5.1.2.4 Identifying Design Strategies for Scalability
Step 1: Identify the areas that will be used for designing a strategy that facilitates scalability
a. Use word processing software to create a new document called “Design Strategies.”
b. Use the identified constraints that set limits or boundaries on the network upgrade project and the
potential trade-offs to assist in the discussion with other students.
The strategy should cover the following areas:
* • Access Layer modules that can be added
* • Expandable, modular equipment or clustered devices that can be easily upgraded
* • Choosing routers or multilayer switches to limit broadcasts and filter traffic
* • Planned redundancy
* • An IP address strategy that is hierarchal and that supports summarization
* • Identification of VLANs needed
Step 2: Create an Access Layer module design
Using the list developed from the group discussion, create an Access Layer module (design only).
a. Create your design using the existing equipment.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
Several servers
1 x Linksys WRT300N Wireless Router (FC-AP)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules that can be added to the existing equipment to support
new features and devices without requiring major equipment upgrades.
c. Save your Design Strategies documentation.
Step 3: Select Distribution Layer devices
a. Use word processing software to create an addition to the Design Strategies document.
b. Use the identified Access Layer module diagram to create the Distribution Layer design. Equipment
selected must include existing equipment. Use Layer 3 devices at the Distribution Layer to filter and
reduce traffic to the network core.
c. With a modular Layer 3 Distribution Layer design, new Access Layer modules can be connected
without requiring major reconfiguration. Using your documentation, identify what modules can be
added to increase bandwidth.
d. Save your Design Strategies document.
Step 4: Reflection
The constraints and trade-offs identified for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
• Mengembangkan skema pengalamatan IP menggunakan jaringan 10.xxx benar-benar menantang.
• Memisahkan VLAN
• Rancangan ACL unik mengingat penyaringan tidak diidentifikasi oleh klien.
Lab 5.1.3.5 Identifying Availability Strategies
Step 1: Identify the areas that will be used for designing a strategy that facilitates availability
a. Use word processing software to create a new document called “Availability Strategies.”
b. Use the identified constraints that set limits or boundaries on the network upgrade project and the
potential trade-offs to assist in brainstorming ideas with other students.
The strategy should cover the following areas:
Availability strategies for switches:
* • Redundant power supplies and modules
* • Hot-swappable cards and controllers
* • Redundant links
* • UPS and generator power
Availability strategies for routers:
* • Redundant power supplies, UPS, and generator power
* • Redundant devices
* • Redundant links
* • Out-of-band management
* • Fast converging routing protocols
Availability strategies for Internet/Enterprise Edge:
* • Dual ISP providers or dual connectivity to a single provider
* • Co-located servers
* • Secondary DNS servers
Step 2: Create availability strategies for switches
a. Using the list developed from the brainstorming session, create a list of equipment that will be
incorporated into the availability strategy.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
Several servers
1 x Linksys WRT300N Wireless Router (FC-AP)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules and redundant power supplies that will increase
availability for the switches.
c. Identify potential hot swappable cards and controllers that can be used. Create a list that identifies
each with cost and features.
d. Develop a diagram that shows potential redundant links that can be incorporated into the network
design.
e. Identify at least two possible UPS devices that can be incorporated into the design. Create a list that
identifies the cost and features of each.
f. Save your Availability Strategies document.
Step 3: Create availability strategies for routers
a. Use word processing software to create an addition to the Availability Strategies document.
b. Using the list of equipment, identify redundant power supplies that will increase availability for the
switches.
c. Identify potential redundant devices and links that can be used. Create a list that identifies each with
cost and features.
d. Create a diagram that displays the redundant connections.
e. Develop a list of potential routing protocols that will facilitate fast convergence times.
f. Save your Availability Strategies document.
Step 4: Create availability strategies for Internet/Enterprise Edge
a. Use word processing software to create an addition to the Availability Strategies document.
b. Identify options available that would allow for dual ISP or dual connectivity to a single provider.
c. Create a design that will co-locate the servers to allow for redundancy and ease of maintenance.
d. Save your Availability Strategies document.
Step 5: Reflection
The creation of availability strategies poses many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
• Berbagai modul dapat dibeli dengan berbagai fitur dan biaya.
• Berbagai perangkat UPS dapat dibeli dengan berbagai fitur dan biaya.
• Beberapa protokol routing dapat dipilih, tetapi mana yang paling sesuai desain?
Lab 5.1.5.2 Identifying Security Requirements
Step 1: Identify potential security weaknesses within the FilmCompany topology
a. Use word processing software to create a new document called “Security Strategies.”
b. Using the documents created in previous labs and the existing topology; identify potential
weaknesses in the existing design. (No firewalls, no VPNs)
c. Create a list of recommended security practices that should be employed in the FilmCompany
network.
d. Save your Security Strategies document.
Step 2: Create a security practices list
a. Using the list developed from the brainstorming session, create a finalized list of recommended
security practices for the FilmCompany.
Recommended security practices include:
* • Use firewalls to separate all levels of the secured corporate network from other unsecured
networks, such as the Internet. Configure firewalls to monitor and control the traffic, based on
a written security policy.
* • Create secured communications by using VPNs to encrypt information before it is sent
through third-party or unprotected networks.
* • Prevent network intrusions and attacks by deploying intrusion prevention systems. These
systems scan the network for harmful or malicious behavior and alert network managers.
* • Control Internet threats by employing defenses to protect content and users from viruses,
spyware, and spam.
* • Manage endpoint security to protect the network by verifying the identity of each user before
granting access.
* • Ensure that physical security measures are in place to prevent unauthorized access to
network devices and facilities.
* • Secure wireless Access Points and deploy wireless management solutions.
b. Identify what devices and software will need to be purchased to facilitate the recommended security
practices. (Hardware firewalls, intrusion detection systems etc.)
c. Save your Security Strategies document.
Step 3: Create a security strategy
a. Use word processing software to create an addition to the Security Strategies document.
b. Using the list of identified equipment, develop a chart of costs and features of the recommended
devices.
c. Using the list of identified software needed, develop a chart of costs and features of the
recommended software.
d. Save your Security Strategies document.
Step 4: Create a security design
a. Use word processing software to create an addition to the Securities Strategies document.
b. Identify which types of access to the network should be secured by incorporating VPNs.
c. Identify methods for controlling physical security at the FilmCompany building and at the stadium.
d. Identify potential ACLs that can be created to filter unwanted traffic from entering the network.
(Standard ACLS or Extended need to be identified.)
e. Identify methods for securing the wireless Access Points. Determine the best method for the
FilmCompany network. (128 bit encryption etc.)
f. Save your Security Strategies document.
Step 5: Reflection
The creation of a security strategy creates many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified challenges. Do all of the proposed strategies accomplish the task the
same way?
Would one be less expensive or less time-consuming than the other?
How could implementing a physical security plan into an existing company be difficult?
• Berbagai perangkat keras dapat dibeli dengan berbagai fitur dan biaya.
• Berbagai software keamanan dapat dibeli dengan berbagai fitur dan biaya.
• karyawan yang ada mungkin tidak menerima perubahan kebijakan keamanan mereka, jadi siapa yang perlu memastikan bahwa rencana itu ditegakkan?
• ACL dapat menyaring lalu lintas, tapi apa dampaknya pada arus lalu lintas yang akan mereka miliki? Apakah ACL diterapkan pada Akses Layer atau Pembagian Layer atau keduanya?
Lab 5.2.3.3 Designing the Core Layer
Step 1: Identify Core Layer Requirements
a. Use word processing software to create a new document called “Core Layer Diagram.”
b. Use the identified topology and associated equipment to determine Core Layer design requirements.
Design requirements for the Core Layer network include:
High-speed connectivity to the Distribution Layer switches
24 x 7 availability
Routed interconnections between Core devices
High-speed redundant links between Core switches and between the Core and Distribution Layer
devices
c. Brainstorm with other students to identify areas that may have been missed in the initial requirements
document.
Step 2: Create an Access Layer module design
Using the list developed from the group discussion, create an Access Layer module (design only).
a. Create your design using the existing equipment.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules that can be added to the existing equipment to support
new features, such as redundancy.
c. Save your Core Layer Diagram document.
Step 3: Select Core Layer devices
a. Use word processing software to create an addition to the Core Layer Diagram document.
b. The identified Core Layer module diagram will be used to adjust the Distribution Layer design.
Equipment selected must include existing equipment. Use Layer 3 devices at the Core Layer in a
redundant configuration.
c. Save your Core Layer Diagram document.
Step 4: Design Redundancy
a. Use word processing software to create an addition to the Core Layer Diagram document.
b. Design a redundancy plan that combines multiple Layer 3 links to increase available bandwidth.
c. Create a design that incorporates redundancy
d. Save your Core Layer Diagram document.
Step 5: Reflection / Challenge
The design strategies for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat yang dapat digunakan sebagai pengganti Layer 3 switch? Dapatkah perangkat tersebut memberikan kinerja yang sama?
• Apa kelemahan potensial untuk diagram yang diusulkan?
Lab 5.2.4.2 Creating a Diagram of the FilmCompany LAN
Step 1: Identify LAN Requirements
a. Use word processing software to create a new document called “LAN Diagram.”
b. Use the identified topology and associated equipment to determine LAN design requirements.
Design requirements for the LAN include:
High-speed connectivity to the Access Layer switches 24 x 7 availability
High-speed redundant links between switches on the LAN and the Access Layer devices
Identifying available hardware for the LAN
The current network has two VLANs.
1. General VLAN consisting of:
12 Office PCs
2 Printers
This VLAN serves the general office and managers, including reception, accounts and administration.
Addressing:
Network 10.0.0.0/24
Gateway 10.0.0.1
Hosts (dynamic) 10.0.0.200 – 10.0.0.254
Hosts (static) 10.0.0.10 – 10.0.0.20
2. Production VLAN consisting of:
9 High Performance Workstations
5 Office PCs
2 Printers
c. Brainstorm with other students to identify areas that may have been missed in the initial requirements
document.
Step 2: Determine equipment features
Using the list developed from the brainstorming session create a LAN based on technical requirements
(design only).
a. Create your design using the existing equipment.
The FilmCompany network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify modules that can be added to the existing equipment to support
new features, such as redundancy.
c. Save your LAN Diagram document.
Step 3: Select LAN devices
a. Use word processing software to create an addition to the LAN Diagram document.
b. The identified LAN diagram will be used to adjust the Access Layer design. Equipment selected must
include existing equipment.
c. Save your LAN Diagram document.
Step 4: Design Redundancy
a. Use word processing software to create an addition to the LAN Diagram document.
b. Design a redundancy plan that combines multiple Layer 2 links to increase available bandwidth.
c. Create a design that incorporates redundancy.
d. Save your LAN Diagram document.
Step 5: Reflection / Challenge
The design strategies for the FilmCompany LAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
Would the chosen LAN design allow for future growth and the addition of the WLAN?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat yang dapat digunakan sebagai pengganti Layer 2 switch?
• Apa kelemahan potensial untuk diagram yang diusulkan?
Lab 5.4.2.2 Selecting Access Points
Step 1: Identify WLAN requirements
a. Use word processing software to create a new document called “WLAN Diagram.”
b. Use the identified topology and associated equipment to determine WLAN design requirements.
Design requirements for the WLAN include:
* • Scalability
* • Availability
* • Security
* • Manageability
c. Brainstorm with other students to identify areas that may have been missed in the initial requirements
document.
Step 2: Determine equipment features
Using the list developed from the brainstorming session create a WLAN based on technical requirements
(design only).
a. Begin by creating your design using the existing equipment.
Network equipment includes:
2 x 1841 Routers (FC-CPE-1, FC-CPE-2)
3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)
1 x Network and Business Server
1 x Linksys WRT300N Wireless Router (FC-AP)
1 x ADSL Modem for Internet Access
b. Using the list of equipment, identify the model of wireless router. Identify the features and range of the
device. Identify whether there are upgrades that can be made to extend the range, security, and existing features.
c. Create a list of features and potential upgrades and compare them to other models of wireless router.
Determine the device that can easily meet the technical requirements of the WLAN. (Standalone
Access Points for ease of installation or wireless controllers for security and management)
d. With the previous list estimate the range of coverage available with the existing wireless router.
Determine if the wireless router can provide thorough coverage of the work area. Determine if standalone access points or wireless controllers are needed for the design.
e. Save your WLAN Diagram document.
Step 3: Select WLAN devices
a. Use word processing software to create an addition to the WLAN Diagram document.
b. The identified WLAN diagram will be used to determine the type of wireless device that will be
included into the proposed network.
c. Ensure that the chosen wireless equipment meets the following requirements:
Design requirements for the WLAN include:
* • Scalability
* • Availability
* • Security
* • Manageability
d. Save your WLAN Diagram document.
Step 4: Design the WLAN
a. Use word processing software to create an addition to the WLAN Diagram document.
b. Design a WLAN that provides scalability. Annotate on the WLAN Diagram document how the design
provides scalability.
(Scalability – New lightweight Access Points can be added easily and managed centrally)
c. Design a WLAN that provides availability. Annotate on the WLAN Diagram document how the design
provides availability.
(Availability – Access Points can automatically increase their signal strength if one Access Point fails)
d. Design a WLAN that provides security. Annotate on the WLAN Diagram document how the design
provides security.
(Security – Enterprise-wide security policies apply to all layers of a wireless network, from the radio
layer through the MAC Layer and into the Network Layer. This solution makes it easier to provide
uniformly enforced security, QoS, and user policies. These policies address the specific capabilities of
different classes of devices, such as handheld scanners, PDAs, and notebook computers.
Security policies also provide discovery and mitigation of DoS attacks, and detection and denial of
rogue Access Points. These functions occur across an entire managed WLAN.)
e. Design a WLAN that provides manageability. Annotate on the WLAN Diagram document how the
design provides manageability.
(Manageability – The solution provides dynamic, system-wide radio frequency (RF) management,
including features that aid smooth wireless operations, such as dynamic channel assignment,
transmit power control, and load balancing. The single graphical interface for enterprise-wide policies
includes VLANs, security, and QoS.)
f. Save your WLAN Diagram document.
Step 5: Reflection / Challenge
The design strategies for the FilmCompany WLAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered?
Consider and discuss the identified strategies. Do all of the strategies designed or hardware identified
accomplish the task the same way?
Would one be less expensive or less time-consuming than the other?
Would the current topology allow for future growth and the addition of the WLAN?
• Apakah keterbatasan throughput WLAN?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat dapat digunakan sebagai pengganti akses poin mandiri?
• Apa kelemahan potensial untuk diagram yang diusulkan?
