CCNA3e Case Study

CCNA3 Exploration: LAN Switching and Wireless (Guided Case Study)

CCNA3 Exploration:

LAN Switching and Wireless

Guided Case Study

Student:

Date:

Points:

document.doc / 16


Overview and Objectives

To enhance the Learner’s knowledge of switching and wireless networks.

The following case study is used to illustrate the process required for designing a redundant switched network. This case study presents a scenario in which XYZ Insurance Company has hired a Network Consultant Group to design their network. In order to help you organize this project, the scenario has been divided into phases listing the requirements for each task.

Configure security via VLANs and propagate with VTP.

Design a redundant switched network.

Configure switch port VLAN information and port security

Connect and verify connectivity to a wireless router

Configure the IP settings of a Linksys wireless router

Configure DHCP on a Linksys wireless router

Change the network mode and corresponding network channel on a wireless router

Enable WEP encryption and disable SSID broadcast.

Enable a wireless MAC filter if available.

Configure access restrictions on a wireless router if available.

Background

XYZ Insurance Company requires 24/7 access to the Internet in order to service its clients. You have been retained to design a network which meets these requirements. In order to achieve this, you have decided to develop the design in stages proving each stage on the way. In addition some users within your company are provided with wireless laptops and are allowed to log onto the company’s local area network in a secure fashion. Two wireless routers are provided for this for security and the Sales staff will be shared between them. Unauthorised wireless laptop users must be denied access in order to preserve security.

RequirementsThe company has 3 main departments – Personnel, Finance and Sales. The offsite sales team are provided with laptops and, when in the head office, are regarded as part of the Sales Department. Your design must provide for

5 employees in the Personnel department.

10 employees in the Finance department.

5 wired workstations and 5 wireless workstations for internal Sales staff.

100 laptops for external mobile Sales staff. .

Lifetime max of 2 servers for each department regardless of company growth.

Expect 100% growth of current IP requirements when determining size of subnets.

document.doc / 16


All networking devices must have IP addresses.

Use the private class B 172.25.0.0 network for internal addressing.

Use VLSM for IP addressing.

Use subnet 200.1.1.0/29 for connection to the Internet via a router.

There is a DNS server at address 195.195.1.2/24 connected to the router.

A redundant switched network using a layered design is required with one router for access to the internet. (Two routers would be needed in the final analysis).

document.doc / 16


Phase 1 – Network Design (20 points)

To meet the requirements the eventual topology is shown below;

Worksheet 1. Produce a logical diagram based on the above diagram for the LAN for XYZ Insurance

Company that includes:

Router and switch names

VLAN names and details

Network addresses

Number of hosts per network

Link Speeds

The next few sections have example grids for documenting this information.

document.doc / 16

EXTRA

Internet

WRS2

Fa0/0

Fa0/1

Fa0/0

Fa0/1Fa0/24

Fa0/2 Fa0/3Fa0/4

Fa0/24

Fa0/2Fa0/3

Fa0/4

Fa0/23 Fa0/24Fa0/23Fa0/24 Fa0/23 Fa0/24

DNS Server195.195.1.2/24

Fa0/5Fa0/5


2. The company expects the use of VLSM Design to maximize the use of IP addresses. A table is to be produced showing the subnets that meet the Companies requirements using a VLSM design.

A sample table layout for recording the VLSM design is below.

Network Name VLAN Number of host addresses required

Network Address

Subnet Mask Max Number of Hosts Possible

Gateway Address

3. For each device, a set of tables is required. These will assist with design and development activities and used when configuring switches and routers. A separate table should be created for each router and switch.

Below is a sample layout for routers.

Router Name:

Network Name

Description and Purpose

Interface/Sub Interface

Type/Number

VLAN Encapsulation Network Number

Interface IP Address

Subnet Mask

Router Name:

Network Name

Description and Purpose


Type/Number

VLAN Encapsulation Network Number


Subnet Mask

document.doc / 16


Wireless Router Name:

Interface Type/Port Description and Purpose

Network Name

Network Number


Subnet Mask

Internet Port (Wired)

Wireless Port

Wireless Access Point Name:

Interface Type/Port Description and Purpose

Network Name

Network Number


Subnet Mask

Port 0 (Wired)

Port 1 (Wireless)

Below is the sample layout for the switch tables.

