Problem to solve
XYZ Insurance Company requires access to the Internet in order to service its clients. You have been asked to design a network which meets the requirements below. In order to achieve this, you have decided to develop the design in stages proving each stage on the way. In addition some users within your company are provided with wireless laptops and are allowed to log onto the company’s local area network in a secure fashion. Two wireless connections are provided for this and allow the Sales staff to access the network. Unauthorised wireless laptop users must be denied access in order to preserve security.
- The company has 3 main departments – Personnel, Finance and Sales each is to be put on a separate VLAN
- An IT Management VLAN is to be created on VLAN 99
- The offsite sales team are provided with laptops and, when in the head office, are regarded as part of the Sales Department.
- There are 5 employees in the Personnel department.
- There are 10 employees in the Finance department.
- There needs to be 5 wired workstations and 5 wireless workstations for internal Sales staff.
- There are 100 laptops for external mobile Sales staff.
- Lifetime maximum of 2 servers for each department is required regardless of company growth.
- Expect 100% growth of current IP requirements when determining size of subnets.
- All networking devices must have IP addresses.
- Use the private class B network address 172.25.0.0 for internal addressing.
- Use subnet 126.96.36.199/29 for connection to the Internet via a router.
- There is a DNS server at address 188.8.131.52/24 connected to the router.
- A redundant switched network using a layered design is required with one router for access to the internet.
- A second router is to be used to simulate access to the internet
- For simulation purposes it is sufficient to use 24 port access switches
Phase 1 – Network Design
Produce a logical diagram on Packet Tracer 5.3.3 based on the diagram on the next page for the LAN for the XYZ Insurance Company. The diagram gives router and switch names, VLAN names and details, and connection ports.
Phase 2 – Network Addressing
The design method is to be documented and a table is to be produced showing the subnets that meet the Companies requirements. An example grid is given in the appendix.
For each device, a set of tables is required. These will assist with design and development activities and used when configuring switches and routers. A separate table should be created for each router, distribution switch, access switch, wireless router, wireless access point, PC workstations and Servers. Example grids for this are again given in the appendix.
Phase 3 – Switch/VLAN Configurations
- On all switches, configure a login password as cisco, an encrypted privileged password as class, and provide secure telnet login capability.
- Connect the access switches to the PCs representing ultimately the VLANs.
- The distribution switches are connected by redundant trunk links to the access switches.
- Configure port security on the ports to which the PCs are connected with a maximum of 1and violation mode as shutdown.
- Assign the VLANs from your design to achieve security between the Personnel, Finance, Sales and the IT management function of the network.
- Assign server mode to the distribution switch S2 and client mode to all the other switches.
- Assign a domain and password to the switches.
- Use VTP to propagate the VLAN database from the distribution switch S2.
- Create the VLANs on the VTP server on S2.
- Configure all wired PC workstations and servers.
Test the system to observe the following:
Has the VLAN database propagated to the access switches?
Test connectivity across the network for each of the three VLANs
Is there connectivity between different VLANs?
Phase 4 – Router Configuration
Configure the two routers. R2 is to provide simulated access to the internet via the HTTP server and R1 provides encapsulated inter-VLAN routing.
Carry out tests to establish if there is now communication between the VLANs
Phase 5 – Wireless Configuration
Configure the wireless router for mobile communication for the external Sales staff with secure access to the Sales network and the wireless access point for the internal Sales staff with wireless laptops.
Ensure the wireless router and the access point have different SSIDs
Configure additional security with individual WEP keys
Carry out tests to ensure PCs connected via the wireless router and access point have access to the LAN servers and the internet.
Save, capture and print out configuration of the wireless router and the wireless access point.
Phase 6 – STP Configuration
Establish which switch is the root bridge and record the settings STP settings of all the switches.
Change the bridge priorities so that a different distribution switch becomes the root bridge. Record the states and identities as previously.