COMP604 and COMP712 Cisco - Routing and Switching Essentials

COMP604 and COMP712
Cisco - Routing and Switching Essentials
CASE STUDY
Wintec Waikato Institute of Technology

SECTION TOPIC

One Introduction and Cabling

Two Basic Configuration of the Network

Three Configure RIPng

Four DHCPv6 Stateful Configuration

Five IPv6 Static Routes

Six LLDP, Syslog and NTP

Seven IPV6 ACLs

Eight Clean Up

This assessment is worth 25% (COMP604) and 20% (COMP712) of the total for this course.

Objectives

Complete the following tasks:

  • Assign addresses to interfaces and document them in the address table provided
  • Cable the network according to the topology diagram
  • Erase the startup configuration and reload routers and switch to the default state.
  • Configure RIPng routing on all routers.
  • Configure and propagate a default static route.
  • Configure IPv6 Static Routes
  • Verify RIPng operation.
  • Perform security configuration on the switches.
  • Configure Stateful DHCP
  • Configure Stateless DHCP
  • Design and apply an IPv6 ACL to restrict PC access to Web Server and VTY access
  • Test and verify full connectivity

Criteria: Elements of Case Study:

You must submit the following…

  • The written components of this assignment completed as per this paper (1 per member)
  • You must include the running configuration on notepad for each device or at the end of this paper.
  • One working physical network that has been correctly cabled and configured with all the configurations outlined in this assignment.

General Instructions:

You shall complete this assignment in your own time and demonstrate it in class.

Please provide your name and student identification number at the top of page one.

Do not use pencil

Do not use red ink except in diagrams

Cross out any writings that you do not wish to be marked

Writing must be legible.

First configure your network on Packet Tracer to obtain the as many commands as possible. Your instructor will allocate appropriate time for you to configure your network on the actual equipment. Save the running configuration for each device to notepad so you can easily reconfigure the devices on demand or if you do not complete the configuration in one session.

Important Note:

Your Instructor will provide you with a group number between 1 and 6. This number is equal to n in this assignment. Where you see (n) be sure to replace it with your group number.

Version # ___3____ = n

Network Topology:

Cisco - Routing and Switching Essentials Image 1

SECTION ONE (10 marks)

Introduction and Cabling

You are a network engineer for a company with multiple locations that are connected as shown above in the topology. In this assessment, you must design and assign address ranges and host addresses to accommodate all hosts and links on the network. RIPng and a static default route will be required so that hosts on networks not directly connected can communicate both internally within your network, and externally to the Web Server at 2001:DB8:ACAD::2. You have completed this assessment when each host can ping each other, and advanced routing and switching parameters are configured correctly.

Step 1.1:

Your instructor will assign you a public “Outside” IPv6 address for the GigabitEthernet interface of R1. It is:

R1s Gi 0/0 Address:

2001:1234:ACAD:F::3

You will be responsible for connecting this interface into the Public Switch (switchport number n).

Step 1.2:

You have been provided with the Routing Prefix 2001:(3)CAD:CAFE::/48. Subnet and address the devices with the appropriate Global IPv6 addresses and Link Local Addresses for R1, R2, R3, S1 and S2. PC1 will receive it’s addressing via Stateful DHCP from R2 and PC2 will receive Stateless information from R3. Your Subnet ID field for each prefix must match the subnet number, for example the subnet field will be 1 for subnet one.

Tables: Addressing Scheme

Device – R1:

Interface

IPv6 Global Address

Link Local

Prefix

Note

Gi 0/0

2001:1234:ACAD:F::3

Fe80::3

/64

Serial 0/0/0

2001:3CAD:CAFÉ:A002::2/64

Fe80::4

/64

DCE Clock to R2

Serial 0/0/1

2001:3CAD:CAFÉ:A003::1/64

Fe80::4

/64

DCE Clock to R3

Device – R2:

Interface

IPv6 Global Address

Link Local

Prefix

Note

Gi 0/0

2001:3CAD:CAFÉ:1::1/64

Fe80::5

/64

To S1

Serial 0/0/0

2001:3CAD:CAFÉ:A002::1/64

Fe80::5

/64

To R1

Serial 0/0/1

2001:3CAD:CAFÉ:A004::1/64

Fe80::5

/64

DCE Clock to R3

Device – R3:

