COMP604 and COMP712 Cisco - Routing and Switching Essentials
{` COMP604 and COMP712 Cisco - Routing and Switching Essentials CASE STUDY Wintec Waikato Institute of Technology `}
SECTION TOPIC
One Introduction and Cabling
Two Basic Configuration of the Network
Three Configure RIPng
Four DHCPv6 Stateful Configuration
Five IPv6 Static Routes
Six LLDP, Syslog and NTP
Seven IPV6 ACLs
Eight Clean Up
This assessment is worth 25% (COMP604) and 20% (COMP712) of the total for this Assignment.
Objectives
Complete the following tasks:
- Assign addresses to interfaces and document them in the address table provided
- Cable the network according to the topology diagram
- Erase the startup configuration and reload routers and switch to the default state.
- Configure RIPng routing on all routers.
- Configure and propagate a default static route.
- Configure IPv6 Static Routes
- Verify RIPng operation.
- Perform security configuration on the switches.
- Configure Stateful DHCP
- Configure Stateless DHCP
- Design and apply an IPv6 ACL to restrict PC access to Web Server and VTY access
- Test and verify full connectivity
Criteria: Elements of Case Assignment:
You must submit the following…
- The written components of this assignment completed as per this paper (1 per member)
- You must include the running configuration on notepad for each device or at the end of this paper.
- One working physical network that has been correctly cabled and configured with all the configurations outlined in this assignment.
General Instructions:
You shall complete this assignment in your own time and demonstrate it in class.
Please provide your name and student identification number at the top of page one.
Do not use pencil
Do not use red ink except in diagrams
Cross out any writings that you do not wish to be marked
Writing must be legible.
First configure your network on Packet Tracer to obtain the as many commands as possible. Your instructor will allocate appropriate time for you to configure your network on the actual equipment. Save the running configuration for each device to notepad so you can easily reconfigure the devices on demand or if you do not complete the configuration in one session.
Important Note:
Your Instructor will provide you with a group number between 1 and 6. This number is equal to n in this assignment. Where you see (n) be sure to replace it with your group number.
Version # ___3____ = n
Network Topology:
SECTION ONE (10 marks)
Introduction and Cabling
You are a network engineer for a company with multiple locations that are connected as shown above in the topology. In this assessment, you must design and assign address ranges and host addresses to accommodate all hosts and links on the network. RIPng and a static default route will be required so that hosts on networks not directly connected can communicate both internally within your network, and externally to the Web Server at 2001:DB8:ACAD::2. You have completed this assessment when each host can ping each other, and advanced routing and switching parameters are configured correctly.
Step 1.1:
Your instructor will assign you a public “Outside” IPv6 address for the GigabitEthernet interface of R1. It is:
R1s Gi 0/0 Address: |
2001:1234:ACAD:F::3 |
You will be responsible for connecting this interface into the Public Switch (switchport number n).
Step 1.2:
You have been provided with the Routing Prefix 2001:(3)CAD:CAFE::/48. Subnet and address the devices with the appropriate Global IPv6 addresses and Link Local Addresses for R1, R2, R3, S1 and S2. PC1 will receive it’s addressing via Stateful DHCP from R2 and PC2 will receive Stateless information from R3. Your Subnet ID field for each prefix must match the subnet number, for example the subnet field will be 1 for subnet one.