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Set
Step 1: Cable and connect the network as shown in the topology diagram
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab.
a. Connect and configure the devices in accordance with the given topology and configuration.
Routing will have to be configured across the serial links to establish data communications.
b. Configure Telnet access on each router.
c. Ping between Host1, Host2, and Production Server to confirm network connectivity.
Troubleshoot and establish connectivity if the pings or Telnet fail.
Step 2: Perform basic router configurations
a. Configure the network devices according to the following guidelines:
* • Configure the hostnames on each device.
* • Configure an EXEC mode password of class.
* • Configure a password of cisco for console connections.
* • Configure a password of cisco for vty connections.
* • Configure IP addresses on all devices.
* • Enable EIGRP on all routers and configure each to advertise all of the connected networks.
* • Verify full IP connectivity using the ping command.
b. Confirm Application Layer connectivity by telneting to all routers.
Step 3: Create firewall rule set and access list statements
Using the security policy information for the FilmCompany remote access, create the firewall rules that must be implemented to enforce the policy. After the firewall rule is documented, create the access list statement that will implement the firewall rule. There may be more than one statement necessary to implement a rule.
Security Policy 1: Remote users must be able to access the Production Server to view their schedules
over the web and to enter new orders.
Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP
port 80.
Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80
Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be
placed close as possible to the source of the traffic). For each of the following security policies:
a. Create a firewall rule.
b. Create an access list statement.
c. Determine the access list placement to implement the firewall rule.
Security Policy 2: Remote users must be able to FTP files to and from the Production Server.
Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP
ports 20 and 21.
Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range
20 21 or two separate access-list statements, each permitting one of the ports.
Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be
placed close as possible to the source of the traffic)
Security Policy 3: Remote users can use the Production Server to send and retrieve email using IMAP
and SMTP protocols.
Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP
ports 143 and 25
Access List statement(s):
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143
Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be
placed close as possible to the source of the traffic)
Security Policy 4: Remote users must not be able to access any other services available on the
Production Server.
Firewall Rule: Deny all other IP protocols between users on the 10.1.1.0/24 network to the
Production Server (172.17.1.1)
Access List statement(s): deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1.
Access List placement: Inbound on router SR1 Fa0/1
Security Policy 5: No traffic is permitted from individual workstations at the main office to remote worker
workstations. Any files that need to be transferred between the two sites must be stored on the
Production Server and retrieved via FTP.
Firewall Rule: Deny all IP protocols from users on the 10.3.1.0/24 to the 10.1.1.0/24 network.
Access List statement(s): deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255
Access List placement: Inbound on router BR4 Fa0/1
Security Policy 6: No traffic is permitted from workstations at the remote site to workstations at the main
site.
Firewall Rule: Deny all IP protocols from users on the 10.1.1.0/24 to the 10.3.1.0/24 network.
Access List statement(s): deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255
Access List placement: Inbound on router SR1 Fa0/1
Security Policy 7: No Telnet traffic is permitted from the remote site workstations to any devices,
except their local switch.
Firewall Rule: Deny all TCP traffic from users on the 10.1.1.0/24 network on port 23.
Access List statement(s): deny tcp 10.1.1.0 0.0.0.255 any eq 23
Access List placement: Inbound on router SR1 Fa0/1
Step 4: Create Extended ACLs
a. Review the access list placement information that you created to implement each of the
FilmCompany security policies. List all of the different access list placements that you noted above.
Inbound on router SR1 Fa0/1
Inbound on router BR4 Fa0/1
Based on the placement information, how many access lists do you have to create?
On Router SR1
1
On Router Edge2
0
On Router BR4
1
b. Based on the access list statements you developed in Task 3, create each access list that is needed
to implement the security policies. When creating access lists, remember the following principles:
* • Only one access list can be applied per protocol, per direction on each interface.
* • Access list statements are processed in order.
* • Once an access list is created and applied on an interface, all traffic that does not match any access
list statement will be dropped.
c. Use a text file to create the access lists, or write them here. Evaluate each access list statement to
ensure that it will filter traffic as intended.
Access list to be placed on SR1 Fa0/1 inbound:
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range 20 21
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143
deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1
deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255
deny tcp 10.1.1.0 0.0.0.255 any eq 23
permit ip any any
Access list to be placed on BR4 Fa0/1 inbound:
deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip any any
Why is the order of access list statements so important?
untuk mengurangi beban prosesor router dan menurunkan latency
Minggu, 09 Januari 2011
CCNA Discovery Modul 1
MODUL 1
1. Which computer component is considered the nerve center of the computer system and is responsible for processing all of the data within the machine?
• RAM
• CPU
• video card
• sound card
• operating system
2. What are two advantages of purchasing a preassembled computer? (Choose two.)
• usually a lower cost
• exact components may be specified
• extended waiting period for assembly
• adequate for performing most general applications
• suited for customers with special needs
3. A user plans to run multiple applications simultaneously on a computer. Which computer component is essential to accomplish this?
• RAM
• NIC
• video card
• sound card
• storage device
4. Which adapter card enables a computer system to exchange information with other systems on a local network?
• modem card
• controller card
• video card
• sound card
• network interface card
5. What is the main storage drive used by servers, desktops, and laptops?
• tape drive
• hard drive
• optical drive (DVD)
• floppy disk drive
6. Which component is designed to remove high-voltage spikes and surges from a power line so that they do not damage a computer system?
• CPU
• surge suppressor
• motherboard
• hard drive
7. What are two examples of output peripheral devices? (Choose two.)
• printer
• speakers
• flash drive
• external DVD
• external modem
8. What two functions does a UPS provide that a surge protector does not ? (Choose two.)
• protects the computer from voltage surges
• provides backup power from an internal battery
• protects the computer from sudden voltage spikes
• gives the user time to phone the electrical company
• gives the user time to safely shut down the computer if the power fails
• provides backup power through a generator provided by the wall outlet
9. What is a word processor?
• It is a physical computer component.
• It is a program designed to perform a specific function.
• It is a program that controls the computer resources.
• It is a functional part of an operating system.
10. What is the purpose of the ASCII code?
• translates bits into bytes
• interprets graphics digitally
• translates digital computer language into binary language
• represents letters, characters, and numbers with bits
11. Why do servers often contain duplicate or redundant parts?
• Servers require more power and thus require more components.
• Servers should be accessible at all times.
• Servers can be designed as standalone towers or rack mounted.
• Servers are required by networking standards to have duplicate parts.
12. What are two benefits of hooking up a laptop to a docking station? (Choose two.)
• Mobility is increased.
• An external monitor can be used.
• Alternate connectivity options may be available.
• The keyboard can be changed to a QWERTY-style keyboard.
• More wireless security options are available.
13. Applications can be grouped into general use software or industry specific software. What are two examples of industry specific software? (Choose two.)
• CAD
• presentation
• spreadsheet
• word processing
• medical practice management
• contacts/scheduling management
14. Which three terms describe different types of computers? (Choose three.)
• operating system
• network
• laptop
• desktop
• Windows
• mainframe
15. How is a server different from a workstation computer?
• The server works as a standalone computer.
• The server provides services to clients.
• The workstation has fewer applications installed.
• The workstation has more users who attach to it.
16. How many values are possible using a single binary digit?
• 1
• 2
• 4
• 8
• 9
• 16
17. What measurement is commonly associated with computer processing speed?
• bits
• pixels
• hertz
• bytes
18. What can be used to prevent electrostatic discharge (ESD)?
• dry and non humid conditions
• carpeted floor
• grounding strap
• uncluttered work space
19. If a peripheral device is not functioning, what are three things you should do to solve the problem? (Choose three.)
• Use the testing functionality on the peripheral itself, if available.
• Verify that all cables are connected properly.
• Disconnect all cables connected to the computer except those connected to the peripheral.
• Ensure that the peripheral is powered on.
• Disconnect the peripheral and verify that the computer is operating normally.
• Reload the computer operating system.
20. Which two steps should be performed when installing a peripheral device? (Choose two.)
• Download and install the most current driver.
• Connect the peripheral using any cable and any available port on the computer.
• Connect the peripheral using an appropriate cable or wireless connection.
• Test the peripheral on another machine before installing it on the one where it will be used.
• Check the computer documentation to see if the peripheral vendor is compatible with the PC vendor.
21. In newer operating systems, how are system resources assigned by default when components are installed?
• manually assigned by the operating system
• manually assigned by the administrator
• statically assigned by the component to a preset resource
• dynamically assigned between the component and the operating system
1. Which computer component is considered the nerve center of the computer system and is responsible for processing all of the data within the machine?
• RAM
• CPU
• video card
• sound card
• operating system
2. What are two advantages of purchasing a preassembled computer? (Choose two.)
• usually a lower cost
• exact components may be specified
• extended waiting period for assembly
• adequate for performing most general applications
• suited for customers with special needs
3. A user plans to run multiple applications simultaneously on a computer. Which computer component is essential to accomplish this?
• RAM
• NIC
• video card
• sound card
• storage device
4. Which adapter card enables a computer system to exchange information with other systems on a local network?
• modem card
• controller card
• video card
• sound card
• network interface card
5. What is the main storage drive used by servers, desktops, and laptops?
• tape drive
• hard drive
• optical drive (DVD)
• floppy disk drive
6. Which component is designed to remove high-voltage spikes and surges from a power line so that they do not damage a computer system?
• CPU
• surge suppressor
• motherboard
• hard drive
7. What are two examples of output peripheral devices? (Choose two.)
• printer
• speakers
• flash drive
• external DVD
• external modem
8. What two functions does a UPS provide that a surge protector does not ? (Choose two.)
• protects the computer from voltage surges
• provides backup power from an internal battery
• protects the computer from sudden voltage spikes
• gives the user time to phone the electrical company
• gives the user time to safely shut down the computer if the power fails
• provides backup power through a generator provided by the wall outlet
9. What is a word processor?
• It is a physical computer component.
• It is a program designed to perform a specific function.
• It is a program that controls the computer resources.
• It is a functional part of an operating system.
10. What is the purpose of the ASCII code?
• translates bits into bytes
• interprets graphics digitally
• translates digital computer language into binary language
• represents letters, characters, and numbers with bits
11. Why do servers often contain duplicate or redundant parts?
• Servers require more power and thus require more components.
• Servers should be accessible at all times.
• Servers can be designed as standalone towers or rack mounted.
• Servers are required by networking standards to have duplicate parts.
12. What are two benefits of hooking up a laptop to a docking station? (Choose two.)
• Mobility is increased.
• An external monitor can be used.
• Alternate connectivity options may be available.
• The keyboard can be changed to a QWERTY-style keyboard.
• More wireless security options are available.
13. Applications can be grouped into general use software or industry specific software. What are two examples of industry specific software? (Choose two.)
• CAD
• presentation
• spreadsheet
• word processing
• medical practice management
• contacts/scheduling management
14. Which three terms describe different types of computers? (Choose three.)
• operating system
• network
• laptop
• desktop
• Windows
• mainframe
15. How is a server different from a workstation computer?
• The server works as a standalone computer.
• The server provides services to clients.
• The workstation has fewer applications installed.
• The workstation has more users who attach to it.
16. How many values are possible using a single binary digit?
• 1
• 2
• 4
• 8
• 9
• 16
17. What measurement is commonly associated with computer processing speed?
• bits
• pixels
• hertz
• bytes
18. What can be used to prevent electrostatic discharge (ESD)?
• dry and non humid conditions
• carpeted floor
• grounding strap
• uncluttered work space
19. If a peripheral device is not functioning, what are three things you should do to solve the problem? (Choose three.)
• Use the testing functionality on the peripheral itself, if available.
• Verify that all cables are connected properly.
• Disconnect all cables connected to the computer except those connected to the peripheral.
• Ensure that the peripheral is powered on.
• Disconnect the peripheral and verify that the computer is operating normally.
• Reload the computer operating system.
20. Which two steps should be performed when installing a peripheral device? (Choose two.)
• Download and install the most current driver.
• Connect the peripheral using any cable and any available port on the computer.
• Connect the peripheral using an appropriate cable or wireless connection.
• Test the peripheral on another machine before installing it on the one where it will be used.
• Check the computer documentation to see if the peripheral vendor is compatible with the PC vendor.
21. In newer operating systems, how are system resources assigned by default when components are installed?
• manually assigned by the operating system
• manually assigned by the administrator
• statically assigned by the component to a preset resource
• dynamically assigned between the component and the operating system
Tugas CCNA 4 Labskill Chapter 4
Lab 4.1.2 Characterizing Network Applications
Step 1: Cable and configure the current network
a. Connect and configure the devices in accordance with the topology and configuration given.
For this lab, a PC workstation can substitute for a Discovery Server.
b. Ping between Host 1 and Discovery Server to confirm network connectivity.
Troubleshoot and establish connectivity if the pings fail.
Step 2: Configure NetFlow on the interfaces
NetFlow is configured to monitor data flows in or out of specific router interfaces. Ingress captures traffic that
is being received by the interface. Egress captures traffic that is being transmitted by the interface. In this lab,
the traffic will be monitored on both router interfaces and in both directions from within the console session.
a. From the global configuration mode, issue the following commands:
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow ?
Note the two options available:
egress Enable outbound NetFlow
ingress Enable inbound NetFlow
Which option captures traffic that is being received by the interface? ingress
Which option captures traffic that is being transmitted by the interface? egress
b. Complete the NetFlow configuration.
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#exit
FC-CPE-1(config)#end
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode, issue the show running-configuration command.
For each FastEthernet interface, what statement from the running-configuration denotes that NetFlow
is configured?
interface FastEthernet0/0:
ip flow ingress
ip flow egress
interface FastEthernet0/1:
ip flow ingress
ip flow egress
b. From the privileged EXEC mode, issue the command:
FC-CPE-1#show ip flow ?
Note the three options available:
export Display export
Statistics
interface Display flow
configuration on Interfaces
top-talkers Display top talkers
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
Step 4: Create network data traffic
a. The captured data flow can be examined using the show ip cache flow command issued from
the privileged EXEC mode.
FC-CPE-1#show ip cache flow
Issuing this command before any data traffic has flowed should produce output similar to the example
shown here.
IP packet size distribution (0 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 0 bytes
0 active, 0 inactive, 0 added
0 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec)
Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
Pkts
b. List the seven highlighted column headings and consider what use this information may be in
characterizing the network.
Protocol
Total Flows
Flows per Second
Packets per Flow
Bytes per Packet
Packets per Second
Seconds of active flow
Seconds of no flow (idle)
c. To ensure that flow cache statistics are reset, from privileged EXEC mode issue the command:
FC-CPE-1# clear ip flow stats
d. Ping the Business Server from Host 1 to generate a data flow.