Interface

IPv6 Global Address

Link Local

Prefix

Note

Gi 0/0

2001:3CAD:CAFÉ:5::1/64

/64

To PC2 via S1

Serial 0/0/0

2001:3CAD:CAFÉ:A003::2/64

Fe80::6

/64

To R1

Serial 0/0/1

2001:3CAD:CAFÉ:A004::2/64

Fe80::6

/64

To R2

Loopback 6

2001:3CAD:CAFÉ:A006::1/64

Fe80::6

/64

Loopback 7

2001:3CAD:CAFÉ:A007::2/64

Fe80::6

/64

Loopback 8

2001:3CAD:CAFÉ:A008::3/64

Fe80::6

/64

Device – S1:

Interface

Note

Fa 0/1

To R3’s Gi 0/0

Fa 0/2

To PC2

VLAN 99

Device – S2:

Interface

Note

Fa 0/1

To R3’s Gi 0/0

Fa 0/2

To PC2

VLAN 99

ISP router (Tutor router)

Interface

IP address

Note

g 0/0

2001:DB8:ACAD::24/64

FE80::24

To webserver

g 0/2

2001:1234:ACAD:F::24/64

FE80::10

To public switch

Step 1.3:

For each allocated router and switch, erase the configuration, reload the device, and ensure that the configuration register is set to 0x2102. For the two PCs, ensure they are set to obtain their IPv6 configuration automatically.

Now, using the appropriate cables, cable your topology as depicted in figure 1.

Section Two

Basic Configuration of the Network (10 marks)

Step 2.1:

Assign the correct IPv6 addresses for each router interface as calculated and planned for in the Tables above. It is advisable to disable IPV4 on PC 1 and PC 2.

Step 2.2:

On each router, apply the following:

  • Disable DNS lookup
  • A hostname that accurately reflects the name of the router.
  • A domain name of wintecgang.com
  • SSH service (1024 bit key, 4 retries, version 2, and a 110 second timeout).
  • Local database entry (Username: cisco, Password: cisco)
  • A encrypted privileged password of class
  • A console password of cisco
  • A login banner that warns the user not to enter unless authorised.
  • Set the login block time to 10 seconds, with 2 attempts within 30 seconds.
  • Ensure the console and vty logging is synchronous.
  • Place meaningful descriptions on all router interfaces.
  • For all DCE Serial interfaces, set a clock rate of 128 kbps.
  • Ensure that access to the virtual terminal interfaces is only via SSH.
  • Encrypt the plaintext passwords.
  • Enable IPv6 routing

Verify Connectivity between Directly Connected Routers

Test

Yes / No

Can R1 ping R2?

(directly connected Serial Interface)

Can R1 ping R3?

(directly connected Serial Interface)

Can R3 ping R2?

(directly connected Serial Interface)

On S1 and S2, apply the following:

  • Disable DNS lookup
  • A hostname that accurately reflects the name of the switch.
  • A domain name of wintecgang.com
  • SSH service (1024 bit key, 4 retries, version 2, and a 110 second timeout).
  • Local database entry (Username: admin, Password: cisco)
  • A encrypted (MD5) privileged password of class
  • A console password of cisco
  • A message-of-the-day banner that tells the user what switch they are accessing.
  • VLAN information as defined in table 2 below.
  • Enable the switch so an IPv6 address can be assigned to its VLAN interface
  • Ensure the console and vty logging is synchronous.
  • For all interfaces that are not in use, configure the following:
    - Set as an access port.

- Configured into VLAN 666

- Shut down

- Ensure that access to the virtual terminal interfaces is only via SSH.

  • Encrypt the plaintext passwords.

Interface

IP Address

Note

Fa 0/1

N/A

Link back to R3

Fa 0/2

N/A

To PC2

VLAN 99

Set the management address to the next address after the local router’s Gigabit 0/0 address.

Management VLAN

VLAN 666

N/A

Name = BlackHole

Step 2.3:

At router R1, configure a default route back to the ISP and specify Link Local address fe80::10 as the next hop address, and your directly connected interface Gi0/0. Make sure this static default route is a fully specified route otherwise it will not work.

SECTION THREE (10 marks)

Configure RIPng.

Step 3.1:

Configure RIPng on routers and router interfaces for R1, R2, and R3.
Advertise all directly connected networks, do not include the loopbacks on R3.

Do not advertise the Gi 0/0 interface of R1 (up to the ISP).

