Professional Documents
Culture Documents
Phase 1: Identifying Requirements, Putting The Network Together
Phase 1: Identifying Requirements, Putting The Network Together
Network Together
Scenario
To help guide this initial configuration, youve assembled a list of requirements based on
various meetings with management.
The new office will initially house 75 employees, each with their own Cisco IP Phone
and PC. This office may eventually scale to 200 employees over 5 years.
The Windows admins are planning to install a new pair of redundant servers at the
new office. They plan to manage all the IP addresses for DHCP on these servers and
are waiting for you to tell them what IP address range they should use.
o Windows admins: Jeff Service - (602) 555-1293, Mike Pack (480) 555-9382.
The new office is a two story building with the Main Distribution Frame (MDF) in the
northwest corner of the first floor. Because of a workmans strike, poor planning, and
other human issues, the Intermediate Distribution Frame (IDF) on the second floor
was installed in the southeast corner of the second floor, beyond the reach of typical
Ethernet standards. The majority of the employees (roughly 50) will sit on the main
floor while the remainder will sit on the second floor. The building contractor has
already run the cabling - a single Cat6 Ethernet connection to each cubical / office
space which terminates to patch panels in the MDF/IDF area.
NuggetLabs is planning to use a Voice over IP (VoIP) phone system for the new office.
Each user will have an assigned IP Phone in their cubical / office space. The
installation / management of the phone system itself will be the responsibility of
another company; however, the network should be prepared to support the additional
devices.
The new office will need WIFI implementations, so to keep budgets in check the
company would like to use off-the-shelf Cisco Small Business WAPs. These WAPs are
to host two wireless networks: NL-CORP and NL-PUB. Those connecting to NL-CORP
should have access to the corporate network and resources. Of course, high-end
security is mandatory for this wireless network. Those connecting to NL-PUB should
not be prompted for any security requirements but should be limited to Internet
access only.
NuggetLabs Industries would like you to assess the network and make
recommendations on Internet connectivity options. They would also like to begin
evaluating network connections between their offices.
During the discussions, NuggetLabs Industries found that you work primarily from
your home office. Because of the value NuggetLabs places on your technical prowess,
they have offered to provide an office space located in the MDF for you to use as a lab
environment; a "home-away-from-home you can use. However, this lab environment
must be completely isolated from the corporate network to not cause any
interference to day-to-day operations.
1 NL Create NL Proposal
Requirements Document 15
Equipment Order 240
VLAN / Subnet List 30
Switchport Connections 30
Physical Visio Diagram 30
Logical Visio Diagram 30
Objective
Based on this information, NuggetLabs Industries would like you to create a proposal,
design, and implementation plan for their new office by next Friday. The submission
should include the following elements:
Requirements Document
Equipment Order
VLAN(s) - Necessary
IP Subnet(s) - Necessary
Switch Port Connections
Any Necessary Visio Diagrams
Requirements Document
Attendees
Bob Phaman [CEO - BobP@nuggetlabs.com (602) 555.2791]
Sarah Belittle [CTO - SarahB@nuggetlabs.com (602) 555.8329]
Jeff Service [Windows Admin Lead - .JeffS@nuggetlabs.com (602) 555.1293]
Mike Pack [Desktop Support - MikeP@nuggetlabs.com (480) 555.9382]
Grapler Construction Company (various reps) [support@grapler.com]
Requirements
Network must initially handle 75 users between two floors
Network must handle both VoIP and Data traffic
Network should handle public(unsecure) and private (secure) WIFI
Private office / lab area created in MDF, separate from the network
Suggest options for Internet connectivity
Assumptions
Each user will have one workstation
Each user will have one IP phone
Network should handle 1 Gbps Ethernet connections to the desktop
Dual fiber optic cabling run completed from MDF to IDF
Internet connectivity options will be suggested, agreed upon, and installed before the
move in date
All cable runs terminate to the IDF or MDF
Each cubical / office will have at least one Cat6 Ethernet connection
JeremyC Consulting Inc. will be ordering all necessary equipment and patch cables for
the operation
Windows servers will have redundant connections
IDF will be initially set up with a 48 port switch (allowing approx. 48% growth)
MDF will be initially set up with two 48 port switches (allowing approx. 44% growth)
PCs and IP Phones will be located no more than 3m from the wall connection, 1.5-2m
on average.