From the command line of Host 1, issue the command ping 172.17.1.1 -n 200
Step 5: View the data flows
a. At the conclusion of the data flow, the details of the flow can be viewed. From privileged EXEC mode,
issue the command:
FC-CPE-1#show ip cache flow
Output similar to that shown below will be displayed. Some values and details may be different in
your lab.
IP packet size distribution (464 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .900 .096 .000 .000 .000 .000 .002 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
5 active, 4091 inactive, 48 added
1168 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 17416 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec)
Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow
/Flow
UDP-DNS 31 0.0 1 72 0.0 0.0
15.5
UDP-other 10 0.0 2 76 0.0 4.1
15.2
ICMP 2 0.0 200 60 0.3 198.9
15.3
Total: 43 0.0 10 61 0.3 10.2
15.5
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
Pkts
< output omitted >
b. Examine your output and list details that indicate data flow.
Protocol
Total Flows
Flows per Second
Packets per Flow
Bytes per Packet
Packets per Second
Seconds of active flow
Seconds of no flow (idle)
Step 6: Stop the NetFlow capture
a. To deactivate NetFlow capture, issue the no ip flow command at the interface configuration
prompt.
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#no ip flow ingress
FC-CPE-1(config-if)#no ip flow egress
FC-CPE-1(config)#interface fastethernet 0/1
FC-CPE-1(config-if)#no ip flow ingress
FC-CPE-1(config-if)#no ip flow egress
b. To verify that NetFlow is deactivated, issue the show ip flow interface command from the
privileged EXEC mode.
FC-CPE-1#show ip flow interface
FC-CPE-1#
No output is displayed if NetFlow is off.
Step 7: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts
that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the
appropriate cabling and restore the TCP/IP settings.
Step 8: Reflection
Consider the possible range of data flow types across a network and how a tool like NetFlow could be
implemented to assist in analyzing those flows.
List of data flow categories and types: Client to Client, Client to Server, Server to Client, and Server to Server
Email, intranet web, database flows, document file flows
Number of separate flows of each type, size (bytes) of each flow, time each flow is on the network
Daftar kategori dan jenis aliran data: Client untuk Klien, Klien ke Server, Server untuk Client, dan Server ke Server
Email, web intranet, aliran database, file dokumen arus
Jumlah arus yang terpisah masing-masing jenis, ukuran (bytes) dari setiap aliran, waktu setiap aliran pada jaringan
Final Configurations
Router 1
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption!
hostname FC-CPE-1!
boot-start-marker
boot-end-marker!
enable password cisco!
no aaa new-model
ip cef!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip flow ingress
ip flow egress
duplex auto
speed auto
interface FastEthernet0/1
ip address 172.17.0.1 255.255.0.0
ip flow ingress
ip flow egress
duplex auto
speed auto
interface Serial0/1/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
ip http server
no ip http secure-server
control-plane
line con 0
password cisco
login
line aux 0
line vty 0 4
password cisco
login
scheduler allocate 20000 1000
end
Lab 4.2.3 Analyzing Network Traffic
Task 1: Design Network Access to FTP and Email Services
Step 1: FTP network considerations
File transfer traffic can put high-volume traffic onto the network. This traffic can have a greater effect on
throughput than interactive end-to-end connections. Although file transfers are throughput-intensive, they
typically have low response-time requirements. As part of the initial characterization of the network, it is important to identify the level of FTP traffic that will be generated. From this information, the network designers can decide on throughput and redundancy requirements.
a. List possible file transfer applications that would generate traffic on the FilmCompany network.
Document sharing
Video production file transfer
b. List these applications by priority based on response time.
1. Video production file transfer
2. Document sharing
c. List these applications by priority based on bandwidth requirements.
1. Video production file transfer
2. Document sharing
Step 2: Email network considerations
Although customers expect immediate access to their emails, they usually do not expect emails to have
network priority over files that they are sharing or updating. Emails are expected to be delivered reliably and accurately. Generally, emails are not throughput-intensive, except when there are enterprise-wide mail-outs or there is a denial of service attack.
List some email policies that could control the volume of email data and the bandwidth used.
Membatasi ukuran lampiran email
Membatasi nomor penerima pesan email
Memastikan spam terfilter sebelum menjangkau LAN
Step 3: Configure and connect the host PCs
a. Set the IP addresses for PC1 and PC2 as shown in the configuration table.
b. Establish a terminal session to router R1 from one of the PCs, and configure the interfaces and
hostname as shown in the configuration table.
Task 2: Configure NBAR to Examine Network Traffic
Step 1: Enable NBAR Protocol Discovery
NBAR can determine which protocols and applications are currently running on a network. NBAR includes the
Protocol Discovery feature, which identifies the application protocols operating on an interface so that
appropriate QoS policies can be developed and applied. To enable Protocol Discovery to monitor selected
protocols on a router interface, issue the following commands from the global configuration mode:
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip nbar protocol-discovery
Step 2: Confirm that Protocol Discovery is configured
From the privileged EXEC mode, issue the show running-config command and confirm that the following
output appears under interface FastEthernet 0/0:
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip nbar protocol-discovery
If protocol-discovery is not confirmed, reissue the configuration commands for interface FastEthernet
0/0.
Task 3: Generate and Identify Network Traffic
Step 1: Generate FTP traffic
The Mozilla Thunderbird email client program will be downloaded from Discovery Server as an example of FTP.
a. On PC1, launch a web browser and enter the URL ftp://server.discovery.ccna,
Alternatively, from the command line, enter ftp server.discovery.ccna. If DNS is not
configured the IP address 172.17.1.1 must be used instead of the domain name.
b. Locate the file thunderbird_setup.exe in the pub directory, download the file, and save it on PC1.
Repeat this step for PC2.
Step 2: Generate Email traffic
If the Thunderbird email client has been installed and email accounts set up on both PC1 and PC2, proceed
to Step 2d. Otherwise, install and set up the email client on PC1 and PC2 as described in Steps 2a through 2c.
a. Install the Thunderbird email client on PC1 and PC2 by double-clicking the downloaded
thunderbird_setup.exe file and accepting the default settings.
b. When the installation has completed, launch the program.
c. Configure email account settings as shown in this table.
1) On the Tools menu, click Account Settings
Complete the required Thunderbird Account Settings.
In the left pane of the Account Settings screen, click Server Settings and complete the
necessary details.
4) In the left pane, click Outgoing Server (SMTP) and complete the proper configuration for the
Outgoing Server (SMTP).
d. Send and receive two emails between accounts on each PC.
Step 3: Display the NBAR results
With Protocol Discovery enabled, any protocol traffic supported by NBAR, as well as the statistics associated
with that protocol, can be discovered.
a. To display the traffic identified by NBAR, issue the show ip nbar protocol-discovery
command from the privileged EXEC mode.
FC-CPE-1#show ip nbar protocol-discovery
b. List each protocol identified and the Input and Output information.
Output:
ftp 18 16
1295 1288
0 0
0 0
c. Although the data traffic in this lab may not be sufficient to generate values for the 5min Bit rate
(bps) and 5min Max Bit Rate (bps) fields, consider and discuss how these values would be applied
to designing an FTP and email network.
Dapat membantu menentukan rata-rata dan puncak kebutuhan bandwidth jaringan.
Step 4: Use NBAR to monitor other data traffic
NBAR can identify and monitor a range of network application traffic protocols.
From the privileged EXEC mode of the router, issue the command show ip nbar port-map and note the output displayed.
FC-CPE-1#show ip nbar port-map
List some protocols that you consider should be monitored and policies applied to.
Output
port-map bgp udp 179
port-map bgp tcp 179
port-map bittorrent tcp 6881 6882 6883 6884 6885 6886
6887 6888 6889
port-map citrix udp 1604
port-map citrix tcp 1494
port-map cuseeme udp 7648 7649 24032
port-map cuseeme tcp 7648 7649
port-map dhcp udp 67 68
port-map directconnect tcp 411 412 413
port-map dns udp 53
port-map dns tcp 53
port-map edonkey tcp 4662
port-map exchange tcp 135
port-map fasttrack tcp 1214
port-map finger tcp 79
port-map ftp tcp 21
port-map gnutella udp 6346 6347 6348
port-map gnutella tcp 6346 6347 6348 6349 6355 5634
port-map gopher udp 70
port-map gopher tcp 70
port-map h323 udp 1300 1718 1719 1720 11720
port-map h323 tcp 1300 1718 1719 1720 11000 – 11999
port-map http tcp 80
port-map imap udp 143 220
port-map imap tcp 143 220
port-map irc udp 194
port-map irc tcp 194
port-map kerberos udp 88 749
port-map kerberos tcp 88 749
port-map l2tp udp 1701
port-map ldap udp 389
port-map ldap tcp 389
port-map mgcp udp 2427 2727
port-map mgcp tcp 2427 2428 2727
port-map netbios udp 137 138
port-map netbios tcp 137 139
port-map netshow tcp 1755
port-map nfs udp 2049
port-map nfs tcp 2049
port-map nntp udp 119
port-map nntp tcp 119
port-map notes udp 1352
port-map notes tcp 1352
port-map novadigm udp 3460 3461 3462 3463 3464 3465
port-map novadigm tcp 3460 3461 3462 3463 3464 3465
port-map ntp udp 123
port-map ntp tcp 123
port-map pcanywhere udp 22 5632
port-map pcanywhere tcp 65301 5631
port-map pop3 udp 110
port-map pop3 tcp 110
port-map pptp tcp 1723
port-map printer udp 515
port-map printer tcp 515
port-map rcmd tcp 512 513 514
port-map rip udp 520
port-map rsvp udp 1698 1699
port-map rtsp tcp 554
port-map secure-ftp tcp 990
port-map secure-http tcp 443
port-map secure-imap udp 585 993
port-map secure-imap tcp 585 993
port-map secure-irc udp 994
port-map secure-irc tcp 994
port-map secure-ldap udp 636
port-map secure-ldap tcp 636
port-map secure-nntp udp 563
port-map secure-nntp tcp 563
port-map secure-pop3 udp 995
port-map secure-pop3 tcp 995
port-map secure-telnet tcp 992
port-map sip udp 5060
port-map sip tcp 5060
port-map skinny tcp 2000 2001 2002
port-map smtp tcp 25
port-map snmp udp 161 162
port-map snmp tcp 161 162
port-map socks tcp 1080
port-map sqlnet tcp 1521
port-map sqlserver tcp 1433
port-map ssh tcp 22
port-map streamwork udp 1558
port-map sunrpc udp 111
port-map sunrpc tcp 111
port-map syslog udp 514
port-map telnet tcp 23
port-map tftp udp 69
port-map vdolive tcp 7000
port-map winmx tcp 6699
port-map xwindows tcp 6000 6001 6002 6003
Step 5: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings
Challenge
This lab considered only the volume of FTP and email data traffic and its impact on network design. Reliable
access to servers is also important. In the space below, sketch a revised topology for this lab that would
provide redundancy for these services.
Lab 4.3.3 Prioritizing Traffic
Step 1: Gather the data traffic information
a. Read through the StadiumCompany case study curriculum.
List the current types of data traffic carried by the StadiumCompany network as well as the types
planned for the future.
b. Refer to the topology diagram and the stadium network diagram information
List the possible data sources and destinations on the StadiumCompany network. For example, there
is likely to be data communications between the stadium management and the vendor management,
but not between Team A and Team B.
Step 2: Prioritize the data traffic
1. List the source, destination, and traffic type that will be assigned the High priority queue.
2. List the source, destination, and traffic type that will be assigned the Medium priority queue.
3. List the source, destination, and traffic type that will be assigned the Normal priority queue
4. List the source, destination, and traffic type that will be assigned the Low priority queue.
Step 3: Finalize the Data Priorities
a. Discuss and review your data priority assignments with another student to ensure that it addresses allnpossible data. Modify your priorities as necessary.
b. Highlight on the StadiumCompany topology diagram the device or devices where data traffic priority policies are likely to be configured.
Step 4: Reflection
Ideally, it may seem that all data traffic should be given a priority and queued accordingly. Consider and
discuss the potential for network performance to be negatively affected if this policy were implemented
everywhere on the network.
Delay data sensitif akan melihat prioritas yang sama sebagai non-delay data sensitif. Suara, video, diberi prioritas yang sama sebagai lalu lintas lainnya, dll
Lab 4.3.4 Exploring Network QoS
Step 1: Cable and configure the network
a. Connect and configure the devices in accordance with the given topology and configuration.
Routing will have to be configured across the serial WAN link to establish data communications.
Configure Telnet access on each router.
b. Ping between Host1 and Discovery Server to confirm network connectivity.
1) Confirm Application Layer connectivity by telnetting from R2 to R1.
2) Troubleshoot and establish connectivity if the pings or Telnet fail.
c. After confirming the initial configurations, maintain a console terminal session connection with R2.
Step 2: Examine priority queue commands
Configuring Priority Queueing
Configuring priority queueing (PQ) has two required steps and an optional third step:
1. Define the priority list (Required)
2. Assign the priority list to an Interface (Required)
3. Monitor priority queueing lists (Optional)
A priority list contains the definitions for a set of priority queues. The priority list specifies which queue a
packet will be placed in and, optionally, the maximum length of the different queues. To perform queueing
using a priority list, you must assign the list to an interface. The same priority list can be applied to multiple interfaces. Alternatively, you can create many different priority policies to apply to different interfaces.
Defining the Priority List
The priority list is defined by:
1. Assigning packets to priority queues
2. Specifying the maximum size of the priority queues (Optional)
Packets are assigned to priority queues based on the protocol type and the interface where the packets enter the router. The priority-list commands are read in order of appearance until a matching protocol or interface type is found. When a match is found, the packet is assigned to the appropriate queue and the search ends. Packets that do not match other assignment rules are assigned to the default queue. The following global configuration mode commands are used to specify in which queue a packet is placed. The command format is priority-list list-number Use a list-number of 1 and note the options available.
a. Enter the following command and note the options available.
FC-CPE-1(config)#priority-list 1 ?
default Set priority queue for
unspecified datagrams
interface Set priorities for packets
from a named interface
protocol priority queueing by protocol
queue-limit Set queue limits for
priority queues
b. Note some of the protocol options available.
FC-CPE-1(config)#priority-list 1 protocol ?
arp IP ARP
bridge Bridging
cdp Cisco Discovery Protocol
compressedtcp Compressed TCP (VJ)
http HTTP
ip IP
llc2 llc2
pad PAD links
pppoe PPP over Ethernet
snapshot Snapshot routing support
c. Note the IP protocol options available.
FC-CPE-1(config)#priority-list 1 protocol ip ?
high
medium
normal
low
d. Note the HTTP protocol options available.