Step 3.2:

At R1, “propagate” the default route so that R2 and R3 receive this static route via RIP.

What command did you use:_____

SECTION Four (20 marks)

DHCPv6 Stateful and Stateless Configuration

Step 4.1:

Configure R2 as a Stateful DHCPv6 Server for the Subnet 1 LAN

  • Configure a DHCP pool called IPV6-STATEFUL

Configure the following pool parameters:

  • DNS Server 2001:DB8:ACAD::2
  • Domain-name wintecgang.com

Configure the DHCPv6 interface with the following:

  • Bind the pool IPV6-STATEFUL to the Interface
  • Change the M flag from 0 to 1 to use a DHCP Server only

Step 4.2:

Configure R3 as a Stateless DHCPv6 Server for the Subnet 2 LAN

In this option you are configuring the Router as Stateless and a DHCPv6 Server. The router in this instance will not provide host addresses, only IPV6 parameters such as DNS server address and domain-name. 

  • Configure a name for the DHCP Pool as IPV6-STATELESS

Configure Pool Parameters:

  • DNS Server 2001:DB8:ACAD::2
  • Domain-name com

Configure the DHCPv6 interface (G0/0):

  • Bind the DHCPv6 pool IPV6-STATELESS to the interface G0/0
  • Set the Stateless DHCPv6 Option flag M to 0 and O to 1

Device – PCs:

Record each PCs IPV6 configuration once you have completed the IPv6 DHCP configuration. It is advisable to disable IPV4 on PC 1 and PC 2.

Device

IPv6 Global Unicast Address

Prefix

Link Local Address

Default Gateway

DNS Address

PC1

PC2

SECTION Five

IPv6 Static Routes (20 marks)

Step 5.1:

Configure static routes on R2 and R1 so that devices on LAN Subnet 1 and the Internet can reach the Loopback 6, 7 and 8 on R3.

Configure the static default route on R1 and propagate this to the other routers so that PC1 and PC2 can access the webserver. (Note this needs to be a fully specified route to the ISP router’s interface)

Step 5.2:


Verify Connectivity

  • Try to ping PC2 from PC1. Is it successful?
  • Attempt to ping the Web Server at 2001:DB8:ACAD::2 from both PC1 and PC2. Is it successful?
  • View the webpage on [2001:DB8:ACAD::2] from the PC1 and PC2 web-browser.

Step 5.3:

Look at the routing table at R3.

What entry was used by the PING conversation from PC2 to elicit a response from the Web Server at 2001:DB8:ACAD::2

SECTION SIX (15 marks)

Configure LLDP, Syslog and NTP

Instructions

Configure LLDP on R2, R3, S1 and S2 LAN – check you can see LAN neighbors

(Note LLDP will only work on the Ethernet links)

Configure R1 to be an NTP Server with the current date and time (see the services tab)

Configure R3, R2 to be NTP clients

Check that R1, R2 and R3 have the same time as the Server (show clock)

Configure the PC2 to be a Syslog server

Configure R1, R2 and R3 to log messages to the syslog server

Create and delete Lo0 on each router and check they are logging messages on the server

SECTION SEVEN

IPv6 Access Control Lists (15 marks)

Step 7.1:

Create an ACL such that all hosts on the Subnet 2 can NOT access the Web Server at 2001:DB8:ACAD::2 through the web-browser, however they can ping Webserver. The hosts on Subnet 1 should be able to access the Webserver. Where, and in what direction, did you place this ACL, and why?

Record appropriate commands below

Step 7.2:

Create an ACL such that only PCs on Subnet 1 can SSH into R1.

Any attempts to SSH into this device from R2, R3, S1, or PC2 will be rejected.

Record appropriate commands below:

SECTION EIGHT

Clean Up:

Step 7.1:

Copy all the configurations and relevant show commands needed for your documentation

Erase all running configuration files off the routers and switch.

Erase the vlan.dat file from the switch.

Reset the PCs’ TCP/IP protocol stacks to TCP/IP.

Disconnect and return all topology cables to the appropriate location.

Do not continue past this point until your examiner has signed your work.

Include the following screenshots for the relevant devices:

  • Running configuration and routing tables for all routers
  • Running configuration and VLAN settings for all switches
  • IP config for all PCs as well as the following pings:
    • PC1-webserver
    • PC2-webserver
  • Proof of SSH access to the routers and switches