Distribution Switch Name:

Switch IP address: VLAN:

Port/NumberDescription

and Purpose

Speed DuplexVLANs allowed

Switchport Type

Encapsulation (if needed)

Distribution Switch Name:



Type/Port/Number

Description and

PurposeSpeed Duplex

VLANs allowed

Switchport Type

Encapsulation (if needed)

document.doc / 16


Access Switch Name:



Type/Port/Number

Description and

PurposeSpeed Duplex

Network Name

Network Number

Subnet Mask

VLANSwitchport

TypeEncapsulation

(if needed)

Access Switch Name:



Type/Port/Number

Description and

PurposeSpeed Duplex

Network Name

Network Number

Subnet Mask

VLANSwitchport

TypeEncapsulation

(if needed)

Access Switch Name:



Type/Port/Number

Description and

PurposeSpeed Duplex

Network Name

Network Number

Subnet Mask

VLANSwitchport

TypeEncapsulation

(if needed)

document.doc / 16


4. Complete the IP design, assign and tabulate PC/workstation and server addresses for each LAN in each location. Although normally a DHCP server will assign PC/workstation addresses, assign all addresses statically apart from the wireless network.

For demonstration purposes, the company agrees that it is enough to statically assign all PC/workstation and server addresses and that at the access layer three 24-port switches are sufficient. Stackable switches may be needed to accommodate the requirements for the full implementation.

Network Number

PC or Server Name

IP address Subnet Mask GatewayServices Provided

The tables and supporting text will be part of the documentation delivered to the XYZ Research Company.

Before you commence with the implementation the logical diagram and tables need to be approved by the company.

Instructors Signature: ______________________Date:_______________

For this Case Study, implement your design in phases with Packet Tracer and check out any particular aspects not supported by Packet Tracer with the equipment.

Deliverables: Assignment with answers, Packet Tracer file and relevant configuration records and testing records..

document.doc / 16


document.doc / 16


Phase 2: Basic Switch Configurations (5 points)

Using Packet Tracer, create and connect three access switches, one distribution switch, the servers and PCs together to form basic connectivity.

Name the distribution switch DistSW1.

Name the access switches AccessSW1 and AccessSW2.

On all switches, configure a login password as cisco, an encrypted privileged password as class, and provide secure telnet login capability. All passwords should be encrypted.

Connect the access switches to the PCs representing ultimately the VLANs.

Assign ip addresses to all PCs and the switches within the network 192.168.1.0 solely to test connectivity. These addresses are purely temporary.

The distribution switch is connected by trunk links to the access switches.

Configure port security on the ports to which the PCs are connected with a maximum of 1 and violation mode as shutdown.

DO NOT create any VLANs at this stage.

Testing1. Is there connectivity between all devices? [Y/N] ___________

2. Can the PCs ping every device? [Y/N] ______________

3. Do the access connected ports acquire the first MAC address? [Y/N] _______First MAC address _____________

4. Do the connected ports shutdown if a second PC replaces the first PC? [Y/N] _

Record the MAC addresses learned on each access port across all switches.

document.doc / 16


Phase 3: VLAN Configurations (20 points)

Assign the VLANs from your design to achieve security between the Personnel, Sales and the IT management function of the network. Based on your Network Design in Phase 1, create the networks and assign the ip addresses to the access switches and one distribution switch, and the PCs and servers.

NB: Do not include redundancy with the second Distribution switch in this phase.

Steps1. Via VTP, assign version 2 to all switches.2. Assign server mode to the distribution switch and client mode to the access switches.3. Assign a domain and password to the switches.4. Use VTP to propagate the VLAN database from the distribution switch.5. Create the VLANs on the distribution switch as in your design for Personnel, Finance

and Sales.6. Create a Management VLAN for the switches.7. Assign single ports as access ports with port security as in the previous phase for

each VLAN on both access switches.8. Configure the PCs to represent the departments and assign representative ip

addresses from each VLAN.

Tests1. Has the VLAN database propagated to the access switches? [Y/N] ____

2. Test connectivity across the network for each of the three VLANs [Y/N]____

3. Is there connectivity between different VLANs? [Y/N] ________

4. Test that pings are successful from switch to switch:

Ping from Distribution Switch 1 to Access Switch 1 and 2? [Y/N] ________

Ping from Access Switch 1 to Access Switch 2? [Y/N] ___________

Save and print out (1) Switch configurations, (2) show interface trunk, (3) show VLAN for each switch, (4) show VTP mode and status for each switch..

document.doc / 16


Phase 4: Router Configuration (20 points)

Add one router to provide inter-network communication between VLANs and simulate the Internet with a web server with a home page with the text “CCNA3 Exploration Case Study. Communication successful. Your name and date”.

NB. Whilst this inter-network connectivity negates the security provided by VLANs, with access control lists firewalls would be configured to deny or allow communication as necessary.