FC-CPE-1(config)#priority-list 1 protocol http ?
high
medium
normal
low
e. Note the IP protocol high priority options available.
FC-CPE-1(config)#priority-list 1 protocol ip high ?
fragments Prioritize fragmented IP
packets
gt Prioritize packets greater
than a specified size
list To specify an access list
lt Prioritize packets less than a
specified size
tcp Prioritize TCP packets ‘to’ or
‘from’ the specified port
udp Prioritize UDP packets ‘to’ or
‘from’ the specified port
f. Note the IP protocol high priority TCP options available.
FC-CPE-1(config)#priority-list 1 protocol ip high tcp ?
<0-65535> Port number
domain Domain Name Service (53)
echo Echo (7)
ftp File Transfer Protocol (21)
ftp-data FTP data connections (20)
irc Internet Relay Chat (194)
nntp Network News Transport Protocol
(119)
pop3 Post Office Protocol v3 (110)
smtp Simple Mail Transport Protocol
(25)
telnet Telnet (23)
www World Wide Web (HTTP, 80)
Over 30 port/service options are available.
Step 3: Configure an example priority queue
From the global configuration mode, issue the following commands.
FC-CPE-1(config)#priority-list 1 protocol http high
FC-CPE-1(config)#priority-list 1 protocol ip normal tcp ftp
FC-CPE-1(config)#priority-list 1 protocol ip medium tcp telnet
What do these commands establish?
Sebuah daftar prioritas (nomor “1″) yang menetapkan paket HTTP yang akan ditandai sebagai prioritas tinggi, paket FTP rendah prioritas, dan Telnet paket sebagai prioritas menengah.
Step 4: Assign the priority list to an interface
a. From the global configuration mode, issue the following commands to assign the priority list to
interface serial 0/1/0.
FC-CPE-1(config)#int s0/1/0
FC-CPE-1(config-if)#priority-group 1
b. Confirm the priority list configuration. From the privileged EXEC mode, issue the show runningconfig
command.
Which statements in the configuration show that the priority list has been configured and applied
correctly?
interface Serial0/1/0
ip address 10.10.0.2 255.255.255.252
priority-group 1
priority-list 1 protocol http high
priority-list 1 protocol ip normal tcp ftp
priority-list 1 protocol ip medium tcp telnet
c. Confirm that issuing the show queueing priority command from the privileged EXEC mode
produces the following output:
FC-CPE-1#show queueing priority
Current DLCI priority queue configuration:
Current priority queue configuration:
List Queue Args
1 high protocol http
1 normal protocol ip tcp port ftp
1 medium protocol ip tcp port telnet
Step 5: Examine the priority queues operation
a. On Host1, launch a web browser and enter the URL http://172.17.1.1 to access the web
services configured on the server.
b. Use FTP to download a file. On Host1, launch a new web browser window and enter the URL
ftp://172.17.1.1, or from the command line issue ftp 172.17.1.1
c. Download a large file from the server; for example, the Thunderbird setup program file.
d. From the privileged EXEC mode, issue the following command:
FC-CPE-1#show queueing interface s0/1/0
Output similar to this should be displayed:
Interface Serial0/1/0 queueing strategy: priority
Output queue utilization (queue/count)
high/94 medium/0 normal/106759 low/0
Note the packet count for each queue:
High
Medium
Normal
Low
e. Initiate a Telnet session from R2 to R1 and issue some show commands on R1.
f. Close the Telnet session.
g. Issue the following command from the R2 privileged EXEC mode:
FC-CPE-1#show queueing interface s0/1/0
Note the packet count for each queue:
High
Medium
Normal
Low
What is the significant difference when compared to the previous output form this command in
Step 5d?
Antrian Menengah sekarang memiliki jumlah paket, ini adalah prioritas yang ditugaskan untuk paket Telnet.
Step 6: Determine the priority queue requirements for the case study
a. Using the FilmCompany case study, what would you expect the priority queue requirements to be?
b. Discuss and compare your priorities with other students.
c. Amend your priority list statements to include traffic associated with the proposed network upgrade.
Step 7: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts
that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the
appropriate cabling and restore the TCP/IP settings.
Challenge
The following privileged EXEC command displays the contents of packets inside a queue for a particular
interface:
show queue interface-type interface-number
However, in this lab, it is not likely that sufficient data traffic was generated at one time for the interface
queues to hold packets long enough to be inspected. Discuss how a network has to be load tested to ensure that all traffic priorities are met.
Lab 4.4.4 Investigating Video Traffic Impact on a Network
Step 1: Cable and configure the network
a. Connect and configure the devices in accordance with the given topology and configuration.
Set clock rate on the serial link to 56000.
Routing will have to be configured across the serial WAN link to establish data communications.
Step 2: Observe data traffic
In this step, you will generate concurrent data traffic and observe the time the flows take.
a. From Host1 command line, issue the command ping 172.17.1 1 –n 500 to generate a large
number of pings to Discovery Server.
b. While the pings are being generated on Host1, launch a web browser and enter the URL
http://server.discovery.ccna or http://172.17.1.1 to access the web services
configured on the server.
c. Use FTP to download a file. On Host1, launch a new web browser window and enter the URL
ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command
line. If DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name.
d. Download a large file from the server; for example, the Thunderbird setup program file.
Note the total time taken to complete the pings, access the web page, and download the file.
Step 3: Stream the video file
Before beginning to stream the video ensure that QuickTime Player is installed on Host1, and that the video streaming service has been enabled on Discovery Server. See your instructor for advice if you are unsure. Launch QuickTime Player. Under File menu, go to Open URL
Enter URL rtsp://172.17.1.1/MWO.sdp, or a URL as provided by the instructor.
Note rate at which it plays back and the video and sound quality.
Video Quality
Sound Quality
Step 4: Observe both video and data traffic
a. From Host1 command line, issue the command ping 172.17.1 1 –n 500 to generate a large
number of pings to Discovery Server.
b. While the pings are being generated, use QuickTime Player to access the streaming video URL
again.
c. While the video is being played, launch a new web browser window on Host1 and enter the URL
http://server.discovery.ccna or http://172.17.1.1 to access the web services
configured on the server.
d. On Host1, launch another web browser window and enter the URL
ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command
line. If DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name.
e. Download a large file from the server; for example, the Thunderbird setup program file.
Note the total time taken to complete the pings, access the web page, and download the file.
Note rate at which it plays back and the video and sound quality.
Video Quality
Sound Quality
Step 5: Observe the data flows with a different serial link clock rate
a. Change the serial link clock rate to 250000 on the router with the DCE interface.
b. Repeat Step 4 and record your observations.
Note the total time taken to complete the pings, access the web page, and download the file.
Note rate at which it plays back and the video and sound quality.
Video Quality
Sound Quality
c. Change the serial link clock rate to 2000000 on the router with the DCE interface.
d. Repeat Step 4 and record your observations.
Note the total time taken to complete the pings, access the web page, and download the file.
Note rate at which it plays back and the video and sound quality.
Video Quality
Sound Quality
Instructor Note: The Cisco 1841 router with WIC 2T Serial interfaces can support clock rates up to
4 000 0000 bits per second (4Mbps); other platforms and WIC 2A/S Serial interfaces may have a lower maximum clock rate.
Step 6: Record your general observations
Compare the different download times and video quality.
Step 7: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Step 8: Reflection
Consider and discuss how video and other data traffic can share network resources while maintaining
acceptable performance.
Video dan lalu lintas data dapat berbagi sumber daya jaringan yang sama jika bandwidth yang memadai tersedia atau jika lalu lintas yang diprioritaskan. Data lalu lintas dapat ditunda sedikit untuk memungkinkan lebih banyak waktu trafik video sensitif untuk memanfaatkan bandwidth yang tersedia.
Lab 4.5.1 Identifying Traffic Flows
Step 1: Cable and configure the current network
a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the
router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port.
Ensure that power has been applied to both the host computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the router.
c. From the command prompt on Host1, ping between Host1 and Discovery Server to confirm network
connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 2: Configure NetFlow on the interfaces
From the global configuration mode, issue the following commands to configure NetFlow:
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode, issue the show ip flow interface command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Create network data traffic
A range of network application data flows is to be generated and captured. Generate as many of the data
flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab.
a. Ping the Discovery Server from Host1 to generate a data flow.
From the command line of Host1, issue the command ping 172.17.1.1 -n 200
b. Telnet to the Discovery Server from Host1.
If Discovery Server is being used, issue the command telnet server.discovery.ccna from the
command prompt of Host1.
If Discovery Server is not being used, DNS is not configured , or if a terminal program such as
HyperTerminal or TeraTerm is being used, telnet from Host1 to 172.17.1.1.
c. On Host1, launch a web browser and enter the URL http://server.discovery.ccna
If Discovery Server is not being used or DNS is not configured, then use http://172.17.1.1 to access
the web services configured on that server.
d. Use FTP to download a file.
On Host1, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue
ftp server.discovery.ccna from the command line. If DNS is not configured use the IP
address 172.17.1.1 instead of the domain name.
Download a file from the server.
e. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,
send an email using one of these accounts.
Step 5: View the data flows
At the conclusion of the data flow, view the details by issuing the show ip cache flow command from privileged EXEC mode.
FC-CPE-1#show ip cache flow
Output similar to this will be displayed.
IP packet size distribution (3969 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .351 .395 .004 .011 .001 .005 .009 .001 .002 .005 .001 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .013 .000 .195 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
2 active, 4094 inactive, 1368 added
22316 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 17416 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 02:50:15
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 9 0.0 13 47 0.0 5.2 10.8
TCP-FTP 28 0.0 7 62 0.0 0.8 10.4
TCP-WWW 64 0.0 7 138 0.0 0.3 2.1
TCP-other 16 0.0 75 840 0.1 0.0 4.1
UDP-DNS 878 0.0 1 72 0.0 0.0 15.4
UDP-other 347 0.0 3 88 0.1 4.5 15.5
ICMP 26 0.0 1 70 0.0 0.8 15.4
Total: 1368 0.1 2 318 0.3 1.2 14.6
< output omitted >
From your output, list the name of each protocol with the number of flows. Answers vary. Examples shown.
Telnet 9 flows
FTP 28 flows
WWW 64 flows
DNS 878 flows
ICMP 26 flows
TCP other 16 flows
UDP other 347 flows
What was the total number of packets generated? 3969 packets
Which protocol generated the most packets? TCP other (75 x 16 = 1200)
Which protocol produced the most bytes per flow? TCP other (75 x 840 = 63000)
Which protocol’s flows were on the network the longest time? Telnet 5.2 sec
Which protocol used the longest amount of network time? UDP other (4.5 x 347 = 1561.5 sec)
Step 6: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Step 7: Reflection
Create a projected applications document listing the applications planned to use the network.
Application Type Application Protocol Prioritas Comments
Email MS Outlook SMTP Menengah Semua pengguna
Voice Call Manager/SIP VRTP Tinggi Semua pengguna
Web Apache Server HTTP Rendah Semua pengguna
Database SQL Server TCP Menengah Restricted user
Lab 4.5.2 Diagramming Intranet Traffic Flows
Step 1: Cable and configure the current network
a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the
router and the other cable end to the PC1 computer with a DB-9 or DB-25 adapter to the COM 1 port.
Ensure that power has been applied to both the host computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the router.
c. Ping between Host1 and Host2 and between the hosts and Discovery Server to confirm network
connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 2: Configure NetFlow on the interfaces
From the global configuration mode, issue the following commands to configure NetFlow:
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#end
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode, issue the show ip flow interface command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Create network data traffic
A range of network application data flows between the Host1, Host2, and the server is to be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab.
a. On Host1, launch a web browser and enter the URL http://server.discovery.ccna
b. On Host2, launch a web browser and enter the URL http://server.discovery.ccna
If Discovery Server is not being used, then use http://172.17.1.1 to access the web services
configured on that server.
c. Use FTP to download a file.
On Host1 and Host2, launch a web browser and enter the URL ftp://server.discovery.ccna,
or issue ftp server.discovery.ccna from the command line. If DNS is not configured, use the
IP address 172.17.1.1 instead of the domain name.
Download a file from the server.
d. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,
send two emails between users on Host1 and Host2 using these accounts.
e. Set up Windows file sharing between Host1 and Host2 and copy a file from one to the other.
Step 5: View the data flows
At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow
command from privileged EXEC mode.
FC-CPE-1#show ip cache verbose flow
Application Type Source Destination Comments
Web Intranet Web Server Host1
Web Intranet Web Server Host2
File Transfer Intranet File Server Host1
File Transfer Intranet File Server Host2
Email Host1 Email Server
Email Host2 Email Server
File Share Host1 Host2
Step 6: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab simulates LAN data traffic. The LAN data flows of a production network would be much more
extensive and recorded over a greater period of time, perhaps a full working week.
a. On the FilmCompany initial current network topology shown on the next page, add PC host and
printer icons as listed for each VLAN. Draw a circle that encloses the local LAN segments.
b. Then, using the data flows recorded in this lab as a starting point, use different colors to mark the
different LAN data flows between hosts and the server.
Lab 4.5.3 Diagramming Traffic Flows to and from Remote Sites
Step 1: Cable and configure the current network
a. Cable the topology given in the diagram. Ensure that power has been applied to both the host
computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the
hostname and interfaces shown in the table.
c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be
configured on the three routers to establish data communications.
d. From PC1, ping and PC2 and Discovery Server to confirm network connectivity. Troubleshoot and
establish connectivity if the pings fail.
Step 2: Configure NetFlow on the router FC-CPE-1 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface
command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Configure NetFlow on the router FC-CPE-2 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-
2:
FC-CPE-2(config)#interface fastethernet 0/0
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-1(config-if)#interface serial 0/1/0
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#end
Step 5: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface
command.
FC-CPE-2#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-2#clear ip flow stats
Step 6: Configure NetFlow on the router ISP interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:
ISP(config)#interface fastethernet 0/1
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#interface serial 0/0/0
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#end
Step 7: Verify the NetFlow configuration
a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.
ISP#show ip flow interface
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
ISP#clear ip flow stats
Step 8: Create network data traffic
A range of network application data flows between the remote site, the FilmCompany LAN, and the network server is to be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab.
a. On both PCs launch a web browser and enter the URL http://server.discovery.ccna
If Discovery Server is not being used, or DNS is not configured, then use http://172.17.1.1 to
access the web services configured on that server..
b. Use FTP to download a file.
On both PCs, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue
ftp server.discovery.ccna from the command line. If DNS is not configured use 172.17.1.1
instead of the domain name. Download a file from the server.
c. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,
send two emails in each direction between the user on the LAN and the Remote User using these
accounts.
d. To simulate data traffic between the two PCs, ping between them. Attempt to establish a Telnet
session between the two PCs. If file sharing has been enabled, copy a file in both directions between
the two.
