You are on page 1of 16

cc 

    
 
 c
 

cc 
 

   
 

 c
 

  












47816766.docx Page 1 / 16
cc 
    
 
 c
 
Ov v 
Obj v

To enhance the Learner¶s knowledge of switching and wireless networks.

The following case study is used to illustrate the process required for designing a
redundant switched network. This case study presents a scenario in which XYZ
Insurance Company has hired a Network Consultant Group to design their network. In
order to help you organize this project, the scenario has been divided into phases listing
the requirements for each task.

! Configure security via VLANs and propagate with VTP.

! Design a redundant switched network.

! Configure switch port VLAN information and port security

! Connect and verify connectivity to a wireless router

! Configure the IP settings of a Linksys wireless router

! Configure DHCP on a Linksys wireless router

! Change the network mode and corresponding network channel on a wireless router

! Enable WEP encryption and disable SSID broadcast.

! Enable a wireless MAC filter if available.

! Configure access restrictions on a wireless router if available.

 
   
XYZ Insurance Company requires 24/7 access to the Internet in order to service
its clients. You have been retained to design a network which meets these
requirements. In order to achieve this, you have decided to develop the design
in stages proving each stage on the way. In addition some users within your
company are provided with wireless laptops and are allowed to log onto the
company¶s local area network in a secure fashion. Two wireless routers are
provided for this for security and the Sales staff will be shared between them.
Unauthorised wireless laptop users must be denied access in order to preserve
security.

!" # 
The company has 3 main departments ± Personnel, Finance and Sales. The
offsite sales team are provided with laptops and, when in the head office, are
regarded as part of the Sales Department. Your design must provide for
! 5 employees in the Personnel department.
! 10 employees in the Finance department.
! 5 wired workstations and 5 wireless workstations for internal Sales staff.
! 100 laptops for external mobile Sales staff. .
! Lifetime max of 2 servers for each department regardless of company
growth.
! Expect 100% growth of current IP requirements when determining size of
subnets.

47816766.docx Page 2 / 16
cc 
    
 
 c
 
! All networking devices must have IP addresses.
! Use the private class B 172.25.0.0 network for internal addressing.
! Use VLSM for IP addressing.
! Use subnet 200.1.1.0/29 for connection to the Internet via a router.
! There is a DNS server at address 195.195.1.2/24 connected to the router.
! A redundant switched network using a layered design is required with one
router for access to the internet. (Two routers would be needed in the final
analysis).

47816766.docx Page 3 / 16
cc         
c
$ %& 
   '(#


 t t it t 
t l t l   i  l;

DNS Server
195.195.1.2/24

Internet
Area 0
Fa0/0

Fa0/1 Fa0/5 ;
Fa0/ 4
;
Fa0/ 4
Fa0/5 Fa0/1

;
Fa0/
; Fa0/ <
Fa0/4 Fa0/4
Fa0/<
Fa0/

;
Fa0/ 4 Fa0/
;< Fa0/
;< ;
Fa0/ 4
;<
Fa0/
;
Fa0/ 4

@ 

@
 
.  
P  l i l i 
   t  i f t A! f XY" I
#    
 $ % tt i l :
* ,
 R&'t() + -.it/0 + (-
*1
2 3 *1 * , , *
 V A + (- + (t il -
3 ,,
 (t.&)4 * )(--(-
3 1
 ' 5() &f 0&-t- 6() +(t.&)4
2 ,
 i +4 S6(( -
7 , ,
0( +( t f(. -(/ti&+- 0*9( (8*16l( :)i - f&) &/'1(+ti +: t0i- i+f&)1*ti&+.
8

47816766.docx Page 4 / 16
cc 
    
 
 c
 
2. The company expects the use of VLSM Design to maximize the use of IP addresses. A
table is to be produced showing the subnets that meet the Companies requirements
using a VLSM design.

A sample table layout for recording the VLSM design is below.


  
# )  #b *     b  
  
 #b * 



    + $ b  
" 

      

      

      

      

      

      

      

3. For each device, a set of tables is required. These will assist with design and
development activities and used when configuring switches and routers. A separate
table should be created for each router and switch.

Below is a sample layout for routers.

!  
#
      
 ,  *
-b )   

     ,  *
,$ b  

# $  ,  *
 #b    
 
.- #b 

       

       

       

       

       




!  
#
       ,  *
-b )   

     ,  *
,$ b  

#
$  ,  *
 #b    
 
.- #b 

       

       

47816766.docx Page 5 / 16
cc 
    
 
 c
 
       

       

       


 !  
#
,  *
.-$            ,  *
,$ b  
 

$ 
# #b   

,   $        

 $      

 $ 
#
,  *
.-$            ,  *
,$ b  
 

$ 
# #b   

$  =      

$  >      

Below is the sample layout for the switch tables.


  b   
#
 ,$
  ) 
   
)      

 
$ - #b 
  

 .  * 
$ 

      

      

      

      