Steps1. Select a router with two fastethernet ports and name it Router1 with login password

as cisco and secret password as class.2. Configure sub-interfaces on Router1 fa0/0 for the VLANs and the native VLAN. The

sub-interfaces become the default gateways for each of these networks.3. Connect a web server with a home page to simulate the Internet for test purposes.4. Add default gateways to the PCs.

Tests1. Is there communication between PCs and servers? [Y/N] ________

2. Is there communication via the router between each VLAN? [Y/N] ________

3. Test that pings are still successful from switch to switch.

Ping from Distribution Switch 1 to Access Switch 1 and 2? [Y/N] ________


4. Can each PC browse to the web server on the internet? [Y/N] ____________

Save and print out (1) the router configuration, (2) show ip route, (3) show protocols.

document.doc / 16


Phase 5: Wireless Configuration (20 points)

Add a wireless router for mobile communication for the external Sales staff with secure access to the Sales network and the wireless access point for the internal Sales staff with wireless laptops.

NB. With Packet Tracer, full security may not be achievable on the wireless devices. If not, state what additional security measures you would configure.

Steps1. Select a wireless router with an internet port connected to the wired Sales VLAN.2. Configure the wireless router internet port with a static IP address in the Sales

network.3. Configure the wireless LAN on the wireless router with DHCP and the

SSID: “ExternalXYZSales”.4. Configure additional security with a WEP key and explain the addition of MAC filters.5. Install a LAN wireless card in a PC and configure with DHCP selected.6. Select a wireless access point and configure it with secure access to the wired Sales

VLAN with SSID: “InternalXYZSales” and a WEP key.

Tests1. Is there communication from wireless router to the Sales PCs on the wired network

via both access switches? [Y/N] ________

2. Record the IP address assigned to wireless PC via DHCP? ____________

3. Is wireless communication via the access point? [Y/N]

4. Is there communication from the wireless PCs and the wired Sales PCs?Successful ping from external wireless PC to a wired Sales PC via wireless router? [Y/N] ____Successful ping from internal wireless PC to a wired Sales PC via wireless access point? [Y/N] ____

5. Test that pings are still successful from switch to switch: Ping from Distribution Switch 1 to Access Switch 1 and 2? [Y/N] ________


6. Can the wireless PCs browse to the web server on the internet? [Y/N] ______

Save, capture and print out configuration of (1) wireless router, (2) wireless access point.

document.doc / 16


Phase 6: Redundant Distribution Switch (15 points)

Add a second switch at the distribution level to create a redundant switched network.

Steps1. Add the redundant switch in server mode with the same domain and password.2. Ensure the root bridge is one of the distribution switches.3. Connect the redundant switch via a trunk link to the first distribution switch.4. Connect trunk links from the distribution switches to the access switches.5. Allow spanning-tree protocol to set the port states.

TestsEnter show spanning-tree to record:

1. Identity of the root bridge: _____________________2. Assign same priority to all VLANs.3. For each switch on VLAN99record the root bridge identity, ensuring one of the

distribution switches is a root bridge, and the status of the trunk ports as shown below:

Switch:_DistSW1__ MAC Address:__________________ Priority: ____Root ID: ___________________________

Trunk Port Status Trunk Port Status Trunk Port Status

Switch:_DistSW2_ MAC Address:__________________ Priority: ____ Root ID:


Switch:_AccessSW1 MAC Address:__________________ Priority: ____Root ID: ___________


document.doc / 16


Switch: AccessSW2 MAC Address:__________________ Priority: ____ Root ID: ___________


Switch:AccessSW3 MAC Address:__________________ Priority: ____ Root ID:


4. Change the bridge priorities so that the other distribution switch becomes the root bridge and record the states and identities as previously.

Save, capture and print out the output from show spanning-tree of all switches for both root bridge assignments.

document.doc / 16


EXTRA

Phase 7: Fully Redundant Switched Network (No points)

To provide 24/7 access to the Internet, a second router would be installed with a trunk link to the redundant distribution switch.

Steps Add the second router and name it Router2. Configure it in the same manner as Router1. Connect the web server via a switch to Router1 and Router2. Connect it via a switch to the fastethernet ports on the two routers.. Connect Router2 to the second distribution switch.

Tests1. Access the web server from all PCs? [Y/N] ________

2. If DistSW1 fails, can all PCs still access the Internet. [Y/N] _____

NB. Default gateway of web server may need changing.Save and print the port status for the surviving Distribution switch.

3. If Router1 fails, can all PCs still access the Internet. [Y/N] _____NB. Default gateway of web server may need changing.

------ END of CASE STUDY-----

document.doc / 16

CCNA3e Case Study

Documents

Transcript of CCNA3e Case Study