Phase 1: Identifying Requirements, Putting the Network Together pptx

The submission should include the following elements:  Requirements Document  Equipment Order  VLANs - Necessary  IP Subnets - Necessary  Switch Port Connections  Any Necessary Vis

Phase 1: Identifying Requirements, Putting the Network Together

Scenario

NuggetLabs Industries is growing significantly Due to space limitations, five employees currently share single cubicles…at the same time While this is great for team building, these space limitations are now impacting business productivity NuggetLabs has now leased an additional office building roughly 20Km from their headquarters location While this office will eventually connect to the HQ office, it will initially be set up independently NuggetLabs Industries has heard rumors of your ninja-like network consultation skills and has agreed to pay you an excessive amount of money to design and build their network infrastructure

 The Windows admins are planning to install a new pair of redundant servers at the new office They plan

to manage all the IP addresses for DHCP on these servers and are waiting for you to tell them what IP address range they should use

o Windows admins: Jeff Service - (602) 555-1293, Mike Pack (480) 555-9382

 The new office is a two story building with the Main Distribution Frame (MDF) in the northwest corner of the first floor Because of a workman’s strike, poor planning, and other human issues, the Intermediate Distribution Frame (IDF) on the second floor was installed in the southeast corner of the second floor, beyond the reach of typical Ethernet standards The majority of the employees (roughly 50) will sit on the main floor while the remainder will sit on the second floor The building contractor has already run the cabling - a single Cat6 Ethernet connection to each cubical / office space which terminates to patch panels

in the MDF/IDF area

 NuggetLabs is planning to use a Voice over IP (VoIP) phone system for the new office Each user will have

an assigned IP Phone in their cubical / office space The installation / management of the phone system itself will be the responsibility of another company; however, the network should be prepared to support the additional devices

 The new office will need WIFI implementations, so to keep budgets in check the company would like to use off-the-shelf Cisco Small Business WAPs These WAPs are to host two wireless networks: NL-CORP and NL-PUB Those connecting to NL-CORP should have access to the corporate network and resources Of course, high-end security is mandatory for this wireless network Those connecting to NL-PUB should not

be prompted for any security requirements but should be limited to Internet access only

 NuggetLabs Industries would like you to assess the network and make recommendations on Internet connectivity options They would also like to begin evaluating network connections between their offices

 During the discussions, NuggetLabs Industries found that you work primarily from your home office Because of the value NuggetLabs places on your technical prowess, they have offered to provide an office space located in the MDF for you to use as a lab environment; a "home-away-from-home” you can use However, this lab environment must be completely isolated from the corporate network to not cause any interference to day-to-day operations

1 NL Initial Meeting with NL Corporate

Create initial questionnaire for on-site visit 30Discuss upcoming branch office rollout (goals, staff

involvement, key contacts)

Based on this information, NuggetLabs Industries would like you to create a proposal, design, and

implementation plan for their new office by next Friday The submission should include the following elements:

 Requirements Document

 Equipment Order

 VLAN(s) - Necessary

 IP Subnet(s) - Necessary

 Switch Port Connections

 Any Necessary Visio Diagrams

Requirements Document

Based on company meeting, November 28th, 2011

Attendees

 Bob Phaman [CEO - BobP@nuggetlabs.com – (602) 555.2791]

 Sarah Belittle [CTO - SarahB@nuggetlabs.com – (602) 555.8329]

 Jeff Service [Windows Admin Lead - JeffS@nuggetlabs.com – (602) 555.1293]

 Mike Pack [Desktop Support - MikeP@nuggetlabs.com – (480) 555.9382]

 Grapler Construction Company (various reps) [support@grapler.com]

Requirements

 Network must initially handle 75 users between two floors

 Network must handle both VoIP and Data traffic

 Network should handle public(unsecure) and private (secure) WIFI

 Private office / lab area created in MDF, separate from the network

 Suggest options for Internet connectivity

Assumptions

 Each user will have one workstation

 Each user will have one IP phone

 Network should handle 1 Gbps Ethernet connections to the desktop

 Dual fiber optic cabling run completed from MDF to IDF

 Internet connectivity options will be suggested, agreed upon, and installed before the move in date