      


  b   
#
 ,$
  ) 
,  *
-b    
)      

 
,  *

  

 .  * 
.-$ - #b  $ 

      

      

      

47816766.docx Page 6 / 16
cc 
    
 
 c
 
      

      

 
#
 ,$
  ) 
,  *
-b    
      b       

 
,  *

   ) 

# #b  
  .  * 
.-$ - #b  $ 

         

         

         

         

         

 
#
 ,$
  ) 
,  *
-b    
      b       

 
,  *

   ) 

# #b  
  .  * 
.-$ - #b  $ 

         

         

         

         

         

         

 
#
 ,$
  ) 
,  *
-b    
      b       

 
,  *

   ) 

# #b  
  .  * 
.-$ - #b  $ 

         

         

47816766.docx Page 7 / 16
cc 
    
 
 c
 
         

         

         

         

4. Complete the IP design, assign and tabulate PC/workstation and server addresses for
each LAN in each location.
Although normally a DHCP server will assign PC/workstation addresses, assign all
addresses statically apart from the wireless network.

For demonstration purposes, the company agrees that it is enough to statically assign all
PC/workstation and server addresses and that at the access layer three 24-port switches
are sufficient. Stackable switches may be needed to accommodate the requirements for
the full implementation.

$c 
    v 
 v  ,$
  b  
 


#b $ v 

#

     

     

     

     

     

     

     

     

     

The tables and supporting text will be part of the documentation delivered to the XYZ
?esearch Company.
Before you commence with the implementation the logical diagram and tables need to be
approved by the company.

Instructors Signature: ______________________Date:_______________

For this Case Study, implement your design in phases with Packet Tracer and check out any
particular aspects not supported by Packet Tracer with the equipment.

Deliverables: Assignment with answers, Packet Tracer file and relevant configuration records
and testing records..

47816766.docx Page 8 / 16
cc 
    
 
 c
 

47816766.docx Page 9 / 16
cc 
    
 
 c
 
$
  
  c * 
 /#


Using Packet Tracer, create and connect three access switches, one distribution switch, the
servers and PCs together to form basic connectivity.

! Name the distribution switch DistSW1.

! Name the access switches AccessSW1 and AccessSW2.

! On all switches, configure a login password as cisco, an encrypted privileged


password as class, and provide secure telnet login capability. All passwords should
be encrypted.

! Connect the access switches to the PCs representing ultimately the VLANs.

! Assign ip addresses to all PCs and the switches within the network 192.168.1.0 solely
to test connectivity. These addresses are purely temporary.

! The distribution switch is connected by trunk links to the access switches.

! Configure port security on the ports to which the PCs are connected with a maximum
of 1 and violation mode as shutdown.
! DO NOT create any VLANs at this stage.

Testing
1. Is there connectivity between all devices? [Y/N] ___________

2. Can the PCs ping every device? [Y/N] ______________

3. Do the access connected ports acquire the first MAC address? [Y/N] _______
First MAC address _____________

4. Do the connected ports shutdown if a second PC replaces the first PC? [Y/N] _

@ecord the MAC addresses learned on each access port across all switches.

47816766.docx Page 10 / 16
cc 
    
 
 c
 
$
) c * 
  #

Assign the VLANs from your design to achieve security between the Personnel, Sales and the
IT management function of the network. Based on your Network Design in Phase 1, create
the networks and assign the ip addresses to the access switches and  distribution switch,
and the PCs and servers.

NB: Do not include redundancy with the second Distribution switch in this phase.

Steps
1. Via VTP, assign version 2 to all switches.
2. Assign server mode to the distribution switch and client mode to the access switches.
3. Assign a domain and password to the switches.
4. Use VTP to propagate the VLAN database from the distribution switch.
5. Create the VLANs on the distribution switch as in your design for Personnel, Finance
and Sales.
6. Create a Management VLAN for the switches.
7. Assign single ports as access ports with port security as in the previous phase for
each VLAN on both access switches.
8. Configure the PCs to represent the departments and assign representative ip
addresses from each VLAN.

Tests
1. Has the VLAN database propagated to the access switches? [Y/N] ____

2. Test connectivity across the network for each of the three VLANs [Y/N]____

3. Is there connectivity between different VLANs? [Y/N] ________

4. Test that pings are successful from switch to switch:

Ping from Distribution Switch 1 to Access Switch 1 and 2? [Y/N] ________

Ping from Access Switch 1 to Access Switch 2? [Y/N] ___________

Save and print out


(1) Switch configurations,
(2) show interface trunk,
(3) show VLAN for each switch,
(4) show VTP mode and status for each switch..

47816766.docx Page 11 / 16
cc 
    
 
 c
 
$
0!  c * 
  #

Add one router to provide inter-network communication between VLANs and simulate the
Internet with a web server with a home page with the text ³CCNA3 Exploration Case Study.
Communication successful. Your name and date´.