Step 9: View the data flows
a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow
command from privileged EXEC mode on each router.
FC-CPE-1#show ip cache verbose flow
FC-CPE-2#show ip cache verbose flow
ISP#show ip cache verbose flow
Router 1 – Sample Output
FC-CPE-1#show ip cache verbose flow
IP packet size distribution (1050 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .672 .278 .015 .000 .007 .000 .000 .000 .000 .000 .000 .001 .003 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.001 .000 .003 .011 .003 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
1 active, 4095 inactive, 150 added
2280 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
1 active, 1023 inactive, 27 added, 27 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:12:31
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-FTP 8 0.0 7 54 0.0 3.7 12.1
TCP-WWW 8 0.0 5 196 0.0 0.2 1.5
TCP-SMTP 16 0.0 15 72 0.3 15.8 1.7
TCP-other 32 0.0 11 77 0.5 2.2 1.5
UDP-DNS 49 0.0 5 67 0.3 6.1 15.6
UDP-other 38 0.0 1 83 0.0 0.0 15.4
Total: 151 0.2 6 77 1.4 4.3 10.2
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
FC-CPE-1#
Router 2 – Sample Output
FC-CPE-2#show ip cache verbose flow
IP packet size distribution (982 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .665 .164 .016 .000 .008 .000 .000 .000 .000 .000 .000 .002 .004 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.002 .000 .004 .128 .004 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
3 active, 4093 inactive, 145 added
2617 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
2 active, 1022 inactive, 50 added, 50 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:11:43
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 6 0.0 3 45 0.0 3.6 10.7
TCP-FTP 8 0.0 7 54 0.0 3.7 11.8
TCP-WWW 8 0.0 5 196 0.0 0.2 1.7
TCP-SMTP 16 0.0 15 72 0.3 15.8 1.6
TCP-other 32 0.0 11 77 0.5 2.2 1.4
UDP-DNS 8 0.0 1 69 0.0 0.1 15.3
UDP-other 59 0.0 1 55 0.0 0.0 15.4
ICMP 9 0.0 4 60 0.0 4.3 15.4
Total: 146 0.2 5 76 1.2 2.8 9.7
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Fa0/1 0.0.0.0 Null 255.255.255.255 11 00 10 120
0044 /0 0 0043 /0 0 0.0.0.0 604 729.9
Se0/1/0 10.10.10.2 Null 224.0.0.9 11 C0 10 1
0208 /0 0 0208 /0 0 0.0.0.0 52 0.0
IPM: 0 0
FC-CPE-2#
Router 3 – Sample Output
ISP#show ip cache verbose flow
IP packet size distribution (502 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .709 .225 .015 .000 .007 .000 .001 .000 .000 .000 .000 .000 .007 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.003 .000 .003 .015 .007 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
1 active, 4095 inactive, 90 added
1274 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
1 active, 1023 inactive, 25 added, 25 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:11:21
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 6 0.0 3 45 0.0 3.6 10.7
TCP-WWW 8 0.0 5 196 0.0 0.2 1.5
TCP-SMTP 8 0.0 18 70 0.2 21.3 1.5
TCP-other 16 0.0 12 83 0.2 4.3 1.5
UDP-DNS 8 0.0 1 69 0.0 0.1 15.4
UDP-other 33 0.0 1 87 0.0 0.0 15.4
ICMP 10 0.0 4 60 0.0 5.4 15.5
Total: 89 0.1 5 85 0.7 3.6 10.1
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Se0/1/0 10.10.10.1 Null 224.0.0.9 11 C0 10 1
0208 /0 0 0208 /0 0 0.0.0.0 92 0.0
IPM: 0 0
ISP#
b. Examine the output and record the different data flows for each router.
c. Discuss and compare the data flows for each router. Particularly consider how recording these flows
can assist in understanding which network devices and resources are used for particular flows.
Step 10: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab simulates the flow of traffic to and from FilmCompany remote sites. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN. On the FilmCompany initial current network topology shown on the next page, add two remote site hosts attached to the “far” side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study initially, the FilmCompany remote sites access its network across the Internet.
One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame
Relay for the stadium-based remote sites to access the FilmCompany network.
Using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different data flows between the remote hosts and devices on the FilmCompany network.
Lab 4.5.4 Diagramming External Traffic Flows
Step 1: Cable and configure the current network
a. Cable the topology given in the diagram. Ensure that power has been applied to both the host
computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the
hostname and interfaces shown in the table.
c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be
configured on the three routers to establish data communications.
d. From PC1 ping both PC2 and Discovery Server to confirm network connectivity. Troubleshoot and
establish connectivity if the pings fail.
Step 2: Configure NetFlow on router FC-CPE-1 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#end
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface
command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Configure NetFlow on router FC-CPE-2 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-2:
FC-CPE-2(config)#interface fastethernet 0/0
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#interface fastethernet 0/1
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#interface serial 0/1/0
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#end
Step 5: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface
command.
FC-CPE-2#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-2#clear ip flow stats
Step 6: Configure NetFlow on router ISP interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:
ISP(config)#interface fastethernet 0/1
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#interface serial 0/1/0
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#end
Step 7: Verify the NetFlow configuration
a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.
ISP#show ip flow interface
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are reset:
ISP#clear ip flow stats
Step 8: Create network data traffic
A range of Internet application data flows between PC2 (the Internet) and the FilmCompany network is to be generated and captured. Generate as many of the data flows shown below as it is possible in your lab. Your instructor will advise you of the particular applications that are available and to be used in this lab.
a. On PC2, launch a web browser and enter the URL http://server.discovery.ccna
If Discovery Server is not being used, or DNS is not configured, then use http://172.17.1.1 to
access the web services configured on that server.
b. Use FTP to download a file.
On PC2, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue ftp
server.discovery.ccna from the command line. If DNS is not configured use the IP address
172.17.1.1 instead of the domain name. (example: http://172.17.1.1 )
Download a file from the server.
c. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,
send two emails from PC2 using these accounts.
Step 9: View the data flows
a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow
command from privileged EXEC mode on each router.
FC-CPE-1#show ip cache verbose flow
FC-CPE-2#show ip cache verbose flow
ISP#show ip cache verbose flow
b. Examine the output and record the different data flows for each router.
c. Discuss and compare the data flows for each router. Particularly consider how these flows differ from
Lab 4.5.3 and the implications this has in understanding which network devices and resources are
used for particular flows.
Step 10: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab simulates the flow of traffic to and from FilmCompany network and the Internet. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. On the FilmCompany initial current network topology shown on the next page, highlight the network Internet link. Using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different possible data flows between the hosts and devices on the FilmCompany network to and from the Internet.
Lab 4.5.5 Diagramming Extranet Traffic Flows
Step 1: Cable and configure the current network
a. Cable the topology given in the diagram. Ensure that power has been applied to both the host
computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the
hostname and interfaces shown in the table.
c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be
configured on the three routers to establish data communications.
d. From PC1, ping PC2 and Discovery Server to confirm network connectivity. Troubleshoot and
establish connectivity if the pings fail.
Step 2: Configure NetFlow on router FC-CPE-1 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#end
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface
command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Configure NetFlow on router FC-CPE-2 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-2:
FC-CPE-2(config)#interface fastethernet 0/0
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#interface fastethernet 0/1
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#interface serial 0/1/0
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#end
Step 5: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface
command.
FC-CPE-2#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-2#clear ip flow stats
Step 6: Configure NetFlow on router ISP interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:
ISP(config)#interface fastethernet 0/1
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#interface serial 0/1/0
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#end
Step 7: Verify the NetFlow configuration
a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.
ISP#show ip flow interface
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
ISP#clear ip flow stats
Step 8: Create network data traffic
Ideally, a range of network application data flows between the trusted extranet host PC2 and PC1 on the
FilmCompany LAN should be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available and to be used in this lab.
To simulate data traffic between the two PCs:
a. Ping between them.
b. Attempt to establish a Telnet session between the two PCs.
c. If you have rights, enable file sharing and copy a file in both directions between the two PCs.
Step 9: View the data flows
a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow
command from privileged EXEC mode on each router.
FC-CPE-1#show ip cache verbose flow
FC-CPE-2#show ip cache verbose flow
ISP#show ip cache verbose flow
Router 1 – Output
FC-CPE-1#show ip cache verbose flow
IP packet size distribution (12 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
0 active, 4096 inactive, 12 added
192 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 8 added, 8 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:03:38
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
UDP-DNS 2 0.0 1 70 0.0 0.0 15.7
UDP-other 10 0.0 1 87 0.0 0.0 15.5
Total: 12 0.0 1 84 0.0 0.0 15.5
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
FC-CPE-1#
Router 2 – Output
FC-CPE-2#show ip cache verbose flow
IP packet size distribution (5223 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .303 .030 .142 .031 .034 .001 .002 .001 .000 .000 .004 .000 .075 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .020 .351 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
9 active, 4087 inactive, 62 added
1970 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 20 added, 20 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:04:31
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 18 0.0 3 45 0.2 3.6 10.9
TCP-other 4 0.0 1 40 0.0 0.0 15.5
UDP-DNS 2 0.0 1 70 0.0 0.0 15.4
UDP-other 22 0.0 1 53 0.0 0.0 15.3
ICMP 8 0.0 14 60 0.4 13.9 15.2
Total: 54 0.2 3 54 0.7 3.2 13.8
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Fa0/1 0.0.0.0 Null 255.255.255.255 11 00 10 222
0044 /0 0 0043 /0 0 0.0.0.0 604 1356.9
Fa0/1 10.0.0.200 Se0/1/0 10.20.0.200 06 00 18 1368
01BD /0 0 06AA /0 0 0.0.0.0 970 184.9
Fa0/1 10.0.0.200 Se0/1/0* 10.20.0.200 06 00 18 1368
01BD /0 0 06AA /0 0 0.0.0.0 970 184.9
FFlags: 01
Se0/1/0 10.20.0.200 Fa0/0 172.17.1.1 11 00 10 5
0404 /0 0 0035 /0 0 0.0.0.0 62 4.3
Se0/1/0 10.20.0.200 Fa0/0* 172.17.1.1 11 00 10 5
0404 /0 0 0035 /0 0 0.0.0.0 62 4.3
FFlags: 01
Fa0/0 172.17.1.1 Se0/1/0* 10.20.0.200 11 00 10 5
0035 /0 0 0404 /0 0 0.0.0.0 62 4.3
FFlags: 01
Fa0/0 172.17.1.1 Se0/1/0 10.20.0.200 11 00 10 5
0035 /0 0 0404 /0 0 0.0.0.0 62 4.3
Se0/1/0 10.20.0.200 Fa0/1 10.0.0.200 06 00 18 1152
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
06AA /0 0 01BD /0 0 0.0.0.0 71 184.9
Se0/1/0 10.20.0.200 Fa0/1* 10.0.0.200 06 00 18 1210
06AA /0 0 01BD /0 0 0.0.0.0 71 194.7
FFlags: 01
Fa0/0 10.10.0.1 Null 224.0.0.9 11 C0 10 1
0208 /0 0 0208 /0 0 0.0.0.0 52 0.0
IPM: 0 0
FC-CPE-2#
Router 3 – Output
ISP#show ip cache verbose flow
IP packet size distribution (6724 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .306 .029 .138 .031 .032 .001 .001 .001 .000 .000 .003 .000 .080 .001
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .008 .362 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
5 active, 4091 inactive, 54 added
1881 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
1 active, 1023 inactive, 12 added, 12 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:05:44
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 18 0.0 3 45 0.1 3.6 10.7
TCP-other 4 0.0 1 40 0.0 0.0 15.7
UDP-DNS 4 0.0 3 63 0.0 2.1 15.5
UDP-other 16 0.0 1 77 0.0 0.0 15.4
ICMP 8 0.0 14 60 0.3 13.4 15.5
Total: 50 0.1 4 58 0.6 3.6 13.7
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Se0/1/0 10.0.0.200 Fa0/1 10.20.0.200 06 00 18 1794
01BD /0 0 06AA /0 0 0.0.0.0 989 245.1
Se0/1/0 10.0.0.200 Fa0/1* 10.20.0.200 06 00 18 1794
01BD /0 0 06AA /0 0 0.0.0.0 989 245.1
FFlags: 01
Fa0/1 10.20.0.200 Se0/1/0 10.0.0.200 06 00 18 1502
06AA /0 0 01BD /0 0 0.0.0.0 69 245.0
Fa0/1 10.20.0.200 Se0/1/0* 10.0.0.200 06 00 18 1502
06AA /0 0 01BD /0 0 0.0.0.0 69 245.0
FFlags: 01
ISP#
b. Examine the output and record the different data flows for each router.
c. Discuss and compare the data flows for each router. Particularly consider how these flows differ from
the previous Labs and the implications this has in understanding which network devices and
resources are used for particular flows.
Step 10: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab simulates the flow of traffic to and from FilmCompany and from selected trusted partners and
customers. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access from trusted sites would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN.
On the FilmCompany initial current network topology shown on the next page, add two trusted remote site
hosts attached to the “far” side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study, initially the FilmCompany remote sites access its network across the Internet. One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame Relay for the stadium-based remote sites to access the FilmCompany network. Then, using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different extranet data flows between the trusted remote hosts and devices on the FilmCompany network. Diagram traffic flows to and from selected trusted partners, customers, and vendors.
Category:
Step 1: Cable and configure the current network
a. Connect and configure the devices in accordance with the topology and configuration given.
For this lab, a PC workstation can substitute for a Discovery Server.
b. Ping between Host 1 and Discovery Server to confirm network connectivity.
Troubleshoot and establish connectivity if the pings fail.
Step 2: Configure NetFlow on the interfaces
NetFlow is configured to monitor data flows in or out of specific router interfaces. Ingress captures traffic that
is being received by the interface. Egress captures traffic that is being transmitted by the interface. In this lab,
the traffic will be monitored on both router interfaces and in both directions from within the console session.
a. From the global configuration mode, issue the following commands:
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow ?
Note the two options available:
egress Enable outbound NetFlow
ingress Enable inbound NetFlow
Which option captures traffic that is being received by the interface? ingress
Which option captures traffic that is being transmitted by the interface? egress
b. Complete the NetFlow configuration.
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#exit
FC-CPE-1(config)#end
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode, issue the show running-configuration command.
For each FastEthernet interface, what statement from the running-configuration denotes that NetFlow
is configured?
interface FastEthernet0/0:
ip flow ingress
ip flow egress
interface FastEthernet0/1:
ip flow ingress
ip flow egress
b. From the privileged EXEC mode, issue the command:
FC-CPE-1#show ip flow ?