Single Internet router (no redundancy) is acceptable
Single core L3 switch (no redundancy) is acceptable
PSTN calling for VoIP network will be handled via SIP Trunk over the Internet
MDF and IDF have sufficient power and cooling for the equipment to be installed
Phase 1: Brainstorming
Requirements
Two stories
o First Floor MDF - initially housing 50 users, servers, etc...
o Second Floor lDF - initially housing 25 users
WIFI
o Full coverage for first and second floor
o Need to perform a wireless site survey (onsite)
o Power over Ethernet switches or couplers
VoIP
o IP Phone per cubical / office
o Need additional 1.5-3m Cat 5E / 6 Ethernet cabling as PC patch
Items Needed
MDF - two 48-port PoE switches, one of them should be Layer 3 capable
o Cisco LAN Access Switches
o Cisco 2960 Model Comparison
o Cisco 3750-X Model Comparison
o First Choice L2 Switch - WS-C2960S-48FPS-L
48-port, L2 switching
740W PoE (15W per port)
(4) 1G SFP Uplinks
o First Choice L3 Switch - WS-C3750X48PF-S
48-port, L3 Switching
740W PoE (1.5W per port)
(4) 1G SFP Uplinks
o Mounting- wall mount? Server cabinet? (determine server needs)
o Cabling- need plenty of spare 1.5m, 2m, and 3m cables for cubicles. Offices,
server connections
o Fiber optic connection: Patch cables and two SFPs
MDF - one Internet router
o Cisco Routers
o Cisco 2900 Series
o First Choice Router Cisco 2901
(2) 1 Gbps built-in interfaces
(4) card slots (expansion using serial, ethernet, etc...)
Voice capabilities (on-board DSPs)
IDF - one 48-port PoE switch
o First Choice L2 Switch - WS-C2960S-48FPS-L
48-port, L2 switching
740W PoE (15W per port)
(4) 1G SFP Uplinks
Building - Wireless access points
o Cisco Small Business WIFI options
o First Choice - WAP4410N
802.11n/g/b
1Gbps, PoE Capable (802.3af)
Supports 4 VLANs, 4 SSlDs
Equipment List
IP Addressing Scheme
10.1.68.251- Reserved
254
10.1.68.255 Server Broadcast
NL-B1-SW1
Physical VLAN / TRUNK Remote Remote Notes
/ IP Device Interface
G0/1 Trunk NL-B1-SW2 G0/1 EtherChannel 1
2 Trunk NL-B1-SW2 G0/2 EtherChannel 1
3 V10 ISP - CCT ID 392021
4 V10 NL-B1-RT1 G0/0 External Interface
5 V10 Reserved
6 V10 Reserved
7 V68 NL-B1- LAN1 Windows Server 2008 R2
DC01
8 V68 NL-B1- LAN1 Windows Server 2008 R2
DC02
9
NL-B1-SW2
Physical VLAN / TRUNK Remote Remote Notes
/ IP Device Interface
G0/1 Trunk NL-B1-SW1 G0/1 EtherChannel 1
2 Trunk NL-B1-SW1 G0/2 EtherChannel 1
3 V68 Reserved
4 V68 Reserved
5 V68 Reserved
6 V68 Reserved
7 V68 NL-B1- LAN2 Windows Server 2008 R2
DC01
8 V68 NL-B1- LAN2 Windows Server 2008 R2
DC02
9 V64v,66d Client NIC
10 V64v,66d Client NIC
Physical Layout
Logical Layout
Phase 2: Configuring the Switch Infrastructure
Scenario
All the equipment you suggested has been purchased, delivered, and installed at the
NuggetLabs branch office facility. You must now begin with the configuration of the switch
infrastructure based on the following requirements.