NB. Whilst this inter-network connectivity negates the security provided by VLANs, with
access control lists firewalls would be configured to deny or allow communication as
necessary.

Steps A
1. Select a router with two fastethernet ports and name it outer1 with login password
as cisco and secret password A as class.
2. Configure sub-interfaces on outer1 fa0/0 for the VLANs and the native VLAN. The
sub-interfaces become the default gateways for each of these networks.
3. Connect a web server with a home page to simulate the Internet for test purposes.
4. Add default gateways to the PCs.

Tests
1. Is there communication between PCs and servers? [Y/N] ________

2. Is there communication via the router between each VLAN? [Y/N] ________

3. Test that pings are still successful from switch to switch.

Ping from Distribution Switch 1 to Access Switch 1 and 2? [Y/N] ________

Ping from Access Switch 1 to Access Switch 2? [Y/N] ___________

4. Can each PC browse to the web server on the internet? [Y/N] ____________

Save and print out (1) the router configuration, (2) show ip route, (3) show protocols.

47816766.docx Page 12 / 16
cc 
    
 
 c
 
$
/ c * 
  #

Add a wireless router for mobile communication for the external Sales staff with secure
access to the Sales network and the wireless access point for the internal Sales staff with
wireless laptops.

NB. With Packet Tracer, full security may not be achievable on the wireless devices. If not,
state what additional security measures you would configure.

Steps
1. Select a wireless router with an internet port connected to the wired Sales VLAN.
2. Configure the wireless router internet port with a static IP address in the Sales
network.
3. Configure the wireless LAN on the wireless router with DHCP and the
SSID: ³ExternalXYZSales´.
4. Configure additional security with a WEP key and explain the addition of MAC filters.
5. Install a LAN wireless card in a PC and configure with DHCP selected.
6. Select a wireless access point and configure it with secure access to the wired Sales
VLAN with SSID: ³ InternalXYZSales´ and a WEP key.

Tests
1. Is there communication from wireless router to the Sales PCs on the wired network
via both access switches? [Y/N] ________
B
2. ecord the IP address assigned to wireless PC via DHCP? ____________

3. Is wireless communication via the access point? [Y/N]

4. Is there communication from the wireless PCs and the wired Sales PCs?
Successful ping from external wireless PC to a wired Sales PC via wireless router?
[Y/N] ____
Successful ping from internal wireless PC to a wired Sales PC via wireless access
point? [Y/N] ____

5. Test that pings are still successful from switch to switch:


Ping from Distribution Switch 1 to Access Switch 1 and 2? [Y/N] ________

Ping from Access Switch 1 to Access Switch 2? [Y/N] ___________

6. Can the wireless PCs browse to the web server on the internet? [Y/N] ______

Save, capture and print out configuration of (1) wireless router, (2) wireless access point.

47816766.docx Page 13 / 16
cc 
    
 
 c
 
$
1! 
  b    /#

Add a second switch at the distribution level to create a redundant switched network.

Steps
1. Add the redundant switch in server mode with the same domain and password.
2. Ensure the root bridge is one of the distribution switches.
3. Connect the redundant switch via a trunk link to the first distribution switch.
4. Connect trunk links from the distribution switches to the access switches.
5. Allow spanning-tree protocol to set the port states.

Tests
Enter show spanning-tree to record:
1. Identity of the root bridge: _____________________
2. Assign same priority to all VLANs.
3. For each switch on VLAN99record the root bridge identity, ensuring one of the
distribution switches is a root bridge, and the status of the trunk ports as shown
below:

Ô Ô
     
  ___________________________

  Ô   Ô   Ô

Ô Ô      


 

  Ô   Ô   Ô

Ô  Ô
    
  

  Ô   Ô   Ô

47816766.docx Page 14 / 16
cc 
    
 
 c
 

Ô  Ô      


  

  Ô   Ô   Ô

Ô  Ô      


 

  Ô   Ô   Ô

4. Change the b    so that the other distribution switch becomes the root
bridge and record the states and identities as previously.

Save, capture and print out the output from show spanning-tree of all switches for both root
bridge assignments.

47816766.docx Page 15 / 16
cc 
    
 
 c
 
2.!
$
34! 
     #

To provide 24/7 access to the Internet, a second router would be installed with a trunk link to
the redundant distribution switch.

Steps
! Add the second router and name it Couter2.
! Configure it in the same manner as Couter1.
! Connect the web server via a switch to Couter1 and Couter2.
! Connect it via a switch to the fastethernet ports on the two routers..
! Connect Couter2 to the second distribution switch.

Tests
1. Access the web server from all PCs? [Y/N] ________

2. If DistSW1 fails, can all PCs still access the Internet. [Y/N] _____

NB. Default gateway of web server may need changing.


Save and print the port status for the surviving Distribution switch.

3. If Couter1 fails, can all PCs still access the Internet. [Y/N] _____
NB. Default gateway of web server may need changing.

VVVVVV *c.56VVVVV

47816766.docx Page 16 / 16