Note the three options available:
export Display export
Statistics
interface Display flow
configuration on Interfaces
top-talkers Display top talkers
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
Step 4: Create network data traffic
a. The captured data flow can be examined using the show ip cache flow command issued from
the privileged EXEC mode.
FC-CPE-1#show ip cache flow
Issuing this command before any data traffic has flowed should produce output similar to the example
shown here.
IP packet size distribution (0 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 0 bytes
0 active, 0 inactive, 0 added
0 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec)
Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
Pkts
b. List the seven highlighted column headings and consider what use this information may be in
characterizing the network.
Protocol
Total Flows
Flows per Second
Packets per Flow
Bytes per Packet
Packets per Second
Seconds of active flow
Seconds of no flow (idle)
c. To ensure that flow cache statistics are reset, from privileged EXEC mode issue the command:
FC-CPE-1# clear ip flow stats
d. Ping the Business Server from Host 1 to generate a data flow.
From the command line of Host 1, issue the command ping 172.17.1.1 -n 200
Step 5: View the data flows
a. At the conclusion of the data flow, the details of the flow can be viewed. From privileged EXEC mode,
issue the command:
FC-CPE-1#show ip cache flow
Output similar to that shown below will be displayed. Some values and details may be different in
your lab.
IP packet size distribution (464 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .900 .096 .000 .000 .000 .000 .002 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
5 active, 4091 inactive, 48 added
1168 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 17416 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec)
Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow
/Flow
UDP-DNS 31 0.0 1 72 0.0 0.0
15.5
UDP-other 10 0.0 2 76 0.0 4.1
15.2
ICMP 2 0.0 200 60 0.3 198.9
15.3
Total: 43 0.0 10 61 0.3 10.2
15.5
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
Pkts
< output omitted >
b. Examine your output and list details that indicate data flow.
Protocol
Total Flows
Flows per Second
Packets per Flow
Bytes per Packet
Packets per Second
Seconds of active flow
Seconds of no flow (idle)
Step 6: Stop the NetFlow capture
a. To deactivate NetFlow capture, issue the no ip flow command at the interface configuration
prompt.
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#no ip flow ingress
FC-CPE-1(config-if)#no ip flow egress
FC-CPE-1(config)#interface fastethernet 0/1
FC-CPE-1(config-if)#no ip flow ingress
FC-CPE-1(config-if)#no ip flow egress
b. To verify that NetFlow is deactivated, issue the show ip flow interface command from the
privileged EXEC mode.
FC-CPE-1#show ip flow interface
FC-CPE-1#
No output is displayed if NetFlow is off.
Step 7: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts
that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the
appropriate cabling and restore the TCP/IP settings.
Step 8: Reflection
Consider the possible range of data flow types across a network and how a tool like NetFlow could be
implemented to assist in analyzing those flows.
List of data flow categories and types: Client to Client, Client to Server, Server to Client, and Server to Server
Email, intranet web, database flows, document file flows
Number of separate flows of each type, size (bytes) of each flow, time each flow is on the network
Daftar kategori dan jenis aliran data: Client untuk Klien, Klien ke Server, Server untuk Client, dan Server ke Server
Email, web intranet, aliran database, file dokumen arus
Jumlah arus yang terpisah masing-masing jenis, ukuran (bytes) dari setiap aliran, waktu setiap aliran pada jaringan
Final Configurations
Router 1
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption!
hostname FC-CPE-1!
boot-start-marker
boot-end-marker!
enable password cisco!
no aaa new-model
ip cef!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip flow ingress
ip flow egress
duplex auto
speed auto
interface FastEthernet0/1
ip address 172.17.0.1 255.255.0.0
ip flow ingress
ip flow egress
duplex auto
speed auto
interface Serial0/1/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
ip http server
no ip http secure-server
control-plane
line con 0
password cisco
login
line aux 0
line vty 0 4
password cisco
login
scheduler allocate 20000 1000
end
Lab 4.2.3 Analyzing Network Traffic
Task 1: Design Network Access to FTP and Email Services
Step 1: FTP network considerations
File transfer traffic can put high-volume traffic onto the network. This traffic can have a greater effect on
throughput than interactive end-to-end connections. Although file transfers are throughput-intensive, they
typically have low response-time requirements. As part of the initial characterization of the network, it is important to identify the level of FTP traffic that will be generated. From this information, the network designers can decide on throughput and redundancy requirements.
a. List possible file transfer applications that would generate traffic on the FilmCompany network.
Document sharing
Video production file transfer
b. List these applications by priority based on response time.
1. Video production file transfer
2. Document sharing
c. List these applications by priority based on bandwidth requirements.
1. Video production file transfer
2. Document sharing
Step 2: Email network considerations
Although customers expect immediate access to their emails, they usually do not expect emails to have
network priority over files that they are sharing or updating. Emails are expected to be delivered reliably and accurately. Generally, emails are not throughput-intensive, except when there are enterprise-wide mail-outs or there is a denial of service attack.
List some email policies that could control the volume of email data and the bandwidth used.
Membatasi ukuran lampiran email
Membatasi nomor penerima pesan email
Memastikan spam terfilter sebelum menjangkau LAN
Step 3: Configure and connect the host PCs
a. Set the IP addresses for PC1 and PC2 as shown in the configuration table.
b. Establish a terminal session to router R1 from one of the PCs, and configure the interfaces and
hostname as shown in the configuration table.
Task 2: Configure NBAR to Examine Network Traffic
Step 1: Enable NBAR Protocol Discovery
NBAR can determine which protocols and applications are currently running on a network. NBAR includes the
Protocol Discovery feature, which identifies the application protocols operating on an interface so that
appropriate QoS policies can be developed and applied. To enable Protocol Discovery to monitor selected
protocols on a router interface, issue the following commands from the global configuration mode:
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip nbar protocol-discovery
Step 2: Confirm that Protocol Discovery is configured
From the privileged EXEC mode, issue the show running-config command and confirm that the following
output appears under interface FastEthernet 0/0:
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip nbar protocol-discovery
If protocol-discovery is not confirmed, reissue the configuration commands for interface FastEthernet
0/0.
Task 3: Generate and Identify Network Traffic
Step 1: Generate FTP traffic
The Mozilla Thunderbird email client program will be downloaded from Discovery Server as an example of FTP.
a. On PC1, launch a web browser and enter the URL ftp://server.discovery.ccna,
Alternatively, from the command line, enter ftp server.discovery.ccna. If DNS is not
configured the IP address 172.17.1.1 must be used instead of the domain name.
b. Locate the file thunderbird_setup.exe in the pub directory, download the file, and save it on PC1.
Repeat this step for PC2.
Step 2: Generate Email traffic
If the Thunderbird email client has been installed and email accounts set up on both PC1 and PC2, proceed
to Step 2d. Otherwise, install and set up the email client on PC1 and PC2 as described in Steps 2a through 2c.
a. Install the Thunderbird email client on PC1 and PC2 by double-clicking the downloaded
thunderbird_setup.exe file and accepting the default settings.
b. When the installation has completed, launch the program.
c. Configure email account settings as shown in this table.
1) On the Tools menu, click Account Settings
Complete the required Thunderbird Account Settings.
In the left pane of the Account Settings screen, click Server Settings and complete the
necessary details.
4) In the left pane, click Outgoing Server (SMTP) and complete the proper configuration for the
Outgoing Server (SMTP).
d. Send and receive two emails between accounts on each PC.
Step 3: Display the NBAR results
With Protocol Discovery enabled, any protocol traffic supported by NBAR, as well as the statistics associated
with that protocol, can be discovered.
a. To display the traffic identified by NBAR, issue the show ip nbar protocol-discovery
command from the privileged EXEC mode.
FC-CPE-1#show ip nbar protocol-discovery
b. List each protocol identified and the Input and Output information.
Output:
ftp 18 16
1295 1288
0 0
0 0
c. Although the data traffic in this lab may not be sufficient to generate values for the 5min Bit rate
(bps) and 5min Max Bit Rate (bps) fields, consider and discuss how these values would be applied
to designing an FTP and email network.
Dapat membantu menentukan rata-rata dan puncak kebutuhan bandwidth jaringan.
Step 4: Use NBAR to monitor other data traffic
NBAR can identify and monitor a range of network application traffic protocols.
From the privileged EXEC mode of the router, issue the command show ip nbar port-map and note the output displayed.
FC-CPE-1#show ip nbar port-map
List some protocols that you consider should be monitored and policies applied to.
Output
port-map bgp udp 179
port-map bgp tcp 179
port-map bittorrent tcp 6881 6882 6883 6884 6885 6886
6887 6888 6889
port-map citrix udp 1604
port-map citrix tcp 1494
port-map cuseeme udp 7648 7649 24032
port-map cuseeme tcp 7648 7649
port-map dhcp udp 67 68
port-map directconnect tcp 411 412 413
port-map dns udp 53
port-map dns tcp 53
port-map edonkey tcp 4662
port-map exchange tcp 135
port-map fasttrack tcp 1214
port-map finger tcp 79
port-map ftp tcp 21
port-map gnutella udp 6346 6347 6348
port-map gnutella tcp 6346 6347 6348 6349 6355 5634
port-map gopher udp 70
port-map gopher tcp 70
port-map h323 udp 1300 1718 1719 1720 11720
port-map h323 tcp 1300 1718 1719 1720 11000 – 11999
port-map http tcp 80
port-map imap udp 143 220
port-map imap tcp 143 220
port-map irc udp 194
port-map irc tcp 194
port-map kerberos udp 88 749
port-map kerberos tcp 88 749
port-map l2tp udp 1701
port-map ldap udp 389
port-map ldap tcp 389
port-map mgcp udp 2427 2727
port-map mgcp tcp 2427 2428 2727
port-map netbios udp 137 138
port-map netbios tcp 137 139
port-map netshow tcp 1755
port-map nfs udp 2049
port-map nfs tcp 2049
port-map nntp udp 119
port-map nntp tcp 119
port-map notes udp 1352
port-map notes tcp 1352
port-map novadigm udp 3460 3461 3462 3463 3464 3465
port-map novadigm tcp 3460 3461 3462 3463 3464 3465
port-map ntp udp 123
port-map ntp tcp 123
port-map pcanywhere udp 22 5632
port-map pcanywhere tcp 65301 5631
port-map pop3 udp 110
port-map pop3 tcp 110
port-map pptp tcp 1723
port-map printer udp 515
port-map printer tcp 515
port-map rcmd tcp 512 513 514
port-map rip udp 520
port-map rsvp udp 1698 1699
port-map rtsp tcp 554
port-map secure-ftp tcp 990
port-map secure-http tcp 443
port-map secure-imap udp 585 993
port-map secure-imap tcp 585 993
port-map secure-irc udp 994
port-map secure-irc tcp 994
port-map secure-ldap udp 636
port-map secure-ldap tcp 636
port-map secure-nntp udp 563
port-map secure-nntp tcp 563
port-map secure-pop3 udp 995
port-map secure-pop3 tcp 995
port-map secure-telnet tcp 992
port-map sip udp 5060
port-map sip tcp 5060
port-map skinny tcp 2000 2001 2002
port-map smtp tcp 25
port-map snmp udp 161 162
port-map snmp tcp 161 162
port-map socks tcp 1080
port-map sqlnet tcp 1521
port-map sqlserver tcp 1433
port-map ssh tcp 22
port-map streamwork udp 1558
port-map sunrpc udp 111
port-map sunrpc tcp 111
port-map syslog udp 514
port-map telnet tcp 23
port-map tftp udp 69
port-map vdolive tcp 7000
port-map winmx tcp 6699
port-map xwindows tcp 6000 6001 6002 6003
Step 5: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings
Challenge
This lab considered only the volume of FTP and email data traffic and its impact on network design. Reliable
access to servers is also important. In the space below, sketch a revised topology for this lab that would
provide redundancy for these services.
Lab 4.3.3 Prioritizing Traffic
Step 1: Gather the data traffic information
a. Read through the StadiumCompany case study curriculum.
List the current types of data traffic carried by the StadiumCompany network as well as the types
planned for the future.
b. Refer to the topology diagram and the stadium network diagram information
List the possible data sources and destinations on the StadiumCompany network. For example, there
is likely to be data communications between the stadium management and the vendor management,
but not between Team A and Team B.
Step 2: Prioritize the data traffic
1. List the source, destination, and traffic type that will be assigned the High priority queue.
2. List the source, destination, and traffic type that will be assigned the Medium priority queue.
3. List the source, destination, and traffic type that will be assigned the Normal priority queue
4. List the source, destination, and traffic type that will be assigned the Low priority queue.
Step 3: Finalize the Data Priorities
a. Discuss and review your data priority assignments with another student to ensure that it addresses allnpossible data. Modify your priorities as necessary.
b. Highlight on the StadiumCompany topology diagram the device or devices where data traffic priority policies are likely to be configured.
Step 4: Reflection
Ideally, it may seem that all data traffic should be given a priority and queued accordingly. Consider and
discuss the potential for network performance to be negatively affected if this policy were implemented
everywhere on the network.
Delay data sensitif akan melihat prioritas yang sama sebagai non-delay data sensitif. Suara, video, diberi prioritas yang sama sebagai lalu lintas lainnya, dll
Lab 4.3.4 Exploring Network QoS
Step 1: Cable and configure the network
a. Connect and configure the devices in accordance with the given topology and configuration.
Routing will have to be configured across the serial WAN link to establish data communications.
Configure Telnet access on each router.
b. Ping between Host1 and Discovery Server to confirm network connectivity.
1) Confirm Application Layer connectivity by telnetting from R2 to R1.
2) Troubleshoot and establish connectivity if the pings or Telnet fail.
c. After confirming the initial configurations, maintain a console terminal session connection with R2.
Step 2: Examine priority queue commands
Configuring Priority Queueing
Configuring priority queueing (PQ) has two required steps and an optional third step:
1. Define the priority list (Required)
2. Assign the priority list to an Interface (Required)
3. Monitor priority queueing lists (Optional)
A priority list contains the definitions for a set of priority queues. The priority list specifies which queue a
packet will be placed in and, optionally, the maximum length of the different queues. To perform queueing
using a priority list, you must assign the list to an interface. The same priority list can be applied to multiple interfaces. Alternatively, you can create many different priority policies to apply to different interfaces.