Note: VLAN Database mode must be used to configure any VLANs on the switches
Hint: NL_B1_SW1#vlan database
Requirements
Configure the necessary VLANs on SW1, SW2, and SW3. If a VLAN is not necessary on
a switch, it should not be configured.
o VLAN 64: Client Voice
o VLAN 66: Client Data
o VLAN 68: Server
o VLAN 69: Public WIFI
o VLAN 70: Private LAB
o VLAN 71: Management
o VLAN 10: Internet DMZ
All VLANs VLAN 64, 66, 69, 71 VLAN 64, 66, 69, 71
Configure Etherchannel connections between (SW1 and SW2) and (SW1 and SW3).
Use GNS3 to determine appropriate physical connections. The Etherchannel should be
hardcoded as ON (does not use any LACP or PAGP negotiation).
Configure the links between the switches to forward traffic for all necessary VLANs. lf
a VLAN does switch, the trunk should not forward traffic for it.
Assign the necessary ports to VLANs based on the following table.
Configure NL_B1_SW1 as the root of the Spanning Tree network for all VLANs. Enable
all interfaces not being used for a switch uplink for Portfast.
Configure the Server and PC with the following configuration:
Testing
o PC1 should be able to ping PC2
o PC1 and PC2 should both be able to perform a ping and traceroute to the Server
o The show spanning-tree output should reveal that NL_B1_SW1 is the root bridge
o You should be able to Telnet and SSH to each switch, PC, or Server using the
management interface IP
Phase 3: Configuring the Internet Connection and
VPN Tunnel
Scenario
Following your advice, the NuggetLabs branch office has installed a 50Mbps Digital
Subscriber Line (DSL) connection. They will be using a VPN connection to connect back to
the corporate office.
Requirements
To help guide this initial configuration, youve assembled the following list of objectives:
The NuggetLabs branch office router (NL_B1_RT1) needs a base configuration which
includes the following:
o Hostname
o Passwords (CON, VTY, AUX, Enable) should be set to cisco
o Logon banner
o Three hour console port timeout
o Synchronous logging on the console port
o Telnet / SSH enabled (use nuggetlabs.com as your domain and admin/cisco for
SSH credentials)
o HTTP management disabled
o DNS name resolution set to 4.2.2.2 and 4.2.2.3
o Clock set, NTP configured (use 64.73.32.135 as the NTP server)
Fa 0/0 Fa 0/1
10.1.254.2 / 30 172.30.100.230 /
24
Configure a static default route on NL_B1_RT1 using the IP address of the ISP router
(172.30.100.1) to reach the Internet. Once this default route is in place, NL_B1_RT1
should be able to ping Internet address (i.e. 4.2.2.2, 8.8.8.8)
Configure NAT in such a way that the following requirements are met:
o Subnets provisioned for the branch office are able to reach the Internet using a
pool of public BP addresses from 172.30.100.231 to 172.30.100.235 (simulated
public for purposes of the lab).
o NOTE: NAT should be configured so only the specific subnets at the Branch office
are processed by NAT on NL_B1_RT1
o The email server (10.1.68.S0) is reachable from the public IP address
172.30.100.236.
NOTE: Since the server does not have a VTY password configured, the message,
"Password required but none set" is expected and indicates a successful test.
Configure a VPN connection between the NuggetLabs branch office facility and the
corporate site using the following information (NOTE: this is beyond the current CCNA
exam requirements; you will need to configure both NL_B1_RT1 and NL_CORP T1 for
this exercise):
o Interesting traffic: all subnets at both offices should forward over the VPN
connection
o Pre-shared key between sites: CBTNuggets-Key!!!