Tables: Addressing Scheme
Device – R1:
Interface |
IPv6 Global Address |
Link Local |
Prefix |
Note |
Gi 0/0 |
2001:1234:ACAD:F::3 |
Fe80::3 |
64 | |
Serial 0/0/0 |
2001:3CAD:CAFÉ:A002::2/64 |
Fe80::4 |
64 |
DCE Clock to R2 |
Serial 0/0/1 |
2001:3CAD:CAFÉ:A003::1/64 |
Fe80::4 |
64 |
DCE Clock to R3 |
Device – R2:
Interface |
IPv6 Global Address |
Link Local |
Prefix |
Note |
Gi 0/0 |
2001:3CAD:CAFÉ:1::1/64 |
Fe80::5 |
64 |
To S1 |
Serial 0/0/0 |
2001:3CAD:CAFÉ:A002::1/64 |
Fe80::5 |
64 |
To R1 |
Serial 0/0/1 |
2001:3CAD:CAFÉ:A004::1/64 |
Fe80::5 |
64 |
DCE Clock to R3 |
Device – R3:
Interface |
IPv6 Global Address |
Link Local |
Prefix |
Note |
Gi 0/0 |
2001:3CAD:CAFÉ:5::1/64 |
64 |
To PC2 via S1 | |
Serial 0/0/0 |
2001:3CAD:CAFÉ:A003::2/64 |
Fe80::6 |
64 |
To R1 |
Serial 0/0/1 |
2001:3CAD:CAFÉ:A004::2/64 |
Fe80::6 |
64 |
To R2 |
Loopback 6 |
2001:3CAD:CAFÉ:A006::1/64 |
Fe80::6 |
64 | |
Loopback 7 |
2001:3CAD:CAFÉ:A007::2/64 |
Fe80::6 |
64 | |
Loopback 8 |
2001:3CAD:CAFÉ:A008::3/64 |
Fe80::6 |
64 |
Device – S1:
Interface |
Note |
Fa 0/1 |
To R3’s Gi 0/0 |
Fa 0/2 |
To PC2 |
VLAN 99 |
Device – S2:
Interface |
Note |
Fa 0/1 |
To R3’s Gi 0/0 |
Fa 0/2 |
To PC2 |
VLAN 99 |
ISP router (Tutor router)
Interface |
IP address |
Note |
g 0/0 |
2001:DB8:ACAD::24/64 FE80::24 |
To webserver |
g 0/2 |
2001:1234:ACAD:F::24/64 FE80::10 |
To public switch |
Step 1.3:
For each allocated router and switch, erase the configuration, reload the device, and ensure that the configuration register is set to 0x2102. For the two PCs, ensure they are set to obtain their IPv6 configuration automatically.
Now, using the appropriate cables, cable your topology as depicted in figure 1.
Section Two
Basic Configuration of the Network (10 marks)
Step 2.1:
Assign the correct IPv6 addresses for each router interface as calculated and planned for in the Tables above. It is advisable to disable IPV4 on PC 1 and PC 2.
Step 2.2:
On each router, apply the following:
- Disable DNS lookup
- A hostname that accurately reflects the name of the router.
- A domain name of wintecgang.com
- SSH service (1024 bit key, 4 retries, version 2, and a 110 second timeout).
- Local database entry (Username: cisco, Password: cisco)
- A encrypted privileged password of class
- A console password of cisco
- A login banner that warns the user not to enter unless authorised.
- Set the login block time to 10 seconds, with 2 attempts within 30 seconds.
- Ensure the console and vty logging is synchronous.
- Place meaningful descriptions on all router interfaces.
- For all DCE Serial interfaces, set a clock rate of 128 kbps.
- Ensure that access to the virtual terminal interfaces is only via SSH.
- Encrypt the plaintext passwords.
- Enable IPv6 routing
Verify Connectivity between Directly Connected Routers
Test |
Yes / No |
Can R1 ping R2? (directly connected Serial Interface) | |
Can R1 ping R3? (directly connected Serial Interface) | |
Can R3 ping R2? (directly connected Serial Interface) |
On S1 and S2, apply the following:
- Disable DNS lookup
- A hostname that accurately reflects the name of the switch.
- A domain name of wintecgang.com
- SSH service (1024 bit key, 4 retries, version 2, and a 110 second timeout).
- Local database entry (Username: admin, Password: cisco)
- A encrypted (MD5) privileged password of class
- A console password of cisco
- A message-of-the-day banner that tells the user what switch they are accessing.
- VLAN information as defined in table 2 below.
- Enable the switch so an IPv6 address can be assigned to its VLAN interface
- Ensure the console and vty logging is synchronous.
- For all interfaces that are not in use, configure the following:
- Set as an access port.
- Configured into VLAN 666
- Shut down
- Ensure that access to the virtual terminal interfaces is only via SSH.
- Encrypt the plaintext passwords.
Interface |
IP Address |
Note |
Fa 0/1 |
N/A |
Link back to R3 |
Fa 0/2 |
N/A |
To PC2 |
VLAN 99 |
Set the management address to the next address after the local router’s Gigabit 0/0 address. |
Management VLAN |
VLAN 666 |
N/A |
Name = BlackHole |
Step 2.3:
At router R1, configure a default route back to the ISP and specify Link Local address fe80::10 as the next hop address, and your directly connected interface Gi0/0. Make sure this static default route is a fully specified route otherwise it will not work.
SECTION THREE (10 marks)
Configure RIPng.
Step 3.1:
Configure RIPng on routers and router interfaces for R1, R2, and R3.