Defining the Priority List
The priority list is defined by:
1. Assigning packets to priority queues
2. Specifying the maximum size of the priority queues (Optional)
Packets are assigned to priority queues based on the protocol type and the interface where the packets enter the router. The priority-list commands are read in order of appearance until a matching protocol or interface type is found. When a match is found, the packet is assigned to the appropriate queue and the search ends. Packets that do not match other assignment rules are assigned to the default queue. The following global configuration mode commands are used to specify in which queue a packet is placed. The command format is priority-list list-number Use a list-number of 1 and note the options available.
a. Enter the following command and note the options available.
FC-CPE-1(config)#priority-list 1 ?
default Set priority queue for
unspecified datagrams
interface Set priorities for packets
from a named interface
protocol priority queueing by protocol
queue-limit Set queue limits for
priority queues
b. Note some of the protocol options available.
FC-CPE-1(config)#priority-list 1 protocol ?
arp IP ARP
bridge Bridging
cdp Cisco Discovery Protocol
compressedtcp Compressed TCP (VJ)
http HTTP
ip IP
llc2 llc2
pad PAD links
pppoe PPP over Ethernet
snapshot Snapshot routing support
c. Note the IP protocol options available.
FC-CPE-1(config)#priority-list 1 protocol ip ?
high
medium
normal
low
d. Note the HTTP protocol options available.
FC-CPE-1(config)#priority-list 1 protocol http ?
high
medium
normal
low
e. Note the IP protocol high priority options available.
FC-CPE-1(config)#priority-list 1 protocol ip high ?
fragments Prioritize fragmented IP
packets
gt Prioritize packets greater
than a specified size
list To specify an access list
lt Prioritize packets less than a
specified size
tcp Prioritize TCP packets ‘to’ or
‘from’ the specified port
udp Prioritize UDP packets ‘to’ or
‘from’ the specified port
f. Note the IP protocol high priority TCP options available.
FC-CPE-1(config)#priority-list 1 protocol ip high tcp ?
<0-65535> Port number
domain Domain Name Service (53)
echo Echo (7)
ftp File Transfer Protocol (21)
ftp-data FTP data connections (20)
irc Internet Relay Chat (194)
nntp Network News Transport Protocol
(119)
pop3 Post Office Protocol v3 (110)
smtp Simple Mail Transport Protocol
(25)
telnet Telnet (23)
www World Wide Web (HTTP, 80)
Over 30 port/service options are available.
Step 3: Configure an example priority queue
From the global configuration mode, issue the following commands.
FC-CPE-1(config)#priority-list 1 protocol http high
FC-CPE-1(config)#priority-list 1 protocol ip normal tcp ftp
FC-CPE-1(config)#priority-list 1 protocol ip medium tcp telnet
What do these commands establish?
Sebuah daftar prioritas (nomor “1″) yang menetapkan paket HTTP yang akan ditandai sebagai prioritas tinggi, paket FTP rendah prioritas, dan Telnet paket sebagai prioritas menengah.
Step 4: Assign the priority list to an interface
a. From the global configuration mode, issue the following commands to assign the priority list to
interface serial 0/1/0.
FC-CPE-1(config)#int s0/1/0
FC-CPE-1(config-if)#priority-group 1
b. Confirm the priority list configuration. From the privileged EXEC mode, issue the show runningconfig
command.
Which statements in the configuration show that the priority list has been configured and applied
correctly?
interface Serial0/1/0
ip address 10.10.0.2 255.255.255.252
priority-group 1
priority-list 1 protocol http high
priority-list 1 protocol ip normal tcp ftp
priority-list 1 protocol ip medium tcp telnet
c. Confirm that issuing the show queueing priority command from the privileged EXEC mode
produces the following output:
FC-CPE-1#show queueing priority
Current DLCI priority queue configuration:
Current priority queue configuration:
List Queue Args
1 high protocol http
1 normal protocol ip tcp port ftp
1 medium protocol ip tcp port telnet
Step 5: Examine the priority queues operation
a. On Host1, launch a web browser and enter the URL http://172.17.1.1 to access the web
services configured on the server.
b. Use FTP to download a file. On Host1, launch a new web browser window and enter the URL
ftp://172.17.1.1, or from the command line issue ftp 172.17.1.1
c. Download a large file from the server; for example, the Thunderbird setup program file.
d. From the privileged EXEC mode, issue the following command:
FC-CPE-1#show queueing interface s0/1/0
Output similar to this should be displayed:
Interface Serial0/1/0 queueing strategy: priority
Output queue utilization (queue/count)
high/94 medium/0 normal/106759 low/0
Note the packet count for each queue:
High
Medium
Normal
Low
e. Initiate a Telnet session from R2 to R1 and issue some show commands on R1.
f. Close the Telnet session.
g. Issue the following command from the R2 privileged EXEC mode:
FC-CPE-1#show queueing interface s0/1/0
Note the packet count for each queue:
High
Medium
Normal
Low
What is the significant difference when compared to the previous output form this command in
Step 5d?
Antrian Menengah sekarang memiliki jumlah paket, ini adalah prioritas yang ditugaskan untuk paket Telnet.
Step 6: Determine the priority queue requirements for the case study
a. Using the FilmCompany case study, what would you expect the priority queue requirements to be?
b. Discuss and compare your priorities with other students.
c. Amend your priority list statements to include traffic associated with the proposed network upgrade.
Step 7: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts
that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the
appropriate cabling and restore the TCP/IP settings.
Challenge
The following privileged EXEC command displays the contents of packets inside a queue for a particular
interface:
show queue interface-type interface-number
However, in this lab, it is not likely that sufficient data traffic was generated at one time for the interface
queues to hold packets long enough to be inspected. Discuss how a network has to be load tested to ensure that all traffic priorities are met.
Lab 4.4.4 Investigating Video Traffic Impact on a Network
Step 1: Cable and configure the network
a. Connect and configure the devices in accordance with the given topology and configuration.
Set clock rate on the serial link to 56000.
Routing will have to be configured across the serial WAN link to establish data communications.
Step 2: Observe data traffic
In this step, you will generate concurrent data traffic and observe the time the flows take.
a. From Host1 command line, issue the command ping 172.17.1 1 –n 500 to generate a large
number of pings to Discovery Server.
b. While the pings are being generated on Host1, launch a web browser and enter the URL
http://server.discovery.ccna or http://172.17.1.1 to access the web services
configured on the server.
c. Use FTP to download a file. On Host1, launch a new web browser window and enter the URL
ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command
line. If DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name.
d. Download a large file from the server; for example, the Thunderbird setup program file.
Note the total time taken to complete the pings, access the web page, and download the file.
Step 3: Stream the video file
Before beginning to stream the video ensure that QuickTime Player is installed on Host1, and that the video streaming service has been enabled on Discovery Server. See your instructor for advice if you are unsure. Launch QuickTime Player. Under File menu, go to Open URL
Enter URL rtsp://172.17.1.1/MWO.sdp, or a URL as provided by the instructor.
Note rate at which it plays back and the video and sound quality.
Video Quality
Sound Quality
Step 4: Observe both video and data traffic
a. From Host1 command line, issue the command ping 172.17.1 1 –n 500 to generate a large
number of pings to Discovery Server.
b. While the pings are being generated, use QuickTime Player to access the streaming video URL
again.
c. While the video is being played, launch a new web browser window on Host1 and enter the URL
http://server.discovery.ccna or http://172.17.1.1 to access the web services
configured on the server.
d. On Host1, launch another web browser window and enter the URL
ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command
line. If DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name.
e. Download a large file from the server; for example, the Thunderbird setup program file.
Note the total time taken to complete the pings, access the web page, and download the file.
Note rate at which it plays back and the video and sound quality.
Video Quality
Sound Quality
Step 5: Observe the data flows with a different serial link clock rate
a. Change the serial link clock rate to 250000 on the router with the DCE interface.
b. Repeat Step 4 and record your observations.
Note the total time taken to complete the pings, access the web page, and download the file.
Note rate at which it plays back and the video and sound quality.
Video Quality
Sound Quality
c. Change the serial link clock rate to 2000000 on the router with the DCE interface.
d. Repeat Step 4 and record your observations.
Note the total time taken to complete the pings, access the web page, and download the file.
Note rate at which it plays back and the video and sound quality.
Video Quality
Sound Quality
Instructor Note: The Cisco 1841 router with WIC 2T Serial interfaces can support clock rates up to
4 000 0000 bits per second (4Mbps); other platforms and WIC 2A/S Serial interfaces may have a lower maximum clock rate.
Step 6: Record your general observations
Compare the different download times and video quality.
Step 7: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Step 8: Reflection
Consider and discuss how video and other data traffic can share network resources while maintaining
acceptable performance.
Video dan lalu lintas data dapat berbagi sumber daya jaringan yang sama jika bandwidth yang memadai tersedia atau jika lalu lintas yang diprioritaskan. Data lalu lintas dapat ditunda sedikit untuk memungkinkan lebih banyak waktu trafik video sensitif untuk memanfaatkan bandwidth yang tersedia.
Lab 4.5.1 Identifying Traffic Flows
Step 1: Cable and configure the current network
a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the
router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port.
Ensure that power has been applied to both the host computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the router.
c. From the command prompt on Host1, ping between Host1 and Discovery Server to confirm network
connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 2: Configure NetFlow on the interfaces
From the global configuration mode, issue the following commands to configure NetFlow:
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode, issue the show ip flow interface command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Create network data traffic
A range of network application data flows is to be generated and captured. Generate as many of the data
flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab.
a. Ping the Discovery Server from Host1 to generate a data flow.
From the command line of Host1, issue the command ping 172.17.1.1 -n 200
b. Telnet to the Discovery Server from Host1.
If Discovery Server is being used, issue the command telnet server.discovery.ccna from the
command prompt of Host1.
If Discovery Server is not being used, DNS is not configured , or if a terminal program such as
HyperTerminal or TeraTerm is being used, telnet from Host1 to 172.17.1.1.
c. On Host1, launch a web browser and enter the URL http://server.discovery.ccna
If Discovery Server is not being used or DNS is not configured, then use http://172.17.1.1 to access
the web services configured on that server.
d. Use FTP to download a file.
On Host1, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue
ftp server.discovery.ccna from the command line. If DNS is not configured use the IP
address 172.17.1.1 instead of the domain name.
Download a file from the server.
e. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,
send an email using one of these accounts.
Step 5: View the data flows
At the conclusion of the data flow, view the details by issuing the show ip cache flow command from privileged EXEC mode.
FC-CPE-1#show ip cache flow
Output similar to this will be displayed.
IP packet size distribution (3969 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .351 .395 .004 .011 .001 .005 .009 .001 .002 .005 .001 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .013 .000 .195 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
2 active, 4094 inactive, 1368 added
22316 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 17416 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 02:50:15
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 9 0.0 13 47 0.0 5.2 10.8
TCP-FTP 28 0.0 7 62 0.0 0.8 10.4
TCP-WWW 64 0.0 7 138 0.0 0.3 2.1
TCP-other 16 0.0 75 840 0.1 0.0 4.1
UDP-DNS 878 0.0 1 72 0.0 0.0 15.4
UDP-other 347 0.0 3 88 0.1 4.5 15.5
ICMP 26 0.0 1 70 0.0 0.8 15.4
Total: 1368 0.1 2 318 0.3 1.2 14.6
< output omitted >
From your output, list the name of each protocol with the number of flows. Answers vary. Examples shown.
Telnet 9 flows
FTP 28 flows
WWW 64 flows
DNS 878 flows
ICMP 26 flows
TCP other 16 flows
UDP other 347 flows
What was the total number of packets generated? 3969 packets
Which protocol generated the most packets? TCP other (75 x 16 = 1200)
Which protocol produced the most bytes per flow? TCP other (75 x 840 = 63000)
Which protocol’s flows were on the network the longest time? Telnet 5.2 sec
Which protocol used the longest amount of network time? UDP other (4.5 x 347 = 1561.5 sec)
Step 6: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Step 7: Reflection
Create a projected applications document listing the applications planned to use the network.
Application Type Application Protocol Prioritas Comments
Email MS Outlook SMTP Menengah Semua pengguna
Voice Call Manager/SIP VRTP Tinggi Semua pengguna
Web Apache Server HTTP Rendah Semua pengguna
Database SQL Server TCP Menengah Restricted user
Lab 4.5.2 Diagramming Intranet Traffic Flows
Step 1: Cable and configure the current network
a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the
router and the other cable end to the PC1 computer with a DB-9 or DB-25 adapter to the COM 1 port.
Ensure that power has been applied to both the host computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the router.
c. Ping between Host1 and Host2 and between the hosts and Discovery Server to confirm network
connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 2: Configure NetFlow on the interfaces
From the global configuration mode, issue the following commands to configure NetFlow:
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#end
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode, issue the show ip flow interface command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Create network data traffic
A range of network application data flows between the Host1, Host2, and the server is to be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab.
a. On Host1, launch a web browser and enter the URL http://server.discovery.ccna
b. On Host2, launch a web browser and enter the URL http://server.discovery.ccna
If Discovery Server is not being used, then use http://172.17.1.1 to access the web services
configured on that server.
c. Use FTP to download a file.
On Host1 and Host2, launch a web browser and enter the URL ftp://server.discovery.ccna,
or issue ftp server.discovery.ccna from the command line. If DNS is not configured, use the
IP address 172.17.1.1 instead of the domain name.
Download a file from the server.
d. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,
send two emails between users on Host1 and Host2 using these accounts.
e. Set up Windows file sharing between Host1 and Host2 and copy a file from one to the other.
Step 5: View the data flows
At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow
command from privileged EXEC mode.
FC-CPE-1#show ip cache verbose flow
Application Type Source Destination Comments
Web Intranet Web Server Host1
Web Intranet Web Server Host2
File Transfer Intranet File Server Host1
File Transfer Intranet File Server Host2
Email Host1 Email Server
Email Host2 Email Server
File Share Host1 Host2
Step 6: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab simulates LAN data traffic. The LAN data flows of a production network would be much more
extensive and recorded over a greater period of time, perhaps a full working week.
a. On the FilmCompany initial current network topology shown on the next page, add PC host and
printer icons as listed for each VLAN. Draw a circle that encloses the local LAN segments.
b. Then, using the data flows recorded in this lab as a starting point, use different colors to mark the
different LAN data flows between hosts and the server.
Lab 4.5.3 Diagramming Traffic Flows to and from Remote Sites
Step 1: Cable and configure the current network
a. Cable the topology given in the diagram. Ensure that power has been applied to both the host
computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the
hostname and interfaces shown in the table.
c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be
configured on the three routers to establish data communications.
d. From PC1, ping and PC2 and Discovery Server to confirm network connectivity. Troubleshoot and
establish connectivity if the pings fail.