 All cable runs terminate to the IDF or MDF

 Each cubical / office will have at least one Cat6 Ethernet connection

 JeremyC Consulting Inc will be ordering all necessary equipment and patch cables for the operation

 Windows servers will have redundant connections

 IDF will be initially set up with a 48 port switch (allowing approx 48% growth)

 MDF will be initially set up with two 48 port switches (allowing approx 44% growth)

 PCs and IP Phones will be located no more than 3m from the wall connection, 1.5-2m on average

 Single Internet router (no redundancy) is acceptable

 Single core L3 switch (no redundancy) is acceptable

 PSTN calling for VoIP network will be handled via SIP Trunk over the Internet

 MDF and IDF have sufficient power and cooling for the equipment to be installed

Phase 1: Brainstorming

Requirements

 Two stories

o First Floor MDF - initially housing 50 users, servers, etc

o Second Floor lDF - initially housing 25 users

 WIFI

o Full coverage for first and second floor

o Need to perform a wireless site survey (onsite)

o Power over Ethernet switches or couplers

 VoIP

o IP Phone per cubical / office

o Need additional 1.5-3m Cat 5E / 6 Ethernet cabling as PC patch

Get with Windows guys to determine cabinet 60

Items Needed

 MDF - two 48-port PoE switches, one of them should be Layer 3 capable

o Cisco LAN Access Switches

o Cisco 2960 Model Comparison

o Cisco 3750-X Model Comparison

o First Choice L2 Switch - WS-C2960S-48FPS-L

o Mounting- wall mount? Server cabinet? (determine server needs)

o Cabling- need plenty of spare 1.5m, 2m, and 3m cables for cubicles Offices, server connections

o Fiber optic connection: Patch cables and two SFPs

 MDF - one Internet router

o Cisco Routers

o Cisco 2900 Series

o First Choice Router — Cisco 2901

 (2) 1 Gbps built-in interfaces

 (4) card slots (expansion using serial, ethernet, etc )

 Voice capabilities (on-board DSPs)

 IDF - one 48-port PoE switch

o First Choice L2 Switch - WS-C2960S-48FPS-L

 48-port, L2 switching

 740W PoE (15W per port)

 (4) 1G SFP Uplinks

 Building - Wireless access points

o Cisco Small Business WIFI options

o First Choice - WAP4410N

 802.11n/g/b

 1Gbps, PoE Capable (802.3af)

 Supports 4 VLANs, 4 SSlDs

VLAN 64 – Client VoIP

10.1.64.0 255.255.254.0 64 Client VoIP Network

VLAN 66 – Client Data

10.1.66.0 255.255.254.0 66 Client Data Network

VLAN 71 – Network Management

Port List

NL-B1-SW1 Physical VLAN / TRUNK / IP Remote

Device

Remote Interface

9

…

NL-B1-SW2 Physical VLAN / TRUNK / IP Remote

Device

Remote Interface

…

Physical Layout

Logical Layout

Phase 2: Configuring the Switch Infrastructure

Scenario

All the equipment you suggested has been purchased, delivered, and installed at the NuggetLabs branch office facility You must now begin with the configuration of the switch infrastructure based on the following requirements

Note: VLAN Database mode must be used to configure any VLANs on the switches

Hint: NL_B1_SW1#vlan database

To help guide this initial configuration, you've assembled a list of requirements

 Each switch will need a base configuration, which includes:

o Hostname

o Passwords (CON, VTY, Enable) should be set to cisco

o Logon banner

o Three hour console port timeout

o Synchronous logging on the console port

o Telnet / SSH enabled (use nuggetlabs.com as your domain and admin / cisco for SSH credentials)

o HTTP management disabled

o DNS name resolution set to 4.2.2.2 and 4.2.2.3

o Clock set, NTP configured (use 64.73.32.135 as the NTP sewer)

o Management VLAN / IP address (use the following table)

