DCOM 3100 Data Communications and Networking

Objectives

In this Capstone Project activity, you will demonstrate your ability to:

  • Design and implement an IPv4 VLSM addressing scheme that fulfills the requirements
  • Design and implement an IPv6 VLSM addressing scheme that fulfills the requirements
  • Design, configure, verify, and secure EIGRP for the necessary networks
  • Design, configure and verify Link Aggregation, RapidPVST+, FHRP, Port Fast, Edge Ports
  • Create detailed design documentation for your proposed network
  • Implement an operational network based on your network design
  • Explain your implementation and demonstrate its operation
  • Produce documentation of your testing and network configuration for use by others to maintain and expand the network.

Required Resources

  • Use the equipment available in H-218 and H-166B. You may be required to use more than one pod. Solutions done in Packet Tracer will NOT be accepted, and will be graded with a mark of zero (0).
  • Computers, (as needed) connected via network cable will be required to complete testing. This is expected to be student laptops plus the pod workstation.
  • Microsoft Word, Excel and Visio are good options of this but any equivalent is acceptable. Diagrams from Packet Tracer are NOT acceptable and will be graded with a mark of zero (0).
  • Ensure that you use the appropriate icons / devices / media type(s) in your topology diagram – marks will be deducted for non-standard representations.

Miscellaneous Notes

  • In this capstone, replace all occurrence of ‘xxx’ with your two digit group number (i.e. if you belong to group 64, and the project requires you to use the IP address of 192.168.xxx.0 /24 in your addressing / configuration, you will utilize the IP address 192.168.64.0/24).
  • For the capstone, where appropriate, you are allowed to utilize loopback interfaces and / or VLANs to simulate LAN segments.
  • Assume that all ports on all the switches are Gigabit ports – ie: in room H218 where the switches have FastEthernet ports, treat these ports as Gigabit ports.

Phase 1 – Design and Addressing

Scenario

You are a network engineering specialist at a consulting firm. You have been hired by a client firm (ACME International) to complete the design and setup a multisite network for their new Canadian operations. The sites client has already selected 4 sites in Canada; 2 branch offices and their head office sites. The client will link their Canadian operations to their international network via an IPSec tunnel connection over the Internet from the Canadian head office, after you have completed your work.

The client current is running an IPv4 and IPv6 dual-stack network using EIGRP routing protocol and requires that your design will be able to connect with their existing international network.

Prior to you being hired, the client had started work on the required connectivity. They have purchased the links between their offices and require you use the existing links (and only these links) in your design. In addition, all equipment you have available to you has also been purchased. The client is providing you with 5 routers and 4 Gigabit Ethernet switches (One router will be setup as your Internet cloud – configure a loopback address of 210.10.10.1/32 to emulate the ISP connection). All routers have 2 Gigabit Ethernet ports and 2 Serial ports. Each switch has 24 Gigabit Ethernet ports. You are allowed to deploy this equipment as you need to meet the requirements from the client.

The client company has its head office in Oshawa, ON. The HQ is spread out between 2 buildings that are across from each other. HQ1 hosts the organizations various departments, while HQ2 hosts the organization Data Centre. They have purchase leased lines (serial connections) between the Head office locations and their 2 Branch Offices – one located in Thunder Bay, ON and the other located in Sudbury, ON. They have also purchased a Metro Ethernet link between Sudbury and Thunder Bay. To accommodate for maximum redundancy – the organization has addition Metro Ethernet links available – you are asked to use these at your discretion to ensure that you do not have any single point of failure between any the various locations. The company wishes to make ongoing use of all paths between facilities even though they may not be the same bandwidth. Finally, the Internet connectivity for all sites is being provided through the head offices and is provided through a pair leased line (serial) connections at 1024kbps. Use the IP addresses 200.1.1.1/32 and 200.2.2.2/32 respectively to connect to the ISP. A default static route for all non-local traffic should be provided and redistributed throughout the network.

Each site is required to support a different number of end-user systems. The numbers provided do not include IP addresses for any required networking equipment. The company policy dictates that the last 5 IP address within each segment be utilized for equipment addressing.

NOTE: use loopback interfaces / VLANs to emulate a LAN segment as required.