o Phase 1 (ISAKMP) Settings:
Encryption: AES-128
Hashing: SHA1
Protection: DH2
o Phase 2 (IPSEC) Settings:
Encryption: AES-128
Hashing: SHA1
No PFS
o NAT: Be sure to adjust NAT appropriately for the VPN connection
Testing
o NL_B1_SW1 should be able to ping any of the VLAN interfaces on NL_CORP_SW1
including:
VLAN 2: CORP_VOICE (10.1.2.1)
VLAN 3: CORP_DATA (10.1.3.1)
o NL_CORP_SW1 should be able to ping any of the VI.AN interfaces on NL_B1_SW1
including:
VLAN 64: Client VOICE (10.1.64.1)
VLAN 66: Client DATA (10.1.66.1)
Phase 4: Routing Using OSPF
Scenario
Now that the NuggetLabs branch facility Internet and VPN connection is functional, you
would like to implement OSPF routing between both offices. Because NuggetLabs is a
growing organization, you intend to design their OSPF network for scalability,
implementing the corporate office as the backbone and their first branch office as a
different area (which allows for summarization in the network).
NOTE: To stay (somewhat) within CCNA Exam requirements, assume the ISP has created
a private, MPLS connection on the 172.30.100.0/24 network between the NuggetLabs
Branch Office and the NuggetLabs Corporate Office.
Requirements
To help guide this configuration, youve assembled the following list of objectives:
Testing
o Verify OSPF neighbors have formed between all relevant Cisco devices
o Verify all OSPF - appear on all relevant Cisco devices
Optimize OSPF
o Ensure NL_CORP_RT1 and NL_B1_RT1 become the designated OSPF router for
their respective Ethernet segments. NL_CORP_SW1 and NL_B1_SW1 should be
exempted from the DR election completely.
o Use an OSPF hello timer of 1 second between all OSPF neighbors.
Phase 5: Routing Using EIGRP
Scenario
You have just completed your OSPF configuration. To your dismay, one of the other
Microsoft Windows technicians at NuggetLabs has begun to learn Cisco technology by
taking courses from CBTNuggets. Apparently, one of the CBTNuggets instructors
mentioned that EIG RP is the "best routing protocol in the world. The NuggetLab
technician has taken this heart and has convinced NuggetLabs management to use EIGRP
rather than OSPF. They would now like you to convert your OSPF configuration to EIGRP
using ideal parameters.
NOTE: To stay (somewhat) within CCNA Exam requirements, assume the ISP has created
a private, MPLS connection on the 172.30.100.0/24 network between the NuggetLabs
Branch Office and the NuggetLabs Corporate Office.
Requirements
To help guide this configuration, y0uve assembled the following list of objectives:
Testing
o Verify EIGRP neighbors have formed between all relevant Cisco devices
o Verify all EIGRP routes appear on all relevant Cisco devices
Scenario
The NuggetLabs Branch rollout is successful! All devices are communicating the way they
should across the network. As the final phase of the implementation, you need to engage
DHCP services for the VLAN. In addition, you must now rollout security to protect the
Voice VLAN and server VLANs.
Requirements
To help guide this configuration, youve assembled the following list of objectives:
For testing purposes, assign PC1 to the voice VLAN (64) while keeping PC2 assigned
to the data VLAN (66)
Configure NL_B1_SW1 as a DHCP server for the branch office network using the
following parameters:
o The Voice VLAN (64) should only be able to access (all else is restricted):
The NuggetLabs Corporate voice subnet (10.1.1.0/24)
The Voice VLAN default gateway (10.1.64.1)
The Internet
o The Data VLAN (66) should only be able to access (all else is restricted):
10.1.68.6 (Full Access - NLB1-DC01)
10.1.68.7 (Full Access - NLB1-DC02)
10.1.68.8 (TCP 21, 80, 443 - NL-B1-WEBO1)
The Data VLAN default gateway (10.1.66.1)
The Internet
o The Public WIFI VLAN (69) and Private Lab VLAN (70) should only be able to
access (all restricted):
Their default gateways
The Internet
Testing
1. Enable ISAKMPE
crypto isakmp enable
3. Create mirrored ACLs defining traffic to be encrypted and the traffic expected to
be received encrypted