VLAN 71 – Network Management

o VLAN 64: Client Voice

o VLAN 66: Client Data

o VLAN 68: Server

o VLAN 69: Public WIFI

o VLAN 70: Private LAB

o VLAN 71: Management

o VLAN 10: Internet DMZ

 Configure Etherchannel connections between (SW1 and SW2) and (SW1 and SW3) Use GNS3 to

determine appropriate physical connections The Etherchannel should be hardcoded as ON (does not use any LACP or PAGP negotiation)

 Configure the links between the switches to forward traffic for all necessary VLANs lf a VLAN does switch, the trunk should not forward traffic for it

 Assign the necessary ports to VLANs based on the following table

4 – 13 VLAN 68 (Server) VLANs 64, 66 (Client) VLANs 64, 66 (Client)

14 VLAN 70 (Lab) VLANs 64, 66 (Client) VLANs 64, 66 (Client)

15 Routed Port VLANs 66, 69, 71 (WAP) VLANs 66, 69, 71 (WAP)

 Create a routed interface on NL-B1-SW1 for each of the VLANs This interface should be assigned the first

IP address from each of the VLAN subnets listed in the following table Ensure each interface is functional (not shut down)

Note: The 10.1.254.0/30 subnet should be configured as a routed interface on F1/15

Network Mask VLAN Description

o PC1 should be able to ping PC2

o PC1 and PC2 should both be able to perform a ping and traceroute to the Server

o The show spanning-tree output should reveal that NL_B1_SW1 is the root bridge

o You should be able to Telnet and SSH to each switch, PC, or Server using the management interface IP

Phase 3: Configuring the Internet Connection and VPN Tunnel

Scenario

Following your advice, the NuggetLabs branch office has installed a 50Mbps Digital Subscriber Line (DSL) connection They will be using a VPN connection to connect back to the corporate office

To help guide this initial configuration, you’ve assembled the following list of objectives:

 The NuggetLabs branch office router (NL_B1_RT1) needs a base configuration which includes the

following:

o Hostname

o Passwords (CON, VTY, AUX, Enable) should be set to cisco

o Logon banner

o Three hour console port timeout

o Synchronous logging on the console port

o Telnet / SSH enabled (use nuggetlabs.com as your domain and admin/cisco for SSH credentials)

o HTTP management disabled

o DNS name resolution set to 4.2.2.2 and 4.2.2.3

o Clock set, NTP configured (use 64.73.32.135 as the NTP server)

 The IP addresses for NL_B1_RT1 should be configured as follows:

10.1.254.2 / 30 172.30.100.230 / 24

 Configure a static default route on NL_B1_RT1 using the IP address of the ISP router (172.30.100.1) to reach the Internet Once this default route is in place, NL_B1_RT1 should be able to ping Internet address (i.e 4.2.2.2, 8.8.8.8)

 Configure a static default route on NL_B1_SW1 using the inside IP address of NL_B1_RT1 to reach the Internet

 Configure NAT in such a way that the following requirements are met:

o Subnets provisioned for the branch office are able to reach the Internet using a pool of public BP addresses from 172.30.100.231 to 172.30.100.235 (simulated public for purposes of the lab)

o NOTE: NAT should be configured so only the specific subnets at the Branch office are processed by NAT on NL_B1_RT1

o The email server (10.1.68.S0) is reachable from the public IP address 172.30.100.236

 Testing - at this point you should be able to accomplish the following:

o Ping the Internet address 4.2.2.2 or 8.8.8.8 from any device in the NL branch network (test using PC1)

o Verify NAT entries appear for the connections oh NL_B1_RT1

o Telnet to the Server (10.1.68.50) from its public IP address (172.30.101.236) from the corporate office(NL_CORP_RT1)