Table 1

Location

End Devices

HQ1 – Segment 1

500

HQ1 – Segment II

60

HQ1 – Segment III

254

HQ1 – Segment IV

124

HQ1 – Segment V

251

HQ1I – Segment 1

120

HQ1I – Segment II

40

HQ1I – Segment III

124

HQ1I – Segment IV

55

Thunder Bay – Segment I

9

Thunder Bay – Segment II

20

Thunder Bay – Segment III

16

Sudbury – Segment I

45

Sudbury – Segment II

15

Sudbury – Segment III

33

Sudbury – Segment IV

20

The network at the Head Office is required to meet the company’s reliability standards. The 2 HQ offices should utilize a minimum of 2 switches and 2 routers to provide redundancy. All switches at head office need to be connected to every other switch with a minimum 6 gigabit connection. The company currently use link aggregation and RapidPVST+ and require that the new network also conform to this standard. The company also wants to create redundancy on their gateway routers with load balancing and you need to incorporate this into your design.

The client requires that the IPv4 and IPv6 addressing integrate with their existing network architecture. They have opted to use the IP address space of 172.17.xxx.0/20 for their IPv4 addressing schematic and require that you create a plan to utilize this space in an optimum addressing design. They have also provided you with a 2004:CAFE:0:0xxx::8000/116 address space and require a parallel IPv6 addressing plan for their organization so they are ready to move to a full IPv6 environment when that is appropriate. Your IPv6 addressing should have minimum host address wastage.

Design & Addressing Documentation Requirements (40% of grade):

  1. A complete network topology (preferably using Visio) for your network including port assignments, links, protocols that will be used.
  2. A full explained and well documented network addressing scheme for both IPv4 & IPv6 preferably in an excel table. Your addressing schematic should list at a minimum the Network ID, subnet mask, first host, last host, and broadcast address (where appropriate) for each segment.
  3. Ensure that you have minimum number of host address wastage for both IPv4 & IPv6.
  4. A word document explaining your chosen topology, and a description that justifies the protocols that will be implemented.
  5. WinZip all files (do not use WinRAR) and submit via DC Connect. Please do NOT submit any .pdf documents.
  6. Ensure your documents are professional, clear and easy to understand. They should be treated as an official exchange between an IT consulting firm and its client.

Phase II - Implementation

Implement the network you have designed.

The client has provided additional details to assist as you configure the network.

  • Advertise directly connected networks (IPv4 & IPv6) using the wildcard mask.
  • Disable automatic summarization.
  • Disable routing updates where appropriate.
  • Modify the EIGRP hello-timers.
  • Modify the bandwidth of the interfaces.
  • Require EIGRP authentication on all routers. (Bonus)
  • Configure accurate link speeds as outlined in the network design. Implement load balancing where appropriate as outlined in the design.

Configure network security to the client requirements

  • Configure all passwords as encrypted.
  • Require a username and password for all login.
  • Restrict access to the console connection.
  • Restrict access to the VTY connections.
    1. Allow SSHv2 connections only. (Use the company domain acme.com)
    2. Allow connections originating only from the Head offices network.
  • Disable AUX port access.
  • Configure a banner warning.
  • Close all switch ports not in use. (For this assignments, Ports 22 - 24 are not to be used)
  • Register the first two MAC address learnt per open switch port. Attempts by other devices to use the open switch port must be logged and violations counted but the port should not stop functioning.

Verify the network.

  • Validate connectivity between all networks and devices.
  • Validate dynamic routing functionality through routing tables and traceroutes. Use at least five commands to verify dynamic routing configuration.
  • Verify all security restrictions have been correctly implemented.

Final Documentation Requirements (60% of grade)

Submit the following files:

  • Use appropriate ‘show’ commands to demonstrate each protocol you have implemented.
  • For each router and switch, the final configuration of the device as a DEVICENAME.docx file where DEVICENAME is the name of the device. Submit one document per device; Filename: Devicename.docx
  • For all routers, submit screenshots from ping testing showing connectivity to all other networks and the “internet”. Submit one document for all devices; Filename: Pings.docx
  • For all routers, submit screenshots of their dynamic routing functionality. Submit one document for all devices; Filename: Routing.docx
  • If you are using VLANs, submit documentation of all VLAN configuration. Submit one document for all devices; Filename: VLANs.docx
  • A complete network topology for your network “as built” (highlight any changes made to topology since the Phase I submission). Submit one document; Filename: Topology.vsdx
  • A word document to justify your final topology, and implementation of chosen protocols. Your document should highlight all changes made since Phase I submission. Filename: Overview.docx
  • A fully explained network addressing scheme (highlight any changes made to topology since the Phase I submission). Filename: Addressing.xlsx
  • WinZip all files (do not use WinRAR) and submit via DC Connect. Please do NOT submit any .pdf documents.
  • Ensure your documents are professional, clear and easy to understand. Treat it as an official exchange between an IT consulting firm and its client.