Step 2: Configure NetFlow on the router FC-CPE-1 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface
command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Configure NetFlow on the router FC-CPE-2 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-
2:
FC-CPE-2(config)#interface fastethernet 0/0
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-1(config-if)#interface serial 0/1/0
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#end
Step 5: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface
command.
FC-CPE-2#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-2#clear ip flow stats
Step 6: Configure NetFlow on the router ISP interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:
ISP(config)#interface fastethernet 0/1
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#interface serial 0/0/0
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#end
Step 7: Verify the NetFlow configuration
a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.
ISP#show ip flow interface
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
ISP#clear ip flow stats
Step 8: Create network data traffic
A range of network application data flows between the remote site, the FilmCompany LAN, and the network server is to be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab.
a. On both PCs launch a web browser and enter the URL http://server.discovery.ccna
If Discovery Server is not being used, or DNS is not configured, then use http://172.17.1.1 to
access the web services configured on that server..
b. Use FTP to download a file.
On both PCs, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue
ftp server.discovery.ccna from the command line. If DNS is not configured use 172.17.1.1
instead of the domain name. Download a file from the server.
c. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,
send two emails in each direction between the user on the LAN and the Remote User using these
accounts.
d. To simulate data traffic between the two PCs, ping between them. Attempt to establish a Telnet
session between the two PCs. If file sharing has been enabled, copy a file in both directions between
the two.
Step 9: View the data flows
a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow
command from privileged EXEC mode on each router.
FC-CPE-1#show ip cache verbose flow
FC-CPE-2#show ip cache verbose flow
ISP#show ip cache verbose flow
Router 1 – Sample Output
FC-CPE-1#show ip cache verbose flow
IP packet size distribution (1050 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .672 .278 .015 .000 .007 .000 .000 .000 .000 .000 .000 .001 .003 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.001 .000 .003 .011 .003 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
1 active, 4095 inactive, 150 added
2280 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
1 active, 1023 inactive, 27 added, 27 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:12:31
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-FTP 8 0.0 7 54 0.0 3.7 12.1
TCP-WWW 8 0.0 5 196 0.0 0.2 1.5
TCP-SMTP 16 0.0 15 72 0.3 15.8 1.7
TCP-other 32 0.0 11 77 0.5 2.2 1.5
UDP-DNS 49 0.0 5 67 0.3 6.1 15.6
UDP-other 38 0.0 1 83 0.0 0.0 15.4
Total: 151 0.2 6 77 1.4 4.3 10.2
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
FC-CPE-1#
Router 2 – Sample Output
FC-CPE-2#show ip cache verbose flow
IP packet size distribution (982 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .665 .164 .016 .000 .008 .000 .000 .000 .000 .000 .000 .002 .004 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.002 .000 .004 .128 .004 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
3 active, 4093 inactive, 145 added
2617 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
2 active, 1022 inactive, 50 added, 50 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:11:43
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 6 0.0 3 45 0.0 3.6 10.7
TCP-FTP 8 0.0 7 54 0.0 3.7 11.8
TCP-WWW 8 0.0 5 196 0.0 0.2 1.7
TCP-SMTP 16 0.0 15 72 0.3 15.8 1.6
TCP-other 32 0.0 11 77 0.5 2.2 1.4
UDP-DNS 8 0.0 1 69 0.0 0.1 15.3
UDP-other 59 0.0 1 55 0.0 0.0 15.4
ICMP 9 0.0 4 60 0.0 4.3 15.4
Total: 146 0.2 5 76 1.2 2.8 9.7
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Fa0/1 0.0.0.0 Null 255.255.255.255 11 00 10 120
0044 /0 0 0043 /0 0 0.0.0.0 604 729.9
Se0/1/0 10.10.10.2 Null 224.0.0.9 11 C0 10 1
0208 /0 0 0208 /0 0 0.0.0.0 52 0.0
IPM: 0 0
FC-CPE-2#
Router 3 – Sample Output
ISP#show ip cache verbose flow
IP packet size distribution (502 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .709 .225 .015 .000 .007 .000 .001 .000 .000 .000 .000 .000 .007 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.003 .000 .003 .015 .007 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
1 active, 4095 inactive, 90 added
1274 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
1 active, 1023 inactive, 25 added, 25 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:11:21
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 6 0.0 3 45 0.0 3.6 10.7
TCP-WWW 8 0.0 5 196 0.0 0.2 1.5
TCP-SMTP 8 0.0 18 70 0.2 21.3 1.5
TCP-other 16 0.0 12 83 0.2 4.3 1.5
UDP-DNS 8 0.0 1 69 0.0 0.1 15.4
UDP-other 33 0.0 1 87 0.0 0.0 15.4
ICMP 10 0.0 4 60 0.0 5.4 15.5
Total: 89 0.1 5 85 0.7 3.6 10.1
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Se0/1/0 10.10.10.1 Null 224.0.0.9 11 C0 10 1
0208 /0 0 0208 /0 0 0.0.0.0 92 0.0
IPM: 0 0
ISP#
b. Examine the output and record the different data flows for each router.
c. Discuss and compare the data flows for each router. Particularly consider how recording these flows
can assist in understanding which network devices and resources are used for particular flows.
Step 10: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab simulates the flow of traffic to and from FilmCompany remote sites. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN. On the FilmCompany initial current network topology shown on the next page, add two remote site hosts attached to the “far” side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study initially, the FilmCompany remote sites access its network across the Internet.
One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame
Relay for the stadium-based remote sites to access the FilmCompany network.
Using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different data flows between the remote hosts and devices on the FilmCompany network.
Lab 4.5.4 Diagramming External Traffic Flows
Step 1: Cable and configure the current network
a. Cable the topology given in the diagram. Ensure that power has been applied to both the host
computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the
hostname and interfaces shown in the table.
c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be
configured on the three routers to establish data communications.
d. From PC1 ping both PC2 and Discovery Server to confirm network connectivity. Troubleshoot and
establish connectivity if the pings fail.
Step 2: Configure NetFlow on router FC-CPE-1 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#end
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface
command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Configure NetFlow on router FC-CPE-2 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-2:
FC-CPE-2(config)#interface fastethernet 0/0
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#interface fastethernet 0/1
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#interface serial 0/1/0
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#end
Step 5: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface
command.
FC-CPE-2#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-2#clear ip flow stats
Step 6: Configure NetFlow on router ISP interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:
ISP(config)#interface fastethernet 0/1
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#interface serial 0/1/0
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#end
Step 7: Verify the NetFlow configuration
a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.
ISP#show ip flow interface
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are reset:
ISP#clear ip flow stats
Step 8: Create network data traffic
A range of Internet application data flows between PC2 (the Internet) and the FilmCompany network is to be generated and captured. Generate as many of the data flows shown below as it is possible in your lab. Your instructor will advise you of the particular applications that are available and to be used in this lab.
a. On PC2, launch a web browser and enter the URL http://server.discovery.ccna
If Discovery Server is not being used, or DNS is not configured, then use http://172.17.1.1 to
access the web services configured on that server.
b. Use FTP to download a file.
On PC2, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue ftp
server.discovery.ccna from the command line. If DNS is not configured use the IP address
172.17.1.1 instead of the domain name. (example: http://172.17.1.1 )
Download a file from the server.
c. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,
send two emails from PC2 using these accounts.
Step 9: View the data flows
a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow
command from privileged EXEC mode on each router.
FC-CPE-1#show ip cache verbose flow
FC-CPE-2#show ip cache verbose flow
ISP#show ip cache verbose flow
b. Examine the output and record the different data flows for each router.
c. Discuss and compare the data flows for each router. Particularly consider how these flows differ from
Lab 4.5.3 and the implications this has in understanding which network devices and resources are
used for particular flows.
Step 10: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab simulates the flow of traffic to and from FilmCompany network and the Internet. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. On the FilmCompany initial current network topology shown on the next page, highlight the network Internet link. Using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different possible data flows between the hosts and devices on the FilmCompany network to and from the Internet.
Lab 4.5.5 Diagramming Extranet Traffic Flows
Step 1: Cable and configure the current network
a. Cable the topology given in the diagram. Ensure that power has been applied to both the host
computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the
hostname and interfaces shown in the table.
c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be
configured on the three routers to establish data communications.
d. From PC1, ping PC2 and Discovery Server to confirm network connectivity. Troubleshoot and
establish connectivity if the pings fail.
Step 2: Configure NetFlow on router FC-CPE-1 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#end
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface
command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Configure NetFlow on router FC-CPE-2 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-2:
FC-CPE-2(config)#interface fastethernet 0/0
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#interface fastethernet 0/1
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#interface serial 0/1/0
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#end
Step 5: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface
command.
FC-CPE-2#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-2#clear ip flow stats
Step 6: Configure NetFlow on router ISP interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:
ISP(config)#interface fastethernet 0/1
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#interface serial 0/1/0
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#end
Step 7: Verify the NetFlow configuration
a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.
ISP#show ip flow interface
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
ISP#clear ip flow stats
Step 8: Create network data traffic
Ideally, a range of network application data flows between the trusted extranet host PC2 and PC1 on the
FilmCompany LAN should be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available and to be used in this lab.
To simulate data traffic between the two PCs:
a. Ping between them.
b. Attempt to establish a Telnet session between the two PCs.
c. If you have rights, enable file sharing and copy a file in both directions between the two PCs.
Step 9: View the data flows
a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow
command from privileged EXEC mode on each router.
FC-CPE-1#show ip cache verbose flow
FC-CPE-2#show ip cache verbose flow
ISP#show ip cache verbose flow
Router 1 – Output
FC-CPE-1#show ip cache verbose flow
IP packet size distribution (12 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
0 active, 4096 inactive, 12 added
192 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 8 added, 8 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:03:38
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
UDP-DNS 2 0.0 1 70 0.0 0.0 15.7
UDP-other 10 0.0 1 87 0.0 0.0 15.5
Total: 12 0.0 1 84 0.0 0.0 15.5
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
FC-CPE-1#
Router 2 – Output
FC-CPE-2#show ip cache verbose flow
IP packet size distribution (5223 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .303 .030 .142 .031 .034 .001 .002 .001 .000 .000 .004 .000 .075 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .020 .351 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
9 active, 4087 inactive, 62 added
1970 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 20 added, 20 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:04:31
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 18 0.0 3 45 0.2 3.6 10.9
TCP-other 4 0.0 1 40 0.0 0.0 15.5
UDP-DNS 2 0.0 1 70 0.0 0.0 15.4
UDP-other 22 0.0 1 53 0.0 0.0 15.3
ICMP 8 0.0 14 60 0.4 13.9 15.2
Total: 54 0.2 3 54 0.7 3.2 13.8
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Fa0/1 0.0.0.0 Null 255.255.255.255 11 00 10 222
0044 /0 0 0043 /0 0 0.0.0.0 604 1356.9
Fa0/1 10.0.0.200 Se0/1/0 10.20.0.200 06 00 18 1368
01BD /0 0 06AA /0 0 0.0.0.0 970 184.9
Fa0/1 10.0.0.200 Se0/1/0* 10.20.0.200 06 00 18 1368
01BD /0 0 06AA /0 0 0.0.0.0 970 184.9
FFlags: 01
Se0/1/0 10.20.0.200 Fa0/0 172.17.1.1 11 00 10 5
0404 /0 0 0035 /0 0 0.0.0.0 62 4.3
Se0/1/0 10.20.0.200 Fa0/0* 172.17.1.1 11 00 10 5
0404 /0 0 0035 /0 0 0.0.0.0 62 4.3
FFlags: 01
Fa0/0 172.17.1.1 Se0/1/0* 10.20.0.200 11 00 10 5
0035 /0 0 0404 /0 0 0.0.0.0 62 4.3
FFlags: 01
Fa0/0 172.17.1.1 Se0/1/0 10.20.0.200 11 00 10 5
0035 /0 0 0404 /0 0 0.0.0.0 62 4.3
Se0/1/0 10.20.0.200 Fa0/1 10.0.0.200 06 00 18 1152
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
06AA /0 0 01BD /0 0 0.0.0.0 71 184.9
Se0/1/0 10.20.0.200 Fa0/1* 10.0.0.200 06 00 18 1210
06AA /0 0 01BD /0 0 0.0.0.0 71 194.7
FFlags: 01
Fa0/0 10.10.0.1 Null 224.0.0.9 11 C0 10 1
0208 /0 0 0208 /0 0 0.0.0.0 52 0.0
IPM: 0 0
FC-CPE-2#
Router 3 – Output
ISP#show ip cache verbose flow
IP packet size distribution (6724 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .306 .029 .138 .031 .032 .001 .001 .001 .000 .000 .003 .000 .080 .001
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .008 .362 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
5 active, 4091 inactive, 54 added
1881 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
1 active, 1023 inactive, 12 added, 12 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:05:44
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 18 0.0 3 45 0.1 3.6 10.7
TCP-other 4 0.0 1 40 0.0 0.0 15.7
UDP-DNS 4 0.0 3 63 0.0 2.1 15.5
UDP-other 16 0.0 1 77 0.0 0.0 15.4
ICMP 8 0.0 14 60 0.3 13.4 15.5
Total: 50 0.1 4 58 0.6 3.6 13.7
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Se0/1/0 10.0.0.200 Fa0/1 10.20.0.200 06 00 18 1794
01BD /0 0 06AA /0 0 0.0.0.0 989 245.1
Se0/1/0 10.0.0.200 Fa0/1* 10.20.0.200 06 00 18 1794
01BD /0 0 06AA /0 0 0.0.0.0 989 245.1
FFlags: 01
Fa0/1 10.20.0.200 Se0/1/0 10.0.0.200 06 00 18 1502
06AA /0 0 01BD /0 0 0.0.0.0 69 245.0
Fa0/1 10.20.0.200 Se0/1/0* 10.0.0.200 06 00 18 1502
06AA /0 0 01BD /0 0 0.0.0.0 69 245.0
FFlags: 01
ISP#
b. Examine the output and record the different data flows for each router.
c. Discuss and compare the data flows for each router. Particularly consider how these flows differ from
the previous Labs and the implications this has in understanding which network devices and
resources are used for particular flows.
Step 10: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab simulates the flow of traffic to and from FilmCompany and from selected trusted partners and
customers. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access from trusted sites would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN.
On the FilmCompany initial current network topology shown on the next page, add two trusted remote site
hosts attached to the “far” side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study, initially the FilmCompany remote sites access its network across the Internet. One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame Relay for the stadium-based remote sites to access the FilmCompany network. Then, using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different extranet data flows between the trusted remote hosts and devices on the FilmCompany network. Diagram traffic flows to and from selected trusted partners, customers, and vendors.
Category:
Langganan:
Postingan (Atom)