NOTE: Since the server does not have a VTY password configured, the message, "Password required but none

set" is expected and indicates a successful test

 Configure a VPN connection between the NuggetLabs branch office facility and the corporate site using the following information (NOTE: this is beyond the current CCNA exam requirements; you will need to configure both NL_B1_RT1 and NL_CORP T1 for this exercise):

o Interesting traffic: all subnets at both offices should forward over the VPN connection

o Pre-shared key between sites: CBTNuggets-Key!!!

o Phase 1 (ISAKMP) Settings:

o NL_CORP_SW1 should be able to ping any of the VI.AN interfaces on NL_B1_SW1 including:

 VLAN 64: Client VOICE (10.1.64.1)

 VLAN 66: Client DATA (10.1.66.1)

Phase 4: Routing Using OSPF

Scenario

Now that the NuggetLabs branch facility Internet and VPN connection is functional, you would like to implement OSPF routing between both offices Because NuggetLabs is a growing organization, you intend to design their OSPF network for scalability, implementing the corporate office as the backbone and their first branch office as a different area (which allows for summarization in the network)

NOTE: To stay (somewhat) within CCNA Exam requirements, assume the ISP has created a private, MPLS connection on the 172.30.100.0/24 network between the NuggetLabs Branch Office and the NuggetLabs Corporate Office

To help guide this configuration, you’ve assembled the following list of objectives:

 Configure the NuggetLabs corporate office to support OSPF

o The NL_CORP_RT1 router (the OSPF ABR) should use the

Router-o OSPF shRouter-ould run Router-on bRouter-oth NL_CORP_RT1 and NL_CORP_SW1 (RRouter-outer ID 1.1.1.2).1

o All VLAN interfaces on NL_CORP_SW1 should be configured as passive with the exception of VLAN 1

o All networks internal to the corporate office should be in Area 0 Networks connecting to the branch office should be in Area 1

o Devices should use secure (hashed) OSPF authentication to ensure rogue devices cannot join as an OSPF neighbor Use the password "cisco" when forming all neighbor relationships Only non-passive interfaces need be configured for OSPF authentication

o Use only one OSPF network statement with an exact wildcard mask to advertise the corporate network Use one additional OSPF network statement with a wildcard mask of 0.0.0.0 to form neighbors in Area 1

 Configure the NuggetLabs branch office to support OSPF

o The NL_B1_RT1 router should use the Router ID 1.1.2.1

o OSPF should run on both NL_B1_RT1 and NL_B1_SW1 (Router ID 1.1.2.2)

o All networks in use at the branch office should be in Area 1 You may not use network commands under the OSPF routing process to advertise these networks

o All VLAN interfaces on NL_B1_SW1 should be configured as passive with the exception of F1/15

o Devices should use secure (hashed) OSPF authentication to ensure rogue devices cannot join as an OSPF neighbor Use the password "cisco" when forming all neighbor relationships Only non-passive interfaces need be configured for OSPF authentication

 Testing

o Verify OSPF neighbors have formed between all relevant Cisco devices

o Verify all OSPF - appear on all relevant Cisco devices

 Advertise a default route from both routers

o Remove the static default route from both NL_B1_SW1 and NL_CORP _SW1

o Configure NL_B1_RT1 and NL_CORP_RT1 to advertise a default route unconditionally to NL_B1_SW1 and NL_CORP_SW1

o Verify an OSPF default route now exists on both L3 switches

 On the OSPF ABR, configure two-way summarization

o The corporate office should summarize all internal, Area 0 networks into a single route when advertise to other OSPF areas

o Devices internal to the corporate office should receive a single, summarized branch office route representing all internal branch office networks (with the exception of the 10.1.254.0/30 link between NL_CORP_SW1 and NL_CORP_RT1)

 Optimize OSPF

o Ensure NL_CORP_RT1 and NL_B1_RT1 become the designated OSPF router for their respective Ethernet segments NL_CORP_SW1 and NL_B1_SW1 should be exempted from the DR election completely

o Use an OSPF hello timer of 1 second between all OSPF neighbors