Advertise all directly connected networks, do not include the loopbacks on R3.
Do not advertise the Gi 0/0 interface of R1 (up to the ISP).
Step 3.2:
At R1, “propagate” the default route so that R2 and R3 receive this static route via RIP.
What command did you use:_____
SECTION Four (20 marks)
DHCPv6 Stateful and Stateless Configuration
Step 4.1:
Configure R2 as a Stateful DHCPv6 Server for the Subnet 1 LAN
- Configure a DHCP pool called IPV6-STATEFUL
Configure the following pool parameters:
- DNS Server 2001:DB8:ACAD::2
- Domain-name wintecgang.com
Configure the DHCPv6 interface with the following:
- Bind the pool IPV6-STATEFUL to the Interface
- Change the M flag from 0 to 1 to use a DHCP Server only
Step 4.2:
Configure R3 as a Stateless DHCPv6 Server for the Subnet 2 LAN
In this option you are configuring the Router as Stateless and a DHCPv6 Server. The router in this instance will not provide host addresses, only IPV6 parameters such as DNS server address and domain-name.
- Configure a name for the DHCP Pool as IPV6-STATELESS
Configure Pool Parameters:
- DNS Server 2001:DB8:ACAD::2
- Domain-name com
Configure the DHCPv6 interface (G0/0):
- Bind the DHCPv6 pool IPV6-STATELESS to the interface G0/0
- Set the Stateless DHCPv6 Option flag M to 0 and O to 1
Device – PCs:
Record each PCs IPV6 configuration once you have completed the IPv6 DHCP configuration. It is advisable to disable IPV4 on PC 1 and PC 2.
Device |
IPv6 Global Unicast Address |
Prefix |
Link Local Address |
Default Gateway |
DNS Address |
PC1 | |||||
PC2 |
SECTION Five
IPv6 Static Routes (20 marks)
Step 5.1:
Configure static routes on R2 and R1 so that devices on LAN Subnet 1 and the Internet can reach the Loopback 6, 7 and 8 on R3.
Configure the static default route on R1 and propagate this to the other routers so that PC1 and PC2 can access the webserver. (Note this needs to be a fully specified route to the ISP router’s interface)
Step 5.2:
Verify Connectivity
- Try to ping PC2 from PC1. Is it successful?
- Attempt to ping the Web Server at 2001:DB8:ACAD::2 from both PC1 and PC2. Is it successful?
- View the webpage on [2001:DB8:ACAD::2] from the PC1 and PC2 web-browser.
Step 5.3:
Look at the routing table at R3.
What entry was used by the PING conversation from PC2 to elicit a response from the Web Server at 2001:DB8:ACAD::2
SECTION SIX (15 marks)
Configure LLDP, Syslog and NTP
Instructions
Configure LLDP on R2, R3, S1 and S2 LAN – check you can see LAN neighbors
(Note LLDP will only work on the Ethernet links)
Configure R1 to be an NTP Server with the current date and time (see the services tab)
Configure R3, R2 to be NTP clients
Check that R1, R2 and R3 have the same time as the Server (show clock)
Configure the PC2 to be a Syslog server
Configure R1, R2 and R3 to log messages to the syslog server
Create and delete Lo0 on each router and check they are logging messages on the server
SECTION SEVEN
IPv6 Access Control Lists (15 marks)
Step 7.1:
Create an ACL such that all hosts on the Subnet 2 can NOT access the Web Server at 2001:DB8:ACAD::2 through the web-browser, however they can ping Webserver. The hosts on Subnet 1 should be able to access the Webserver. Where, and in what direction, did you place this ACL, and why?
Record appropriate commands below
Step 7.2:
Create an ACL such that only PCs on Subnet 1 can SSH into R1.
Any attempts to SSH into this device from R2, R3, S1, or PC2 will be rejected.
Record appropriate commands below:
SECTION EIGHT
Clean Up:
Step 7.1:
Copy all the configurations and relevant show commands needed for your documentation
Erase all running configuration files off the routers and switch.
Erase the vlan.dat file from the switch.
Reset the PCs’ TCP/IP protocol stacks to TCP/IP.
Disconnect and return all topology cables to the appropriate location.
Do not continue past this point until your examiner has signed your work.
Include the following screenshots for the relevant devices:
- Running configuration and routing tables for all routers
- Running configuration and VLAN settings for all switches
- IP config for all PCs as well as the following pings:
- PC1-webserver
- PC2-webserver
- Proof of SSH access to the routers and switches